50c 2.10.0 → 2.14.0

package/bin/50c.js

@@ -464,6 +464,13 @@ async function main() {
   // MCP mode: --mcp flag or no args AND piped input
   const isMCPMode = args[0] === '--mcp' || (args.length === 0 && !process.stdin.isTTY);
   
+  // Version check (non-blocking, only warns)
+  if (!isMCPMode && args[0] !== 'help' && args[0] !== '--help') {
+    lib.checkVersion().then(v => {
+      if (v.message) console.error(`\n  Warning: ${v.message}\n`);
+    }).catch(() => {});
+  }
+  
   if (isMCPMode) {
     await runMCP();
   } else if (args.length === 0) {

package/lib/index.js

@@ -25,6 +25,79 @@ const ux = require('./packs/ux');
 const promptEngine = require('./packs/prompt_engine');
 const grabr = require('./packs/grabr');
 
+// ═══════════════════════════════════════════════════════════════
+//                    MANIFEST - SINGLE SOURCE OF TRUTH
+// ═══════════════════════════════════════════════════════════════
+// genxis.one/v1/manifest is the canonical tool registry
+// CLI bootstraps from it, caches locally, validates versions
+
+const MANIFEST_URL = 'https://api.50c.ai/v1/manifest';
+const MANIFEST_CACHE_TTL = 3600000; // 1 hour
+let manifestCache = null;
+let manifestCacheTime = 0;
+
+async function fetchManifest(staging = false) {
+  const now = Date.now();
+  if (manifestCache && (now - manifestCacheTime) < MANIFEST_CACHE_TTL) {
+    return manifestCache;
+  }
+  
+  try {
+    const https = require('https');
+    const headers = staging ? { 'X-GenXis-Env': 'staging' } : {};
+    
+    const data = await new Promise((resolve, reject) => {
+      const req = https.get(MANIFEST_URL, { headers, timeout: 10000 }, (res) => {
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          try {
+            resolve(JSON.parse(body));
+          } catch (e) {
+            reject(new Error('Invalid manifest JSON'));
+          }
+        });
+      });
+      req.on('error', reject);
+      req.on('timeout', () => { req.destroy(); reject(new Error('Manifest timeout')); });
+    });
+    
+    manifestCache = data;
+    manifestCacheTime = now;
+    return data;
+  } catch (e) {
+    // Fallback to local tools if manifest unavailable
+    console.error('Manifest fetch failed, using local tools:', e.message);
+    return null;
+  }
+}
+
+async function checkVersion() {
+  try {
+    const manifest = await fetchManifest();
+    if (!manifest) return { upToDate: true };
+    
+    const pkg = require('../package.json');
+    const minVersion = manifest.meta?.min_client_version || '0.0.0';
+    const currentVersion = pkg.version;
+    
+    const [minMajor, minMinor] = minVersion.split('.').map(Number);
+    const [curMajor, curMinor] = currentVersion.split('.').map(Number);
+    
+    const upToDate = curMajor > minMajor || (curMajor === minMajor && curMinor >= minMinor);
+    
+    return {
+      upToDate,
+      current: currentVersion,
+      minimum: minVersion,
+      latest: manifest.meta?.api_version,
+      message: upToDate ? null : `Update available: npx 50c@latest`
+    };
+  } catch (e) {
+    return { upToDate: true, error: e.message };
+  }
+}
+
 // Tool name mappings by pack
 const TOOL_PACKS = {
   beacon: ['hints', 'hints_plus', 'roast', 'quick_vibe', 'one_liner', 'name_it', 'price_it', 'compute', 'ide_conversation', 'learning_stats'],
@@ -195,5 +268,9 @@ module.exports = {
   labs,
   labsPlus,
   promptEngine,
-  grabr
+  grabr,
+  // Manifest - Single Source of Truth
+  fetchManifest,
+  checkVersion,
+  MANIFEST_URL
 };

package/lib/packs/grabr.js

@@ -110,7 +110,7 @@ async function grabrScrape(url, depth = 1) {
   
   try {
     // Use 50c page_fetch via API
-    const result = await apiRequest('page_fetch', { url });
+    const result = await apiRequest('POST', '/tools/page_fetch', { url });
     if (result.error) return { error: result.error };
     
     const html = result.content || result.text || '';
@@ -130,7 +130,7 @@ async function grabrScrape(url, depth = 1) {
         if (href) {
           try {
             const fullUrl = href.startsWith('http') ? href : new URL(href, url).href;
-            const subResult = await apiRequest('page_fetch', { url: fullUrl });
+            const subResult = await apiRequest('POST', '/tools/page_fetch', { url: fullUrl });
             if (subResult.content) {
               contacts.emails.push(...extractEmails(subResult.content));
               contacts.phones.push(...extractPhones(subResult.content));
@@ -237,15 +237,15 @@ async function grabrSitemap(url) {
   }
   
   try {
-    const result = await apiRequest('page_fetch', { url: sitemapUrl });
+    const result = await apiRequest('POST', '/tools/page_fetch', { url: sitemapUrl });
     if (result.error) {
       // Try robots.txt fallback
       const robotsUrl = url.replace(/\/$/, '') + '/robots.txt';
-      const robotsResult = await apiRequest('page_fetch', { url: robotsUrl });
+      const robotsResult = await apiRequest('POST', '/tools/page_fetch', { url: robotsUrl });
       if (robotsResult.content) {
         const sitemapMatch = robotsResult.content.match(/Sitemap:\s*(\S+)/i);
         if (sitemapMatch) {
-          const altResult = await apiRequest('page_fetch', { url: sitemapMatch[1] });
+          const altResult = await apiRequest('POST', '/tools/page_fetch', { url: sitemapMatch[1] });
           if (altResult.content) {
             result.content = altResult.content;
           }

package/lib/vault.js

@@ -15,6 +15,9 @@ const SALT_LENGTH = 32;
 const IV_LENGTH = 16;
 const AUTH_TAG_LENGTH = 16;
 
+// Security: Auto-lock after 5 minutes of inactivity (300 seconds)
+const AUTO_LOCK_INACTIVITY_MS = 5 * 60 * 1000;
+
 // Local file paths
 const MASTER_KEY_FILE = path.join(VAULT_DIR, 'master.key.enc');
 const VAULT_DB_FILE = path.join(VAULT_DIR, 'vault.db');
@@ -54,10 +57,25 @@ function loadLocalSession() {
   try {
     if (fs.existsSync(SESSION_FILE)) {
       const session = JSON.parse(fs.readFileSync(SESSION_FILE, 'utf8'));
-      if (session.expires_at > Date.now()) {
-        return session;
+      const now = Date.now();
+      
+      // Check TTL expiry
+      if (session.expires_at <= now) {
+        fs.unlinkSync(SESSION_FILE);
+        return null;
+      }
+      
+      // Check inactivity auto-lock (5 minutes)
+      if (session.last_access && (now - session.last_access) > AUTO_LOCK_INACTIVITY_MS) {
+        fs.unlinkSync(SESSION_FILE);
+        return null;
       }
-      fs.unlinkSync(SESSION_FILE);
+      
+      // Update last_access timestamp
+      session.last_access = now;
+      fs.writeFileSync(SESSION_FILE, JSON.stringify(session), { mode: 0o600 });
+      
+      return session;
     }
   } catch {}
   return null;
@@ -291,11 +309,26 @@ async function remove(name) {
 }
 
 async function status() {
+  const session = MODE === 'local' ? loadLocalSession() : null;
+  const now = Date.now();
+  
+  let autoLockIn = null;
+  if (session && session.last_access) {
+    const remaining = AUTO_LOCK_INACTIVITY_MS - (now - session.last_access);
+    autoLockIn = remaining > 0 ? Math.ceil(remaining / 1000) : 0;
+  }
+  
   return {
     mode: MODE,
     initialized: await isInitialized(),
     locked: !(await isUnlocked()),
-    path: MODE === 'local' ? VAULT_DIR : 'cloud'
+    path: MODE === 'local' ? VAULT_DIR : 'cloud',
+    auto_lock_seconds: autoLockIn,
+    security: {
+      auto_lock_inactivity: '5 minutes',
+      encryption: 'AES-256-GCM',
+      pbkdf2_iterations: PBKDF2_ITERATIONS
+    }
   };
 }
 
@@ -364,10 +397,130 @@ async function listProxies() {
 //        Index cards for files, articles, books, anything
 // ═══════════════════════════════════════════════════════════════
 
+// Dewey Quality Gates - Noise Prevention
+const DEWEY_NOISE_PATTERNS = [
+  /^todo:?\s*/i,
+  /^check\s+this/i,
+  /^read\s+later/i,
+  /^temp(orary)?:?\s*/i,
+  /^\?\?\?/,
+  /^untitled$/i,
+  /^test\s*\d*$/i,
+  /\(DEAD\)$/i,
+  /\(PARKED\)$/i,
+  /\(SHUTDOWN\)$/i,
+];
+
+const DEWEY_NOISE_TAGS = [
+  'dead-bookmark', 'remove', 'temp', 'todo', 'junk', 'spam', 'test'
+];
+
+const DEWEY_NOISE_CATEGORIES = [
+  'Bookmarks/Dead', 'temp', 'junk', 'spam'
+];
+
+function validateDeweyCard(card) {
+  const errors = [];
+  const warnings = [];
+  
+  // Required: title must exist and be meaningful
+  if (!card.title || card.title.length < 3) {
+    errors.push('Title required (min 3 chars)');
+  }
+  
+  // Check for noise patterns in title
+  for (const pattern of DEWEY_NOISE_PATTERNS) {
+    if (pattern.test(card.title || '')) {
+      errors.push(`Noise pattern detected in title: "${card.title}". Use roadmap_add for TODOs.`);
+      break;
+    }
+  }
+  
+  // Check for noise tags
+  const tags = card.tags || [];
+  const noiseTags = tags.filter(t => DEWEY_NOISE_TAGS.includes(t.toLowerCase()));
+  if (noiseTags.length > 0) {
+    errors.push(`Noise tags not allowed: ${noiseTags.join(', ')}. Dead bookmarks should not be indexed.`);
+  }
+  
+  // Check for noise categories
+  if (DEWEY_NOISE_CATEGORIES.includes(card.category)) {
+    errors.push(`Category "${card.category}" is for temporary items. Use roadmap instead.`);
+  }
+  
+  // Type-specific validation
+  const type = card.type || 'file';
+  
+  switch (type) {
+    case 'url':
+      if (!card.location || !card.location.startsWith('http')) {
+        errors.push('URL type requires valid http/https location');
+      }
+      if (!card.summary && !card.notes) {
+        warnings.push('URL items should have a summary or notes explaining why it\'s worth keeping');
+      }
+      break;
+      
+    case 'idea':
+      if (!card.summary && !card.notes) {
+        errors.push('Ideas require a summary or notes explaining the concept');
+      }
+      if (card.summary && card.summary.length < 20) {
+        warnings.push('Idea summary is very short. Consider adding more detail.');
+      }
+      break;
+      
+    case 'snippet':
+      if (!card.tags || card.tags.length === 0) {
+        errors.push('Snippets require at least one tag for context');
+      }
+      break;
+      
+    case 'file':
+      if (!card.location && !card.summary) {
+        warnings.push('Files should have a location or summary');
+      }
+      break;
+      
+    case 'article':
+    case 'book':
+      if (!card.author && !card.metadata?.author) {
+        warnings.push(`${type}s should have an author`);
+      }
+      break;
+  }
+  
+  // Rating validation
+  if (card.rating !== null && card.rating !== undefined) {
+    if (card.rating < 1 || card.rating > 5) {
+      errors.push('Rating must be 1-5');
+    }
+  }
+  
+  return { 
+    valid: errors.length === 0, 
+    errors, 
+    warnings,
+    quality: errors.length === 0 && warnings.length === 0 ? 'high' : 
+             errors.length === 0 ? 'medium' : 'rejected'
+  };
+}
+
 async function deweyAdd(card) {
   const masterKey = await getMasterKey();
   if (!masterKey) throw new Error('Vault locked. Unlock first.');
   
+  // Quality gate validation
+  const validation = validateDeweyCard(card);
+  if (!validation.valid) {
+    return { 
+      error: 'Quality gate failed', 
+      errors: validation.errors,
+      warnings: validation.warnings,
+      hint: 'Use roadmap_add for TODOs, or improve the card metadata.'
+    };
+  }
+  
   const id = card.id || `dew_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
   const now = Date.now();
   
@@ -403,7 +556,14 @@ async function deweyAdd(card) {
     await apiRequest('POST', '/vault/credentials', { name: `dewey/${id}`, encrypted });
   }
   
-  return { id, title: indexCard.title, type: indexCard.type, indexed: true };
+  return { 
+    id, 
+    title: indexCard.title, 
+    type: indexCard.type, 
+    indexed: true,
+    quality: validation.quality,
+    warnings: validation.warnings.length > 0 ? validation.warnings : undefined
+  };
 }
 
 async function deweyGet(id) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "50c",
-  "version": "2.10.0",
-  "description": "AI toolkit with beacon context compression. 137+ tools.",
+  "version": "2.14.0",
+  "description": "AI toolkit. Fixed grabr apiRequest calls + web_search/page_fetch now working.",
   "main": "lib/index.js",
   "bin": {
     "50c": "./bin/50c.js"