@aria-cli/tools 1.0.12 → 1.0.14

package/dist-cjs/outlook/desktop-session.js

@@ -1,318 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createOutlookDesktopClient = createOutlookDesktopClient;
-const node_os_1 = __importDefault(require("node:os"));
-const node_path_1 = __importDefault(require("node:path"));
-const node_fs_1 = require("node:fs");
-const OUTLOOK_SESSION_DIR = node_path_1.default.join(node_os_1.default.homedir(), ".aria", "outlook-session");
-const OUTLOOK_TOKEN_CACHE = node_path_1.default.join(node_os_1.default.homedir(), ".aria", "cache", "outlook-token.json");
-const OUTLOOK_WEB_URL = "https://outlook.office.com/mail/";
-// Outlook web uses outlook.office.com-scoped tokens, not graph.microsoft.com.
-// The Outlook REST v2 API at outlook.office.com/api/v2.0 accepts these tokens.
-const OUTLOOK_REST_API_BASE = "https://outlook.office.com/api/v2.0";
-const DEFAULT_BOOTSTRAP_TIMEOUT_MS = 60_000;
-async function loadCachedToken() {
-    try {
-        const raw = await node_fs_1.promises.readFile(OUTLOOK_TOKEN_CACHE, "utf-8");
-        const cached = JSON.parse(raw);
-        // Token valid if >5 min remaining
-        if (cached.bearerToken && cached.expiresAt > Date.now() + 5 * 60_000) {
-            return cached;
-        }
-    }
-    catch {
-        // no cache or invalid
-    }
-    return null;
-}
-async function saveCachedToken(token, email) {
-    // Decode JWT to get expiry
-    let exp = Date.now() + 60 * 60_000; // default 1h
-    try {
-        const part = token.split(".")[1];
-        if (!part)
-            throw new Error("no payload");
-        const payload = JSON.parse(Buffer.from(part, "base64").toString());
-        if (payload.exp)
-            exp = payload.exp * 1000;
-    }
-    catch {
-        /* best-effort */
-    }
-    const cached = { bearerToken: token, accountEmail: email, expiresAt: exp };
-    await node_fs_1.promises.mkdir(node_path_1.default.dirname(OUTLOOK_TOKEN_CACHE), { recursive: true });
-    await node_fs_1.promises.writeFile(OUTLOOK_TOKEN_CACHE, JSON.stringify(cached, null, 2));
-}
-// Outlook REST v2 returns PascalCase keys (Subject, From, EmailAddress)
-// while Graph API uses camelCase (subject, from, emailAddress).
-// Helper to read a field with either casing.
-function field(obj, camelKey) {
-    if (camelKey in obj)
-        return obj[camelKey];
-    const pascalKey = camelKey.charAt(0).toUpperCase() + camelKey.slice(1);
-    return obj[pascalKey];
-}
-function fieldStr(obj, camelKey) {
-    const v = field(obj, camelKey);
-    return typeof v === "string" ? v : "";
-}
-function parseRecipient(recipient) {
-    const emailAddress = field(recipient, "emailAddress") ?? null;
-    if (!emailAddress || typeof emailAddress !== "object")
-        return null;
-    return {
-        name: fieldStr(emailAddress, "name"),
-        email: fieldStr(emailAddress, "address"),
-    };
-}
-function parseRecipients(raw) {
-    if (!Array.isArray(raw))
-        return [];
-    return raw
-        .filter((r) => !!r && typeof r === "object")
-        .map(parseRecipient)
-        .filter((r) => r !== null);
-}
-function toMessageView(msg) {
-    const fromRaw = field(msg, "from");
-    const from = fromRaw && typeof fromRaw === "object"
-        ? parseRecipient(fromRaw)
-        : null;
-    return {
-        id: fieldStr(msg, "id") || fieldStr(msg, "Id"),
-        subject: fieldStr(msg, "subject"),
-        from: from ?? { name: "", email: "" },
-        toRecipients: parseRecipients(field(msg, "toRecipients")),
-        receivedDateTime: fieldStr(msg, "receivedDateTime"),
-        isRead: field(msg, "isRead") === true,
-        hasAttachments: field(msg, "hasAttachments") === true,
-        bodyPreview: fieldStr(msg, "bodyPreview"),
-        conversationId: fieldStr(msg, "conversationId"),
-    };
-}
-function toMessageDetail(msg) {
-    const view = toMessageView(msg);
-    const bodyRaw = field(msg, "body");
-    const body = bodyRaw && typeof bodyRaw === "object" ? bodyRaw : {};
-    return {
-        ...view,
-        body: {
-            contentType: fieldStr(body, "contentType") || "text",
-            content: fieldStr(body, "content"),
-        },
-        ccRecipients: parseRecipients(field(msg, "ccRecipients")),
-        importance: fieldStr(msg, "importance") || "normal",
-    };
-}
-async function waitForMailBearerToken(page, timeoutMs) {
-    return new Promise((resolve, reject) => {
-        const timer = setTimeout(() => {
-            page.off("request", handleRequest);
-            reject(new Error("Timed out waiting for a Mail-scoped bearer token. " +
-                "Ensure you are logged in to outlook.office.com."));
-        }, timeoutMs);
-        const seen = new Set();
-        const handleRequest = (request) => {
-            const authHeader = request.headers()["authorization"];
-            if (!authHeader || !authHeader.startsWith("Bearer "))
-                return;
-            const bearerToken = authHeader.slice(7);
-            const dedup = bearerToken.substring(0, 30);
-            if (seen.has(dedup))
-                return;
-            seen.add(dedup);
-            // Decode JWT payload to extract email and scopes
-            let accountEmail = "";
-            let scp = "";
-            try {
-                const payloadB64 = bearerToken.split(".")[1];
-                if (payloadB64) {
-                    const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString("utf8"));
-                    scp = typeof payload.scp === "string" ? payload.scp : "";
-                    accountEmail =
-                        typeof payload.upn === "string"
-                            ? payload.upn
-                            : typeof payload.preferred_username === "string"
-                                ? payload.preferred_username
-                                : typeof payload.unique_name === "string"
-                                    ? payload.unique_name
-                                    : "";
-                }
-            }
-            catch {
-                // JWT decode is best-effort
-            }
-            // Only accept tokens with Mail.Read scope (from outlook.cloud.microsoft)
-            if (!scp.includes("Mail.Read"))
-                return;
-            clearTimeout(timer);
-            page.off("request", handleRequest);
-            resolve({ bearerToken, accountEmail });
-        };
-        page.on("request", handleRequest);
-    });
-}
-// Stateless client using a cached bearer token (no Playwright needed)
-function createStatelessClient(bearerToken, accountEmail) {
-    const invokeApi = async (method, endpoint, body) => {
-        const url = `${OUTLOOK_REST_API_BASE}${endpoint}`;
-        const headers = {
-            Authorization: `Bearer ${bearerToken}`,
-            "Content-Type": "application/json",
-        };
-        const resp = await fetch(url, {
-            method,
-            headers,
-            body: body ? JSON.stringify(body) : undefined,
-        });
-        if (resp.status === 204)
-            return { status: 204 };
-        const text = await resp.text();
-        let json;
-        try {
-            json = JSON.parse(text);
-        }
-        catch {
-            throw new Error(`Outlook API ${method} ${endpoint} returned non-JSON (HTTP ${resp.status}).`);
-        }
-        if (resp.status >= 400) {
-            const error = json.error && typeof json.error === "object" ? json.error : {};
-            const code = typeof error.code === "string" ? error.code : `http_${resp.status}`;
-            const message = typeof error.message === "string" ? error.message : "Unknown error";
-            throw new Error(`Outlook API ${method} ${endpoint} failed: ${code} — ${message}`);
-        }
-        return json;
-    };
-    return buildClientMethods(invokeApi, accountEmail, async () => {
-        /* no-op close */
-    });
-}
-async function createOutlookDesktopClient(opts) {
-    const timeoutMs = opts?.bootstrapTimeoutMs ?? DEFAULT_BOOTSTRAP_TIMEOUT_MS;
-    // Strategy 1: Use cached token if still valid (no Playwright needed)
-    const cached = await loadCachedToken();
-    if (cached) {
-        return createStatelessClient(cached.bearerToken, cached.accountEmail);
-    }
-    // Strategy 2: Launch Playwright headful to get a fresh token via SSO
-    // Must be headful — Microsoft SSO blocks headless Chromium
-    await node_fs_1.promises.mkdir(OUTLOOK_SESSION_DIR, { recursive: true });
-    const playwright = await Promise.resolve().then(() => __importStar(require("playwright")));
-    const context = await playwright.chromium.launchPersistentContext(OUTLOOK_SESSION_DIR, {
-        headless: false,
-        args: ["--start-maximized"],
-        viewport: null,
-    });
-    const page = context.pages()[0] ?? (await context.newPage());
-    const bootstrapPromise = waitForMailBearerToken(page, timeoutMs);
-    await page.goto(OUTLOOK_WEB_URL, {
-        waitUntil: "domcontentloaded",
-        timeout: timeoutMs,
-    });
-    const { bearerToken, accountEmail } = await bootstrapPromise;
-    // Cache the token for subsequent calls (avoids launching Playwright)
-    await saveCachedToken(bearerToken, accountEmail);
-    // Close browser immediately — we have the token, use stateless client
-    await page.close().catch(() => undefined);
-    await context.close().catch(() => undefined);
-    return createStatelessClient(bearerToken, accountEmail);
-}
-function buildClientMethods(invokeApi, accountEmail, closeFn) {
-    return {
-        getAccountEmail: () => accountEmail,
-        listMessages: async ({ folder = "inbox", limit = 20, filter, search }) => {
-            const params = new URLSearchParams();
-            params.set("$top", String(Math.max(1, Math.min(limit, 50))));
-            params.set("$select", "Id,Subject,From,ToRecipients,ReceivedDateTime,IsRead,HasAttachments,BodyPreview,ConversationId");
-            params.set("$orderby", "ReceivedDateTime desc");
-            if (filter)
-                params.set("$filter", filter);
-            if (search)
-                params.set("$search", `"${search}"`);
-            const endpoint = `/me/mailFolders/${encodeURIComponent(folder)}/messages?${params.toString()}`;
-            const json = await invokeApi("GET", endpoint);
-            const rawMessages = Array.isArray(json.value) ? json.value : [];
-            const messages = rawMessages
-                .filter((m) => !!m && typeof m === "object")
-                .map(toMessageView);
-            return {
-                accountEmail,
-                folder,
-                messages,
-                totalCount: typeof json["@odata.count"] === "number" ? json["@odata.count"] : messages.length,
-            };
-        },
-        getMessage: async ({ messageId }) => {
-            const json = await invokeApi("GET", `/me/messages/${encodeURIComponent(messageId)}`);
-            return toMessageDetail(json);
-        },
-        sendMessage: async ({ to, cc, subject, body, bodyType = "text" }) => {
-            const toRecipients = to.map((email) => ({
-                EmailAddress: { Address: email },
-            }));
-            const ccRecipients = (cc ?? []).map((email) => ({
-                EmailAddress: { Address: email },
-            }));
-            await invokeApi("POST", "/me/sendMail", {
-                Message: {
-                    Subject: subject,
-                    Body: { ContentType: bodyType === "html" ? "HTML" : "Text", Content: body },
-                    ToRecipients: toRecipients,
-                    ...(ccRecipients.length > 0 ? { CcRecipients: ccRecipients } : {}),
-                },
-            });
-            return { accountEmail, status: "sent" };
-        },
-        replyMessage: async ({ messageId, body, bodyType = "text", replyAll = false }) => {
-            const replyMethod = replyAll ? "ReplyAll" : "Reply";
-            await invokeApi("POST", `/me/messages/${encodeURIComponent(messageId)}/${replyMethod}`, {
-                Comment: body,
-                ...(bodyType === "html"
-                    ? {
-                        Message: {
-                            Body: { ContentType: "HTML", Content: body },
-                        },
-                    }
-                    : {}),
-            });
-            return { accountEmail, status: "sent" };
-        },
-        close: closeFn,
-    };
-}

package/dist-cjs/policy.js

@@ -1,155 +0,0 @@
-"use strict";
-/**
- * Tool Policy Engine
- *
- * Evaluates whether a tool is allowed based on allow/deny lists with group expansion.
- * Supports layered policy merging (intersection semantics) for arion + RunOptions policies.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TOOL_GROUPS = void 0;
-exports.expandGroups = expandGroups;
-exports.isToolAllowed = isToolAllowed;
-exports.mergePolicies = mergePolicies;
-/** Built-in tool groups */
-exports.TOOL_GROUPS = {
-    "group:memory": [
-        "remember",
-        "recall",
-        "forget",
-        "recall_knowledge",
-        "reflect",
-        "search",
-        "learn",
-        "session_history",
-    ],
-    "group:web": ["web_search", "web_fetch", "browse", "browser"],
-    "group:filesystem": ["read_file", "write_file", "edit_file", "glob", "grep", "ls", "apply_patch"],
-    "group:shell": [
-        "bash",
-        "exec",
-        "spawn",
-        "kill",
-        "list_processes",
-        "wait_process",
-        "write_stdin",
-        "process",
-    ],
-    "group:arion": [
-        "hatch_arion",
-        "wake_arion",
-        "rest_arion",
-        "retire_arion",
-        "delegate_arion",
-        "manage_network",
-        "list_clients",
-        "deploy",
-    ],
-    "group:meta": [
-        "ask_user",
-        "quest_update",
-        "quest_list",
-        "search",
-        "learn",
-        "learn_tool",
-        "learn_skill",
-        "create_tool",
-        "create_skill",
-        "use_skill",
-        "restart",
-        "spawn_worker",
-        "check_delegation",
-        "pause_delegation",
-        "resume_delegation",
-        "quest_report",
-        "self_diagnose",
-    ],
-};
-/**
- * Expand group references in a policy list.
- * "group:memory" → ["remember", "recall", "forget", "reflect"]
- * Individual tool names pass through unchanged.
- * Unknown group names are ignored (treated as empty).
- */
-function expandGroups(names) {
-    const result = new Set();
-    for (const name of names) {
-        const lower = name.toLowerCase();
-        if (lower.startsWith("group:")) {
-            const members = exports.TOOL_GROUPS[lower];
-            if (members) {
-                for (const member of members) {
-                    result.add(member.toLowerCase());
-                }
-            }
-            // Unknown group names are silently ignored
-        }
-        else {
-            result.add(lower);
-        }
-    }
-    return result;
-}
-/**
- * Evaluate whether a tool is allowed by a policy.
- * Rules:
- * 1. If allow is empty/undefined and restrictAllow is false/undefined
- *    → all tools allowed (then check deny)
- * 2. If allow is non-empty OR restrictAllow=true
- *    → only listed tools/groups allowed (empty allow + restrictAllow=true denies all)
- * 3. Deny always wins over allow
- */
-function isToolAllowed(toolName, policy) {
-    const normalized = toolName.toLowerCase();
-    // Check allow list: when restricted, tool must be in allowed set.
-    const isAllowRestricted = policy.restrictAllow === true || (policy.allow !== undefined && policy.allow.length > 0);
-    if (isAllowRestricted) {
-        const allowed = expandGroups(policy.allow ?? []);
-        if (!allowed.has(normalized)) {
-            return false;
-        }
-    }
-    // Check deny list: deny always wins
-    if (policy.deny && policy.deny.length > 0) {
-        const denied = expandGroups(policy.deny);
-        if (denied.has(normalized)) {
-            return false;
-        }
-    }
-    return true;
-}
-/**
- * Merge two policies (intersection). Used for layered evaluation:
- * arion policy ∩ RunOptions policy = effective policy.
- * A tool must be allowed by BOTH layers.
- */
-function mergePolicies(a, b) {
-    // Merge deny: union of both deny lists
-    const mergedDeny = [...(a.deny ?? []), ...(b.deny ?? [])];
-    // Merge allow with restriction semantics:
-    // - both restricted: intersection (possibly empty = deny all)
-    // - one restricted: inherit that restriction
-    // - neither restricted: unrestricted
-    const aRestricts = a.restrictAllow === true || (a.allow?.length ?? 0) > 0;
-    const bRestricts = b.restrictAllow === true || (b.allow?.length ?? 0) > 0;
-    let mergedAllow;
-    let mergedRestrictAllow = false;
-    if (aRestricts && bRestricts) {
-        const expandedA = expandGroups(a.allow ?? []);
-        const expandedB = expandGroups(b.allow ?? []);
-        mergedAllow = [...expandedA].filter((name) => expandedB.has(name));
-        mergedRestrictAllow = true;
-    }
-    else if (aRestricts) {
-        mergedAllow = [...(a.allow ?? [])];
-        mergedRestrictAllow = true;
-    }
-    else if (bRestricts) {
-        mergedAllow = [...(b.allow ?? [])];
-        mergedRestrictAllow = true;
-    }
-    return {
-        ...(mergedAllow !== undefined ? { allow: mergedAllow } : {}),
-        ...(mergedRestrictAllow ? { restrictAllow: true } : {}),
-        ...(mergedDeny.length ? { deny: mergedDeny } : {}),
-    };
-}

package/dist-cjs/providers/brave.js

@@ -1,66 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.BraveSearchProvider = void 0;
-const search_provider_js_1 = require("./search-provider.js");
-class BraveSearchProvider {
-    env;
-    name = "brave";
-    requiresApiKey = true;
-    priority = 1;
-    constructor(env = process.env) {
-        this.env = env;
-    }
-    isAvailable() {
-        const apiKey = (0, search_provider_js_1.resolveSearchProviderEnv)(this.env).BRAVE_API_KEY;
-        return Boolean(apiKey && apiKey.trim().length > 0);
-    }
-    async search(query, options) {
-        const apiKey = (0, search_provider_js_1.resolveSearchProviderEnv)(this.env).BRAVE_API_KEY;
-        if (!apiKey) {
-            throw new Error("BRAVE_API_KEY environment variable is not set");
-        }
-        const limit = options?.limit ?? 5;
-        const url = new URL("https://api.search.brave.com/res/v1/web/search");
-        url.searchParams.set("q", query);
-        url.searchParams.set("count", String(limit));
-        // Handle timeRange option (map to Brave's freshness parameter)
-        if (options?.timeRange) {
-            const freshnessMap = {
-                day: "pd",
-                week: "pw",
-                month: "pm",
-                year: "py",
-            };
-            const freshness = freshnessMap[options.timeRange];
-            if (freshness) {
-                url.searchParams.set("freshness", freshness);
-            }
-        }
-        const { signal, cleanup } = (0, search_provider_js_1.createProviderAbortSignal)(30_000, options?.signal);
-        try {
-            const response = await fetch(url.toString(), {
-                method: "GET",
-                headers: {
-                    Accept: "application/json",
-                    "X-Subscription-Token": apiKey,
-                },
-                signal,
-            });
-            if (!response.ok) {
-                throw new Error(`Brave Search API error: ${response.status} ${response.statusText}`);
-            }
-            const json = await response.json();
-            const webResults = json.web?.results || [];
-            return webResults.map((r) => ({
-                title: r.title,
-                url: r.url,
-                content: r.description,
-                score: r.relevance_score,
-            }));
-        }
-        finally {
-            cleanup();
-        }
-    }
-}
-exports.BraveSearchProvider = BraveSearchProvider;