@aria-cli/tools 1.0.18 → 1.0.31

package/dist/security/ssrf.js

@@ -0,0 +1,182 @@
+/**
+ * SSRF (Server-Side Request Forgery) protection utilities
+ *
+ * Provides IP validation, URL validation, and redirect following with
+ * SSRF protection for web operations.
+ */
+import * as dns from "node:dns";
+import * as net from "node:net";
+import { getErrorMessage } from "../executors/utils.js";
+import { normalizeLookupResult } from "./dns-normalization.js";
+/** Maximum number of redirects to follow manually */
+const MAX_REDIRECT_HOPS = 5;
+/**
+ * Validates URL syntax/protocol only (no DNS resolution).
+ * Use this when DNS validation is enforced by the fetch boundary itself
+ * (for example, DNS-pinned fetch).
+ */
+export function validateUrlStructure(url) {
+    try {
+        const parsed = new URL(url);
+        if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+            return `Invalid URL protocol: ${parsed.protocol}. Only http: and https: are allowed.`;
+        }
+    }
+    catch {
+        return `Invalid URL format: ${url}`;
+    }
+    return null;
+}
+/**
+ * Checks whether an IP address belongs to a private/reserved network range.
+ * Blocks loopback, RFC 1918, link-local, IPv6 private, and unspecified addresses.
+ */
+export function isPrivateAddress(ip) {
+    // IPv6-mapped IPv4 (::ffff:127.0.0.1) — strip prefix and re-check as IPv4
+    if (ip.startsWith("::ffff:")) {
+        return isPrivateAddress(ip.slice(7));
+    }
+    // Unspecified addresses
+    if (ip === "0.0.0.0" || ip === "::" || ip === "[::]") {
+        return true;
+    }
+    // IPv6 loopback
+    if (ip === "::1") {
+        return true;
+    }
+    // IPv6 private (fc00::/7 — covers fc00:: through fdff::)
+    if (/^f[cd]/i.test(ip)) {
+        return true;
+    }
+    // IPv6 link-local (fe80::/10)
+    if (/^fe[89ab]/i.test(ip)) {
+        return true;
+    }
+    // For IPv4 addresses, parse octets
+    if (net.isIPv4(ip)) {
+        const parts = ip.split(".").map(Number);
+        const a = parts[0];
+        const b = parts[1];
+        // 127.0.0.0/8 — loopback
+        if (a === 127)
+            return true;
+        // 10.0.0.0/8 — RFC 1918
+        if (a === 10)
+            return true;
+        // 172.16.0.0/12 — RFC 1918 (172.16.x.x – 172.31.x.x)
+        if (a === 172 && b >= 16 && b <= 31)
+            return true;
+        // 192.168.0.0/16 — RFC 1918
+        if (a === 192 && b === 168)
+            return true;
+        // 169.254.0.0/16 — link-local (incl. AWS metadata 169.254.169.254)
+        if (a === 169 && b === 254)
+            return true;
+        // 0.0.0.0/8 — current network
+        if (a === 0)
+            return true;
+        // 100.64.0.0/10 — RFC 6598 shared address space (CGNAT)
+        if (a === 100 && b >= 64 && b <= 127)
+            return true;
+        // 192.0.0.0/24 — RFC 6890 IETF protocol assignments
+        if (a === 192 && b === 0 && parts[2] === 0)
+            return true;
+        // 198.18.0.0/15 — RFC 2544 benchmark testing (198.18.x.x – 198.19.x.x)
+        if (a === 198 && (b === 18 || b === 19))
+            return true;
+        // 240.0.0.0/4 — RFC 1112 future use / reserved (240.x.x.x – 255.x.x.x)
+        if (a >= 240)
+            return true;
+    }
+    return false;
+}
+/**
+ * Validates that a string is a valid HTTP(S) URL and does not resolve
+ * to a private/reserved IP address (SSRF protection).
+ * Returns null if valid, error message if invalid.
+ */
+export async function validateUrl(url) {
+    const structureError = validateUrlStructure(url);
+    if (structureError) {
+        return structureError;
+    }
+    const parsed = new URL(url);
+    // Resolve hostname to IP and check for private addresses
+    try {
+        const lookupResult = await dns.promises.lookup(parsed.hostname, {
+            all: true,
+            verbatim: true,
+        });
+        const addresses = normalizeLookupResult(lookupResult).map((entry) => entry.address);
+        if (addresses.length === 0) {
+            return `DNS resolution failed for ${parsed.hostname}: no addresses returned`;
+        }
+        const privateAddress = addresses.find((address) => isPrivateAddress(address));
+        if (privateAddress) {
+            return `Access to private network address denied: ${parsed.hostname} resolved to ${privateAddress}`;
+        }
+    }
+    catch (err) {
+        return `DNS resolution failed for ${parsed.hostname}: ${getErrorMessage(err)}`;
+    }
+    return null;
+}
+/**
+ * Best-effort disposal for unread response bodies.
+ * Redirect and early-return paths must explicitly close bodies they abandon so
+ * later aborts cannot surface from resources that no caller still owns.
+ */
+export async function discardResponseBody(response) {
+    const body = response?.body;
+    if (!body || body.locked) {
+        return;
+    }
+    try {
+        await body.cancel();
+    }
+    catch {
+        // Discard is best-effort cleanup only.
+    }
+}
+export async function followRedirects(initialResponse, requestInit, options = {}) {
+    const maxHops = options.maxHops ?? MAX_REDIRECT_HOPS;
+    const fetchFn = options.fetchFn ?? fetch;
+    const validateRedirectUrl = options.validateRedirectUrl ?? validateUrl;
+    let response = initialResponse;
+    let currentUrl = response.url || options.baseUrl || "";
+    let hops = 0;
+    while (hops < maxHops && response.status >= 300 && response.status < 400) {
+        const location = response.headers.get("Location");
+        if (!location) {
+            break;
+        }
+        let resolvedLocation;
+        try {
+            if (currentUrl) {
+                resolvedLocation = new URL(location, currentUrl).toString();
+            }
+            else {
+                resolvedLocation = new URL(location).toString();
+            }
+        }
+        catch {
+            await discardResponseBody(response);
+            throw new Error(`Invalid redirect URL: ${location}`);
+        }
+        // Validate the redirect target against SSRF
+        const redirectError = await validateRedirectUrl(resolvedLocation);
+        if (redirectError) {
+            await discardResponseBody(response);
+            throw new Error(`Redirect blocked (hop ${hops + 1}): ${redirectError}`);
+        }
+        await discardResponseBody(response);
+        response = await fetchFn(resolvedLocation, {
+            ...requestInit,
+            redirect: "manual",
+        });
+        currentUrl = response.url || resolvedLocation;
+        hops++;
+    }
+    return response;
+}
+//# sourceMappingURL=ssrf.js.map

package/dist/session-history-gk75e3ta.js

@@ -0,0 +1 @@
+import{ic as a,jc as b}from"./index-b3sdwzh5.js";import"./index-6qew5tp1.js";import"./index-tvryzx00.js";export{a as getSessionHistory,b as executeSessionHistory};

package/dist/slack/desktop-session.js

@@ -0,0 +1,325 @@
+import crypto from "node:crypto";
+import { execFile } from "node:child_process";
+import { promises as fs } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { promisify } from "node:util";
+const execFileAsync = promisify(execFile);
+const SLACK_APP_SUPPORT_DIR = path.join(os.homedir(), "Library", "Application Support", "Slack");
+const SLACK_LEVELDB_DIR = path.join(SLACK_APP_SUPPORT_DIR, "Local Storage", "leveldb");
+const SLACK_COOKIE_DB_PATH = path.join(SLACK_APP_SUPPORT_DIR, "Cookies");
+const SLACK_SAFE_STORAGE_SERVICE = "Slack Safe Storage";
+const SLACK_APP_ORIGIN = "https://app.slack.com";
+const DEFAULT_BOOTSTRAP_TIMEOUT_MS = 30_000;
+const TEAM_ID_REGEX = /\bT[A-Z0-9]{8,}\b/g;
+const TOKEN_REGEX = /\bxoxc-[A-Za-z0-9-]{20,}\b/g;
+export function extractCachedSlackDesktopState(levelDbText) {
+    const cachedToken = levelDbText.match(TOKEN_REGEX)?.[0] ?? null;
+    const teamIds = [];
+    const seen = new Set();
+    const localConfigSegments = [...levelDbText.matchAll(/localConfig_v2[\s\S]{0,8000}/g)].map((match) => match[0]);
+    const sources = localConfigSegments.length > 0 ? localConfigSegments : [levelDbText];
+    for (const source of sources) {
+        for (const teamId of source.match(TEAM_ID_REGEX) ?? []) {
+            if (seen.has(teamId))
+                continue;
+            seen.add(teamId);
+            teamIds.push(teamId);
+        }
+    }
+    return { cachedToken, teamIds };
+}
+export function extractWorkspaceHostFromAppHtml(html) {
+    const enterpriseHosts = [...html.matchAll(/https:\/\/([A-Za-z0-9.-]+\.enterprise\.slack\.com)/g)]
+        .map((match) => match[1])
+        .filter(Boolean);
+    if (enterpriseHosts.length > 0) {
+        return enterpriseHosts[0] ?? null;
+    }
+    const workspaceHosts = [...html.matchAll(/https:\/\/([A-Za-z0-9.-]+\.slack\.com)/g)]
+        .map((match) => match[1])
+        .filter((host) => host !== "api.slack.com" && host !== "app.slack.com");
+    return workspaceHosts[0] ?? null;
+}
+export function extractLiveSlackTokenFromMultipartBody(body) {
+    const match = body.match(/name="token"\r?\n\r?\n([^\r\n]+)/);
+    return match?.[1] ?? null;
+}
+function decryptChromiumCookieHex(cookieHex, safeStoragePassword) {
+    const encryptedValue = Buffer.from(cookieHex, "hex");
+    if (encryptedValue.length === 0) {
+        return "";
+    }
+    const versionPrefix = encryptedValue.subarray(0, 3).toString("utf8");
+    if (versionPrefix !== "v10" && versionPrefix !== "v11") {
+        return encryptedValue.toString("utf8");
+    }
+    const key = crypto.pbkdf2Sync(safeStoragePassword, "saltysalt", 1003, 16, "sha1");
+    const decipher = crypto.createDecipheriv("aes-128-cbc", key, Buffer.alloc(16, 0x20));
+    let decrypted = Buffer.concat([decipher.update(encryptedValue.subarray(3)), decipher.final()]);
+    const padLength = decrypted.at(-1) ?? 0;
+    if (padLength > 0 && padLength <= 16) {
+        decrypted = decrypted.subarray(0, decrypted.length - padLength);
+    }
+    // Chromium cookie DB version 24 prefixes SHA-256(host_key) before the plaintext value.
+    if (decrypted.length >= 32) {
+        decrypted = decrypted.subarray(32);
+    }
+    return decrypted.toString("utf8");
+}
+async function readSlackLevelDbText(levelDbDir = SLACK_LEVELDB_DIR) {
+    const entries = await fs.readdir(levelDbDir);
+    const files = entries.filter((entry) => entry.endsWith(".ldb") || entry.endsWith(".log")).sort();
+    const chunks = await Promise.all(files.map(async (entry) => {
+        const fullPath = path.join(levelDbDir, entry);
+        return fs.readFile(fullPath, "utf8").catch(async () => {
+            const bytes = await fs.readFile(fullPath);
+            return bytes.toString("utf8");
+        });
+    }));
+    return chunks.join("\n");
+}
+async function readSeedCookies(cookieDbPath = SLACK_COOKIE_DB_PATH) {
+    const { stdout: passwordStdout } = await execFileAsync("security", [
+        "find-generic-password",
+        "-w",
+        "-s",
+        SLACK_SAFE_STORAGE_SERVICE,
+    ]);
+    const safeStoragePassword = passwordStdout.trim();
+    const sql = [
+        "SELECT host_key, name, path, is_secure, is_httponly, hex(encrypted_value)",
+        "FROM cookies",
+        "WHERE host_key IN ('.slack.com', 'app.slack.com')",
+        "AND name IN ('b', 'd')",
+        "ORDER BY name",
+    ].join(" ");
+    const { stdout } = await execFileAsync("sqlite3", ["-separator", "\t", cookieDbPath, sql]);
+    const cookies = stdout
+        .split("\n")
+        .map((line) => line.trim())
+        .filter(Boolean)
+        .map((line) => {
+        const [domain, name, cookiePath, secureFlag, httpOnlyFlag, encryptedHex] = line.split("\t");
+        if (!domain || !name || !encryptedHex) {
+            throw new Error(`Unexpected sqlite3 cookie row shape: ${line}`);
+        }
+        return {
+            name,
+            value: decryptChromiumCookieHex(encryptedHex ?? "", safeStoragePassword),
+            domain,
+            path: cookiePath || "/",
+            secure: secureFlag === "1",
+            httpOnly: httpOnlyFlag === "1",
+        };
+    });
+    if (cookies.length === 0) {
+        throw new Error("Slack Desktop auth cookies were not found in the local Chromium cookie store.");
+    }
+    return cookies;
+}
+async function waitForLiveSlackBootstrap(page, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            page.off("request", handleRequest);
+            reject(new Error("Timed out while waiting for the live Slack Desktop API bootstrap request."));
+        }, timeoutMs);
+        const handleRequest = (request) => {
+            const requestUrl = request.url();
+            if (!requestUrl.includes("/api/")) {
+                return;
+            }
+            const liveToken = extractLiveSlackTokenFromMultipartBody(request.postData() ?? "");
+            if (!liveToken) {
+                return;
+            }
+            clearTimeout(timer);
+            page.off("request", handleRequest);
+            resolve({
+                workspaceHost: new URL(requestUrl).host,
+                liveToken,
+            });
+        };
+        page.on("request", handleRequest);
+    });
+}
+function normalizeRequestForm(liveToken, fields) {
+    const form = { token: liveToken };
+    for (const [key, value] of Object.entries(fields)) {
+        if (value === undefined)
+            continue;
+        if (typeof value === "string") {
+            form[key] = value;
+            continue;
+        }
+        if (typeof value === "number" || typeof value === "boolean") {
+            form[key] = String(value);
+            continue;
+        }
+        form[key] = JSON.stringify(value);
+    }
+    return form;
+}
+function normalizeChannelRef(channelRef) {
+    return channelRef.startsWith("#") ? channelRef.slice(1) : channelRef;
+}
+function looksLikeConversationId(channelRef) {
+    return /^[CDG][A-Z0-9]{8,}$/.test(channelRef);
+}
+function toSlackMessageView(message) {
+    return {
+        ts: typeof message.ts === "string" ? message.ts : "",
+        user: typeof message.user === "string"
+            ? message.user
+            : typeof message.bot_id === "string"
+                ? message.bot_id
+                : null,
+        text: typeof message.text === "string" ? message.text : "",
+        subtype: typeof message.subtype === "string" ? message.subtype : null,
+        threadTs: typeof message.thread_ts === "string" ? message.thread_ts : null,
+    };
+}
+export async function createSlackDesktopClient(options) {
+    const cachedState = extractCachedSlackDesktopState(await readSlackLevelDbText());
+    const teamId = options?.teamId ?? cachedState.teamIds[0];
+    if (!teamId) {
+        throw new Error("No Slack workspace team id was discovered in the local Slack Desktop storage.");
+    }
+    const playwright = await import("playwright");
+    const browser = await playwright.chromium.launch({ headless: true });
+    const context = await browser.newContext();
+    await context.addCookies(await readSeedCookies());
+    const page = await context.newPage();
+    const bootstrapPromise = waitForLiveSlackBootstrap(page, options?.bootstrapTimeoutMs ?? DEFAULT_BOOTSTRAP_TIMEOUT_MS);
+    await page.goto(`${SLACK_APP_ORIGIN}/client/${teamId}`, {
+        waitUntil: "domcontentloaded",
+        timeout: options?.bootstrapTimeoutMs ?? DEFAULT_BOOTSTRAP_TIMEOUT_MS,
+    });
+    const bootstrap = await bootstrapPromise;
+    const invokeJsonApi = async (method, fields) => {
+        const response = await context.request.post(`https://${bootstrap.workspaceHost}/api/${method}`, {
+            form: normalizeRequestForm(bootstrap.liveToken, fields),
+            headers: {
+                Origin: SLACK_APP_ORIGIN,
+                Referer: `${SLACK_APP_ORIGIN}/client/${teamId}`,
+            },
+        });
+        const text = await response.text();
+        let json;
+        try {
+            json = JSON.parse(text);
+        }
+        catch {
+            throw new Error(`Slack API ${method} returned non-JSON response (HTTP ${response.status()}).`);
+        }
+        if (json.ok !== true) {
+            const errorCode = typeof json.error === "string" ? json.error : `http_${response.status()}`;
+            throw new Error(`Slack API ${method} failed: ${errorCode}`);
+        }
+        return json;
+    };
+    const resolveConversationId = async (channelRef) => {
+        const normalized = normalizeChannelRef(channelRef);
+        if (looksLikeConversationId(normalized)) {
+            return normalized;
+        }
+        let cursor;
+        for (let pageNumber = 0; pageNumber < 20; pageNumber += 1) {
+            const response = await invokeJsonApi("conversations.list", {
+                limit: 200,
+                exclude_archived: true,
+                types: "public_channel,private_channel,im,mpim",
+                cursor,
+            });
+            const channels = Array.isArray(response.channels) ? response.channels : [];
+            const match = channels.find((channel) => {
+                if (!channel || typeof channel !== "object")
+                    return false;
+                const name = typeof channel.name === "string" ? channel.name : null;
+                const nameNormalized = typeof channel.name_normalized === "string" ? channel.name_normalized : null;
+                return name === normalized || nameNormalized === normalized.toLowerCase();
+            });
+            if (match && typeof match.id === "string") {
+                return match.id;
+            }
+            const responseMetadata = response.response_metadata && typeof response.response_metadata === "object"
+                ? response.response_metadata
+                : undefined;
+            const nextCursor = responseMetadata && typeof responseMetadata.next_cursor === "string"
+                ? responseMetadata.next_cursor.trim()
+                : "";
+            if (!nextCursor) {
+                break;
+            }
+            cursor = nextCursor;
+        }
+        throw new Error(`Slack conversation "${channelRef}" was not found. Use a channel id like C..., G..., or D... if the name cannot be resolved.`);
+    };
+    return {
+        getTeamId: () => teamId,
+        getWorkspaceHost: () => bootstrap.workspaceHost,
+        listMessages: async ({ channel, limit = 20, threadTs }) => {
+            const channelId = await resolveConversationId(channel);
+            const method = threadTs ? "conversations.replies" : "conversations.history";
+            const response = await invokeJsonApi(method, {
+                channel: channelId,
+                limit: Math.max(1, Math.min(limit, 100)),
+                ...(threadTs ? { ts: threadTs } : {}),
+            });
+            const responseMetadata = response.response_metadata && typeof response.response_metadata === "object"
+                ? response.response_metadata
+                : undefined;
+            const nextCursor = responseMetadata && typeof responseMetadata.next_cursor === "string"
+                ? responseMetadata.next_cursor || null
+                : null;
+            const rawMessages = Array.isArray(response.messages) ? response.messages : [];
+            return {
+                teamId,
+                workspaceHost: bootstrap.workspaceHost,
+                channelId,
+                messages: rawMessages
+                    .filter((message) => !!message && typeof message === "object")
+                    .map(toSlackMessageView),
+                hasMore: response.has_more === true,
+                nextCursor,
+            };
+        },
+        sendMessage: async ({ channel, text, threadTs }) => {
+            const channelId = await resolveConversationId(channel);
+            const response = await invokeJsonApi("chat.postMessage", {
+                channel: channelId,
+                text,
+                ...(threadTs ? { thread_ts: threadTs } : {}),
+            });
+            const ts = typeof response.ts === "string" ? response.ts : null;
+            if (!ts) {
+                throw new Error("Slack API chat.postMessage did not return a message timestamp.");
+            }
+            return {
+                teamId,
+                workspaceHost: bootstrap.workspaceHost,
+                channelId,
+                ts,
+            };
+        },
+        addReaction: async ({ channel, timestamp, name }) => {
+            const channelId = await resolveConversationId(channel);
+            await invokeJsonApi("reactions.add", {
+                channel: channelId,
+                timestamp,
+                name,
+            });
+            return {
+                teamId,
+                workspaceHost: bootstrap.workspaceHost,
+                channelId,
+            };
+        },
+        close: async () => {
+            await page.close().catch(() => undefined);
+            await context.close().catch(() => undefined);
+            await browser.close().catch(() => undefined);
+        },
+    };
+}
+//# sourceMappingURL=desktop-session.js.map

package/dist/tool-factory.js

@@ -0,0 +1,48 @@
+/**
+ * @aria/tools - Tool factory function
+ *
+ * Creates Tool objects from Zod schemas with runtime validation.
+ */
+import { z } from "zod";
+/**
+ * Factory function for creating Tool objects from Zod schemas.
+ *
+ * Converts the Zod schema to JSON Schema 7 for LLM consumption,
+ * and wraps the execute handler with Zod validation.
+ *
+ * @example
+ * ```ts
+ * const getWeather = tool({
+ *   name: "get_weather",
+ *   description: "Get weather for a city",
+ *   parameters: z.object({ city: z.string(), units: z.enum(["F", "C"]) }),
+ *   execute: async (input) => ({
+ *     success: true,
+ *     message: `Weather in ${input.city}: sunny`,
+ *   }),
+ * });
+ * ```
+ */
+export function tool(options) {
+    const { name, description, parameters: zodSchema, execute, riskLevel = "safe", isReadOnly = true, category = "meta", loadingTier = "always", } = options;
+    // Convert Zod schema to JSON Schema 7 using Zod v4's built-in conversion
+    const jsonSchema = z.toJSONSchema(zodSchema);
+    // Remove the $schema key since the Tool interface expects a plain JSONSchema7 object
+    // describing the parameters, not a full standalone schema document
+    delete jsonSchema.$schema;
+    return {
+        name,
+        description,
+        category,
+        parameters: jsonSchema,
+        riskLevel,
+        isReadOnly,
+        loadingTier,
+        execute: async (input, context) => {
+            // Validate input with Zod before calling the handler
+            const parsed = zodSchema.parse(input);
+            return execute(parsed, context);
+        },
+    };
+}
+//# sourceMappingURL=tool-factory.js.map

package/dist/types.js

@@ -0,0 +1,8 @@
+/**
+ * @aria/tools - Tool system types
+ *
+ * Unified tool interface for all ARIA tools.
+ * All tools are LLM-callable with optional user confirmation.
+ */
+export {};
+//# sourceMappingURL=types.js.map