npm - @cccarv82/freya - Versions diffs - 1.0.20 → 1.0.22 - Mend

@cccarv82/freya 1.0.20 → 1.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/cli/web-ui.js CHANGED Viewed

@@ -4,7 +4,7 @@
 (function () {
   const $ = (id) => document.getElementById(id);
-  const state = { lastReportPath: null, lastText: '', reports: [], selectedReport: null, lastPlan: '', lastApplied: null };
+  undefined
   function applyTheme(theme) {
     document.documentElement.setAttribute('data-theme', theme);
@@ -187,9 +187,23 @@
   function saveLocal() {
     localStorage.setItem('freya.dir', $('dir').value);
+    try { localStorage.setItem('freya.autoApply', state.autoApply ? '1' : '0'); } catch {}
+    try { localStorage.setItem('freya.autoRunReports', state.autoRunReports ? '1' : '0'); } catch {}
   }
   function loadLocal() {
+    try {
+      const v = localStorage.getItem('freya.autoApply');
+      if (v !== null) state.autoApply = v === '1';
+      const cb = $('autoApply');
+      if (cb) cb.checked = !!state.autoApply;
+      const v2 = localStorage.getItem('freya.autoRunReports');
+      if (v2 !== null) state.autoRunReports = v2 === '1';
+      const cb2 = $('autoRunReports');
+      if (cb2) cb2.checked = !!state.autoRunReports;
+    } catch {}
     const def = (window.__FREYA_DEFAULT_DIR && window.__FREYA_DEFAULT_DIR !== '__FREYA_DEFAULT_DIR__')
       ? window.__FREYA_DEFAULT_DIR
       : (localStorage.getItem('freya.dir') || './freya');
@@ -274,13 +288,22 @@
     }
   }
-  async function refreshReports() {
+  async function refreshReports(opts = {}) {
     try {
       const r = await api('/api/reports/list', { dir: dirOrDefault() });
       state.reports = (r.reports || []).slice(0, 50);
       renderReportsList();
-      if (!state.selectedReport && state.reports && state.reports[0]) {
-        await selectReport(state.reports[0]);
+      const latest = state.reports && state.reports[0] ? state.reports[0] : null;
+      if (!latest) return;
+      if (opts.selectLatest) {
+        await selectReport(latest);
+        return;
+      }
+      if (!state.selectedReport) {
+        await selectReport(latest);
       }
     } catch (e) {
       // ignore
@@ -312,7 +335,7 @@
       const r = await api('/api/init', { dir: dirOrDefault() });
       setOut(r.output);
       setLast(null);
-      await refreshReports();
+      await refreshReports({ selectLatest: true });
       // Auto health after init
       try { await doHealth(); } catch {}
       setPill('ok', 'init ok');
@@ -331,7 +354,7 @@
       const r = await api('/api/update', { dir: dirOrDefault() });
       setOut(r.output);
       setLast(null);
-      await refreshReports();
+      await refreshReports({ selectLatest: true });
       // Auto health after update
       try { await doHealth(); } catch {}
       setPill('ok', 'update ok');
@@ -383,7 +406,7 @@
       setOut(r.output);
       setLast(r.reportPath || null);
       if (r.reportText) state.lastText = r.reportText;
-      await refreshReports();
+      await refreshReports({ selectLatest: true });
       setPill('ok', name + ' ok');
     } catch (e) {
       setPill('err', name + ' failed');
@@ -413,10 +436,27 @@
     try {
       saveLocal();
       if (!state.lastText) throw new Error('Gere um relatório primeiro.');
+      // quick local warning (server also enforces)
+      const secretHints = [];
+      if (/ghp_[A-Za-z0-9]{20,}/.test(state.lastText)) secretHints.push('GitHub token');
+      if (/github_pat_[A-Za-z0-9_]{20,}/.test(state.lastText)) secretHints.push('GitHub fine-grained token');
+      if (/-----BEGIN [A-Z ]+PRIVATE KEY-----/.test(state.lastText)) secretHints.push('Private key');
+      if (/xox[baprs]-[A-Za-z0-9-]{10,}/.test(state.lastText)) secretHints.push('Slack token');
+      if (/AKIA[0-9A-Z]{16}/.test(state.lastText)) secretHints.push('AWS key');
+      const msg = secretHints.length
+        ? 'ATENÇÃO: possível segredo detectado (' + secretHints.join(', ') + ').\n\nPublicar mesmo assim? (o Freya vai mascarar automaticamente)'
+        : 'Publicar o relatório selecionado?';
+      const ok = confirm(msg);
+      const ok = confirm('Publicar o relatório selecionado?');
+      if (!ok) return;
       const webhookUrl = target === 'discord' ? $('discord').value.trim() : $('teams').value.trim();
       if (!webhookUrl) throw new Error('Configure o webhook antes.');
       setPill('run', 'publish…');
-      await api('/api/publish', { webhookUrl, text: state.lastText, mode: 'chunks' });
+      await api('/api/publish', { webhookUrl, text: state.lastText, mode: 'chunks', allowSecrets: true });
       setPill('ok', 'published');
     } catch (e) {
       setPill('err', 'publish failed');
@@ -443,6 +483,18 @@
     }
   }
+  function toggleAutoRunReports() {
+    const cb = $('autoRunReports');
+    state.autoRunReports = cb ? !!cb.checked : false;
+    try { localStorage.setItem('freya.autoRunReports', state.autoRunReports ? '1' : '0'); } catch {}
+  }
+  function toggleAutoApply() {
+    const cb = $('autoApply');
+    state.autoApply = cb ? !!cb.checked : true;
+    try { localStorage.setItem('freya.autoApply', state.autoApply ? '1' : '0'); } catch {}
+  }
   async function saveAndPlan() {
     try {
       const ta = $('inboxText');
@@ -500,7 +552,7 @@
       }
       setOut(out);
-      await refreshReports();
+      await refreshReports({ selectLatest: true });
       setPill('ok', 'done');
       setTimeout(() => setPill('ok', 'idle'), 800);
     } catch (e) {
@@ -594,6 +646,8 @@
   window.toggleTheme = toggleTheme;
   window.saveInbox = saveInbox;
   window.saveAndPlan = saveAndPlan;
+  window.toggleAutoApply = toggleAutoApply;
+  window.toggleAutoRunReports = toggleAutoRunReports;
   window.applyPlan = applyPlan;
   window.runSuggestedReports = runSuggestedReports;
 })();

package/cli/web.js CHANGED Viewed

@@ -228,6 +228,44 @@ function escapeJsonControlChars(jsonText) {
   return out.join('');
 }
+function scanSecrets(text) {
+  const t = String(text || '');
+  const findings = [];
+  const rules = [
+    { name: 'GitHub token (ghp_)', re: /ghp_[A-Za-z0-9]{20,}/g },
+    { name: 'GitHub fine-grained token (github_pat_)', re: /github_pat_[A-Za-z0-9_]{20,}/g },
+    { name: 'Slack token (xox*)', re: /xox[baprs]-[A-Za-z0-9-]{10,}/g },
+    { name: 'AWS Access Key (AKIA)', re: /AKIA[0-9A-Z]{16}/g },
+    { name: 'Private key block', re: /-----BEGIN [A-Z ]+PRIVATE KEY-----/g },
+    { name: 'Discord webhook URL', re: /https?:\/\/(?:canary\.)?discord(?:app)?\.com\/api\/webhooks\/\d+\/[^\s]+/g },
+  ];
+  for (const r of rules) {
+    const m = t.match(r.re);
+    if (m && m.length) findings.push({ rule: r.name, count: m.length });
+  }
+  // Basic heuristic: long high-entropy strings
+  const long = t.match(/[A-Za-z0-9+\/=]{60,}/g);
+  if (long && long.length) findings.push({ rule: 'High-entropy blob (heuristic)', count: long.length });
+  return findings;
+}
+function redactSecrets(text) {
+  let out = String(text || '');
+  const replacements = [
+    /ghp_[A-Za-z0-9]{20,}/g,
+    /github_pat_[A-Za-z0-9_]{20,}/g,
+    /xox[baprs]-[A-Za-z0-9-]{10,}/g,
+    /AKIA[0-9A-Z]{16}/g,
+    /-----BEGIN [A-Z ]+PRIVATE KEY-----[sS]*?-----END [A-Z ]+PRIVATE KEY-----/g,
+  ];
+  for (const re of replacements) out = out.replace(re, '[REDACTED]');
+  return out;
+}
 async function publishRobust(webhookUrl, text, opts = {}) {
   const u = new URL(webhookUrl);
   const isDiscord = u.hostname.includes('discord.com') || u.hostname.includes('discordapp.com');
@@ -422,7 +460,19 @@ function buildHtml(safeDefault) {
               <button class="btn primary sideBtn" onclick="saveAndPlan()">Save + Process (Agents)</button>
               <button class="btn sideBtn" onclick="runSuggestedReports()">Run suggested reports</button>
             </div>
-            <div class="help">Save+Process gera um plano (draft). Apply plan cria tasks/blockers. Run suggested reports executa os reports recomendados (daily/status/sm-weekly/blockers).</div>
+            <div style="height:10px"></div>
+            <label style="display:flex; align-items:center; gap:10px; user-select:none">
+              <input id="autoApply" type="checkbox" checked style="width:auto" onchange="toggleAutoApply()" />
+              Auto-apply plan
+            </label>
+            <div class="help">Quando ligado, o Save+Process já aplica tasks/blockers automaticamente.</div>
+            <label style="display:flex; align-items:center; gap:10px; user-select:none; margin-top:10px">
+              <input id="autoRunReports" type="checkbox" style="width:auto" onchange="toggleAutoRunReports()" />
+              Auto-run suggested reports
+            </label>
+            <div class="help">Quando ligado, após aplicar o plano, ele também roda os reports sugeridos automaticamente.</div>
           </div>
         </aside>
@@ -908,7 +958,7 @@ async function cmdWeb({ port, dir, open, dev }) {
             const type = String(a.type || '').trim();
             if (type === 'create_task') {
-              const description = String(a.description || '').trim();
+              const description = normalizeWhitespace(a.description);
               const category = String(a.category || '').trim();
               const priorityRaw = String(a.priority || '').trim().toLowerCase();
               const priority = (priorityRaw === 'high' || priorityRaw === 'medium' || priorityRaw === 'low') ? priorityRaw : undefined;
@@ -918,8 +968,8 @@ async function cmdWeb({ port, dir, open, dev }) {
             }
             if (type === 'create_blocker') {
-              const title = String(a.title || '').trim();
-              const notes = String(a.notes || '').trim();
+              const title = normalizeWhitespace(a.title);
+              const notes = normalizeWhitespace(a.notes);
               let severity = String(a.severity || '').trim().toUpperCase();
               if (!validSev.has(severity)) {
                 if (severity.includes('CRIT')) severity = 'CRITICAL';
@@ -1014,8 +1064,12 @@ async function cmdWeb({ port, dir, open, dev }) {
           if (!Array.isArray(blockerLog.blockers)) blockerLog.blockers = [];
           if (typeof blockerLog.schemaVersion !== 'number') blockerLog.schemaVersion = 1;
+          function normalizeWhitespace(t) {
+            return String(t || '').replace(/\s+/g, ' ').trim();
+          }
           function normalizeTextForKey(t) {
-            return String(t || '').toLowerCase().replace(/\s+/g, ' ').trim();
+            return normalizeWhitespace(t).toLowerCase();
           }
           function sha1(text) {
@@ -1046,7 +1100,7 @@ async function cmdWeb({ port, dir, open, dev }) {
           const now = new Date().toISOString();
           const applyMode = String(payload.mode || 'all').trim();
-          undefined
+          const applied = { tasks: 0, blockers: 0, tasksSkipped: 0, blockersSkipped: 0, reportsSuggested: [], oracleQueries: [], mode: applyMode };
           function makeId(prefix) {
             const rand = Math.random().toString(16).slice(2, 8);
@@ -1079,7 +1133,7 @@ async function cmdWeb({ port, dir, open, dev }) {
             if (type === 'create_task') {
               if (applyMode !== 'all' && applyMode !== 'tasks') continue;
-              const description = String(a.description || '').trim();
+              const description = normalizeWhitespace(a.description);
               if (!description) continue;
               const key = sha1(normalizeTextForKey(description));
               if (existingTaskKeys24h.has(key)) { applied.tasksSkipped++; continue; }
@@ -1100,10 +1154,10 @@ async function cmdWeb({ port, dir, open, dev }) {
             if (type === 'create_blocker') {
               if (applyMode !== 'all' && applyMode !== 'blockers') continue;
-              const title = String(a.title || '').trim();
+              const title = normalizeWhitespace(a.title);
               const key = sha1(normalizeTextForKey(title));
               if (existingBlockerKeys24h.has(key)) { applied.blockersSkipped++; continue; }
-              const notes = String(a.notes || '').trim();
+              const notes = normalizeWhitespace(a.notes);
               if (!title) continue;
               const severity = normSeverity(a.severity);
               const blocker = {
@@ -1219,12 +1273,24 @@ async function cmdWeb({ port, dir, open, dev }) {
           const webhookUrl = payload.webhookUrl;
           const text = payload.text;
           const mode = payload.mode || 'chunks';
+          const allowSecrets = !!payload.allowSecrets;
           if (!webhookUrl) return safeJson(res, 400, { error: 'Missing webhookUrl' });
           if (!text) return safeJson(res, 400, { error: 'Missing text' });
+          const findings = scanSecrets(text);
+          if (findings.length && !allowSecrets) {
+            return safeJson(res, 400, {
+              error: 'Potential secrets detected. Refusing to publish.',
+              details: JSON.stringify(findings, null, 2),
+              hint: 'Remova/mascare tokens ou confirme a publicação mesmo assim.'
+            });
+          }
+          const safeText = findings.length ? redactSecrets(text) : text;
           try {
-            const result = await publishRobust(webhookUrl, text, { mode });
-            return safeJson(res, 200, result);
+            const result = await publishRobust(webhookUrl, safeText, { mode });
+            return safeJson(res, 200, { ...result, redacted: findings.length > 0, findings });
           } catch (e) {
             return safeJson(res, 400, { error: e.message || String(e) });
           }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cccarv82/freya",
-  "version": "1.0.20",
+  "version": "1.0.22",
   "description": "Personal AI Assistant with local-first persistence",
   "scripts": {
     "health": "node scripts/validate-data.js",