@ch4p/cli 0.1.3 → 0.1.4

package/dist/canvas-XQHVCY27.js

@@ -0,0 +1,313 @@
+import {
+  CanvasSessionManager,
+  CanvasTool,
+  GatewayServer,
+  PairingManager,
+  SessionManager
+} from "./chunk-XRUNSIVU.js";
+import {
+  DefaultSecurityPolicy,
+  NativeEngine,
+  ProviderRegistry,
+  createClaudeCliEngine,
+  createCodexCliEngine,
+  createMemoryBackend,
+  createObserver
+} from "./chunk-BMEBRUYL.js";
+import {
+  LoadSkillTool,
+  ToolRegistry
+} from "./chunk-PGZ24EFT.js";
+import {
+  SkillRegistry
+} from "./chunk-6BURGD2Y.js";
+import {
+  AgentLoop
+} from "./chunk-4IRZQCRN.js";
+import {
+  generateId
+} from "./chunk-YSCX2QQQ.js";
+import {
+  getLogsDir,
+  loadConfig
+} from "./chunk-NRFRTZVP.js";
+import {
+  BOLD,
+  DIM,
+  GREEN,
+  RED,
+  RESET,
+  TEAL,
+  separator
+} from "./chunk-NMGPBPNU.js";
+
+// src/commands/canvas.ts
+import { resolve, dirname } from "path";
+import { fileURLToPath } from "url";
+import { execSync } from "child_process";
+async function canvas(args) {
+  let config;
+  try {
+    config = loadConfig();
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`
+  ${RED}Failed to load config:${RESET} ${message}`);
+    console.error(`  ${DIM}Run ${TEAL}ch4p onboard${DIM} to set up ch4p.${RESET}
+`);
+    process.exitCode = 1;
+    return;
+  }
+  let port = config.canvas?.port ?? config.gateway.port ?? 4800;
+  let autoOpen = true;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--port" && args[i + 1]) {
+      const parsed = parseInt(args[i + 1], 10);
+      if (!isNaN(parsed) && parsed > 0 && parsed <= 65535) {
+        port = parsed;
+      }
+    }
+    if (args[i] === "--no-open") {
+      autoOpen = false;
+    }
+  }
+  const host = "127.0.0.1";
+  const __dirname = dirname(fileURLToPath(import.meta.url));
+  const staticDir = resolve(__dirname, "..", "..", "..", "apps", "web", "dist");
+  const sessionManager = new SessionManager();
+  const pairingManager = config.canvas?.requirePairing ? new PairingManager() : void 0;
+  const canvasSessionManager = new CanvasSessionManager();
+  const engine = createCanvasEngine(config);
+  if (!engine) {
+    console.error(`
+  ${RED}No LLM engine available.${RESET}`);
+    console.error(`  ${DIM}Ensure an API key is configured. Run ${TEAL}ch4p onboard${DIM}.${RESET}
+`);
+    process.exitCode = 1;
+    return;
+  }
+  const obsCfg = {
+    observers: config.observability.observers ?? ["console"],
+    logLevel: config.observability.logLevel ?? "info",
+    logPath: `${getLogsDir()}/canvas.jsonl`
+  };
+  const observer = createObserver(obsCfg);
+  let memoryBackend;
+  try {
+    const memCfg = {
+      backend: config.memory.backend,
+      vectorWeight: config.memory.vectorWeight,
+      keywordWeight: config.memory.keywordWeight,
+      embeddingProvider: config.memory.embeddingProvider,
+      openaiApiKey: config.providers?.openai?.apiKey || void 0
+    };
+    memoryBackend = createMemoryBackend(memCfg);
+  } catch {
+  }
+  let skillRegistry;
+  try {
+    if (config.skills?.enabled && config.skills?.paths?.length) {
+      skillRegistry = SkillRegistry.createFromPaths(config.skills.paths);
+    }
+  } catch {
+  }
+  const sessionId = generateId(16);
+  const defaultSessionConfig = {
+    engineId: config.engines?.default ?? "native",
+    model: config.agent.model,
+    provider: config.agent.provider,
+    systemPrompt: "You are ch4p, an AI assistant with an interactive canvas workspace. You can render visual components on the canvas using the canvas_render tool. Available component types: card, chart, form, button, text_field, data_table, code_block, markdown, image, progress, status. Components are placed at (x, y) positions on a spatial canvas. You can connect components with directional edges to show relationships. Use the canvas to create rich, visual responses when appropriate."
+  };
+  const server = new GatewayServer({
+    port,
+    host,
+    sessionManager,
+    pairingManager,
+    canvasSessionManager,
+    staticDir,
+    defaultSessionConfig,
+    onCanvasConnection: (connSessionId, bridge) => {
+      wireCanvasSession(
+        connSessionId,
+        bridge,
+        canvasSessionManager,
+        engine,
+        config,
+        observer,
+        memoryBackend,
+        skillRegistry,
+        defaultSessionConfig
+      );
+    }
+  });
+  console.log(`
+  ${TEAL}${BOLD}ch4p Canvas${RESET}`);
+  console.log(separator());
+  console.log("");
+  try {
+    await server.start();
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`  ${RED}Failed to start server:${RESET} ${message}`);
+    process.exitCode = 1;
+    return;
+  }
+  const addr = server.getAddress();
+  const bindDisplay = addr ? `${addr.host}:${addr.port}` : `${host}:${port}`;
+  const url = `http://${bindDisplay}/?session=${sessionId}`;
+  console.log(`  ${GREEN}${BOLD}Server listening${RESET} on ${bindDisplay}`);
+  console.log(`  ${BOLD}Session${RESET}       ${sessionId}`);
+  console.log(`  ${BOLD}Engine${RESET}        ${engine.name}`);
+  console.log(`  ${BOLD}Static dir${RESET}    ${DIM}${staticDir}${RESET}`);
+  console.log("");
+  console.log(`  ${BOLD}Routes:${RESET}`);
+  console.log(`  ${DIM}  WS     /ws/:sessionId       - WebSocket canvas connection${RESET}`);
+  console.log(`  ${DIM}  GET    /health               - liveness probe${RESET}`);
+  console.log(`  ${DIM}  GET    /*                    - static files (web UI)${RESET}`);
+  console.log("");
+  if (pairingManager) {
+    const code = pairingManager.generateCode("Canvas startup");
+    console.log(`  ${BOLD}Pairing code:${RESET} ${TEAL}${BOLD}${code.code}${RESET}`);
+    console.log(`  ${DIM}Add ?token=YOUR_TOKEN to the URL after pairing.${RESET}`);
+    console.log("");
+  }
+  console.log(`  ${GREEN}${BOLD}Canvas URL:${RESET} ${TEAL}${url}${RESET}`);
+  console.log("");
+  if (autoOpen) {
+    try {
+      const platform = process.platform;
+      const openCmd = platform === "darwin" ? "open" : platform === "win32" ? "start" : "xdg-open";
+      execSync(`${openCmd} "${url}"`, { stdio: "ignore" });
+      console.log(`  ${DIM}Browser opened.${RESET}`);
+    } catch {
+      console.log(`  ${DIM}Couldn't auto-open browser. Open the URL above manually.${RESET}`);
+    }
+  }
+  console.log(`  ${DIM}Press Ctrl+C to stop.${RESET}
+`);
+  await new Promise((resolvePromise) => {
+    const shutdown = async () => {
+      console.log(`
+  ${DIM}Shutting down canvas...${RESET}`);
+      canvasSessionManager.endAll();
+      if (memoryBackend) {
+        try {
+          await memoryBackend.close();
+        } catch {
+        }
+      }
+      await server.stop();
+      await observer.flush?.();
+      console.log(`  ${DIM}Goodbye!${RESET}
+`);
+      resolvePromise();
+    };
+    process.on("SIGINT", () => void shutdown());
+    process.on("SIGTERM", () => void shutdown());
+  });
+}
+function createCanvasEngine(config) {
+  const engineId = config.engines?.default ?? "native";
+  const engineConfig = config.engines?.available?.[engineId];
+  if (engineId === "claude-cli") {
+    try {
+      return createClaudeCliEngine({
+        command: engineConfig?.command ?? void 0,
+        cwd: engineConfig?.cwd ?? void 0,
+        timeout: engineConfig?.timeout ?? void 0
+      });
+    } catch {
+    }
+  }
+  if (engineId === "codex-cli") {
+    try {
+      return createCodexCliEngine({
+        command: engineConfig?.command ?? void 0,
+        cwd: engineConfig?.cwd ?? void 0,
+        timeout: engineConfig?.timeout ?? void 0
+      });
+    } catch {
+    }
+  }
+  const providerName = config.agent.provider;
+  const providerConfig = config.providers?.[providerName];
+  const apiKey = providerConfig?.apiKey;
+  if (providerName !== "ollama" && (!apiKey || apiKey.trim().length === 0)) {
+    return null;
+  }
+  try {
+    const provider = ProviderRegistry.createProvider({
+      id: providerName,
+      type: providerName,
+      ...providerConfig
+    });
+    return new NativeEngine({ provider, defaultModel: config.agent.model });
+  } catch {
+    return null;
+  }
+}
+function wireCanvasSession(sessionId, bridge, canvasSessionManager, engine, config, observer, memoryBackend, skillRegistry, defaultSessionConfig) {
+  const entry = canvasSessionManager.getSession(sessionId);
+  if (!entry) return;
+  const { canvasState, canvasChannel } = entry;
+  canvasChannel.start({ sessionId }).catch(() => {
+  });
+  canvasChannel.onMessage((msg) => {
+    void (async () => {
+      try {
+        if (msg.text.startsWith("[ABORT]")) {
+          return;
+        }
+        const session = new (await import("./dist-CIJPZC2B.js")).Session({
+          sessionId,
+          ...defaultSessionConfig
+        });
+        const exclude = config.autonomy.level === "readonly" ? ["bash", "file_write", "file_edit", "delegate"] : ["delegate"];
+        if (!config.mesh?.enabled) {
+          exclude.push("mesh");
+        }
+        const tools = ToolRegistry.createDefault({ exclude });
+        tools.register(new CanvasTool());
+        if (skillRegistry && skillRegistry.size > 0) {
+          tools.register(new LoadSkillTool(skillRegistry));
+        }
+        const securityPolicy = new DefaultSecurityPolicy({
+          workspace: process.cwd(),
+          autonomyLevel: config.autonomy.level,
+          allowedCommands: config.autonomy.allowedCommands,
+          blockedPaths: config.security.blockedPaths
+        });
+        const toolContextExtensions = {
+          canvasState
+        };
+        if (config.search?.enabled && config.search.apiKey) {
+          toolContextExtensions.searchApiKey = config.search.apiKey;
+          toolContextExtensions.searchConfig = {
+            maxResults: config.search.maxResults,
+            country: config.search.country,
+            searchLang: config.search.searchLang
+          };
+        }
+        const loop = new AgentLoop(session, engine, tools.list(), observer, {
+          maxIterations: 30,
+          maxRetries: 2,
+          enableStateSnapshots: true,
+          memoryBackend,
+          securityPolicy,
+          toolContextExtensions
+        });
+        for await (const event of loop.run(msg.text)) {
+          bridge.handleAgentEvent(event);
+        }
+      } catch (err) {
+        bridge.handleAgentEvent({
+          type: "error",
+          error: err instanceof Error ? err : new Error(String(err))
+        });
+      }
+    })();
+  });
+}
+export {
+  canvas
+};

package/dist/chunk-3XAW4XHG.js

@@ -0,0 +1,185 @@
+import {
+  loadConfig
+} from "./chunk-AORLXQHZ.js";
+import {
+  BOLD,
+  DIM,
+  GREEN,
+  RED,
+  RESET,
+  TEAL,
+  YELLOW,
+  box
+} from "./chunk-NMGPBPNU.js";
+
+// src/commands/audit.ts
+function severityIcon(severity) {
+  switch (severity) {
+    case "pass":
+      return `${GREEN}PASS${RESET}`;
+    case "warn":
+      return `${YELLOW}WARN${RESET}`;
+    case "fail":
+      return `${RED}FAIL${RESET}`;
+  }
+}
+function severityPrefix(severity) {
+  switch (severity) {
+    case "pass":
+      return `${GREEN}+${RESET}`;
+    case "warn":
+      return `${YELLOW}~${RESET}`;
+    case "fail":
+      return `${RED}x${RESET}`;
+  }
+}
+function performAudit(config) {
+  const results = [];
+  let id = 0;
+  id++;
+  const port = config.gateway?.port ?? 18789;
+  const allowPublic = config.gateway?.allowPublicBind ?? false;
+  results.push({
+    id,
+    name: "Gateway binding",
+    severity: allowPublic ? "fail" : "pass",
+    message: allowPublic ? `Gateway allows public binding (0.0.0.0:${port}). Restrict to loopback.` : `Gateway bound to loopback (127.0.0.1:${port})`
+  });
+  id++;
+  const requirePairing = config.gateway?.requirePairing ?? true;
+  results.push({
+    id,
+    name: "Pairing required",
+    severity: requirePairing ? "pass" : "warn",
+    message: requirePairing ? "Gateway requires pairing for all connections" : "Pairing is disabled. Any local process can connect."
+  });
+  id++;
+  const workspaceOnly = config.security?.workspaceOnly ?? true;
+  results.push({
+    id,
+    name: "Workspace scoping",
+    severity: workspaceOnly ? "pass" : "warn",
+    message: workspaceOnly ? "Filesystem access restricted to workspace" : "Workspace scoping disabled. Agent can access files outside workspace."
+  });
+  id++;
+  const blockedPaths = config.security?.blockedPaths ?? [];
+  results.push({
+    id,
+    name: "Blocked paths",
+    severity: "pass",
+    message: blockedPaths.length > 0 ? `${blockedPaths.length} additional blocked path(s) configured` : "Using default system blocked paths (14 dirs + 4 dotfiles)"
+  });
+  id++;
+  const autonomy = config.autonomy?.level ?? "supervised";
+  results.push({
+    id,
+    name: "Autonomy level",
+    severity: autonomy === "full" ? "warn" : "pass",
+    message: autonomy === "full" ? "Full autonomy enabled. Agent will not ask for confirmation." : `Autonomy level: ${autonomy}`
+  });
+  id++;
+  const allowedCommands = config.autonomy?.allowedCommands ?? [];
+  results.push({
+    id,
+    name: "Command allowlist",
+    severity: allowedCommands.length > 0 ? "pass" : "warn",
+    message: allowedCommands.length > 0 ? `${allowedCommands.length} command(s) in allowlist` : "No command allowlist configured. All commands may be executed."
+  });
+  id++;
+  const encryptSecrets = config.secrets?.encrypt ?? true;
+  results.push({
+    id,
+    name: "Secrets encryption",
+    severity: encryptSecrets ? "pass" : "fail",
+    message: encryptSecrets ? "Secrets are encrypted at rest (AES-256-GCM)" : "Secrets encryption is disabled. Credentials stored in plaintext."
+  });
+  id++;
+  const engineDefault = config.engines?.default ?? "native";
+  const usesSubprocessEngine = engineDefault === "claude-cli" || engineDefault === "codex-cli";
+  const usesOllama = config.agent?.provider === "ollama";
+  if (usesSubprocessEngine) {
+    results.push({
+      id,
+      name: "API keys",
+      severity: "pass",
+      message: `Using ${engineDefault} engine. Auth handled by CLI tool.`
+    });
+  } else if (usesOllama) {
+    results.push({
+      id,
+      name: "API keys",
+      severity: "pass",
+      message: "Using Ollama provider. No API key required (local inference)."
+    });
+  } else {
+    const anthropicKey = config.providers?.["anthropic"]?.["apiKey"];
+    const openaiKey = config.providers?.["openai"]?.["apiKey"];
+    const hasAnthropicKey = typeof anthropicKey === "string" && anthropicKey.length > 0 && !anthropicKey.includes("${");
+    const hasOpenaiKey = typeof openaiKey === "string" && openaiKey.length > 0 && !openaiKey.includes("${");
+    const hasAnyKey = hasAnthropicKey || hasOpenaiKey;
+    results.push({
+      id,
+      name: "API keys",
+      severity: hasAnyKey ? "pass" : "warn",
+      message: hasAnyKey ? `API key(s) configured: ${[hasAnthropicKey && "Anthropic", hasOpenaiKey && "OpenAI"].filter(Boolean).join(", ")}` : "No API keys configured. Set keys via onboard or environment variables."
+    });
+  }
+  id++;
+  const tunnelProvider = config.tunnel?.provider ?? "none";
+  results.push({
+    id,
+    name: "Tunnel exposure",
+    severity: tunnelProvider === "none" ? "pass" : "warn",
+    message: tunnelProvider === "none" ? "No tunnel configured. Gateway is local only." : `Tunnel active via ${tunnelProvider}. Gateway is exposed to the internet.`
+  });
+  id++;
+  const observers = config.observability?.observers ?? [];
+  results.push({
+    id,
+    name: "Observability",
+    severity: observers.length > 0 ? "pass" : "warn",
+    message: observers.length > 0 ? `Observer(s) active: ${observers.join(", ")}` : "No observers configured. Security events may go unlogged."
+  });
+  return results;
+}
+function runAudit(config) {
+  const results = performAudit(config);
+  const lines = [];
+  for (const r of results) {
+    const padId = String(r.id).padStart(2, " ");
+    lines.push(`${severityPrefix(r.severity)} ${DIM}${padId}.${RESET} ${r.message}`);
+  }
+  const passed = results.filter((r) => r.severity === "pass").length;
+  const warned = results.filter((r) => r.severity === "warn").length;
+  const failed = results.filter((r) => r.severity === "fail").length;
+  lines.push("");
+  lines.push(
+    `${severityIcon("pass")} ${passed}  ${severityIcon("warn")} ${warned}  ${severityIcon("fail")} ${failed}  ${DIM}(${results.length} checks)${RESET}`
+  );
+  if (failed > 0) {
+    lines.push("");
+    lines.push(`${RED}${BOLD}Action required:${RESET} ${failed} check(s) failed. Review your config.`);
+  }
+  console.log(box("ch4p Security Audit", lines));
+}
+async function audit() {
+  try {
+    const config = loadConfig();
+    console.log("");
+    runAudit(config);
+    console.log("");
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`
+  ${RED}Failed to load config:${RESET} ${message}`);
+    console.error(`  ${DIM}Run ${TEAL}ch4p onboard${DIM} to create a config file.${RESET}
+`);
+    process.exitCode = 1;
+  }
+}
+
+export {
+  performAudit,
+  runAudit,
+  audit
+};