@contextos/cli 0.2.0 → 0.2.3

package/dist/index.js

@@ -2,6 +2,8 @@
 
 // src/index.ts
 import { Command as Command14 } from "commander";
+import { join as join7 } from "path";
+import { existsSync as existsSync4, mkdirSync as mkdirSync3, appendFileSync } from "fs";
 
 // src/commands/init.ts
 import { Command } from "commander";
@@ -835,18 +837,36 @@ function parseValue(value) {
 import { Command as Command10 } from "commander";
 import chalk10 from "chalk";
 import ora9 from "ora";
-import { readFileSync as readFileSync3, readdirSync } from "fs";
-import { join as join4, relative } from "path";
+import { readdirSync } from "fs";
+import { readFile } from "fs/promises";
+import { join as join4, relative, resolve, normalize } from "path";
 import {
   RLMEngine,
   createGeminiClient as createGeminiClient3,
   mergeFilesToContext
 } from "@contextos/core";
-function collectFiles(dir, extensions = [".ts", ".js", ".tsx", ".jsx", ".py", ".go", ".rs", ".java"], maxFiles = 100) {
+function validatePath(userPath, projectRoot) {
+  const resolved = resolve(projectRoot, userPath);
+  const normalized = normalize(resolved);
+  const rootNormalized = normalize(projectRoot);
+  if (!normalized.startsWith(rootNormalized)) {
+    throw new Error(
+      `Invalid path: "${userPath}" escapes project boundaries.
+Path must be within: ${rootNormalized}`
+    );
+  }
+  return normalized;
+}
+async function collectFiles(dir, extensions = [".ts", ".js", ".tsx", ".jsx", ".py", ".go", ".rs", ".java"], maxFiles = 100, maxDepth = 20) {
   const files = [];
-  function walk(currentDir) {
+  async function walk(currentDir, depth) {
+    if (depth > maxDepth) {
+      console.warn(`Maximum depth (${maxDepth}) reached at ${currentDir}. Skipping deeper directories.`);
+      return;
+    }
     if (files.length >= maxFiles) return;
     const entries = readdirSync(currentDir, { withFileTypes: true });
+    const filePromises = [];
     for (const entry of entries) {
       if (files.length >= maxFiles) break;
       const fullPath = join4(currentDir, entry.name);
@@ -854,32 +874,43 @@ function collectFiles(dir, extensions = [".ts", ".js", ".tsx", ".jsx", ".py", ".
         if (["node_modules", ".git", "dist", "build", ".next", "__pycache__", "venv"].includes(entry.name)) {
           continue;
         }
-        walk(fullPath);
+        await walk(fullPath, depth + 1);
       } else if (entry.isFile()) {
         const ext = entry.name.substring(entry.name.lastIndexOf("."));
         if (extensions.includes(ext)) {
-          try {
-            const content = readFileSync3(fullPath, "utf-8");
-            files.push({
-              path: relative(dir, fullPath),
-              content
-            });
-          } catch {
+          const promise = (async () => {
+            try {
+              const content = await readFile(fullPath, "utf-8");
+              files.push({
+                path: relative(dir, fullPath),
+                content
+              });
+            } catch {
+            }
+          })();
+          filePromises.push(promise);
+          if (filePromises.length >= 10) {
+            await Promise.all(filePromises);
+            filePromises.length = 0;
           }
         }
       }
     }
+    if (filePromises.length > 0) {
+      await Promise.all(filePromises);
+    }
   }
-  walk(dir);
+  await walk(dir, 0);
   return files;
 }
-var analyzeCommand = new Command10("analyze").description("RLM-powered deep analysis of your codebase").argument("<goal>", 'Analysis goal or question (e.g., "Find all API endpoints")').option("-d, --depth <number>", "Maximum recursion depth for RLM", "3").option("-b, --budget <tokens>", "Token budget for analysis", "50000").option("-p, --path <path>", "Path to analyze (default: current directory)", ".").option("--max-files <number>", "Maximum files to include", "100").option("--verbose", "Show detailed execution trace").action(async (goal, options) => {
+var analyzeCommand = new Command10("analyze").description("RLM-powered deep analysis of your codebase").argument("<goal>", 'Analysis goal or question (e.g., "Find all API endpoints")').option("-d, --depth <number>", "Maximum recursion depth for RLM", "3").option("-b, --budget <tokens>", "Token budget for analysis", "50000").option("-p, --path <path>", "Path to analyze (default: current directory)", ".").option("--max-files <number>", "Maximum files to include", "100").option("--max-depth <number>", "Maximum directory depth to traverse", "20").option("--verbose", "Show detailed execution trace").action(async (goal, options) => {
   console.log(chalk10.blue.bold("\n\u{1F50D} RLM Analysis Engine\n"));
   console.log(chalk10.gray("Goal: ") + chalk10.white(goal));
   console.log();
   const spinner = ora9("Collecting codebase files...").start();
   try {
-    const files = collectFiles(options.path, void 0, parseInt(options.maxFiles));
+    const safePath = validatePath(options.path, process.cwd());
+    const files = await collectFiles(safePath, void 0, parseInt(options.maxFiles), parseInt(options.maxDepth));
     spinner.text = `Found ${files.length} files. Building context...`;
     if (files.length === 0) {
       spinner.fail("No source files found");
@@ -1079,7 +1110,16 @@ Respond in JSON format:
     try {
       const jsonMatch = result.answer.match(/\{[\s\S]*\}/);
       if (jsonMatch) {
-        plan = JSON.parse(jsonMatch[0]);
+        try {
+          plan = JSON.parse(jsonMatch[0]);
+        } catch (parseError) {
+          spinner.warn("Failed to parse refactoring plan JSON");
+          console.log();
+          console.log(chalk11.blue.bold("Analysis Result:"));
+          console.log(result.answer);
+          console.log();
+          process.exit(0);
+        }
       } else {
         throw new Error("No JSON found in response");
       }
@@ -1149,13 +1189,22 @@ Respond in JSON format:
 import { Command as Command12 } from "commander";
 import chalk12 from "chalk";
 import ora11 from "ora";
-import { readFileSync as readFileSync4, existsSync as existsSync2, statSync as statSync2 } from "fs";
-import { join as join5, basename } from "path";
+import { readFileSync as readFileSync3, existsSync as existsSync2, statSync as statSync2 } from "fs";
+import { join as join5, basename, resolve as resolve2, normalize as normalize2 } from "path";
 import {
   RLMEngine as RLMEngine3,
   createGeminiClient as createGeminiClient5,
   mergeFilesToContext as mergeFilesToContext3
 } from "@contextos/core";
+function validatePath2(userPath, projectRoot) {
+  const resolved = resolve2(projectRoot, userPath);
+  const normalized = normalize2(resolved);
+  const rootNormalized = normalize2(projectRoot);
+  if (!normalized.startsWith(rootNormalized)) {
+    throw new Error(`Path traversal detected: "${userPath}" escapes project boundaries`);
+  }
+  return normalized;
+}
 var explainCommand = new Command12("explain").description("Get AI-powered explanation of code").argument("<target>", "File path, function name, or module to explain").option("-d, --depth <number>", "Include dependencies up to depth", "1").option("-f, --format <format>", "Output format: text, markdown, json", "markdown").option("--no-examples", "Skip usage examples in explanation").option("--technical", "Include technical implementation details").action(async (target, options) => {
   console.log(chalk12.blue.bold("\n\u{1F4DA} ContextOS Code Explainer\n"));
   const spinner = ora11("Analyzing target...").start();
@@ -1163,15 +1212,26 @@ var explainCommand = new Command12("explain").description("Get AI-powered explan
     let targetContent = "";
     let targetPath = "";
     let contextFiles = [];
+    let safePath;
+    try {
+      safePath = validatePath2(target, process.cwd());
+    } catch (error) {
+      if (error instanceof Error && error.message.includes("Path traversal")) {
+        spinner.fail("Invalid path");
+        console.log(chalk12.red("Error:"), error.message);
+        process.exit(1);
+      }
+      throw error;
+    }
     const possiblePath = join5(process.cwd(), target);
     if (existsSync2(possiblePath) && statSync2(possiblePath).isFile()) {
       targetPath = target;
-      targetContent = readFileSync4(possiblePath, "utf-8");
+      targetContent = readFileSync3(possiblePath, "utf-8");
       contextFiles.push({ path: target, content: targetContent });
       spinner.text = `Found file: ${target}`;
-    } else if (existsSync2(target) && statSync2(target).isFile()) {
+    } else if (existsSync2(safePath) && statSync2(safePath).isFile()) {
       targetPath = target;
-      targetContent = readFileSync4(target, "utf-8");
+      targetContent = readFileSync3(safePath, "utf-8");
       contextFiles.push({ path: basename(target), content: targetContent });
       spinner.text = `Found file: ${target}`;
     } else {
@@ -1738,7 +1798,7 @@ ${chalk15.bold("Date Range:")}`);
 // src/commands/cloud.ts
 import chalk16 from "chalk";
 import ora15 from "ora";
-import { existsSync as existsSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync4, mkdirSync as mkdirSync2 } from "fs";
+import { existsSync as existsSync3, readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync2 } from "fs";
 import { homedir } from "os";
 import { join as join6 } from "path";
 var CLOUD_CONFIG_PATH = join6(homedir(), ".contextos", "cloud.json");
@@ -1746,7 +1806,7 @@ var DEFAULT_CLOUD_URL = "https://api.contextos.dev";
 function loadCloudConfig() {
   if (existsSync3(CLOUD_CONFIG_PATH)) {
     try {
-      return JSON.parse(readFileSync5(CLOUD_CONFIG_PATH, "utf-8"));
+      return JSON.parse(readFileSync4(CLOUD_CONFIG_PATH, "utf-8"));
     } catch {
       return { cloudUrl: DEFAULT_CLOUD_URL };
     }
@@ -1861,6 +1921,41 @@ function registerCloudCommands(program2) {
 }
 
 // src/index.ts
+var crashLogDir = join7(process.cwd(), ".contextos");
+if (!existsSync4(crashLogDir)) {
+  mkdirSync3(crashLogDir, { recursive: true });
+}
+var crashLogPath = join7(crashLogDir, "crash.log");
+function logCrash(message, data) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const logEntry = `[${timestamp}] ${message}${data ? `
+${data}
+
+` : "\n\n"}`;
+  console.error(logEntry);
+  appendFileSync(crashLogPath, logEntry, "utf-8");
+}
+process.on("uncaughtException", (error) => {
+  console.error("\u274C UNCAUGHT EXCEPTION:", error.message);
+  console.error("Stack:", error.stack);
+  if (process.env.NODE_ENV === "production") {
+    logCrash(`UNCAUGHT EXCEPTION: ${error.message}`, error.stack);
+  }
+  setTimeout(() => process.exit(1), 1e3);
+});
+process.on("unhandledRejection", (reason) => {
+  console.error("\u274C UNHANDLED REJECTION:", reason);
+  if (process.env.NODE_ENV === "production") {
+    const reasonStr = reason instanceof Error ? reason.stack : String(reason);
+    logCrash("UNHANDLED REJECTION", reasonStr);
+  }
+});
+process.on("multipleResolves", (type, promise) => {
+  console.warn("\u26A0\uFE0F  MULTIPLE RESOLVES:", type, promise);
+});
+process.on("warning", (warning) => {
+  console.warn("\u26A0\uFE0F  PROCESS WARNING:", warning.name, warning.message);
+});
 var program = new Command14();
 program.name("ctx").description("ContextOS - The Context Server Protocol for AI Coding").version("0.1.0").option("-v, --verbose", "Enable verbose output");
 program.addCommand(initCommand);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contextos/cli",
-  "version": "0.2.0",
+  "version": "0.2.3",
   "description": "CLI for ContextOS - The Context Server Protocol for AI Coding",
   "type": "module",
   "bin": {
@@ -16,7 +16,7 @@
     "inquirer": "^9.2.0",
     "ora": "^8.0.0",
     "yaml": "^2.4.0",
-    "@contextos/core": "0.2.0"
+    "@contextos/core": "0.2.3"
   },
   "devDependencies": {
     "@types/inquirer": "^9.0.7",