@fractary/codex-cli 0.4.0 → 0.5.0

package/dist/cli.js

@@ -4,6 +4,8 @@ import 'url';
 import * as fs from 'fs/promises';
 import * as yaml from 'js-yaml';
 import { ValidationError, PermissionDeniedError, ConfigurationError, CodexError } from '@fractary/codex';
+import * as os from 'os';
+import { spawn } from 'child_process';
 import { Command } from 'commander';
 import chalk8 from 'chalk';
 import * as crypto from 'crypto';
@@ -590,6 +592,178 @@ var init_codex_client = __esm({
   }
 });
 
+// src/utils/codex-repository.ts
+var codex_repository_exports = {};
+__export(codex_repository_exports, {
+  ensureCodexCloned: () => ensureCodexCloned,
+  getCodexRepoUrl: () => getCodexRepoUrl,
+  getTempCodexPath: () => getTempCodexPath,
+  isValidGitRepo: () => isValidGitRepo
+});
+function spawnAsync(command, args, options) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(command, args, {
+      ...options,
+      env: process.env
+    });
+    let stdout = "";
+    let stderr = "";
+    child.stdout.on("data", (data) => {
+      stdout += data.toString();
+    });
+    child.stderr.on("data", (data) => {
+      stderr += data.toString();
+    });
+    child.on("error", (error) => {
+      reject(error);
+    });
+    child.on("close", (code) => {
+      if (code !== 0) {
+        const error = new Error(stderr || `Command exited with code ${code}`);
+        error.code = code;
+        reject(error);
+      } else {
+        resolve(stdout);
+      }
+    });
+  });
+}
+function sanitizePathComponent(component) {
+  if (!component || typeof component !== "string") {
+    throw new Error("Path component must be a non-empty string");
+  }
+  const sanitized = component.replace(/\.\./g, "").replace(/[/\\]/g, "").trim();
+  if (!sanitized) {
+    throw new Error(`Invalid path component: ${component}`);
+  }
+  return sanitized;
+}
+function validateGitHubName(name, type) {
+  if (!name || typeof name !== "string") {
+    throw new Error(`GitHub ${type} name must be a non-empty string`);
+  }
+  if (!/^[a-zA-Z0-9._-]+$/.test(name)) {
+    throw new Error(`Invalid GitHub ${type} name: ${name}. Must contain only alphanumeric characters, hyphens, underscores, and dots.`);
+  }
+  if (name.startsWith(".") || name.startsWith("-")) {
+    throw new Error(`GitHub ${type} name cannot start with a dot or hyphen: ${name}`);
+  }
+}
+function getTempCodexPath(config) {
+  const codexRepo = config.codex_repository || "codex";
+  const sanitizedOrg = sanitizePathComponent(config.organization);
+  const sanitizedRepo = sanitizePathComponent(codexRepo);
+  return path4.join(
+    os.tmpdir(),
+    "fractary-codex-clone",
+    `${sanitizedOrg}-${sanitizedRepo}-${process.pid}`
+  );
+}
+async function isValidGitRepo(repoPath) {
+  try {
+    const gitDir = path4.join(repoPath, ".git");
+    const stats = await fs.stat(gitDir);
+    return stats.isDirectory();
+  } catch {
+    return false;
+  }
+}
+function getCodexRepoUrl(config) {
+  const codexRepo = config.codex_repository || "codex";
+  validateGitHubName(config.organization, "organization");
+  validateGitHubName(codexRepo, "repository");
+  return `https://github.com/${config.organization}/${codexRepo}.git`;
+}
+async function execGit(repoPath, args) {
+  try {
+    const stdout = await spawnAsync("git", args, {
+      cwd: repoPath
+    });
+    return stdout;
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      throw new Error(`Git command not found. Ensure git is installed and in PATH.`);
+    }
+    if (error.code === "EACCES") {
+      throw new Error(`Permission denied accessing repository at ${repoPath}`);
+    }
+    if (error.code === 128) {
+      throw new Error(`Git authentication failed. Check your credentials and repository access.`);
+    }
+    throw error;
+  }
+}
+async function gitClone(url, targetPath, options) {
+  const parentDir = path4.dirname(targetPath);
+  await fs.mkdir(parentDir, { recursive: true });
+  const args = ["clone"];
+  if (options?.depth) {
+    if (!Number.isInteger(options.depth) || options.depth <= 0) {
+      throw new Error(`Invalid depth parameter: ${options.depth}. Must be a positive integer.`);
+    }
+    args.push("--depth", String(options.depth));
+  }
+  if (options?.branch) {
+    if (!/^[\w\-./]+$/.test(options.branch)) {
+      throw new Error(`Invalid branch name: ${options.branch}`);
+    }
+    args.push("--branch", options.branch);
+  }
+  args.push("--single-branch");
+  args.push(url, targetPath);
+  await spawnAsync("git", args, { cwd: parentDir });
+}
+async function gitFetch(repoPath, branch) {
+  {
+    if (!/^[\w\-./]+$/.test(branch)) {
+      throw new Error(`Invalid branch name: ${branch}`);
+    }
+    await execGit(repoPath, ["fetch", "origin", `${branch}:${branch}`]);
+  }
+}
+async function gitCheckout(repoPath, branch) {
+  if (!/^[\w\-./]+$/.test(branch)) {
+    throw new Error(`Invalid branch name: ${branch}`);
+  }
+  await execGit(repoPath, ["checkout", branch]);
+}
+async function gitPull(repoPath) {
+  await execGit(repoPath, ["pull"]);
+}
+async function ensureCodexCloned(config, options) {
+  const tempPath = getTempCodexPath(config);
+  const branch = options?.branch || "main";
+  if (await isValidGitRepo(tempPath) && !options?.force) {
+    try {
+      await gitFetch(tempPath, branch);
+      await gitCheckout(tempPath, branch);
+      await gitPull(tempPath);
+      return tempPath;
+    } catch (error) {
+      console.warn(`Failed to update existing clone: ${error.message}`);
+      console.warn(`Removing and cloning fresh...`);
+      await fs.rm(tempPath, { recursive: true, force: true });
+    }
+  }
+  const repoUrl = getCodexRepoUrl(config);
+  try {
+    await fs.rm(tempPath, { recursive: true, force: true });
+  } catch (error) {
+    console.warn(`Could not remove existing directory ${tempPath}: ${error.message}`);
+  }
+  await gitClone(repoUrl, tempPath, {
+    branch,
+    depth: 1
+    // Shallow clone for efficiency
+  });
+  return tempPath;
+}
+var init_codex_repository = __esm({
+  "src/utils/codex-repository.ts"() {
+    init_esm_shims();
+  }
+});
+
 // src/cli.ts
 init_esm_shims();
 
@@ -1472,15 +1646,50 @@ function syncCommand() {
       let plan;
       let routingScan;
       if (direction === "from-codex") {
-        const codexRepoPath = config.cacheDir || path4.join(process.cwd(), ".fractary", "codex-cache");
-        if (options.json) {
-          console.log(JSON.stringify({
-            info: "Routing-aware sync: scanning entire codex repository for files targeting this project",
-            codexPath: codexRepoPath
-          }, null, 2));
-        } else {
-          console.log(chalk8.blue("\u2139 Using routing-aware sync"));
-          console.log(chalk8.dim("  Scanning entire codex for files routing to this project...\n"));
+        let codexRepoPath;
+        try {
+          const { ensureCodexCloned: ensureCodexCloned2 } = await Promise.resolve().then(() => (init_codex_repository(), codex_repository_exports));
+          if (!options.json) {
+            console.log(chalk8.blue("\u2139 Cloning/updating codex repository..."));
+          }
+          codexRepoPath = await ensureCodexCloned2(config, {
+            branch: targetBranch
+          });
+          if (!options.json) {
+            console.log(chalk8.dim(`  Codex cloned to: ${codexRepoPath}`));
+            console.log(chalk8.dim("  Scanning for files routing to this project...\n"));
+          } else {
+            console.log(JSON.stringify({
+              info: "Routing-aware sync: cloned codex repository and scanning for files targeting this project",
+              codexPath: codexRepoPath
+            }, null, 2));
+          }
+        } catch (error) {
+          console.error(chalk8.red("Error:"), "Failed to clone codex repository");
+          console.error(chalk8.dim(`  ${error.message}`));
+          console.log(chalk8.yellow("\nTroubleshooting:"));
+          if (error.message.includes("Git command not found")) {
+            console.log(chalk8.dim("  Git is not installed or not in PATH."));
+            console.log(chalk8.dim("  Install git: https://git-scm.com/downloads"));
+          } else if (error.message.includes("authentication failed") || error.message.includes("Authentication failed")) {
+            console.log(chalk8.dim("  GitHub authentication is required for private repositories."));
+            console.log(chalk8.dim("  1. Check auth status: gh auth status"));
+            console.log(chalk8.dim("  2. Login if needed: gh auth login"));
+            console.log(chalk8.dim("  3. Or set GITHUB_TOKEN environment variable"));
+          } else if (error.message.includes("Permission denied")) {
+            console.log(chalk8.dim("  Permission denied accessing repository files."));
+            console.log(chalk8.dim("  1. Check file/directory permissions"));
+            console.log(chalk8.dim("  2. Ensure you have access to the repository"));
+          } else if (error.message.includes("not found") || error.message.includes("does not exist")) {
+            console.log(chalk8.dim(`  Repository not found: ${config.organization}/${config.codex_repository || "codex"}`));
+            console.log(chalk8.dim("  1. Verify the repository exists on GitHub"));
+            console.log(chalk8.dim("  2. Check organization and repository names in config"));
+          } else {
+            console.log(chalk8.dim("  1. Ensure git is installed: git --version"));
+            console.log(chalk8.dim("  2. Check GitHub auth: gh auth status"));
+            console.log(chalk8.dim(`  3. Verify repo exists: ${config.organization}/${config.codex_repository || "codex"}`));
+          }
+          process.exit(1);
         }
         const planWithRouting = await syncManager.createRoutingAwarePlan(
           config.organization,