@fractary/faber-cli 1.0.0 → 1.2.0

package/dist/lib/repo-client.js

@@ -0,0 +1,105 @@
+/**
+ * Repo Client
+ *
+ * Wrapper for fractary-repo plugin commands (CLI-based)
+ */
+/**
+ * Repo Client - wraps fractary-repo plugin CLI operations
+ *
+ * Note: This calls fractary-repo CLI commands as specified in SPEC-00030.
+ * These commands must be implemented in the fractary-repo plugin.
+ */
+export class RepoClient {
+    constructor(config) {
+        this.config = config;
+        const token = config.github?.token;
+        if (!token) {
+            throw new Error('GitHub token not found. Set GITHUB_TOKEN environment variable.');
+        }
+    }
+    /**
+     * Fetch specific issues by ID
+     *
+     * Calls: fractary-repo issue-fetch --ids 258,259,260 --format json
+     */
+    async fetchIssues(ids) {
+        // TODO: Call fractary-repo CLI when available
+        // const result = await this.callRepoCommand('issue-fetch', ['--ids', ids.join(','), '--format', 'json']);
+        // Placeholder implementation
+        throw new Error('fractary-repo issue-fetch command not yet implemented. See SPEC-00030.');
+    }
+    /**
+     * Search issues by labels
+     *
+     * Calls: fractary-repo issue-search --labels "workflow:etl,status:approved" --format json
+     */
+    async searchIssues(labels) {
+        // TODO: Call fractary-repo CLI when available
+        // const result = await this.callRepoCommand('issue-search', ['--labels', labels.join(','), '--format', 'json']);
+        // Placeholder implementation
+        throw new Error('fractary-repo issue-search command not yet implemented. See SPEC-00030.');
+    }
+    /**
+     * Create a git branch
+     *
+     * Calls: fractary-repo branch-create <branch-name> --format json
+     */
+    async createBranch(branchName) {
+        // TODO: Call fractary-repo CLI when available
+        // await this.callRepoCommand('branch-create', [branchName, '--format', 'json']);
+        // Placeholder implementation
+        throw new Error('fractary-repo branch-create command not yet implemented. See SPEC-00030.');
+    }
+    /**
+     * Create a git worktree
+     *
+     * Calls: fractary-repo worktree-create --work-id 258 --format json
+     */
+    async createWorktree(options) {
+        // TODO: Call fractary-repo CLI when available
+        // const args = ['--work-id', options.workId, '--format', 'json'];
+        // if (options.path) {
+        //   args.push('--path', options.path);
+        // }
+        // const result = await this.callRepoCommand('worktree-create', args);
+        // return result;
+        // Placeholder implementation
+        throw new Error('fractary-repo worktree-create command not yet implemented. See SPEC-00030.');
+    }
+    /**
+     * Update GitHub issue
+     *
+     * Calls: fractary-repo issue-update --id 258 --comment "..." --add-label "..."
+     */
+    async updateIssue(options) {
+        // TODO: Call fractary-repo CLI when available
+        // const args = ['--id', options.id];
+        // if (options.comment) {
+        //   args.push('--comment', options.comment);
+        // }
+        // if (options.addLabel) {
+        //   args.push('--add-label', options.addLabel);
+        // }
+        // if (options.removeLabel) {
+        //   args.push('--remove-label', options.removeLabel);
+        // }
+        // await this.callRepoCommand('issue-update', args);
+        // Placeholder implementation
+        throw new Error('fractary-repo issue-update command not yet implemented. See SPEC-00030.');
+    }
+    /**
+     * Call fractary-repo CLI command
+     *
+     * This will be implemented to spawn fractary-repo CLI process safely.
+     * For now, this is a placeholder showing the intended interface.
+     */
+    async callRepoCommand(command, args) {
+        // Implementation will use safe process spawning to call:
+        // fractary-repo <command> [args...]
+        //
+        // Example: fractary-repo issue-fetch --ids 258,259 --format json
+        //
+        // The command will return JSON which we parse and return.
+        throw new Error(`fractary-repo ${command} not yet implemented`);
+    }
+}

package/dist/types/config.d.ts

@@ -0,0 +1,34 @@
+/**
+ * FABER CLI Configuration Types
+ *
+ * Type definitions for configuration objects
+ */
+export interface AnthropicConfig {
+    api_key?: string;
+}
+export interface GitHubConfig {
+    token?: string;
+    organization?: string;
+    project?: string;
+    repo?: string;
+}
+export interface WorktreeConfig {
+    location?: string;
+    inherit_from_claude?: boolean;
+}
+export interface WorkflowConfig {
+    default?: string;
+    config_path?: string;
+}
+export interface FaberConfig {
+    anthropic?: AnthropicConfig;
+    github?: GitHubConfig;
+    worktree?: WorktreeConfig;
+    workflow?: WorkflowConfig;
+}
+export interface ClaudeConfig {
+    worktree?: {
+        directory?: string;
+    };
+}
+//# sourceMappingURL=config.d.ts.map

package/dist/types/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,EAAE;QACT,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH"}

package/dist/types/config.js

@@ -0,0 +1,6 @@
+/**
+ * FABER CLI Configuration Types
+ *
+ * Type definitions for configuration objects
+ */
+export {};

package/dist/utils/prompt.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Simple prompt utility for CLI input
+ */
+/**
+ * Prompt user for input
+ */
+export declare function prompt(question: string): Promise<string>;
+//# sourceMappingURL=prompt.d.ts.map

package/dist/utils/prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../src/utils/prompt.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;GAEG;AACH,wBAAgB,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAYxD"}

package/dist/utils/prompt.js

@@ -0,0 +1,19 @@
+/**
+ * Simple prompt utility for CLI input
+ */
+import * as readline from 'readline';
+/**
+ * Prompt user for input
+ */
+export function prompt(question) {
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}

package/dist/utils/validation.d.ts

@@ -27,4 +27,75 @@ export declare function parseOptionalInteger(value: string | undefined, fieldNam
  * @throws Error if value is not a valid positive integer
  */
 export declare function parsePositiveInteger(value: string, fieldName: string): number;
+/**
+ * Validates work ID format
+ * Work IDs must be numeric (GitHub issue numbers)
+ *
+ * @param workId - Work ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateWorkId(workId: string): boolean;
+/**
+ * Validates multiple comma-separated work IDs
+ *
+ * @param workIds - Comma-separated work IDs
+ * @returns Array of validated work IDs
+ * @throws Error if any ID is invalid
+ */
+export declare function validateWorkIds(workIds: string): string[];
+/**
+ * Validates label format
+ * Labels must be alphanumeric with hyphens, colons, and underscores only
+ *
+ * @param label - Label to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateLabel(label: string): boolean;
+/**
+ * Validates multiple comma-separated labels
+ *
+ * @param labels - Comma-separated labels
+ * @returns Array of validated labels
+ * @throws Error if any label is invalid
+ */
+export declare function validateLabels(labels: string): string[];
+/**
+ * Validates workflow name format
+ * Workflow names must be alphanumeric with hyphens and underscores
+ *
+ * @param workflowName - Workflow name to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateWorkflowName(workflowName: string): boolean;
+/**
+ * Validates and sanitizes file path to prevent path traversal
+ * Ensures path doesn't contain dangerous patterns like ../, absolute paths, etc.
+ *
+ * @param filePath - File path to validate
+ * @param baseDir - Base directory that path must be relative to (optional)
+ * @returns Sanitized path
+ * @throws Error if path is unsafe
+ */
+export declare function validateSafePath(filePath: string, baseDir?: string): string;
+/**
+ * Validates JSON response size to prevent DoS attacks
+ *
+ * @param jsonString - JSON string to validate
+ * @param maxSizeBytes - Maximum allowed size in bytes (default: 1MB)
+ * @returns True if valid
+ * @throws Error if too large
+ */
+export declare function validateJsonSize(jsonString: string, maxSizeBytes?: number): boolean;
+/**
+ * Validates plan ID format
+ * Plan IDs follow format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}
+ *
+ * @param planId - Plan ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validatePlanId(planId: string): boolean;
 //# sourceMappingURL=validation.d.ts.map

package/dist/utils/validation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAY1E;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAMrG;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAQ7E"}
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAY1E;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAMrG;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAQ7E;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAWtD;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBzD;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAYpD;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBvD;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAYlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAoC3E;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,GAAE,MAAoB,GAAG,OAAO,CAYhG;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAUtD"}

package/dist/utils/validation.js

@@ -47,3 +47,160 @@ export function parsePositiveInteger(value, fieldName) {
     }
     return parsed;
 }
+/**
+ * Validates work ID format
+ * Work IDs must be numeric (GitHub issue numbers)
+ *
+ * @param workId - Work ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateWorkId(workId) {
+    // Work IDs must be numeric (1-8 digits for GitHub issue numbers)
+    const workIdPattern = /^\d{1,8}$/;
+    if (!workIdPattern.test(workId)) {
+        throw new Error(`Invalid work ID format: "${workId}". Work IDs must be numeric (e.g., "123", "456").`);
+    }
+    return true;
+}
+/**
+ * Validates multiple comma-separated work IDs
+ *
+ * @param workIds - Comma-separated work IDs
+ * @returns Array of validated work IDs
+ * @throws Error if any ID is invalid
+ */
+export function validateWorkIds(workIds) {
+    const ids = workIds.split(',').map(id => id.trim()).filter(Boolean);
+    if (ids.length === 0) {
+        throw new Error('No work IDs provided');
+    }
+    if (ids.length > 50) {
+        throw new Error(`Too many work IDs (${ids.length}). Maximum is 50 to prevent API overload.`);
+    }
+    // Validate each ID
+    ids.forEach(id => validateWorkId(id));
+    return ids;
+}
+/**
+ * Validates label format
+ * Labels must be alphanumeric with hyphens, colons, and underscores only
+ *
+ * @param label - Label to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateLabel(label) {
+    // Labels: alphanumeric, hyphens, colons, underscores (GitHub label format)
+    // Examples: "workflow:etl", "status:approved", "priority-high"
+    const labelPattern = /^[a-zA-Z0-9_:-]{1,50}$/;
+    if (!labelPattern.test(label)) {
+        throw new Error(`Invalid label format: "${label}". Labels must be alphanumeric with hyphens, colons, or underscores (max 50 chars).`);
+    }
+    return true;
+}
+/**
+ * Validates multiple comma-separated labels
+ *
+ * @param labels - Comma-separated labels
+ * @returns Array of validated labels
+ * @throws Error if any label is invalid
+ */
+export function validateLabels(labels) {
+    const labelArray = labels.split(',').map(l => l.trim()).filter(Boolean);
+    if (labelArray.length === 0) {
+        throw new Error('No labels provided');
+    }
+    if (labelArray.length > 20) {
+        throw new Error(`Too many labels (${labelArray.length}). Maximum is 20.`);
+    }
+    // Validate each label
+    labelArray.forEach(label => validateLabel(label));
+    return labelArray;
+}
+/**
+ * Validates workflow name format
+ * Workflow names must be alphanumeric with hyphens and underscores
+ *
+ * @param workflowName - Workflow name to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateWorkflowName(workflowName) {
+    // Workflow names: alphanumeric, hyphens, underscores
+    // Examples: "etl", "data-pipeline", "bugfix"
+    const workflowPattern = /^[a-zA-Z0-9_-]{1,50}$/;
+    if (!workflowPattern.test(workflowName)) {
+        throw new Error(`Invalid workflow name: "${workflowName}". Workflow names must be alphanumeric with hyphens or underscores (max 50 chars).`);
+    }
+    return true;
+}
+/**
+ * Validates and sanitizes file path to prevent path traversal
+ * Ensures path doesn't contain dangerous patterns like ../, absolute paths, etc.
+ *
+ * @param filePath - File path to validate
+ * @param baseDir - Base directory that path must be relative to (optional)
+ * @returns Sanitized path
+ * @throws Error if path is unsafe
+ */
+export function validateSafePath(filePath, baseDir) {
+    // Remove any null bytes
+    if (filePath.includes('\0')) {
+        throw new Error('Path contains null bytes');
+    }
+    // Check for path traversal patterns
+    const dangerousPatterns = [
+        /\.\./, // Parent directory (..)
+        /^\//, // Absolute path
+        /^[a-zA-Z]:\\/, // Windows absolute path
+        /^~\//, // Home directory
+    ];
+    for (const pattern of dangerousPatterns) {
+        if (pattern.test(filePath)) {
+            throw new Error(`Unsafe path detected: "${filePath}". Paths must be relative and cannot contain "..", absolute paths, or home directory references.`);
+        }
+    }
+    // Normalize path (remove redundant separators, etc.)
+    const normalized = filePath.replace(/\/+/g, '/').replace(/\\/g, '/');
+    // If base directory provided, ensure path starts with it
+    if (baseDir) {
+        const normalizedBase = baseDir.replace(/\/+$/, '');
+        if (!normalized.startsWith(normalizedBase)) {
+            throw new Error(`Path "${filePath}" must be within base directory "${baseDir}"`);
+        }
+    }
+    return normalized;
+}
+/**
+ * Validates JSON response size to prevent DoS attacks
+ *
+ * @param jsonString - JSON string to validate
+ * @param maxSizeBytes - Maximum allowed size in bytes (default: 1MB)
+ * @returns True if valid
+ * @throws Error if too large
+ */
+export function validateJsonSize(jsonString, maxSizeBytes = 1024 * 1024) {
+    const sizeBytes = Buffer.byteLength(jsonString, 'utf8');
+    if (sizeBytes > maxSizeBytes) {
+        const sizeMB = (sizeBytes / 1024 / 1024).toFixed(2);
+        const maxMB = (maxSizeBytes / 1024 / 1024).toFixed(2);
+        throw new Error(`JSON response too large: ${sizeMB}MB (maximum: ${maxMB}MB). This may indicate an API error or DoS attempt.`);
+    }
+    return true;
+}
+/**
+ * Validates plan ID format
+ * Plan IDs follow format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}
+ *
+ * @param planId - Plan ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validatePlanId(planId) {
+    const planIdPattern = /^fractary-faber-\d+-\d{8}-\d{6}$/;
+    if (!planIdPattern.test(planId)) {
+        throw new Error(`Invalid plan ID format: "${planId}". Expected format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}`);
+    }
+    return true;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fractary/faber-cli",
-  "version": "1.0.0",
+  "version": "1.2.0",
   "description": "FABER CLI - Command-line interface for FABER development toolkit",
   "main": "dist/index.js",
   "bin": {