@fractary/faber-cli 1.1.0 → 1.3.0

package/dist/lib/sdk-config-adapter.js

@@ -0,0 +1,50 @@
+/**
+ * SDK Configuration Adapter
+ *
+ * Converts FABER CLI configuration to @fractary/core SDK configuration format
+ */
+/**
+ * Create WorkConfig for WorkManager from FaberConfig
+ *
+ * @param faberConfig - FABER CLI configuration
+ * @returns WorkConfig for @fractary/core WorkManager
+ * @throws Error if required fields are missing
+ */
+export function createWorkConfig(faberConfig) {
+    const token = faberConfig.github?.token;
+    const owner = faberConfig.github?.organization;
+    const repo = faberConfig.github?.project;
+    if (!token) {
+        throw new Error('GitHub token not found. Set GITHUB_TOKEN environment variable or configure in .fractary/settings.json');
+    }
+    if (!owner || !repo) {
+        throw new Error('GitHub organization and project must be configured in .fractary/settings.json');
+    }
+    return {
+        platform: 'github',
+        owner,
+        repo,
+        token,
+    };
+}
+/**
+ * Create RepoConfig for RepoManager from FaberConfig
+ *
+ * @param faberConfig - FABER CLI configuration
+ * @returns RepoConfig for @fractary/core RepoManager
+ * @throws Error if required fields are missing
+ */
+export function createRepoConfig(faberConfig) {
+    const token = faberConfig.github?.token;
+    const owner = faberConfig.github?.organization;
+    const repo = faberConfig.github?.project;
+    if (!token) {
+        throw new Error('GitHub token not found. Set GITHUB_TOKEN environment variable or configure in .fractary/settings.json');
+    }
+    return {
+        platform: 'github',
+        owner,
+        repo,
+        token,
+    };
+}

package/dist/lib/sdk-type-adapter.d.ts

@@ -0,0 +1,43 @@
+/**
+ * SDK Type Adapter
+ *
+ * Converts between @fractary/core SDK types and FABER CLI types
+ */
+import type { Issue as SDKIssue, Worktree as SDKWorktree } from '@fractary/core';
+interface CLIIssue {
+    id: string;
+    number: number;
+    title: string;
+    description: string;
+    labels: string[];
+    url: string;
+    state: string;
+}
+interface WorktreeResult {
+    path: string;
+    absolute_path: string;
+    branch: string;
+    created_at: string;
+    organization: string;
+    project: string;
+    work_id: string;
+}
+/**
+ * Convert SDK Issue to CLI Issue
+ *
+ * @param sdkIssue - Issue from @fractary/core SDK
+ * @returns CLI Issue format
+ */
+export declare function sdkIssueToCLIIssue(sdkIssue: SDKIssue): CLIIssue;
+/**
+ * Convert SDK Worktree to CLI WorktreeResult
+ *
+ * @param sdkWorktree - Worktree from @fractary/core SDK
+ * @param organization - GitHub organization
+ * @param project - GitHub project/repo name
+ * @param workId - Work/issue ID
+ * @returns CLI WorktreeResult format
+ */
+export declare function sdkWorktreeToCLIWorktreeResult(sdkWorktree: SDKWorktree, organization: string, project: string, workId: string): WorktreeResult;
+export {};
+//# sourceMappingURL=sdk-type-adapter.d.ts.map

package/dist/lib/sdk-type-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdk-type-adapter.d.ts","sourceRoot":"","sources":["../../src/lib/sdk-type-adapter.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,KAAK,IAAI,QAAQ,EAAE,QAAQ,IAAI,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAGjF,UAAU,QAAQ;IAChB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf;AAED,UAAU,cAAc;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAU/D;AAED;;;;;;;;GAQG;AACH,wBAAgB,8BAA8B,CAC5C,WAAW,EAAE,WAAW,EACxB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,cAAc,CAUhB"}

package/dist/lib/sdk-type-adapter.js

@@ -0,0 +1,42 @@
+/**
+ * SDK Type Adapter
+ *
+ * Converts between @fractary/core SDK types and FABER CLI types
+ */
+/**
+ * Convert SDK Issue to CLI Issue
+ *
+ * @param sdkIssue - Issue from @fractary/core SDK
+ * @returns CLI Issue format
+ */
+export function sdkIssueToCLIIssue(sdkIssue) {
+    return {
+        id: sdkIssue.id,
+        number: sdkIssue.number,
+        title: sdkIssue.title,
+        description: sdkIssue.body, // Map 'body' to 'description'
+        labels: sdkIssue.labels.map(label => label.name), // Extract label names
+        url: sdkIssue.url,
+        state: sdkIssue.state,
+    };
+}
+/**
+ * Convert SDK Worktree to CLI WorktreeResult
+ *
+ * @param sdkWorktree - Worktree from @fractary/core SDK
+ * @param organization - GitHub organization
+ * @param project - GitHub project/repo name
+ * @param workId - Work/issue ID
+ * @returns CLI WorktreeResult format
+ */
+export function sdkWorktreeToCLIWorktreeResult(sdkWorktree, organization, project, workId) {
+    return {
+        path: sdkWorktree.path,
+        absolute_path: sdkWorktree.path, // SDK path is already absolute
+        branch: sdkWorktree.branch || '',
+        created_at: new Date().toISOString(),
+        organization,
+        project,
+        work_id: workId,
+    };
+}

package/dist/types/config.d.ts

@@ -0,0 +1,34 @@
+/**
+ * FABER CLI Configuration Types
+ *
+ * Type definitions for configuration objects
+ */
+export interface AnthropicConfig {
+    api_key?: string;
+}
+export interface GitHubConfig {
+    token?: string;
+    organization?: string;
+    project?: string;
+    repo?: string;
+}
+export interface WorktreeConfig {
+    location?: string;
+    inherit_from_claude?: boolean;
+}
+export interface WorkflowConfig {
+    default?: string;
+    config_path?: string;
+}
+export interface FaberConfig {
+    anthropic?: AnthropicConfig;
+    github?: GitHubConfig;
+    worktree?: WorktreeConfig;
+    workflow?: WorkflowConfig;
+}
+export interface ClaudeConfig {
+    worktree?: {
+        directory?: string;
+    };
+}
+//# sourceMappingURL=config.d.ts.map

package/dist/types/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,EAAE;QACT,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH"}

package/dist/types/config.js

@@ -0,0 +1,6 @@
+/**
+ * FABER CLI Configuration Types
+ *
+ * Type definitions for configuration objects
+ */
+export {};

package/dist/utils/prompt.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Simple prompt utility for CLI input
+ */
+/**
+ * Prompt user for input
+ */
+export declare function prompt(question: string): Promise<string>;
+//# sourceMappingURL=prompt.d.ts.map

package/dist/utils/prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../src/utils/prompt.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;GAEG;AACH,wBAAgB,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAYxD"}

package/dist/utils/prompt.js

@@ -0,0 +1,19 @@
+/**
+ * Simple prompt utility for CLI input
+ */
+import * as readline from 'readline';
+/**
+ * Prompt user for input
+ */
+export function prompt(question) {
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}

package/dist/utils/validation.d.ts

@@ -27,4 +27,75 @@ export declare function parseOptionalInteger(value: string | undefined, fieldNam
  * @throws Error if value is not a valid positive integer
  */
 export declare function parsePositiveInteger(value: string, fieldName: string): number;
+/**
+ * Validates work ID format
+ * Work IDs must be numeric (GitHub issue numbers)
+ *
+ * @param workId - Work ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateWorkId(workId: string): boolean;
+/**
+ * Validates multiple comma-separated work IDs
+ *
+ * @param workIds - Comma-separated work IDs
+ * @returns Array of validated work IDs
+ * @throws Error if any ID is invalid
+ */
+export declare function validateWorkIds(workIds: string): string[];
+/**
+ * Validates label format
+ * Labels must be alphanumeric with hyphens, colons, and underscores only
+ *
+ * @param label - Label to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateLabel(label: string): boolean;
+/**
+ * Validates multiple comma-separated labels
+ *
+ * @param labels - Comma-separated labels
+ * @returns Array of validated labels
+ * @throws Error if any label is invalid
+ */
+export declare function validateLabels(labels: string): string[];
+/**
+ * Validates workflow name format
+ * Workflow names must be alphanumeric with hyphens and underscores
+ *
+ * @param workflowName - Workflow name to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateWorkflowName(workflowName: string): boolean;
+/**
+ * Validates and sanitizes file path to prevent path traversal
+ * Ensures path doesn't contain dangerous patterns like ../, absolute paths, etc.
+ *
+ * @param filePath - File path to validate
+ * @param baseDir - Base directory that path must be relative to (optional)
+ * @returns Sanitized path
+ * @throws Error if path is unsafe
+ */
+export declare function validateSafePath(filePath: string, baseDir?: string): string;
+/**
+ * Validates JSON response size to prevent DoS attacks
+ *
+ * @param jsonString - JSON string to validate
+ * @param maxSizeBytes - Maximum allowed size in bytes (default: 1MB)
+ * @returns True if valid
+ * @throws Error if too large
+ */
+export declare function validateJsonSize(jsonString: string, maxSizeBytes?: number): boolean;
+/**
+ * Validates plan ID format
+ * Plan IDs follow format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}
+ *
+ * @param planId - Plan ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validatePlanId(planId: string): boolean;
 //# sourceMappingURL=validation.d.ts.map

package/dist/utils/validation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAY1E;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAMrG;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAQ7E"}
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAY1E;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAMrG;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAQ7E;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAWtD;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBzD;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAYpD;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBvD;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAYlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAoC3E;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,GAAE,MAAoB,GAAG,OAAO,CAYhG;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAUtD"}

package/dist/utils/validation.js

@@ -47,3 +47,160 @@ export function parsePositiveInteger(value, fieldName) {
     }
     return parsed;
 }
+/**
+ * Validates work ID format
+ * Work IDs must be numeric (GitHub issue numbers)
+ *
+ * @param workId - Work ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateWorkId(workId) {
+    // Work IDs must be numeric (1-8 digits for GitHub issue numbers)
+    const workIdPattern = /^\d{1,8}$/;
+    if (!workIdPattern.test(workId)) {
+        throw new Error(`Invalid work ID format: "${workId}". Work IDs must be numeric (e.g., "123", "456").`);
+    }
+    return true;
+}
+/**
+ * Validates multiple comma-separated work IDs
+ *
+ * @param workIds - Comma-separated work IDs
+ * @returns Array of validated work IDs
+ * @throws Error if any ID is invalid
+ */
+export function validateWorkIds(workIds) {
+    const ids = workIds.split(',').map(id => id.trim()).filter(Boolean);
+    if (ids.length === 0) {
+        throw new Error('No work IDs provided');
+    }
+    if (ids.length > 50) {
+        throw new Error(`Too many work IDs (${ids.length}). Maximum is 50 to prevent API overload.`);
+    }
+    // Validate each ID
+    ids.forEach(id => validateWorkId(id));
+    return ids;
+}
+/**
+ * Validates label format
+ * Labels must be alphanumeric with hyphens, colons, and underscores only
+ *
+ * @param label - Label to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateLabel(label) {
+    // Labels: alphanumeric, hyphens, colons, underscores (GitHub label format)
+    // Examples: "workflow:etl", "status:approved", "priority-high"
+    const labelPattern = /^[a-zA-Z0-9_:-]{1,50}$/;
+    if (!labelPattern.test(label)) {
+        throw new Error(`Invalid label format: "${label}". Labels must be alphanumeric with hyphens, colons, or underscores (max 50 chars).`);
+    }
+    return true;
+}
+/**
+ * Validates multiple comma-separated labels
+ *
+ * @param labels - Comma-separated labels
+ * @returns Array of validated labels
+ * @throws Error if any label is invalid
+ */
+export function validateLabels(labels) {
+    const labelArray = labels.split(',').map(l => l.trim()).filter(Boolean);
+    if (labelArray.length === 0) {
+        throw new Error('No labels provided');
+    }
+    if (labelArray.length > 20) {
+        throw new Error(`Too many labels (${labelArray.length}). Maximum is 20.`);
+    }
+    // Validate each label
+    labelArray.forEach(label => validateLabel(label));
+    return labelArray;
+}
+/**
+ * Validates workflow name format
+ * Workflow names must be alphanumeric with hyphens and underscores
+ *
+ * @param workflowName - Workflow name to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateWorkflowName(workflowName) {
+    // Workflow names: alphanumeric, hyphens, underscores
+    // Examples: "etl", "data-pipeline", "bugfix"
+    const workflowPattern = /^[a-zA-Z0-9_-]{1,50}$/;
+    if (!workflowPattern.test(workflowName)) {
+        throw new Error(`Invalid workflow name: "${workflowName}". Workflow names must be alphanumeric with hyphens or underscores (max 50 chars).`);
+    }
+    return true;
+}
+/**
+ * Validates and sanitizes file path to prevent path traversal
+ * Ensures path doesn't contain dangerous patterns like ../, absolute paths, etc.
+ *
+ * @param filePath - File path to validate
+ * @param baseDir - Base directory that path must be relative to (optional)
+ * @returns Sanitized path
+ * @throws Error if path is unsafe
+ */
+export function validateSafePath(filePath, baseDir) {
+    // Remove any null bytes
+    if (filePath.includes('\0')) {
+        throw new Error('Path contains null bytes');
+    }
+    // Check for path traversal patterns
+    const dangerousPatterns = [
+        /\.\./, // Parent directory (..)
+        /^\//, // Absolute path
+        /^[a-zA-Z]:\\/, // Windows absolute path
+        /^~\//, // Home directory
+    ];
+    for (const pattern of dangerousPatterns) {
+        if (pattern.test(filePath)) {
+            throw new Error(`Unsafe path detected: "${filePath}". Paths must be relative and cannot contain "..", absolute paths, or home directory references.`);
+        }
+    }
+    // Normalize path (remove redundant separators, etc.)
+    const normalized = filePath.replace(/\/+/g, '/').replace(/\\/g, '/');
+    // If base directory provided, ensure path starts with it
+    if (baseDir) {
+        const normalizedBase = baseDir.replace(/\/+$/, '');
+        if (!normalized.startsWith(normalizedBase)) {
+            throw new Error(`Path "${filePath}" must be within base directory "${baseDir}"`);
+        }
+    }
+    return normalized;
+}
+/**
+ * Validates JSON response size to prevent DoS attacks
+ *
+ * @param jsonString - JSON string to validate
+ * @param maxSizeBytes - Maximum allowed size in bytes (default: 1MB)
+ * @returns True if valid
+ * @throws Error if too large
+ */
+export function validateJsonSize(jsonString, maxSizeBytes = 1024 * 1024) {
+    const sizeBytes = Buffer.byteLength(jsonString, 'utf8');
+    if (sizeBytes > maxSizeBytes) {
+        const sizeMB = (sizeBytes / 1024 / 1024).toFixed(2);
+        const maxMB = (maxSizeBytes / 1024 / 1024).toFixed(2);
+        throw new Error(`JSON response too large: ${sizeMB}MB (maximum: ${maxMB}MB). This may indicate an API error or DoS attempt.`);
+    }
+    return true;
+}
+/**
+ * Validates plan ID format
+ * Plan IDs follow format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}
+ *
+ * @param planId - Plan ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validatePlanId(planId) {
+    const planIdPattern = /^fractary-faber-\d+-\d{8}-\d{6}$/;
+    if (!planIdPattern.test(planId)) {
+        throw new Error(`Invalid plan ID format: "${planId}". Expected format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}`);
+    }
+    return true;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fractary/faber-cli",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "FABER CLI - Command-line interface for FABER development toolkit",
   "main": "dist/index.js",
   "bin": {
@@ -36,6 +36,7 @@
     "access": "public"
   },
   "dependencies": {
+    "@fractary/core": "^0.2.0",
     "@fractary/faber": "*",
     "chalk": "^5.0.0",
     "commander": "^12.0.0"