@growthub/cli 0.3.43 → 0.3.45

package/README.md

@@ -35,6 +35,7 @@ Use this when you want to create or reopen a full Growthub local surface.
 
 ```bash
 growthub
+growthub list
 growthub discover
 growthub onboard
 growthub run
@@ -55,6 +56,9 @@ Use this when you want a working-directory-ready environment for an agent.
 ### Discovery
 
 ```bash
+# Interactive discovery hub
+growthub list
+
 # Interactive browser — type filter → kit selector → actions
 growthub kit
 
@@ -142,7 +146,7 @@ For the agent-facing extension workflow, see [docs/CLI_TEMPLATE_CONTRIBUTION_EXT
 
 ## Development Notes
 
-- `@growthub/cli` version: `0.3.43`
+- `@growthub/cli` version: `0.3.45`
 - Node.js: `>=20`
 - Source of truth repo: [Growthub Local](https://github.com/Growthub-ai/growthub-local)
 

package/dist/index.js

@@ -6657,9 +6657,9 @@ import pc2 from "picocolors";
 function printPaperclipCliBanner() {
   const lines = [
     "",
-    ...GROWTHUB_ART.map((line) => pc2.cyan(line)),
-    pc2.blue("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"),
-    pc2.bold(pc2.white(`  ${TAGLINE}`)),
+    ...GROWTHUB_ART,
+    pc2.dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"),
+    pc2.bold(`  ${TAGLINE}`),
     ""
   ];
   console.log(lines.join("\n"));
@@ -14727,7 +14727,7 @@ applyDataDirOverride(bootstrapOptions, {
 loadPaperclipEnvFile(bootstrapOptions.config);
 var bootstrapConfig = readConfig(resolveConfigPath(bootstrapOptions.config));
 var surfaceRuntime = initializeSurfaceRuntimeContract(resolveSurfaceProfile(bootstrapConfig) ?? void 0);
-program.name("growthub").description("Growthub CLI \u2014 setup, configure, and run your local Growthub instance").version("0.3.43").addHelpText("after", `
+program.name("growthub").description("Growthub CLI \u2014 setup, configure, and run your local Growthub instance").version("0.3.45").addHelpText("after", `
 Worker Kits (agent execution environments):
 
   Discovery:
@@ -14762,6 +14762,9 @@ Instance setup:
 program.action(async () => {
   await runDiscoveryHub();
 });
+program.command("list").description("Open the interactive Growthub discovery hub").action(async () => {
+  await runDiscoveryHub();
+});
 program.hook("preAction", (_thisCommand, actionCommand) => {
   const options = actionCommand.optsWithGlobals();
   const optionNames = new Set(actionCommand.options.map((option) => option.attributeName()));

package/dist/runtime/server/dist/routes/assets.js

@@ -1,7 +1,5 @@
 import { Router } from "express";
 import multer from "multer";
-import createDOMPurify from "dompurify";
-import { JSDOM } from "jsdom";
 import { createAssetImageMetadataSchema } from "@paperclipai/shared";
 import { assetService, logActivity } from "../services/index.js";
 import { isAllowedContentType, MAX_ATTACHMENT_BYTES } from "../attachment-types.js";
@@ -15,53 +13,32 @@ const ALLOWED_COMPANY_LOGO_CONTENT_TYPES = new Set([
     "image/gif",
     SVG_CONTENT_TYPE,
 ]);
+const DISALLOWED_SVG_TAGS = /<\/?\s*(script|foreignObject)\b[^>]*>/gi;
+const DISALLOWED_SVG_BLOCKS = /<\s*(script|foreignObject)\b[^>]*>[\s\S]*?<\s*\/\s*\1\s*>/gi;
+const XML_DECLARATIONS_AND_COMMENTS = /<\?(?:xml|[\s\S]*?)\?>|<!--[\s\S]*?-->|<!DOCTYPE[\s\S]*?>/gi;
+const EVENT_HANDLER_ATTRS = /\s+on[\w:-]+\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]+)/gi;
+const STYLE_ATTRS = /\s+style\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]+)/gi;
+const HREF_ATTRS = /\s+(href|xlink:href)\s*=\s*("([^"]*)"|'([^']*)'|([^\s>]+))/gi;
+const SVG_ROOT_PATTERN = /^<svg\b[\s\S]*<\/svg>$/i;
 function sanitizeSvgBuffer(input) {
     const raw = input.toString("utf8").trim();
     if (!raw)
         return null;
-    const baseDom = new JSDOM("");
-    const domPurify = createDOMPurify(baseDom.window);
-    domPurify.addHook("uponSanitizeAttribute", (_node, data) => {
-        const attrName = data.attrName.toLowerCase();
-        const attrValue = (data.attrValue ?? "").trim();
-        if (attrName.startsWith("on")) {
-            data.keepAttr = false;
-            return;
-        }
-        if ((attrName === "href" || attrName === "xlink:href") && attrValue && !attrValue.startsWith("#")) {
-            data.keepAttr = false;
-        }
-    });
-    let parsedDom = null;
     try {
-        const sanitized = domPurify.sanitize(raw, {
-            USE_PROFILES: { svg: true, svgFilters: true, html: false },
-            FORBID_TAGS: ["script", "foreignObject"],
-            FORBID_CONTENTS: ["script", "foreignObject"],
-            RETURN_TRUSTED_TYPE: false,
-        });
-        parsedDom = new JSDOM(sanitized, { contentType: SVG_CONTENT_TYPE });
-        const document = parsedDom.window.document;
-        const root = document.documentElement;
-        if (!root || root.tagName.toLowerCase() !== "svg")
+        const normalized = raw.replace(XML_DECLARATIONS_AND_COMMENTS, "").trim();
+        if (!SVG_ROOT_PATTERN.test(normalized))
             return null;
-        for (const el of Array.from(root.querySelectorAll("script, foreignObject"))) {
-            el.remove();
-        }
-        for (const el of Array.from(root.querySelectorAll("*"))) {
-            for (const attr of Array.from(el.attributes)) {
-                const attrName = attr.name.toLowerCase();
-                const attrValue = attr.value.trim();
-                if (attrName.startsWith("on")) {
-                    el.removeAttribute(attr.name);
-                    continue;
-                }
-                if ((attrName === "href" || attrName === "xlink:href") && attrValue && !attrValue.startsWith("#")) {
-                    el.removeAttribute(attr.name);
-                }
-            }
-        }
-        const output = root.outerHTML.trim();
+        const sanitized = normalized
+            .replace(DISALLOWED_SVG_BLOCKS, "")
+            .replace(DISALLOWED_SVG_TAGS, "")
+            .replace(EVENT_HANDLER_ATTRS, "")
+            .replace(STYLE_ATTRS, "")
+            .replace(HREF_ATTRS, (_match, attrName, _fullValue, doubleQuoted, singleQuoted, bare) => {
+            const attrValue = (doubleQuoted ?? singleQuoted ?? bare ?? "").trim();
+            return attrValue.startsWith("#") ? ` ${attrName}="${attrValue}"` : "";
+        })
+            .trim();
+        const output = sanitized.trim();
         if (!output || !/^<svg[\s>]/i.test(output))
             return null;
         return Buffer.from(output, "utf8");
@@ -69,10 +46,6 @@ function sanitizeSvgBuffer(input) {
     catch {
         return null;
     }
-    finally {
-        parsedDom?.window.close();
-        baseDom.window.close();
-    }
 }
 export function assetRoutes(db, storage) {
     const router = Router();
@@ -306,4 +279,4 @@ export function assetRoutes(db, storage) {
     });
     return router;
 }
-//# sourceMappingURL=assets.js.map
+//# sourceMappingURL=assets.js.map

package/dist/utils/banner.js

@@ -0,0 +1,21 @@
+import pc from "picocolors";
+const GROWTHUB_ART = [
+    " ██████╗ ██████╗  ██████╗ ██╗    ██╗████████╗██╗  ██╗██╗   ██╗██████╗ ",
+    "██╔════╝ ██╔══██╗██╔═══██╗██║    ██║╚══██╔══╝██║  ██║██║   ██║██╔══██╗",
+    "██║  ███╗██████╔╝██║   ██║██║ █╗ ██║   ██║   ███████║██║   ██║██████╔╝",
+    "██║   ██║██╔══██╗██║   ██║██║███╗██║   ██║   ██╔══██║██║   ██║██╔══██╗",
+    "╚██████╔╝██║  ██║╚██████╔╝╚███╔███╔╝   ██║   ██║  ██║╚██████╔╝██████╔╝",
+    " ╚═════╝ ╚═╝  ╚═╝ ╚═════╝  ╚══╝╚══╝    ╚═╝   ╚═╝  ╚═╝ ╚═════╝ ╚═════╝ ",
+];
+const TAGLINE = "Growth infrastructure over a stable agentic substrate";
+export function printPaperclipCliBanner() {
+    const lines = [
+        "",
+        ...GROWTHUB_ART,
+        pc.dim("  ───────────────────────────────────────────────────────"),
+        pc.bold(`  ${TAGLINE}`),
+        "",
+    ];
+    console.log(lines.join("\n"));
+}
+//# sourceMappingURL=banner.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@growthub/cli",
-  "version": "0.3.43",
+  "version": "0.3.45",
   "description": "Growthub CLI — orchestrate AI agent teams to run a business",
   "type": "module",
   "bin": {
@@ -37,20 +37,17 @@
   "dependencies": {
     "@aws-sdk/client-s3": "^3.888.0",
     "@clack/prompts": "^0.10.0",
-    "@paperclipai/server": "0.3.1",
     "ajv": "^8.18.0",
     "ajv-formats": "^3.0.1",
     "better-auth": "1.4.18",
     "chokidar": "^4.0.3",
     "commander": "^13.1.0",
     "detect-port": "^2.1.0",
-    "dompurify": "^3.3.2",
     "dotenv": "^17.0.1",
-    "drizzle-orm": "0.38.4",
+    "drizzle-orm": "^0.45.2",
     "embedded-postgres": "^18.1.0-beta.16",
     "express": "^5.1.0",
     "hermes-paperclip-adapter": "0.1.1",
-    "jsdom": "^28.1.0",
     "multer": "^2.0.2",
     "open": "^11.0.0",
     "picocolors": "^1.1.1",
@@ -59,6 +56,6 @@
     "pino-pretty": "^13.1.3",
     "postgres": "^3.4.5",
     "ws": "^8.19.0",
-    "zod": "^3.24.2"
+    "zod": "^4.3.6"
   }
 }