@gurulu/cli 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin.js CHANGED
@@ -24529,7 +24529,7 @@ class ApiClient {
24529
24529
  }
24530
24530
 
24531
24531
  // src/lib/config.ts
24532
- import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
24532
+ import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
24533
24533
  import { homedir } from "node:os";
24534
24534
  import { dirname, join } from "node:path";
24535
24535
  var DEFAULT_ENDPOINT = process.env.GURULU_ENDPOINT ?? "https://api.gurulu.io";
@@ -24586,10 +24586,9 @@ function writeGlobalCredentials(creds) {
24586
24586
  const path = globalCredentialsPath();
24587
24587
  ensureDir(path);
24588
24588
  writeFileSync(path, `${JSON.stringify(creds, null, 2)}
24589
- `, "utf-8");
24589
+ `, { encoding: "utf-8", mode: 384 });
24590
24590
  try {
24591
- const fs = __require("node:fs");
24592
- fs.chmodSync(path, 384);
24591
+ chmodSync(path, 384);
24593
24592
  } catch {}
24594
24593
  }
24595
24594
  function findCredentialForWorkspace(workspaceId) {
@@ -26192,16 +26191,17 @@ async function renderPlan(plan) {
26192
26191
 
26193
26192
  // src/wizard/wire.ts
26194
26193
  import { existsSync as existsSync8, readFileSync as readFileSync9, writeFileSync as writeFileSync7 } from "node:fs";
26195
- import { join as join10 } from "node:path";
26196
26194
 
26197
26195
  // src/wizard/agent.ts
26198
26196
  import { execFile } from "node:child_process";
26199
26197
  import { existsSync as existsSync7, readFileSync as readFileSync8, writeFileSync as writeFileSync6 } from "node:fs";
26200
- import { join as join9 } from "node:path";
26201
26198
  import { promisify } from "node:util";
26202
26199
 
26203
26200
  // src/wizard/guard.ts
26204
26201
  import { basename, isAbsolute, relative as relative2, resolve } from "node:path";
26202
+ function resolveInCwd(p3, cwd) {
26203
+ return isAbsolute(p3) ? p3 : resolve(cwd, p3);
26204
+ }
26205
26205
  function isAdditiveEdit(find, replace) {
26206
26206
  if (find.length === 0)
26207
26207
  return { ok: false, reason: "empty find" };
@@ -26212,22 +26212,45 @@ function isAdditiveEdit(find, replace) {
26212
26212
  return { ok: false, reason: "no-op edit (replace === find)" };
26213
26213
  return { ok: true };
26214
26214
  }
26215
- var BASH_ALLOW_BINS = new Set([
26216
- "bun",
26217
- "bunx",
26218
- "npm",
26219
- "npx",
26220
- "pnpm",
26221
- "yarn",
26215
+ var CHECKER_BINS = new Set([
26222
26216
  "tsc",
26223
26217
  "tsgo",
26218
+ "vue-tsc",
26219
+ "svelte-check",
26224
26220
  "biome",
26225
26221
  "eslint",
26226
26222
  "prettier",
26227
- "vue-tsc",
26228
- "svelte-check",
26229
26223
  "astro"
26230
26224
  ]);
26225
+ var RUNNER_BINS = new Set(["bun", "npm", "pnpm", "yarn"]);
26226
+ var DENY_SUBCMDS = new Set([
26227
+ "install",
26228
+ "i",
26229
+ "add",
26230
+ "remove",
26231
+ "rm",
26232
+ "uninstall",
26233
+ "un",
26234
+ "ci",
26235
+ "dlx",
26236
+ "x",
26237
+ "exec",
26238
+ "create",
26239
+ "init",
26240
+ "up",
26241
+ "update",
26242
+ "upgrade",
26243
+ "link",
26244
+ "unlink",
26245
+ "global",
26246
+ "dedupe",
26247
+ "audit",
26248
+ "publish",
26249
+ "pack",
26250
+ "import",
26251
+ "config"
26252
+ ]);
26253
+ var SCRIPT_NAME = /^[a-z0-9][a-z0-9:._-]*$/i;
26231
26254
  var BASH_DENY = /[;&|`$<>]|\.\.\/|\b(rm|curl|wget|sudo|chmod|chown|mv|dd|kill|eval|sh|bash|node|python)\b/;
26232
26255
  function isAllowedBash(cmd) {
26233
26256
  const t2 = cmd.trim();
@@ -26235,10 +26258,24 @@ function isAllowedBash(cmd) {
26235
26258
  return { ok: false, reason: "empty cmd" };
26236
26259
  if (BASH_DENY.test(t2))
26237
26260
  return { ok: false, reason: "yasak operatör/binary" };
26238
- const bin = t2.split(/\s+/)[0] ?? "";
26239
- if (!BASH_ALLOW_BINS.has(bin))
26240
- return { ok: false, reason: `allowlist dışı binary: ${bin}` };
26241
- return { ok: true };
26261
+ const tokens = t2.split(/\s+/);
26262
+ const bin = tokens[0] ?? "";
26263
+ if (CHECKER_BINS.has(bin))
26264
+ return { ok: true };
26265
+ if (RUNNER_BINS.has(bin)) {
26266
+ const sub = tokens[1] ?? "";
26267
+ if (sub === "run") {
26268
+ const script = tokens[2] ?? "";
26269
+ if (!SCRIPT_NAME.test(script))
26270
+ return { ok: false, reason: `geçersiz script adı: ${script}` };
26271
+ return { ok: true };
26272
+ }
26273
+ if (bin === "yarn" && sub && !DENY_SUBCMDS.has(sub) && SCRIPT_NAME.test(sub)) {
26274
+ return { ok: true };
26275
+ }
26276
+ return { ok: false, reason: `yasak alt-komut (sadece 'run' izinli): ${bin} ${sub}` };
26277
+ }
26278
+ return { ok: false, reason: `allowlist dışı binary: ${bin}` };
26242
26279
  }
26243
26280
  function isAllowedPath(p3, cwd) {
26244
26281
  const abs = isAbsolute(p3) ? p3 : resolve(cwd, p3);
@@ -26258,6 +26295,31 @@ function hasPromptInjection(content) {
26258
26295
  // src/wizard/agent.ts
26259
26296
  var MAX_OBS = 4000;
26260
26297
  var pexec = promisify(execFile);
26298
+ function safeEnv() {
26299
+ const keep = [
26300
+ "PATH",
26301
+ "HOME",
26302
+ "USERPROFILE",
26303
+ "TMPDIR",
26304
+ "TEMP",
26305
+ "TMP",
26306
+ "LANG",
26307
+ "LC_ALL",
26308
+ "TERM",
26309
+ "SHELL",
26310
+ "NODE_ENV",
26311
+ "PATHEXT",
26312
+ "SystemRoot",
26313
+ "ComSpec"
26314
+ ];
26315
+ const env2 = {};
26316
+ for (const k2 of keep) {
26317
+ const v2 = process.env[k2];
26318
+ if (v2 !== undefined)
26319
+ env2[k2] = v2;
26320
+ }
26321
+ return env2;
26322
+ }
26261
26323
  async function defaultRunBash(cmd, cwd) {
26262
26324
  const parts = cmd.trim().split(/\s+/);
26263
26325
  const bin = parts[0] ?? "";
@@ -26265,7 +26327,8 @@ async function defaultRunBash(cmd, cwd) {
26265
26327
  const { stdout: stdout2, stderr } = await pexec(bin, parts.slice(1), {
26266
26328
  cwd,
26267
26329
  timeout: 120000,
26268
- maxBuffer: 4 * 1024 * 1024
26330
+ maxBuffer: 4 * 1024 * 1024,
26331
+ env: safeEnv()
26269
26332
  });
26270
26333
  return { stdout: stdout2, stderr };
26271
26334
  } catch (e2) {
@@ -26280,7 +26343,7 @@ async function executeTool(action, deps) {
26280
26343
  const g3 = isAllowedPath(action.path, cwd);
26281
26344
  if (!g3.ok)
26282
26345
  return { ok: false, observation: `read reddedildi: ${g3.reason}` };
26283
- const abs = join9(cwd, action.path);
26346
+ const abs = resolveInCwd(action.path, cwd);
26284
26347
  if (!existsSync7(abs))
26285
26348
  return { ok: false, observation: `dosya yok: ${action.path}` };
26286
26349
  let content = readFileSync8(abs, "utf-8");
@@ -26298,7 +26361,7 @@ async function executeTool(action, deps) {
26298
26361
  const ga = isAdditiveEdit(action.find, action.replace);
26299
26362
  if (!ga.ok)
26300
26363
  return { ok: false, observation: `edit reddedildi: ${ga.reason}` };
26301
- const abs = join9(cwd, action.path);
26364
+ const abs = resolveInCwd(action.path, cwd);
26302
26365
  if (!existsSync7(abs))
26303
26366
  return { ok: false, observation: `dosya yok: ${action.path}` };
26304
26367
  const src2 = readFileSync8(abs, "utf-8");
@@ -26334,7 +26397,9 @@ function buildWireSystemPrompt() {
26334
26397
  "- `find` must be an EXACT, UNIQUE snippet copied from a file you have read (read before edit).",
26335
26398
  "- Use the exact provided event_key (snake_case). Wire gurulu.track(...) at the right place and",
26336
26399
  " gurulu.identify(...) at the auth point if given.",
26337
- "- bash only for verification (typecheck/build/lint) no install, no other commands.",
26400
+ "- bash is ONLY for verification: the project's own scripts (`npm run typecheck`, `bun run build`,",
26401
+ " `pnpm run lint`) or a checker binary (`tsc --noEmit`, `biome check`, `eslint .`). Installing or",
26402
+ " fetching packages (`npm install`, `npx`, `bunx`, `pnpm dlx`, `add`, `exec`) is REJECTED by the guard.",
26338
26403
  "- After wiring, run the project typecheck/build to verify; if it breaks, fix additively.",
26339
26404
  "- When all events are wired and verify passes, emit done{summary}. Keep edits minimal."
26340
26405
  ].join(`
@@ -26368,17 +26433,35 @@ async function runWireAgent(client, input, snapshots) {
26368
26433
  try {
26369
26434
  res = await client.agentStep({ messages, first: i2 === 0 });
26370
26435
  } catch {
26371
- return { edits, changedFiles: [...changed], summary: "gateway hata", steps: i2, stoppedReason: "error" };
26436
+ return {
26437
+ edits,
26438
+ changedFiles: [...changed],
26439
+ summary: "gateway hata",
26440
+ steps: i2,
26441
+ stoppedReason: "error"
26442
+ };
26372
26443
  }
26373
26444
  if (res.status === "stub") {
26374
- return { edits, changedFiles: [...changed], summary: "AI kullanılamadı", steps: i2, stoppedReason: "stub" };
26445
+ return {
26446
+ edits,
26447
+ changedFiles: [...changed],
26448
+ summary: "AI kullanılamadı",
26449
+ steps: i2,
26450
+ stoppedReason: "stub"
26451
+ };
26375
26452
  }
26376
26453
  const { action, reasoning } = res.step;
26377
26454
  if (action.tool === "done") {
26378
- return { edits, changedFiles: [...changed], summary: action.summary, steps: i2, stoppedReason: "done" };
26455
+ return {
26456
+ edits,
26457
+ changedFiles: [...changed],
26458
+ summary: action.summary,
26459
+ steps: i2,
26460
+ stoppedReason: "done"
26461
+ };
26379
26462
  }
26380
26463
  if (action.tool === "edit") {
26381
- const abs = join10(input.cwd, action.path);
26464
+ const abs = resolveInCwd(action.path, input.cwd);
26382
26465
  if (!snapshots.has(action.path) && existsSync8(abs)) {
26383
26466
  snapshots.set(action.path, readFileSync9(abs, "utf-8"));
26384
26467
  }
@@ -26391,11 +26474,17 @@ async function runWireAgent(client, input, snapshots) {
26391
26474
  messages.push({ role: "assistant", content: JSON.stringify(res.step) });
26392
26475
  messages.push({ role: "user", content: `[${reasoning}] → ${out.observation}` });
26393
26476
  }
26394
- return { edits, changedFiles: [...changed], summary: "adım limiti", steps: MAX_STEPS, stoppedReason: "cap" };
26477
+ return {
26478
+ edits,
26479
+ changedFiles: [...changed],
26480
+ summary: "adım limiti",
26481
+ steps: MAX_STEPS,
26482
+ stoppedReason: "cap"
26483
+ };
26395
26484
  }
26396
26485
  function restoreSnapshots(cwd, snapshots) {
26397
26486
  for (const [rel, content] of snapshots) {
26398
- writeFileSync7(join10(cwd, rel), content, "utf-8");
26487
+ writeFileSync7(resolveInCwd(rel, cwd), content, "utf-8");
26399
26488
  }
26400
26489
  }
26401
26490
  function unifiedDiff(oldStr, newStr, file, context = 2) {
@@ -26427,7 +26516,7 @@ function unifiedDiff(oldStr, newStr, file, context = 2) {
26427
26516
  function formatWireDiff(cwd, snapshots) {
26428
26517
  const blocks = [];
26429
26518
  for (const [rel, oldContent] of snapshots) {
26430
- const abs = join10(cwd, rel);
26519
+ const abs = resolveInCwd(rel, cwd);
26431
26520
  const cur = existsSync8(abs) ? readFileSync9(abs, "utf-8") : "";
26432
26521
  if (cur !== oldContent)
26433
26522
  blocks.push(unifiedDiff(oldContent, cur, rel));
@@ -26498,9 +26587,10 @@ async function runWizard(opts) {
26498
26587
  const project = { ...detected, framework };
26499
26588
  const plan = buildInstallPlan(project, { writeKey, workspaceId });
26500
26589
  const isNode = plan.sdk === "@gurulu/node";
26590
+ const authed = Boolean(auth.apiKey);
26501
26591
  let approvedEvents = [];
26502
26592
  let identifyHint = null;
26503
- if (!opts.noAi && detected.hasPackageJson) {
26593
+ if (!opts.noAi && authed && detected.hasPackageJson) {
26504
26594
  const ctx = gatherContext({ cwd: opts.cwd });
26505
26595
  const aiPlan = await fetchPlan(client, ctx, { framework });
26506
26596
  if (aiPlan) {
@@ -26540,10 +26630,15 @@ async function runWizard(opts) {
26540
26630
  const envFile = isNode ? ".env" : ".env.local";
26541
26631
  const vars = [];
26542
26632
  for (const k2 of plan.envKeys) {
26543
- if (k2.key.endsWith("_WORKSPACE"))
26633
+ if (k2.key.endsWith("_WORKSPACE")) {
26544
26634
  vars.push({ key: k2.key, value: writeKey });
26545
- else if (k2.key === "GURULU_SECRET_KEY")
26546
- vars.push({ key: k2.key, value: auth.apiKey });
26635
+ } else if (k2.key === "GURULU_SECRET_KEY") {
26636
+ if (auth.apiKey.startsWith("sk_")) {
26637
+ vars.push({ key: k2.key, value: auth.apiKey });
26638
+ } else {
26639
+ p3.log.warn("GURULU_SECRET_KEY atlandı (login token workspace sk_ anahtarı değil). Dashboard → Settings → API Keys'ten server key oluşturup .env'e elle ekle.");
26640
+ }
26641
+ }
26547
26642
  }
26548
26643
  const envRes = vars.length > 0 ? writeEnvFile({ cwd: opts.cwd, file: envFile, vars }) : null;
26549
26644
  writeProjectScaffold(opts.cwd, {
@@ -26729,11 +26824,19 @@ var wizardArgs = {
26729
26824
  framework: { type: "string", description: "Framework override (auto-detect yerine)" },
26730
26825
  install: { type: "boolean", description: "SDK install (--no-install ile atla)", default: true },
26731
26826
  pull: { type: "boolean", description: "İlk registry pull (--no-pull ile atla)", default: true },
26732
- ai: { type: "boolean", description: "AI Plan/wire fazı (--no-ai ile atla → floor)", default: true },
26827
+ ai: {
26828
+ type: "boolean",
26829
+ description: "AI Plan/wire fazı (--no-ai ile atla → floor)",
26830
+ default: true
26831
+ },
26733
26832
  yes: { type: "boolean", description: "Onayları otomatik geç" },
26734
26833
  ci: { type: "boolean", description: "Non-interaktif (api-key + workspace zorunlu)" }
26735
26834
  };
26736
26835
  async function runWizardFromArgs(args) {
26836
+ if (args.ci && (!args["api-key"] || !args.workspace)) {
26837
+ console.error("[gurulu] --ci için --api-key <sk_...> ve --workspace <uuid> zorunlu (non-interaktif kurulum).");
26838
+ process.exit(1);
26839
+ }
26737
26840
  const opts = {
26738
26841
  cwd: process.cwd(),
26739
26842
  noInstall: args.install === false,
@@ -26767,7 +26870,7 @@ var initCmd = defineCommand({
26767
26870
  // src/lib/editor-mcp.ts
26768
26871
  import { existsSync as existsSync10, mkdirSync as mkdirSync3, readFileSync as readFileSync10, writeFileSync as writeFileSync9 } from "node:fs";
26769
26872
  import { homedir as homedir2 } from "node:os";
26770
- import { dirname as dirname4, join as join11 } from "node:path";
26873
+ import { dirname as dirname4, join as join9 } from "node:path";
26771
26874
  var SERVER_NAME = "gurulu";
26772
26875
  function buildMcpServerConfig(creds) {
26773
26876
  return {
@@ -26781,14 +26884,14 @@ function buildMcpServerConfig(creds) {
26781
26884
  };
26782
26885
  }
26783
26886
  var EDITORS = {
26784
- cursor: { path: () => join11(homedir2(), ".cursor", "mcp.json"), key: "mcpServers", label: "Cursor" },
26785
- claude: { path: () => join11(homedir2(), ".claude.json"), key: "mcpServers", label: "Claude Code" },
26887
+ cursor: { path: () => join9(homedir2(), ".cursor", "mcp.json"), key: "mcpServers", label: "Cursor" },
26888
+ claude: { path: () => join9(homedir2(), ".claude.json"), key: "mcpServers", label: "Claude Code" },
26786
26889
  windsurf: {
26787
- path: () => join11(homedir2(), ".codeium", "windsurf", "mcp_config.json"),
26890
+ path: () => join9(homedir2(), ".codeium", "windsurf", "mcp_config.json"),
26788
26891
  key: "mcpServers",
26789
26892
  label: "Windsurf"
26790
26893
  },
26791
- vscode: { path: (cwd) => join11(cwd, ".vscode", "mcp.json"), key: "servers", label: "VS Code" }
26894
+ vscode: { path: (cwd) => join9(cwd, ".vscode", "mcp.json"), key: "servers", label: "VS Code" }
26792
26895
  };
26793
26896
  function mergeMcpConfig(existing, serverConfig, key) {
26794
26897
  const servers = existing[key] ?? {};
@@ -26984,7 +27087,7 @@ var pushCmd = defineCommand({
26984
27087
  // src/commands/uninstall.ts
26985
27088
  import { execFile as execFile2 } from "node:child_process";
26986
27089
  import { existsSync as existsSync11, readFileSync as readFileSync11, rmSync, writeFileSync as writeFileSync10 } from "node:fs";
26987
- import { join as join12 } from "node:path";
27090
+ import { join as join10 } from "node:path";
26988
27091
  import { promisify as promisify2 } from "node:util";
26989
27092
  import * as p4 from "@clack/prompts";
26990
27093
  var pexec2 = promisify2(execFile2);
@@ -27040,7 +27143,7 @@ var uninstallCmd = defineCommand({
27040
27143
  }
27041
27144
  const cleaned = [];
27042
27145
  for (const f3 of ENV_FILES) {
27043
- const abs = join12(cwd, f3);
27146
+ const abs = join10(cwd, f3);
27044
27147
  if (!existsSync11(abs))
27045
27148
  continue;
27046
27149
  const { content, removed } = removeEnvKeys(readFileSync11(abs, "utf-8"), GURULU_PREFIXES);
@@ -27049,7 +27152,7 @@ var uninstallCmd = defineCommand({
27049
27152
  cleaned.push(`${f3} (-${removed.length})`);
27050
27153
  }
27051
27154
  }
27052
- const guruluDir = join12(cwd, ".gurulu");
27155
+ const guruluDir = join10(cwd, ".gurulu");
27053
27156
  if (existsSync11(guruluDir))
27054
27157
  rmSync(guruluDir, { recursive: true, force: true });
27055
27158
  p4.outro(`Kaldırıldı. env: ${cleaned.join(", ") || "değişiklik yok"} · .gurulu silindi. (Koddaki init/track çağrılarını elle çıkar.)`);
@@ -27057,7 +27160,7 @@ var uninstallCmd = defineCommand({
27057
27160
  });
27058
27161
 
27059
27162
  // src/index.ts
27060
- var VERSION = "1.2.1";
27163
+ var VERSION = "1.2.2";
27061
27164
  var mainCmd = defineCommand({
27062
27165
  meta: {
27063
27166
  name: "gurulu",
@@ -1 +1 @@
1
- {"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWJ,CAAC;AAIpB,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBpF;AAED,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EASlB,CAAC"}
1
+ {"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAeJ,CAAC;AAIpB,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CA4BpF;AAED,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EASlB,CAAC"}
package/dist/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export declare const VERSION = "1.2.1";
1
+ export declare const VERSION = "1.2.2";
2
2
  declare const mainCmd: import("citty").CommandDef<{
3
3
  workspace: {
4
4
  type: "string";
package/dist/index.js CHANGED
@@ -24106,7 +24106,7 @@ class ApiClient {
24106
24106
  }
24107
24107
 
24108
24108
  // src/lib/config.ts
24109
- import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
24109
+ import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
24110
24110
  import { homedir } from "node:os";
24111
24111
  import { dirname, join } from "node:path";
24112
24112
  var DEFAULT_ENDPOINT = process.env.GURULU_ENDPOINT ?? "https://api.gurulu.io";
@@ -24163,10 +24163,9 @@ function writeGlobalCredentials(creds) {
24163
24163
  const path = globalCredentialsPath();
24164
24164
  ensureDir(path);
24165
24165
  writeFileSync(path, `${JSON.stringify(creds, null, 2)}
24166
- `, "utf-8");
24166
+ `, { encoding: "utf-8", mode: 384 });
24167
24167
  try {
24168
- const fs = __require("node:fs");
24169
- fs.chmodSync(path, 384);
24168
+ chmodSync(path, 384);
24170
24169
  } catch {}
24171
24170
  }
24172
24171
  function findCredentialForWorkspace(workspaceId) {
@@ -25769,16 +25768,17 @@ async function renderPlan(plan) {
25769
25768
 
25770
25769
  // src/wizard/wire.ts
25771
25770
  import { existsSync as existsSync8, readFileSync as readFileSync9, writeFileSync as writeFileSync7 } from "node:fs";
25772
- import { join as join10 } from "node:path";
25773
25771
 
25774
25772
  // src/wizard/agent.ts
25775
25773
  import { execFile } from "node:child_process";
25776
25774
  import { existsSync as existsSync7, readFileSync as readFileSync8, writeFileSync as writeFileSync6 } from "node:fs";
25777
- import { join as join9 } from "node:path";
25778
25775
  import { promisify } from "node:util";
25779
25776
 
25780
25777
  // src/wizard/guard.ts
25781
25778
  import { basename, isAbsolute, relative as relative2, resolve } from "node:path";
25779
+ function resolveInCwd(p3, cwd) {
25780
+ return isAbsolute(p3) ? p3 : resolve(cwd, p3);
25781
+ }
25782
25782
  function isAdditiveEdit(find, replace) {
25783
25783
  if (find.length === 0)
25784
25784
  return { ok: false, reason: "empty find" };
@@ -25789,22 +25789,45 @@ function isAdditiveEdit(find, replace) {
25789
25789
  return { ok: false, reason: "no-op edit (replace === find)" };
25790
25790
  return { ok: true };
25791
25791
  }
25792
- var BASH_ALLOW_BINS = new Set([
25793
- "bun",
25794
- "bunx",
25795
- "npm",
25796
- "npx",
25797
- "pnpm",
25798
- "yarn",
25792
+ var CHECKER_BINS = new Set([
25799
25793
  "tsc",
25800
25794
  "tsgo",
25795
+ "vue-tsc",
25796
+ "svelte-check",
25801
25797
  "biome",
25802
25798
  "eslint",
25803
25799
  "prettier",
25804
- "vue-tsc",
25805
- "svelte-check",
25806
25800
  "astro"
25807
25801
  ]);
25802
+ var RUNNER_BINS = new Set(["bun", "npm", "pnpm", "yarn"]);
25803
+ var DENY_SUBCMDS = new Set([
25804
+ "install",
25805
+ "i",
25806
+ "add",
25807
+ "remove",
25808
+ "rm",
25809
+ "uninstall",
25810
+ "un",
25811
+ "ci",
25812
+ "dlx",
25813
+ "x",
25814
+ "exec",
25815
+ "create",
25816
+ "init",
25817
+ "up",
25818
+ "update",
25819
+ "upgrade",
25820
+ "link",
25821
+ "unlink",
25822
+ "global",
25823
+ "dedupe",
25824
+ "audit",
25825
+ "publish",
25826
+ "pack",
25827
+ "import",
25828
+ "config"
25829
+ ]);
25830
+ var SCRIPT_NAME = /^[a-z0-9][a-z0-9:._-]*$/i;
25808
25831
  var BASH_DENY = /[;&|`$<>]|\.\.\/|\b(rm|curl|wget|sudo|chmod|chown|mv|dd|kill|eval|sh|bash|node|python)\b/;
25809
25832
  function isAllowedBash(cmd) {
25810
25833
  const t2 = cmd.trim();
@@ -25812,10 +25835,24 @@ function isAllowedBash(cmd) {
25812
25835
  return { ok: false, reason: "empty cmd" };
25813
25836
  if (BASH_DENY.test(t2))
25814
25837
  return { ok: false, reason: "yasak operatör/binary" };
25815
- const bin = t2.split(/\s+/)[0] ?? "";
25816
- if (!BASH_ALLOW_BINS.has(bin))
25817
- return { ok: false, reason: `allowlist dışı binary: ${bin}` };
25818
- return { ok: true };
25838
+ const tokens = t2.split(/\s+/);
25839
+ const bin = tokens[0] ?? "";
25840
+ if (CHECKER_BINS.has(bin))
25841
+ return { ok: true };
25842
+ if (RUNNER_BINS.has(bin)) {
25843
+ const sub = tokens[1] ?? "";
25844
+ if (sub === "run") {
25845
+ const script = tokens[2] ?? "";
25846
+ if (!SCRIPT_NAME.test(script))
25847
+ return { ok: false, reason: `geçersiz script adı: ${script}` };
25848
+ return { ok: true };
25849
+ }
25850
+ if (bin === "yarn" && sub && !DENY_SUBCMDS.has(sub) && SCRIPT_NAME.test(sub)) {
25851
+ return { ok: true };
25852
+ }
25853
+ return { ok: false, reason: `yasak alt-komut (sadece 'run' izinli): ${bin} ${sub}` };
25854
+ }
25855
+ return { ok: false, reason: `allowlist dışı binary: ${bin}` };
25819
25856
  }
25820
25857
  function isAllowedPath(p3, cwd) {
25821
25858
  const abs = isAbsolute(p3) ? p3 : resolve(cwd, p3);
@@ -25835,6 +25872,31 @@ function hasPromptInjection(content) {
25835
25872
  // src/wizard/agent.ts
25836
25873
  var MAX_OBS = 4000;
25837
25874
  var pexec = promisify(execFile);
25875
+ function safeEnv() {
25876
+ const keep = [
25877
+ "PATH",
25878
+ "HOME",
25879
+ "USERPROFILE",
25880
+ "TMPDIR",
25881
+ "TEMP",
25882
+ "TMP",
25883
+ "LANG",
25884
+ "LC_ALL",
25885
+ "TERM",
25886
+ "SHELL",
25887
+ "NODE_ENV",
25888
+ "PATHEXT",
25889
+ "SystemRoot",
25890
+ "ComSpec"
25891
+ ];
25892
+ const env2 = {};
25893
+ for (const k2 of keep) {
25894
+ const v2 = process.env[k2];
25895
+ if (v2 !== undefined)
25896
+ env2[k2] = v2;
25897
+ }
25898
+ return env2;
25899
+ }
25838
25900
  async function defaultRunBash(cmd, cwd) {
25839
25901
  const parts = cmd.trim().split(/\s+/);
25840
25902
  const bin = parts[0] ?? "";
@@ -25842,7 +25904,8 @@ async function defaultRunBash(cmd, cwd) {
25842
25904
  const { stdout: stdout2, stderr } = await pexec(bin, parts.slice(1), {
25843
25905
  cwd,
25844
25906
  timeout: 120000,
25845
- maxBuffer: 4 * 1024 * 1024
25907
+ maxBuffer: 4 * 1024 * 1024,
25908
+ env: safeEnv()
25846
25909
  });
25847
25910
  return { stdout: stdout2, stderr };
25848
25911
  } catch (e2) {
@@ -25857,7 +25920,7 @@ async function executeTool(action, deps) {
25857
25920
  const g3 = isAllowedPath(action.path, cwd);
25858
25921
  if (!g3.ok)
25859
25922
  return { ok: false, observation: `read reddedildi: ${g3.reason}` };
25860
- const abs = join9(cwd, action.path);
25923
+ const abs = resolveInCwd(action.path, cwd);
25861
25924
  if (!existsSync7(abs))
25862
25925
  return { ok: false, observation: `dosya yok: ${action.path}` };
25863
25926
  let content = readFileSync8(abs, "utf-8");
@@ -25875,7 +25938,7 @@ async function executeTool(action, deps) {
25875
25938
  const ga = isAdditiveEdit(action.find, action.replace);
25876
25939
  if (!ga.ok)
25877
25940
  return { ok: false, observation: `edit reddedildi: ${ga.reason}` };
25878
- const abs = join9(cwd, action.path);
25941
+ const abs = resolveInCwd(action.path, cwd);
25879
25942
  if (!existsSync7(abs))
25880
25943
  return { ok: false, observation: `dosya yok: ${action.path}` };
25881
25944
  const src2 = readFileSync8(abs, "utf-8");
@@ -25911,7 +25974,9 @@ function buildWireSystemPrompt() {
25911
25974
  "- `find` must be an EXACT, UNIQUE snippet copied from a file you have read (read before edit).",
25912
25975
  "- Use the exact provided event_key (snake_case). Wire gurulu.track(...) at the right place and",
25913
25976
  " gurulu.identify(...) at the auth point if given.",
25914
- "- bash only for verification (typecheck/build/lint) no install, no other commands.",
25977
+ "- bash is ONLY for verification: the project's own scripts (`npm run typecheck`, `bun run build`,",
25978
+ " `pnpm run lint`) or a checker binary (`tsc --noEmit`, `biome check`, `eslint .`). Installing or",
25979
+ " fetching packages (`npm install`, `npx`, `bunx`, `pnpm dlx`, `add`, `exec`) is REJECTED by the guard.",
25915
25980
  "- After wiring, run the project typecheck/build to verify; if it breaks, fix additively.",
25916
25981
  "- When all events are wired and verify passes, emit done{summary}. Keep edits minimal."
25917
25982
  ].join(`
@@ -25945,17 +26010,35 @@ async function runWireAgent(client, input, snapshots) {
25945
26010
  try {
25946
26011
  res = await client.agentStep({ messages, first: i2 === 0 });
25947
26012
  } catch {
25948
- return { edits, changedFiles: [...changed], summary: "gateway hata", steps: i2, stoppedReason: "error" };
26013
+ return {
26014
+ edits,
26015
+ changedFiles: [...changed],
26016
+ summary: "gateway hata",
26017
+ steps: i2,
26018
+ stoppedReason: "error"
26019
+ };
25949
26020
  }
25950
26021
  if (res.status === "stub") {
25951
- return { edits, changedFiles: [...changed], summary: "AI kullanılamadı", steps: i2, stoppedReason: "stub" };
26022
+ return {
26023
+ edits,
26024
+ changedFiles: [...changed],
26025
+ summary: "AI kullanılamadı",
26026
+ steps: i2,
26027
+ stoppedReason: "stub"
26028
+ };
25952
26029
  }
25953
26030
  const { action, reasoning } = res.step;
25954
26031
  if (action.tool === "done") {
25955
- return { edits, changedFiles: [...changed], summary: action.summary, steps: i2, stoppedReason: "done" };
26032
+ return {
26033
+ edits,
26034
+ changedFiles: [...changed],
26035
+ summary: action.summary,
26036
+ steps: i2,
26037
+ stoppedReason: "done"
26038
+ };
25956
26039
  }
25957
26040
  if (action.tool === "edit") {
25958
- const abs = join10(input.cwd, action.path);
26041
+ const abs = resolveInCwd(action.path, input.cwd);
25959
26042
  if (!snapshots.has(action.path) && existsSync8(abs)) {
25960
26043
  snapshots.set(action.path, readFileSync9(abs, "utf-8"));
25961
26044
  }
@@ -25968,11 +26051,17 @@ async function runWireAgent(client, input, snapshots) {
25968
26051
  messages.push({ role: "assistant", content: JSON.stringify(res.step) });
25969
26052
  messages.push({ role: "user", content: `[${reasoning}] → ${out.observation}` });
25970
26053
  }
25971
- return { edits, changedFiles: [...changed], summary: "adım limiti", steps: MAX_STEPS, stoppedReason: "cap" };
26054
+ return {
26055
+ edits,
26056
+ changedFiles: [...changed],
26057
+ summary: "adım limiti",
26058
+ steps: MAX_STEPS,
26059
+ stoppedReason: "cap"
26060
+ };
25972
26061
  }
25973
26062
  function restoreSnapshots(cwd, snapshots) {
25974
26063
  for (const [rel, content] of snapshots) {
25975
- writeFileSync7(join10(cwd, rel), content, "utf-8");
26064
+ writeFileSync7(resolveInCwd(rel, cwd), content, "utf-8");
25976
26065
  }
25977
26066
  }
25978
26067
  function unifiedDiff(oldStr, newStr, file, context = 2) {
@@ -26004,7 +26093,7 @@ function unifiedDiff(oldStr, newStr, file, context = 2) {
26004
26093
  function formatWireDiff(cwd, snapshots) {
26005
26094
  const blocks = [];
26006
26095
  for (const [rel, oldContent] of snapshots) {
26007
- const abs = join10(cwd, rel);
26096
+ const abs = resolveInCwd(rel, cwd);
26008
26097
  const cur = existsSync8(abs) ? readFileSync9(abs, "utf-8") : "";
26009
26098
  if (cur !== oldContent)
26010
26099
  blocks.push(unifiedDiff(oldContent, cur, rel));
@@ -26075,9 +26164,10 @@ async function runWizard(opts) {
26075
26164
  const project = { ...detected, framework };
26076
26165
  const plan = buildInstallPlan(project, { writeKey, workspaceId });
26077
26166
  const isNode = plan.sdk === "@gurulu/node";
26167
+ const authed = Boolean(auth.apiKey);
26078
26168
  let approvedEvents = [];
26079
26169
  let identifyHint = null;
26080
- if (!opts.noAi && detected.hasPackageJson) {
26170
+ if (!opts.noAi && authed && detected.hasPackageJson) {
26081
26171
  const ctx = gatherContext({ cwd: opts.cwd });
26082
26172
  const aiPlan = await fetchPlan(client, ctx, { framework });
26083
26173
  if (aiPlan) {
@@ -26117,10 +26207,15 @@ async function runWizard(opts) {
26117
26207
  const envFile = isNode ? ".env" : ".env.local";
26118
26208
  const vars = [];
26119
26209
  for (const k2 of plan.envKeys) {
26120
- if (k2.key.endsWith("_WORKSPACE"))
26210
+ if (k2.key.endsWith("_WORKSPACE")) {
26121
26211
  vars.push({ key: k2.key, value: writeKey });
26122
- else if (k2.key === "GURULU_SECRET_KEY")
26123
- vars.push({ key: k2.key, value: auth.apiKey });
26212
+ } else if (k2.key === "GURULU_SECRET_KEY") {
26213
+ if (auth.apiKey.startsWith("sk_")) {
26214
+ vars.push({ key: k2.key, value: auth.apiKey });
26215
+ } else {
26216
+ p3.log.warn("GURULU_SECRET_KEY atlandı (login token workspace sk_ anahtarı değil). Dashboard → Settings → API Keys'ten server key oluşturup .env'e elle ekle.");
26217
+ }
26218
+ }
26124
26219
  }
26125
26220
  const envRes = vars.length > 0 ? writeEnvFile({ cwd: opts.cwd, file: envFile, vars }) : null;
26126
26221
  writeProjectScaffold(opts.cwd, {
@@ -26306,11 +26401,19 @@ var wizardArgs = {
26306
26401
  framework: { type: "string", description: "Framework override (auto-detect yerine)" },
26307
26402
  install: { type: "boolean", description: "SDK install (--no-install ile atla)", default: true },
26308
26403
  pull: { type: "boolean", description: "İlk registry pull (--no-pull ile atla)", default: true },
26309
- ai: { type: "boolean", description: "AI Plan/wire fazı (--no-ai ile atla → floor)", default: true },
26404
+ ai: {
26405
+ type: "boolean",
26406
+ description: "AI Plan/wire fazı (--no-ai ile atla → floor)",
26407
+ default: true
26408
+ },
26310
26409
  yes: { type: "boolean", description: "Onayları otomatik geç" },
26311
26410
  ci: { type: "boolean", description: "Non-interaktif (api-key + workspace zorunlu)" }
26312
26411
  };
26313
26412
  async function runWizardFromArgs(args) {
26413
+ if (args.ci && (!args["api-key"] || !args.workspace)) {
26414
+ console.error("[gurulu] --ci için --api-key <sk_...> ve --workspace <uuid> zorunlu (non-interaktif kurulum).");
26415
+ process.exit(1);
26416
+ }
26314
26417
  const opts = {
26315
26418
  cwd: process.cwd(),
26316
26419
  noInstall: args.install === false,
@@ -26344,7 +26447,7 @@ var initCmd = defineCommand({
26344
26447
  // src/lib/editor-mcp.ts
26345
26448
  import { existsSync as existsSync10, mkdirSync as mkdirSync3, readFileSync as readFileSync10, writeFileSync as writeFileSync9 } from "node:fs";
26346
26449
  import { homedir as homedir2 } from "node:os";
26347
- import { dirname as dirname4, join as join11 } from "node:path";
26450
+ import { dirname as dirname4, join as join9 } from "node:path";
26348
26451
  var SERVER_NAME = "gurulu";
26349
26452
  function buildMcpServerConfig(creds) {
26350
26453
  return {
@@ -26358,14 +26461,14 @@ function buildMcpServerConfig(creds) {
26358
26461
  };
26359
26462
  }
26360
26463
  var EDITORS = {
26361
- cursor: { path: () => join11(homedir2(), ".cursor", "mcp.json"), key: "mcpServers", label: "Cursor" },
26362
- claude: { path: () => join11(homedir2(), ".claude.json"), key: "mcpServers", label: "Claude Code" },
26464
+ cursor: { path: () => join9(homedir2(), ".cursor", "mcp.json"), key: "mcpServers", label: "Cursor" },
26465
+ claude: { path: () => join9(homedir2(), ".claude.json"), key: "mcpServers", label: "Claude Code" },
26363
26466
  windsurf: {
26364
- path: () => join11(homedir2(), ".codeium", "windsurf", "mcp_config.json"),
26467
+ path: () => join9(homedir2(), ".codeium", "windsurf", "mcp_config.json"),
26365
26468
  key: "mcpServers",
26366
26469
  label: "Windsurf"
26367
26470
  },
26368
- vscode: { path: (cwd) => join11(cwd, ".vscode", "mcp.json"), key: "servers", label: "VS Code" }
26471
+ vscode: { path: (cwd) => join9(cwd, ".vscode", "mcp.json"), key: "servers", label: "VS Code" }
26369
26472
  };
26370
26473
  function mergeMcpConfig(existing, serverConfig, key) {
26371
26474
  const servers = existing[key] ?? {};
@@ -26561,7 +26664,7 @@ var pushCmd = defineCommand({
26561
26664
  // src/commands/uninstall.ts
26562
26665
  import { execFile as execFile2 } from "node:child_process";
26563
26666
  import { existsSync as existsSync11, readFileSync as readFileSync11, rmSync, writeFileSync as writeFileSync10 } from "node:fs";
26564
- import { join as join12 } from "node:path";
26667
+ import { join as join10 } from "node:path";
26565
26668
  import { promisify as promisify2 } from "node:util";
26566
26669
  import * as p4 from "@clack/prompts";
26567
26670
  var pexec2 = promisify2(execFile2);
@@ -26617,7 +26720,7 @@ var uninstallCmd = defineCommand({
26617
26720
  }
26618
26721
  const cleaned = [];
26619
26722
  for (const f3 of ENV_FILES) {
26620
- const abs = join12(cwd, f3);
26723
+ const abs = join10(cwd, f3);
26621
26724
  if (!existsSync11(abs))
26622
26725
  continue;
26623
26726
  const { content, removed } = removeEnvKeys(readFileSync11(abs, "utf-8"), GURULU_PREFIXES);
@@ -26626,7 +26729,7 @@ var uninstallCmd = defineCommand({
26626
26729
  cleaned.push(`${f3} (-${removed.length})`);
26627
26730
  }
26628
26731
  }
26629
- const guruluDir = join12(cwd, ".gurulu");
26732
+ const guruluDir = join10(cwd, ".gurulu");
26630
26733
  if (existsSync11(guruluDir))
26631
26734
  rmSync(guruluDir, { recursive: true, force: true });
26632
26735
  p4.outro(`Kaldırıldı. env: ${cleaned.join(", ") || "değişiklik yok"} · .gurulu silindi. (Koddaki init/track çağrılarını elle çıkar.)`);
@@ -26634,7 +26737,7 @@ var uninstallCmd = defineCommand({
26634
26737
  });
26635
26738
 
26636
26739
  // src/index.ts
26637
- var VERSION = "1.2.1";
26740
+ var VERSION = "1.2.2";
26638
26741
  var mainCmd = defineCommand({
26639
26742
  meta: {
26640
26743
  name: "gurulu",
@@ -1 +1 @@
1
- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IACzC,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,qBAAqB,EAAE,CAAC;IACpC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,eAAO,MAAM,gBAAgB,QAAyD,CAAC;AAEvF,wBAAgB,WAAW,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAE/D;AAED,wBAAgB,iBAAiB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAErE;AAED,wBAAgB,mBAAmB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAEvE;AAED,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAExE;AAED,wBAAgB,uBAAuB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAE3E;AAED,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAG5C;AAED,wBAAgB,iBAAiB,CAAC,GAAG,GAAE,MAAsB,GAAG,aAAa,GAAG,IAAI,CAQnF;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,aAAa,EAAE,GAAG,GAAE,MAAsB,GAAG,IAAI,CAIxF;AAED,wBAAgB,qBAAqB,IAAI,iBAAiB,CAQzD;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI,CAYrE;AAED,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,MAAM,GAAG,qBAAqB,GAAG,IAAI,CAG5F;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,qBAAqB,GAAG,IAAI,CAUnE;AAED,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAO7D;AAED,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAmBnE"}
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IACzC,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,qBAAqB,EAAE,CAAC;IACpC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,eAAO,MAAM,gBAAgB,QAAyD,CAAC;AAEvF,wBAAgB,WAAW,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAE/D;AAED,wBAAgB,iBAAiB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAErE;AAED,wBAAgB,mBAAmB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAEvE;AAED,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAExE;AAED,wBAAgB,uBAAuB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAE3E;AAED,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAG5C;AAED,wBAAgB,iBAAiB,CAAC,GAAG,GAAE,MAAsB,GAAG,aAAa,GAAG,IAAI,CAQnF;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,aAAa,EAAE,GAAG,GAAE,MAAsB,GAAG,IAAI,CAIxF;AAED,wBAAgB,qBAAqB,IAAI,iBAAiB,CAQzD;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI,CAWrE;AAED,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,MAAM,GAAG,qBAAqB,GAAG,IAAI,CAG5F;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,qBAAqB,GAAG,IAAI,CAUnE;AAED,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAO7D;AAED,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAmBnE"}
@@ -1 +1 @@
1
- {"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/wizard/agent.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAM/D,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,uEAAuE;IACvE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrF;AAmBD,kEAAkE;AAClE,wBAAsB,WAAW,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,CAwC1F;AAED,sDAAsD;AACtD,wBAAgB,qBAAqB,IAAI,MAAM,CAc9C;AAED,4DAA4D;AAC5D,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,YAAY,EAAE,EACtB,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,KAAK,EAAE,MAAM,EAAE,GACd,MAAM,CAYR"}
1
+ {"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/wizard/agent.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAuC/D,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,uEAAuE;IACvE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrF;AAuBD,kEAAkE;AAClE,wBAAsB,WAAW,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,CA0C1F;AAED,sDAAsD;AACtD,wBAAgB,qBAAqB,IAAI,MAAM,CAgB9C;AAED,4DAA4D;AAC5D,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,YAAY,EAAE,EACtB,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,KAAK,EAAE,MAAM,EAAE,GACd,MAAM,CAeR"}
@@ -2,12 +2,17 @@ export interface GuardResult {
2
2
  ok: boolean;
3
3
  reason?: string;
4
4
  }
5
+ /** Yolu cwd'ye göre mutlaklaştır — guard ve executor AYNI çözümü kullanmalı. */
6
+ export declare function resolveInCwd(p: string, cwd: string): string;
5
7
  /**
6
8
  * Additive-only invariant: `replace`, `find`'ı VERBATIM içermeli (D-W3b).
7
9
  * Böylece edit sadece ekler — mevcut kod silinemez/yeniden yazılamaz.
8
10
  */
9
11
  export declare function isAdditiveEdit(find: string, replace: string): GuardResult;
10
- /** Bash komutu allowlist'te mi + tehlikeli operatör yok mu. */
12
+ /**
13
+ * Bash komutu güvenli mi: operatör yok + (saf checker VEYA `<pm> run <script>`).
14
+ * Uzak paket indirme/yürütme (npx/bunx/dlx/install/add/exec) reddedilir.
15
+ */
11
16
  export declare function isAllowedBash(cmd: string): GuardResult;
12
17
  /** Yol cwd altında mı + `.env*` değil mi. */
13
18
  export declare function isAllowedPath(p: string, cwd: string): GuardResult;
@@ -1 +1 @@
1
- {"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/wizard/guard.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,WAAW,CAOzE;AAuBD,+DAA+D;AAC/D,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAOtD;AAED,6CAA6C;AAC7C,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,WAAW,CAQjE;AAMD,wEAAwE;AACxE,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE3D"}
1
+ {"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/wizard/guard.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,gFAAgF;AAChF,wBAAgB,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,WAAW,CAOzE;AAwDD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CA0BtD;AAED,6CAA6C;AAC7C,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,WAAW,CAQjE;AAMD,wEAAwE;AACxE,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE3D"}
@@ -1 +1 @@
1
- {"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/wizard/run.ts"],"names":[],"mappings":"AAgCA,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0DAA0D;IAC1D,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,4CAA4C;IAC5C,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAsBD,wBAAsB,SAAS,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CA2MlE"}
1
+ {"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/wizard/run.ts"],"names":[],"mappings":"AAgCA,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0DAA0D;IAC1D,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,4CAA4C;IAC5C,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAsBD,wBAAsB,SAAS,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAwNlE"}
@@ -1 +1 @@
1
- {"version":3,"file":"wire.d.ts","sourceRoot":"","sources":["../../src/wizard/wire.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAoB,SAAS,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAG/E,eAAO,MAAM,SAAS,KAAK,CAAC;AAE5B,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;CAClD;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,YAAY,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,SAAS,EACjB,KAAK,EAAE,SAAS,EAChB,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAC7B,OAAO,CAAC,WAAW,CAAC,CAyCtB;AAED,iEAAiE;AACjE,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAIlF;AAED,4EAA4E;AAC5E,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,SAAI,GAAG,MAAM,CAiB7F;AAED,mEAAmE;AACnE,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAQlF"}
1
+ {"version":3,"file":"wire.d.ts","sourceRoot":"","sources":["../../src/wizard/wire.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAoB,SAAS,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAI/E,eAAO,MAAM,SAAS,KAAK,CAAC;AAE5B,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;CAClD;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,YAAY,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,SAAS,EACjB,KAAK,EAAE,SAAS,EAChB,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAC7B,OAAO,CAAC,WAAW,CAAC,CAiEtB;AAED,iEAAiE;AACjE,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAIlF;AAED,4EAA4E;AAC5E,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,SAAI,GAAG,MAAM,CAiB7F;AAED,mEAAmE;AACnE,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAQlF"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gurulu/cli",
3
- "version": "1.2.1",
3
+ "version": "1.2.2",
4
4
  "private": false,
5
5
  "license": "BUSL-1.1",
6
6
  "publishConfig": {