@heysalad/cheri-cli 0.9.0 → 1.0.0

package/src/lib/approval.js

@@ -0,0 +1,120 @@
+// Enhanced approval modes
+// Modes: auto, suggest, ask, deny
+// + command safety integration + network awareness
+import readline from "readline";
+import chalk from "chalk";
+import { classifyCommand, getSafetyLabel } from "./command-safety.js";
+import { getConfigValue } from "./config-store.js";
+
+// Approval modes
+export const ApprovalMode = {
+  AUTO: "auto",           // Auto-approve everything (trust model)
+  SUGGEST: "suggest",     // Auto-approve safe, suggest for moderate, ask for dangerous
+  ASK: "ask",             // Ask for everything except read-only tools (default)
+  DENY: "deny",           // Deny all tool execution
+};
+
+// Read-only tools that never need approval
+const READ_ONLY_TOOLS = new Set([
+  "read_file", "list_directory", "search_files", "search_content",
+  "get_account_info", "list_workspaces", "get_memory", "get_usage",
+  "get_config", "get_workspace_status",
+]);
+
+// Tools that always need approval regardless of mode
+const ALWAYS_ASK_TOOLS = new Set([
+  "clear_memory", "stop_workspace",
+]);
+
+/**
+ * Get the current approval mode from config
+ */
+export function getApprovalMode() {
+  return getConfigValue("approval.mode") || ApprovalMode.ASK;
+}
+
+/**
+ * Determine if a tool call needs user approval
+ * @returns "allow" | "ask" | "deny" | "suggest"
+ */
+export function shouldApprove(toolName, input = {}) {
+  const mode = getApprovalMode();
+
+  // Deny mode blocks everything
+  if (mode === ApprovalMode.DENY) return "deny";
+
+  // Always-ask tools
+  if (ALWAYS_ASK_TOOLS.has(toolName)) return "ask";
+
+  // Read-only tools are always allowed
+  if (READ_ONLY_TOOLS.has(toolName)) return "allow";
+
+  // Auto mode approves everything
+  if (mode === ApprovalMode.AUTO) return "allow";
+
+  // For run_command, check command safety
+  if (toolName === "run_command" && input.command) {
+    const safety = classifyCommand(input.command);
+
+    if (mode === ApprovalMode.SUGGEST) {
+      if (safety === "safe") return "allow";
+      if (safety === "moderate") return "suggest";
+      return "ask";
+    }
+
+    // ASK mode
+    if (safety === "safe") return "allow";
+    return "ask";
+  }
+
+  // Write operations
+  if (toolName === "write_file" || toolName === "edit_file") {
+    if (mode === ApprovalMode.AUTO) return "allow";
+    if (mode === ApprovalMode.SUGGEST) return "suggest";
+    return "ask";
+  }
+
+  // Default for ASK mode
+  return mode === ApprovalMode.SUGGEST ? "suggest" : "ask";
+}
+
+/**
+ * Prompt user for approval with safety context
+ */
+export async function promptApproval(toolName, input = {}, decision = "ask") {
+  const desc = toolName === "run_command"
+    ? input.command
+    : JSON.stringify(input);
+
+  const truncated = desc.length > 80 ? desc.slice(0, 80) + "..." : desc;
+
+  // For "suggest" mode, show the action and auto-approve after a brief display
+  if (decision === "suggest") {
+    const safety = toolName === "run_command" ? getSafetyLabel(input.command) : null;
+    const safetyStr = safety ? chalk[safety.color](`[${safety.label}]`) + " " : "";
+    console.log(chalk.yellow(`  → ${safetyStr}${chalk.cyan(toolName)}: ${chalk.dim(truncated)}`));
+    // Auto-approve suggest items (user can Ctrl+C to abort)
+    return true;
+  }
+
+  // Full approval prompt
+  const safety = toolName === "run_command" ? getSafetyLabel(input.command) : null;
+  const safetyStr = safety ? ` ${chalk[safety.color](`[${safety.label}]`)}` : "";
+
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(
+      chalk.yellow(`  Allow ${chalk.cyan(toolName)}${safetyStr}: ${chalk.dim(truncated)}? [Y/n/a] `),
+      (answer) => {
+        rl.close();
+        const a = answer.trim().toLowerCase();
+        if (a === "a") {
+          // "a" = always allow this session (switch to auto mode temporarily)
+          resolve("auto");
+        } else {
+          resolve(a !== "n");
+        }
+      }
+    );
+  });
+}

package/src/lib/command-safety.js

@@ -0,0 +1,170 @@
+// Command safety database
+// Categorizes shell commands as safe, moderate, or dangerous
+
+// Safe commands: read-only, no side effects
+const SAFE_COMMANDS = new Set([
+  "ls", "cat", "head", "tail", "less", "more", "wc", "file", "stat",
+  "find", "locate", "which", "whereis", "type", "whatis",
+  "grep", "rg", "ag", "ack", "fgrep", "egrep",
+  "pwd", "echo", "printf", "date", "cal", "uptime", "whoami", "id",
+  "uname", "hostname", "arch", "lsb_release",
+  "env", "printenv", "set",
+  "df", "du", "free", "top", "htop", "ps", "pgrep",
+  "tree", "realpath", "basename", "dirname", "readlink",
+  "diff", "cmp", "comm", "sort", "uniq", "cut", "tr", "sed", "awk",
+  "jq", "yq", "xmllint",
+  "git status", "git log", "git diff", "git show", "git branch",
+  "git tag", "git remote", "git stash list", "git blame",
+  "node --version", "npm --version", "python --version", "python3 --version",
+  "ruby --version", "go version", "rustc --version", "cargo --version",
+  "java -version", "javac -version", "dotnet --version",
+  "npm list", "npm ls", "npm outdated", "npm view", "npm info",
+  "pip list", "pip show", "pip freeze",
+  "cargo tree", "cargo metadata",
+  "docker ps", "docker images", "docker info",
+  "kubectl get", "kubectl describe", "kubectl logs",
+]);
+
+// Dangerous commands: destructive or high-risk
+const DANGEROUS_PATTERNS = [
+  // System destruction
+  /^rm\s+(-[a-zA-Z]*r[a-zA-Z]*f|.*-rf|.*--no-preserve-root)/,
+  /^rm\s+-[a-zA-Z]*f/,
+  /^rmdir\s/,
+  /^mkfs\b/,
+  /^dd\s/,
+  /^format\b/,
+  /^fdisk\b/,
+  /^parted\b/,
+
+  // System modification
+  /^chmod\s.*777/,
+  /^chown\s/,
+  /^chgrp\s/,
+  /^mount\b/,
+  /^umount\b/,
+
+  // Service/process control
+  /^kill\s/,
+  /^killall\s/,
+  /^pkill\s/,
+  /^shutdown\b/,
+  /^reboot\b/,
+  /^halt\b/,
+  /^poweroff\b/,
+  /^systemctl\s+(stop|disable|mask|restart)/,
+  /^service\s+\w+\s+(stop|restart)/,
+
+  // Network
+  /^iptables\b/,
+  /^ip6tables\b/,
+  /^ufw\s/,
+  /^firewall-cmd\b/,
+  /^nmap\b/,
+
+  // Package management (install can be dangerous)
+  /^apt(-get)?\s+(remove|purge|autoremove)/,
+  /^yum\s+(remove|erase)/,
+  /^dnf\s+(remove|erase)/,
+  /^pacman\s+-R/,
+  /^brew\s+uninstall/,
+
+  // Git destructive
+  /^git\s+(push\s+.*--force|reset\s+--hard|clean\s+-[a-zA-Z]*f|checkout\s+\.)/,
+  /^git\s+branch\s+-[dD]/,
+
+  // Database
+  /^drop\s+(database|table|index)/i,
+  /^truncate\s+table/i,
+  /^delete\s+from/i,
+  /^mysql\b.*-e/,
+  /^psql\b.*-c/,
+
+  // Credential/secret access
+  /^cat\s+.*\.(env|pem|key|crt|p12)/,
+  /^curl\s+.*(-u|--user)/,
+  /^wget\s+.*--password/,
+
+  // Shell escape / eval
+  /^eval\s/,
+  /^exec\s/,
+  /\$\(.*\)/,  // command substitution in arguments
+  /\|\s*(sh|bash|zsh|dash)\b/,  // piping to shell
+];
+
+// Moderate commands: have side effects but generally safe with review
+const MODERATE_PATTERNS = [
+  /^npm\s+(install|i|ci|run|test|build|start)\b/,
+  /^npx\s/,
+  /^yarn\s/,
+  /^pnpm\s/,
+  /^pip\s+install/,
+  /^pip3\s+install/,
+  /^python[23]?\s/,
+  /^node\s/,
+  /^cargo\s+(build|run|test)/,
+  /^go\s+(build|run|test)/,
+  /^make\b/,
+  /^cmake\b/,
+  /^gcc\b/,
+  /^g\+\+\b/,
+  /^clang\b/,
+  /^rustc\b/,
+  /^javac\b/,
+  /^mvn\b/,
+  /^gradle\b/,
+  /^docker\s+(build|run|exec|compose)/,
+  /^kubectl\s+(apply|create|delete)/,
+  /^git\s+(add|commit|push|pull|merge|rebase|stash|fetch)/,
+  /^mkdir\b/,
+  /^touch\b/,
+  /^cp\b/,
+  /^mv\b/,
+  /^ln\b/,
+  /^curl\b/,
+  /^wget\b/,
+  /^ssh\b/,
+  /^scp\b/,
+  /^rsync\b/,
+];
+
+/**
+ * Classify a command's safety level
+ * @returns "safe" | "moderate" | "dangerous"
+ */
+export function classifyCommand(command) {
+  const trimmed = command.trim();
+
+  // Check exact safe commands first
+  if (SAFE_COMMANDS.has(trimmed)) return "safe";
+
+  // Check if it starts with a safe command (with arguments)
+  for (const safe of SAFE_COMMANDS) {
+    if (trimmed.startsWith(safe + " ") || trimmed === safe) return "safe";
+  }
+
+  // Check dangerous patterns
+  for (const pattern of DANGEROUS_PATTERNS) {
+    if (pattern.test(trimmed)) return "dangerous";
+  }
+
+  // Check moderate patterns
+  for (const pattern of MODERATE_PATTERNS) {
+    if (pattern.test(trimmed)) return "moderate";
+  }
+
+  // Default: moderate (unknown commands need review)
+  return "moderate";
+}
+
+/**
+ * Get a human-readable safety label with color hint
+ */
+export function getSafetyLabel(command) {
+  const level = classifyCommand(command);
+  switch (level) {
+    case "safe": return { level, label: "safe", color: "green" };
+    case "moderate": return { level, label: "needs review", color: "yellow" };
+    case "dangerous": return { level, label: "dangerous", color: "red" };
+  }
+}

package/src/lib/config-store.js

@@ -1,9 +1,19 @@
+// Multi-layer configuration system
+// Layers (lowest to highest priority):
+//   1. Defaults (built-in)
+//   2. System config (~/.cheri/config.json)
+//   3. Project config (.cheri/config.json)
+//   4. Environment variables (CHERI_* prefix)
 import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
 
 const CONFIG_DIR = join(homedir(), ".cheri");
 const CONFIG_FILE = join(CONFIG_DIR, "config.json");
+const PROJECT_CONFIG_FILE = ".cheri/config.json";
+
+// Environment variable mapping: CHERI_AI_PROVIDER → ai.provider
+const ENV_PREFIX = "CHERI_";
 
 function ensureConfigDir() {
   if (!existsSync(CONFIG_DIR)) {
@@ -11,32 +21,140 @@ function ensureConfigDir() {
   }
 }
 
-export function getConfig() {
-  ensureConfigDir();
-  if (!existsSync(CONFIG_FILE)) {
-    return getDefaultConfig();
+function getDefaultConfig() {
+  return {
+    apiUrl: "https://cheri.heysalad.app",
+    token: "",
+    ai: {
+      provider: "cheri",     // cheri, openai, anthropic, deepseek, groq, ollama, etc.
+      model: "",             // override default model per provider
+      keys: {},              // { openai: "sk-...", anthropic: "sk-ant-...", ... }
+      providers: {},         // custom provider configs: { myapi: { baseUrl, model } }
+      reasoning: {
+        effort: "medium",    // low, medium, high
+        showSummary: false,
+      },
+    },
+    approval: {
+      mode: "ask",           // auto, suggest, ask, deny
+    },
+    sandbox: {
+      level: "basic",        // none, basic, strict
+      allowNetwork: false,
+    },
+    agent: {
+      maxIterations: 15,
+      provider: "",          // override ai.provider for agent specifically
+      model: "",             // override ai.model for agent specifically
+    },
+    mcp: {
+      servers: {},           // { name: { command, args, env } }
+    },
+    workspace: {
+      defaultResources: { cpu: 2, ram: "4GB", disk: "10GB" },
+      idleTimeout: 600,
+    },
+    sync: {
+      ignore: ["node_modules", ".git", ".next", "dist", ".env", ".env.local"],
+      debounce: 300,
+    },
+    editor: { theme: "dark", fontSize: 14 },
+  };
+}
+
+function deepMerge(target, source) {
+  const output = { ...target };
+  for (const key in source) {
+    if (source[key] && typeof source[key] === "object" && !Array.isArray(source[key])) {
+      output[key] = deepMerge(output[key] || {}, source[key]);
+    } else {
+      output[key] = source[key];
+    }
   }
+  return output;
+}
+
+function loadJsonFile(path) {
+  if (!existsSync(path)) return {};
   try {
-    return JSON.parse(readFileSync(CONFIG_FILE, "utf-8"));
+    return JSON.parse(readFileSync(path, "utf-8"));
   } catch {
-    return getDefaultConfig();
+    return {};
   }
 }
 
+function getEnvOverrides() {
+  const overrides = {};
+  for (const [key, value] of Object.entries(process.env)) {
+    if (key.startsWith(ENV_PREFIX) && key !== "CHERI_SANDBOXED" && key !== "CHERI_SANDBOX_LEVEL") {
+      // Convert CHERI_AI_PROVIDER → ai.provider
+      const configKey = key.slice(ENV_PREFIX.length).toLowerCase().replace(/_/g, ".");
+      setNestedValue(overrides, configKey, value);
+    }
+  }
+  return overrides;
+}
+
+function setNestedValue(obj, dotKey, value) {
+  const keys = dotKey.split(".");
+  let current = obj;
+  for (let i = 0; i < keys.length - 1; i++) {
+    if (!current[keys[i]] || typeof current[keys[i]] !== "object") {
+      current[keys[i]] = {};
+    }
+    current = current[keys[i]];
+  }
+  current[keys[keys.length - 1]] = value;
+}
+
+/**
+ * Get merged config from all layers
+ */
+export function getConfig() {
+  ensureConfigDir();
+
+  let config = getDefaultConfig();
+
+  // Layer 2: User config
+  config = deepMerge(config, loadJsonFile(CONFIG_FILE));
+
+  // Layer 3: Project config
+  const projectConfig = join(process.cwd(), PROJECT_CONFIG_FILE);
+  config = deepMerge(config, loadJsonFile(projectConfig));
+
+  // Layer 4: Environment variables
+  config = deepMerge(config, getEnvOverrides());
+
+  return config;
+}
+
+/**
+ * Save to user config file
+ */
 export function setConfig(config) {
   ensureConfigDir();
   writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
 }
 
+/**
+ * Get a config value by dot-notation key
+ */
 export function getConfigValue(key) {
   const config = getConfig();
   return key.split(".").reduce((obj, k) => obj?.[k], config);
 }
 
+/**
+ * Set a config value by dot-notation key (saves to user config)
+ */
 export function setConfigValue(key, value) {
-  const config = getConfig();
+  ensureConfigDir();
+  // Only load user config (not merged) to avoid persisting project/env overrides
+  const userConfig = loadJsonFile(CONFIG_FILE);
+  const merged = deepMerge(getDefaultConfig(), userConfig);
+
   const keys = key.split(".");
-  let current = config;
+  let current = merged;
   for (let i = 0; i < keys.length - 1; i++) {
     if (!current[keys[i]] || typeof current[keys[i]] !== "object") {
       current[keys[i]] = {};
@@ -44,35 +162,22 @@ export function setConfigValue(key, value) {
     current = current[keys[i]];
   }
   current[keys[keys.length - 1]] = value;
-  setConfig(config);
+  setConfig(merged);
 }
 
-function getDefaultConfig() {
-  return {
-    apiUrl: "https://cheri.heysalad.app",
-    token: "",
-    workspace: {
-      defaultResources: {
-        cpu: 2,
-        ram: "4GB",
-        disk: "10GB",
-      },
-      idleTimeout: 600,
-    },
-    sync: {
-      ignore: [
-        "node_modules",
-        ".git",
-        ".next",
-        "dist",
-        ".env",
-        ".env.local",
-      ],
-      debounce: 300,
-    },
-    editor: {
-      theme: "dark",
-      fontSize: 14,
-    },
-  };
+/**
+ * List all config as flat key-value pairs
+ */
+export function flattenConfig(obj = null, prefix = "") {
+  obj = obj || getConfig();
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    const fullKey = prefix ? `${prefix}.${key}` : key;
+    if (value && typeof value === "object" && !Array.isArray(value)) {
+      Object.assign(result, flattenConfig(value, fullKey));
+    } else {
+      result[fullKey] = value;
+    }
+  }
+  return result;
 }

package/src/lib/context.js

@@ -1,56 +1,122 @@
-// Simple token estimation (~4 chars per token for English)
+// Enhanced context management with better token estimation and smart compaction
+
+// Better token estimation — uses word-based heuristic closer to actual BPE
 function estimateTokens(text) {
-  return Math.ceil((text || "").length / 4);
+  if (!text) return 0;
+  const str = typeof text === "string" ? text : JSON.stringify(text);
+  // Approx: blend word count and char count for better estimate
+  const words = str.split(/\s+/).length;
+  const chars = str.length;
+  return Math.ceil((words * 1.3 + chars / 4) / 2);
 }
 
+/**
+ * Estimate total tokens for a message array
+ */
 export function estimateMessagesTokens(messages) {
-  return messages.reduce((sum, m) => {
-    const content = typeof m.content === "string" ? m.content : JSON.stringify(m.content || "");
-    return sum + estimateTokens(content) + 4; // 4 tokens overhead per message
-  }, 0);
+  let total = 0;
+  for (const msg of messages) {
+    total += 4; // message overhead
+    if (typeof msg.content === "string") {
+      total += estimateTokens(msg.content);
+    } else if (msg.content) {
+      total += estimateTokens(JSON.stringify(msg.content));
+    }
+    if (msg.tool_calls) {
+      total += estimateTokens(JSON.stringify(msg.tool_calls));
+    }
+    if (msg.role) total += 1;
+  }
+  return total;
 }
 
-// Compress conversation by summarizing old tool results and trimming history
-export function compactMessages(messages, maxTokens = 100000) {
-  const currentTokens = estimateMessagesTokens(messages);
-  if (currentTokens <= maxTokens) return { messages, compacted: false };
+/**
+ * Smart compaction that preserves context quality
+ *
+ * Strategy:
+ * 1. Always keep system message
+ * 2. Parse messages into turns (user → assistant → tool results)
+ * 3. Summarize old turns, keep recent turns in full
+ * 4. Preserve turns that had errors (learning context)
+ */
+export function compactMessages(messages, targetTokens = 60000) {
+  if (messages.length === 0) return { messages, compacted: false };
 
-  const compacted = [];
-  const systemMsg = messages.find((m) => m.role === "system");
-  if (systemMsg) compacted.push(systemMsg);
+  const current = estimateMessagesTokens(messages);
+  if (current <= targetTokens) return { messages, compacted: false };
+
+  const systemMsg = messages.find(m => m.role === "system");
+  const nonSystem = messages.filter(m => m.role !== "system");
+
+  // Parse into turns
+  const turns = [];
+  let currentTurn = [];
+  for (const msg of nonSystem) {
+    if (msg.role === "user" && currentTurn.length > 0) {
+      turns.push(currentTurn);
+      currentTurn = [];
+    }
+    currentTurn.push(msg);
+  }
+  if (currentTurn.length > 0) turns.push(currentTurn);
+
+  // Keep recent turns fully (last 5 or 40%)
+  const recentCount = Math.min(5, Math.max(2, Math.floor(turns.length * 0.4)));
+  const oldTurns = turns.slice(0, -recentCount);
+  const recentTurns = turns.slice(-recentCount);
+
+  // Summarize old turns
+  const summaries = [];
+  for (const turn of oldTurns) {
+    const userMsg = turn.find(m => m.role === "user");
+    const assistantMsg = turn.find(m => m.role === "assistant");
+    const toolMsgs = turn.filter(m => m.role === "tool");
+    const hadError = toolMsgs.some(m => {
+      try { return JSON.parse(m.content)?.error; } catch { return false; }
+    });
 
-  // Keep recent messages (last 20), compress older ones
-  const nonSystem = messages.filter((m) => m.role !== "system");
-  const keepRecent = 20;
-  const old = nonSystem.slice(0, -keepRecent);
-  const recent = nonSystem.slice(-keepRecent);
-
-  if (old.length > 0) {
-    // Build a summary of old messages
-    const userMessages = old.filter((m) => m.role === "user" && typeof m.content === "string");
-    const toolResults = old.filter((m) => m.role === "tool");
-
-    let summary = "[Conversation history compacted]\n";
-    summary += `Previous turns: ${old.length} messages\n`;
-
-    if (userMessages.length > 0) {
-      summary += "Topics discussed:\n";
-      userMessages.forEach((m) => {
-        summary += `- ${m.content.slice(0, 100)}\n`;
-      });
+    let summary = "";
+    if (userMsg) {
+      const text = typeof userMsg.content === "string" ? userMsg.content : "...";
+      summary += `User: ${text.slice(0, 100)}\n`;
     }
+    if (assistantMsg?.tool_calls) {
+      const tools = assistantMsg.tool_calls.map(tc => tc.function.name).join(", ");
+      summary += `Tools: ${tools}\n`;
+    }
+    if (assistantMsg?.content) summary += `Response: ${assistantMsg.content.slice(0, 150)}\n`;
+    if (hadError) summary += `[Had errors]\n`;
+    summaries.push(summary);
+  }
 
-    summary += `Tool calls made: ${toolResults.length}\n`;
+  const summaryText = summaries.length > 0
+    ? `## Previous conversation summary (${summaries.length} turns):\n${summaries.join("\n---\n")}`
+    : "";
 
-    compacted.push({ role: "user", content: summary });
-    compacted.push({ role: "assistant", content: "Understood. I have context from the previous conversation. Let's continue." });
+  const compacted = [];
+  if (systemMsg) compacted.push(systemMsg);
+  if (summaryText) {
+    compacted.push({ role: "user", content: summaryText });
+    compacted.push({ role: "assistant", content: "Understood. I have context from our previous conversation. How can I continue helping?" });
   }
+  for (const turn of recentTurns) compacted.push(...turn);
 
-  compacted.push(...recent);
   return { messages: compacted, compacted: true };
 }
 
-// Check if we should auto-compact
+/**
+ * Check if compaction is needed
+ */
 export function shouldCompact(messages, threshold = 80000) {
   return estimateMessagesTokens(messages) > threshold;
 }
+
+/**
+ * Get token usage stats
+ */
+export function getContextStats(messages) {
+  const tokens = estimateMessagesTokens(messages);
+  const turns = messages.filter(m => m.role === "user").length;
+  const toolCalls = messages.filter(m => m.role === "tool").length;
+  return { tokens, turns, toolCalls, messageCount: messages.length };
+}