@howlil/ez-agents 2.0.0 → 3.0.0

package/{get-shit-done → ez-agents}/bin/lib/audit-exec.cjs

@@ -1,150 +1,150 @@
-#!/usr/bin/env node
-
-/**
- * GSD Audit Exec — Command execution with full audit logging
- * 
- * Logs all command executions to audit file for security review:
- * - Timestamp, command, arguments, context
- * - Duration and result status
- * - Error details if failed
- * 
- * Usage:
- *   const { auditExec } = require('./audit-exec.cjs');
- *   const result = await auditExec('git', ['status'], { context: 'my-module' });
- */
-
-const { execFile } = require('child_process');
-const { promisify } = require('util');
-const { appendFileSync, existsSync, mkdirSync } = require('fs');
-const { join } = require('path');
-const Logger = require('./logger.cjs');
-const logger = new Logger();
-
-const execFileAsync = promisify(execFile);
-
-// Audit log file path
-const AUDIT_DIR = join('.planning', 'logs');
-const AUDIT_FILE = join(AUDIT_DIR, `audit-${new Date().toISOString().split('T')[0]}.jsonl`);
-
-// Ensure audit directory exists
-if (!existsSync(AUDIT_DIR)) {
-  mkdirSync(AUDIT_DIR, { recursive: true });
-}
-
-/**
- * Write audit log entry
- * @param {Object} entry - Audit entry
- */
-function writeAudit(entry) {
-  const line = JSON.stringify(entry) + '\n';
-  appendFileSync(AUDIT_FILE, line, 'utf-8');
-}
-
-/**
- * Execute command with full audit logging
- * @param {string} cmd - Command to execute
- * @param {string[]} args - Command arguments
- * @param {Object} options - Execution options
- * @param {string} options.context - Calling context (which module/function)
- * @param {string} options.user - User identifier
- * @returns {Promise<string>} - Command stdout
- */
-async function auditExec(cmd, args = [], options = {}) {
-  const { context = 'unknown', user = 'system', timeout = 30000 } = options;
-  
-  const entry = {
-    timestamp: new Date().toISOString(),
-    cmd,
-    args,
-    context,
-    user,
-    status: 'started'
-  };
-  
-  // Log start
-  writeAudit(entry);
-  logger.info('Audit: command started', { cmd, args: args.join(' '), context });
-  
-  const startTime = Date.now();
-  
-  try {
-    const result = await execFileAsync(cmd, args, { 
-      timeout,
-      maxBuffer: 10 * 1024 * 1024
-    });
-    
-    const duration = Date.now() - startTime;
-    
-    // Log success
-    const successEntry = {
-      ...entry,
-      status: 'success',
-      duration,
-      stdout_length: result.stdout?.length || 0
-    };
-    writeAudit(successEntry);
-    
-    logger.debug('Audit: command completed', { cmd, duration, context });
-    
-    return result.stdout.trim();
-  } catch (err) {
-    const duration = Date.now() - startTime;
-    
-    // Log failure
-    const errorEntry = {
-      ...entry,
-      status: 'error',
-      duration,
-      error: err.message,
-      code: err.code,
-      signal: err.signal
-    };
-    writeAudit(errorEntry);
-    
-    logger.error('Audit: command failed', { cmd, error: err.message, duration, context });
-    
-    throw err;
-  }
-}
-
-/**
- * Get today's audit log path
- * @returns {string} - Audit file path
- */
-function getAuditFilePath() {
-  return AUDIT_FILE;
-}
-
-/**
- * Read audit log entries for a specific date
- * @param {string} date - Date string (YYYY-MM-DD)
- * @returns {Object[]} - Array of audit entries
- */
-function readAuditLog(date = new Date().toISOString().split('T')[0]) {
-  const filePath = join(AUDIT_DIR, `audit-${date}.jsonl`);
-  
-  if (!existsSync(filePath)) {
-    return [];
-  }
-  
-  const content = require('fs').readFileSync(filePath, 'utf-8');
-  return content.trim().split('\n').map(line => JSON.parse(line));
-}
-
-/**
- * Search audit log for specific command
- * @param {string} cmdFilter - Command to filter by
- * @param {string} date - Date string
- * @returns {Object[]} - Matching entries
- */
-function searchAuditLog(cmdFilter, date) {
-  const entries = readAuditLog(date);
-  return entries.filter(e => e.cmd === cmdFilter);
-}
-
-module.exports = {
-  auditExec,
-  getAuditFilePath,
-  readAuditLog,
-  searchAuditLog
-};
+#!/usr/bin/env node
+
+/**
+ * GSD Audit Exec — Command execution with full audit logging
+ * 
+ * Logs all command executions to audit file for security review:
+ * - Timestamp, command, arguments, context
+ * - Duration and result status
+ * - Error details if failed
+ * 
+ * Usage:
+ *   const { auditExec } = require('./audit-exec.cjs');
+ *   const result = await auditExec('git', ['status'], { context: 'my-module' });
+ */
+
+const { execFile } = require('child_process');
+const { promisify } = require('util');
+const { appendFileSync, existsSync, mkdirSync } = require('fs');
+const { join } = require('path');
+const Logger = require('./logger.cjs');
+const logger = new Logger();
+
+const execFileAsync = promisify(execFile);
+
+// Audit log file path
+const AUDIT_DIR = join('.planning', 'logs');
+const AUDIT_FILE = join(AUDIT_DIR, `audit-${new Date().toISOString().split('T')[0]}.jsonl`);
+
+// Ensure audit directory exists
+if (!existsSync(AUDIT_DIR)) {
+  mkdirSync(AUDIT_DIR, { recursive: true });
+}
+
+/**
+ * Write audit log entry
+ * @param {Object} entry - Audit entry
+ */
+function writeAudit(entry) {
+  const line = JSON.stringify(entry) + '\n';
+  appendFileSync(AUDIT_FILE, line, 'utf-8');
+}
+
+/**
+ * Execute command with full audit logging
+ * @param {string} cmd - Command to execute
+ * @param {string[]} args - Command arguments
+ * @param {Object} options - Execution options
+ * @param {string} options.context - Calling context (which module/function)
+ * @param {string} options.user - User identifier
+ * @returns {Promise<string>} - Command stdout
+ */
+async function auditExec(cmd, args = [], options = {}) {
+  const { context = 'unknown', user = 'system', timeout = 30000 } = options;
+  
+  const entry = {
+    timestamp: new Date().toISOString(),
+    cmd,
+    args,
+    context,
+    user,
+    status: 'started'
+  };
+  
+  // Log start
+  writeAudit(entry);
+  logger.info('Audit: command started', { cmd, args: args.join(' '), context });
+  
+  const startTime = Date.now();
+  
+  try {
+    const result = await execFileAsync(cmd, args, { 
+      timeout,
+      maxBuffer: 10 * 1024 * 1024
+    });
+    
+    const duration = Date.now() - startTime;
+    
+    // Log success
+    const successEntry = {
+      ...entry,
+      status: 'success',
+      duration,
+      stdout_length: result.stdout?.length || 0
+    };
+    writeAudit(successEntry);
+    
+    logger.debug('Audit: command completed', { cmd, duration, context });
+    
+    return result.stdout.trim();
+  } catch (err) {
+    const duration = Date.now() - startTime;
+    
+    // Log failure
+    const errorEntry = {
+      ...entry,
+      status: 'error',
+      duration,
+      error: err.message,
+      code: err.code,
+      signal: err.signal
+    };
+    writeAudit(errorEntry);
+    
+    logger.error('Audit: command failed', { cmd, error: err.message, duration, context });
+    
+    throw err;
+  }
+}
+
+/**
+ * Get today's audit log path
+ * @returns {string} - Audit file path
+ */
+function getAuditFilePath() {
+  return AUDIT_FILE;
+}
+
+/**
+ * Read audit log entries for a specific date
+ * @param {string} date - Date string (YYYY-MM-DD)
+ * @returns {Object[]} - Array of audit entries
+ */
+function readAuditLog(date = new Date().toISOString().split('T')[0]) {
+  const filePath = join(AUDIT_DIR, `audit-${date}.jsonl`);
+  
+  if (!existsSync(filePath)) {
+    return [];
+  }
+  
+  const content = require('fs').readFileSync(filePath, 'utf-8');
+  return content.trim().split('\n').map(line => JSON.parse(line));
+}
+
+/**
+ * Search audit log for specific command
+ * @param {string} cmdFilter - Command to filter by
+ * @param {string} date - Date string
+ * @returns {Object[]} - Matching entries
+ */
+function searchAuditLog(cmdFilter, date) {
+  const entries = readAuditLog(date);
+  return entries.filter(e => e.cmd === cmdFilter);
+}
+
+module.exports = {
+  auditExec,
+  getAuditFilePath,
+  readAuditLog,
+  searchAuditLog
+};

package/{get-shit-done → ez-agents}/bin/lib/auth.cjs

@@ -1,175 +1,175 @@
-#!/usr/bin/env node
-
-/**
- * GSD Auth — Secure credential storage using system keychain
- * 
- * Stores API keys securely using:
- * - keytar for system keychain (Windows Credential Manager, macOS Keychain, libsecret)
- * - Fallback to encrypted file storage if keytar unavailable
- * 
- * Usage:
- *   const { saveCredential, loadCredential } = require('./auth.cjs');
- *   await saveCredential('anthropic', 'sk-...');
- */
-
-const Logger = require('./logger.cjs');
-const logger = new Logger();
-const path = require('path');
-const fs = require('fs');
-const os = require('os');
-
-const SERVICE_NAME = 'gsd-multi-model';
-
-// Provider account names
-const PROVIDERS = {
-  ANTHROPIC: 'anthropic',
-  MOONSHOT: 'moonshot',
-  ALIBABA: 'alibaba',
-  OPENAI: 'openai'
-};
-
-// Fallback storage path
-const FALLBACK_FILE = path.join(os.homedir(), '.gsd-credentials.json');
-
-// Try to load keytar
-let keytar = null;
-try {
-  keytar = require('keytar');
-  logger.info('keytar loaded — using system keychain');
-} catch (err) {
-  logger.warn('keytar not available — using fallback storage');
-}
-
-/**
- * Save credential securely
- * @param {string} provider - Provider name (anthropic, moonshot, etc.)
- * @param {string} secret - API key or secret
- * @returns {Promise<boolean>} - Success status
- */
-async function saveCredential(provider, secret) {
-  try {
-    if (keytar) {
-      await keytar.setPassword(SERVICE_NAME, provider, secret);
-      logger.info('Credential saved to system keychain', { provider });
-      return true;
-    } else {
-      // Fallback: save to file
-      let credentials = {};
-      if (fs.existsSync(FALLBACK_FILE)) {
-        const content = fs.readFileSync(FALLBACK_FILE, 'utf-8');
-        try {
-          credentials = JSON.parse(content);
-        } catch (e) {
-          credentials = {};
-        }
-      }
-      credentials[provider] = secret;
-      fs.writeFileSync(FALLBACK_FILE, JSON.stringify(credentials, null, 2), 'utf-8');
-      logger.warn('Credential saved to fallback file', { provider, path: FALLBACK_FILE });
-      return true;
-    }
-  } catch (err) {
-    logger.error('Failed to save credential', { provider, error: err.message });
-    return false;
-  }
-}
-
-/**
- * Load credential securely
- * @param {string} provider - Provider name
- * @returns {Promise<string|null>} - API key or null if not found
- */
-async function loadCredential(provider) {
-  try {
-    if (keytar) {
-      const secret = await keytar.getPassword(SERVICE_NAME, provider);
-      if (secret) {
-        logger.debug('Credential loaded from keychain', { provider });
-      }
-      return secret || null;
-    } else {
-      // Fallback: load from file
-      if (fs.existsSync(FALLBACK_FILE)) {
-        const content = fs.readFileSync(FALLBACK_FILE, 'utf-8');
-        const credentials = JSON.parse(content);
-        return credentials[provider] || null;
-      }
-      return null;
-    }
-  } catch (err) {
-    logger.error('Failed to load credential', { provider, error: err.message });
-    return null;
-  }
-}
-
-/**
- * Delete credential
- * @param {string} provider - Provider name
- * @returns {Promise<boolean>} - Success status
- */
-async function deleteCredential(provider) {
-  try {
-    if (keytar) {
-      await keytar.deletePassword(SERVICE_NAME, provider);
-      logger.info('Credential deleted from keychain', { provider });
-      return true;
-    } else {
-      // Fallback: remove from file
-      if (fs.existsSync(FALLBACK_FILE)) {
-        const content = fs.readFileSync(FALLBACK_FILE, 'utf-8');
-        const credentials = JSON.parse(content);
-        if (credentials[provider]) {
-          delete credentials[provider];
-          fs.writeFileSync(FALLBACK_FILE, JSON.stringify(credentials, null, 2), 'utf-8');
-          logger.info('Credential deleted from fallback file', { provider });
-          return true;
-        }
-      }
-      return false;
-    }
-  } catch (err) {
-    logger.error('Failed to delete credential', { provider, error: err.message });
-    return false;
-  }
-}
-
-/**
- * List all stored providers
- * @returns {Promise<string[]>} - Array of provider names
- */
-async function listProviders() {
-  const stored = [];
-  
-  if (keytar) {
-    for (const [, name] of Object.entries(PROVIDERS)) {
-      const cred = await keytar.getPassword(SERVICE_NAME, name);
-      if (cred) stored.push(name);
-    }
-  } else {
-    if (fs.existsSync(FALLBACK_FILE)) {
-      const content = fs.readFileSync(FALLBACK_FILE, 'utf-8');
-      const credentials = JSON.parse(content);
-      return Object.keys(credentials);
-    }
-  }
-  
-  return stored;
-}
-
-/**
- * Check if keytar is available
- * @returns {boolean} - True if using system keychain
- */
-function isKeychainAvailable() {
-  return keytar !== null;
-}
-
-module.exports = {
-  saveCredential,
-  loadCredential,
-  deleteCredential,
-  listProviders,
-  isKeychainAvailable,
-  PROVIDERS,
-  SERVICE_NAME
-};
+#!/usr/bin/env node
+
+/**
+ * GSD Auth — Secure credential storage using system keychain
+ * 
+ * Stores API keys securely using:
+ * - keytar for system keychain (Windows Credential Manager, macOS Keychain, libsecret)
+ * - Fallback to encrypted file storage if keytar unavailable
+ * 
+ * Usage:
+ *   const { saveCredential, loadCredential } = require('./auth.cjs');
+ *   await saveCredential('anthropic', 'sk-...');
+ */
+
+const Logger = require('./logger.cjs');
+const logger = new Logger();
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+
+const SERVICE_NAME = 'ez-agents';
+
+// Provider account names
+const PROVIDERS = {
+  ANTHROPIC: 'anthropic',
+  MOONSHOT: 'moonshot',
+  ALIBABA: 'alibaba',
+  OPENAI: 'openai'
+};
+
+// Fallback storage path
+const FALLBACK_FILE = path.join(os.homedir(), '.ez-credentials.json');
+
+// Try to load keytar
+let keytar = null;
+try {
+  keytar = require('keytar');
+  logger.info('keytar loaded — using system keychain');
+} catch (err) {
+  logger.warn('keytar not available — using fallback storage');
+}
+
+/**
+ * Save credential securely
+ * @param {string} provider - Provider name (anthropic, moonshot, etc.)
+ * @param {string} secret - API key or secret
+ * @returns {Promise<boolean>} - Success status
+ */
+async function saveCredential(provider, secret) {
+  try {
+    if (keytar) {
+      await keytar.setPassword(SERVICE_NAME, provider, secret);
+      logger.info('Credential saved to system keychain', { provider });
+      return true;
+    } else {
+      // Fallback: save to file
+      let credentials = {};
+      if (fs.existsSync(FALLBACK_FILE)) {
+        const content = fs.readFileSync(FALLBACK_FILE, 'utf-8');
+        try {
+          credentials = JSON.parse(content);
+        } catch (e) {
+          credentials = {};
+        }
+      }
+      credentials[provider] = secret;
+      fs.writeFileSync(FALLBACK_FILE, JSON.stringify(credentials, null, 2), 'utf-8');
+      logger.warn('Credential saved to fallback file', { provider, path: FALLBACK_FILE });
+      return true;
+    }
+  } catch (err) {
+    logger.error('Failed to save credential', { provider, error: err.message });
+    return false;
+  }
+}
+
+/**
+ * Load credential securely
+ * @param {string} provider - Provider name
+ * @returns {Promise<string|null>} - API key or null if not found
+ */
+async function loadCredential(provider) {
+  try {
+    if (keytar) {
+      const secret = await keytar.getPassword(SERVICE_NAME, provider);
+      if (secret) {
+        logger.debug('Credential loaded from keychain', { provider });
+      }
+      return secret || null;
+    } else {
+      // Fallback: load from file
+      if (fs.existsSync(FALLBACK_FILE)) {
+        const content = fs.readFileSync(FALLBACK_FILE, 'utf-8');
+        const credentials = JSON.parse(content);
+        return credentials[provider] || null;
+      }
+      return null;
+    }
+  } catch (err) {
+    logger.error('Failed to load credential', { provider, error: err.message });
+    return null;
+  }
+}
+
+/**
+ * Delete credential
+ * @param {string} provider - Provider name
+ * @returns {Promise<boolean>} - Success status
+ */
+async function deleteCredential(provider) {
+  try {
+    if (keytar) {
+      await keytar.deletePassword(SERVICE_NAME, provider);
+      logger.info('Credential deleted from keychain', { provider });
+      return true;
+    } else {
+      // Fallback: remove from file
+      if (fs.existsSync(FALLBACK_FILE)) {
+        const content = fs.readFileSync(FALLBACK_FILE, 'utf-8');
+        const credentials = JSON.parse(content);
+        if (credentials[provider]) {
+          delete credentials[provider];
+          fs.writeFileSync(FALLBACK_FILE, JSON.stringify(credentials, null, 2), 'utf-8');
+          logger.info('Credential deleted from fallback file', { provider });
+          return true;
+        }
+      }
+      return false;
+    }
+  } catch (err) {
+    logger.error('Failed to delete credential', { provider, error: err.message });
+    return false;
+  }
+}
+
+/**
+ * List all stored providers
+ * @returns {Promise<string[]>} - Array of provider names
+ */
+async function listProviders() {
+  const stored = [];
+  
+  if (keytar) {
+    for (const [, name] of Object.entries(PROVIDERS)) {
+      const cred = await keytar.getPassword(SERVICE_NAME, name);
+      if (cred) stored.push(name);
+    }
+  } else {
+    if (fs.existsSync(FALLBACK_FILE)) {
+      const content = fs.readFileSync(FALLBACK_FILE, 'utf-8');
+      const credentials = JSON.parse(content);
+      return Object.keys(credentials);
+    }
+  }
+  
+  return stored;
+}
+
+/**
+ * Check if keytar is available
+ * @returns {boolean} - True if using system keychain
+ */
+function isKeychainAvailable() {
+  return keytar !== null;
+}
+
+module.exports = {
+  saveCredential,
+  loadCredential,
+  deleteCredential,
+  listProviders,
+  isKeychainAvailable,
+  PROVIDERS,
+  SERVICE_NAME
+};