npm - @itz4blitz/agentful - Versions diffs - 1.2.0 → 1.3.0 - Mend

@itz4blitz/agentful 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/README.md +28 -1
package/bin/cli.js +11 -1055
package/bin/hooks/block-file-creation.js +271 -0
package/bin/hooks/product-spec-watcher.js +151 -0
package/lib/index.js +0 -11
package/lib/init.js +2 -21
package/lib/parallel-execution.js +235 -0
package/lib/presets.js +26 -4
package/package.json +4 -7
package/template/.claude/agents/architect.md +2 -2
package/template/.claude/agents/backend.md +17 -30
package/template/.claude/agents/frontend.md +17 -39
package/template/.claude/agents/orchestrator.md +63 -4
package/template/.claude/agents/product-analyzer.md +1 -1
package/template/.claude/agents/tester.md +16 -29
package/template/.claude/commands/agentful-generate.md +221 -14
package/template/.claude/commands/agentful-init.md +621 -0
package/template/.claude/commands/agentful-product.md +1 -1
package/template/.claude/commands/agentful-start.md +99 -1
package/template/.claude/product/EXAMPLES.md +2 -2
package/template/.claude/product/index.md +1 -1
package/template/.claude/settings.json +22 -0
package/template/.claude/skills/research/SKILL.md +432 -0
package/template/CLAUDE.md +5 -6
package/template/bin/hooks/architect-drift-detector.js +242 -0
package/template/bin/hooks/product-spec-watcher.js +151 -0
package/version.json +1 -1
package/bin/hooks/post-agent.js +0 -101
package/bin/hooks/post-feature.js +0 -227
package/bin/hooks/pre-agent.js +0 -118
package/bin/hooks/pre-feature.js +0 -138
package/lib/VALIDATION_README.md +0 -455
package/lib/ci/claude-action-integration.js +0 -641
package/lib/ci/index.js +0 -10
package/lib/core/analyzer.js +0 -497
package/lib/core/cli.js +0 -141
package/lib/core/detectors/conventions.js +0 -342
package/lib/core/detectors/framework.js +0 -276
package/lib/core/detectors/index.js +0 -15
package/lib/core/detectors/language.js +0 -199
package/lib/core/detectors/patterns.js +0 -356
package/lib/core/generator.js +0 -626
package/lib/core/index.js +0 -9
package/lib/core/output-parser.js +0 -458
package/lib/core/storage.js +0 -515
package/lib/core/templates.js +0 -556
package/lib/pipeline/cli.js +0 -423
package/lib/pipeline/engine.js +0 -928
package/lib/pipeline/executor.js +0 -440
package/lib/pipeline/index.js +0 -33
package/lib/pipeline/integrations.js +0 -559
package/lib/pipeline/schemas.js +0 -288
package/lib/remote/client.js +0 -361
package/lib/server/auth.js +0 -270
package/lib/server/client-example.js +0 -190
package/lib/server/executor.js +0 -477
package/lib/server/index.js +0 -494
package/lib/update-helpers.js +0 -505
package/lib/validation.js +0 -460

package/lib/server/auth.js DELETED Viewed

@@ -1,270 +0,0 @@
-/**
- * Authentication Middleware for Agentful Server
- *
- * Supports three authentication modes:
- * - tailscale: Network-level security (Tailscale handles auth)
- * - hmac: HMAC-SHA256 signature verification with replay protection
- * - none: Local-only access (127.0.0.1)
- *
- * @module server/auth
- */
-import crypto from 'crypto';
-/**
- * Replay protection window (5 minutes)
- */
-const REPLAY_WINDOW_MS = 5 * 60 * 1000;
-/**
- * Maximum size for signature cache (prevents memory exhaustion)
- */
-const MAX_SIGNATURE_CACHE_SIZE = 10000;
-/**
- * In-memory store for seen request signatures (prevents replay attacks)
- * In production, use Redis or similar distributed cache
- */
-const seenSignatures = new Map();
-/**
- * Clean up old signatures periodically (every 10 minutes)
- */
-setInterval(() => {
-  const cutoff = Date.now() - REPLAY_WINDOW_MS;
-  for (const [signature, timestamp] of seenSignatures.entries()) {
-    if (timestamp < cutoff) {
-      seenSignatures.delete(signature);
-    }
-  }
-  // If cache is still too large after cleanup, remove oldest entries (LRU)
-  if (seenSignatures.size > MAX_SIGNATURE_CACHE_SIZE) {
-    const sortedEntries = Array.from(seenSignatures.entries())
-      .sort((a, b) => a[1] - b[1]);
-    const toRemove = sortedEntries.slice(0, seenSignatures.size - MAX_SIGNATURE_CACHE_SIZE);
-    for (const [sig] of toRemove) {
-      seenSignatures.delete(sig);
-    }
-  }
-}, 10 * 60 * 1000);
-/**
- * Verify HMAC signature with replay protection
- * @param {string} timestamp - Request timestamp
- * @param {string} body - Request body (JSON string)
- * @param {string} signature - HMAC signature from header
- * @param {string} secret - Shared secret
- * @returns {Object} Verification result { valid: boolean, error?: string }
- */
-export function verifyHMACSignature(timestamp, body, signature, secret) {
-  // Validate timestamp format
-  const requestTime = parseInt(timestamp, 10);
-  if (isNaN(requestTime)) {
-    return { valid: false, error: 'Invalid timestamp format' };
-  }
-  // Check timestamp is within acceptable window
-  const now = Date.now();
-  const timeDiff = Math.abs(now - requestTime);
-  if (timeDiff > REPLAY_WINDOW_MS) {
-    return {
-      valid: false,
-      error: `Timestamp outside acceptable window (${REPLAY_WINDOW_MS / 1000}s)`,
-    };
-  }
-  // Check for replay attack
-  if (seenSignatures.has(signature)) {
-    return { valid: false, error: 'Signature already used (replay attack)' };
-  }
-  // Compute expected signature
-  const message = timestamp + body;
-  const expectedSignature = crypto
-    .createHmac('sha256', secret)
-    .update(message)
-    .digest('hex');
-  // Compare signatures (constant-time comparison to prevent timing attacks)
-  const signatureBuffer = Buffer.from(signature);
-  const expectedBuffer = Buffer.from(expectedSignature);
-  // Ensure buffers are same length before timingSafeEqual to prevent crash
-  if (signatureBuffer.length !== expectedBuffer.length) {
-    return { valid: false, error: 'Invalid signature' };
-  }
-  const isValid = crypto.timingSafeEqual(signatureBuffer, expectedBuffer);
-  if (!isValid) {
-    return { valid: false, error: 'Invalid signature' };
-  }
-  // Store signature to prevent replay (with cache size limit)
-  if (seenSignatures.size >= MAX_SIGNATURE_CACHE_SIZE) {
-    // Find and remove oldest entry
-    let oldestSig = null;
-    let oldestTime = Infinity;
-    for (const [sig, time] of seenSignatures.entries()) {
-      if (time < oldestTime) {
-        oldestTime = time;
-        oldestSig = sig;
-      }
-    }
-    if (oldestSig) {
-      seenSignatures.delete(oldestSig);
-    }
-  }
-  seenSignatures.set(signature, requestTime);
-  return { valid: true };
-}
-/**
- * Minimum secret length for HMAC (256 bits / 32 bytes)
- */
-const MIN_SECRET_LENGTH = 32;
-/**
- * Create authentication middleware based on mode
- * @param {string} mode - Authentication mode ('tailscale', 'hmac', 'none')
- * @param {Object} config - Configuration options
- * @param {string} [config.secret] - Shared secret (required for HMAC mode)
- * @returns {Function} Middleware function
- */
-export function createAuthMiddleware(mode, config = {}) {
-  switch (mode) {
-    case 'tailscale':
-      // Tailscale mode: No authentication needed (network-level security)
-      return (req, res, next) => {
-        next();
-      };
-    case 'hmac':
-      if (!config.secret) {
-        throw new Error('HMAC mode requires a secret');
-      }
-      // Validate secret strength
-      if (config.secret.length < MIN_SECRET_LENGTH) {
-        throw new Error(
-          `HMAC secret must be at least ${MIN_SECRET_LENGTH} characters. ` +
-          `Use: openssl rand -hex 32`
-        );
-      }
-      return (req, res, next) => {
-        // Extract headers
-        const signature = req.headers['x-agentful-signature'];
-        const timestamp = req.headers['x-agentful-timestamp'];
-        // Validate headers present
-        if (!signature || !timestamp) {
-          res.writeHead(401, { 'Content-Type': 'application/json' });
-          return res.end(
-            JSON.stringify({
-              error: 'Authentication required',
-              message: 'Missing X-Agentful-Signature or X-Agentful-Timestamp header',
-            })
-          );
-        }
-        // Verify signature
-        const result = verifyHMACSignature(
-          timestamp,
-          req.rawBody || '',
-          signature,
-          config.secret
-        );
-        if (!result.valid) {
-          res.writeHead(401, { 'Content-Type': 'application/json' });
-          return res.end(
-            JSON.stringify({
-              error: 'Authentication failed',
-              message: result.error,
-            })
-          );
-        }
-        next();
-      };
-    case 'none':
-      // None mode: Allow all connections (use with SSH tunnel for security)
-      return (req, res, next) => {
-        next();
-      };
-    default:
-      throw new Error(`Unknown authentication mode: ${mode}`);
-  }
-}
-/**
- * Maximum request body size (10MB)
- */
-const MAX_BODY_SIZE = 10 * 1024 * 1024;
-/**
- * Middleware to capture raw request body (needed for HMAC verification)
- * Must be used before express.json() middleware
- */
-export function captureRawBody(req, res, next) {
-  let data = '';
-  let size = 0;
-  req.on('data', (chunk) => {
-    size += chunk.length;
-    // Check if body size exceeds limit
-    if (size > MAX_BODY_SIZE) {
-      req.destroy();
-      res.writeHead(413, { 'Content-Type': 'application/json' });
-      res.end(
-        JSON.stringify({
-          error: 'Payload Too Large',
-          message: `Request body exceeds maximum size of ${MAX_BODY_SIZE / 1024 / 1024}MB`,
-        })
-      );
-      return;
-    }
-    data += chunk.toString();
-  });
-  req.on('end', () => {
-    req.rawBody = data;
-    next();
-  });
-}
-/**
- * Generate HMAC signature for a request (for client use)
- * @param {string} body - Request body (JSON string)
- * @param {string} secret - Shared secret
- * @returns {Object} Headers to add to request { 'X-Agentful-Signature', 'X-Agentful-Timestamp' }
- */
-export function generateHMACHeaders(body, secret) {
-  const timestamp = Date.now().toString();
-  const message = timestamp + body;
-  const signature = crypto
-    .createHmac('sha256', secret)
-    .update(message)
-    .digest('hex');
-  return {
-    'X-Agentful-Signature': signature,
-    'X-Agentful-Timestamp': timestamp,
-  };
-}
-export default {
-  createAuthMiddleware,
-  verifyHMACSignature,
-  captureRawBody,
-  generateHMACHeaders,
-};

package/lib/server/client-example.js DELETED Viewed

@@ -1,190 +0,0 @@
-/**
- * Example Client for Agentful Server
- *
- * Demonstrates how to make authenticated requests to agentful serve
- *
- * @module server/client-example
- */
-import { generateHMACHeaders } from './auth.js';
-/**
- * Example: Trigger agent execution with HMAC authentication
- */
-async function triggerAgentWithHMAC() {
-  const serverUrl = 'https://your-server.com:3000';
-  const secret = 'your-shared-secret';
-  // Request body
-  const body = JSON.stringify({
-    agent: 'backend',
-    task: 'Implement user authentication API',
-  });
-  // Generate HMAC headers
-  const headers = generateHMACHeaders(body, secret);
-  // Make request
-  const response = await fetch(`${serverUrl}/trigger`, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      ...headers,
-    },
-    body,
-  });
-  if (!response.ok) {
-    const error = await response.json();
-    throw new Error(`Request failed: ${error.message}`);
-  }
-  const result = await response.json();
-  console.log('Execution started:', result.executionId);
-  return result.executionId;
-}
-/**
- * Example: Check execution status
- */
-async function checkExecutionStatus(executionId) {
-  const serverUrl = 'https://your-server.com:3000';
-  const secret = 'your-shared-secret';
-  // For GET requests, body is empty
-  const body = '';
-  const headers = generateHMACHeaders(body, secret);
-  const response = await fetch(`${serverUrl}/status/${executionId}`, {
-    method: 'GET',
-    headers,
-  });
-  if (!response.ok) {
-    const error = await response.json();
-    throw new Error(`Request failed: ${error.message}`);
-  }
-  const status = await response.json();
-  console.log('Execution status:', status.state);
-  console.log('Duration:', status.duration, 'ms');
-  return status;
-}
-/**
- * Example: Trigger and poll for completion
- */
-async function triggerAndWait() {
-  const executionId = await triggerAgentWithHMAC();
-  console.log('Waiting for execution to complete...');
-  // Poll every 5 seconds
-  while (true) {
-    await new Promise((resolve) => setTimeout(resolve, 5000));
-    const status = await checkExecutionStatus(executionId);
-    if (status.state === 'completed') {
-      console.log('Execution completed successfully!');
-      console.log('Output:', status.output);
-      break;
-    }
-    if (status.state === 'failed') {
-      console.error('Execution failed:', status.error);
-      break;
-    }
-  }
-}
-/**
- * Example: No authentication (localhost only)
- */
-async function triggerAgentLocalhost() {
-  const serverUrl = 'http://localhost:3000';
-  const response = await fetch(`${serverUrl}/trigger`, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      agent: 'backend',
-      task: 'Implement user authentication API',
-    }),
-  });
-  const result = await response.json();
-  console.log('Execution started:', result.executionId);
-  return result.executionId;
-}
-/**
- * Example: Tailscale mode (no auth headers needed)
- */
-async function triggerAgentTailscale() {
-  const serverUrl = 'http://your-tailscale-ip:3000';
-  const response = await fetch(`${serverUrl}/trigger`, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      agent: 'backend',
-      task: 'Implement user authentication API',
-    }),
-  });
-  const result = await response.json();
-  console.log('Execution started:', result.executionId);
-  return result.executionId;
-}
-/**
- * Example: List available agents
- */
-async function listAgents() {
-  const serverUrl = 'http://localhost:3000';
-  const response = await fetch(`${serverUrl}/agents`);
-  const result = await response.json();
-  console.log('Available agents:', result.agents);
-  return result.agents;
-}
-/**
- * Example: List recent executions
- */
-async function listExecutions(filters = {}) {
-  const serverUrl = 'http://localhost:3000';
-  // Build query string
-  const params = new URLSearchParams();
-  if (filters.agent) params.append('agent', filters.agent);
-  if (filters.state) params.append('state', filters.state);
-  if (filters.limit) params.append('limit', filters.limit.toString());
-  const response = await fetch(`${serverUrl}/executions?${params}`);
-  const result = await response.json();
-  console.log(`Found ${result.count} executions`);
-  return result.executions;
-}
-// Export examples
-export default {
-  triggerAgentWithHMAC,
-  checkExecutionStatus,
-  triggerAndWait,
-  triggerAgentLocalhost,
-  triggerAgentTailscale,
-  listAgents,
-  listExecutions,
-};