@johpaz/hive-core 0.1.1

package/src/security/index.ts

@@ -0,0 +1,187 @@
+import type { Config } from "../config/loader.ts";
+import { logger } from "../utils/logger.ts";
+
+export interface RateLimitConfig {
+  windowMs: number;
+  maxRequests: number;
+}
+
+export interface RateLimitEntry {
+  count: number;
+  resetAt: number;
+}
+
+export class RateLimiter {
+  private limits: Map<string, RateLimitEntry> = new Map();
+  private config: RateLimitConfig;
+  private log = logger.child("rate-limiter");
+
+  constructor(config: RateLimitConfig) {
+    this.config = config;
+    this.startCleanup();
+  }
+
+  check(key: string): { allowed: boolean; remaining: number; resetAt: number } {
+    const now = Date.now();
+    const entry = this.limits.get(key);
+
+    if (!entry || now > entry.resetAt) {
+      const resetAt = now + this.config.windowMs;
+      this.limits.set(key, { count: 1, resetAt });
+      return { allowed: true, remaining: this.config.maxRequests - 1, resetAt };
+    }
+
+    if (entry.count >= this.config.maxRequests) {
+      this.log.warn(`Rate limit exceeded for ${key}`);
+      return { allowed: false, remaining: 0, resetAt: entry.resetAt };
+    }
+
+    entry.count++;
+    return { 
+      allowed: true, 
+      remaining: this.config.maxRequests - entry.count, 
+      resetAt: entry.resetAt 
+    };
+  }
+
+  reset(key: string): void {
+    this.limits.delete(key);
+  }
+
+  private startCleanup(): void {
+    setInterval(() => {
+      const now = Date.now();
+      for (const [key, entry] of this.limits) {
+        if (now > entry.resetAt) {
+          this.limits.delete(key);
+        }
+      }
+    }, this.config.windowMs);
+  }
+}
+
+export class InputValidator {
+  private maxMessageLength: number;
+  private maxCommandArgs: number;
+  private log = logger.child("validator");
+
+  constructor(options: { maxMessageLength?: number; maxCommandArgs?: number } = {}) {
+    this.maxMessageLength = options.maxMessageLength ?? 100000;
+    this.maxCommandArgs = options.maxCommandArgs ?? 50;
+  }
+
+  validateMessage(content: string): { valid: boolean; error?: string } {
+    if (typeof content !== "string") {
+      return { valid: false, error: "Message must be a string" };
+    }
+
+    if (content.length === 0) {
+      return { valid: false, error: "Message cannot be empty" };
+    }
+
+    if (content.length > this.maxMessageLength) {
+      this.log.warn(`Message too long: ${content.length} > ${this.maxMessageLength}`);
+      return { 
+        valid: false, 
+        error: `Message too long (max ${this.maxMessageLength} characters)` 
+      };
+    }
+
+    return { valid: true };
+  }
+
+  validateCommand(name: string, args: string[]): { valid: boolean; error?: string } {
+    if (!name || typeof name !== "string") {
+      return { valid: false, error: "Command name is required" };
+    }
+
+    if (!/^[a-z0-9_-]+$/.test(name)) {
+      return { valid: false, error: "Invalid command name format" };
+    }
+
+    if (args.length > this.maxCommandArgs) {
+      return { valid: false, error: `Too many arguments (max ${this.maxCommandArgs})` };
+    }
+
+    return { valid: true };
+  }
+
+  validateSessionId(sessionId: string): { valid: boolean; error?: string } {
+    if (!sessionId || typeof sessionId !== "string") {
+      return { valid: false, error: "Session ID is required" };
+    }
+
+    const pattern = /^agent:[a-z0-9_-]+:[a-z0-9_-]+:(main|dm|group)(?::[a-z0-9_-]+)?$/;
+    if (!pattern.test(sessionId)) {
+      return { valid: false, error: "Invalid session ID format" };
+    }
+
+    return { valid: true };
+  }
+
+  sanitizeInput(input: string): string {
+    return input
+      .replace(/\x00/g, "")
+      .replace(/[\x1F\x7F]/g, "")
+      .trim();
+  }
+}
+
+export class AuthManager {
+  private config: Config;
+  private allowedUsers: Set<string>;
+  private log = logger.child("auth");
+
+  constructor(config: Config) {
+    this.config = config;
+    this.allowedUsers = new Set(config.security?.allowedUsers ?? []);
+  }
+
+  isAllowed(peerId: string, channel: string): boolean {
+    if (this.allowedUsers.size === 0) {
+      return true;
+    }
+
+    const channelConfig = this.config.channels?.[channel as keyof typeof this.config.channels];
+    if (channelConfig && typeof channelConfig === "object" && "allowFrom" in channelConfig) {
+      const allowFrom = (channelConfig as { allowFrom?: string[] }).allowFrom;
+      if (allowFrom && allowFrom.length > 0) {
+        return allowFrom.includes(peerId);
+      }
+    }
+
+    return this.allowedUsers.has(peerId);
+  }
+
+  addAllowedUser(peerId: string): void {
+    this.allowedUsers.add(peerId);
+    this.log.info(`Added allowed user: ${peerId}`);
+  }
+
+  removeAllowedUser(peerId: string): boolean {
+    const removed = this.allowedUsers.delete(peerId);
+    if (removed) {
+      this.log.info(`Removed allowed user: ${peerId}`);
+    }
+    return removed;
+  }
+
+  listAllowedUsers(): string[] {
+    return Array.from(this.allowedUsers);
+  }
+}
+
+export function createRateLimiter(config: RateLimitConfig): RateLimiter {
+  return new RateLimiter(config);
+}
+
+export function createInputValidator(options?: {
+  maxMessageLength?: number;
+  maxCommandArgs?: number;
+}): InputValidator {
+  return new InputValidator(options);
+}
+
+export function createAuthManager(config: Config): AuthManager {
+  return new AuthManager(config);
+}

package/src/tools/cron.ts

@@ -0,0 +1,156 @@
+import type { Tool } from "./registry.ts";
+import type { Config } from "../config/loader.ts";
+import { logger } from "../utils/logger.ts";
+
+export interface CronJob {
+  id: string;
+  sessionId: string;
+  expression: string;
+  task: string;
+  enabled: boolean;
+  lastRun?: Date;
+  nextRun?: Date;
+  createdAt: Date;
+}
+
+export function createCronTools(_config: Config): Tool[] {
+  const log = logger.child("cron");
+  const jobs: Map<string, CronJob> = new Map();
+  let jobIdCounter = 0;
+
+  const cronAdd: Tool = {
+    name: "cron_add",
+    description: "Add a scheduled task",
+    parameters: {
+      type: "object",
+      properties: {
+        expression: {
+          type: "string",
+          description: "Cron expression (e.g., '0 9 * * *' for daily at 9am)",
+        },
+        task: {
+          type: "string",
+          description: "Task description or message to send",
+        },
+        sessionId: {
+          type: "string",
+          description: "Session to send the task to",
+        },
+      },
+      required: ["expression", "task"],
+    },
+    execute: async (params: Record<string, unknown>) => {
+      const expression = params.expression as string;
+      const task = params.task as string;
+      const sessionId = (params.sessionId as string) ?? "agent:main:main";
+
+      const id = `cron-${++jobIdCounter}`;
+      
+      const job: CronJob = {
+        id,
+        sessionId,
+        expression,
+        task,
+        enabled: true,
+        createdAt: new Date(),
+      };
+
+      jobs.set(id, job);
+      log.info(`Added cron job: ${id}`, { expression, task });
+
+      return { success: true, jobId: id, job };
+    },
+  };
+
+  const cronList: Tool = {
+    name: "cron_list",
+    description: "List all scheduled tasks",
+    parameters: {
+      type: "object",
+      properties: {},
+    },
+    execute: async () => {
+      const jobList = Array.from(jobs.values()).map((j) => ({
+        id: j.id,
+        expression: j.expression,
+        task: j.task.slice(0, 100),
+        enabled: j.enabled,
+        lastRun: j.lastRun,
+      }));
+
+      return { jobs: jobList, count: jobList.length };
+    },
+  };
+
+  const cronRemove: Tool = {
+    name: "cron_remove",
+    description: "Remove a scheduled task",
+    parameters: {
+      type: "object",
+      properties: {
+        jobId: {
+          type: "string",
+          description: "The ID of the job to remove",
+        },
+      },
+      required: ["jobId"],
+    },
+    execute: async (params: Record<string, unknown>) => {
+      const jobId = params.jobId as string;
+
+      if (!jobs.has(jobId)) {
+        throw new Error(`Job not found: ${jobId}`);
+      }
+
+      jobs.delete(jobId);
+      log.info(`Removed cron job: ${jobId}`);
+
+      return { success: true, removedJob: jobId };
+    },
+  };
+
+  const cronEdit: Tool = {
+    name: "cron_edit",
+    description: "Edit a scheduled task",
+    parameters: {
+      type: "object",
+      properties: {
+        jobId: {
+          type: "string",
+          description: "The ID of the job to edit",
+        },
+        expression: {
+          type: "string",
+          description: "New cron expression",
+        },
+        task: {
+          type: "string",
+          description: "New task description",
+        },
+        enabled: {
+          type: "boolean",
+          description: "Enable or disable the job",
+        },
+      },
+      required: ["jobId"],
+    },
+    execute: async (params: Record<string, unknown>) => {
+      const jobId = params.jobId as string;
+      const job = jobs.get(jobId);
+
+      if (!job) {
+        throw new Error(`Job not found: ${jobId}`);
+      }
+
+      if (params.expression) job.expression = params.expression as string;
+      if (params.task) job.task = params.task as string;
+      if (params.enabled !== undefined) job.enabled = params.enabled as boolean;
+
+      log.info(`Edited cron job: ${jobId}`);
+
+      return { success: true, job };
+    },
+  };
+
+  return [cronAdd, cronList, cronRemove, cronEdit];
+}

package/src/tools/exec.ts

@@ -0,0 +1,105 @@
+import type { Tool } from "./registry.ts";
+import type { Config } from "../config/loader.ts";
+import { logger } from "../utils/logger.ts";
+
+export function createExecTool(config: Config): Tool | null {
+  const execConfig = config.tools?.exec;
+  
+  if (!execConfig?.enabled) {
+    return null;
+  }
+
+  const allowlist = execConfig.allowlist ?? [];
+  const denylist = execConfig.denylist ?? [
+    "rm -rf /",
+    "sudo",
+    "chmod 777",
+    "> /dev/",
+    "mkfs",
+  ];
+  const timeout = (execConfig.timeoutSeconds ?? 30) * 1000;
+  const workDir = execConfig.workDir?.replace(/^~/, process.env.HOME ?? "") ?? process.cwd();
+
+  const log = logger.child("exec");
+
+  const isAllowed = (command: string): { allowed: boolean; reason?: string } => {
+    if (allowlist.length > 0) {
+      const baseCmd = command.split(" ")[0] ?? "";
+      if (!allowlist.some((allowed) => baseCmd === allowed || command.startsWith(allowed))) {
+        return { allowed: false, reason: `Command not in allowlist: ${baseCmd}` };
+      }
+    }
+
+    for (const denied of denylist) {
+      if (command.includes(denied)) {
+        return { allowed: false, reason: `Command matches denylist pattern: ${denied}` };
+      }
+    }
+
+    return { allowed: true };
+  };
+
+  return {
+    name: "exec",
+    description: "Execute shell commands with allowlist/denylist restrictions",
+    parameters: {
+      type: "object",
+      properties: {
+        command: {
+          type: "string",
+          description: "The shell command to execute",
+        },
+        timeout: {
+          type: "number",
+          description: "Timeout in seconds (optional, default from config)",
+        },
+        cwd: {
+          type: "string",
+          description: "Working directory (optional)",
+        },
+      },
+      required: ["command"],
+    },
+    execute: async (params: Record<string, unknown>) => {
+      const command = params.command as string;
+      const cmdTimeout = ((params.timeout as number) ?? timeout / 1000) * 1000;
+      const cwd = (params.cwd as string)?.replace(/^~/, process.env.HOME ?? "") ?? workDir;
+
+      const check = isAllowed(command);
+      if (!check.allowed) {
+        throw new Error(check.reason ?? "Command not allowed");
+      }
+
+      log.debug(`Executing: ${command}`);
+
+      try {
+        const proc = Bun.spawn(["sh", "-c", command], {
+          cwd,
+          timeout: cmdTimeout,
+          maxBuffer: 10 * 1024 * 1024,
+        });
+
+        const stdout = await new Response(proc.stdout).text();
+        const stderr = await new Response(proc.stderr).text();
+        const exitCode = await proc.exited;
+
+        if (exitCode === 0) {
+          return {
+            stdout: stdout.slice(-10000),
+            stderr: stderr.slice(-5000),
+            exitCode,
+          };
+        } else {
+          throw new Error(`Command exited with code ${exitCode}: ${stderr.slice(0, 500)}`);
+        }
+      } catch (error) {
+        const err = error as Error;
+        if (err.message.includes("exit")) {
+          throw error;
+        }
+        log.error(`Exec failed: ${err.message}`);
+        throw new Error(`Failed to execute command: ${err.message}`);
+      }
+    },
+  };
+}

package/src/tools/index.ts

@@ -0,0 +1,6 @@
+export * from "./registry.ts";
+export * from "./read.ts";
+export * from "./exec.ts";
+export * from "./web.ts";
+export * from "./notify.ts";
+export * from "./cron.ts";

package/src/tools/memory.ts

@@ -0,0 +1,176 @@
+import type { Tool, ToolResult } from "./registry.ts";
+import type { MemoryStore, Note } from "../memory/notes.ts";
+
+export function memoryWriteTool(memory: MemoryStore): Tool {
+  return {
+    name: "memory_write",
+    description: "Store information in long-term memory. Use this to remember important facts, user preferences, or context for future conversations.",
+    parameters: {
+      type: "object",
+      properties: {
+        title: {
+          type: "string",
+          description: "A descriptive title for this memory entry",
+        },
+        content: {
+          type: "string",
+          description: "The content to store in memory",
+        },
+      },
+      required: ["title", "content"],
+    },
+    execute: async (params: Record<string, unknown>): Promise<ToolResult> => {
+      const title = params.title as string;
+      const content = params.content as string;
+
+      if (!title || !content) {
+        return { success: false, error: "Title and content are required" };
+      }
+
+      const note = memory.write(title, content);
+      return {
+        success: true,
+        result: {
+          title: note.title,
+          updatedAt: note.updatedAt.toISOString(),
+        },
+      };
+    },
+  };
+}
+
+export function memoryReadTool(memory: MemoryStore): Tool {
+  return {
+    name: "memory_read",
+    description: "Retrieve information from long-term memory by title.",
+    parameters: {
+      type: "object",
+      properties: {
+        title: {
+          type: "string",
+          description: "The title of the memory entry to retrieve",
+        },
+      },
+      required: ["title"],
+    },
+    execute: async (params: Record<string, unknown>): Promise<ToolResult> => {
+      const title = params.title as string;
+
+      if (!title) {
+        return { success: false, error: "Title is required" };
+      }
+
+      const note = memory.read(title);
+      if (!note) {
+        return { success: false, error: `Memory not found: ${title}` };
+      }
+
+      return {
+        success: true,
+        result: {
+          title: note.title,
+          content: note.content,
+          createdAt: note.createdAt.toISOString(),
+          updatedAt: note.updatedAt.toISOString(),
+        },
+      };
+    },
+  };
+}
+
+export function memoryListTool(memory: MemoryStore): Tool {
+  return {
+    name: "memory_list",
+    description: "List all memory entries.",
+    parameters: {
+      type: "object",
+      properties: {},
+    },
+    execute: async (_params: Record<string, unknown>): Promise<ToolResult> => {
+      const notes = memory.list();
+      return {
+        success: true,
+        result: {
+          count: notes.length,
+          entries: notes.map((n) => ({ title: n.title })),
+        },
+      };
+    },
+  };
+}
+
+export function memorySearchTool(memory: MemoryStore): Tool {
+  return {
+    name: "memory_search",
+    description: "Search memory entries by content.",
+    parameters: {
+      type: "object",
+      properties: {
+        query: {
+          type: "string",
+          description: "The search query",
+        },
+      },
+      required: ["query"],
+    },
+    execute: async (params: Record<string, unknown>): Promise<ToolResult> => {
+      const query = params.query as string;
+
+      if (!query) {
+        return { success: false, error: "Query is required" };
+      }
+
+      const results = memory.search(query);
+      return {
+        success: true,
+        result: {
+          query,
+          count: results.length,
+          results: results.map((n: Note) => ({
+            title: n.title,
+            snippet: n.content.slice(0, 200) + (n.content.length > 200 ? "..." : ""),
+          })),
+        },
+      };
+    },
+  };
+}
+
+export function memoryDeleteTool(memory: MemoryStore): Tool {
+  return {
+    name: "memory_delete",
+    description: "Delete a memory entry by title.",
+    parameters: {
+      type: "object",
+      properties: {
+        title: {
+          type: "string",
+          description: "The title of the memory entry to delete",
+        },
+      },
+      required: ["title"],
+    },
+    execute: async (params: Record<string, unknown>): Promise<ToolResult> => {
+      const title = params.title as string;
+
+      if (!title) {
+        return { success: false, error: "Title is required" };
+      }
+
+      const deleted = memory.delete(title);
+      return {
+        success: deleted,
+        result: deleted ? { message: `Deleted: ${title}` } : { message: `Not found: ${title}` },
+        error: deleted ? undefined : `Memory not found: ${title}`,
+      };
+    },
+  };
+}
+
+export function registerMemoryTools(registry: { register: (tool: Tool) => void }, memory: MemoryStore): void {
+  registry.register(memoryWriteTool(memory));
+  registry.register(memoryReadTool(memory));
+  registry.register(memoryListTool(memory));
+  registry.register(memorySearchTool(memory));
+  registry.register(memoryDeleteTool(memory));
+}

package/src/tools/notify.ts

@@ -0,0 +1,53 @@
+import type { Tool } from "./registry.ts";
+import { logger } from "../utils/logger.ts";
+
+export function createNotifyTool(): Tool {
+  const log = logger.child("notify");
+
+  return {
+    name: "notify",
+    description: "Send a system notification",
+    parameters: {
+      type: "object",
+      properties: {
+        title: {
+          type: "string",
+          description: "Notification title",
+        },
+        message: {
+          type: "string",
+          description: "Notification message",
+        },
+        urgency: {
+          type: "string",
+          enum: ["low", "normal", "critical"],
+          description: "Notification urgency level",
+        },
+      },
+      required: ["title", "message"],
+    },
+    execute: async (params: Record<string, unknown>) => {
+      const title = params.title as string;
+      const message = params.message as string;
+      const urgency = (params.urgency as string) ?? "normal";
+
+      log.debug(`Sending notification: ${title}`);
+
+      if (process.platform === "darwin") {
+        const cmd = `osascript -e 'display notification "${message}" with title "${title}"'`;
+        await Bun.$`${{ raw: cmd }}`.quiet();
+      } else if (process.platform === "linux") {
+        const urgencyFlag = urgency === "critical" ? "-u critical" : urgency === "low" ? "-u low" : "";
+        const cmd = `notify-send ${urgencyFlag} "${title}" "${message}"`;
+        await Bun.$`${{ raw: cmd }}`.quiet().catch(() => {
+          log.warn("notify-send not available");
+        });
+      } else {
+        log.warn(`Notifications not supported on ${process.platform}`);
+        return { success: false, reason: "Platform not supported" };
+      }
+
+      return { success: true, title, message };
+    },
+  };
+}