@jx-grxf/patchpilot 0.3.1-beta → 1.0.0

package/dist/core/workspace.js

@@ -5,6 +5,7 @@ import { platform } from "node:os";
 import path from "node:path";
 import { promisify } from "node:util";
 import { inflateRawSync } from "node:zlib";
+import { MemoryStore } from "./memory.js";
 const execFileAsync = promisify(execFile);
 const ignoredDirectories = new Set([
     ".git",
@@ -61,13 +62,23 @@ const blockedPathNames = new Set([
     ".env.development",
     ".env.production",
     ".env.test",
+    ".envrc",
     ".npmrc",
     ".pypirc",
     ".netrc",
+    "credentials.json",
+    "secrets.json",
     "id_rsa",
     "id_ed25519",
+    "id_ecdsa",
+    "id_dsa",
     "known_hosts"
 ]);
+const blockedPathPatterns = [
+    /(^|\/)(cookies|network\/cookies|login data|web data)$/i,
+    /(^|\/)(chrome|chromium|brave-browser|brave|microsoft edge|edge|arc|firefox|safari)(\/|$)/i,
+    /(^|\/)(default|profile \d+|profiles?)\/(cookies|network\/cookies|login data|web data)$/i
+];
 export const toolSpecs = {
     list_files: {
         name: "list_files",
@@ -117,6 +128,22 @@ export const toolSpecs = {
         permission: "none",
         category: "document"
     },
+    memory_remember: {
+        name: "memory_remember",
+        description: "Store a durable memory for this workspace.",
+        risk: "low",
+        sideEffects: "write",
+        permission: "write",
+        category: "memory"
+    },
+    memory_search: {
+        name: "memory_search",
+        description: "Search durable workspace memories.",
+        risk: "low",
+        sideEffects: "none",
+        permission: "none",
+        category: "memory"
+    },
     git_status: {
         name: "git_status",
         description: "Read the current Git branch and dirty state.",
@@ -198,6 +225,8 @@ export class WorkspaceTools {
     rootRealPath;
     allowWrite;
     allowShell;
+    allowExternalFileAnalysis;
+    memoryEnabled;
     timeoutMs;
     signal;
     approvalHandler;
@@ -207,6 +236,8 @@ export class WorkspaceTools {
         this.rootRealPath = realpath(this.root).catch(() => this.root);
         this.allowWrite = options.allowWrite;
         this.allowShell = options.allowShell;
+        this.allowExternalFileAnalysis = Boolean(options.allowExternalFileAnalysis);
+        this.memoryEnabled = Boolean(options.memoryEnabled);
         this.timeoutMs = options.timeoutMs ?? 60_000;
         this.signal = options.signal;
         this.approvalHandler = options.approvalHandler;
@@ -226,6 +257,10 @@ export class WorkspaceTools {
                     return await this.searchText(readString(call.arguments.query, ""));
                 case "inspect_document":
                     return await this.inspectDocument(readString(call.arguments.path, ""));
+                case "memory_remember":
+                    return await this.memoryRemember(readString(call.arguments.content, ""), readStringArray(call.arguments.tags));
+                case "memory_search":
+                    return await this.memorySearch(readString(call.arguments.query, ""), readNumber(call.arguments.limit, 8));
                 case "git_status":
                     return await this.gitStatus();
                 case "git_diff":
@@ -393,10 +428,18 @@ export class WorkspaceTools {
         if (isSensitivePath(requestedPath)) {
             return denied(`inspect_document denied sensitive path: ${requestedPath}`);
         }
-        const absolutePath = await this.resolveReadPath(requestedPath);
+        const { absolutePath, external } = await this.resolveDocumentPath(requestedPath);
+        if (external) {
+            const approval = await this.requestApproval("inspect_document", "external_file", {
+                path: absolutePath
+            }, `Inspect external file: ${absolutePath}`);
+            if (approval.decision === "deny") {
+                return denied("inspect_document denied by permission policy.", "inspect_document", approval);
+            }
+        }
         const extension = path.extname(absolutePath).toLowerCase();
         if (isLikelyTextFile(absolutePath)) {
-            return await this.readFile(requestedPath);
+            return await this.readTextDocument(absolutePath);
         }
         if (extension === ".pdf") {
             return await extractPdfText(absolutePath, this.timeoutMs, this.signal);
@@ -404,8 +447,66 @@ export class WorkspaceTools {
         if (extension === ".docx") {
             return await extractDocxText(absolutePath);
         }
+        if (isImageFile(absolutePath)) {
+            return await inspectImageFile(absolutePath);
+        }
         return denied(`inspect_document does not support ${extension || "this file type"} yet.`);
     }
+    async readTextDocument(absolutePath) {
+        const content = await readFile(absolutePath, "utf8");
+        const relativePath = path.relative(this.root, absolutePath);
+        return {
+            ok: true,
+            summary: `inspected ${relativePath.startsWith("..") || path.isAbsolute(relativePath) ? absolutePath : relativePath}`,
+            content: clip(content, 20_000),
+            tool: "inspect_document",
+            category: toolSpecs.inspect_document.category
+        };
+    }
+    async memoryRemember(content, tags) {
+        if (!this.memoryEnabled) {
+            return denied("memory_remember requires /experimental memory.", "memory_remember");
+        }
+        if (!this.allowWrite) {
+            const approval = await this.requestApproval("memory_remember", "write", {
+                contentLength: content.length,
+                tags
+            }, `Store durable memory (${content.length} characters).`);
+            if (approval.decision === "deny") {
+                return denied("memory_remember denied by permission policy.", "memory_remember", approval);
+            }
+        }
+        try {
+            const store = new MemoryStore();
+            const entry = store.remember(this.root, content, tags);
+            store.close();
+            return {
+                ok: true,
+                summary: `remembered memory #${entry.id}`,
+                content: `Stored memory #${entry.id}: ${entry.content}`,
+                tool: "memory_remember",
+                category: toolSpecs.memory_remember.category
+            };
+        }
+        catch (error) {
+            return denied(error instanceof Error ? error.message : String(error), "memory_remember");
+        }
+    }
+    async memorySearch(query, limit) {
+        if (!this.memoryEnabled) {
+            return denied("memory_search requires /experimental memory.", "memory_search");
+        }
+        const store = new MemoryStore();
+        const matches = store.search(this.root, query, limit);
+        store.close();
+        return {
+            ok: true,
+            summary: `found ${matches.length} memory match${matches.length === 1 ? "" : "es"}`,
+            content: matches.map((match) => `#${match.id} score ${match.score} ${match.createdAt}\n${match.content}`).join("\n\n") || "No matching memories.",
+            tool: "memory_search",
+            category: toolSpecs.memory_search.category
+        };
+    }
     async searchText(query) {
         if (!query.trim()) {
             return denied("search_text requires a non-empty query.");
@@ -574,10 +675,12 @@ export class WorkspaceTools {
         if (!scripts[normalizedScript]) {
             return denied(`package script not found: ${normalizedScript}`, "run_script");
         }
+        const scriptCommand = scripts[normalizedScript];
         if (!this.allowShell) {
             const approval = await this.requestApproval("run_script", "shell", {
-                script: normalizedScript
-            }, `Run package script: npm run ${normalizedScript}`);
+                script: normalizedScript,
+                command: scriptCommand
+            }, previewPackageScript(normalizedScript, scriptCommand, this.root));
             if (approval.decision === "deny") {
                 return denied("run_script denied by permission policy.", "run_script", approval);
             }
@@ -589,7 +692,7 @@ export class WorkspaceTools {
             content: clip(output.output, 20_000),
             tool: "run_script",
             category: toolSpecs.run_script.category,
-            preview: `npm run ${normalizedScript}`
+            preview: previewPackageScript(normalizedScript, scriptCommand, this.root)
         };
     }
     async runTests() {
@@ -609,7 +712,7 @@ export class WorkspaceTools {
         if (!command.trim()) {
             return denied("run_shell requires a command.");
         }
-        const shellSafetyError = validateShellCommand(command);
+        const shellSafetyError = validateShellCommand(command, this.root);
         if (shellSafetyError) {
             return denied(`run_shell denied. ${shellSafetyError}`);
         }
@@ -675,6 +778,42 @@ export class WorkspaceTools {
         await assertInsideWorkspace(await this.rootRealPath, resolvedPath, requestedPath);
         return resolvedPath;
     }
+    async resolveDocumentPath(requestedPath) {
+        const trimmedPath = requestedPath.trim();
+        if (!path.isAbsolute(trimmedPath)) {
+            return {
+                absolutePath: await this.resolveReadPath(trimmedPath),
+                external: false
+            };
+        }
+        if (isSensitivePath(trimmedPath)) {
+            throw new Error(`inspect_document denied sensitive path: ${requestedPath}`);
+        }
+        const relativePath = path.relative(this.root, trimmedPath);
+        if (!relativePath.startsWith("..") && !path.isAbsolute(relativePath)) {
+            return {
+                absolutePath: await this.resolveReadPath(trimmedPath),
+                external: false
+            };
+        }
+        if (!this.allowExternalFileAnalysis) {
+            throw new Error(`Path escapes workspace: ${requestedPath}. Enable /experimental file-analysis to inspect external files.`);
+        }
+        const extension = path.extname(trimmedPath).toLowerCase();
+        if (!isLikelyTextFile(trimmedPath) && extension !== ".pdf" && extension !== ".docx" && !isImageFile(trimmedPath)) {
+            throw new Error(`external file analysis does not support ${extension || "this file type"} yet.`);
+        }
+        const resolvedPath = await realpath(trimmedPath).catch((error) => {
+            throw new Error(`file not found or unreadable: ${requestedPath} (${error instanceof Error ? error.message : String(error)})`);
+        });
+        if (isSensitivePath(resolvedPath)) {
+            throw new Error(`inspect_document denied sensitive path: ${requestedPath}`);
+        }
+        return {
+            absolutePath: resolvedPath,
+            external: true
+        };
+    }
     async resolveWritePath(requestedPath) {
         const absolutePath = this.resolveInsideWorkspace(requestedPath);
         const rootRealPath = await this.rootRealPath;
@@ -752,7 +891,18 @@ async function searchTextWithRipgrep(workspaceRoot, query, timeoutMs, signal) {
         "!**/.netrc",
         "!**/id_rsa",
         "!**/id_ed25519",
-        "!**/known_hosts"
+        "!**/known_hosts",
+        "!**/Cookies",
+        "!**/Network/Cookies",
+        "!**/Login Data",
+        "!**/Web Data",
+        "!**/Chrome/**",
+        "!**/Chromium/**",
+        "!**/Brave*/**",
+        "!**/Microsoft Edge/**",
+        "!**/Arc/**",
+        "!**/Firefox/**",
+        "!**/Safari/**"
     ];
     return new Promise((resolve) => {
         const child = spawn("rg", [
@@ -839,7 +989,7 @@ async function findNearestExistingParent(absolutePath) {
 function runCommand(command, cwd, timeoutMs, signal) {
     const isWindows = platform() === "win32";
     const shellExecutable = isWindows ? "powershell.exe" : "bash";
-    const shellArgs = isWindows ? ["-NoProfile", "-Command", command] : ["-lc", command];
+    const shellArgs = isWindows ? ["-NoLogo", "-NoProfile", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", command] : ["-lc", command];
     return new Promise((resolve) => {
         const child = spawn(shellExecutable, shellArgs, {
             cwd,
@@ -918,6 +1068,15 @@ function readNumber(value, fallback) {
     }
     return fallback;
 }
+function readStringArray(value) {
+    if (Array.isArray(value)) {
+        return value.filter((item) => typeof item === "string");
+    }
+    if (typeof value === "string") {
+        return value.split(",").map((item) => item.trim()).filter(Boolean);
+    }
+    return [];
+}
 function isPlaceholderPath(value) {
     const normalizedValue = value.trim().toLowerCase().replaceAll("\\", "/");
     return ["relative/path", "path/to/file", "file/path", "<path>", "<file>", "filename"].includes(normalizedValue);
@@ -927,7 +1086,16 @@ function isSensitivePath(value) {
     return normalizedPath
         .split("/")
         .filter(Boolean)
-        .some((part) => blockedPathNames.has(part.toLowerCase()));
+        .some((part) => {
+        const normalizedPart = part.toLowerCase();
+        return (blockedPathNames.has(normalizedPart) ||
+            normalizedPart.endsWith(".pem") ||
+            normalizedPart.endsWith(".key") ||
+            normalizedPart.endsWith(".p12") ||
+            normalizedPart.endsWith(".pfx") ||
+            normalizedPart.startsWith("secrets.") ||
+            normalizedPart.includes("credentials"));
+    }) || blockedPathPatterns.some((pattern) => pattern.test(normalizedPath));
 }
 function denied(message, tool, approval) {
     return {
@@ -942,6 +1110,60 @@ function denied(message, tool, approval) {
 function isLikelyTextFile(filePath) {
     return textFileExtensions.has(path.extname(filePath).toLowerCase());
 }
+function isImageFile(filePath) {
+    return [".png", ".jpg", ".jpeg", ".webp", ".gif"].includes(path.extname(filePath).toLowerCase());
+}
+async function inspectImageFile(filePath) {
+    const buffer = await readFile(filePath);
+    const dimensions = readImageDimensions(buffer, path.extname(filePath).toLowerCase());
+    return {
+        ok: true,
+        summary: `inspected image ${path.basename(filePath)}`,
+        content: [
+            `image: ${path.basename(filePath)}`,
+            `type: ${path.extname(filePath).toLowerCase().replace(".", "") || "unknown"}`,
+            `size: ${buffer.length} bytes`,
+            dimensions ? `dimensions: ${dimensions.width}x${dimensions.height}` : "dimensions: unknown"
+        ].join("\n"),
+        tool: "inspect_document",
+        category: toolSpecs.inspect_document.category
+    };
+}
+function readImageDimensions(buffer, extension) {
+    if (extension === ".png" && buffer.length >= 24 && buffer.subarray(0, 8).equals(Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a]))) {
+        return {
+            width: buffer.readUInt32BE(16),
+            height: buffer.readUInt32BE(20)
+        };
+    }
+    if ((extension === ".jpg" || extension === ".jpeg") && buffer.length >= 4) {
+        let offset = 2;
+        while (offset + 9 < buffer.length) {
+            if (buffer[offset] !== 0xff) {
+                return null;
+            }
+            const marker = buffer[offset + 1];
+            const length = buffer.readUInt16BE(offset + 2);
+            if (marker >= 0xc0 && marker <= 0xc3) {
+                return {
+                    height: buffer.readUInt16BE(offset + 5),
+                    width: buffer.readUInt16BE(offset + 7)
+                };
+            }
+            offset += 2 + length;
+        }
+    }
+    if (extension === ".webp" && buffer.length >= 30 && buffer.subarray(0, 4).toString("ascii") === "RIFF" && buffer.subarray(8, 12).toString("ascii") === "WEBP") {
+        const chunk = buffer.subarray(12, 16).toString("ascii");
+        if (chunk === "VP8X") {
+            return {
+                width: 1 + buffer.readUIntLE(24, 3),
+                height: 1 + buffer.readUIntLE(27, 3)
+            };
+        }
+    }
+    return null;
+}
 async function extractPdfText(filePath, timeoutMs, signal) {
     try {
         const { stdout } = await execFileAsync("pdftotext", ["-layout", filePath, "-"], {
@@ -1058,40 +1280,111 @@ function previewPatch(patchContent) {
     const removed = patchContent.split(/\r?\n/).filter((line) => line.startsWith("-") && !line.startsWith("---")).length;
     return `Apply patch to ${fileSummary} (+${added}/-${removed}).`;
 }
-function validateShellCommand(command) {
+function validateShellCommand(command, workspaceRoot) {
     const trimmedCommand = command.trim();
-    if (/[;&|><`$\n\r]/.test(trimmedCommand)) {
-        return "shell metacharacters are blocked; run a single simple command.";
+    if (/[;&<>`$\n\r]/.test(trimmedCommand)) {
+        return "dangerous shell metacharacters are blocked; pipes are allowed, but command separators, redirects, expansion, and multiline commands are not.";
+    }
+    if (/(^|\s)\|\|(\s|$)/.test(trimmedCommand)) {
+        return "shell command separators are blocked; use a single pipeline.";
     }
     const tokens = trimmedCommand.match(/"[^"]*"|'[^']*'|\S+/g) ?? [];
     if (tokens.length === 0) {
         return "command is empty.";
     }
+    for (const segment of splitPipeline(tokens)) {
+        const segmentError = validateShellSegment(segment);
+        if (segmentError) {
+            return segmentError;
+        }
+    }
+    for (const token of tokens.filter((value) => value !== "|")) {
+        const normalizedToken = stripQuotes(token);
+        if (isSensitivePath(normalizedToken)) {
+            return "sensitive path arguments are blocked.";
+        }
+        if (/(^|[\\/])\.\.([\\/]|$)/.test(normalizedToken)) {
+            return "parent directory traversal is blocked.";
+        }
+        const absolutePath = toAbsoluteShellPath(normalizedToken);
+        if (absolutePath) {
+            const relativePath = path.relative(workspaceRoot, absolutePath);
+            if (relativePath.startsWith("..") || path.isAbsolute(relativePath)) {
+                return "absolute path arguments outside the workspace are blocked. Use inspect_document with /experimental file-analysis for external files.";
+            }
+        }
+    }
+    return null;
+}
+function validateShellSegment(tokens) {
+    if (tokens.length === 0) {
+        return "empty shell pipeline segment.";
+    }
     const executable = stripQuotes(tokens[0] ?? "").toLowerCase();
-    const subcommand = stripQuotes(tokens[1] ?? "").toLowerCase();
+    const subcommand = findCommandSubcommand(executable, tokens.slice(1));
     if (["bash", "sh", "zsh", "fish", "pwsh", "powershell", "powershell.exe", "python", "python3", "node", "ruby", "perl"].includes(executable)) {
         return `executable "${executable}" is blocked.`;
     }
     if (["rm", "rmdir", "mv", "cp"].includes(executable) && tokens.some((token) => /^-.*[fRr]/.test(stripQuotes(token)))) {
         return `destructive ${executable} flags are blocked.`;
     }
-    if (executable === "git" && ["clean", "reset", "push", "checkout", "switch", "branch", "tag"].includes(subcommand)) {
+    if (executable === "git" && subcommand && ["clean", "reset", "push", "checkout", "switch", "branch", "tag"].includes(subcommand)) {
         return `git ${subcommand} is blocked in the shell tool.`;
     }
-    if (executable === "npm" && ["publish", "unpublish", "dist-tag"].includes(subcommand)) {
+    if (executable === "npm" && subcommand && ["publish", "unpublish", "dist-tag"].includes(subcommand)) {
         return `npm ${subcommand} is blocked in the shell tool.`;
     }
-    for (const token of tokens.slice(1)) {
-        const normalizedToken = stripQuotes(token);
-        if (normalizedToken.startsWith("/") || normalizedToken.startsWith("~")) {
-            return "absolute and home-relative paths are blocked.";
+    return null;
+}
+function splitPipeline(tokens) {
+    const segments = [[]];
+    for (const token of tokens) {
+        if (token === "|") {
+            segments.push([]);
+            continue;
         }
-        if (/(^|[\\/])\.\.([\\/]|$)/.test(normalizedToken)) {
-            return "parent directory traversal is blocked.";
+        segments.at(-1)?.push(token);
+    }
+    return segments;
+}
+function findCommandSubcommand(executable, tokens) {
+    for (let index = 0; index < tokens.length; index += 1) {
+        const token = stripQuotes(tokens[index] ?? "");
+        if (!token || token === "--") {
+            continue;
+        }
+        if (executable === "git" && ["-C", "-c", "--git-dir", "--work-tree"].includes(token)) {
+            index += 1;
+            continue;
+        }
+        if (executable === "npm" && ["--prefix", "--userconfig", "--cache"].includes(token)) {
+            index += 1;
+            continue;
+        }
+        if (token.startsWith("-")) {
+            continue;
         }
+        return token.toLowerCase();
     }
     return null;
 }
+function toAbsoluteShellPath(value) {
+    if (!value || value === "|" || value.startsWith("-")) {
+        return null;
+    }
+    if (path.isAbsolute(value)) {
+        return path.resolve(value);
+    }
+    if (value === "~" || value.startsWith("~/")) {
+        return path.resolve(process.env.HOME ?? "", value === "~" ? "." : value.slice(2));
+    }
+    return null;
+}
+function previewPackageScript(name, command, workspaceRoot) {
+    const risk = validateShellCommand(command, workspaceRoot);
+    const prefix = risk ? `Risky package script (${risk})` : "Run package script";
+    return `${prefix}: npm run ${name} -> ${clip(command, 220)}`;
+}
 function stripQuotes(value) {
     return value.replace(/^['"]|['"]$/g, "");
 }