@llmtune/cli 0.1.0 → 0.1.1

package/src/skills/registry.ts

@@ -1,155 +0,0 @@
-import * as fs from "fs"
-import * as path from "path"
-import * as os from "os"
-import { parseFrontmatter } from "./frontmatter"
-import { substituteArguments } from "./args"
-
-export interface Skill {
-  name: string
-  description: string
-  content: string
-  loadedFrom: "user" | "project" | "managed"
-  userInvocable: boolean
-  allowedTools: string[]
-  argNames: string[]
-  trustLevel: TrustLevel
-  skillRoot: string
-}
-
-export type TrustLevel = "local" | "community" | "verified" | "signed"
-
-export interface SkillExecution {
-  systemPrompt: string
-  userMessage: string
-  allowedTools?: string[]
-}
-
-const SKILL_DIRS = () => {
-  const dirs: string[] = []
-  const primary = path.join(os.homedir(), ".llmtune", "skills")
-  dirs.push(primary)
-  return dirs
-}
-
-export class SkillRegistry {
-  private skills: Map<string, Skill> = new Map()
-
-  loadAll(projectRoot?: string): void {
-    this.skills.clear()
-
-    for (const dir of SKILL_DIRS()) {
-      this.loadFromDir(dir, "user")
-    }
-
-    const managedEnv = process.env.LLMTUNE_MANAGED_SKILLS_DIR
-    if (managedEnv) {
-      this.loadFromDir(managedEnv, "managed")
-    }
-
-    if (projectRoot) {
-      const projectDir = path.join(projectRoot, ".llmtune", "skills")
-      this.loadFromDir(projectDir, "project")
-      const compatDir = path.join(projectRoot, ".claude", "skills")
-      this.loadFromDir(compatDir, "project")
-    }
-  }
-
-  private loadFromDir(baseDir: string, loadedFrom: Skill["loadedFrom"]): void {
-    const resolved = path.resolve(baseDir)
-    if (!fs.existsSync(resolved) || !fs.statSync(resolved).isDirectory()) return
-
-    for (const entry of fs.readdirSync(resolved).sort()) {
-      const skillPath = path.join(resolved, entry)
-      if (!fs.statSync(skillPath).isDirectory()) continue
-
-      const mdPath = path.join(skillPath, "SKILL.md")
-      if (!fs.existsSync(mdPath)) continue
-
-      const raw = fs.readFileSync(mdPath, "utf-8")
-      const { frontmatter, body } = parseFrontmatter(raw)
-
-      const description = String(frontmatter.description ?? extractFirstLine(body) ?? `Skill: ${entry}`)
-      const userInvocable = frontmatter["user-invocable"] !== false
-      const allowedTools = asStrList(frontmatter["allowed-tools"])
-      const argNames = parseArgNames(frontmatter.arguments)
-      const trustLevel = resolveTrustLevel(frontmatter.trust, loadedFrom)
-
-      const skill: Skill = {
-        name: entry,
-        description,
-        content: body,
-        loadedFrom,
-        userInvocable,
-        allowedTools,
-        argNames,
-        trustLevel,
-        skillRoot: skillPath,
-      }
-
-      if (!this.skills.has(entry.toLowerCase())) {
-        this.skills.set(entry.toLowerCase(), skill)
-      }
-    }
-  }
-
-  get(name: string): Skill | undefined {
-    return this.skills.get(name.toLowerCase())
-  }
-
-  list(): Skill[] {
-    return Array.from(this.skills.values())
-  }
-
-  listUserInvocable(): Skill[] {
-    return this.list().filter((s) => s.userInvocable)
-  }
-
-  prepareExecution(name: string, args: string[]): SkillExecution | null {
-    const skill = this.get(name)
-    if (!skill) return null
-
-    const argMap: Record<string, string> = {}
-    for (let i = 0; i < Math.min(args.length, skill.argNames.length); i++) {
-      argMap[skill.argNames[i]] = args[i]
-    }
-
-    const userMessage = substituteArguments(skill.content, argMap)
-
-    return {
-      systemPrompt: `You are executing the "${skill.name}" skill. ${skill.description}`,
-      userMessage,
-      allowedTools: skill.allowedTools.length > 0 ? skill.allowedTools : undefined,
-    }
-  }
-}
-
-function resolveTrustLevel(raw: unknown, loadedFrom: Skill["loadedFrom"]): TrustLevel {
-  const str = String(raw ?? "").toLowerCase().trim()
-  if (str === "signed") return "signed"
-  if (str === "verified") return "verified"
-  if (str === "community") return "community"
-  if (loadedFrom === "user" || loadedFrom === "project") return "local"
-  return "community"
-}
-
-function extractFirstLine(body: string): string | null {
-  for (const line of body.split("\n")) {
-    const stripped = line.trim()
-    if (!stripped || stripped.startsWith("#")) continue
-    return stripped.slice(0, 200)
-  }
-  return null
-}
-
-function parseArgNames(raw: unknown): string[] {
-  return asStrList(raw)
-}
-
-function asStrList(val: unknown): string[] {
-  if (val == null) return []
-  if (Array.isArray(val)) return val.map(String).filter(Boolean)
-  const s = String(val).trim()
-  if (!s) return []
-  if (s.includes(",")) return s.split(",").map((x) => x.trim()).filter(Boolean)
-  return [s]
-}

package/src/skills/signing/signer.ts

@@ -1,101 +0,0 @@
-import * as fs from "fs"
-import * as path from "path"
-import * as crypto from "crypto"
-
-export interface SkillSignature {
-  algorithm: string
-  signature: string
-  publicKey: string
-  signedAt: string
-  skillName: string
-  contentHash: string
-}
-
-const SIGNATURE_FILE = "SIGNATURE.json"
-
-export function hashSkillContent(skillDir: string): string {
-  const mdPath = path.join(skillDir, "SKILL.md")
-  if (!fs.existsSync(mdPath)) {
-    throw new Error(`No SKILL.md found in ${skillDir}`)
-  }
-  const content = fs.readFileSync(mdPath, "utf-8")
-  return crypto.createHash("sha256").update(content).digest("hex")
-}
-
-export function signSkill(
-  skillDir: string,
-  privateKey: string,
-  publicKey: string,
-): SkillSignature {
-  const contentHash = hashSkillContent(skillDir)
-  const skillName = path.basename(skillDir)
-
-  const signature = crypto
-    .createSign("sha256")
-    .update(contentHash)
-    .sign(privateKey, "base64")
-
-  const sig: SkillSignature = {
-    algorithm: "sha256-rsa",
-    signature,
-    publicKey,
-    signedAt: new Date().toISOString(),
-    skillName,
-    contentHash,
-  }
-
-  const sigPath = path.join(skillDir, SIGNATURE_FILE)
-  fs.writeFileSync(sigPath, JSON.stringify(sig, null, 2), "utf-8")
-
-  return sig
-}
-
-export function verifySkill(
-  skillDir: string,
-  expectedPublicKey?: string,
-): { valid: boolean; reason?: string } {
-  const sigPath = path.join(skillDir, SIGNATURE_FILE)
-  const mdPath = path.join(skillDir, "SKILL.md")
-
-  if (!fs.existsSync(sigPath)) {
-    return { valid: false, reason: "No signature file found" }
-  }
-  if (!fs.existsSync(mdPath)) {
-    return { valid: false, reason: "No SKILL.md found" }
-  }
-
-  try {
-    const sig: SkillSignature = JSON.parse(fs.readFileSync(sigPath, "utf-8"))
-    const content = fs.readFileSync(mdPath, "utf-8")
-    const contentHash = crypto.createHash("sha256").update(content).digest("hex")
-
-    if (contentHash !== sig.contentHash) {
-      return { valid: false, reason: "Content hash mismatch - skill has been modified" }
-    }
-
-    if (expectedPublicKey && sig.publicKey !== expectedPublicKey) {
-      return { valid: false, reason: "Public key mismatch - signed by different author" }
-    }
-
-    const verifier = crypto.createVerify("sha256")
-    verifier.update(sig.contentHash)
-    const isValid = verifier.verify(sig.publicKey, sig.signature, "base64")
-
-    if (!isValid) {
-      return { valid: false, reason: "Signature verification failed" }
-    }
-
-    return { valid: true }
-  } catch (err) {
-    return { valid: false, reason: `Verification error: ${(err as Error).message}` }
-  }
-}
-
-export function generateKeyPair(): { publicKey: string; privateKey: string } {
-  const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
-    modulusLength: 2048,
-    publicKeyEncoding: { type: "spki", format: "pem" },
-    privateKeyEncoding: { type: "pkcs8", format: "pem" },
-  })
-  return { publicKey, privateKey }
-}

package/src/skills/trust.ts

@@ -1,50 +0,0 @@
-import type { Skill } from "./registry"
-
-export type TrustLevel = "local" | "community" | "verified" | "signed"
-
-export interface TrustPolicy {
-  allowedTools: string[]
-  canExecuteBash: boolean
-  canWriteFiles: boolean
-}
-
-const POLICIES: Record<TrustLevel, TrustPolicy> = {
-  local: {
-    allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
-    canExecuteBash: true,
-    canWriteFiles: true,
-  },
-  community: {
-    allowedTools: ["read", "glob", "grep"],
-    canExecuteBash: false,
-    canWriteFiles: false,
-  },
-  verified: {
-    allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
-    canExecuteBash: true,
-    canWriteFiles: true,
-  },
-  signed: {
-    allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
-    canExecuteBash: true,
-    canWriteFiles: true,
-  },
-}
-
-export function getTrustPolicy(level: TrustLevel): TrustPolicy {
-  return POLICIES[level]
-}
-
-export function resolveTrustLevel(skill: Skill): TrustLevel {
-  if (skill.loadedFrom === "project" || skill.loadedFrom === "user") return "local"
-  if (skill.trustLevel) return skill.trustLevel
-  return "community"
-}
-
-export function isToolAllowedForSkill(
-  toolName: string,
-  trustLevel: TrustLevel
-): boolean {
-  const policy = POLICIES[trustLevel]
-  return policy.allowedTools.includes(toolName.toLowerCase())
-}

package/src/telemetry/logger.ts

@@ -1,108 +0,0 @@
-import * as fs from "fs"
-import * as path from "path"
-import * as os from "os"
-import { getConfigDir } from "../auth/config"
-
-export type TelemetryEvent =
-  | { event: "tool_call"; tool: string; latency_ms: number; input_preview?: string }
-  | { event: "llm_response"; tokens_in: number; tokens_out: number; cost: number; model: string; latency_ms: number }
-  | { event: "compaction"; tokens_saved: number; messages_before: number; messages_after: number; trigger: string }
-  | { event: "error"; source: string; error: string; tool?: string }
-  | { event: "session_start"; model: string; tools: string[]; cwd: string }
-  | { event: "session_end"; duration_ms: number; total_tool_calls: number; total_tokens: number }
-
-interface SessionLog {
-  sessionId: string
-  startedAt: string
-  events: TelemetryEvent[]
-}
-
-let currentSession: SessionLog | null = null
-let sessionStartTime = 0
-
-function getLogsDir(): string {
-  const base = process.env.LLMTUNE_LOGS_DIR || path.join(getConfigDir(), "logs")
-  if (!fs.existsSync(base)) {
-    fs.mkdirSync(base, { recursive: true })
-  }
-  return base
-}
-
-function getSessionLogPath(sessionId: string): string {
-  return path.join(getLogsDir(), `${sessionId}.jsonl`)
-}
-
-export function startSessionLog(sessionId: string, meta: { model: string; tools: string[]; cwd: string }): void {
-  currentSession = {
-    sessionId,
-    startedAt: new Date().toISOString(),
-    events: [],
-  }
-  sessionStartTime = Date.now()
-  logEvent({ event: "session_start", model: meta.model, tools: meta.tools, cwd: meta.cwd })
-}
-
-export function logEvent(event: TelemetryEvent): void {
-  if (!currentSession) return
-  currentSession.events.push(event)
-
-  const entry = {
-    ts: new Date().toISOString(),
-    session_id: currentSession.sessionId,
-    ...event,
-  }
-
-  try {
-    const logPath = getSessionLogPath(currentSession.sessionId)
-    fs.appendFileSync(logPath, JSON.stringify(entry) + "\n", "utf-8")
-  } catch {
-    // Telemetry write failure is non-critical
-  }
-}
-
-export function endSessionLog(stats: { totalToolCalls: number; totalTokens: number }): void {
-  if (!currentSession) return
-  const durationMs = Date.now() - sessionStartTime
-  logEvent({
-    event: "session_end",
-    duration_ms: durationMs,
-    total_tool_calls: stats.totalToolCalls,
-    total_tokens: stats.totalTokens,
-  })
-  currentSession = null
-}
-
-export function getSessionLogs(sessionId: string): TelemetryEvent[] {
-  const logPath = getSessionLogPath(sessionId)
-  try {
-    if (!fs.existsSync(logPath)) return []
-    const lines = fs.readFileSync(logPath, "utf-8").split("\n").filter(Boolean)
-    return lines.map((line) => {
-      try { return JSON.parse(line) as TelemetryEvent }
-      catch { return null }
-    }).filter((e): e is TelemetryEvent => e !== null)
-  } catch {
-    return []
-  }
-}
-
-export function listSessionLogs(): Array<{ sessionId: string; size: number; modified: string }> {
-  const dir = getLogsDir()
-  try {
-    if (!fs.existsSync(dir)) return []
-    return fs.readdirSync(dir)
-      .filter((f) => f.endsWith(".jsonl"))
-      .map((f) => {
-        const fullPath = path.join(dir, f)
-        const stat = fs.statSync(fullPath)
-        return {
-          sessionId: f.replace(".jsonl", ""),
-          size: stat.size,
-          modified: stat.mtime.toISOString(),
-        }
-      })
-      .sort((a, b) => b.modified.localeCompare(a.modified))
-  } catch {
-    return []
-  }
-}

package/src/tools/permissions.ts

@@ -1,83 +0,0 @@
-import inquirer from "@inquirer/prompts"
-import chalk from "chalk"
-
-export type PermissionBehavior = "allow" | "deny" | "ask"
-
-export interface PermissionCheckResult {
-  behavior: PermissionBehavior
-  message?: string
-  suggestion?: string
-  updatedInput?: Record<string, unknown>
-}
-
-export interface PermissionConfig {
-  allowedTools: Set<string>
-  deniedTools: Set<string>
-  sessionTrust: Map<string, boolean>
-}
-
-export class PermissionManager {
-  private config: PermissionConfig
-
-  constructor() {
-    this.config = {
-      allowedTools: new Set(),
-      deniedTools: new Set(),
-      sessionTrust: new Map(),
-    }
-  }
-
-  trustTool(toolName: string): void {
-    this.config.sessionTrust.set(toolName, true)
-  }
-
-  isTrusted(toolName: string): boolean {
-    return this.config.sessionTrust.get(toolName) === true
-  }
-
-  async check(
-    toolName: string,
-    input: Record<string, unknown>,
-    isDestructive: boolean
-  ): Promise<PermissionCheckResult> {
-    if (this.isTrusted(toolName)) {
-      return { behavior: "allow" }
-    }
-
-    if (this.config.deniedTools.has(toolName)) {
-      return { behavior: "deny", message: `Tool '${toolName}' is denied` }
-    }
-
-    if (isDestructive) {
-      const command = toolName === "bash" ? (input.command as string) : ""
-      const preview = command
-        ? command.slice(0, 80) + (command.length > 80 ? "..." : "")
-        : JSON.stringify(input).slice(0, 100)
-
-      console.log(chalk.yellow(`\n⚠ ${toolName} wants to execute:`))
-      console.log(chalk.dim(preview))
-
-      const confirmed = await inquirer.confirm({
-        message: `Allow ${toolName}? (y/N)`,
-        default: false,
-      })
-
-      if (!confirmed) {
-        return { behavior: "deny", message: "User denied" }
-      }
-
-      const alwaysTrust = await inquirer.confirm({
-        message: `Trust ${toolName} for this session? (y/N)`,
-        default: false,
-      })
-
-      if (alwaysTrust) {
-        this.trustTool(toolName)
-      }
-
-      return { behavior: "allow" }
-    }
-
-    return { behavior: "allow" }
-  }
-}

package/src/tools/protocol.ts

@@ -1,24 +0,0 @@
-export interface ToolSpec {
-  name: string
-  description: string
-  inputSchema: Record<string, unknown>
-  isReadOnly?: boolean
-  isDestructive?: boolean
-}
-
-export interface ToolResult {
-  name: string
-  output: unknown
-  isError: boolean
-  toolUseId?: string
-}
-
-export interface ToolContext {
-  cwd: string
-  workspaceRoot: string
-}
-
-export interface Tool {
-  spec(): ToolSpec
-  run(input: Record<string, unknown>, ctx: ToolContext): ToolResult | Promise<ToolResult>
-}

package/src/tools/registry.ts

@@ -1,93 +0,0 @@
-import type { Tool, ToolSpec, ToolResult, ToolContext } from "./protocol"
-import { validateJsonSchema } from "./validation"
-
-export type { Tool, ToolSpec, ToolResult, ToolContext }
-
-export interface ToolDefinition {
-  name: string
-  description: string
-  inputSchema: Record<string, unknown>
-  isReadOnly?: boolean
-  isDestructive?: boolean
-  run: (input: Record<string, unknown>, ctx: ToolContext) => ToolResult | Promise<ToolResult>
-}
-
-class ToolInstance implements Tool {
-  private def: ToolDefinition
-  constructor(def: ToolDefinition) { this.def = def }
-  spec(): ToolSpec {
-    return {
-      name: this.def.name,
-      description: this.def.description,
-      inputSchema: this.def.inputSchema,
-      isReadOnly: this.def.isReadOnly,
-      isDestructive: this.def.isDestructive,
-    }
-  }
-  run(input: Record<string, unknown>, ctx: ToolContext): ToolResult | Promise<ToolResult> {
-    return this.def.run(input, ctx)
-  }
-}
-
-export function createTool(def: ToolDefinition): Tool {
-  return new ToolInstance(def)
-}
-
-export class ToolRegistry {
-  private tools: Map<string, Tool> = new Map()
-
-  register(tool: Tool): void {
-    const spec = tool.spec()
-    const key = spec.name.toLowerCase()
-    if (this.tools.has(key)) {
-      throw new Error(`duplicate tool name: ${spec.name}`)
-    }
-    this.tools.set(key, tool)
-  }
-
-  listSpecs(): ToolSpec[] {
-    return Array.from(this.tools.values()).map((t) => t.spec())
-  }
-
-  get(name: string): Tool | undefined {
-    return this.tools.get(name.toLowerCase())
-  }
-
-  dispatch(name: string, input: Record<string, unknown>, ctx: ToolContext): ToolResult {
-    const tool = this.get(name)
-    if (!tool) {
-      return { name, output: { error: `unknown tool: ${name}` }, isError: true }
-    }
-
-    const spec = tool.spec()
-    try {
-      validateJsonSchema(input, spec.inputSchema)
-    } catch (err: unknown) {
-      const msg = err instanceof Error ? err.message : String(err)
-      return { name: spec.name, output: { error: msg }, isError: true }
-    }
-
-    const result = tool.run(input, ctx)
-    if (result instanceof Promise) {
-      throw new Error("Async tools not supported in sync dispatch. Use dispatchAsync instead.")
-    }
-    return result
-  }
-
-  async dispatchAsync(name: string, input: Record<string, unknown>, ctx: ToolContext): Promise<ToolResult> {
-    const tool = this.get(name)
-    if (!tool) {
-      return { name, output: { error: `unknown tool: ${name}` }, isError: true }
-    }
-
-    const spec = tool.spec()
-    try {
-      validateJsonSchema(input, spec.inputSchema)
-    } catch (err: unknown) {
-      const msg = err instanceof Error ? err.message : String(err)
-      return { name: spec.name, output: { error: msg }, isError: true }
-    }
-
-    return tool.run(input, ctx)
-  }
-}