@llmtune/cli 0.1.0 → 0.1.1

package/dist/skills/registry.js

@@ -0,0 +1,162 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SkillRegistry = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const frontmatter_1 = require("./frontmatter");
+const args_1 = require("./args");
+const SKILL_DIRS = () => {
+    const dirs = [];
+    const primary = path.join(os.homedir(), ".llmtune", "skills");
+    dirs.push(primary);
+    return dirs;
+};
+class SkillRegistry {
+    skills = new Map();
+    loadAll(projectRoot) {
+        this.skills.clear();
+        for (const dir of SKILL_DIRS()) {
+            this.loadFromDir(dir, "user");
+        }
+        const managedEnv = process.env.LLMTUNE_MANAGED_SKILLS_DIR;
+        if (managedEnv) {
+            this.loadFromDir(managedEnv, "managed");
+        }
+        if (projectRoot) {
+            const projectDir = path.join(projectRoot, ".llmtune", "skills");
+            this.loadFromDir(projectDir, "project");
+            const compatDir = path.join(projectRoot, ".claude", "skills");
+            this.loadFromDir(compatDir, "project");
+        }
+    }
+    loadFromDir(baseDir, loadedFrom) {
+        const resolved = path.resolve(baseDir);
+        if (!fs.existsSync(resolved) || !fs.statSync(resolved).isDirectory())
+            return;
+        for (const entry of fs.readdirSync(resolved).sort()) {
+            const skillPath = path.join(resolved, entry);
+            if (!fs.statSync(skillPath).isDirectory())
+                continue;
+            const mdPath = path.join(skillPath, "SKILL.md");
+            if (!fs.existsSync(mdPath))
+                continue;
+            const raw = fs.readFileSync(mdPath, "utf-8");
+            const { frontmatter, body } = (0, frontmatter_1.parseFrontmatter)(raw);
+            const description = String(frontmatter.description ?? extractFirstLine(body) ?? `Skill: ${entry}`);
+            const userInvocable = frontmatter["user-invocable"] !== false;
+            const allowedTools = asStrList(frontmatter["allowed-tools"]);
+            const argNames = parseArgNames(frontmatter.arguments);
+            const trustLevel = resolveTrustLevel(frontmatter.trust, loadedFrom);
+            const skill = {
+                name: entry,
+                description,
+                content: body,
+                loadedFrom,
+                userInvocable,
+                allowedTools,
+                argNames,
+                trustLevel,
+                skillRoot: skillPath,
+            };
+            if (!this.skills.has(entry.toLowerCase())) {
+                this.skills.set(entry.toLowerCase(), skill);
+            }
+        }
+    }
+    get(name) {
+        return this.skills.get(name.toLowerCase());
+    }
+    list() {
+        return Array.from(this.skills.values());
+    }
+    listUserInvocable() {
+        return this.list().filter((s) => s.userInvocable);
+    }
+    prepareExecution(name, args) {
+        const skill = this.get(name);
+        if (!skill)
+            return null;
+        const argMap = {};
+        for (let i = 0; i < Math.min(args.length, skill.argNames.length); i++) {
+            argMap[skill.argNames[i]] = args[i];
+        }
+        const userMessage = (0, args_1.substituteArguments)(skill.content, argMap);
+        return {
+            systemPrompt: `You are executing the "${skill.name}" skill. ${skill.description}`,
+            userMessage,
+            allowedTools: skill.allowedTools.length > 0 ? skill.allowedTools : undefined,
+        };
+    }
+}
+exports.SkillRegistry = SkillRegistry;
+function resolveTrustLevel(raw, loadedFrom) {
+    const str = String(raw ?? "").toLowerCase().trim();
+    if (str === "signed")
+        return "signed";
+    if (str === "verified")
+        return "verified";
+    if (str === "community")
+        return "community";
+    if (loadedFrom === "user" || loadedFrom === "project")
+        return "local";
+    return "community";
+}
+function extractFirstLine(body) {
+    for (const line of body.split("\n")) {
+        const stripped = line.trim();
+        if (!stripped || stripped.startsWith("#"))
+            continue;
+        return stripped.slice(0, 200);
+    }
+    return null;
+}
+function parseArgNames(raw) {
+    return asStrList(raw);
+}
+function asStrList(val) {
+    if (val == null)
+        return [];
+    if (Array.isArray(val))
+        return val.map(String).filter(Boolean);
+    const s = String(val).trim();
+    if (!s)
+        return [];
+    if (s.includes(","))
+        return s.split(",").map((x) => x.trim()).filter(Boolean);
+    return [s];
+}
+//# sourceMappingURL=registry.js.map

package/dist/skills/signing/signer.d.ts

@@ -0,0 +1,19 @@
+export interface SkillSignature {
+    algorithm: string;
+    signature: string;
+    publicKey: string;
+    signedAt: string;
+    skillName: string;
+    contentHash: string;
+}
+export declare function hashSkillContent(skillDir: string): string;
+export declare function signSkill(skillDir: string, privateKey: string, publicKey: string): SkillSignature;
+export declare function verifySkill(skillDir: string, expectedPublicKey?: string): {
+    valid: boolean;
+    reason?: string;
+};
+export declare function generateKeyPair(): {
+    publicKey: string;
+    privateKey: string;
+};
+//# sourceMappingURL=signer.d.ts.map

package/dist/skills/signing/signer.js

@@ -0,0 +1,110 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hashSkillContent = hashSkillContent;
+exports.signSkill = signSkill;
+exports.verifySkill = verifySkill;
+exports.generateKeyPair = generateKeyPair;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const crypto = __importStar(require("crypto"));
+const SIGNATURE_FILE = "SIGNATURE.json";
+function hashSkillContent(skillDir) {
+    const mdPath = path.join(skillDir, "SKILL.md");
+    if (!fs.existsSync(mdPath)) {
+        throw new Error(`No SKILL.md found in ${skillDir}`);
+    }
+    const content = fs.readFileSync(mdPath, "utf-8");
+    return crypto.createHash("sha256").update(content).digest("hex");
+}
+function signSkill(skillDir, privateKey, publicKey) {
+    const contentHash = hashSkillContent(skillDir);
+    const skillName = path.basename(skillDir);
+    const signature = crypto
+        .createSign("sha256")
+        .update(contentHash)
+        .sign(privateKey, "base64");
+    const sig = {
+        algorithm: "sha256-rsa",
+        signature,
+        publicKey,
+        signedAt: new Date().toISOString(),
+        skillName,
+        contentHash,
+    };
+    const sigPath = path.join(skillDir, SIGNATURE_FILE);
+    fs.writeFileSync(sigPath, JSON.stringify(sig, null, 2), "utf-8");
+    return sig;
+}
+function verifySkill(skillDir, expectedPublicKey) {
+    const sigPath = path.join(skillDir, SIGNATURE_FILE);
+    const mdPath = path.join(skillDir, "SKILL.md");
+    if (!fs.existsSync(sigPath)) {
+        return { valid: false, reason: "No signature file found" };
+    }
+    if (!fs.existsSync(mdPath)) {
+        return { valid: false, reason: "No SKILL.md found" };
+    }
+    try {
+        const sig = JSON.parse(fs.readFileSync(sigPath, "utf-8"));
+        const content = fs.readFileSync(mdPath, "utf-8");
+        const contentHash = crypto.createHash("sha256").update(content).digest("hex");
+        if (contentHash !== sig.contentHash) {
+            return { valid: false, reason: "Content hash mismatch - skill has been modified" };
+        }
+        if (expectedPublicKey && sig.publicKey !== expectedPublicKey) {
+            return { valid: false, reason: "Public key mismatch - signed by different author" };
+        }
+        const verifier = crypto.createVerify("sha256");
+        verifier.update(sig.contentHash);
+        const isValid = verifier.verify(sig.publicKey, sig.signature, "base64");
+        if (!isValid) {
+            return { valid: false, reason: "Signature verification failed" };
+        }
+        return { valid: true };
+    }
+    catch (err) {
+        return { valid: false, reason: `Verification error: ${err.message}` };
+    }
+}
+function generateKeyPair() {
+    const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
+        modulusLength: 2048,
+        publicKeyEncoding: { type: "spki", format: "pem" },
+        privateKeyEncoding: { type: "pkcs8", format: "pem" },
+    });
+    return { publicKey, privateKey };
+}
+//# sourceMappingURL=signer.js.map

package/dist/skills/trust.d.ts

@@ -0,0 +1,11 @@
+import type { Skill } from "./registry";
+export type TrustLevel = "local" | "community" | "verified" | "signed";
+export interface TrustPolicy {
+    allowedTools: string[];
+    canExecuteBash: boolean;
+    canWriteFiles: boolean;
+}
+export declare function getTrustPolicy(level: TrustLevel): TrustPolicy;
+export declare function resolveTrustLevel(skill: Skill): TrustLevel;
+export declare function isToolAllowedForSkill(toolName: string, trustLevel: TrustLevel): boolean;
+//# sourceMappingURL=trust.d.ts.map

package/dist/skills/trust.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTrustPolicy = getTrustPolicy;
+exports.resolveTrustLevel = resolveTrustLevel;
+exports.isToolAllowedForSkill = isToolAllowedForSkill;
+const POLICIES = {
+    local: {
+        allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
+        canExecuteBash: true,
+        canWriteFiles: true,
+    },
+    community: {
+        allowedTools: ["read", "glob", "grep"],
+        canExecuteBash: false,
+        canWriteFiles: false,
+    },
+    verified: {
+        allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
+        canExecuteBash: true,
+        canWriteFiles: true,
+    },
+    signed: {
+        allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
+        canExecuteBash: true,
+        canWriteFiles: true,
+    },
+};
+function getTrustPolicy(level) {
+    return POLICIES[level];
+}
+function resolveTrustLevel(skill) {
+    if (skill.loadedFrom === "project" || skill.loadedFrom === "user")
+        return "local";
+    if (skill.trustLevel)
+        return skill.trustLevel;
+    return "community";
+}
+function isToolAllowedForSkill(toolName, trustLevel) {
+    const policy = POLICIES[trustLevel];
+    return policy.allowedTools.includes(toolName.toLowerCase());
+}
+//# sourceMappingURL=trust.js.map

package/dist/telemetry/logger.d.ts

@@ -0,0 +1,51 @@
+export type TelemetryEvent = {
+    event: "tool_call";
+    tool: string;
+    latency_ms: number;
+    input_preview?: string;
+} | {
+    event: "llm_response";
+    tokens_in: number;
+    tokens_out: number;
+    cost: number;
+    model: string;
+    latency_ms: number;
+} | {
+    event: "compaction";
+    tokens_saved: number;
+    messages_before: number;
+    messages_after: number;
+    trigger: string;
+} | {
+    event: "error";
+    source: string;
+    error: string;
+    tool?: string;
+} | {
+    event: "session_start";
+    model: string;
+    tools: string[];
+    cwd: string;
+} | {
+    event: "session_end";
+    duration_ms: number;
+    total_tool_calls: number;
+    total_tokens: number;
+};
+export declare function startSessionLog(sessionId: string, meta: {
+    model: string;
+    tools: string[];
+    cwd: string;
+}): void;
+export declare function logEvent(event: TelemetryEvent): void;
+export declare function endSessionLog(stats: {
+    totalToolCalls: number;
+    totalTokens: number;
+}): void;
+export declare function getSessionLogs(sessionId: string): TelemetryEvent[];
+export declare function listSessionLogs(): Array<{
+    sessionId: string;
+    size: number;
+    modified: string;
+}>;
+//# sourceMappingURL=logger.d.ts.map

package/dist/telemetry/logger.js

@@ -0,0 +1,135 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startSessionLog = startSessionLog;
+exports.logEvent = logEvent;
+exports.endSessionLog = endSessionLog;
+exports.getSessionLogs = getSessionLogs;
+exports.listSessionLogs = listSessionLogs;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const config_1 = require("../auth/config");
+let currentSession = null;
+let sessionStartTime = 0;
+function getLogsDir() {
+    const base = process.env.LLMTUNE_LOGS_DIR || path.join((0, config_1.getConfigDir)(), "logs");
+    if (!fs.existsSync(base)) {
+        fs.mkdirSync(base, { recursive: true });
+    }
+    return base;
+}
+function getSessionLogPath(sessionId) {
+    return path.join(getLogsDir(), `${sessionId}.jsonl`);
+}
+function startSessionLog(sessionId, meta) {
+    currentSession = {
+        sessionId,
+        startedAt: new Date().toISOString(),
+        events: [],
+    };
+    sessionStartTime = Date.now();
+    logEvent({ event: "session_start", model: meta.model, tools: meta.tools, cwd: meta.cwd });
+}
+function logEvent(event) {
+    if (!currentSession)
+        return;
+    currentSession.events.push(event);
+    const entry = {
+        ts: new Date().toISOString(),
+        session_id: currentSession.sessionId,
+        ...event,
+    };
+    try {
+        const logPath = getSessionLogPath(currentSession.sessionId);
+        fs.appendFileSync(logPath, JSON.stringify(entry) + "\n", "utf-8");
+    }
+    catch {
+        // Telemetry write failure is non-critical
+    }
+}
+function endSessionLog(stats) {
+    if (!currentSession)
+        return;
+    const durationMs = Date.now() - sessionStartTime;
+    logEvent({
+        event: "session_end",
+        duration_ms: durationMs,
+        total_tool_calls: stats.totalToolCalls,
+        total_tokens: stats.totalTokens,
+    });
+    currentSession = null;
+}
+function getSessionLogs(sessionId) {
+    const logPath = getSessionLogPath(sessionId);
+    try {
+        if (!fs.existsSync(logPath))
+            return [];
+        const lines = fs.readFileSync(logPath, "utf-8").split("\n").filter(Boolean);
+        return lines.map((line) => {
+            try {
+                return JSON.parse(line);
+            }
+            catch {
+                return null;
+            }
+        }).filter((e) => e !== null);
+    }
+    catch {
+        return [];
+    }
+}
+function listSessionLogs() {
+    const dir = getLogsDir();
+    try {
+        if (!fs.existsSync(dir))
+            return [];
+        return fs.readdirSync(dir)
+            .filter((f) => f.endsWith(".jsonl"))
+            .map((f) => {
+            const fullPath = path.join(dir, f);
+            const stat = fs.statSync(fullPath);
+            return {
+                sessionId: f.replace(".jsonl", ""),
+                size: stat.size,
+                modified: stat.mtime.toISOString(),
+            };
+        })
+            .sort((a, b) => b.modified.localeCompare(a.modified));
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=logger.js.map

package/dist/tools/permissions.d.ts

@@ -0,0 +1,20 @@
+export type PermissionBehavior = "allow" | "deny" | "ask";
+export interface PermissionCheckResult {
+    behavior: PermissionBehavior;
+    message?: string;
+    suggestion?: string;
+    updatedInput?: Record<string, unknown>;
+}
+export interface PermissionConfig {
+    allowedTools: Set<string>;
+    deniedTools: Set<string>;
+    sessionTrust: Map<string, boolean>;
+}
+export declare class PermissionManager {
+    private config;
+    constructor();
+    trustTool(toolName: string): void;
+    isTrusted(toolName: string): boolean;
+    check(toolName: string, input: Record<string, unknown>, isDestructive: boolean): Promise<PermissionCheckResult>;
+}
+//# sourceMappingURL=permissions.d.ts.map

package/dist/tools/permissions.js

@@ -0,0 +1,58 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionManager = void 0;
+const prompts_1 = __importDefault(require("@inquirer/prompts"));
+const chalk_1 = __importDefault(require("chalk"));
+class PermissionManager {
+    config;
+    constructor() {
+        this.config = {
+            allowedTools: new Set(),
+            deniedTools: new Set(),
+            sessionTrust: new Map(),
+        };
+    }
+    trustTool(toolName) {
+        this.config.sessionTrust.set(toolName, true);
+    }
+    isTrusted(toolName) {
+        return this.config.sessionTrust.get(toolName) === true;
+    }
+    async check(toolName, input, isDestructive) {
+        if (this.isTrusted(toolName)) {
+            return { behavior: "allow" };
+        }
+        if (this.config.deniedTools.has(toolName)) {
+            return { behavior: "deny", message: `Tool '${toolName}' is denied` };
+        }
+        if (isDestructive) {
+            const command = toolName === "bash" ? input.command : "";
+            const preview = command
+                ? command.slice(0, 80) + (command.length > 80 ? "..." : "")
+                : JSON.stringify(input).slice(0, 100);
+            console.log(chalk_1.default.yellow(`\n⚠ ${toolName} wants to execute:`));
+            console.log(chalk_1.default.dim(preview));
+            const confirmed = await prompts_1.default.confirm({
+                message: `Allow ${toolName}? (y/N)`,
+                default: false,
+            });
+            if (!confirmed) {
+                return { behavior: "deny", message: "User denied" };
+            }
+            const alwaysTrust = await prompts_1.default.confirm({
+                message: `Trust ${toolName} for this session? (y/N)`,
+                default: false,
+            });
+            if (alwaysTrust) {
+                this.trustTool(toolName);
+            }
+            return { behavior: "allow" };
+        }
+        return { behavior: "allow" };
+    }
+}
+exports.PermissionManager = PermissionManager;
+//# sourceMappingURL=permissions.js.map

package/dist/tools/protocol.d.ts

@@ -0,0 +1,22 @@
+export interface ToolSpec {
+    name: string;
+    description: string;
+    inputSchema: Record<string, unknown>;
+    isReadOnly?: boolean;
+    isDestructive?: boolean;
+}
+export interface ToolResult {
+    name: string;
+    output: unknown;
+    isError: boolean;
+    toolUseId?: string;
+}
+export interface ToolContext {
+    cwd: string;
+    workspaceRoot: string;
+}
+export interface Tool {
+    spec(): ToolSpec;
+    run(input: Record<string, unknown>, ctx: ToolContext): ToolResult | Promise<ToolResult>;
+}
+//# sourceMappingURL=protocol.d.ts.map

package/dist/tools/protocol.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=protocol.js.map

package/dist/tools/registry.d.ts

@@ -0,0 +1,20 @@
+import type { Tool, ToolSpec, ToolResult, ToolContext } from "./protocol";
+export type { Tool, ToolSpec, ToolResult, ToolContext };
+export interface ToolDefinition {
+    name: string;
+    description: string;
+    inputSchema: Record<string, unknown>;
+    isReadOnly?: boolean;
+    isDestructive?: boolean;
+    run: (input: Record<string, unknown>, ctx: ToolContext) => ToolResult | Promise<ToolResult>;
+}
+export declare function createTool(def: ToolDefinition): Tool;
+export declare class ToolRegistry {
+    private tools;
+    register(tool: Tool): void;
+    listSpecs(): ToolSpec[];
+    get(name: string): Tool | undefined;
+    dispatch(name: string, input: Record<string, unknown>, ctx: ToolContext): ToolResult;
+    dispatchAsync(name: string, input: Record<string, unknown>, ctx: ToolContext): Promise<ToolResult>;
+}
+//# sourceMappingURL=registry.d.ts.map