@llmtune/cli 0.1.0

package/src/skills/signing/signer.ts

@@ -0,0 +1,101 @@
+import * as fs from "fs"
+import * as path from "path"
+import * as crypto from "crypto"
+
+export interface SkillSignature {
+  algorithm: string
+  signature: string
+  publicKey: string
+  signedAt: string
+  skillName: string
+  contentHash: string
+}
+
+const SIGNATURE_FILE = "SIGNATURE.json"
+
+export function hashSkillContent(skillDir: string): string {
+  const mdPath = path.join(skillDir, "SKILL.md")
+  if (!fs.existsSync(mdPath)) {
+    throw new Error(`No SKILL.md found in ${skillDir}`)
+  }
+  const content = fs.readFileSync(mdPath, "utf-8")
+  return crypto.createHash("sha256").update(content).digest("hex")
+}
+
+export function signSkill(
+  skillDir: string,
+  privateKey: string,
+  publicKey: string,
+): SkillSignature {
+  const contentHash = hashSkillContent(skillDir)
+  const skillName = path.basename(skillDir)
+
+  const signature = crypto
+    .createSign("sha256")
+    .update(contentHash)
+    .sign(privateKey, "base64")
+
+  const sig: SkillSignature = {
+    algorithm: "sha256-rsa",
+    signature,
+    publicKey,
+    signedAt: new Date().toISOString(),
+    skillName,
+    contentHash,
+  }
+
+  const sigPath = path.join(skillDir, SIGNATURE_FILE)
+  fs.writeFileSync(sigPath, JSON.stringify(sig, null, 2), "utf-8")
+
+  return sig
+}
+
+export function verifySkill(
+  skillDir: string,
+  expectedPublicKey?: string,
+): { valid: boolean; reason?: string } {
+  const sigPath = path.join(skillDir, SIGNATURE_FILE)
+  const mdPath = path.join(skillDir, "SKILL.md")
+
+  if (!fs.existsSync(sigPath)) {
+    return { valid: false, reason: "No signature file found" }
+  }
+  if (!fs.existsSync(mdPath)) {
+    return { valid: false, reason: "No SKILL.md found" }
+  }
+
+  try {
+    const sig: SkillSignature = JSON.parse(fs.readFileSync(sigPath, "utf-8"))
+    const content = fs.readFileSync(mdPath, "utf-8")
+    const contentHash = crypto.createHash("sha256").update(content).digest("hex")
+
+    if (contentHash !== sig.contentHash) {
+      return { valid: false, reason: "Content hash mismatch - skill has been modified" }
+    }
+
+    if (expectedPublicKey && sig.publicKey !== expectedPublicKey) {
+      return { valid: false, reason: "Public key mismatch - signed by different author" }
+    }
+
+    const verifier = crypto.createVerify("sha256")
+    verifier.update(sig.contentHash)
+    const isValid = verifier.verify(sig.publicKey, sig.signature, "base64")
+
+    if (!isValid) {
+      return { valid: false, reason: "Signature verification failed" }
+    }
+
+    return { valid: true }
+  } catch (err) {
+    return { valid: false, reason: `Verification error: ${(err as Error).message}` }
+  }
+}
+
+export function generateKeyPair(): { publicKey: string; privateKey: string } {
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
+    modulusLength: 2048,
+    publicKeyEncoding: { type: "spki", format: "pem" },
+    privateKeyEncoding: { type: "pkcs8", format: "pem" },
+  })
+  return { publicKey, privateKey }
+}

package/src/skills/trust.ts

@@ -0,0 +1,50 @@
+import type { Skill } from "./registry"
+
+export type TrustLevel = "local" | "community" | "verified" | "signed"
+
+export interface TrustPolicy {
+  allowedTools: string[]
+  canExecuteBash: boolean
+  canWriteFiles: boolean
+}
+
+const POLICIES: Record<TrustLevel, TrustPolicy> = {
+  local: {
+    allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
+    canExecuteBash: true,
+    canWriteFiles: true,
+  },
+  community: {
+    allowedTools: ["read", "glob", "grep"],
+    canExecuteBash: false,
+    canWriteFiles: false,
+  },
+  verified: {
+    allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
+    canExecuteBash: true,
+    canWriteFiles: true,
+  },
+  signed: {
+    allowedTools: ["read", "write", "edit", "bash", "glob", "grep"],
+    canExecuteBash: true,
+    canWriteFiles: true,
+  },
+}
+
+export function getTrustPolicy(level: TrustLevel): TrustPolicy {
+  return POLICIES[level]
+}
+
+export function resolveTrustLevel(skill: Skill): TrustLevel {
+  if (skill.loadedFrom === "project" || skill.loadedFrom === "user") return "local"
+  if (skill.trustLevel) return skill.trustLevel
+  return "community"
+}
+
+export function isToolAllowedForSkill(
+  toolName: string,
+  trustLevel: TrustLevel
+): boolean {
+  const policy = POLICIES[trustLevel]
+  return policy.allowedTools.includes(toolName.toLowerCase())
+}

package/src/telemetry/logger.ts

@@ -0,0 +1,108 @@
+import * as fs from "fs"
+import * as path from "path"
+import * as os from "os"
+import { getConfigDir } from "../auth/config"
+
+export type TelemetryEvent =
+  | { event: "tool_call"; tool: string; latency_ms: number; input_preview?: string }
+  | { event: "llm_response"; tokens_in: number; tokens_out: number; cost: number; model: string; latency_ms: number }
+  | { event: "compaction"; tokens_saved: number; messages_before: number; messages_after: number; trigger: string }
+  | { event: "error"; source: string; error: string; tool?: string }
+  | { event: "session_start"; model: string; tools: string[]; cwd: string }
+  | { event: "session_end"; duration_ms: number; total_tool_calls: number; total_tokens: number }
+
+interface SessionLog {
+  sessionId: string
+  startedAt: string
+  events: TelemetryEvent[]
+}
+
+let currentSession: SessionLog | null = null
+let sessionStartTime = 0
+
+function getLogsDir(): string {
+  const base = process.env.LLMTUNE_LOGS_DIR || path.join(getConfigDir(), "logs")
+  if (!fs.existsSync(base)) {
+    fs.mkdirSync(base, { recursive: true })
+  }
+  return base
+}
+
+function getSessionLogPath(sessionId: string): string {
+  return path.join(getLogsDir(), `${sessionId}.jsonl`)
+}
+
+export function startSessionLog(sessionId: string, meta: { model: string; tools: string[]; cwd: string }): void {
+  currentSession = {
+    sessionId,
+    startedAt: new Date().toISOString(),
+    events: [],
+  }
+  sessionStartTime = Date.now()
+  logEvent({ event: "session_start", model: meta.model, tools: meta.tools, cwd: meta.cwd })
+}
+
+export function logEvent(event: TelemetryEvent): void {
+  if (!currentSession) return
+  currentSession.events.push(event)
+
+  const entry = {
+    ts: new Date().toISOString(),
+    session_id: currentSession.sessionId,
+    ...event,
+  }
+
+  try {
+    const logPath = getSessionLogPath(currentSession.sessionId)
+    fs.appendFileSync(logPath, JSON.stringify(entry) + "\n", "utf-8")
+  } catch {
+    // Telemetry write failure is non-critical
+  }
+}
+
+export function endSessionLog(stats: { totalToolCalls: number; totalTokens: number }): void {
+  if (!currentSession) return
+  const durationMs = Date.now() - sessionStartTime
+  logEvent({
+    event: "session_end",
+    duration_ms: durationMs,
+    total_tool_calls: stats.totalToolCalls,
+    total_tokens: stats.totalTokens,
+  })
+  currentSession = null
+}
+
+export function getSessionLogs(sessionId: string): TelemetryEvent[] {
+  const logPath = getSessionLogPath(sessionId)
+  try {
+    if (!fs.existsSync(logPath)) return []
+    const lines = fs.readFileSync(logPath, "utf-8").split("\n").filter(Boolean)
+    return lines.map((line) => {
+      try { return JSON.parse(line) as TelemetryEvent }
+      catch { return null }
+    }).filter((e): e is TelemetryEvent => e !== null)
+  } catch {
+    return []
+  }
+}
+
+export function listSessionLogs(): Array<{ sessionId: string; size: number; modified: string }> {
+  const dir = getLogsDir()
+  try {
+    if (!fs.existsSync(dir)) return []
+    return fs.readdirSync(dir)
+      .filter((f) => f.endsWith(".jsonl"))
+      .map((f) => {
+        const fullPath = path.join(dir, f)
+        const stat = fs.statSync(fullPath)
+        return {
+          sessionId: f.replace(".jsonl", ""),
+          size: stat.size,
+          modified: stat.mtime.toISOString(),
+        }
+      })
+      .sort((a, b) => b.modified.localeCompare(a.modified))
+  } catch {
+    return []
+  }
+}

package/src/tools/permissions.ts

@@ -0,0 +1,83 @@
+import inquirer from "@inquirer/prompts"
+import chalk from "chalk"
+
+export type PermissionBehavior = "allow" | "deny" | "ask"
+
+export interface PermissionCheckResult {
+  behavior: PermissionBehavior
+  message?: string
+  suggestion?: string
+  updatedInput?: Record<string, unknown>
+}
+
+export interface PermissionConfig {
+  allowedTools: Set<string>
+  deniedTools: Set<string>
+  sessionTrust: Map<string, boolean>
+}
+
+export class PermissionManager {
+  private config: PermissionConfig
+
+  constructor() {
+    this.config = {
+      allowedTools: new Set(),
+      deniedTools: new Set(),
+      sessionTrust: new Map(),
+    }
+  }
+
+  trustTool(toolName: string): void {
+    this.config.sessionTrust.set(toolName, true)
+  }
+
+  isTrusted(toolName: string): boolean {
+    return this.config.sessionTrust.get(toolName) === true
+  }
+
+  async check(
+    toolName: string,
+    input: Record<string, unknown>,
+    isDestructive: boolean
+  ): Promise<PermissionCheckResult> {
+    if (this.isTrusted(toolName)) {
+      return { behavior: "allow" }
+    }
+
+    if (this.config.deniedTools.has(toolName)) {
+      return { behavior: "deny", message: `Tool '${toolName}' is denied` }
+    }
+
+    if (isDestructive) {
+      const command = toolName === "bash" ? (input.command as string) : ""
+      const preview = command
+        ? command.slice(0, 80) + (command.length > 80 ? "..." : "")
+        : JSON.stringify(input).slice(0, 100)
+
+      console.log(chalk.yellow(`\n⚠ ${toolName} wants to execute:`))
+      console.log(chalk.dim(preview))
+
+      const confirmed = await inquirer.confirm({
+        message: `Allow ${toolName}? (y/N)`,
+        default: false,
+      })
+
+      if (!confirmed) {
+        return { behavior: "deny", message: "User denied" }
+      }
+
+      const alwaysTrust = await inquirer.confirm({
+        message: `Trust ${toolName} for this session? (y/N)`,
+        default: false,
+      })
+
+      if (alwaysTrust) {
+        this.trustTool(toolName)
+      }
+
+      return { behavior: "allow" }
+    }
+
+    return { behavior: "allow" }
+  }
+}

package/src/tools/protocol.ts

@@ -0,0 +1,24 @@
+export interface ToolSpec {
+  name: string
+  description: string
+  inputSchema: Record<string, unknown>
+  isReadOnly?: boolean
+  isDestructive?: boolean
+}
+
+export interface ToolResult {
+  name: string
+  output: unknown
+  isError: boolean
+  toolUseId?: string
+}
+
+export interface ToolContext {
+  cwd: string
+  workspaceRoot: string
+}
+
+export interface Tool {
+  spec(): ToolSpec
+  run(input: Record<string, unknown>, ctx: ToolContext): ToolResult | Promise<ToolResult>
+}

package/src/tools/registry.ts

@@ -0,0 +1,93 @@
+import type { Tool, ToolSpec, ToolResult, ToolContext } from "./protocol"
+import { validateJsonSchema } from "./validation"
+
+export type { Tool, ToolSpec, ToolResult, ToolContext }
+
+export interface ToolDefinition {
+  name: string
+  description: string
+  inputSchema: Record<string, unknown>
+  isReadOnly?: boolean
+  isDestructive?: boolean
+  run: (input: Record<string, unknown>, ctx: ToolContext) => ToolResult | Promise<ToolResult>
+}
+
+class ToolInstance implements Tool {
+  private def: ToolDefinition
+  constructor(def: ToolDefinition) { this.def = def }
+  spec(): ToolSpec {
+    return {
+      name: this.def.name,
+      description: this.def.description,
+      inputSchema: this.def.inputSchema,
+      isReadOnly: this.def.isReadOnly,
+      isDestructive: this.def.isDestructive,
+    }
+  }
+  run(input: Record<string, unknown>, ctx: ToolContext): ToolResult | Promise<ToolResult> {
+    return this.def.run(input, ctx)
+  }
+}
+
+export function createTool(def: ToolDefinition): Tool {
+  return new ToolInstance(def)
+}
+
+export class ToolRegistry {
+  private tools: Map<string, Tool> = new Map()
+
+  register(tool: Tool): void {
+    const spec = tool.spec()
+    const key = spec.name.toLowerCase()
+    if (this.tools.has(key)) {
+      throw new Error(`duplicate tool name: ${spec.name}`)
+    }
+    this.tools.set(key, tool)
+  }
+
+  listSpecs(): ToolSpec[] {
+    return Array.from(this.tools.values()).map((t) => t.spec())
+  }
+
+  get(name: string): Tool | undefined {
+    return this.tools.get(name.toLowerCase())
+  }
+
+  dispatch(name: string, input: Record<string, unknown>, ctx: ToolContext): ToolResult {
+    const tool = this.get(name)
+    if (!tool) {
+      return { name, output: { error: `unknown tool: ${name}` }, isError: true }
+    }
+
+    const spec = tool.spec()
+    try {
+      validateJsonSchema(input, spec.inputSchema)
+    } catch (err: unknown) {
+      const msg = err instanceof Error ? err.message : String(err)
+      return { name: spec.name, output: { error: msg }, isError: true }
+    }
+
+    const result = tool.run(input, ctx)
+    if (result instanceof Promise) {
+      throw new Error("Async tools not supported in sync dispatch. Use dispatchAsync instead.")
+    }
+    return result
+  }
+
+  async dispatchAsync(name: string, input: Record<string, unknown>, ctx: ToolContext): Promise<ToolResult> {
+    const tool = this.get(name)
+    if (!tool) {
+      return { name, output: { error: `unknown tool: ${name}` }, isError: true }
+    }
+
+    const spec = tool.spec()
+    try {
+      validateJsonSchema(input, spec.inputSchema)
+    } catch (err: unknown) {
+      const msg = err instanceof Error ? err.message : String(err)
+      return { name: spec.name, output: { error: msg }, isError: true }
+    }
+
+    return tool.run(input, ctx)
+  }
+}

package/src/tools/sandbox/docker.ts

@@ -0,0 +1,225 @@
+/**
+ * Docker-based tool sandbox for enterprise deployments.
+ * Isolates bash and file write operations inside a Docker container
+ * to prevent accidental or malicious damage to the host system.
+ */
+import { execFile } from "child_process"
+import { promisify } from "util"
+import * as path from "path"
+import * as fs from "fs"
+import * as os from "os"
+import type { ToolResult } from "../protocol"
+
+const execFileAsync = promisify(execFile)
+
+const SANDBOX_IMAGE = "llmtune-sandbox:latest"
+const SANDBOX_WORKDIR = "/workspace"
+const EXECUTION_TIMEOUT_MS = 60_000
+const MAX_OUTPUT_BYTES = 100_000
+
+export interface SandboxConfig {
+  enabled: boolean
+  image: string
+  timeoutMs: number
+  readOnlyPaths: string[]
+  maxMemoryMB: number
+}
+
+export const DEFAULT_SANDBOX_CONFIG: SandboxConfig = {
+  enabled: false,
+  image: SANDBOX_IMAGE,
+  timeoutMs: EXECUTION_TIMEOUT_MS,
+  readOnlyPaths: [],
+  maxMemoryMB: 512,
+}
+
+let sandboxConfig: SandboxConfig = { ...DEFAULT_SANDBOX_CONFIG }
+
+export function configureSandbox(config: Partial<SandboxConfig>): void {
+  sandboxConfig = { ...sandboxConfig, ...config }
+}
+
+export function isSandboxEnabled(): boolean {
+  return sandboxConfig.enabled
+}
+
+export async function isDockerAvailable(): Promise<boolean> {
+  try {
+    const { stdout } = await execFileAsync("docker", ["--version"], {
+      timeout: 5000,
+    })
+    return /docker/i.test(stdout)
+  } catch {
+    return false
+  }
+}
+
+export async function ensureSandboxImage(): Promise<boolean> {
+  try {
+    const { stdout } = await execFileAsync("docker", ["images", "-q", sandboxConfig.image], {
+      timeout: 10000,
+    })
+    if (stdout.trim()) return true
+
+    // Pull the image if not found
+    console.log(`Pulling sandbox image: ${sandboxConfig.image}...`)
+    await execFileAsync("docker", ["pull", sandboxConfig.image], {
+      timeout: 120_000,
+    })
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function runInSandbox(command: string, cwd: string): Promise<ToolResult> {
+  if (!sandboxConfig.enabled) {
+    return {
+      name: "sandbox",
+      output: { error: "Sandbox is not enabled" },
+      isError: true,
+    }
+  }
+
+  const dockerAvailable = await isDockerAvailable()
+  if (!dockerAvailable) {
+    return {
+      name: "sandbox",
+      output: { error: "Docker is not available. Install Docker to use sandbox mode." },
+      isError: true,
+    }
+  }
+
+  const workspaceMount = `${path.resolve(cwd)}:${SANDBOX_WORKDIR}`
+  const memoryLimit = `${sandboxConfig.maxMemoryMB}m`
+  const timeout = Math.min(sandboxConfig.timeoutMs, 120_000)
+
+  const args = [
+    "run",
+    "--rm",
+    "--network", "none",
+    "--memory", memoryLimit,
+    "--cpus", "1",
+    "--timeout", String(Math.ceil(timeout / 1000)),
+    "-v", `${workspaceMount}:ro`,
+    "--workdir", SANDBOX_WORKDIR,
+    sandboxConfig.image,
+    "sh", "-c", command,
+  ]
+
+  try {
+    const { stdout, stderr } = await execFileAsync("docker", args, {
+      timeout: timeout + 10_000,
+      maxBuffer: MAX_OUTPUT_BYTES,
+    })
+
+    let output = ""
+    if (stdout) output += truncateOutput(stdout)
+    if (stderr) {
+      output += "\n--- stderr ---\n"
+      output += truncateOutput(stderr)
+    }
+
+    return {
+      name: "sandbox",
+      output: {
+        stdout: output.trim(),
+        exit_code: 0,
+        sandboxed: true,
+      },
+      isError: false,
+    }
+  } catch (err: unknown) {
+    const execErr = err as { stdout?: string; stderr?: string; killed?: boolean; code?: number }
+    let output = ""
+    if (execErr.stdout) output += truncateOutput(execErr.stdout)
+    if (execErr.stderr) {
+      output += "\n--- stderr ---\n"
+      output += truncateOutput(execErr.stderr)
+    }
+    if (execErr.killed) {
+      output += `\n--- Process killed (timeout or memory limit) ---`
+    }
+
+    return {
+      name: "sandbox",
+      output: {
+        stdout: output.trim(),
+        exit_code: typeof execErr.code === "number" ? execErr.code : 1,
+        sandboxed: true,
+        timed_out: execErr.killed ?? false,
+      },
+      isError: true,
+    }
+  }
+}
+
+export async function writeFileInSandbox(
+  filePath: string,
+  content: string,
+  cwd: string,
+): Promise<ToolResult> {
+  if (!sandboxConfig.enabled) {
+    return {
+      name: "sandbox",
+      output: { error: "Sandbox is not enabled" },
+      isError: true,
+    }
+  }
+
+  // Write to a temp file on host, then copy into container
+  const tmpDir = path.join(os.tmpdir(), "llmtune-sandbox")
+  fs.mkdirSync(tmpDir, { recursive: true })
+  const tmpFile = path.join(tmpDir, `write-${Date.now()}.tmp`)
+  fs.writeFileSync(tmpFile, content, "utf-8")
+
+  try {
+    const absTarget = path.resolve(cwd, filePath)
+    const containerPath = `${SANDBOX_WORKDIR}/${path.relative(cwd, absTarget).replace(/\\/g, "/")}`
+    const workspaceMount = `${path.resolve(cwd)}:${SANDBOX_WORKDIR}`
+
+    const dockerArgs = [
+      "run",
+      "--rm",
+      "--network", "none",
+      "--memory", `${sandboxConfig.maxMemoryMB}m`,
+      "-v", `${workspaceMount}`,
+      "-v", `${tmpFile}:/tmp/write-content.tmp:ro`,
+      "--workdir", SANDBOX_WORKDIR,
+      sandboxConfig.image,
+      "sh", "-c", `mkdir -p "$(dirname '${containerPath}')" && cp /tmp/write-content.tmp '${containerPath}'`,
+    ]
+
+    await execFileAsync("docker", dockerArgs, { timeout: 30_000 })
+
+    return {
+      name: "sandbox",
+      output: {
+        type: "text",
+        filePath,
+        bytesWritten: Buffer.byteLength(content, "utf-8"),
+        sandboxed: true,
+      },
+      isError: false,
+    }
+  } catch (err: unknown) {
+    return {
+      name: "sandbox",
+      output: { error: `Sandbox write failed: ${(err as Error).message}` },
+      isError: true,
+    }
+  } finally {
+    try {
+      fs.unlinkSync(tmpFile)
+    } catch {
+      // cleanup failure is non-critical
+    }
+  }
+}
+
+function truncateOutput(output: string): string {
+  if (output.length > 50_000) {
+    return output.slice(0, 50_000) + "\n... (truncated)"
+  }
+  return output
+}