@llmtune/cli 0.1.7 → 0.1.9

package/dist/context/cache.js

@@ -1,8 +1,118 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getContext = getContext;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const crypto = __importStar(require("crypto"));
 const builder_1 = require("./builder");
+const CACHE_DIR = path.join(os.homedir(), ".llmtune", "cache", "context");
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+function getCachePath(hash) {
+    return path.join(CACHE_DIR, `${hash}.json`);
+}
+function computeCacheKey(workspaceRoot, cwd) {
+    // Hash based on workspace root, cwd, and relevant file mtimes
+    const hasher = crypto.createHash("sha256");
+    hasher.update(`root:${workspaceRoot}`);
+    hasher.update(`cwd:${cwd}`);
+    // Include mtimes of instruction files
+    const instructionFiles = ["LLMTUNE.md", "CLAUDE.md", ".llmtune", ".claude"];
+    for (const name of instructionFiles) {
+        for (const dir of [cwd, workspaceRoot]) {
+            const fp = path.join(dir, name);
+            try {
+                const stat = fs.statSync(fp);
+                if (stat.isFile()) {
+                    hasher.update(`${fp}:${stat.mtimeMs}`);
+                }
+            }
+            catch { /* skip */ }
+        }
+    }
+    return hasher.digest("hex").slice(0, 24);
+}
 async function getContext(workspaceRoot, cwd, options) {
+    const useCache = options?.useCache !== false; // default true
+    if (useCache) {
+        const key = computeCacheKey(workspaceRoot, cwd);
+        const cachePath = getCachePath(key);
+        try {
+            const stat = fs.statSync(cachePath);
+            const age = Date.now() - stat.mtimeMs;
+            if (age < CACHE_TTL_MS) {
+                const cached = JSON.parse(fs.readFileSync(cachePath, "utf-8"));
+                return cached;
+            }
+        }
+        catch { /* cache miss */ }
+        // Build fresh context and cache it
+        const result = await (0, builder_1.buildContextPrompt)(workspaceRoot, cwd, options);
+        try {
+            if (!fs.existsSync(CACHE_DIR)) {
+                fs.mkdirSync(CACHE_DIR, { recursive: true });
+            }
+            fs.writeFileSync(cachePath, JSON.stringify(result), "utf-8");
+            // Prune old cache entries (keep last 20)
+            pruneCache();
+        }
+        catch { /* cache write failure is non-critical */ }
+        return result;
+    }
     return (0, builder_1.buildContextPrompt)(workspaceRoot, cwd, options);
 }
+function pruneCache(maxEntries = 20) {
+    try {
+        const entries = fs.readdirSync(CACHE_DIR)
+            .filter(f => f.endsWith(".json"))
+            .map(f => ({
+            name: f,
+            path: path.join(CACHE_DIR, f),
+            mtime: fs.statSync(path.join(CACHE_DIR, f)).mtimeMs,
+        }))
+            .sort((a, b) => b.mtime - a.mtime);
+        if (entries.length > maxEntries) {
+            for (const entry of entries.slice(maxEntries)) {
+                try {
+                    fs.unlinkSync(entry.path);
+                }
+                catch { /* skip */ }
+            }
+        }
+    }
+    catch { /* skip */ }
+}
 //# sourceMappingURL=cache.js.map

package/dist/context/workspace.js

@@ -97,7 +97,8 @@ async function walkDir(root, relDir, visitor, depth = 0) {
             continue;
         const relPath = relDir ? `${relDir}/${entry.name}` : entry.name;
         const isDir = entry.isDirectory();
-        await visitor(entry.name, relDir, isDir);
+        // FIX: was passing relDir instead of relPath — key file detection was broken
+        await visitor(entry.name, relPath, isDir);
         if (isDir && depth < 3) {
             await walkDir(root, relPath, visitor, depth + 1);
         }

package/dist/index.js

@@ -43,11 +43,22 @@ const config_1 = require("./auth/config");
 const client_1 = require("./auth/client");
 const repl_1 = require("./repl/repl");
 const version_1 = require("./version");
+const banner_1 = require("./ui/banner");
 const program = new commander_1.Command();
 program
     .name("llmtune")
     .description("AI CLI Agent powered by llmtune.io")
     .version(version_1.CLI_VERSION);
+// Default action: show banner + help when no subcommand
+program.action(() => {
+    console.log((0, banner_1.renderBanner)());
+    console.log(chalk_1.default.dim("  Quick start:"));
+    console.log(chalk_1.default.dim(`    ${chalk_1.default.bold("llmtune login")}   Configure your API key`));
+    console.log(chalk_1.default.dim(`    ${chalk_1.default.bold("llmtune chat")}    Start an interactive session`));
+    console.log(chalk_1.default.dim(`    ${chalk_1.default.bold("llmtune doctor")}  Diagnose your setup`));
+    console.log("");
+    program.outputHelp();
+});
 program
     .command("login")
     .description("Configure API key and settings")
@@ -60,6 +71,7 @@ program
     .description("Start interactive coding session")
     .option("-m, --model <model>", "Model to use")
     .option("--no-stream", "Disable streaming")
+    .option("--resume", "Resume most recent session")
     .action(async (options) => {
     if (!(0, config_1.isLoggedIn)()) {
         console.log(chalk_1.default.red('Not logged in. Run "llmtune login" first.'));
@@ -69,11 +81,23 @@ program
     const client = (0, client_1.createClient)();
     const model = options.model ?? config.defaultModel ?? "z-ai/GLM-5.1";
     const apiBase = config.apiBase ?? "https://api.llmtune.io/api/agent/v1";
-    console.log(chalk_1.default.cyan("\nLLMTune CLI"));
-    console.log(chalk_1.default.dim(`Connected to ${apiBase}`));
-    console.log(chalk_1.default.dim(`Model: ${model}`));
-    console.log(chalk_1.default.dim("Type /help for commands, /exit to quit\n"));
-    await (0, repl_1.startRepl)({ client, model, stream: options.stream !== false });
+    // Render the LLMTune ASCII art banner
+    console.log((0, banner_1.renderBanner)());
+    // Connection info — only here, not duplicated in startRepl
+    console.log(chalk_1.default.dim(`  Connected to ${apiBase}`));
+    console.log(chalk_1.default.dim(`  Model: ${model}`));
+    console.log(chalk_1.default.dim(`  Type /help for commands, /exit to quit`));
+    console.log("");
+    // Quietly check for updates on startup
+    try {
+        const { checkForUpdate } = await Promise.resolve().then(() => __importStar(require("./commands/update")));
+        const latest = checkForUpdate();
+        if (latest) {
+            console.log(chalk_1.default.dim(`  📦 Update available: v${version_1.CLI_VERSION} → v${latest}. Run: llmtune update\n`));
+        }
+    }
+    catch { /* non-critical */ }
+    await (0, repl_1.startRepl)({ client, model, stream: options.stream !== false, resume: options.resume });
 });
 program
     .command("models")
@@ -89,6 +113,34 @@ program
     const { showConfig } = await Promise.resolve().then(() => __importStar(require("./commands/config")));
     showConfig();
 });
+program
+    .command("balance")
+    .description("Show account balance and usage")
+    .action(async () => {
+    const { balanceCommand } = await Promise.resolve().then(() => __importStar(require("./commands/balance")));
+    await balanceCommand();
+});
+program
+    .command("doctor")
+    .description("Diagnose CLI setup and configuration")
+    .action(async () => {
+    const { doctorCommand } = await Promise.resolve().then(() => __importStar(require("./commands/doctor")));
+    await doctorCommand();
+});
+program
+    .command("update")
+    .description("Check for and install CLI updates")
+    .action(async () => {
+    const { updateCommand } = await Promise.resolve().then(() => __importStar(require("./commands/update")));
+    await updateCommand();
+});
+program
+    .command("logout")
+    .description("Remove saved API key")
+    .action(() => {
+    (0, config_1.logout)();
+    console.log(chalk_1.default.green("✓ Logged out successfully."));
+});
 // Skills marketplace commands
 const skillsCmd = program.command("skills").description("Manage skills (list, install, publish, sign)");
 skillsCmd

package/dist/repl/repl.d.ts

@@ -3,6 +3,7 @@ export interface ReplOptions {
     client: OpenAI;
     model: string;
     stream: boolean;
+    resume?: boolean;
 }
 export declare function startRepl(options: ReplOptions): Promise<void>;
 //# sourceMappingURL=repl.d.ts.map

package/dist/repl/repl.js

@@ -60,28 +60,28 @@ const trust_1 = require("../skills/trust");
 const service_2 = require("../memory/service");
 const logger_1 = require("../telemetry/logger");
 const config_1 = require("../auth/config");
-const version_1 = require("../version");
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const HELP_TEXT = `
-${chalk_1.default.bold("LLMTune CLI - Commands:")}
-
-  ${chalk_1.default.cyan("/help")}            Show this help
-  ${chalk_1.default.cyan("/clear")}          Clear conversation history
-  ${chalk_1.default.cyan("/context")}        Show detailed context usage breakdown
-  ${chalk_1.default.cyan("/compact")}        Compact conversation (LLM summary)
-  ${chalk_1.default.cyan("/uncompact")}      Restore conversation from before compaction
-  ${chalk_1.default.cyan("/model <name>")}   Switch model
-  ${chalk_1.default.cyan("/stream")}         Toggle streaming mode
-  ${chalk_1.default.cyan("/verbose")}        Toggle verbose tool output
-  ${chalk_1.default.cyan("/trust <tool>")}   Trust a tool (skip confirmations)
-  ${chalk_1.default.cyan("/skills")}         List available skills
-  ${chalk_1.default.cyan("/memory")}         Show memory contents
-  ${chalk_1.default.cyan("/save")}           Save conversation to file
-  ${chalk_1.default.cyan("/exit")}           Exit REPL
-
-  ${chalk_1.default.gray("Type your message and press Enter to chat.")}
-  ${chalk_1.default.gray("Multi-line: end a line with '\\' to continue.")}
+const HELP_TEXT = `
+${chalk_1.default.bold("LLMTune CLI - Commands:")}
+
+  ${chalk_1.default.cyan("/help")}            Show this help
+  ${chalk_1.default.cyan("/clear")}          Clear conversation history
+  ${chalk_1.default.cyan("/context")}        Show detailed context usage breakdown
+  ${chalk_1.default.cyan("/compact")}        Compact conversation (LLM summary)
+  ${chalk_1.default.cyan("/uncompact")}      Restore conversation from before compaction
+  ${chalk_1.default.cyan("/model <name>")}   Switch model
+  ${chalk_1.default.cyan("/stream")}         Toggle streaming mode
+  ${chalk_1.default.cyan("/verbose")}        Toggle verbose tool output
+  ${chalk_1.default.cyan("/trust <tool>")}   Trust a tool (skip confirmations)
+  ${chalk_1.default.cyan("/skills")}         List available skills
+  ${chalk_1.default.cyan("/memory")}         Show memory contents
+  ${chalk_1.default.cyan("/balance")}        Show account balance
+  ${chalk_1.default.cyan("/save")}           Save conversation to file
+  ${chalk_1.default.cyan("/exit")}           Exit REPL
+
+  ${chalk_1.default.gray("Type your message and press Enter to chat.")}
+  ${chalk_1.default.gray("Multi-line: end a line with '\\' to continue.")}
 `.trim();
 async function startRepl(options) {
     const registry = new registry_1.ToolRegistry();
@@ -110,13 +110,12 @@ async function startRepl(options) {
     let currentModel = options.model;
     let streamMode = options.stream;
     let verbose = false;
-    console.log(chalk_1.default.cyan(`\nLLMTune CLI v${version_1.CLI_VERSION}`));
-    console.log(chalk_1.default.dim(`Model: ${currentModel}`));
-    console.log(chalk_1.default.dim(`Tools: ${registry.listSpecs().map((s) => s.name).join(", ")}`));
+    // Show tools & skills only (banner/version/model already printed by chat command)
+    console.log(chalk_1.default.dim(`  Tools: ${registry.listSpecs().map((s) => s.name).join(", ")}`));
     if (skillList.length > 0) {
-        console.log(chalk_1.default.dim(`Skills: ${skillList.map((s) => s.name).join(", ")}`));
+        console.log(chalk_1.default.dim(`  Skills: ${skillList.map((s) => s.name).join(", ")}`));
     }
-    console.log(chalk_1.default.dim(`Type /help for commands, /exit to quit.\n`));
+    console.log("");
     const rl = (0, readline_1.createInterface)({
         input: process.stdin,
         output: process.stdout,
@@ -138,7 +137,7 @@ async function startRepl(options) {
             return;
         }
         // Check for skill execution: /skill-name [args]
-        if (fullInput.startsWith("/") && !fullInput.startsWith("/help") && !fullInput.startsWith("/exit") && !fullInput.startsWith("/quit") && !fullInput.startsWith("/clear") && !fullInput.startsWith("/context") && !fullInput.startsWith("/compact") && !fullInput.startsWith("/uncompact") && !fullInput.startsWith("/model") && !fullInput.startsWith("/stream") && !fullInput.startsWith("/verbose") && !fullInput.startsWith("/trust") && !fullInput.startsWith("/skills") && !fullInput.startsWith("/memory") && !fullInput.startsWith("/save")) {
+        if (fullInput.startsWith("/") && !fullInput.startsWith("/help") && !fullInput.startsWith("/exit") && !fullInput.startsWith("/quit") && !fullInput.startsWith("/clear") && !fullInput.startsWith("/context") && !fullInput.startsWith("/compact") && !fullInput.startsWith("/uncompact") && !fullInput.startsWith("/model") && !fullInput.startsWith("/stream") && !fullInput.startsWith("/verbose") && !fullInput.startsWith("/trust") && !fullInput.startsWith("/skills") && !fullInput.startsWith("/memory") && !fullInput.startsWith("/save") && !fullInput.startsWith("/balance")) {
             const parts = fullInput.slice(1).split(/\s+/);
             const skillName = parts[0];
             const skillArgs = parts.slice(1);
@@ -203,6 +202,7 @@ async function startRepl(options) {
         }
         // Normal chat
         try {
+            const startTime = Date.now();
             const result = await (0, loop_1.runAgentLoop)(options.client, conversation, registry, fullInput, {
                 model: currentModel,
                 maxTurns: 50,
@@ -214,17 +214,20 @@ async function startRepl(options) {
             });
             if (result.totalTokensIn > 0 || result.totalTokensOut > 0) {
                 const cost = estimateCostFromUsage(result.totalTokensIn, result.totalTokensOut);
-                console.log(chalk_1.default.dim(`  [${result.turns} turn${result.turns !== 1 ? "s" : ""} | ` +
-                    `${result.totalToolCalls} tool calls | ` +
-                    `${result.totalTokensIn + result.totalTokensOut} tokens | ` +
-                    `~$${cost.toFixed(4)}]`));
+                const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+                const costStr = cost < 0.001 ? `<$0.001` : `~$${cost.toFixed(4)}`;
+                console.log(chalk_1.default.dim(`  [${elapsed}s | ` +
+                    `${result.turns} turn${result.turns !== 1 ? "s" : ""} | ` +
+                    `${result.totalToolCalls} tool${result.totalToolCalls !== 1 ? "s" : ""} | ` +
+                    `${result.totalTokensIn + result.totalTokensOut} tok | ` +
+                    `${costStr}]`));
                 (0, logger_1.logEvent)({
                     event: "llm_response",
                     model: currentModel,
                     tokens_in: result.totalTokensIn,
                     tokens_out: result.totalTokensOut,
                     cost,
-                    latency_ms: 0,
+                    latency_ms: Date.now() - startTime,
                 });
             }
         }
@@ -257,10 +260,12 @@ async function handleCommand(input, ctx) {
         case "/q":
             console.log(chalk_1.default.dim("Goodbye!"));
             process.exit(0);
-        case "/clear":
-            ctx.conversation.messages.length = 0;
+        case "/clear": {
+            // Use splice to properly clear messages array
+            ctx.conversation.messages.splice(0, ctx.conversation.messages.length);
             console.log(chalk_1.default.green("Conversation cleared."));
             break;
+        }
         case "/context": {
             const ctxResult = await (0, builder_1.buildContextPrompt)(ctx.cwd, ctx.cwd, { model: ctx.getModel() });
             const analysis = (0, analyzer_1.analyzeContextUsage)({
@@ -368,8 +373,20 @@ async function handleCommand(input, ctx) {
             }
             break;
         }
+        case "/balance": {
+            try {
+                const { balanceCommand } = await Promise.resolve().then(() => __importStar(require("../commands/balance")));
+                await balanceCommand();
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                console.log(chalk_1.default.red(`Failed to fetch balance: ${msg}`));
+            }
+            break;
+        }
         case "/save": {
-            const savePath = path.join(process.cwd(), `llmtune-session-${Date.now()}.json`);
+            const timestamp = new Date().toISOString().replace(/[:.]/g, "-").slice(0, 19);
+            const savePath = path.join(process.cwd(), `llmtune-session-${timestamp}.json`);
             fs.writeFileSync(savePath, JSON.stringify(ctx.conversation.getApiMessages(), null, 2), "utf-8");
             console.log(chalk_1.default.green(`Session saved to: ${savePath}`));
             break;

package/dist/tools/permissions.d.ts

@@ -15,6 +15,8 @@ export declare class PermissionManager {
     constructor();
     trustTool(toolName: string): void;
     isTrusted(toolName: string): boolean;
+    /** Get list of all trusted tool names for this session */
+    trustedTools(): string[];
     check(toolName: string, input: Record<string, unknown>, isDestructive: boolean): Promise<PermissionCheckResult>;
 }
 //# sourceMappingURL=permissions.d.ts.map

package/dist/tools/permissions.js

@@ -4,7 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PermissionManager = void 0;
-const prompts_1 = __importDefault(require("@inquirer/prompts"));
+const prompts_1 = require("@inquirer/prompts");
 const chalk_1 = __importDefault(require("chalk"));
 class PermissionManager {
     config;
@@ -21,6 +21,15 @@ class PermissionManager {
     isTrusted(toolName) {
         return this.config.sessionTrust.get(toolName) === true;
     }
+    /** Get list of all trusted tool names for this session */
+    trustedTools() {
+        const trusted = [];
+        for (const [name, isTrusted] of this.config.sessionTrust) {
+            if (isTrusted)
+                trusted.push(name);
+        }
+        return trusted;
+    }
     async check(toolName, input, isDestructive) {
         if (this.isTrusted(toolName)) {
             return { behavior: "allow" };
@@ -35,14 +44,14 @@ class PermissionManager {
                 : JSON.stringify(input).slice(0, 100);
             console.log(chalk_1.default.yellow(`\n⚠ ${toolName} wants to execute:`));
             console.log(chalk_1.default.dim(preview));
-            const confirmed = await prompts_1.default.confirm({
+            const confirmed = await (0, prompts_1.confirm)({
                 message: `Allow ${toolName}? (y/N)`,
                 default: false,
             });
             if (!confirmed) {
                 return { behavior: "deny", message: "User denied" };
             }
-            const alwaysTrust = await prompts_1.default.confirm({
+            const alwaysTrust = await (0, prompts_1.confirm)({
                 message: `Trust ${toolName} for this session? (y/N)`,
                 default: false,
             });

package/dist/tools/sanitize.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Security: validate that a file path is within the workspace root.
+ * Prevents path traversal attacks (e.g. ../../etc/passwd).
+ */
+export declare function sanitizeFilePath(filePath: string, workspaceRoot: string): string;
+/**
+ * Validate a URL is safe for web-fetch (http/https only, no internal IPs by default).
+ */
+export declare function sanitizeUrl(url: string): void;
+//# sourceMappingURL=sanitize.d.ts.map

package/dist/tools/sanitize.js

@@ -0,0 +1,87 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeFilePath = sanitizeFilePath;
+exports.sanitizeUrl = sanitizeUrl;
+const path = __importStar(require("path"));
+/**
+ * Security: validate that a file path is within the workspace root.
+ * Prevents path traversal attacks (e.g. ../../etc/passwd).
+ */
+function sanitizeFilePath(filePath, workspaceRoot) {
+    const resolved = path.resolve(workspaceRoot, filePath);
+    // Normalize for comparison (handle .., ., symlinks)
+    const normalizedWorkspace = path.normalize(workspaceRoot);
+    const normalizedResolved = path.normalize(resolved);
+    if (!normalizedResolved.startsWith(normalizedWorkspace + path.sep) &&
+        normalizedResolved !== normalizedWorkspace) {
+        throw new Error(`Path traversal blocked: "${filePath}" resolves outside workspace root. ` +
+            `Resolved: ${normalizedResolved}, Workspace: ${normalizedWorkspace}`);
+    }
+    return resolved;
+}
+/**
+ * Validate a URL is safe for web-fetch (http/https only, no internal IPs by default).
+ */
+function sanitizeUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error(`Invalid URL: ${url}`);
+    }
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        throw new Error(`Only http:// and https:// URLs are allowed. Got: ${parsed.protocol}`);
+    }
+    // Block internal IPs (basic SSRF protection)
+    const hostname = parsed.hostname;
+    const internalPatterns = [
+        /^127\./,
+        /^10\./,
+        /^172\.(1[6-9]|2\d|3[01])\./,
+        /^192\.168\./,
+        /^0\./,
+        /^localhost$/i,
+        /^::1$/,
+        /^fd/i,
+    ];
+    for (const pattern of internalPatterns) {
+        if (pattern.test(hostname)) {
+            throw new Error(`Internal/private network addresses are not allowed: ${hostname}`);
+        }
+    }
+}
+//# sourceMappingURL=sanitize.js.map

package/dist/tools/tools/edit.js

@@ -35,7 +35,7 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.editTool = void 0;
 const fs = __importStar(require("fs/promises"));
-const path = __importStar(require("path"));
+const sanitize_1 = require("../sanitize");
 exports.editTool = {
     spec() {
         return {
@@ -78,7 +78,13 @@ exports.editTool = {
         if (!oldString) {
             return { name: "edit", output: { error: "old_string is required" }, isError: true };
         }
-        const resolved = path.resolve(ctx.cwd, filePath);
+        let resolved;
+        try {
+            resolved = (0, sanitize_1.sanitizeFilePath)(filePath, ctx.workspaceRoot);
+        }
+        catch (err) {
+            return { name: "edit", output: { error: err.message }, isError: true };
+        }
         let content;
         try {
             content = await fs.readFile(resolved, "utf-8");

package/dist/tools/tools/grep.js

@@ -86,7 +86,7 @@ exports.grepTool = {
                 const includeOpt = include ? ` --include="${include}"` : "";
                 cmd = `grep -r -n -E${includeOpt} "${pattern.replace(/"/g, "")}" "${searchPath}" 2>/dev/null | head -${maxResults}`;
             }
-            const result = execSync(cmd, { maxBuffer: 1024 * 1024, timeout: 30000 });
+            const result = runGrepExec(cmd, { maxBuffer: 1024 * 1024, timeout: 30000 });
             const output = result.toString().trim();
             const lines = output.split("\n").filter(Boolean);
             const matches = lines.slice(0, maxResults).map((line) => {
@@ -141,7 +141,7 @@ exports.grepTool = {
         }
     },
 };
-function execSync(cmd, opts) {
+function runGrepExec(cmd, opts) {
     const { execSync: _execSync } = require("child_process");
     return _execSync(cmd, opts);
 }

package/dist/tools/tools/read.js

@@ -35,7 +35,7 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.readTool = void 0;
 const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
+const sanitize_1 = require("../sanitize");
 exports.readTool = {
     spec() {
         return {
@@ -54,9 +54,12 @@ exports.readTool = {
         };
     },
     run(input, ctx) {
-        const filePath = path.resolve(ctx.cwd, String(input.file_path ?? ""));
-        if (!filePath.startsWith(ctx.cwd)) {
-            return { name: "read", output: { error: "Path is outside the workspace" }, isError: true };
+        let filePath;
+        try {
+            filePath = (0, sanitize_1.sanitizeFilePath)(String(input.file_path ?? ""), ctx.workspaceRoot);
+        }
+        catch (err) {
+            return { name: "read", output: { error: err.message }, isError: true };
         }
         if (!fs.existsSync(filePath)) {
             return { name: "read", output: { error: `File not found: ${input.file_path}` }, isError: true };