@makefinks/daemon 0.1.3 → 0.2.0

package/src/security/bash-security-policy.ts

@@ -0,0 +1,250 @@
+import { homedir } from "node:os";
+
+const SENSITIVE_PATHS = [
+	"~/.ssh",
+	"~/.gnupg",
+	"~/.gpg",
+	"~/.aws",
+	"~/.azure",
+	"~/.config/gcloud",
+	"~/.kube",
+	"~/Library/Application Support/Google/Chrome",
+	"~/Library/Application Support/Firefox",
+	"~/Library/Application Support/Microsoft Edge",
+	"~/Library/Safari",
+	"~/.config/google-chrome",
+	"~/.config/chromium",
+	"~/.mozilla/firefox",
+	"~/Library/Keychains",
+	"~/.password-store",
+	"~/.local/share/keyrings",
+	"~/.env",
+	"~/.envrc",
+	"~/.netrc",
+	"~/Downloads",
+	"~/Documents",
+	"~/Desktop",
+	"~/Pictures",
+	"~/Movies",
+	"~/Music",
+	"~/Library/Messages",
+	"~/Library/Mail",
+	"~/Library/Calendars",
+	"~/Library/Contacts",
+	"~/Library/Cookies",
+	"~/.docker/config.json",
+	"~/.npmrc",
+	"~/.pypirc",
+	"~/.gem/credentials",
+	"~/.config/gh",
+	"~/.config/hub",
+	"~/.bash_history",
+	"~/.zsh_history",
+	"~/.node_repl_history",
+	"~/.python_history",
+];
+
+const SENSITIVE_PATH_PATTERNS = [
+	/\bid_rsa\b/i,
+	/\bid_ed25519\b/i,
+	/\bid_ecdsa\b/i,
+	/\bid_dsa\b/i,
+	/\bauthorized_keys\b/i,
+	/\bknown_hosts\b/i,
+	/\.pem\b/i,
+	/\.key\b/i,
+	/private.*key/i,
+	/\.env(\.|$)/i,
+	/\.envrc\b/i,
+	/aws.*credentials/i,
+	/aws.*config/i,
+	/\bkeychain\b/i,
+	/\bkeyring\b/i,
+	/\bLogin Data\b/i,
+	/\bCookies\b/i,
+	/\bWeb Data\b/i,
+	/\bsecurity\s+(find|dump|export)/i,
+];
+
+const DANGEROUS_COMMANDS = [
+	"rm",
+	"rmdir",
+	"mv",
+	"kill",
+	"killall",
+	"pkill",
+	"shutdown",
+	"reboot",
+	"halt",
+	"poweroff",
+	"init",
+	"systemctl",
+	"chmod",
+	"chown",
+	"chgrp",
+	"mkfs",
+	"fdisk",
+	"dd",
+	"format",
+	"sudo",
+	"su",
+	"doas",
+	"env",
+	"printenv",
+	"export",
+	"passwd",
+	"useradd",
+	"userdel",
+	"usermod",
+	"groupadd",
+	"groupdel",
+	"visudo",
+	"crontab",
+	"iptables",
+	"ufw",
+	"firewall-cmd",
+	"mount",
+	"umount",
+	"fstab",
+	"apt-get remove",
+	"apt-get purge",
+	"apt remove",
+	"apt purge",
+	"yum remove",
+	"yum erase",
+	"dnf remove",
+	"pacman -R",
+	"brew uninstall",
+	"npm uninstall -g",
+	"pip uninstall",
+	"truncate",
+	"shred",
+	"wipefs",
+	">",
+	">>",
+	"git push --force",
+	"git push -f",
+	"git reset --hard",
+	"git clean -fd",
+	"docker rm",
+	"docker rmi",
+	"docker system prune",
+	"kubectl delete",
+	"terraform destroy",
+	"drop database",
+	"drop table",
+	"delete from",
+	"truncate table",
+];
+
+const DANGEROUS_PATTERNS = [
+	/\brm\s+(-[a-zA-Z]*r[a-zA-Z]*|-[a-zA-Z]*f[a-zA-Z]*|\s).*\//i,
+	/\brm\s+-rf?\s/i,
+	/\bkill\s+-9\b/i,
+	/\bsudo\s/i,
+	/\bsu\s+-?\s*$/i,
+	/\bchmod\s+[0-7]{3,4}\s/i,
+	/\bchown\s/i,
+	/\bdd\s+if=/i,
+	/>\s*\/dev\//i,
+	/\|.*\bsh\b/i,
+	/\|.*\bbash\b/i,
+	/curl.*\|\s*(ba)?sh/i,
+	/wget.*\|\s*(ba)?sh/i,
+	/eval\s*\$/i,
+	/\$\(.*\)/,
+	/`.*`/,
+	/\benv\s*$/i,
+	/\bprintenv\s*$/i,
+	/\bexport\s+-p/i,
+	/\bset\s*\|/i,
+	/echo\s+\$\w*_?(KEY|TOKEN|SECRET|PASSWORD|CREDENTIALS)/i,
+];
+
+function expandPath(path: string): string {
+	if (path.startsWith("~/")) {
+		return path.replace("~", homedir());
+	}
+	if (path === "~") {
+		return homedir();
+	}
+	return path;
+}
+
+function isSensitivePathAccess(command: string): boolean {
+	const normalizedCmd = command.trim();
+	const home = homedir();
+
+	for (const sensitivePath of SENSITIVE_PATHS) {
+		const expandedPath = expandPath(sensitivePath);
+		if (normalizedCmd.includes(expandedPath)) {
+			return true;
+		}
+		if (sensitivePath.startsWith("~/") && normalizedCmd.includes(sensitivePath)) {
+			return true;
+		}
+		if (normalizedCmd.includes(sensitivePath.replace("~", "$HOME"))) {
+			return true;
+		}
+	}
+
+	for (const pattern of SENSITIVE_PATH_PATTERNS) {
+		if (pattern.test(normalizedCmd)) {
+			return true;
+		}
+	}
+
+	const homeAccessPattern = new RegExp(
+		`(cat|less|head|tail|more|bat|grep|rg|awk|sed|find|ls|tree|du)\\s+[^|;]*?(~(?:/[^\\s/]+)?(?:\\s|$)|${home.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}(?:/[^\\s/]+)?(?:\\s|$))`
+	);
+	if (homeAccessPattern.test(normalizedCmd)) {
+		const allowedHomePaths = [
+			"~/projects",
+			"~/code",
+			"~/dev",
+			"~/src",
+			"~/repos",
+			"~/workspace",
+			"~/work",
+			"~/.local/bin",
+			"~/go",
+			"~/bin",
+		];
+		const isAllowedPath = allowedHomePaths.some((allowed) => {
+			const expanded = expandPath(allowed);
+			return normalizedCmd.includes(expanded) || normalizedCmd.includes(allowed);
+		});
+		if (!isAllowedPath) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+function isDangerousCommand(command: string): boolean {
+	const normalizedCmd = command.toLowerCase().trim();
+
+	for (const dangerous of DANGEROUS_COMMANDS) {
+		if (dangerous.includes(" ")) {
+			if (normalizedCmd.includes(dangerous.toLowerCase())) {
+				return true;
+			}
+		} else {
+			const wordBoundaryRegex = new RegExp(`\\b${dangerous}\\b`, "i");
+			if (wordBoundaryRegex.test(command)) {
+				return true;
+			}
+		}
+	}
+
+	for (const pattern of DANGEROUS_PATTERNS) {
+		if (pattern.test(command)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+export { isDangerousCommand, isSensitivePathAccess };

package/src/state/app-context.tsx

@@ -29,6 +29,8 @@ export interface MenuState {
 	setShowHotkeysPane: React.Dispatch<React.SetStateAction<boolean>>;
 	showGroundingMenu: boolean;
 	setShowGroundingMenu: React.Dispatch<React.SetStateAction<boolean>>;
+	showUrlMenu: boolean;
+	setShowUrlMenu: React.Dispatch<React.SetStateAction<boolean>>;
 }
 
 export interface DeviceState {

package/src/state/session-store.ts

@@ -131,6 +131,10 @@ function parseSessionUsage(raw: string): TokenUsage {
 			subagentPromptTokens: typeof parsed.subagentPromptTokens === "number" ? parsed.subagentPromptTokens : 0,
 			subagentCompletionTokens:
 				typeof parsed.subagentCompletionTokens === "number" ? parsed.subagentCompletionTokens : 0,
+			latestTurnPromptTokens:
+				typeof parsed.latestTurnPromptTokens === "number" ? parsed.latestTurnPromptTokens : undefined,
+			latestTurnCompletionTokens:
+				typeof parsed.latestTurnCompletionTokens === "number" ? parsed.latestTurnCompletionTokens : undefined,
 		};
 	} catch {
 		return { ...DEFAULT_SESSION_USAGE };

package/src/types/index.ts

@@ -42,6 +42,10 @@ export interface TokenUsage {
 	subagentTotalTokens?: number;
 	subagentPromptTokens?: number;
 	subagentCompletionTokens?: number;
+	/** Latest turn's prompt tokens (for context window % calculation) */
+	latestTurnPromptTokens?: number;
+	/** Latest turn's completion tokens (for context window % calculation) */
+	latestTurnCompletionTokens?: number;
 }
 
 /**
@@ -403,3 +407,13 @@ export interface GroundingMap {
 	createdAt: string;
 	items: GroundedStatement[];
 }
+
+export interface UrlMenuItem {
+	url: string;
+	groundedCount: number;
+	readPercent?: number;
+	highlightsCount?: number;
+	status: "ok" | "error";
+	error?: string;
+	lastSeenIndex: number;
+}

package/src/utils/derive-url-menu-items.ts

@@ -0,0 +1,155 @@
+import type { ContentBlock, ConversationMessage, GroundingMap, UrlMenuItem } from "../types";
+
+function normalizeUrlKey(rawUrl: string): string {
+	try {
+		const parsed = new URL(rawUrl);
+		parsed.hash = "";
+		return parsed.toString();
+	} catch {
+		return rawUrl;
+	}
+}
+
+function computeCoveragePercent(intervals: Array<[number, number]>, totalLines: number): number | undefined {
+	if (!Number.isFinite(totalLines) || totalLines <= 0) return undefined;
+	if (intervals.length === 0) return undefined;
+
+	const sorted = [...intervals].sort((a, b) => a[0] - b[0]);
+	let covered = 0;
+	let curStart = sorted[0]?.[0] ?? 0;
+	let curEnd = sorted[0]?.[1] ?? 0;
+
+	for (const [start, end] of sorted.slice(1)) {
+		if (start <= curEnd) {
+			curEnd = Math.max(curEnd, end);
+			continue;
+		}
+		covered += Math.max(0, curEnd - curStart);
+		curStart = start;
+		curEnd = end;
+	}
+	covered += Math.max(0, curEnd - curStart);
+
+	const percent = Math.round((covered / totalLines) * 100);
+	return Math.max(0, Math.min(100, percent));
+}
+
+export function deriveUrlMenuItems(params: {
+	conversationHistory: ConversationMessage[];
+	currentContentBlocks: ContentBlock[];
+	latestGroundingMap: GroundingMap | null;
+}): UrlMenuItem[] {
+	const { conversationHistory, currentContentBlocks, latestGroundingMap } = params;
+
+	const intervalsByUrl = new Map<string, Array<[number, number]>>();
+	const totalLinesByUrl = new Map<string, number>();
+	const highlightsCountByUrl = new Map<string, number>();
+	const lastSeenIndexByUrl = new Map<string, number>();
+	const statusByUrl = new Map<string, "ok" | "error">();
+	const errorByUrl = new Map<string, string>();
+
+	const allBlocks = [
+		...conversationHistory.flatMap((msg) => msg.contentBlocks ?? []),
+		...currentContentBlocks,
+	];
+
+	for (const [blockIndex, block] of allBlocks.entries()) {
+		if (block.type !== "tool") continue;
+		if (block.call.name !== "fetchUrls" && block.call.name !== "renderUrl") continue;
+
+		const input = block.call.input as { url?: string } | undefined;
+		const url = input?.url;
+		if (!url) continue;
+
+		lastSeenIndexByUrl.set(url, blockIndex);
+
+		const result = block.result as
+			| {
+					lineOffset?: number;
+					lineLimit?: number;
+					totalLines?: number;
+					highlights?: unknown[];
+					success?: boolean;
+					error?: string;
+			  }
+			| undefined;
+
+		if (!result || typeof result !== "object") continue;
+
+		if (result.success === false && typeof result.error === "string" && result.error.trim().length > 0) {
+			statusByUrl.set(url, "error");
+			errorByUrl.set(url, result.error.trim());
+		} else if (result.success === true) {
+			statusByUrl.set(url, "ok");
+		}
+
+		if (Array.isArray(result.highlights)) {
+			highlightsCountByUrl.set(url, result.highlights.length);
+		}
+
+		if (
+			typeof result.totalLines === "number" &&
+			Number.isFinite(result.totalLines) &&
+			result.totalLines > 0
+		) {
+			const prev = totalLinesByUrl.get(url) ?? 0;
+			totalLinesByUrl.set(url, Math.max(prev, result.totalLines));
+		}
+
+		if (
+			typeof result.lineOffset === "number" &&
+			typeof result.lineLimit === "number" &&
+			Number.isFinite(result.lineOffset) &&
+			Number.isFinite(result.lineLimit) &&
+			result.lineLimit > 0 &&
+			result.lineOffset >= 0
+		) {
+			const start = result.lineOffset;
+			const end = result.lineOffset + result.lineLimit;
+			const list = intervalsByUrl.get(url) ?? [];
+			list.push([start, end]);
+			intervalsByUrl.set(url, list);
+		}
+	}
+
+	const groundedCountByUrl = new Map<string, number>();
+	for (const groundedItem of latestGroundingMap?.items ?? []) {
+		const groundedUrl = groundedItem.source?.url;
+		if (!groundedUrl) continue;
+		const next = (groundedCountByUrl.get(groundedUrl) ?? 0) + 1;
+		groundedCountByUrl.set(groundedUrl, next);
+	}
+
+	function lookupGroundedCount(url: string): number {
+		const direct = groundedCountByUrl.get(url);
+		if (direct !== undefined) return direct;
+
+		const key = normalizeUrlKey(url);
+		for (const [gUrl, count] of groundedCountByUrl.entries()) {
+			if (normalizeUrlKey(gUrl) === key) return count;
+		}
+		return 0;
+	}
+
+	const urls = [...lastSeenIndexByUrl.keys()];
+	return urls.map((url) => {
+		const groundedCount = lookupGroundedCount(url);
+		const highlightsCount = highlightsCountByUrl.get(url);
+		const totalLines = totalLinesByUrl.get(url);
+		const intervals = intervalsByUrl.get(url) ?? [];
+		const readPercent = totalLines !== undefined ? computeCoveragePercent(intervals, totalLines) : undefined;
+		const error = errorByUrl.get(url);
+		const status = statusByUrl.get(url) ?? (error ? "error" : "ok");
+		const lastSeenIndex = lastSeenIndexByUrl.get(url) ?? 0;
+
+		return {
+			url,
+			groundedCount,
+			readPercent,
+			highlightsCount,
+			status,
+			error,
+			lastSeenIndex,
+		};
+	});
+}

package/src/utils/formatters.ts

@@ -209,14 +209,8 @@ export function isTodoInput(input: unknown): input is TodoInput {
 	);
 }
 
-/**
- * Format token count with K suffix for thousands
- */
 export function formatTokenCount(count: number): string {
-	// if (count >= 1000) {
-	// 	return `${(count / 1000).toFixed(1)}k`;
-	// }
-	return String(count);
+	return count.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ".");
 }
 
 export function formatContextWindowK(contextLength: number): string {