@oyasmi/pipiclaw 0.5.8 → 0.6.0

package/dist/security/network.js

@@ -0,0 +1,246 @@
+import { lookup } from "node:dns/promises";
+import { isIP } from "node:net";
+export class NetworkGuardError extends Error {
+    constructor(options) {
+        super(options.message);
+        this.name = "NetworkGuardError";
+        this.url = options.url;
+        this.stage = options.stage;
+        this.category = options.category;
+        this.resolvedHost = options.resolvedHost;
+        this.resolvedAddress = options.resolvedAddress;
+    }
+}
+const BLOCKED_HOSTS = new Set(["localhost", "metadata.google.internal", "metadata", "169.254.169.254"]);
+const PRIVATE_IPV4_CIDRS = [
+    "0.0.0.0/8",
+    "10.0.0.0/8",
+    "100.64.0.0/10",
+    "127.0.0.0/8",
+    "169.254.0.0/16",
+    "172.16.0.0/12",
+    "192.168.0.0/16",
+    "198.18.0.0/15",
+];
+const PRIVATE_IPV6_CIDRS = ["::1/128", "::/128", "fc00::/7", "fe80::/10"];
+function normalizeHost(host) {
+    return host.trim().replace(/\.$/, "").toLowerCase();
+}
+function parseIpv4(ip) {
+    const parts = ip.split(".");
+    if (parts.length !== 4) {
+        return null;
+    }
+    let value = 0;
+    for (const part of parts) {
+        if (!/^\d+$/.test(part)) {
+            return null;
+        }
+        const octet = Number.parseInt(part, 10);
+        if (octet < 0 || octet > 255) {
+            return null;
+        }
+        value = (value << 8) | octet;
+    }
+    return value >>> 0;
+}
+function expandIpv6(ip) {
+    const normalized = ip.toLowerCase();
+    const hasEmbeddedIpv4 = normalized.includes(".");
+    let working = normalized;
+    if (hasEmbeddedIpv4) {
+        const lastColon = working.lastIndexOf(":");
+        if (lastColon === -1) {
+            return null;
+        }
+        const ipv4 = parseIpv4(working.slice(lastColon + 1));
+        if (ipv4 === null) {
+            return null;
+        }
+        const high = ((ipv4 >>> 16) & 0xffff).toString(16);
+        const low = (ipv4 & 0xffff).toString(16);
+        working = `${working.slice(0, lastColon)}:${high}:${low}`;
+    }
+    const pieces = working.split("::");
+    if (pieces.length > 2) {
+        return null;
+    }
+    const left = pieces[0] ? pieces[0].split(":").filter(Boolean) : [];
+    const right = pieces[1] ? pieces[1].split(":").filter(Boolean) : [];
+    if (left.length + right.length > 8) {
+        return null;
+    }
+    const fill = new Array(8 - left.length - right.length).fill("0");
+    const groups = pieces.length === 2 ? [...left, ...fill, ...right] : left;
+    return groups.length === 8 ? groups : null;
+}
+function parseIpv6(ip) {
+    const groups = expandIpv6(ip);
+    if (!groups) {
+        return null;
+    }
+    let value = 0n;
+    for (const group of groups) {
+        if (!/^[0-9a-f]{1,4}$/i.test(group)) {
+            return null;
+        }
+        value = (value << 16n) | BigInt(Number.parseInt(group, 16));
+    }
+    return value;
+}
+function ipInCidr(ip, cidr) {
+    const [network, prefixText] = cidr.split("/");
+    const prefix = Number.parseInt(prefixText ?? "", 10);
+    if (!Number.isFinite(prefix)) {
+        return false;
+    }
+    const version = isIP(ip);
+    if (version === 4) {
+        const ipValue = parseIpv4(ip);
+        const networkValue = parseIpv4(network);
+        if (ipValue === null || networkValue === null || prefix < 0 || prefix > 32) {
+            return false;
+        }
+        const mask = prefix === 0 ? 0 : (0xffffffff << (32 - prefix)) >>> 0;
+        return (ipValue & mask) === (networkValue & mask);
+    }
+    if (version === 6) {
+        const ipValue = parseIpv6(ip);
+        const networkValue = parseIpv6(network);
+        if (ipValue === null || networkValue === null || prefix < 0 || prefix > 128) {
+            return false;
+        }
+        const shift = 128 - prefix;
+        if (shift === 128) {
+            return true;
+        }
+        return ipValue >> BigInt(shift) === networkValue >> BigInt(shift);
+    }
+    return false;
+}
+function matchesAllowedHost(hostname, allowedHosts) {
+    const normalized = normalizeHost(hostname);
+    return allowedHosts.some((candidate) => normalizeHost(candidate) === normalized);
+}
+function matchesAllowedCidr(address, allowedCidrs) {
+    return allowedCidrs.some((cidr) => ipInCidr(address, cidr.trim()));
+}
+function isBlockedHost(hostname) {
+    const normalized = normalizeHost(hostname);
+    return normalized.endsWith(".localhost") || BLOCKED_HOSTS.has(normalized);
+}
+function isPrivateAddress(address) {
+    const version = isIP(address);
+    if (version === 4) {
+        return PRIVATE_IPV4_CIDRS.some((cidr) => ipInCidr(address, cidr));
+    }
+    if (version === 6) {
+        return PRIVATE_IPV6_CIDRS.some((cidr) => ipInCidr(address, cidr));
+    }
+    return false;
+}
+async function validateUrlTarget(rawUrl, context, stage) {
+    const url = (() => {
+        try {
+            return new URL(rawUrl);
+        }
+        catch {
+            throw new NetworkGuardError({
+                url: rawUrl,
+                stage,
+                category: "invalid-url",
+                message: `Invalid URL: ${rawUrl}`,
+            });
+        }
+    })();
+    if (url.protocol !== "http:" && url.protocol !== "https:") {
+        throw new NetworkGuardError({
+            url: rawUrl,
+            stage,
+            category: "unsupported-scheme",
+            message: `Only http/https URLs are allowed, got ${url.protocol || "unknown"}`,
+        });
+    }
+    const hostname = normalizeHost(url.hostname);
+    if (!hostname) {
+        throw new NetworkGuardError({
+            url: rawUrl,
+            stage,
+            category: "missing-host",
+            message: `URL is missing a hostname: ${rawUrl}`,
+        });
+    }
+    const { networkGuard } = context.config;
+    if (!networkGuard.enabled) {
+        return { url: url.toString(), hostname };
+    }
+    if (matchesAllowedHost(hostname, networkGuard.allowedHosts)) {
+        return { url: url.toString(), hostname };
+    }
+    if (isBlockedHost(hostname)) {
+        throw new NetworkGuardError({
+            url: rawUrl,
+            stage,
+            category: "blocked-host",
+            message: `Blocked host: ${hostname}`,
+            resolvedHost: hostname,
+        });
+    }
+    if (isIP(hostname)) {
+        if (!matchesAllowedCidr(hostname, networkGuard.allowedCidrs) && isPrivateAddress(hostname)) {
+            throw new NetworkGuardError({
+                url: rawUrl,
+                stage,
+                category: "private-address",
+                message: `Blocked private network address: ${hostname}`,
+                resolvedHost: hostname,
+                resolvedAddress: hostname,
+            });
+        }
+        return { url: url.toString(), hostname, resolvedAddress: hostname };
+    }
+    let records;
+    try {
+        records = (await lookup(hostname, { all: true, verbatim: true }));
+    }
+    catch (error) {
+        throw new NetworkGuardError({
+            url: rawUrl,
+            stage,
+            category: "dns-failure",
+            message: `Failed to resolve host ${hostname}: ${error instanceof Error ? error.message : String(error)}`,
+            resolvedHost: hostname,
+        });
+    }
+    if (records.length === 0) {
+        throw new NetworkGuardError({
+            url: rawUrl,
+            stage,
+            category: "dns-failure",
+            message: `Failed to resolve host ${hostname}`,
+            resolvedHost: hostname,
+        });
+    }
+    for (const record of records) {
+        if (matchesAllowedCidr(record.address, networkGuard.allowedCidrs)) {
+            return { url: url.toString(), hostname, resolvedAddress: record.address };
+        }
+        if (isPrivateAddress(record.address)) {
+            throw new NetworkGuardError({
+                url: rawUrl,
+                stage,
+                category: "private-address",
+                message: `Blocked private network address resolved from ${hostname}: ${record.address}`,
+                resolvedHost: hostname,
+                resolvedAddress: record.address,
+            });
+        }
+    }
+    return { url: url.toString(), hostname, resolvedAddress: records[0]?.address };
+}
+export async function validateNetworkTarget(url, context) {
+    return validateUrlTarget(url, context, "request");
+}
+export async function validateRedirectTarget(url, context) {
+    return validateUrlTarget(url, context, "redirect");
+}

package/dist/security/path-guard.js

@@ -1,6 +1,7 @@
 import { existsSync, lstatSync, realpathSync } from "node:fs";
 import { homedir, tmpdir } from "node:os";
 import { basename, dirname, isAbsolute, normalize, resolve } from "node:path";
+import { isWindowsPlatform } from "./platform.js";
 const PRIVATE_KEY_EXTENSIONS = new Set([".pem", ".key", ".p12", ".pfx"]);
 const PRIVATE_KEY_NAME_HINTS = /(id_rsa|id_ed25519|private|secret|credentials)/i;
 const PROC_MEM_PATH = /^\/proc\/\d+\/mem(?:\/|$)/;
@@ -197,6 +198,9 @@ export function guardPath(rawPath, operation, ctx) {
     if (!ctx.config.enabled) {
         return { allowed: true, operation, rawPath };
     }
+    if (isWindowsPlatform()) {
+        return { allowed: true, operation, rawPath };
+    }
     const homeDir = ctx.homeDir ?? homedir();
     const effectiveCtx = {
         ...ctx,

package/dist/security/platform.d.ts

@@ -0,0 +1 @@
+export declare function isWindowsPlatform(): boolean;

package/dist/security/platform.js

@@ -0,0 +1,3 @@
+export function isWindowsPlatform() {
+    return process.platform === "win32";
+}

package/dist/security/types.d.ts

@@ -14,6 +14,12 @@ export interface SecurityConfig {
         writeDeny: string[];
         resolveSymlinks: boolean;
     };
+    networkGuard: {
+        enabled: boolean;
+        allowedCidrs: string[];
+        allowedHosts: string[];
+        maxRedirects: number;
+    };
     audit: {
         logBlocked: boolean;
         logFile?: string;
@@ -63,4 +69,13 @@ export interface BlockedCommandLogEvent extends SecurityLogEventBase {
     reason?: string;
     matchedText?: string;
 }
-export type SecurityLogEvent = BlockedPathLogEvent | BlockedCommandLogEvent;
+export interface BlockedNetworkLogEvent extends SecurityLogEventBase {
+    type: "network";
+    url: string;
+    stage: "request" | "redirect";
+    resolvedHost?: string;
+    resolvedAddress?: string;
+    category?: string;
+    reason?: string;
+}
+export type SecurityLogEvent = BlockedPathLogEvent | BlockedCommandLogEvent | BlockedNetworkLogEvent;

package/dist/settings.d.ts

@@ -7,6 +7,7 @@
  * This module currently provides only PipiclawSettingsManager.
  */
 import type { Transport } from "@mariozechner/pi-ai";
+import type { ConfigDiagnostic } from "./shared/config-diagnostics.js";
 type PackageSource = string | {
     source: string;
     extensions?: string[];
@@ -83,10 +84,13 @@ export interface PipiclawSettings {
 export declare class PipiclawSettingsManager {
     private settingsPath;
     private settings;
+    private loadErrors;
     constructor(baseDir: string);
     private load;
     private save;
     reload(): void;
+    drainErrors(): SettingsError[];
+    getDiagnostics(): ConfigDiagnostic[];
     getCompactionSettings(): PipiclawCompactionSettings;
     getCompactionEnabled(): boolean;
     setCompactionEnabled(enabled: boolean): void;
@@ -176,6 +180,5 @@ export declare class PipiclawSettingsManager {
     getProjectSettings(): Settings;
     applyOverrides(overrides: Partial<Settings>): void;
     flush(): Promise<void>;
-    drainErrors(): SettingsError[];
 }
 export {};

package/dist/settings.js

@@ -8,6 +8,7 @@
  */
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
 import { dirname, join } from "path";
+import * as log from "./log.js";
 const DEFAULT_COMPACTION = {
     enabled: true,
     reserveTokens: 16384,
@@ -40,18 +41,32 @@ const DEFAULT_SESSION_MEMORY = {
  */
 export class PipiclawSettingsManager {
     constructor(baseDir) {
+        this.loadErrors = [];
         this.settingsPath = join(baseDir, "settings.json");
         this.settings = this.load();
     }
     load() {
+        this.loadErrors = [];
         if (!existsSync(this.settingsPath)) {
             return {};
         }
         try {
             const content = readFileSync(this.settingsPath, "utf-8");
-            return JSON.parse(content);
+            const parsed = JSON.parse(content);
+            if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+                this.loadErrors.push({
+                    scope: "global",
+                    error: new Error(`Expected a JSON object in ${this.settingsPath}`),
+                });
+                return {};
+            }
+            return parsed;
         }
-        catch {
+        catch (error) {
+            this.loadErrors.push({
+                scope: "global",
+                error: error instanceof Error ? error : new Error(String(error)),
+            });
             return {};
         }
     }
@@ -64,12 +79,25 @@ export class PipiclawSettingsManager {
             writeFileSync(this.settingsPath, JSON.stringify(this.settings, null, 2), "utf-8");
         }
         catch (error) {
-            console.error(`Warning: Could not save settings file: ${error}`);
+            log.logWarning(`Could not save settings file`, `${this.settingsPath}\n${String(error)}`);
         }
     }
     reload() {
         this.settings = this.load();
     }
+    drainErrors() {
+        const errors = this.loadErrors;
+        this.loadErrors = [];
+        return errors;
+    }
+    getDiagnostics() {
+        return this.loadErrors.map(({ error }) => ({
+            source: "settings",
+            path: this.settingsPath,
+            severity: "error",
+            message: error.message,
+        }));
+    }
     getCompactionSettings() {
         return {
             ...DEFAULT_COMPACTION,
@@ -377,7 +405,4 @@ export class PipiclawSettingsManager {
     flush() {
         return Promise.resolve();
     }
-    drainErrors() {
-        return [];
-    }
 }

package/dist/shared/config-diagnostics.d.ts

@@ -0,0 +1,7 @@
+export interface ConfigDiagnostic {
+    source: "settings" | "tools" | "security";
+    path: string;
+    severity: "warning" | "error";
+    message: string;
+}
+export declare function formatConfigDiagnostic(diagnostic: ConfigDiagnostic): string;

package/dist/shared/config-diagnostics.js

@@ -0,0 +1,3 @@
+export function formatConfigDiagnostic(diagnostic) {
+    return `${diagnostic.source}.json: ${diagnostic.message}`;
+}

package/dist/subagents/discovery.d.ts

@@ -1,5 +1,5 @@
 import type { Api, Model } from "@mariozechner/pi-ai";
-declare const ALLOWED_SUB_AGENT_TOOLS: readonly ["read", "bash", "edit", "write"];
+declare const ALLOWED_SUB_AGENT_TOOLS: readonly ["read", "bash", "edit", "write", "web_search", "web_fetch"];
 declare const ALLOWED_CONTEXT_MODES: readonly ["isolated", "contextual"];
 declare const ALLOWED_MEMORY_MODES: readonly ["none", "session", "relevant"];
 export type SubAgentToolName = (typeof ALLOWED_SUB_AGENT_TOOLS)[number];

package/dist/subagents/discovery.js

@@ -3,7 +3,7 @@ import { existsSync, readdirSync, readFileSync } from "fs";
 import { join } from "path";
 import { findExactModelReferenceMatch, formatModelReference } from "../models/utils.js";
 import { SUB_AGENTS_DIR_NAME } from "../paths.js";
-const ALLOWED_SUB_AGENT_TOOLS = ["read", "bash", "edit", "write"];
+const ALLOWED_SUB_AGENT_TOOLS = ["read", "bash", "edit", "write", "web_search", "web_fetch"];
 const DEFAULT_SUB_AGENT_TOOLS = ["read", "bash"];
 const DEFAULT_MAX_TURNS = 24;
 const DEFAULT_MAX_TOOL_CALLS = 48;

package/dist/subagents/tool.d.ts

@@ -4,6 +4,7 @@ import type { Executor } from "../sandbox.js";
 import type { SecurityConfig } from "../security/types.js";
 import type { PipiclawMemoryRecallSettings } from "../settings.js";
 import type { UsageTotals } from "../shared/types.js";
+import type { PipiclawWebToolsConfig } from "../tools/config.js";
 import { type ResolvedSubAgentConfig, type SubAgentDiscoveryResult } from "./discovery.js";
 declare const subagentSchema: import("@sinclair/typebox").TObject<{
     label: import("@sinclair/typebox").TString;
@@ -44,6 +45,7 @@ export interface SubAgentToolOptions {
     getSubAgentDiscovery?: () => SubAgentDiscoveryResult;
     getMemoryRecallSettings?: () => PipiclawMemoryRecallSettings;
     securityConfig?: SecurityConfig;
+    webConfig?: PipiclawWebToolsConfig;
     runtimeContext: {
         workspacePath: string;
         channelId: string;

package/dist/subagents/tool.js

@@ -11,6 +11,8 @@ import { clipText, extractAssistantText, extractLabelFromArgs, HAN_REGEX } from
 import { createBashTool } from "../tools/bash.js";
 import { createEditTool } from "../tools/edit.js";
 import { createReadTool } from "../tools/read.js";
+import { createWebFetchTool } from "../tools/web-fetch.js";
+import { createWebSearchTool } from "../tools/web-search.js";
 import { createWriteTool } from "../tools/write.js";
 import { formatSubAgentList, resolveSubAgentConfig, validateSubAgentTask, } from "./discovery.js";
 const subagentSchema = Type.Object({
@@ -118,6 +120,25 @@ function createToolSet(executor, bashTimeoutSec, options) {
         }),
     ];
 }
+function createNamedToolSet(executor, bashTimeoutSec, options) {
+    const tools = createToolSet(executor, bashTimeoutSec, options);
+    const byName = Object.fromEntries(tools.map((tool) => [tool.name, tool]));
+    if (options.webConfig && options.webConfig.enable !== false) {
+        byName.web_search = createWebSearchTool({
+            webConfig: options.webConfig,
+            securityConfig: options.securityConfig ?? DEFAULT_SECURITY_CONFIG,
+            workspaceDir: options.workspaceDir,
+            channelId: options.runtimeContext.channelId,
+        });
+        byName.web_fetch = createWebFetchTool({
+            webConfig: options.webConfig,
+            securityConfig: options.securityConfig ?? DEFAULT_SECURITY_CONFIG,
+            workspaceDir: options.workspaceDir,
+            channelId: options.runtimeContext.channelId,
+        });
+    }
+    return byName;
+}
 function buildSubAgentTask(task, config, runtimeContext, contextBlocks) {
     const taskText = task.trim();
     const lines = [
@@ -288,17 +309,18 @@ export function createSubAgentTool(options) {
                     details: createDetails(config, usage, assistantTurns, toolCalls, Date.now() - startedAt, Boolean(failureReason), failureReason),
                 });
             };
+            const availableTools = Object.values(createNamedToolSet(options.executor, config.bashTimeoutSec, options));
             const worker = options.createWorker?.({
                 subAgent: config,
                 apiKey,
-                tools: filterToolsByName(createToolSet(options.executor, config.bashTimeoutSec, options), config.tools),
+                tools: filterToolsByName(availableTools, config.tools),
             }) ??
                 new Agent({
                     initialState: {
                         systemPrompt: config.systemPrompt,
                         model: config.model,
                         thinkingLevel: "off",
-                        tools: filterToolsByName(createToolSet(options.executor, config.bashTimeoutSec, options), config.tools),
+                        tools: filterToolsByName(availableTools, config.tools),
                     },
                     convertToLlm,
                     getApiKey: async () => apiKey,

package/dist/tools/config.d.ts

@@ -0,0 +1,37 @@
+import type { ConfigDiagnostic } from "../shared/config-diagnostics.js";
+export type WebSearchProvider = "brave" | "tavily" | "jina" | "searxng" | "duckduckgo";
+export interface PipiclawWebSearchConfig {
+    provider: WebSearchProvider;
+    apiKey: string;
+    baseUrl: string;
+    maxResults: number;
+    timeoutMs: number;
+}
+export interface PipiclawWebFetchConfig {
+    maxChars: number;
+    timeoutMs: number;
+    maxImageBytes: number;
+    maxResponseBytes: number;
+    preferJina: boolean;
+    enableJinaFallback: boolean;
+    defaultExtractMode: "markdown" | "text";
+}
+export interface PipiclawWebToolsConfig {
+    enable: boolean;
+    proxy: string | null;
+    search: PipiclawWebSearchConfig;
+    fetch: PipiclawWebFetchConfig;
+}
+export interface PipiclawToolsConfig {
+    tools: {
+        web: PipiclawWebToolsConfig;
+    };
+}
+export interface LoadedToolsConfig {
+    config: PipiclawToolsConfig;
+    diagnostics: ConfigDiagnostic[];
+}
+export declare const DEFAULT_TOOLS_CONFIG: PipiclawToolsConfig;
+export declare function getToolsConfigPath(appHomeDir?: string): string;
+export declare function loadToolsConfigWithDiagnostics(appHomeDir?: string): LoadedToolsConfig;
+export declare function loadToolsConfig(appHomeDir?: string): PipiclawToolsConfig;