@pentoshi/clai 0.2.0

package/dist/safety/classifier.js

@@ -0,0 +1,118 @@
+import net from "node:net";
+import { destructiveCommandPatterns, exfiltrationPatterns, networkScanTools, readOnlyShellCommands, } from "./patterns.js";
+function stringArg(args, key) {
+    const value = args[key];
+    return typeof value === "string" ? value : undefined;
+}
+export function isPrivateIpv4(value) {
+    const candidate = value.split("/")[0] ?? value;
+    if (net.isIP(candidate) !== 4)
+        return false;
+    const parts = candidate.split(".").map((part) => Number(part));
+    const [a, b] = parts;
+    if (a === 10)
+        return true;
+    if (a === 172 && b !== undefined && b >= 16 && b <= 31)
+        return true;
+    if (a === 192 && b === 168)
+        return true;
+    if (a === 127)
+        return true;
+    if (a === 169 && b === 254)
+        return true;
+    return false;
+}
+function commandContainsNetworkScanner(command) {
+    return networkScanTools.some((tool) => new RegExp(`(^|\\s)${tool}(\\s|$)`, "i").test(command));
+}
+function containsPublicTarget(command) {
+    const ips = command.match(/\b(?:\d{1,3}\.){3}\d{1,3}(?:\/\d{1,2})?\b/g) ?? [];
+    return ips.some((ip) => !isPrivateIpv4(ip));
+}
+export function isPentestToolCall(call) {
+    if (call.name === "net.scan" || call.name === "pentest.recon")
+        return true;
+    if (call.name !== "shell.exec")
+        return false;
+    const command = stringArg(call.args, "command") ?? "";
+    return commandContainsNetworkScanner(command);
+}
+export function classifyToolCall(call) {
+    if (call.name === "sysinfo" ||
+        call.name === "fs.read" ||
+        call.name === "fs.list" ||
+        call.name === "fs.search") {
+        return { level: "safe", reason: "Read-only operation" };
+    }
+    if (call.name === "http.fetch") {
+        return {
+            level: "safe",
+            reason: "HTTP fetch is read-only with response size limits",
+        };
+    }
+    if (call.name === "shell.exec") {
+        const command = stringArg(call.args, "command") ?? "";
+        if (destructiveCommandPatterns.some((pattern) => pattern.test(command))) {
+            return {
+                level: "block",
+                reason: "Command matches destructive safety pattern",
+            };
+        }
+        if (exfiltrationPatterns.some((pattern) => pattern.test(command))) {
+            return {
+                level: "block",
+                reason: "Command resembles secret or data exfiltration",
+            };
+        }
+        if (commandContainsNetworkScanner(command) &&
+            containsPublicTarget(command) &&
+            !command.includes("--i-own-this")) {
+            return {
+                level: "block",
+                reason: "Public target scanning requires explicit --i-own-this authorization flag",
+            };
+        }
+        // Read-only / info commands are safe to auto-execute
+        const base = command.trim().split(/\s+/)[0]?.replace(/^.*\//, "") ?? "";
+        if (readOnlyShellCommands.has(base)) {
+            return { level: "safe", reason: "Read-only command" };
+        }
+        return { level: "confirm", reason: "Shell commands require confirmation" };
+    }
+    if (call.name === "net.scan") {
+        const target = stringArg(call.args, "target") ?? "";
+        const ownsTarget = call.args.iOwnThis === true || call.args.own === true;
+        if (target && !isPrivateIpv4(target) && !ownsTarget) {
+            return {
+                level: "block",
+                reason: "Public IP scan requires ownership confirmation",
+            };
+        }
+        return { level: "confirm", reason: "Network scans require confirmation" };
+    }
+    if (call.name === "pentest.recon") {
+        const target = stringArg(call.args, "target") ?? "";
+        const ownsTarget = call.args.iOwnThis === true || call.args.own === true;
+        if (target &&
+            net.isIP(target.split("/")[0] ?? target) &&
+            !isPrivateIpv4(target) &&
+            !ownsTarget) {
+            return {
+                level: "block",
+                reason: "Public target recon requires ownership confirmation",
+            };
+        }
+        return {
+            level: "confirm",
+            reason: "Pentest recon requires confirmation and authorization acknowledgement",
+        };
+    }
+    if (call.name === "fs.write" || call.name === "pkg.install") {
+        return {
+            level: "confirm",
+            reason: "Mutating operation requires confirmation",
+        };
+    }
+    return { level: "confirm", reason: "Unknown tool requires confirmation" };
+}
+//# sourceMappingURL=classifier.js.map

package/dist/safety/classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"classifier.js","sourceRoot":"","sources":["../../src/safety/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAE3B,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAOvB,SAAS,SAAS,CAChB,IAA6B,EAC7B,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC/C,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,6BAA6B,CAAC,OAAe;IACpD,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACpC,IAAI,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CACvD,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,IAAI,EAAE,CAAC;IAC9E,OAAO,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;IACtD,OAAO,6BAA6B,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAc;IAC7C,IACE,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,WAAW,EACzB,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,mDAAmD;SAC5D,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,4CAA4C;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,+CAA+C;aACxD,CAAC;QACJ,CAAC;QACD,IACE,6BAA6B,CAAC,OAAO,CAAC;YACtC,oBAAoB,CAAC,OAAO,CAAC;YAC7B,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EACjC,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EACJ,0EAA0E;aAC7E,CAAC;QACJ,CAAC;QACD,qDAAqD;QACrD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QACxE,IAAI,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACxD,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC;QACzE,IAAI,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACpD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,gDAAgD;aACzD,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC;QACzE,IACE,MAAM;YACN,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;YACxC,CAAC,aAAa,CAAC,MAAM,CAAC;YACtB,CAAC,UAAU,EACX,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,qDAAqD;aAC9D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EACJ,uEAAuE;SAC1E,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAC5D,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,0CAA0C;SACnD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;AAC5E,CAAC"}

package/dist/safety/patterns.d.ts

@@ -0,0 +1,5 @@
+export declare const destructiveCommandPatterns: RegExp[];
+export declare const exfiltrationPatterns: RegExp[];
+export declare const networkScanTools: string[];
+/** Read-only commands that are safe to auto-execute without user confirmation */
+export declare const readOnlyShellCommands: Set<string>;

package/dist/safety/patterns.js

@@ -0,0 +1,45 @@
+export const destructiveCommandPatterns = [
+    /\brm\s+-[rfRf]*\s+\//,
+    /\brm\s+-[rfRf]*\s+~\b/,
+    /\bdel\s+\/f\s+\/s\s+\/q\s+[A-Z]:\\/i,
+    /\bformat\s+[A-Z]:/i,
+    /\bdd\s+if=.*\s+of=\/dev\//,
+    /mkfs\.[a-z0-9]+\s+\/dev\//i,
+    /:\(\)\s*\{\s*:\|:\s*&\s*}\s*;/,
+    /\bshutdown\b.*\b(now|\/s|\/r)\b/i,
+];
+export const exfiltrationPatterns = [
+    /curl\s+.*\|\s*sh/i,
+    /wget\s+.*\|\s*sh/i,
+    /tar\s+.*\|\s*(curl|nc|netcat)/i,
+    /\bscp\b.*(~\/|\.ssh|\.env)/i,
+];
+export const networkScanTools = ['nmap', 'masscan', 'nikto', 'sqlmap', 'gobuster', 'ffuf', 'hydra'];
+/** Read-only commands that are safe to auto-execute without user confirmation */
+export const readOnlyShellCommands = new Set([
+    // system info
+    'whoami', 'hostname', 'uname', 'uptime', 'date', 'id', 'arch', 'sw_vers',
+    'lsb_release', 'hostnamectl', 'printenv', 'env', 'locale', 'ulimit',
+    'pwd', 'cd', 'test', 'true', 'false', 'basename', 'dirname',
+    // file inspection (read-only)
+    'ls', 'dir', 'cat', 'head', 'tail', 'less', 'more', 'wc', 'file', 'stat',
+    'find', 'which', 'where', 'whereis', 'type', 'readlink', 'realpath',
+    'tree', 'du', 'df', 'lsof', 'md5', 'md5sum', 'sha256sum', 'shasum',
+    // networking info
+    'ifconfig', 'ipconfig', 'ip', 'ping', 'traceroute', 'tracert', 'dig',
+    'nslookup', 'host', 'whois', 'curl', 'wget', 'netstat', 'ss', 'route',
+    'arp', 'iwconfig', 'nmcli',
+    // process info
+    'ps', 'top', 'htop', 'pgrep', 'lscpu', 'free', 'vmstat', 'iostat',
+    // text processing
+    'echo', 'printf', 'grep', 'egrep', 'fgrep', 'rg', 'ag', 'awk', 'sed',
+    'sort', 'uniq', 'cut', 'tr', 'diff', 'comm', 'tee', 'xargs', 'jq',
+    // git (read-only)
+    'git',
+    // package query
+    'dpkg', 'rpm', 'brew', 'pip', 'npm', 'node', 'python', 'python3', 'ruby',
+    // recon / scanning (read-only, pentest auth covers ethics)
+    'gobuster', 'dirb', 'ffuf', 'nikto', 'whatweb', 'wpscan',
+    'sublist3r', 'amass', 'subfinder', 'httpx', 'nuclei',
+]);
+//# sourceMappingURL=patterns.js.map

package/dist/safety/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/safety/patterns.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,sBAAsB;IACtB,uBAAuB;IACvB,qCAAqC;IACrC,oBAAoB;IACpB,2BAA2B;IAC3B,4BAA4B;IAC5B,+BAA+B;IAC/B,kCAAkC;CACnC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,mBAAmB;IACnB,mBAAmB;IACnB,gCAAgC;IAChC,6BAA6B;CAC9B,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAEpG,iFAAiF;AACjF,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IAC3C,cAAc;IACd,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS;IACxE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ;IACnE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS;IAC3D,8BAA8B;IAC9B,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM;IACxE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;IACnE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ;IAClE,kBAAkB;IAClB,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,KAAK;IACpE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO;IACrE,KAAK,EAAE,UAAU,EAAE,OAAO;IAC1B,eAAe;IACf,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IACjE,kBAAkB;IAClB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK;IACpE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI;IACjE,kBAAkB;IAClB,KAAK;IACL,gBAAgB;IAChB,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;IACxE,2DAA2D;IAC3D,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ;IACxD,WAAW,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ;CACrD,CAAC,CAAC"}

package/dist/store/config.d.ts

@@ -0,0 +1,20 @@
+import type { Mode, ProviderId } from '../types.js';
+export interface ClaiConfig {
+    defaultProvider: ProviderId;
+    defaultModel: string;
+    defaultMode: Mode;
+    providerModels: Partial<Record<ProviderId, string>>;
+    allowAlwaysTools: string[];
+    pentestAuthorized: boolean;
+    sandboxRoots: string[];
+    ollamaHost: string;
+    telemetry: boolean;
+    lastUpdateCheck: number;
+}
+export declare function getConfig(): ClaiConfig;
+export declare function updateConfig(patch: Partial<ClaiConfig>): ClaiConfig;
+export declare function setDefaultProvider(provider: ProviderId): ClaiConfig;
+export declare function setDefaultMode(mode: Mode): ClaiConfig;
+export declare function setProviderModel(provider: ProviderId, model: string): ClaiConfig;
+export declare function getProviderModel(provider: ProviderId): string;
+export declare function getConfigPath(): string;

package/dist/store/config.js

@@ -0,0 +1,46 @@
+import Conf from 'conf';
+import { defaultModels } from '../llm/provider.js';
+const defaults = {
+    defaultProvider: 'groq',
+    defaultModel: defaultModels.groq,
+    defaultMode: 'ask',
+    providerModels: {},
+    allowAlwaysTools: [],
+    pentestAuthorized: false,
+    sandboxRoots: [process.cwd()],
+    ollamaHost: 'http://localhost:11434',
+    telemetry: false,
+    lastUpdateCheck: 0,
+};
+const store = new Conf({
+    projectName: 'clai',
+    defaults,
+});
+export function getConfig() {
+    return store.store;
+}
+export function updateConfig(patch) {
+    const next = { ...getConfig(), ...patch };
+    store.store = next;
+    return next;
+}
+export function setDefaultProvider(provider) {
+    const model = getProviderModel(provider);
+    return updateConfig({ defaultProvider: provider, defaultModel: model });
+}
+export function setDefaultMode(mode) {
+    return updateConfig({ defaultMode: mode });
+}
+export function setProviderModel(provider, model) {
+    const current = getConfig();
+    const providerModels = { ...current.providerModels, [provider]: model };
+    return updateConfig({ providerModels, defaultModel: model });
+}
+export function getProviderModel(provider) {
+    const configured = getConfig().providerModels[provider];
+    return configured ?? defaultModels[provider];
+}
+export function getConfigPath() {
+    return store.path;
+}
+//# sourceMappingURL=config.js.map

package/dist/store/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/store/config.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAenD,MAAM,QAAQ,GAAe;IAC3B,eAAe,EAAE,MAAM;IACvB,YAAY,EAAE,aAAa,CAAC,IAAI;IAChC,WAAW,EAAE,KAAK;IAClB,cAAc,EAAE,EAAE;IAClB,gBAAgB,EAAE,EAAE;IACpB,iBAAiB,EAAE,KAAK;IACxB,YAAY,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAC7B,UAAU,EAAE,wBAAwB;IACpC,SAAS,EAAE,KAAK;IAChB,eAAe,EAAE,CAAC;CACnB,CAAC;AAEF,MAAM,KAAK,GAAG,IAAI,IAAI,CAAa;IACjC,WAAW,EAAE,MAAM;IACnB,QAAQ;CACT,CAAC,CAAC;AAEH,MAAM,UAAU,SAAS;IACvB,OAAO,KAAK,CAAC,KAAK,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAA0B;IACrD,MAAM,IAAI,GAAG,EAAE,GAAG,SAAS,EAAE,EAAE,GAAG,KAAK,EAAuB,CAAC;IAC/D,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;IACnB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAoB;IACrD,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO,YAAY,CAAC,EAAE,eAAe,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAAU;IACvC,OAAO,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAoB,EAAE,KAAa;IAClE,MAAM,OAAO,GAAG,SAAS,EAAE,CAAC;IAC5B,MAAM,cAAc,GAAG,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC;IACxE,OAAO,YAAY,CAAC,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAoB;IACnD,MAAM,UAAU,GAAG,SAAS,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,OAAO,UAAU,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,KAAK,CAAC,IAAI,CAAC;AACpB,CAAC"}

package/dist/store/history.d.ts

@@ -0,0 +1,24 @@
+import type { ChatMessage, ToolCall, ToolResult } from "../types.js";
+export interface HistoryRecord {
+    id: string;
+    name?: string | undefined;
+    createdAt: string;
+    updatedAt: string;
+    cwd: string;
+    messages: ChatMessage[];
+}
+export interface ToolCallRecord {
+    id: string;
+    sessionId: string;
+    createdAt: string;
+    name: string;
+    args: Record<string, unknown>;
+    ok: boolean;
+    exitCode?: number | undefined;
+    output: string;
+}
+export declare function saveSession(messages: ChatMessage[], name?: string | undefined): Promise<HistoryRecord>;
+export declare function saveToolCall(sessionId: string, call: ToolCall, result: ToolResult): Promise<ToolCallRecord>;
+export declare function listSessions(limit?: number): Promise<HistoryRecord[]>;
+export declare function getSession(sessionId: string): Promise<HistoryRecord | undefined>;
+export declare function getHistoryPath(): string;

package/dist/store/history.js

@@ -0,0 +1,145 @@
+import { mkdir, appendFile, readFile } from "node:fs/promises";
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import { redactSecrets } from "../llm/provider.js";
+const historyDir = join(homedir(), ".clai");
+const dbFile = join(historyDir, "history.db");
+const jsonlFile = join(historyDir, "history.jsonl");
+const sqliteModuleName = "better-sqlite3";
+let cachedDb;
+let sqliteUnavailable = false;
+async function loadDatabase() {
+    if (cachedDb)
+        return cachedDb;
+    if (sqliteUnavailable)
+        return undefined;
+    try {
+        await mkdir(historyDir, { recursive: true });
+        const imported = (await import(sqliteModuleName));
+        const Ctor = imported.default ?? imported;
+        cachedDb = new Ctor(dbFile);
+        cachedDb.exec(`
+      CREATE TABLE IF NOT EXISTS sessions (
+        id TEXT PRIMARY KEY,
+        name TEXT,
+        created_at TEXT NOT NULL,
+        updated_at TEXT NOT NULL,
+        cwd TEXT NOT NULL,
+        messages_json TEXT NOT NULL
+      );
+      CREATE TABLE IF NOT EXISTS tool_calls (
+        id TEXT PRIMARY KEY,
+        session_id TEXT NOT NULL,
+        created_at TEXT NOT NULL,
+        name TEXT NOT NULL,
+        args_json TEXT NOT NULL,
+        ok INTEGER NOT NULL,
+        exit_code INTEGER,
+        output TEXT NOT NULL,
+        FOREIGN KEY(session_id) REFERENCES sessions(id)
+      );
+      CREATE INDEX IF NOT EXISTS idx_sessions_updated_at ON sessions(updated_at);
+      CREATE INDEX IF NOT EXISTS idx_tool_calls_session_id ON tool_calls(session_id);
+    `);
+        return cachedDb;
+    }
+    catch {
+        sqliteUnavailable = true;
+        return undefined;
+    }
+}
+function newId() {
+    return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
+}
+function scrubMessages(messages) {
+    return messages.map((message) => ({
+        ...message,
+        content: redactSecrets(message.content),
+    }));
+}
+async function appendJsonl(record) {
+    await mkdir(historyDir, { recursive: true });
+    await appendFile(jsonlFile, `${JSON.stringify(record)}\n`, "utf8");
+}
+export async function saveSession(messages, name) {
+    const now = new Date().toISOString();
+    const record = {
+        id: newId(),
+        name,
+        createdAt: now,
+        updatedAt: now,
+        cwd: process.cwd(),
+        messages: scrubMessages(messages),
+    };
+    const db = await loadDatabase();
+    if (db) {
+        db.prepare("INSERT INTO sessions (id, name, created_at, updated_at, cwd, messages_json) VALUES (?, ?, ?, ?, ?, ?)").run(record.id, record.name ?? null, record.createdAt, record.updatedAt, record.cwd, JSON.stringify(record.messages));
+    }
+    else {
+        await appendJsonl(record);
+    }
+    return record;
+}
+export async function saveToolCall(sessionId, call, result) {
+    const record = {
+        id: newId(),
+        sessionId,
+        createdAt: new Date().toISOString(),
+        name: call.name,
+        args: call.args,
+        ok: result.ok,
+        exitCode: result.exitCode,
+        output: redactSecrets(result.output),
+    };
+    const db = await loadDatabase();
+    if (db) {
+        db.prepare("INSERT INTO tool_calls (id, session_id, created_at, name, args_json, ok, exit_code, output) VALUES (?, ?, ?, ?, ?, ?, ?, ?)").run(record.id, record.sessionId, record.createdAt, record.name, JSON.stringify(record.args), record.ok ? 1 : 0, record.exitCode ?? null, record.output);
+    }
+    return record;
+}
+function rowToSession(row) {
+    const data = row;
+    return {
+        id: data.id,
+        name: data.name ?? undefined,
+        createdAt: data.created_at,
+        updatedAt: data.updated_at,
+        cwd: data.cwd,
+        messages: JSON.parse(data.messages_json),
+    };
+}
+async function listJsonlSessions(limit) {
+    if (!existsSync(jsonlFile))
+        return [];
+    const raw = await readFile(jsonlFile, "utf8");
+    return raw
+        .split("\n")
+        .filter(Boolean)
+        .map((line) => JSON.parse(line))
+        .slice(-limit)
+        .reverse();
+}
+export async function listSessions(limit = 20) {
+    const db = await loadDatabase();
+    if (!db)
+        return listJsonlSessions(limit);
+    const rows = db
+        .prepare("SELECT id, name, created_at, updated_at, cwd, messages_json FROM sessions ORDER BY updated_at DESC LIMIT ?")
+        .all(limit);
+    return rows.map(rowToSession);
+}
+export async function getSession(sessionId) {
+    const db = await loadDatabase();
+    if (!db) {
+        return (await listJsonlSessions(Number.MAX_SAFE_INTEGER)).find((session) => session.id === sessionId);
+    }
+    const row = db
+        .prepare("SELECT id, name, created_at, updated_at, cwd, messages_json FROM sessions WHERE id = ?")
+        .get(sessionId);
+    return row ? rowToSession(row) : undefined;
+}
+export function getHistoryPath() {
+    return sqliteUnavailable ? jsonlFile : dbFile;
+}
+//# sourceMappingURL=history.js.map

package/dist/store/history.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"history.js","sourceRoot":"","sources":["../../src/store/history.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;AAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;AACpD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;AAmC1C,IAAI,QAAkC,CAAC;AACvC,IAAI,iBAAiB,GAAG,KAAK,CAAC;AAE9B,KAAK,UAAU,YAAY;IACzB,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,IAAI,iBAAiB;QAAE,OAAO,SAAS,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAEhC,CAAC;QACjB,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC;QAC1C,QAAQ,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;KAsBb,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB,GAAG,IAAI,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,KAAK;IACZ,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,aAAa,CAAC,QAAuB;IAC5C,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAChC,GAAG,OAAO;QACV,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC;KACxC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,MAAqB;IAC9C,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,UAAU,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAuB,EACvB,IAAyB;IAEzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,MAAM,GAAkB;QAC5B,EAAE,EAAE,KAAK,EAAE;QACX,IAAI;QACJ,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;QAClB,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC;KAClC,CAAC;IAEF,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,IAAI,EAAE,EAAE,CAAC;QACP,EAAE,CAAC,OAAO,CACR,uGAAuG,CACxG,CAAC,GAAG,CACH,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,IAAI,IAAI,IAAI,EACnB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,GAAG,EACV,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAChC,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,SAAiB,EACjB,IAAc,EACd,MAAkB;IAElB,MAAM,MAAM,GAAmB;QAC7B,EAAE,EAAE,KAAK,EAAE;QACX,SAAS;QACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC;KACrC,CAAC;IACF,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,IAAI,EAAE,EAAE,CAAC;QACP,EAAE,CAAC,OAAO,CACR,6HAA6H,CAC9H,CAAC,GAAG,CACH,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAC3B,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACjB,MAAM,CAAC,QAAQ,IAAI,IAAI,EACvB,MAAM,CAAC,MAAM,CACd,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,MAAM,IAAI,GAAG,GAOZ,CAAC;IACF,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,SAAS;QAC5B,SAAS,EAAE,IAAI,CAAC,UAAU;QAC1B,SAAS,EAAE,IAAI,CAAC,UAAU;QAC1B,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAkB;KAC1D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,KAAa;IAC5C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC9C,OAAO,GAAG;SACP,KAAK,CAAC,IAAI,CAAC;SACX,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkB,CAAC;SAChD,KAAK,CAAC,CAAC,KAAK,CAAC;SACb,OAAO,EAAE,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAK,GAAG,EAAE;IAC3C,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,IAAI,CAAC,EAAE;QAAE,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,EAAE;SACZ,OAAO,CACN,4GAA4G,CAC7G;SACA,GAAG,CAAC,KAAK,CAAC,CAAC;IACd,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,SAAiB;IAEjB,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,CAAC,MAAM,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAC5D,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,CACtC,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,EAAE;SACX,OAAO,CACN,wFAAwF,CACzF;SACA,GAAG,CAAC,SAAS,CAAC,CAAC;IAClB,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;AAChD,CAAC"}

package/dist/store/keys.d.ts

@@ -0,0 +1,10 @@
+import type { ProviderId, ProviderStatus } from '../types.js';
+export declare function getFallbackKeysPath(): string;
+export declare function envValue(provider: ProviderId): string | undefined;
+export declare function getProviderSecret(provider: ProviderId): Promise<{
+    value?: string;
+    source: ProviderStatus['source'];
+}>;
+export declare function setProviderSecret(provider: ProviderId, secret: string): Promise<'keychain' | 'fallback'>;
+export declare function unsetProviderSecret(provider: ProviderId): Promise<void>;
+export declare function listProviderStatuses(activeProvider: ProviderId): Promise<ProviderStatus[]>;

package/dist/store/keys.js

@@ -0,0 +1,115 @@
+import { chmod, mkdir, readFile, rm, writeFile } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+import { providerIds } from '../types.js';
+import { envVars, getDefaultModel, maskSecret } from '../llm/provider.js';
+import { getConfig } from './config.js';
+const serviceName = 'clai';
+const keychainModuleName = 'keytar';
+const keysFile = join(homedir(), '.clai', 'keys.json');
+async function loadKeytar() {
+    try {
+        const imported = (await import(keychainModuleName));
+        return imported.default ?? imported;
+    }
+    catch {
+        return undefined;
+    }
+}
+async function readFallback() {
+    if (!existsSync(keysFile)) {
+        return {};
+    }
+    const raw = await readFile(keysFile, 'utf8');
+    return JSON.parse(raw);
+}
+async function writeFallback(keys) {
+    await mkdir(dirname(keysFile), { recursive: true });
+    await writeFile(keysFile, `${JSON.stringify(keys, null, 2)}\n`, { mode: 0o600 });
+    if (process.platform !== 'win32') {
+        await chmod(keysFile, 0o600);
+    }
+}
+export function getFallbackKeysPath() {
+    return keysFile;
+}
+export function envValue(provider) {
+    const envVar = envVars[provider];
+    if (!envVar) {
+        return undefined;
+    }
+    const value = process.env[envVar];
+    return value && value.length > 0 ? value : undefined;
+}
+export async function getProviderSecret(provider) {
+    const env = envValue(provider);
+    if (env) {
+        return { value: env, source: provider === 'ollama' ? 'local' : 'env' };
+    }
+    if (provider === 'ollama') {
+        return { value: getConfig().ollamaHost, source: 'local' };
+    }
+    const keytar = await loadKeytar();
+    if (keytar) {
+        const fromKeychain = await keytar.getPassword(serviceName, provider);
+        if (fromKeychain) {
+            return { value: fromKeychain, source: 'keychain' };
+        }
+    }
+    const fallback = await readFallback();
+    const fromFallback = fallback[provider];
+    if (fromFallback) {
+        return { value: fromFallback, source: 'fallback' };
+    }
+    return { source: 'missing' };
+}
+export async function setProviderSecret(provider, secret) {
+    if (provider === 'ollama') {
+        return 'fallback';
+    }
+    const keytar = await loadKeytar();
+    if (keytar) {
+        await keytar.setPassword(serviceName, provider, secret);
+        return 'keychain';
+    }
+    const fallback = await readFallback();
+    fallback[provider] = secret;
+    await writeFallback(fallback);
+    return 'fallback';
+}
+export async function unsetProviderSecret(provider) {
+    const keytar = await loadKeytar();
+    if (keytar) {
+        await keytar.deletePassword(serviceName, provider);
+    }
+    if (existsSync(keysFile)) {
+        const fallback = await readFallback();
+        delete fallback[provider];
+        if (Object.keys(fallback).length === 0) {
+            await rm(keysFile, { force: true });
+        }
+        else {
+            await writeFallback(fallback);
+        }
+    }
+}
+export async function listProviderStatuses(activeProvider) {
+    const statuses = [];
+    for (const provider of providerIds) {
+        const secret = await getProviderSecret(provider);
+        const configured = Boolean(secret.value) || provider === 'ollama';
+        statuses.push({
+            provider,
+            label: provider,
+            active: provider === activeProvider,
+            configured,
+            source: secret.value ? secret.source : 'missing',
+            maskedKey: secret.value && provider !== 'ollama' ? maskSecret(secret.value) : undefined,
+            model: getDefaultModel(provider),
+            note: provider === 'ollama' ? secret.value : undefined,
+        });
+    }
+    return statuses;
+}
+//# sourceMappingURL=keys.js.map

package/dist/store/keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/store/keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC3B,MAAM,kBAAkB,GAAG,QAAQ,CAAC;AACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;AAUvD,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAA0C,CAAC;QAC7F,OAAO,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;AACzC,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,IAAkB;IAC7C,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,QAAoB;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAoB;IAC1D,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/B,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IACzE,CAAC;IAED,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACrE,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAoB,EAAE,MAAc;IAC1E,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACxD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,QAAQ,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;IAC5B,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC9B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,QAAoB;IAC5D,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,MAAM,CAAC,cAAc,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;QACtC,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC1B,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,cAA0B;IACnE,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,QAAQ,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ;YACR,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,QAAQ,KAAK,cAAc;YACnC,UAAU;YACV,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YAChD,SAAS,EAAE,MAAM,CAAC,KAAK,IAAI,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;YACvF,KAAK,EAAE,eAAe,CAAC,QAAQ,CAAC;YAChC,IAAI,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACvD,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/store/logs.d.ts

@@ -0,0 +1,2 @@
+export declare function getLogPath(): string;
+export declare function auditLog(event: string, payload?: unknown): Promise<void>;

package/dist/store/logs.js

@@ -0,0 +1,31 @@
+import { mkdir, readdir, rename, stat, appendFile } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { redactSecrets } from '../llm/provider.js';
+const logsDir = join(homedir(), '.clai', 'logs');
+const maxLogBytes = 10 * 1024 * 1024;
+function today() {
+    return new Date().toISOString().slice(0, 10).replaceAll('-', '');
+}
+export function getLogPath() {
+    return join(logsDir, `clai-${today()}.log`);
+}
+async function rotateIfNeeded(path) {
+    if (!existsSync(path))
+        return;
+    const info = await stat(path);
+    if (info.size < maxLogBytes)
+        return;
+    const siblings = await readdir(logsDir).catch(() => []);
+    const count = siblings.filter((name) => name.startsWith(`clai-${today()}.log.`)).length + 1;
+    await rename(path, `${path}.${count}`);
+}
+export async function auditLog(event, payload = {}) {
+    await mkdir(logsDir, { recursive: true });
+    const path = getLogPath();
+    await rotateIfNeeded(path);
+    const entry = redactSecrets(JSON.stringify({ at: new Date().toISOString(), event, payload }));
+    await appendFile(path, `${entry}\n`, 'utf8');
+}
+//# sourceMappingURL=logs.js.map

package/dist/store/logs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logs.js","sourceRoot":"","sources":["../../src/store/logs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;AACjD,MAAM,WAAW,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAErC,SAAS,KAAK;IACZ,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO,IAAI,CAAC,OAAO,EAAE,QAAQ,KAAK,EAAE,MAAM,CAAC,CAAC;AAC9C,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,IAAY;IACxC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO;IAC9B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAI,IAAI,CAAC,IAAI,GAAG,WAAW;QAAE,OAAO;IACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5F,MAAM,MAAM,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,KAAa,EAAE,UAAmB,EAAE;IACjE,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;IAC1B,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAC9F,MAAM,UAAU,CAAC,IAAI,EAAE,GAAG,KAAK,IAAI,EAAE,MAAM,CAAC,CAAC;AAC/C,CAAC"}

package/dist/store/project.d.ts

@@ -0,0 +1,2 @@
+export declare function loadProjectContext(): Promise<string | undefined>;
+export declare function getProjectContextPath(): string;

package/dist/store/project.js

@@ -0,0 +1,14 @@
+import { existsSync } from 'node:fs';
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+const contextFile = join(process.cwd(), '.clai', 'context.md');
+export async function loadProjectContext() {
+    if (!existsSync(contextFile))
+        return undefined;
+    const content = await readFile(contextFile, 'utf8');
+    return content.trim().length > 0 ? content.trim() : undefined;
+}
+export function getProjectContextPath() {
+    return contextFile;
+}
+//# sourceMappingURL=project.js.map

package/dist/store/project.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.js","sourceRoot":"","sources":["../../src/store/project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;AAE/D,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,SAAS,CAAC;IAC/C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACpD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,WAAW,CAAC;AACrB,CAAC"}

package/dist/tools/fs.d.ts

@@ -0,0 +1,5 @@
+import type { ToolResult } from "../types.js";
+export declare function fsRead(path: string): Promise<ToolResult>;
+export declare function fsWrite(path: string, content: string): Promise<ToolResult>;
+export declare function fsList(path: string): Promise<ToolResult>;
+export declare function fsSearch(pattern: string, path?: string): Promise<ToolResult>;