@pentoshi/clai 0.5.10 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent/context-manager.d.ts +27 -0
- package/dist/agent/context-manager.js +75 -0
- package/dist/agent/context-manager.js.map +1 -0
- package/dist/agent/runner.d.ts +21 -1
- package/dist/agent/runner.js +120 -30
- package/dist/agent/runner.js.map +1 -1
- package/dist/commands/doctor.js +21 -3
- package/dist/commands/doctor.js.map +1 -1
- package/dist/commands/update.js +11 -2
- package/dist/commands/update.js.map +1 -1
- package/dist/context/manager.d.ts +4 -0
- package/dist/context/manager.js +48 -0
- package/dist/context/manager.js.map +1 -0
- package/dist/index.js +156 -5
- package/dist/index.js.map +1 -1
- package/dist/llm/anthropic.js +29 -38
- package/dist/llm/anthropic.js.map +1 -1
- package/dist/llm/gemini.js +31 -40
- package/dist/llm/gemini.js.map +1 -1
- package/dist/llm/http.d.ts +21 -0
- package/dist/llm/http.js +140 -1
- package/dist/llm/http.js.map +1 -1
- package/dist/llm/ollama.js +18 -27
- package/dist/llm/ollama.js.map +1 -1
- package/dist/llm/router.d.ts +7 -0
- package/dist/llm/router.js +15 -9
- package/dist/llm/router.js.map +1 -1
- package/dist/modes/agent.d.ts +4 -2
- package/dist/modes/agent.js +2 -2
- package/dist/modes/agent.js.map +1 -1
- package/dist/os/pkgmgr.d.ts +7 -1
- package/dist/os/pkgmgr.js +97 -18
- package/dist/os/pkgmgr.js.map +1 -1
- package/dist/prompts/index.d.ts +7 -0
- package/dist/prompts/index.js +12 -4
- package/dist/prompts/index.js.map +1 -1
- package/dist/repl.d.ts +1 -0
- package/dist/repl.js +283 -18
- package/dist/repl.js.map +1 -1
- package/dist/safety/classifier.d.ts +5 -1
- package/dist/safety/classifier.js +254 -29
- package/dist/safety/classifier.js.map +1 -1
- package/dist/safety/patterns.d.ts +48 -1
- package/dist/safety/patterns.js +129 -13
- package/dist/safety/patterns.js.map +1 -1
- package/dist/store/config.d.ts +21 -1
- package/dist/store/config.js +28 -7
- package/dist/store/config.js.map +1 -1
- package/dist/store/history.d.ts +9 -0
- package/dist/store/history.js +58 -1
- package/dist/store/history.js.map +1 -1
- package/dist/store/keys.d.ts +2 -1
- package/dist/store/keys.js +8 -4
- package/dist/store/keys.js.map +1 -1
- package/dist/store/logs.d.ts +7 -0
- package/dist/store/logs.js +39 -1
- package/dist/store/logs.js.map +1 -1
- package/dist/store/project.d.ts +1 -0
- package/dist/store/project.js +34 -7
- package/dist/store/project.js.map +1 -1
- package/dist/store/scope.d.ts +29 -0
- package/dist/store/scope.js +113 -0
- package/dist/store/scope.js.map +1 -0
- package/dist/tools/artifacts.d.ts +9 -0
- package/dist/tools/artifacts.js +38 -0
- package/dist/tools/artifacts.js.map +1 -0
- package/dist/tools/fs.d.ts +6 -2
- package/dist/tools/fs.js +95 -17
- package/dist/tools/fs.js.map +1 -1
- package/dist/tools/http.d.ts +5 -2
- package/dist/tools/http.js +177 -8
- package/dist/tools/http.js.map +1 -1
- package/dist/tools/policies/output-policy.d.ts +13 -0
- package/dist/tools/policies/output-policy.js +56 -0
- package/dist/tools/policies/output-policy.js.map +1 -0
- package/dist/tools/reducers/ffuf.d.ts +6 -0
- package/dist/tools/reducers/ffuf.js +74 -0
- package/dist/tools/reducers/ffuf.js.map +1 -0
- package/dist/tools/reducers/generic.d.ts +2 -0
- package/dist/tools/reducers/generic.js +60 -0
- package/dist/tools/reducers/generic.js.map +1 -0
- package/dist/tools/reducers/gobuster.d.ts +2 -0
- package/dist/tools/reducers/gobuster.js +36 -0
- package/dist/tools/reducers/gobuster.js.map +1 -0
- package/dist/tools/reducers/httpx.d.ts +2 -0
- package/dist/tools/reducers/httpx.js +38 -0
- package/dist/tools/reducers/httpx.js.map +1 -0
- package/dist/tools/reducers/nmap.d.ts +7 -0
- package/dist/tools/reducers/nmap.js +82 -0
- package/dist/tools/reducers/nmap.js.map +1 -0
- package/dist/tools/reducers/nuclei.d.ts +2 -0
- package/dist/tools/reducers/nuclei.js +51 -0
- package/dist/tools/reducers/nuclei.js.map +1 -0
- package/dist/tools/reducers/sqlmap.d.ts +2 -0
- package/dist/tools/reducers/sqlmap.js +39 -0
- package/dist/tools/reducers/sqlmap.js.map +1 -0
- package/dist/tools/reducers/subdomains.d.ts +6 -0
- package/dist/tools/reducers/subdomains.js +31 -0
- package/dist/tools/reducers/subdomains.js.map +1 -0
- package/dist/tools/reducers/types.d.ts +14 -0
- package/dist/tools/reducers/types.js +2 -0
- package/dist/tools/reducers/types.js.map +1 -0
- package/dist/tools/registry.d.ts +1 -1
- package/dist/tools/registry.js +224 -43
- package/dist/tools/registry.js.map +1 -1
- package/dist/tools/shell.d.ts +45 -0
- package/dist/tools/shell.js +430 -12
- package/dist/tools/shell.js.map +1 -1
- package/dist/tools/validate.d.ts +37 -0
- package/dist/tools/validate.js +144 -0
- package/dist/tools/validate.js.map +1 -0
- package/dist/types.d.ts +8 -0
- package/dist/ui/keys.d.ts +21 -0
- package/dist/ui/keys.js +13 -0
- package/dist/ui/keys.js.map +1 -0
- package/dist/ui/output-pane.d.ts +31 -0
- package/dist/ui/output-pane.js +81 -0
- package/dist/ui/output-pane.js.map +1 -0
- package/dist/ui/tool-output.d.ts +18 -0
- package/dist/ui/tool-output.js +135 -0
- package/dist/ui/tool-output.js.map +1 -0
- package/package.json +1 -1
|
@@ -1,5 +1,52 @@
|
|
|
1
1
|
export declare const destructiveCommandPatterns: RegExp[];
|
|
2
2
|
export declare const exfiltrationPatterns: RegExp[];
|
|
3
3
|
export declare const networkScanTools: string[];
|
|
4
|
-
/**
|
|
4
|
+
/**
|
|
5
|
+
* Commands that never mutate state and never expose secrets through their
|
|
6
|
+
* default arguments. Powerful commands whose arguments can leak data
|
|
7
|
+
* (cat, env, python, node, git, npm, pip, tee, xargs, curl, wget) are
|
|
8
|
+
* intentionally NOT here — they fall through to `subcommandSafeMap` or
|
|
9
|
+
* to the metacharacter-aware confirm path in classifier.ts.
|
|
10
|
+
*/
|
|
5
11
|
export declare const readOnlyShellCommands: Set<string>;
|
|
12
|
+
/**
|
|
13
|
+
* Subcommand allowlist for powerful CLIs. The classifier treats
|
|
14
|
+
* `<cmd> <subcmd> …` as safe iff `subcommandSafeMap[cmd]` contains
|
|
15
|
+
* `subcmd`. Anything else falls through to confirm.
|
|
16
|
+
*
|
|
17
|
+
* `config` is intentionally NOT here for git/npm/pnpm/yarn — `git config
|
|
18
|
+
* --global ...` and `npm config set ...` mutate user-level state and
|
|
19
|
+
* should always confirm. Read-only forms (`git config --get foo`,
|
|
20
|
+
* `npm config get registry`) are caught by `mutatingArgPatterns` below
|
|
21
|
+
* so they can still auto-execute when the args are clearly read-only.
|
|
22
|
+
*/
|
|
23
|
+
export declare const subcommandSafeMap: Record<string, Set<string>>;
|
|
24
|
+
/**
|
|
25
|
+
* Patterns that move an otherwise-safe-looking command into the
|
|
26
|
+
* confirm bucket because their arguments mutate state, exfiltrate
|
|
27
|
+
* data, or escape into another shell:
|
|
28
|
+
* - `sed -i …` in-place file rewrite
|
|
29
|
+
* - `awk … system(...)` shell-out via awk's system()
|
|
30
|
+
* - `awk … |getline …` arbitrary command via getline
|
|
31
|
+
* - `find … -exec …` run arbitrary commands
|
|
32
|
+
* - `find … -delete` delete matched files
|
|
33
|
+
* - `git config --global` / `git config --system` write user/system git config
|
|
34
|
+
* - `npm config set …` persist npm/yarn/pnpm config
|
|
35
|
+
* - `<cmd> --output-document=…` / `-o …` for fetchers (curl/wget) when
|
|
36
|
+
* not GET — handled separately, but pattern caught here for safety
|
|
37
|
+
*/
|
|
38
|
+
export declare const mutatingArgPatterns: RegExp[];
|
|
39
|
+
export declare function commandHasMutatingArg(command: string): boolean;
|
|
40
|
+
/**
|
|
41
|
+
* Paths that should never be read by an agent without explicit confirmation.
|
|
42
|
+
* Matched against the resolved (tilde-expanded) absolute path of any tool
|
|
43
|
+
* that takes a `path` argument, AND against shell command strings for
|
|
44
|
+
* `cat`/`less`/`more`/`head`/`tail`/`view`/`bat`.
|
|
45
|
+
*/
|
|
46
|
+
export declare const secretPathPatterns: RegExp[];
|
|
47
|
+
/**
|
|
48
|
+
* Returns true if `path` (already resolved to an absolute path) points at
|
|
49
|
+
* a known secret location.
|
|
50
|
+
*/
|
|
51
|
+
export declare function isSecretPath(path: string): boolean;
|
|
52
|
+
export declare function containsShellMetacharacter(command: string): boolean;
|
package/dist/safety/patterns.js
CHANGED
|
@@ -17,31 +17,147 @@ export const exfiltrationPatterns = [
|
|
|
17
17
|
/base64\s+.*\|\s*(curl|wget|nc)/i,
|
|
18
18
|
];
|
|
19
19
|
export const networkScanTools = ['nmap', 'masscan', 'nikto', 'sqlmap', 'gobuster', 'ffuf', 'hydra', 'dirb', 'wfuzz', 'nuclei'];
|
|
20
|
-
/**
|
|
20
|
+
/**
|
|
21
|
+
* Commands that never mutate state and never expose secrets through their
|
|
22
|
+
* default arguments. Powerful commands whose arguments can leak data
|
|
23
|
+
* (cat, env, python, node, git, npm, pip, tee, xargs, curl, wget) are
|
|
24
|
+
* intentionally NOT here — they fall through to `subcommandSafeMap` or
|
|
25
|
+
* to the metacharacter-aware confirm path in classifier.ts.
|
|
26
|
+
*/
|
|
21
27
|
export const readOnlyShellCommands = new Set([
|
|
22
28
|
// system info
|
|
23
29
|
'whoami', 'hostname', 'uname', 'uptime', 'date', 'id', 'arch', 'sw_vers',
|
|
24
|
-
'lsb_release', 'hostnamectl', '
|
|
30
|
+
'lsb_release', 'hostnamectl', 'locale', 'ulimit',
|
|
25
31
|
'pwd', 'cd', 'test', 'true', 'false', 'basename', 'dirname',
|
|
26
|
-
// file inspection (read-only
|
|
27
|
-
|
|
32
|
+
// file inspection (read-only listings; cat/head/tail can leak secrets so they
|
|
33
|
+
// are subcommand-checked separately for known-safe paths)
|
|
34
|
+
'ls', 'dir', 'wc', 'file', 'stat',
|
|
28
35
|
'find', 'which', 'where', 'whereis', 'type', 'readlink', 'realpath',
|
|
29
36
|
'tree', 'du', 'df', 'lsof', 'md5', 'md5sum', 'sha256sum', 'shasum',
|
|
30
37
|
// networking info
|
|
31
38
|
'ifconfig', 'ipconfig', 'ip', 'ping', 'traceroute', 'tracert', 'dig',
|
|
32
|
-
'nslookup', 'host', 'whois', '
|
|
39
|
+
'nslookup', 'host', 'whois', 'netstat', 'ss', 'route',
|
|
33
40
|
'arp', 'iwconfig', 'nmcli',
|
|
34
41
|
// process info
|
|
35
42
|
'ps', 'top', 'htop', 'pgrep', 'lscpu', 'free', 'vmstat', 'iostat',
|
|
36
|
-
// text processing
|
|
43
|
+
// text processing (operate on stdin/files — safe by themselves)
|
|
37
44
|
'echo', 'printf', 'grep', 'egrep', 'fgrep', 'rg', 'ag', 'awk', 'sed',
|
|
38
|
-
'sort', 'uniq', 'cut', 'tr', 'diff', 'comm', '
|
|
39
|
-
//
|
|
40
|
-
'git',
|
|
41
|
-
// package query
|
|
42
|
-
'dpkg', 'rpm', 'brew', 'pip', 'npm', 'node', 'python', 'python3', 'ruby',
|
|
43
|
-
// recon / scanning (pentest auth covers ethics — classified separately)
|
|
45
|
+
'sort', 'uniq', 'cut', 'tr', 'diff', 'comm', 'jq',
|
|
46
|
+
// recon / scanning that classifier already gates separately
|
|
44
47
|
'whatweb', 'wpscan',
|
|
45
|
-
'sublist3r', 'amass', 'subfinder', 'httpx',
|
|
48
|
+
'sublist3r', 'amass', 'subfinder', 'httpx',
|
|
46
49
|
]);
|
|
50
|
+
/**
|
|
51
|
+
* Subcommand allowlist for powerful CLIs. The classifier treats
|
|
52
|
+
* `<cmd> <subcmd> …` as safe iff `subcommandSafeMap[cmd]` contains
|
|
53
|
+
* `subcmd`. Anything else falls through to confirm.
|
|
54
|
+
*
|
|
55
|
+
* `config` is intentionally NOT here for git/npm/pnpm/yarn — `git config
|
|
56
|
+
* --global ...` and `npm config set ...` mutate user-level state and
|
|
57
|
+
* should always confirm. Read-only forms (`git config --get foo`,
|
|
58
|
+
* `npm config get registry`) are caught by `mutatingArgPatterns` below
|
|
59
|
+
* so they can still auto-execute when the args are clearly read-only.
|
|
60
|
+
*/
|
|
61
|
+
export const subcommandSafeMap = {
|
|
62
|
+
git: new Set([
|
|
63
|
+
'status', 'log', 'diff', 'show', 'branch', 'tag',
|
|
64
|
+
'remote', 'rev-parse', 'describe', 'blame',
|
|
65
|
+
'shortlog', 'reflog', 'stash', 'ls-files', 'ls-tree',
|
|
66
|
+
]),
|
|
67
|
+
npm: new Set([
|
|
68
|
+
'view', 'list', 'ls', 'outdated', 'audit', 'info',
|
|
69
|
+
'search', 'whoami', 'help', 'ping',
|
|
70
|
+
]),
|
|
71
|
+
pnpm: new Set([
|
|
72
|
+
'list', 'ls', 'outdated', 'why', 'view', 'info', 'help',
|
|
73
|
+
]),
|
|
74
|
+
yarn: new Set([
|
|
75
|
+
'list', 'why', 'outdated', 'info', 'help',
|
|
76
|
+
]),
|
|
77
|
+
pip: new Set(['show', 'list', 'freeze', 'check', 'help']),
|
|
78
|
+
pip3: new Set(['show', 'list', 'freeze', 'check', 'help']),
|
|
79
|
+
brew: new Set(['list', 'info', 'search', 'outdated', 'help', 'doctor', 'deps']),
|
|
80
|
+
apt: new Set(['list', 'search', 'show', 'help']),
|
|
81
|
+
dpkg: new Set(['-l', '-s', '-L', '--list', '--status', '--listfiles']),
|
|
82
|
+
rpm: new Set(['-q', '-qa', '-qi', '-ql', '--query']),
|
|
83
|
+
docker: new Set(['ps', 'images', 'inspect', 'logs', 'version', 'info', 'history']),
|
|
84
|
+
kubectl: new Set(['get', 'describe', 'logs', 'version', 'cluster-info', 'api-resources', 'api-versions']),
|
|
85
|
+
};
|
|
86
|
+
/**
|
|
87
|
+
* Patterns that move an otherwise-safe-looking command into the
|
|
88
|
+
* confirm bucket because their arguments mutate state, exfiltrate
|
|
89
|
+
* data, or escape into another shell:
|
|
90
|
+
* - `sed -i …` in-place file rewrite
|
|
91
|
+
* - `awk … system(...)` shell-out via awk's system()
|
|
92
|
+
* - `awk … |getline …` arbitrary command via getline
|
|
93
|
+
* - `find … -exec …` run arbitrary commands
|
|
94
|
+
* - `find … -delete` delete matched files
|
|
95
|
+
* - `git config --global` / `git config --system` write user/system git config
|
|
96
|
+
* - `npm config set …` persist npm/yarn/pnpm config
|
|
97
|
+
* - `<cmd> --output-document=…` / `-o …` for fetchers (curl/wget) when
|
|
98
|
+
* not GET — handled separately, but pattern caught here for safety
|
|
99
|
+
*/
|
|
100
|
+
export const mutatingArgPatterns = [
|
|
101
|
+
/\bsed\b[^|]*\s-i(?:[^a-z]|$)/i,
|
|
102
|
+
/\bawk\b[^|]*\bsystem\s*\(/i,
|
|
103
|
+
/\bawk\b[^|]*\|\s*getline\b/i,
|
|
104
|
+
/\bfind\b[^|]*\s-(?:exec|execdir|delete|ok|okdir)\b/i,
|
|
105
|
+
/\bgit\s+config\s+(?:--global|--system|--add|--unset|--replace-all|[^-\s]+\s+\S)/i,
|
|
106
|
+
/\bnpm\s+config\s+(?:set|delete|edit)\b/i,
|
|
107
|
+
/\bpnpm\s+config\s+(?:set|delete|edit)\b/i,
|
|
108
|
+
/\byarn\s+config\s+(?:set|delete)\b/i,
|
|
109
|
+
/\bbrew\s+(?:install|uninstall|upgrade|reinstall|cask|services\s+(?:start|stop|restart|run))\b/i,
|
|
110
|
+
/\bdocker\s+(?:run|exec|build|push|pull|rm|rmi|stop|kill|start|restart|cp|commit|login)\b/i,
|
|
111
|
+
/\bkubectl\s+(?:apply|create|delete|edit|patch|replace|exec|cp|drain|rollout|scale|attach|run|label|annotate|cordon|uncordon)\b/i,
|
|
112
|
+
];
|
|
113
|
+
export function commandHasMutatingArg(command) {
|
|
114
|
+
return mutatingArgPatterns.some((pattern) => pattern.test(command));
|
|
115
|
+
}
|
|
116
|
+
/**
|
|
117
|
+
* Paths that should never be read by an agent without explicit confirmation.
|
|
118
|
+
* Matched against the resolved (tilde-expanded) absolute path of any tool
|
|
119
|
+
* that takes a `path` argument, AND against shell command strings for
|
|
120
|
+
* `cat`/`less`/`more`/`head`/`tail`/`view`/`bat`.
|
|
121
|
+
*/
|
|
122
|
+
export const secretPathPatterns = [
|
|
123
|
+
/\/\.ssh(\/|$)/,
|
|
124
|
+
/\/\.gnupg(\/|$)/,
|
|
125
|
+
/\/\.aws(\/|$)/,
|
|
126
|
+
/\/\.kube(\/|$)/,
|
|
127
|
+
/\/\.docker\/config\.json$/,
|
|
128
|
+
/\/\.npmrc$/,
|
|
129
|
+
/\/\.pypirc$/,
|
|
130
|
+
/\/\.netrc$/,
|
|
131
|
+
/\/\.env(\.[\w.-]+)?$/,
|
|
132
|
+
/\/\.git-credentials$/,
|
|
133
|
+
/\/\.clai\/keys\.json$/,
|
|
134
|
+
/\/id_rsa(\.|$)/,
|
|
135
|
+
/\/id_ed25519(\.|$)/,
|
|
136
|
+
/\/id_ecdsa(\.|$)/,
|
|
137
|
+
/\.pem$/,
|
|
138
|
+
/\.p12$/,
|
|
139
|
+
/\.pfx$/,
|
|
140
|
+
/\/etc\/shadow$/,
|
|
141
|
+
/\/etc\/gshadow$/,
|
|
142
|
+
];
|
|
143
|
+
/**
|
|
144
|
+
* Returns true if `path` (already resolved to an absolute path) points at
|
|
145
|
+
* a known secret location.
|
|
146
|
+
*/
|
|
147
|
+
export function isSecretPath(path) {
|
|
148
|
+
// Normalize backslashes so Windows paths match the unix-style patterns too.
|
|
149
|
+
const normalized = path.replace(/\\/g, '/');
|
|
150
|
+
return secretPathPatterns.some((pattern) => pattern.test(normalized));
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Shell metacharacters that change the semantics of a command. When any of
|
|
154
|
+
* these appear, even a base command on the read-only allowlist falls
|
|
155
|
+
* through to confirm, because the arguments could mutate state or exfil
|
|
156
|
+
* data. Inside single/double quotes we still treat the command as
|
|
157
|
+
* compound — better to over-confirm than under-confirm.
|
|
158
|
+
*/
|
|
159
|
+
const SHELL_METACHAR_RE = /(?:\|\||&&|\||;|`|\$\(|<\(|>\(|>>|>|<<|<|\bsudo\b)/;
|
|
160
|
+
export function containsShellMetacharacter(command) {
|
|
161
|
+
return SHELL_METACHAR_RE.test(command);
|
|
162
|
+
}
|
|
47
163
|
//# sourceMappingURL=patterns.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/safety/patterns.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,sBAAsB;IACtB,uBAAuB;IACvB,qCAAqC;IACrC,oBAAoB;IACpB,2BAA2B;IAC3B,4BAA4B;IAC5B,+BAA+B;IAC/B,kCAAkC;CACnC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,mBAAmB;IACnB,mBAAmB;IACnB,gCAAgC;IAChC,6BAA6B;IAC7B,6CAA6C;IAC7C,iCAAiC;CAClC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;AAE/H
|
|
1
|
+
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/safety/patterns.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,sBAAsB;IACtB,uBAAuB;IACvB,qCAAqC;IACrC,oBAAoB;IACpB,2BAA2B;IAC3B,4BAA4B;IAC5B,+BAA+B;IAC/B,kCAAkC;CACnC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,mBAAmB;IACnB,mBAAmB;IACnB,gCAAgC;IAChC,6BAA6B;IAC7B,6CAA6C;IAC7C,iCAAiC;CAClC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;AAE/H;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IAC3C,cAAc;IACd,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS;IACxE,aAAa,EAAE,aAAa,EAAE,QAAQ,EAAE,QAAQ;IAChD,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS;IAC3D,8EAA8E;IAC9E,0DAA0D;IAC1D,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM;IACjC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;IACnE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ;IAClE,kBAAkB;IAClB,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,KAAK;IACpE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO;IACrD,KAAK,EAAE,UAAU,EAAE,OAAO;IAC1B,eAAe;IACf,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IACjE,gEAAgE;IAChE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK;IACpE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI;IACjD,4DAA4D;IAC5D,SAAS,EAAE,QAAQ;IACnB,WAAW,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO;CAC3C,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAgC;IAC5D,GAAG,EAAE,IAAI,GAAG,CAAC;QACX,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK;QAChD,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO;QAC1C,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS;KACrD,CAAC;IACF,GAAG,EAAE,IAAI,GAAG,CAAC;QACX,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM;QACjD,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM;KACnC,CAAC;IACF,IAAI,EAAE,IAAI,GAAG,CAAC;QACZ,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;KACxD,CAAC;IACF,IAAI,EAAE,IAAI,GAAG,CAAC;QACZ,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM;KAC1C,CAAC;IACF,GAAG,EAAE,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACzD,IAAI,EAAE,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1D,IAAI,EAAE,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC/E,GAAG,EAAE,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAChD,IAAI,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IACtE,GAAG,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;IACpD,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAClF,OAAO,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,CAAC,CAAC;CAC1G,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAa;IAC3C,+BAA+B;IAC/B,4BAA4B;IAC5B,6BAA6B;IAC7B,qDAAqD;IACrD,kFAAkF;IAClF,yCAAyC;IACzC,0CAA0C;IAC1C,qCAAqC;IACrC,gGAAgG;IAChG,2FAA2F;IAC3F,iIAAiI;CAClI,CAAC;AAEF,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACtE,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAa;IAC1C,eAAe;IACf,iBAAiB;IACjB,eAAe;IACf,gBAAgB;IAChB,2BAA2B;IAC3B,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,sBAAsB;IACtB,sBAAsB;IACtB,uBAAuB;IACvB,gBAAgB;IAChB,oBAAoB;IACpB,kBAAkB;IAClB,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,gBAAgB;IAChB,iBAAiB;CAClB,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,4EAA4E;IAC5E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC5C,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,iBAAiB,GAAG,oDAAoD,CAAC;AAE/E,MAAM,UAAU,0BAA0B,CAAC,OAAe;IACxD,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC"}
|
package/dist/store/config.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import type { Mode, ProviderId, ReasoningPreference } from
|
|
1
|
+
import type { Mode, ProviderId, ReasoningPreference } from "../types.js";
|
|
2
|
+
export type ProviderCategory = "local" | "free-cloud" | "paid-cloud";
|
|
2
3
|
export interface ClaiConfig {
|
|
3
4
|
defaultProvider: ProviderId;
|
|
4
5
|
defaultModel: string;
|
|
@@ -11,7 +12,26 @@ export interface ClaiConfig {
|
|
|
11
12
|
telemetry: boolean;
|
|
12
13
|
lastUpdateCheck: number;
|
|
13
14
|
thinking: ReasoningPreference;
|
|
15
|
+
/** When true, exclude paid-cloud providers from the fallback chain. */
|
|
16
|
+
freeOnly: boolean;
|
|
17
|
+
/** When true, suppress non-essential outbound calls (update check). */
|
|
18
|
+
offline: boolean;
|
|
19
|
+
/** When true, the agent only accepts ```tool / XML / Kimi sentinel tool calls. */
|
|
20
|
+
parserStrict: boolean;
|
|
21
|
+
/** When true, suppress writing chat history (in-memory only). */
|
|
22
|
+
privateMode: boolean;
|
|
23
|
+
/** Max number of session records kept in JSONL history (0 = unlimited). */
|
|
24
|
+
historyRetentionLimit: number;
|
|
25
|
+
/** When true, fs.read/list/search must stay within sandboxRoots ∪ {cwd, $HOME}. */
|
|
26
|
+
sandboxReads: boolean;
|
|
14
27
|
}
|
|
28
|
+
/**
|
|
29
|
+
* Best-effort classification for the built-in providers. Some "free-cloud"
|
|
30
|
+
* providers have paid tiers too — the label reflects what the default keys
|
|
31
|
+
* usually buy you. Users who set up paid OpenAI/Anthropic keys can flip
|
|
32
|
+
* freeOnly off to opt back into them.
|
|
33
|
+
*/
|
|
34
|
+
export declare const providerCategory: Record<ProviderId, ProviderCategory>;
|
|
15
35
|
export declare function getConfig(): ClaiConfig;
|
|
16
36
|
export declare function updateConfig(patch: Partial<ClaiConfig>): ClaiConfig;
|
|
17
37
|
export declare function setDefaultProvider(provider: ProviderId): ClaiConfig;
|
package/dist/store/config.js
CHANGED
|
@@ -1,20 +1,41 @@
|
|
|
1
|
-
import Conf from
|
|
2
|
-
import { defaultModels } from
|
|
1
|
+
import Conf from "conf";
|
|
2
|
+
import { defaultModels } from "../llm/provider.js";
|
|
3
|
+
/**
|
|
4
|
+
* Best-effort classification for the built-in providers. Some "free-cloud"
|
|
5
|
+
* providers have paid tiers too — the label reflects what the default keys
|
|
6
|
+
* usually buy you. Users who set up paid OpenAI/Anthropic keys can flip
|
|
7
|
+
* freeOnly off to opt back into them.
|
|
8
|
+
*/
|
|
9
|
+
export const providerCategory = {
|
|
10
|
+
groq: "free-cloud",
|
|
11
|
+
gemini: "free-cloud",
|
|
12
|
+
openrouter: "free-cloud",
|
|
13
|
+
nvidia: "free-cloud",
|
|
14
|
+
ollama: "local",
|
|
15
|
+
openai: "paid-cloud",
|
|
16
|
+
anthropic: "paid-cloud",
|
|
17
|
+
};
|
|
3
18
|
const defaults = {
|
|
4
|
-
defaultProvider:
|
|
19
|
+
defaultProvider: "nvidia",
|
|
5
20
|
defaultModel: defaultModels.nvidia,
|
|
6
|
-
defaultMode:
|
|
21
|
+
defaultMode: "ask",
|
|
7
22
|
providerModels: {},
|
|
8
23
|
allowAlwaysTools: [],
|
|
9
24
|
pentestAuthorized: false,
|
|
10
25
|
sandboxRoots: [process.cwd()],
|
|
11
|
-
ollamaHost:
|
|
26
|
+
ollamaHost: "http://localhost:11434",
|
|
12
27
|
telemetry: false,
|
|
13
28
|
lastUpdateCheck: 0,
|
|
14
|
-
thinking: { enabled: false, effort:
|
|
29
|
+
thinking: { enabled: false, effort: "medium" },
|
|
30
|
+
freeOnly: false,
|
|
31
|
+
offline: false,
|
|
32
|
+
parserStrict: false,
|
|
33
|
+
privateMode: false,
|
|
34
|
+
historyRetentionLimit: 200,
|
|
35
|
+
sandboxReads: true,
|
|
15
36
|
};
|
|
16
37
|
const store = new Conf({
|
|
17
|
-
projectName:
|
|
38
|
+
projectName: "clai",
|
|
18
39
|
...(process.env.CLAI_CONFIG_DIR ? { cwd: process.env.CLAI_CONFIG_DIR } : {}),
|
|
19
40
|
defaults,
|
|
20
41
|
});
|
package/dist/store/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/store/config.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/store/config.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AA8BnD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAyC;IACpE,IAAI,EAAE,YAAY;IAClB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,YAAY;IACxB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,OAAO;IACf,MAAM,EAAE,YAAY;IACpB,SAAS,EAAE,YAAY;CACxB,CAAC;AAEF,MAAM,QAAQ,GAAe;IAC3B,eAAe,EAAE,QAAQ;IACzB,YAAY,EAAE,aAAa,CAAC,MAAM;IAClC,WAAW,EAAE,KAAK;IAClB,cAAc,EAAE,EAAE;IAClB,gBAAgB,EAAE,EAAE;IACpB,iBAAiB,EAAE,KAAK;IACxB,YAAY,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAC7B,UAAU,EAAE,wBAAwB;IACpC,SAAS,EAAE,KAAK;IAChB,eAAe,EAAE,CAAC;IAClB,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC9C,QAAQ,EAAE,KAAK;IACf,OAAO,EAAE,KAAK;IACd,YAAY,EAAE,KAAK;IACnB,WAAW,EAAE,KAAK;IAClB,qBAAqB,EAAE,GAAG;IAC1B,YAAY,EAAE,IAAI;CACnB,CAAC;AAEF,MAAM,KAAK,GAAG,IAAI,IAAI,CAAa;IACjC,WAAW,EAAE,MAAM;IACnB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5E,QAAQ;CACT,CAAC,CAAC;AAEH,MAAM,UAAU,SAAS;IACvB,OAAO,KAAK,CAAC,KAAK,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAA0B;IACrD,MAAM,IAAI,GAAG,EAAE,GAAG,SAAS,EAAE,EAAE,GAAG,KAAK,EAAuB,CAAC;IAC/D,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;IACnB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAoB;IACrD,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO,YAAY,CAAC,EAAE,eAAe,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAAU;IACvC,OAAO,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAoB,EACpB,KAAa;IAEb,MAAM,OAAO,GAAG,SAAS,EAAE,CAAC;IAC5B,MAAM,cAAc,GAAG,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC;IACxE,OAAO,YAAY,CAAC,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAoB;IACnD,MAAM,UAAU,GAAG,SAAS,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,OAAO,UAAU,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,KAAK,CAAC,IAAI,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAmC;IAC7D,MAAM,OAAO,GAAG,SAAS,EAAE,CAAC,QAAQ,CAAC;IACrC,MAAM,IAAI,GAAwB;QAChC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO;QACzC,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM;KACvC,CAAC;IACF,OAAO,YAAY,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AAC1C,CAAC"}
|
package/dist/store/history.d.ts
CHANGED
|
@@ -22,3 +22,12 @@ export declare function saveToolCall(sessionId: string, call: ToolCall, result:
|
|
|
22
22
|
export declare function listSessions(limit?: number): Promise<HistoryRecord[]>;
|
|
23
23
|
export declare function getSession(sessionId: string): Promise<HistoryRecord | undefined>;
|
|
24
24
|
export declare function getHistoryPath(): string;
|
|
25
|
+
/**
|
|
26
|
+
* Clear all stored history. Returns whether the operation succeeded.
|
|
27
|
+
* Used by the /privacy slash command and `clai privacy clear-history`.
|
|
28
|
+
*/
|
|
29
|
+
export declare function clearAllHistory(): Promise<{
|
|
30
|
+
cleared: boolean;
|
|
31
|
+
detail: string;
|
|
32
|
+
}>;
|
|
33
|
+
export declare function getJsonlHistoryPath(): string;
|
package/dist/store/history.js
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import { mkdir, appendFile, readFile } from "node:fs/promises";
|
|
1
|
+
import { mkdir, appendFile, readFile, rm, writeFile } from "node:fs/promises";
|
|
2
2
|
import { existsSync } from "node:fs";
|
|
3
3
|
import { join } from "node:path";
|
|
4
4
|
import { homedir } from "node:os";
|
|
5
5
|
import { redactSecrets } from "../llm/provider.js";
|
|
6
|
+
import { getConfig } from "./config.js";
|
|
6
7
|
const historyDir = join(homedir(), ".clai");
|
|
7
8
|
const dbFile = join(historyDir, "history.db");
|
|
8
9
|
const jsonlFile = join(historyDir, "history.jsonl");
|
|
@@ -69,6 +70,20 @@ function scrubMessages(messages) {
|
|
|
69
70
|
async function appendJsonl(record) {
|
|
70
71
|
await mkdir(historyDir, { recursive: true });
|
|
71
72
|
await appendFile(jsonlFile, `${JSON.stringify(record)}\n`, "utf8");
|
|
73
|
+
await enforceJsonlRetention();
|
|
74
|
+
}
|
|
75
|
+
async function enforceJsonlRetention() {
|
|
76
|
+
const limit = getConfig().historyRetentionLimit;
|
|
77
|
+
if (!limit || limit <= 0)
|
|
78
|
+
return;
|
|
79
|
+
if (!existsSync(jsonlFile))
|
|
80
|
+
return;
|
|
81
|
+
const raw = await readFile(jsonlFile, "utf8");
|
|
82
|
+
const lines = raw.split("\n").filter(Boolean);
|
|
83
|
+
if (lines.length <= limit)
|
|
84
|
+
return;
|
|
85
|
+
const trimmed = lines.slice(-limit).join("\n");
|
|
86
|
+
await writeFile(jsonlFile, `${trimmed}\n`, { mode: 0o600 });
|
|
72
87
|
}
|
|
73
88
|
export async function saveSession(messages, name) {
|
|
74
89
|
const now = new Date().toISOString();
|
|
@@ -80,15 +95,27 @@ export async function saveSession(messages, name) {
|
|
|
80
95
|
cwd: process.cwd(),
|
|
81
96
|
messages: scrubMessages(messages),
|
|
82
97
|
};
|
|
98
|
+
// Private mode: never persist chat content. Caller still gets a record
|
|
99
|
+
// back (so /save echoes a usable id) but nothing hits disk.
|
|
100
|
+
if (getConfig().privateMode) {
|
|
101
|
+
return record;
|
|
102
|
+
}
|
|
83
103
|
const db = await loadDatabase();
|
|
84
104
|
if (db) {
|
|
85
105
|
db.prepare("INSERT INTO sessions (id, name, created_at, updated_at, cwd, messages_json) VALUES (?, ?, ?, ?, ?, ?)").run(record.id, record.name ?? null, record.createdAt, record.updatedAt, record.cwd, JSON.stringify(record.messages));
|
|
106
|
+
await enforceSqliteRetention(db);
|
|
86
107
|
}
|
|
87
108
|
else {
|
|
88
109
|
await appendJsonl(record);
|
|
89
110
|
}
|
|
90
111
|
return record;
|
|
91
112
|
}
|
|
113
|
+
async function enforceSqliteRetention(db) {
|
|
114
|
+
const limit = getConfig().historyRetentionLimit;
|
|
115
|
+
if (!limit || limit <= 0)
|
|
116
|
+
return;
|
|
117
|
+
db.exec(`DELETE FROM sessions WHERE id NOT IN (SELECT id FROM sessions ORDER BY updated_at DESC LIMIT ${Math.floor(limit)});`);
|
|
118
|
+
}
|
|
92
119
|
export async function saveToolCall(sessionId, call, result) {
|
|
93
120
|
const record = {
|
|
94
121
|
id: newId(),
|
|
@@ -150,4 +177,34 @@ export async function getSession(sessionId) {
|
|
|
150
177
|
export function getHistoryPath() {
|
|
151
178
|
return sqliteUnavailable ? jsonlFile : dbFile;
|
|
152
179
|
}
|
|
180
|
+
/**
|
|
181
|
+
* Clear all stored history. Returns whether the operation succeeded.
|
|
182
|
+
* Used by the /privacy slash command and `clai privacy clear-history`.
|
|
183
|
+
*/
|
|
184
|
+
export async function clearAllHistory() {
|
|
185
|
+
let detail = "";
|
|
186
|
+
try {
|
|
187
|
+
const db = await loadDatabase();
|
|
188
|
+
if (db) {
|
|
189
|
+
db.exec("DELETE FROM sessions; DELETE FROM tool_calls;");
|
|
190
|
+
detail += "sqlite cleared; ";
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
catch (error) {
|
|
194
|
+
detail += `sqlite error: ${error instanceof Error ? error.message : String(error)}; `;
|
|
195
|
+
}
|
|
196
|
+
if (existsSync(jsonlFile)) {
|
|
197
|
+
try {
|
|
198
|
+
await rm(jsonlFile, { force: true });
|
|
199
|
+
detail += "jsonl removed";
|
|
200
|
+
}
|
|
201
|
+
catch (error) {
|
|
202
|
+
detail += `jsonl error: ${error instanceof Error ? error.message : String(error)}`;
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
return { cleared: true, detail: detail.trim() };
|
|
206
|
+
}
|
|
207
|
+
export function getJsonlHistoryPath() {
|
|
208
|
+
return jsonlFile;
|
|
209
|
+
}
|
|
153
210
|
//# sourceMappingURL=history.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"history.js","sourceRoot":"","sources":["../../src/store/history.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"history.js","sourceRoot":"","sources":["../../src/store/history.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;AAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;AACpD,yEAAyE;AACzE,0EAA0E;AAC1E,uEAAuE;AACvE,uEAAuE;AACvE,iEAAiE;AACjE,oEAAoE;AACpE,uEAAuE;AACvE,qDAAqD;AACrD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;AAmC1C,IAAI,QAAkC,CAAC;AACvC,IAAI,iBAAiB,GAAG,KAAK,CAAC;AAE9B,KAAK,UAAU,YAAY;IACzB,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,IAAI,iBAAiB;QAAE,OAAO,SAAS,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAEhC,CAAC;QACjB,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC;QAC1C,QAAQ,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;KAsBb,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB,GAAG,IAAI,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,KAAK;IACZ,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,aAAa,CAAC,QAAuB;IAC5C,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAChC,GAAG,OAAO;QACV,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC;KACxC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,MAAqB;IAC9C,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,UAAU,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACnE,MAAM,qBAAqB,EAAE,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,qBAAqB;IAClC,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC,qBAAqB,CAAC;IAChD,IAAI,CAAC,KAAK,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO;IACjC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO;IACnC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK;QAAE,OAAO;IAClC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,SAAS,CAAC,SAAS,EAAE,GAAG,OAAO,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAuB,EACvB,IAAyB;IAEzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,MAAM,GAAkB;QAC5B,EAAE,EAAE,KAAK,EAAE;QACX,IAAI;QACJ,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;QAClB,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC;KAClC,CAAC;IAEF,uEAAuE;IACvE,4DAA4D;IAC5D,IAAI,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,IAAI,EAAE,EAAE,CAAC;QACP,EAAE,CAAC,OAAO,CACR,uGAAuG,CACxG,CAAC,GAAG,CACH,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,IAAI,IAAI,IAAI,EACnB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,GAAG,EACV,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAChC,CAAC;QACF,MAAM,sBAAsB,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,EAAgB;IACpD,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC,qBAAqB,CAAC;IAChD,IAAI,CAAC,KAAK,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO;IACjC,EAAE,CAAC,IAAI,CACL,gGAAgG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CACtH,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,SAAiB,EACjB,IAAc,EACd,MAAkB;IAElB,MAAM,MAAM,GAAmB;QAC7B,EAAE,EAAE,KAAK,EAAE;QACX,SAAS;QACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC;KACrC,CAAC;IACF,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,IAAI,EAAE,EAAE,CAAC;QACP,EAAE,CAAC,OAAO,CACR,6HAA6H,CAC9H,CAAC,GAAG,CACH,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAC3B,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACjB,MAAM,CAAC,QAAQ,IAAI,IAAI,EACvB,MAAM,CAAC,MAAM,CACd,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,MAAM,IAAI,GAAG,GAOZ,CAAC;IACF,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,SAAS;QAC5B,SAAS,EAAE,IAAI,CAAC,UAAU;QAC1B,SAAS,EAAE,IAAI,CAAC,UAAU;QAC1B,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAkB;KAC1D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,KAAa;IAC5C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC9C,OAAO,GAAG;SACP,KAAK,CAAC,IAAI,CAAC;SACX,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkB,CAAC;SAChD,KAAK,CAAC,CAAC,KAAK,CAAC;SACb,OAAO,EAAE,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAK,GAAG,EAAE;IAC3C,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,IAAI,CAAC,EAAE;QAAE,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,EAAE;SACZ,OAAO,CACN,4GAA4G,CAC7G;SACA,GAAG,CAAC,KAAK,CAAC,CAAC;IACd,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,SAAiB;IAEjB,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAChC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,CAAC,MAAM,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAC5D,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,CACtC,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,EAAE;SACX,OAAO,CACN,wFAAwF,CACzF;SACA,GAAG,CAAC,SAAS,CAAC,CAAC;IAClB,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IAInC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAChC,IAAI,EAAE,EAAE,CAAC;YACP,EAAE,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YACzD,MAAM,IAAI,kBAAkB,CAAC;QAC/B,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,iBAAiB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC;IACxF,CAAC;IACD,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,SAAS,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACrC,MAAM,IAAI,eAAe,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,gBAAgB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACrF,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
package/dist/store/keys.d.ts
CHANGED
|
@@ -17,7 +17,8 @@ export type KeychainStatus = {
|
|
|
17
17
|
/**
|
|
18
18
|
* Probes the OS keychain by performing a harmless read against a marker
|
|
19
19
|
* service. Used by `clai doctor` so users can tell at a glance whether
|
|
20
|
-
* secrets land in the OS store or the
|
|
20
|
+
* secrets land in the OS store or the restricted-permission plaintext
|
|
21
|
+
* fallback file at ~/.clai/keys.json.
|
|
21
22
|
*/
|
|
22
23
|
export declare function probeKeychain(): Promise<KeychainStatus>;
|
|
23
24
|
export declare function listProviderStatuses(activeProvider: ProviderId): Promise<ProviderStatus[]>;
|
package/dist/store/keys.js
CHANGED
|
@@ -9,7 +9,10 @@ const serviceName = 'clai';
|
|
|
9
9
|
// `@napi-rs/keyring` ships prebuilt napi binaries (no node-gyp / prebuild-install)
|
|
10
10
|
// and exposes a keytar-compatible API at the `/keytar` subpath. We dynamically
|
|
11
11
|
// import it so the CLI keeps working when the optional native binding is
|
|
12
|
-
// missing on a platform — falling back to
|
|
12
|
+
// missing on a platform — falling back to a *restricted-permission plaintext*
|
|
13
|
+
// JSON file (mode 0600) at ~/.clai/keys.json. Despite older docs, this fallback
|
|
14
|
+
// is NOT encrypted; it is plaintext that the OS protects with file permissions.
|
|
15
|
+
// The agent is also blocked from reading that path (see safety/patterns.ts).
|
|
13
16
|
const keychainModuleName = '@napi-rs/keyring/keytar.js';
|
|
14
17
|
const keysFile = join(homedir(), '.clai', 'keys.json');
|
|
15
18
|
let cachedKeytar;
|
|
@@ -19,7 +22,7 @@ let keytarLoadAttempted = false;
|
|
|
19
22
|
// (libsecret/DBus on Linux, Windows Credential Manager) is unreachable.
|
|
20
23
|
// In that case the first call fails — we record it and stop trying
|
|
21
24
|
// for the rest of the process so every read/write/delete falls back
|
|
22
|
-
// to the
|
|
25
|
+
// to the restricted-permission plaintext JSON file silently.
|
|
23
26
|
let keychainRuntimeUnavailable = false;
|
|
24
27
|
let keychainRuntimeWarned = false;
|
|
25
28
|
async function loadKeytar() {
|
|
@@ -50,7 +53,7 @@ function noteKeychainRuntimeFailure(error) {
|
|
|
50
53
|
if (!keychainRuntimeWarned) {
|
|
51
54
|
keychainRuntimeWarned = true;
|
|
52
55
|
const message = error instanceof Error ? error.message : String(error);
|
|
53
|
-
process.stderr.write(`clai: OS keychain unavailable (${message.split('\n')[0]}); using
|
|
56
|
+
process.stderr.write(`clai: OS keychain unavailable (${message.split('\n')[0]}); using restricted-permission plaintext file at ${keysFile}\n`);
|
|
54
57
|
}
|
|
55
58
|
}
|
|
56
59
|
async function withKeytar(fn) {
|
|
@@ -141,7 +144,8 @@ export async function unsetProviderSecret(provider) {
|
|
|
141
144
|
/**
|
|
142
145
|
* Probes the OS keychain by performing a harmless read against a marker
|
|
143
146
|
* service. Used by `clai doctor` so users can tell at a glance whether
|
|
144
|
-
* secrets land in the OS store or the
|
|
147
|
+
* secrets land in the OS store or the restricted-permission plaintext
|
|
148
|
+
* fallback file at ~/.clai/keys.json.
|
|
145
149
|
*/
|
|
146
150
|
export async function probeKeychain() {
|
|
147
151
|
const keytar = await loadKeytar();
|
package/dist/store/keys.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/store/keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC3B,mFAAmF;AACnF,+EAA+E;AAC/E,yEAAyE;AACzE,
|
|
1
|
+
{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/store/keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC3B,mFAAmF;AACnF,+EAA+E;AAC/E,yEAAyE;AACzE,8EAA8E;AAC9E,gFAAgF;AAChF,gFAAgF;AAChF,6EAA6E;AAC7E,MAAM,kBAAkB,GAAG,4BAA4B,CAAC;AACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;AAUvD,IAAI,YAAoC,CAAC;AACzC,IAAI,mBAAmB,GAAG,KAAK,CAAC;AAChC,sEAAsE;AACtE,sEAAsE;AACtE,wEAAwE;AACxE,mEAAmE;AACnE,oEAAoE;AACpE,6DAA6D;AAC7D,IAAI,0BAA0B,GAAG,KAAK,CAAC;AACvC,IAAI,qBAAqB,GAAG,KAAK,CAAC;AAElC,KAAK,UAAU,UAAU;IACvB,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IACtC,IAAI,mBAAmB;QAAE,OAAO,YAAY,CAAC;IAC7C,mBAAmB,GAAG,IAAI,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAA0C,CAAC;QAC7F,YAAY,GAAG,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC;QAC5C,OAAO,YAAY,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,uEAAuE;IACvE,mEAAmE;IACnE,oEAAoE;IACpE,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,2KAA2K,CAAC,IAAI,CACrL,OAAO,CACR,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,IAAI,sBAAsB,CAAC,KAAK,CAAC;QAAE,0BAA0B,GAAG,IAAI,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,qBAAqB,GAAG,IAAI,CAAC;QAC7B,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kCAAkC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,oDAAoD,QAAQ,IAAI,CACzH,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,EAAsC;IAEtC,IAAI,0BAA0B;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAClC,IAAI,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;IAC/C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,0BAA0B,CAAC,KAAK,CAAC,CAAC;QAClC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACvB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;AACzC,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,IAAkB;IAC7C,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,QAAoB;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAoB;IAC1D,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/B,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IACzE,CAAC;IAED,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,CAAC,MAAM,EAAE,EAAE,CACjD,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,CAAC,CAC1C,CAAC;IACF,IAAI,cAAc,CAAC,EAAE,IAAI,cAAc,CAAC,KAAK,EAAE,CAAC;QAC9C,OAAO,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IAC7D,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAoB,EAAE,MAAc;IAC1E,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,CAAC,MAAM,EAAE,EAAE,CACjD,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,CAClD,CAAC;IACF,IAAI,cAAc,CAAC,EAAE;QAAE,OAAO,UAAU,CAAC;IAEzC,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,QAAQ,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;IAC5B,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC9B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,QAAoB;IAC5D,qEAAqE;IACrE,6DAA6D;IAC7D,MAAM,UAAU,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE3E,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;QACtC,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC1B,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC;AAMD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACnE,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QACxD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,IAAI,sBAAsB,CAAC,KAAK,CAAC;YAAE,0BAA0B,GAAG,IAAI,CAAC;QACrE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,cAA0B;IACnE,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,QAAQ,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ;YACR,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,QAAQ,KAAK,cAAc;YACnC,UAAU;YACV,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YAChD,SAAS,EAAE,MAAM,CAAC,KAAK,IAAI,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;YACvF,KAAK,EAAE,eAAe,CAAC,QAAQ,CAAC;YAChC,IAAI,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACvD,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
package/dist/store/logs.d.ts
CHANGED
|
@@ -1,2 +1,9 @@
|
|
|
1
1
|
export declare function getLogPath(): string;
|
|
2
2
|
export declare function auditLog(event: string, payload?: unknown): Promise<void>;
|
|
3
|
+
export declare function clearAuditLogs(): Promise<{
|
|
4
|
+
removed: number;
|
|
5
|
+
}>;
|
|
6
|
+
export declare function getLogsDir(): string;
|
|
7
|
+
export declare function clearArtifacts(): Promise<{
|
|
8
|
+
removed: number;
|
|
9
|
+
}>;
|
package/dist/store/logs.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { mkdir, readdir, rename, stat, appendFile } from 'node:fs/promises';
|
|
1
|
+
import { mkdir, readdir, rename, stat, appendFile, rm } from 'node:fs/promises';
|
|
2
2
|
import { existsSync } from 'node:fs';
|
|
3
3
|
import { join } from 'node:path';
|
|
4
4
|
import { homedir } from 'node:os';
|
|
@@ -28,4 +28,42 @@ export async function auditLog(event, payload = {}) {
|
|
|
28
28
|
const entry = redactSecrets(JSON.stringify({ at: new Date().toISOString(), event, payload }));
|
|
29
29
|
await appendFile(path, `${entry}\n`, 'utf8');
|
|
30
30
|
}
|
|
31
|
+
export async function clearAuditLogs() {
|
|
32
|
+
if (!existsSync(logsDir))
|
|
33
|
+
return { removed: 0 };
|
|
34
|
+
const entries = await readdir(logsDir).catch(() => []);
|
|
35
|
+
let removed = 0;
|
|
36
|
+
for (const entry of entries) {
|
|
37
|
+
if (!entry.startsWith('clai-'))
|
|
38
|
+
continue;
|
|
39
|
+
try {
|
|
40
|
+
await rm(join(logsDir, entry), { force: true });
|
|
41
|
+
removed += 1;
|
|
42
|
+
}
|
|
43
|
+
catch {
|
|
44
|
+
// best-effort: keep going
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
return { removed };
|
|
48
|
+
}
|
|
49
|
+
export function getLogsDir() {
|
|
50
|
+
return logsDir;
|
|
51
|
+
}
|
|
52
|
+
export async function clearArtifacts() {
|
|
53
|
+
const dir = join(homedir(), '.clai', 'outputs');
|
|
54
|
+
if (!existsSync(dir))
|
|
55
|
+
return { removed: 0 };
|
|
56
|
+
const entries = await readdir(dir).catch(() => []);
|
|
57
|
+
let removed = 0;
|
|
58
|
+
for (const entry of entries) {
|
|
59
|
+
try {
|
|
60
|
+
await rm(join(dir, entry), { force: true, recursive: true });
|
|
61
|
+
removed += 1;
|
|
62
|
+
}
|
|
63
|
+
catch {
|
|
64
|
+
// best-effort
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
return { removed };
|
|
68
|
+
}
|
|
31
69
|
//# sourceMappingURL=logs.js.map
|
package/dist/store/logs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logs.js","sourceRoot":"","sources":["../../src/store/logs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"logs.js","sourceRoot":"","sources":["../../src/store/logs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;AACjD,MAAM,WAAW,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAErC,SAAS,KAAK;IACZ,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO,IAAI,CAAC,OAAO,EAAE,QAAQ,KAAK,EAAE,MAAM,CAAC,CAAC;AAC9C,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,IAAY;IACxC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO;IAC9B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAI,IAAI,CAAC,IAAI,GAAG,WAAW;QAAE,OAAO;IACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5F,MAAM,MAAM,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,KAAa,EAAE,UAAmB,EAAE;IACjE,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;IAC1B,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAC9F,MAAM,UAAU,CAAC,IAAI,EAAE,GAAG,KAAK,IAAI,EAAE,MAAM,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;IAChD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IACvD,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,SAAS;QACzC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAChD,OAAO,IAAI,CAAC,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAChD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IACnD,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC"}
|
package/dist/store/project.d.ts
CHANGED