@pentoshi/clai 0.5.9 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -9
- package/dist/agent/runner.js +120 -65
- package/dist/agent/runner.js.map +1 -1
- package/dist/commands/doctor.js +1 -1
- package/dist/commands/doctor.js.map +1 -1
- package/dist/commands/update.js +1 -1
- package/dist/context/manager.d.ts +4 -0
- package/dist/context/manager.js +48 -0
- package/dist/context/manager.js.map +1 -0
- package/dist/llm/http.js +11 -1
- package/dist/llm/http.js.map +1 -1
- package/dist/llm/router.js +23 -8
- package/dist/llm/router.js.map +1 -1
- package/dist/modes/ask.js +4 -3
- package/dist/modes/ask.js.map +1 -1
- package/dist/prompts/index.js +6 -0
- package/dist/prompts/index.js.map +1 -1
- package/dist/repl.js +89 -2
- package/dist/repl.js.map +1 -1
- package/dist/safety/classifier.js +76 -7
- package/dist/safety/classifier.js.map +1 -1
- package/dist/safety/patterns.js +6 -23
- package/dist/safety/patterns.js.map +1 -1
- package/dist/store/config.d.ts +2 -0
- package/dist/store/config.js +2 -0
- package/dist/store/config.js.map +1 -1
- package/dist/store/keys.js +2 -2
- package/dist/store/keys.js.map +1 -1
- package/dist/store/project.js +3 -1
- package/dist/store/project.js.map +1 -1
- package/dist/tools/artifacts.d.ts +9 -0
- package/dist/tools/artifacts.js +38 -0
- package/dist/tools/artifacts.js.map +1 -0
- package/dist/tools/fs.js +94 -28
- package/dist/tools/fs.js.map +1 -1
- package/dist/tools/http.d.ts +1 -0
- package/dist/tools/http.js +34 -4
- package/dist/tools/http.js.map +1 -1
- package/dist/tools/registry.js +51 -14
- package/dist/tools/registry.js.map +1 -1
- package/dist/tools/shell.d.ts +4 -0
- package/dist/tools/shell.js +96 -9
- package/dist/tools/shell.js.map +1 -1
- package/dist/types.d.ts +16 -0
- package/dist/ui/tool-output.d.ts +18 -0
- package/dist/ui/tool-output.js +135 -0
- package/dist/ui/tool-output.js.map +1 -0
- package/package.json +1 -1
|
@@ -31,9 +31,50 @@ export function isPrivateIpv4(value) {
|
|
|
31
31
|
function commandContainsNetworkScanner(command) {
|
|
32
32
|
return networkScanTools.some((tool) => new RegExp(`(^|\\s)${tool}(\\s|$)`, "i").test(command));
|
|
33
33
|
}
|
|
34
|
+
function isPrivateTarget(value) {
|
|
35
|
+
const trimmed = value.trim().replace(/^https?:\/\//i, "");
|
|
36
|
+
const host = trimmed.split(/[/:?#]/)[0] ?? trimmed;
|
|
37
|
+
if (!host || host === "localhost" || host.endsWith(".localhost"))
|
|
38
|
+
return true;
|
|
39
|
+
if (host === "0.0.0.0")
|
|
40
|
+
return true;
|
|
41
|
+
return isPrivateIpv4(host);
|
|
42
|
+
}
|
|
43
|
+
function shellTokens(command) {
|
|
44
|
+
return command.match(/(?:[^\s"']+|"[^"]*"|'[^']*')+/g)?.map((token) => token.replace(/^["']|["']$/g, "")) ?? [];
|
|
45
|
+
}
|
|
46
|
+
function commandHasOwnershipFlag(command) {
|
|
47
|
+
return shellTokens(command).includes("--i-own-this");
|
|
48
|
+
}
|
|
49
|
+
function extractNetworkTargets(command) {
|
|
50
|
+
const targets = new Set();
|
|
51
|
+
for (const match of command.matchAll(/https?:\/\/[^\s"'`<>]+/gi)) {
|
|
52
|
+
targets.add(match[0]);
|
|
53
|
+
}
|
|
54
|
+
for (const match of command.matchAll(/\b(?:\d{1,3}\.){3}\d{1,3}(?:\/\d{1,2})?\b/g)) {
|
|
55
|
+
targets.add(match[0]);
|
|
56
|
+
}
|
|
57
|
+
for (const token of shellTokens(command)) {
|
|
58
|
+
if (token.startsWith("-") || token.includes("/") || token.includes("="))
|
|
59
|
+
continue;
|
|
60
|
+
if (/\.(?:txt|lst|list|json|xml|csv|log|html)$/i.test(token))
|
|
61
|
+
continue;
|
|
62
|
+
if (/^[A-Za-z0-9.-]+\.[A-Za-z]{2,}$/.test(token))
|
|
63
|
+
targets.add(token);
|
|
64
|
+
}
|
|
65
|
+
return [...targets];
|
|
66
|
+
}
|
|
34
67
|
function containsPublicTarget(command) {
|
|
35
|
-
const
|
|
36
|
-
|
|
68
|
+
const targets = extractNetworkTargets(command);
|
|
69
|
+
if (targets.length === 0)
|
|
70
|
+
return false;
|
|
71
|
+
return targets.some((target) => !isPrivateTarget(target));
|
|
72
|
+
}
|
|
73
|
+
function hasShellControlSyntax(command) {
|
|
74
|
+
return /(?:[;&|`<>]|\$\(|\${)/.test(command);
|
|
75
|
+
}
|
|
76
|
+
function referencesSecretPath(command) {
|
|
77
|
+
return /(?:^|\s)(?:~\/)?(?:\.ssh|\.gnupg|\.aws|\.kube|\.docker|\.env\b|id_rsa|id_ed25519|\.npmrc|\.pypirc|\.clai\/keys\.json)/i.test(command);
|
|
37
78
|
}
|
|
38
79
|
export function isPentestToolCall(call) {
|
|
39
80
|
if (call.name === "net.scan" || call.name === "pentest.recon")
|
|
@@ -51,6 +92,26 @@ export function classifyToolCall(call) {
|
|
|
51
92
|
return { level: "safe", reason: "Read-only operation" };
|
|
52
93
|
}
|
|
53
94
|
if (call.name === "http.fetch") {
|
|
95
|
+
const method = (stringArg(call.args, "method") ?? "GET").toUpperCase();
|
|
96
|
+
const url = stringArg(call.args, "url") ?? "";
|
|
97
|
+
if (method !== "GET" && method !== "HEAD") {
|
|
98
|
+
return {
|
|
99
|
+
level: "confirm",
|
|
100
|
+
reason: "Non-GET HTTP requests can mutate remote systems",
|
|
101
|
+
};
|
|
102
|
+
}
|
|
103
|
+
if (/169\.254\.169\.254|metadata\.google\.internal/i.test(url)) {
|
|
104
|
+
return {
|
|
105
|
+
level: "block",
|
|
106
|
+
reason: "Cloud metadata endpoints are blocked",
|
|
107
|
+
};
|
|
108
|
+
}
|
|
109
|
+
if (url && isPrivateTarget(url)) {
|
|
110
|
+
return {
|
|
111
|
+
level: "confirm",
|
|
112
|
+
reason: "Fetching local or private network URLs requires confirmation",
|
|
113
|
+
};
|
|
114
|
+
}
|
|
54
115
|
return {
|
|
55
116
|
level: "safe",
|
|
56
117
|
reason: "HTTP fetch is read-only with response size limits",
|
|
@@ -70,9 +131,15 @@ export function classifyToolCall(call) {
|
|
|
70
131
|
reason: "Command resembles secret or data exfiltration",
|
|
71
132
|
};
|
|
72
133
|
}
|
|
134
|
+
if (referencesSecretPath(command)) {
|
|
135
|
+
return {
|
|
136
|
+
level: "confirm",
|
|
137
|
+
reason: "Command references a path that may contain secrets",
|
|
138
|
+
};
|
|
139
|
+
}
|
|
73
140
|
if (commandContainsNetworkScanner(command) &&
|
|
74
141
|
containsPublicTarget(command) &&
|
|
75
|
-
!command
|
|
142
|
+
!commandHasOwnershipFlag(command)) {
|
|
76
143
|
return {
|
|
77
144
|
level: "block",
|
|
78
145
|
reason: "Public target scanning requires explicit --i-own-this authorization flag",
|
|
@@ -84,6 +151,9 @@ export function classifyToolCall(call) {
|
|
|
84
151
|
}
|
|
85
152
|
// Read-only / info commands are safe to auto-execute
|
|
86
153
|
const base = command.trim().split(/\s+/)[0]?.replace(/^.*\//, "") ?? "";
|
|
154
|
+
if (hasShellControlSyntax(command)) {
|
|
155
|
+
return { level: "confirm", reason: "Shell control syntax requires confirmation" };
|
|
156
|
+
}
|
|
87
157
|
if (readOnlyShellCommands.has(base)) {
|
|
88
158
|
return { level: "safe", reason: "Read-only command" };
|
|
89
159
|
}
|
|
@@ -92,10 +162,10 @@ export function classifyToolCall(call) {
|
|
|
92
162
|
if (call.name === "net.scan") {
|
|
93
163
|
const target = stringArg(call.args, "target") ?? "";
|
|
94
164
|
const ownsTarget = call.args.iOwnThis === true || call.args.own === true;
|
|
95
|
-
if (target && !
|
|
165
|
+
if (target && !isPrivateTarget(target) && !ownsTarget) {
|
|
96
166
|
return {
|
|
97
167
|
level: "block",
|
|
98
|
-
reason: "Public
|
|
168
|
+
reason: "Public target scan requires ownership confirmation",
|
|
99
169
|
};
|
|
100
170
|
}
|
|
101
171
|
return { level: "confirm", reason: "Network scans require confirmation" };
|
|
@@ -104,8 +174,7 @@ export function classifyToolCall(call) {
|
|
|
104
174
|
const target = stringArg(call.args, "target") ?? "";
|
|
105
175
|
const ownsTarget = call.args.iOwnThis === true || call.args.own === true;
|
|
106
176
|
if (target &&
|
|
107
|
-
|
|
108
|
-
!isPrivateIpv4(target) &&
|
|
177
|
+
!isPrivateTarget(target) &&
|
|
109
178
|
!ownsTarget) {
|
|
110
179
|
return {
|
|
111
180
|
level: "block",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"classifier.js","sourceRoot":"","sources":["../../src/safety/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAE3B,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAOvB,SAAS,SAAS,CAChB,IAA6B,EAC7B,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC/C,yEAAyE;IACzE,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,2DAA2D;QAC3D,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACtC,OAAO,KAAK,KAAK,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAC1G,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,6BAA6B,CAAC,OAAe;IACpD,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACpC,IAAI,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CACvD,CAAC;AACJ,CAAC;AAED,SAAS,
|
|
1
|
+
{"version":3,"file":"classifier.js","sourceRoot":"","sources":["../../src/safety/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAE3B,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAOvB,SAAS,SAAS,CAChB,IAA6B,EAC7B,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC/C,yEAAyE;IACzE,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,2DAA2D;QAC3D,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACtC,OAAO,KAAK,KAAK,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAC1G,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,6BAA6B,CAAC,OAAe;IACpD,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACpC,IAAI,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CACvD,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC;IACnD,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9E,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACpE,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAClC,IAAI,EAAE,CAAC;AACV,CAAC;AAED,SAAS,uBAAuB,CAAC,OAAe;IAC9C,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe;IAC5C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,4CAA4C,CAAC,EAAE,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,SAAS;QAClF,IAAI,4CAA4C,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,SAAS;QACvE,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe;IAC5C,OAAO,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,OAAO,wHAAwH,CAAC,IAAI,CAClI,OAAO,CACR,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;IACtD,OAAO,6BAA6B,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAc;IAC7C,IACE,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,WAAW,EACzB,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACvE,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,iDAAiD;aAC1D,CAAC;QACJ,CAAC;QACD,IAAI,gDAAgD,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/D,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,sCAAsC;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,8DAA8D;aACvE,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,mDAAmD;SAC5D,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,4CAA4C;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,+CAA+C;aACxD,CAAC;QACJ,CAAC;QACD,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,oDAAoD;aAC7D,CAAC;QACJ,CAAC;QACD,IACE,6BAA6B,CAAC,OAAO,CAAC;YACtC,oBAAoB,CAAC,OAAO,CAAC;YAC7B,CAAC,uBAAuB,CAAC,OAAO,CAAC,EACjC,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EACJ,0EAA0E;aAC7E,CAAC;QACJ,CAAC;QACD,8EAA8E;QAC9E,IAAI,6BAA6B,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;QAClF,CAAC;QACD,qDAAqD;QACrD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QACxE,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;QACpF,CAAC;QACD,IAAI,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACxD,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC;QACzE,IAAI,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACtD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,oDAAoD;aAC7D,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC;QACzE,IACE,MAAM;YACN,CAAC,eAAe,CAAC,MAAM,CAAC;YACxB,CAAC,UAAU,EACX,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,qDAAqD;aAC9D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EACJ,uEAAuE;SAC1E,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAC5D,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,0CAA0C;SACnD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;AAC5E,CAAC"}
|
package/dist/safety/patterns.js
CHANGED
|
@@ -19,29 +19,12 @@ export const exfiltrationPatterns = [
|
|
|
19
19
|
export const networkScanTools = ['nmap', 'masscan', 'nikto', 'sqlmap', 'gobuster', 'ffuf', 'hydra', 'dirb', 'wfuzz', 'nuclei'];
|
|
20
20
|
/** Read-only commands that are safe to auto-execute without user confirmation */
|
|
21
21
|
export const readOnlyShellCommands = new Set([
|
|
22
|
-
// system info
|
|
23
22
|
'whoami', 'hostname', 'uname', 'uptime', 'date', 'id', 'arch', 'sw_vers',
|
|
24
|
-
'
|
|
25
|
-
'
|
|
26
|
-
|
|
27
|
-
'
|
|
28
|
-
'
|
|
29
|
-
'
|
|
30
|
-
// networking info
|
|
31
|
-
'ifconfig', 'ipconfig', 'ip', 'ping', 'traceroute', 'tracert', 'dig',
|
|
32
|
-
'nslookup', 'host', 'whois', 'curl', 'wget', 'netstat', 'ss', 'route',
|
|
33
|
-
'arp', 'iwconfig', 'nmcli',
|
|
34
|
-
// process info
|
|
35
|
-
'ps', 'top', 'htop', 'pgrep', 'lscpu', 'free', 'vmstat', 'iostat',
|
|
36
|
-
// text processing
|
|
37
|
-
'echo', 'printf', 'grep', 'egrep', 'fgrep', 'rg', 'ag', 'awk', 'sed',
|
|
38
|
-
'sort', 'uniq', 'cut', 'tr', 'diff', 'comm', 'tee', 'xargs', 'jq',
|
|
39
|
-
// git (read-only)
|
|
40
|
-
'git',
|
|
41
|
-
// package query
|
|
42
|
-
'dpkg', 'rpm', 'brew', 'pip', 'npm', 'node', 'python', 'python3', 'ruby',
|
|
43
|
-
// recon / scanning (pentest auth covers ethics — classified separately)
|
|
44
|
-
'whatweb', 'wpscan',
|
|
45
|
-
'sublist3r', 'amass', 'subfinder', 'httpx', 'nuclei',
|
|
23
|
+
'pwd', 'true', 'false', 'basename', 'dirname',
|
|
24
|
+
'ls', 'dir', 'head', 'wc', 'file', 'stat',
|
|
25
|
+
'which', 'where', 'whereis', 'type', 'readlink', 'realpath',
|
|
26
|
+
'df', 'lsof', 'md5', 'md5sum', 'sha256sum', 'shasum',
|
|
27
|
+
'ifconfig', 'ipconfig', 'netstat', 'ss', 'route', 'arp',
|
|
28
|
+
'ps', 'pgrep', 'lscpu', 'free', 'vmstat', 'iostat',
|
|
46
29
|
]);
|
|
47
30
|
//# sourceMappingURL=patterns.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/safety/patterns.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,sBAAsB;IACtB,uBAAuB;IACvB,qCAAqC;IACrC,oBAAoB;IACpB,2BAA2B;IAC3B,4BAA4B;IAC5B,+BAA+B;IAC/B,kCAAkC;CACnC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,mBAAmB;IACnB,mBAAmB;IACnB,gCAAgC;IAChC,6BAA6B;IAC7B,6CAA6C;IAC7C,iCAAiC;CAClC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;AAE/H,iFAAiF;AACjF,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IAC3C,
|
|
1
|
+
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/safety/patterns.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,sBAAsB;IACtB,uBAAuB;IACvB,qCAAqC;IACrC,oBAAoB;IACpB,2BAA2B;IAC3B,4BAA4B;IAC5B,+BAA+B;IAC/B,kCAAkC;CACnC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,mBAAmB;IACnB,mBAAmB;IACnB,gCAAgC;IAChC,6BAA6B;IAC7B,6CAA6C;IAC7C,iCAAiC;CAClC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;AAE/H,iFAAiF;AACjF,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IAC3C,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS;IACxE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS;IAC7C,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM;IACzC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;IAC3D,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ;IACpD,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK;IACvD,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;CACnD,CAAC,CAAC"}
|
package/dist/store/config.d.ts
CHANGED
package/dist/store/config.js
CHANGED
package/dist/store/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/store/config.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/store/config.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAkBnD,MAAM,QAAQ,GAAe;IAC3B,eAAe,EAAE,QAAQ;IACzB,YAAY,EAAE,aAAa,CAAC,MAAM;IAClC,WAAW,EAAE,KAAK;IAClB,cAAc,EAAE,EAAE;IAClB,gBAAgB,EAAE,EAAE;IACpB,iBAAiB,EAAE,KAAK;IACxB,YAAY,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAC7B,UAAU,EAAE,wBAAwB;IACpC,SAAS,EAAE,KAAK;IAChB,eAAe,EAAE,KAAK;IACtB,QAAQ,EAAE,IAAI;IACd,eAAe,EAAE,CAAC;IAClB,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE;CAC/C,CAAC;AAEF,MAAM,KAAK,GAAG,IAAI,IAAI,CAAa;IACjC,WAAW,EAAE,MAAM;IACnB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5E,QAAQ;CACT,CAAC,CAAC;AAEH,MAAM,UAAU,SAAS;IACvB,OAAO,KAAK,CAAC,KAAK,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAA0B;IACrD,MAAM,IAAI,GAAG,EAAE,GAAG,SAAS,EAAE,EAAE,GAAG,KAAK,EAAuB,CAAC;IAC/D,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;IACnB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAoB;IACrD,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO,YAAY,CAAC,EAAE,eAAe,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAAU;IACvC,OAAO,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAoB,EAAE,KAAa;IAClE,MAAM,OAAO,GAAG,SAAS,EAAE,CAAC;IAC5B,MAAM,cAAc,GAAG,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC;IACxE,OAAO,YAAY,CAAC,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAoB;IACnD,MAAM,UAAU,GAAG,SAAS,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,OAAO,UAAU,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,KAAK,CAAC,IAAI,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAmC;IAC7D,MAAM,OAAO,GAAG,SAAS,EAAE,CAAC,QAAQ,CAAC;IACrC,MAAM,IAAI,GAAwB;QAChC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO;QACzC,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM;KACvC,CAAC;IACF,OAAO,YAAY,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AAC1C,CAAC"}
|
package/dist/store/keys.js
CHANGED
|
@@ -9,7 +9,7 @@ const serviceName = 'clai';
|
|
|
9
9
|
// `@napi-rs/keyring` ships prebuilt napi binaries (no node-gyp / prebuild-install)
|
|
10
10
|
// and exposes a keytar-compatible API at the `/keytar` subpath. We dynamically
|
|
11
11
|
// import it so the CLI keeps working when the optional native binding is
|
|
12
|
-
// missing on a platform — falling back to
|
|
12
|
+
// missing on a platform — falling back to a restricted-permission JSON file.
|
|
13
13
|
const keychainModuleName = '@napi-rs/keyring/keytar.js';
|
|
14
14
|
const keysFile = join(homedir(), '.clai', 'keys.json');
|
|
15
15
|
let cachedKeytar;
|
|
@@ -50,7 +50,7 @@ function noteKeychainRuntimeFailure(error) {
|
|
|
50
50
|
if (!keychainRuntimeWarned) {
|
|
51
51
|
keychainRuntimeWarned = true;
|
|
52
52
|
const message = error instanceof Error ? error.message : String(error);
|
|
53
|
-
process.stderr.write(`clai: OS keychain unavailable (${message.split('\n')[0]}); using
|
|
53
|
+
process.stderr.write(`clai: OS keychain unavailable (${message.split('\n')[0]}); using restricted-permission plaintext file at ${keysFile}\n`);
|
|
54
54
|
}
|
|
55
55
|
}
|
|
56
56
|
async function withKeytar(fn) {
|
package/dist/store/keys.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/store/keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC3B,mFAAmF;AACnF,+EAA+E;AAC/E,yEAAyE;AACzE,
|
|
1
|
+
{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/store/keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,WAAW,GAAG,MAAM,CAAC;AAC3B,mFAAmF;AACnF,+EAA+E;AAC/E,yEAAyE;AACzE,6EAA6E;AAC7E,MAAM,kBAAkB,GAAG,4BAA4B,CAAC;AACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;AAUvD,IAAI,YAAoC,CAAC;AACzC,IAAI,mBAAmB,GAAG,KAAK,CAAC;AAChC,sEAAsE;AACtE,sEAAsE;AACtE,wEAAwE;AACxE,mEAAmE;AACnE,oEAAoE;AACpE,uCAAuC;AACvC,IAAI,0BAA0B,GAAG,KAAK,CAAC;AACvC,IAAI,qBAAqB,GAAG,KAAK,CAAC;AAElC,KAAK,UAAU,UAAU;IACvB,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IACtC,IAAI,mBAAmB;QAAE,OAAO,YAAY,CAAC;IAC7C,mBAAmB,GAAG,IAAI,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAA0C,CAAC;QAC7F,YAAY,GAAG,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC;QAC5C,OAAO,YAAY,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,uEAAuE;IACvE,mEAAmE;IACnE,oEAAoE;IACpE,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,2KAA2K,CAAC,IAAI,CACrL,OAAO,CACR,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,KAAc;IAChD,IAAI,sBAAsB,CAAC,KAAK,CAAC;QAAE,0BAA0B,GAAG,IAAI,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,qBAAqB,GAAG,IAAI,CAAC;QAC7B,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kCAAkC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,oDAAoD,QAAQ,IAAI,CACzH,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,EAAsC;IAEtC,IAAI,0BAA0B;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAClC,IAAI,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;IAC/C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,0BAA0B,CAAC,KAAK,CAAC,CAAC;QAClC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACvB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;AACzC,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,IAAkB;IAC7C,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,QAAoB;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAoB;IAC1D,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/B,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IACzE,CAAC;IAED,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,CAAC,MAAM,EAAE,EAAE,CACjD,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,CAAC,CAC1C,CAAC;IACF,IAAI,cAAc,CAAC,EAAE,IAAI,cAAc,CAAC,KAAK,EAAE,CAAC;QAC9C,OAAO,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IAC7D,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAoB,EAAE,MAAc;IAC1E,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,CAAC,MAAM,EAAE,EAAE,CACjD,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,CAClD,CAAC;IACF,IAAI,cAAc,CAAC,EAAE;QAAE,OAAO,UAAU,CAAC;IAEzC,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,QAAQ,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;IAC5B,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC9B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,QAAoB;IAC5D,qEAAqE;IACrE,6DAA6D;IAC7D,MAAM,UAAU,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE3E,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;QACtC,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC1B,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC;AAMD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACnE,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QACxD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,IAAI,sBAAsB,CAAC,KAAK,CAAC;YAAE,0BAA0B,GAAG,IAAI,CAAC;QACrE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,cAA0B;IACnE,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,QAAQ,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ;YACR,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,QAAQ,KAAK,cAAc;YACnC,UAAU;YACV,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YAChD,SAAS,EAAE,MAAM,CAAC,KAAK,IAAI,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;YACvF,KAAK,EAAE,eAAe,CAAC,QAAQ,CAAC;YAChC,IAAI,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACvD,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
package/dist/store/project.js
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
import { existsSync } from 'node:fs';
|
|
2
2
|
import { readFile } from 'node:fs/promises';
|
|
3
3
|
import { join } from 'node:path';
|
|
4
|
+
import { limitProjectContext } from '../context/manager.js';
|
|
4
5
|
export async function loadProjectContext() {
|
|
5
6
|
const contextFile = join(process.cwd(), '.clai', 'context.md');
|
|
6
7
|
if (!existsSync(contextFile))
|
|
7
8
|
return undefined;
|
|
8
9
|
const content = await readFile(contextFile, 'utf8');
|
|
9
|
-
|
|
10
|
+
const trimmed = content.trim();
|
|
11
|
+
return trimmed.length > 0 ? limitProjectContext(trimmed) : undefined;
|
|
10
12
|
}
|
|
11
13
|
export function getProjectContextPath() {
|
|
12
14
|
return join(process.cwd(), '.clai', 'context.md');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"project.js","sourceRoot":"","sources":["../../src/store/project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"project.js","sourceRoot":"","sources":["../../src/store/project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IAC/D,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,SAAS,CAAC;IAC/C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;AACpD,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { Writable } from "node:stream";
|
|
2
|
+
export declare function safeArtifactName(name: string): string;
|
|
3
|
+
export declare function newArtifactPath(name: string, extension?: string): string;
|
|
4
|
+
export declare function writeArtifact(name: string, output: string, extension?: string): Promise<string>;
|
|
5
|
+
export declare function createArtifactStream(name: string, extension?: string): {
|
|
6
|
+
path: string;
|
|
7
|
+
stream: Writable;
|
|
8
|
+
remove: () => void;
|
|
9
|
+
};
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { createWriteStream, mkdirSync, rmSync } from "node:fs";
|
|
2
|
+
import { mkdir, writeFile } from "node:fs/promises";
|
|
3
|
+
import { homedir } from "node:os";
|
|
4
|
+
import { dirname, join } from "node:path";
|
|
5
|
+
const outputsDir = join(homedir(), ".clai", "outputs");
|
|
6
|
+
function stamp() {
|
|
7
|
+
return new Date().toISOString().replace(/[:.]/g, "-");
|
|
8
|
+
}
|
|
9
|
+
export function safeArtifactName(name) {
|
|
10
|
+
return name.replace(/[^a-z0-9_.-]+/gi, "-").replace(/^-+|-+$/g, "") || "tool-output";
|
|
11
|
+
}
|
|
12
|
+
export function newArtifactPath(name, extension = "txt") {
|
|
13
|
+
return join(outputsDir, `${stamp()}-${safeArtifactName(name)}.${extension}`);
|
|
14
|
+
}
|
|
15
|
+
export async function writeArtifact(name, output, extension = "txt") {
|
|
16
|
+
const path = newArtifactPath(name, extension);
|
|
17
|
+
await mkdir(dirname(path), { recursive: true });
|
|
18
|
+
await writeFile(path, `${output}\n`, "utf8");
|
|
19
|
+
return path;
|
|
20
|
+
}
|
|
21
|
+
export function createArtifactStream(name, extension = "txt") {
|
|
22
|
+
const path = newArtifactPath(name, extension);
|
|
23
|
+
mkdirSync(dirname(path), { recursive: true });
|
|
24
|
+
const stream = createWriteStream(path, { encoding: "utf8", mode: 0o600 });
|
|
25
|
+
return {
|
|
26
|
+
path,
|
|
27
|
+
stream,
|
|
28
|
+
remove: () => {
|
|
29
|
+
try {
|
|
30
|
+
rmSync(path, { force: true });
|
|
31
|
+
}
|
|
32
|
+
catch {
|
|
33
|
+
// Best-effort cleanup.
|
|
34
|
+
}
|
|
35
|
+
},
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
//# sourceMappingURL=artifacts.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"artifacts.js","sourceRoot":"","sources":["../../src/tools/artifacts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAG1C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAEvD,SAAS,KAAK;IACZ,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,aAAa,CAAC;AACvF,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAY,EAAE,SAAS,GAAG,KAAK;IAC7D,OAAO,IAAI,CAAC,UAAU,EAAE,GAAG,KAAK,EAAE,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,SAAS,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAY,EACZ,MAAc,EACd,SAAS,GAAG,KAAK;IAEjB,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC9C,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,SAAS,CAAC,IAAI,EAAE,GAAG,MAAM,IAAI,EAAE,MAAM,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,IAAY,EACZ,SAAS,GAAG,KAAK;IAEjB,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC9C,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1E,OAAO;QACL,IAAI;QACJ,MAAM;QACN,MAAM,EAAE,GAAG,EAAE;YACX,IAAI,CAAC;gBACH,MAAM,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAChC,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/tools/fs.js
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import { readFile, readdir, writeFile } from "node:fs/promises";
|
|
2
|
-
import { relative, resolve } from "node:path";
|
|
1
|
+
import { open, readFile, readdir, stat, writeFile } from "node:fs/promises";
|
|
2
|
+
import { isAbsolute, relative, resolve } from "node:path";
|
|
3
3
|
import { homedir } from "node:os";
|
|
4
4
|
import { execa } from "execa";
|
|
5
5
|
import { getConfig } from "../store/config.js";
|
|
6
|
+
import { redactSecrets } from "../llm/provider.js";
|
|
6
7
|
function expandHome(path) {
|
|
7
8
|
if (path === "~")
|
|
8
9
|
return homedir();
|
|
@@ -11,30 +12,82 @@ function expandHome(path) {
|
|
|
11
12
|
}
|
|
12
13
|
return path;
|
|
13
14
|
}
|
|
14
|
-
/** Resolve path with tilde expansion — no sandbox check (read-only callers) */
|
|
15
15
|
function resolvePath(path) {
|
|
16
16
|
return resolve(expandHome(path));
|
|
17
17
|
}
|
|
18
|
-
|
|
18
|
+
function configuredRoots() {
|
|
19
|
+
return [
|
|
20
|
+
...getConfig().sandboxRoots.map((root) => resolve(expandHome(root))),
|
|
21
|
+
resolve(process.cwd()),
|
|
22
|
+
];
|
|
23
|
+
}
|
|
24
|
+
function isWithinRoots(resolved, roots) {
|
|
25
|
+
return roots.some((root) => {
|
|
26
|
+
const rel = relative(root, resolved);
|
|
27
|
+
return rel === "" || (!rel.startsWith("..") && !isAbsolute(rel));
|
|
28
|
+
});
|
|
29
|
+
}
|
|
30
|
+
function isForbiddenSecretPath(resolved) {
|
|
31
|
+
const lower = resolved.toLowerCase().replace(/\\/g, "/");
|
|
32
|
+
const home = resolve(homedir()).toLowerCase().replace(/\\/g, "/");
|
|
33
|
+
const relativeHome = lower.startsWith(home) ? lower.slice(home.length) : lower;
|
|
34
|
+
const secretSegments = [
|
|
35
|
+
"/.ssh/",
|
|
36
|
+
"/.gnupg/",
|
|
37
|
+
"/.aws/",
|
|
38
|
+
"/.kube/",
|
|
39
|
+
"/.docker/",
|
|
40
|
+
"/.config/gcloud/",
|
|
41
|
+
"/.clai/keys.json",
|
|
42
|
+
];
|
|
43
|
+
if (secretSegments.some((segment) => relativeHome.includes(segment)))
|
|
44
|
+
return true;
|
|
45
|
+
return /(^|\/)(\.env(?:\..*)?|\.npmrc|\.pypirc|id_rsa|id_dsa|id_ecdsa|id_ed25519|.*\.pem|.*\.key)$/i.test(lower);
|
|
46
|
+
}
|
|
47
|
+
function ensureReadAllowed(path) {
|
|
48
|
+
const resolved = resolvePath(path);
|
|
49
|
+
if (isForbiddenSecretPath(resolved)) {
|
|
50
|
+
throw new Error(`Read blocked — path looks like a secret: ${path}`);
|
|
51
|
+
}
|
|
52
|
+
if (!isWithinRoots(resolved, configuredRoots())) {
|
|
53
|
+
throw new Error(`Read blocked — path is outside approved roots: ${path}`);
|
|
54
|
+
}
|
|
55
|
+
return resolved;
|
|
56
|
+
}
|
|
19
57
|
function ensureWriteAllowed(path) {
|
|
20
58
|
const resolved = resolvePath(path);
|
|
21
59
|
const roots = [
|
|
22
60
|
...getConfig().sandboxRoots.map((root) => resolve(expandHome(root))),
|
|
23
61
|
resolve(homedir()),
|
|
24
62
|
];
|
|
25
|
-
|
|
26
|
-
const rel = relative(root, resolved);
|
|
27
|
-
return (rel === "" || (!rel.startsWith("..") && !resolve(rel).startsWith("..")));
|
|
28
|
-
});
|
|
29
|
-
if (!allowed) {
|
|
63
|
+
if (!isWithinRoots(resolved, roots)) {
|
|
30
64
|
throw new Error(`Write blocked — path is outside approved roots: ${path}`);
|
|
31
65
|
}
|
|
32
66
|
return resolved;
|
|
33
67
|
}
|
|
34
68
|
export async function fsRead(path) {
|
|
35
|
-
const resolved =
|
|
36
|
-
const
|
|
37
|
-
|
|
69
|
+
const resolved = ensureReadAllowed(path);
|
|
70
|
+
const info = await stat(resolved);
|
|
71
|
+
const maxBytes = 128 * 1024;
|
|
72
|
+
if (info.size <= maxBytes) {
|
|
73
|
+
const content = redactSecrets(await readFile(resolved, "utf8"));
|
|
74
|
+
return { ok: true, output: content, stats: { bytesRead: info.size, bytesShown: Buffer.byteLength(content) } };
|
|
75
|
+
}
|
|
76
|
+
const handle = await open(resolved, "r");
|
|
77
|
+
try {
|
|
78
|
+
const buffer = Buffer.alloc(maxBytes);
|
|
79
|
+
const { bytesRead } = await handle.read(buffer, 0, maxBytes, 0);
|
|
80
|
+
const preview = redactSecrets(buffer.subarray(0, bytesRead).toString("utf8"));
|
|
81
|
+
return {
|
|
82
|
+
ok: true,
|
|
83
|
+
output: `${preview}\n... file truncated at ${maxBytes} bytes (size=${info.size} bytes) ...`,
|
|
84
|
+
truncated: true,
|
|
85
|
+
stats: { bytesRead: info.size, bytesShown: bytesRead, bytesDropped: Math.max(0, info.size - bytesRead) },
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
finally {
|
|
89
|
+
await handle.close();
|
|
90
|
+
}
|
|
38
91
|
}
|
|
39
92
|
export async function fsWrite(path, content) {
|
|
40
93
|
const resolved = ensureWriteAllowed(path);
|
|
@@ -42,29 +95,46 @@ export async function fsWrite(path, content) {
|
|
|
42
95
|
return { ok: true, output: `Wrote ${resolved}` };
|
|
43
96
|
}
|
|
44
97
|
export async function fsList(path) {
|
|
45
|
-
const resolved =
|
|
98
|
+
const resolved = ensureReadAllowed(path);
|
|
46
99
|
const entries = await readdir(resolved, { withFileTypes: true });
|
|
100
|
+
const maxEntries = 500;
|
|
101
|
+
const shown = entries.slice(0, maxEntries);
|
|
47
102
|
return {
|
|
48
103
|
ok: true,
|
|
49
|
-
output:
|
|
104
|
+
output: shown
|
|
50
105
|
.map((entry) => `${entry.isDirectory() ? "dir " : "file"} ${entry.name}`)
|
|
51
|
-
.join("\n")
|
|
106
|
+
.join("\n") +
|
|
107
|
+
(entries.length > maxEntries
|
|
108
|
+
? `\n... ${entries.length - maxEntries} entries omitted ...`
|
|
109
|
+
: ""),
|
|
110
|
+
truncated: entries.length > maxEntries,
|
|
111
|
+
stats: { linesRead: entries.length },
|
|
52
112
|
};
|
|
53
113
|
}
|
|
54
114
|
export async function fsSearch(pattern, path = process.cwd()) {
|
|
55
|
-
const resolved =
|
|
56
|
-
const maxLines =
|
|
115
|
+
const resolved = ensureReadAllowed(path);
|
|
116
|
+
const maxLines = 200;
|
|
117
|
+
const formatResult = (all, exitCode) => {
|
|
118
|
+
const lines = redactSecrets(all ?? "")
|
|
119
|
+
.split(/\r?\n/)
|
|
120
|
+
.filter(Boolean);
|
|
121
|
+
const shown = lines.slice(0, maxLines);
|
|
122
|
+
return {
|
|
123
|
+
ok: exitCode === 0,
|
|
124
|
+
output: shown.join("\n") +
|
|
125
|
+
(lines.length > maxLines ? `\n... ${lines.length - maxLines} matches omitted ...` : ""),
|
|
126
|
+
exitCode,
|
|
127
|
+
truncated: lines.length > maxLines,
|
|
128
|
+
stats: { linesRead: lines.length },
|
|
129
|
+
};
|
|
130
|
+
};
|
|
57
131
|
try {
|
|
58
|
-
const result = await execa("rg", ["--max-count", "5", "--max-filesize", "1M", "-l", pattern, resolved], {
|
|
132
|
+
const result = await execa("rg", ["--max-count", "5", "--max-filesize", "1M", "--glob", "!.git", "-l", pattern, resolved], {
|
|
59
133
|
reject: false,
|
|
60
134
|
all: true,
|
|
61
135
|
timeout: 15_000,
|
|
62
136
|
});
|
|
63
|
-
return
|
|
64
|
-
ok: result.exitCode === 0,
|
|
65
|
-
output: result.all ?? "",
|
|
66
|
-
exitCode: result.exitCode,
|
|
67
|
-
};
|
|
137
|
+
return formatResult(result.all, result.exitCode ?? 1);
|
|
68
138
|
}
|
|
69
139
|
catch {
|
|
70
140
|
const result = await execa("grep", ["-R", "-l", "-m", String(maxLines), pattern, resolved], {
|
|
@@ -72,11 +142,7 @@ export async function fsSearch(pattern, path = process.cwd()) {
|
|
|
72
142
|
all: true,
|
|
73
143
|
timeout: 15_000,
|
|
74
144
|
});
|
|
75
|
-
return
|
|
76
|
-
ok: result.exitCode === 0,
|
|
77
|
-
output: result.all ?? "",
|
|
78
|
-
exitCode: result.exitCode,
|
|
79
|
-
};
|
|
145
|
+
return formatResult(result.all, result.exitCode ?? 1);
|
|
80
146
|
}
|
|
81
147
|
}
|
|
82
148
|
//# sourceMappingURL=fs.js.map
|
package/dist/tools/fs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fs.js","sourceRoot":"","sources":["../../src/tools/fs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"fs.js","sourceRoot":"","sources":["../../src/tools/fs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC;AAE9B,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,SAAS,UAAU,CAAC,IAAY;IAC9B,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,OAAO,EAAE,CAAC;IACnC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,OAAO,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,eAAe;IACtB,OAAO;QACL,GAAG,SAAS,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QACpE,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;KACvB,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB,EAAE,KAAe;IACtD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;QACzB,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACrC,OAAO,GAAG,KAAK,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAClE,MAAM,YAAY,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAC/E,MAAM,cAAc,GAAG;QACrB,QAAQ;QACR,UAAU;QACV,QAAQ;QACR,SAAS;QACT,WAAW;QACX,kBAAkB;QAClB,kBAAkB;KACnB,CAAC;IACF,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAClF,OAAO,6FAA6F,CAAC,IAAI,CACvG,KAAK,CACN,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,qBAAqB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,kDAAkD,IAAI,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG;QACZ,GAAG,SAAS,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QACpE,OAAO,CAAC,OAAO,EAAE,CAAC;KACnB,CAAC;IACF,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,mDAAmD,IAAI,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAY;IACvC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,GAAG,GAAG,IAAI,CAAC;IAC5B,IAAI,IAAI,CAAC,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAChE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;IAChH,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9E,OAAO;YACL,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,GAAG,OAAO,2BAA2B,QAAQ,gBAAgB,IAAI,CAAC,IAAI,aAAa;YAC3F,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC,EAAE;SACzG,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,IAAY,EACZ,OAAe;IAEf,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,QAAQ,EAAE,EAAE,CAAC;AACnD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAY;IACvC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,GAAG,CAAC;IACvB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAC3C,OAAO;QACL,EAAE,EAAE,IAAI;QACR,MAAM,EAAE,KAAK;aACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;aACxE,IAAI,CAAC,IAAI,CAAC;YACX,CAAC,OAAO,CAAC,MAAM,GAAG,UAAU;gBAC1B,CAAC,CAAC,SAAS,OAAO,CAAC,MAAM,GAAG,UAAU,sBAAsB;gBAC5D,CAAC,CAAC,EAAE,CAAC;QACT,SAAS,EAAE,OAAO,CAAC,MAAM,GAAG,UAAU;QACtC,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE;KACrC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,OAAe,EACf,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE;IAEpB,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,GAAG,CAAC;IACrB,MAAM,YAAY,GAAG,CAAC,GAAuB,EAAE,QAAgB,EAAc,EAAE;QAC7E,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,IAAI,EAAE,CAAC;aACnC,KAAK,CAAC,OAAO,CAAC;aACd,MAAM,CAAC,OAAO,CAAC,CAAC;QACnB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACvC,OAAO;YACL,EAAE,EAAE,QAAQ,KAAK,CAAC;YAClB,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;gBACtB,CAAC,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,MAAM,GAAG,QAAQ,sBAAsB,CAAC,CAAC,CAAC,EAAE,CAAC;YACzF,QAAQ;YACR,SAAS,EAAE,KAAK,CAAC,MAAM,GAAG,QAAQ;YAClC,KAAK,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE;SACnC,CAAC;IACJ,CAAC,CAAC;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC,aAAa,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE;YACzH,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,IAAI;YACT,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QACH,OAAO,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE;YAC1F,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,IAAI;YACT,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QACH,OAAO,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;IACxD,CAAC;AACH,CAAC"}
|
package/dist/tools/http.d.ts
CHANGED
package/dist/tools/http.js
CHANGED
|
@@ -6,13 +6,43 @@ export async function httpFetch(url, options = {}) {
|
|
|
6
6
|
if (options.headers) {
|
|
7
7
|
init.headers = options.headers;
|
|
8
8
|
}
|
|
9
|
-
const response = await fetch(url, init);
|
|
10
|
-
const limit = options.maxBytes ??
|
|
11
|
-
const
|
|
9
|
+
const response = await fetch(url, { ...init, signal: options.signal ?? null });
|
|
10
|
+
const limit = options.maxBytes ?? 256_000;
|
|
11
|
+
const chunks = [];
|
|
12
|
+
let bytesRead = 0;
|
|
13
|
+
let truncated = false;
|
|
14
|
+
const reader = response.body?.getReader();
|
|
15
|
+
if (reader) {
|
|
16
|
+
while (bytesRead < limit) {
|
|
17
|
+
const { done, value } = await reader.read();
|
|
18
|
+
if (done)
|
|
19
|
+
break;
|
|
20
|
+
const remaining = limit - bytesRead;
|
|
21
|
+
if (value.byteLength > remaining) {
|
|
22
|
+
chunks.push(value.subarray(0, remaining));
|
|
23
|
+
bytesRead += remaining;
|
|
24
|
+
truncated = true;
|
|
25
|
+
await reader.cancel().catch(() => undefined);
|
|
26
|
+
break;
|
|
27
|
+
}
|
|
28
|
+
chunks.push(value);
|
|
29
|
+
bytesRead += value.byteLength;
|
|
30
|
+
}
|
|
31
|
+
if (bytesRead >= limit)
|
|
32
|
+
truncated = true;
|
|
33
|
+
}
|
|
34
|
+
const text = new TextDecoder().decode(Buffer.concat(chunks));
|
|
35
|
+
const headerPreview = [
|
|
36
|
+
`status=${response.status}`,
|
|
37
|
+
`content-type=${response.headers.get("content-type") ?? "unknown"}`,
|
|
38
|
+
`bytes=${bytesRead}${truncated ? "+" : ""}`,
|
|
39
|
+
].join(" ");
|
|
12
40
|
return {
|
|
13
41
|
ok: response.ok,
|
|
14
|
-
output: text
|
|
42
|
+
output: `${headerPreview}\n${text}${truncated ? `\n... response truncated at ${limit} bytes ...` : ""}`,
|
|
15
43
|
exitCode: response.status,
|
|
44
|
+
truncated,
|
|
45
|
+
stats: { bytesRead, bytesShown: bytesRead },
|
|
16
46
|
};
|
|
17
47
|
}
|
|
18
48
|
//# sourceMappingURL=http.js.map
|