@pentoshi/clai 0.6.0 → 0.7.2

package/dist/repl.js

@@ -3,18 +3,20 @@ import { stdin as input, stdout as output } from "node:process";
 import chalk from "chalk";
 import { search } from "@inquirer/prompts";
 import { runAskStream } from "./modes/ask.js";
-import { runAgent } from "./modes/agent.js";
+import { runAgent, createSessionPolicy, } from "./modes/agent.js";
 import { providerSwitcher, printProviderKeys, setProviderKey, unsetProviderKey, } from "./commands/providers.js";
 import { getConfig, getProviderModel, setDefaultMode, setProviderModel, setThinking, updateConfig, } from "./store/config.js";
 import { listSessions, saveSession } from "./store/history.js";
 import { assertProvider, defaultModels } from "./llm/provider.js";
-import { runUpdate, checkForUpdateSilent, getCurrentVersion } from "./commands/update.js";
+import { runUpdate, checkForUpdateSilent, getCurrentVersion, } from "./commands/update.js";
 import { renderBanner, renderSessionInfo, renderSuggestions, renderModeSwitch, renderProviderSwitch, PROMPT, } from "./ui/banner.js";
 import { clearThinking, createThinkingStreamParser, getLastThinking, rememberThinkingFromText, renderThinkingBlock, renderThinkingSummary, renderThinkingToggleMessage, } from "./ui/thinking.js";
 import { createMarkdownStreamWriter, renderMarkdown } from "./ui/markdown.js";
 import { startThinkingSpinner } from "./ui/spinner.js";
 import { modelSupportsThinking } from "./llm/capabilities.js";
-import { toggleLastToolOutput } from "./ui/tool-output.js";
+import { getLastViewport, getViewport, listViewports, toggleViewport, } from "./ui/output-pane.js";
+import { compactMessages, estimateMessagesTokens, } from "./agent/context-manager.js";
+import { isCtrlC, isCtrlO, isCtrlT, isEscape } from "./ui/keys.js";
 const slashCommands = [
     { command: "/ask", description: "switch to ask mode" },
     { command: "/agent", description: "switch to agent mode" },
@@ -50,10 +52,45 @@ const slashCommands = [
     { command: "/history", description: "show past sessions" },
     { command: "/save", usage: "<name>", description: "save session" },
     { command: "/cwd", usage: "<path>", description: "change working directory" },
-    { command: "/allow", usage: "<tool>", description: "allow a tool for session" },
+    {
+        command: "/allow",
+        usage: "<tool>|list",
+        description: "allow a tool for this session (not persisted)",
+    },
+    {
+        command: "/disallow",
+        usage: "<tool>",
+        description: "revoke a session allow",
+    },
     { command: "/think", description: "show thinking from last response" },
     { command: "/thinking", description: "alias for /think" },
-    { command: "/output", usage: "[last]", description: "toggle full output from last tool" },
+    {
+        command: "/output",
+        usage: "[last|<id>|list]",
+        description: "toggle full tool output (same as Ctrl+O)",
+    },
+    {
+        command: "/freeonly",
+        usage: "[on|off]",
+        description: "skip paid providers when fallback is enabled",
+    },
+    {
+        command: "/fallback",
+        usage: "[on|off]",
+        description: "try other configured providers after a failure (off by default)",
+    },
+    { command: "/compact", description: "compact session history now" },
+    { command: "/context", description: "show estimated context size" },
+    {
+        command: "/scope",
+        usage: "[show|clear|new|add <targets>]",
+        description: "manage pentest engagement scope",
+    },
+    {
+        command: "/privacy",
+        usage: "[status|clear-history|clear-logs|clear-artifacts|clear-all|on|off]",
+        description: "control retention and private mode (in-memory only)",
+    },
     { command: "/update", description: "check for updates" },
     { command: "/exit", description: "quit" },
     { command: "/quit", description: "alias for /exit" },
@@ -186,7 +223,9 @@ function isAbortLikeError(error) {
     return false;
 }
 function slashCommandLabel(command) {
-    return command.usage ? `${command.command} ${command.usage}` : command.command;
+    return command.usage
+        ? `${command.command} ${command.usage}`
+        : command.command;
 }
 function slashCommandFilter(line) {
     if (!line.startsWith("/") || /\s/.test(line))
@@ -268,6 +307,18 @@ async function readPromptLine(options) {
             if (input.isTTY)
                 input.setRawMode(false);
         };
+        const clearPromptDisplay = () => {
+            const previousMenuLines = renderedMenuLines;
+            cursorTo(output, 0);
+            clearLine(output, 0);
+            for (let i = 0; i < previousMenuLines; i += 1) {
+                output.write("\n");
+                clearLine(output, 0);
+            }
+            if (previousMenuLines > 0)
+                moveCursor(output, 0, -previousMenuLines);
+            renderedMenuLines = 0;
+        };
         const submit = (submittedLine) => {
             const previousMenuLines = renderedMenuLines;
             line = submittedLine;
@@ -294,7 +345,7 @@ async function readPromptLine(options) {
             // selecting + copying never breaks the REPL.
             if (key.meta && !key.ctrl && key.name === "c")
                 return;
-            if (key.ctrl && key.name === "c") {
+            if (isCtrlC(key)) {
                 // First press: clear the current line. Second press within 1s: exit.
                 // This mirrors bash / Claude Code and avoids killing the REPL by
                 // accident when users habitually press Ctrl+C to copy in some
@@ -317,15 +368,15 @@ async function readPromptLine(options) {
                 renderedMenuLines = 0;
                 return;
             }
-            if (key.ctrl && key.name === "t") {
+            if (isCtrlT(key)) {
                 options.onThinkingShortcut();
                 refresh();
                 return;
             }
-            if (key.ctrl && key.name === "o") {
+            if (isCtrlO(key)) {
+                clearPromptDisplay();
                 output.write("\n");
-                renderedMenuLines = 0;
-                options.onOutputToggle();
+                void options.onOutputShortcut().finally(refresh);
                 return;
             }
             if (key.name === "return" || key.name === "enter") {
@@ -342,7 +393,7 @@ async function readPromptLine(options) {
                 }
                 return;
             }
-            if (key.name === "escape") {
+            if (isEscape(key)) {
                 if (menu.visible) {
                     dismissedSlashLine = line;
                     refresh();
@@ -352,7 +403,8 @@ async function readPromptLine(options) {
             if (key.name === "up") {
                 if (menu.visible && menu.suggestions.length > 0) {
                     selectedIndex =
-                        (selectedIndex - 1 + menu.suggestions.length) % menu.suggestions.length;
+                        (selectedIndex - 1 + menu.suggestions.length) %
+                            menu.suggestions.length;
                     refresh();
                     return;
                 }
@@ -517,7 +569,8 @@ async function withAbortableInput(run) {
         return await run(ac.signal);
     }
     catch (error) {
-        if (ac.signal.aborted || (error instanceof Error && error.name === "AbortError")) {
+        if (ac.signal.aborted ||
+            (error instanceof Error && error.name === "AbortError")) {
             throw new AbortRunError();
         }
         throw error;
@@ -536,7 +589,8 @@ function help() {
         return `  ${chalk.cyan(label)}${chalk.dim(command.description)}`;
     })
         .join("\n");
-    return lines + chalk.dim("\n\n  ESC abort  │  Ctrl+C clears input (twice to exit)  │  Ctrl+T toggle thinking");
+    return (lines +
+        chalk.dim("\n\n  ESC abort  │  Ctrl+C clears input (twice to exit)  │  Ctrl+T toggle thinking  │  Ctrl+O / /output last toggle tool output"));
 }
 async function pickModelInteractively(provider, currentModel) {
     const models = knownModels[provider] ?? [];
@@ -771,17 +825,263 @@ async function handleSlash(line, state) {
         }
         case "/allow": {
             const tool = args[0];
-            if (!tool)
-                console.log(chalk.dim("usage: /allow <tool>"));
+            if (!tool) {
+                console.log(chalk.dim("usage: /allow <tool>|list"));
+                return true;
+            }
+            if (tool === "list" || tool === "ls") {
+                if (state.session.allow.size === 0) {
+                    console.log(chalk.dim("  no session allows"));
+                }
+                else {
+                    for (const allowed of state.session.allow) {
+                        console.log(chalk.dim(`  ✓ ${allowed}`));
+                    }
+                }
+                return true;
+            }
+            state.session.allow.add(tool);
+            console.log(chalk.dim(`  allowed ${tool} for this session only ✓`));
+            return true;
+        }
+        case "/disallow": {
+            const tool = args[0];
+            if (!tool) {
+                console.log(chalk.dim("usage: /disallow <tool>"));
+                return true;
+            }
+            if (state.session.allow.delete(tool)) {
+                console.log(chalk.dim(`  revoked ${tool} ✓`));
+            }
             else {
-                const config = getConfig();
-                updateConfig({
-                    allowAlwaysTools: Array.from(new Set([...config.allowAlwaysTools, tool])),
-                });
-                console.log(chalk.dim(`  allowed ${tool} ✓`));
+                console.log(chalk.dim(`  ${tool} was not in the session allow list`));
             }
             return true;
         }
+        case "/context": {
+            const tokens = estimateMessagesTokens(state.messages);
+            console.log(chalk.dim(`  ${state.messages.length} message(s), ~${tokens.toLocaleString()} tokens estimated`));
+            return true;
+        }
+        case "/compact": {
+            const before = state.messages.length;
+            const compacted = compactMessages(state.messages, { budgetTokens: 0 });
+            state.messages.splice(0, state.messages.length, ...compacted);
+            console.log(chalk.dim(`  compacted ${before} → ${state.messages.length} messages (~${estimateMessagesTokens(state.messages).toLocaleString()} tokens)`));
+            return true;
+        }
+        case "/scope": {
+            const sub = (args[0] ?? "show").toLowerCase();
+            const { loadScope, saveScope, addScopeTargets, clearScope, isScopeActive, getScopePath, resetScopeCache, } = await import("./store/scope.js");
+            if (sub === "show" || sub === "ls" || sub === "list") {
+                resetScopeCache();
+                const scope = await loadScope();
+                if (!scope) {
+                    console.log(chalk.dim("  no engagement scope configured"));
+                    console.log(chalk.dim(`  expected at: ${getScopePath()}`));
+                    console.log(chalk.dim("  create one with: /scope add domain1,domain2 or `clai scope add --targets ...`"));
+                    return true;
+                }
+                const status = isScopeActive(scope)
+                    ? chalk.green("active")
+                    : chalk.yellow("expired or empty");
+                console.log(chalk.dim(`  scope: ${scope.name ?? "(unnamed)"} [${status}]`));
+                console.log(chalk.dim(`  authorized: ${scope.authorizedTargets.join(", ")}`));
+                if (scope.excludedTargets && scope.excludedTargets.length > 0) {
+                    console.log(chalk.dim(`  excluded:   ${scope.excludedTargets.join(", ")}`));
+                }
+                if (scope.expiresAt) {
+                    console.log(chalk.dim(`  expires:    ${scope.expiresAt}`));
+                }
+                return true;
+            }
+            if (sub === "clear" || sub === "reset" || sub === "off") {
+                await clearScope();
+                console.log(chalk.dim("  engagement scope cleared"));
+                return true;
+            }
+            if (sub === "add") {
+                const rest = args.slice(1).join(" ").trim();
+                if (!rest) {
+                    console.log(chalk.dim("  usage: /scope add <target1,target2,...>"));
+                    return true;
+                }
+                const targets = rest
+                    .split(/\s+/)[0]
+                    .split(",")
+                    .map((t) => t.trim())
+                    .filter(Boolean);
+                if (targets.length === 0) {
+                    console.log(chalk.dim("  no targets parsed"));
+                    return true;
+                }
+                const scope = await addScopeTargets(targets);
+                console.log(chalk.dim(`  added ${targets.length} target(s); scope now has ${scope.authorizedTargets.length}`));
+                return true;
+            }
+            if (sub === "new" || sub === "set") {
+                const rest = args.slice(1).join(" ").trim();
+                if (!rest) {
+                    console.log(chalk.dim("  usage: /scope new <target1,target2,...> [name=<engagement>] [expires=<iso>]"));
+                    return true;
+                }
+                // Parse: first whitespace-delimited token is the targets list,
+                // remaining `key=value` pairs configure name/expires/note.
+                const tokens = rest.split(/\s+/);
+                const targetsRaw = tokens[0] ?? "";
+                const targets = targetsRaw
+                    .split(",")
+                    .map((t) => t.trim())
+                    .filter(Boolean);
+                if (targets.length === 0) {
+                    console.log(chalk.dim("  no targets parsed"));
+                    return true;
+                }
+                let name;
+                let expires;
+                let note;
+                let exclude;
+                for (const token of tokens.slice(1)) {
+                    const eq = token.indexOf("=");
+                    if (eq < 0)
+                        continue;
+                    const key = token.slice(0, eq).toLowerCase();
+                    const value = token.slice(eq + 1);
+                    if (key === "name")
+                        name = value;
+                    else if (key === "expires")
+                        expires = value;
+                    else if (key === "note")
+                        note = value;
+                    else if (key === "exclude")
+                        exclude = value
+                            .split(",")
+                            .map((t) => t.trim())
+                            .filter(Boolean);
+                }
+                const scope = {
+                    name,
+                    authorizedTargets: targets,
+                    excludedTargets: exclude,
+                    authorizationNote: note,
+                    createdAt: new Date().toISOString(),
+                    expiresAt: expires,
+                };
+                await saveScope(scope);
+                console.log(chalk.dim(`  saved scope${name ? ` "${name}"` : ""} with ${targets.length} target(s)`));
+                return true;
+            }
+            console.log(chalk.dim("  usage: /scope [show|clear|new <targets>|add <targets> [key=value]...]"));
+            return true;
+        }
+        case "/privacy": {
+            const sub = (args[0] ?? "status").toLowerCase();
+            if (sub === "on" || sub === "enable") {
+                updateConfig({ privateMode: true });
+                console.log(chalk.dim("  privateMode: " +
+                    chalk.green("on") +
+                    "  (history not written; in-memory only)"));
+                return true;
+            }
+            if (sub === "off" || sub === "disable") {
+                updateConfig({ privateMode: false });
+                console.log(chalk.dim("  privateMode: " + chalk.dim("off")));
+                return true;
+            }
+            if (sub === "status" || sub === "show") {
+                const cfg = getConfig();
+                console.log(chalk.dim(`  privateMode: ${cfg.privateMode ? chalk.green("on") : chalk.dim("off")}  retention: ${cfg.historyRetentionLimit || "unlimited"}`));
+                return true;
+            }
+            const { clearAllHistory } = await import("./store/history.js");
+            const { clearAuditLogs, clearArtifacts } = await import("./store/logs.js");
+            if (sub === "clear-history") {
+                const r = await clearAllHistory();
+                console.log(chalk.dim(`  history cleared (${r.detail || "ok"})`));
+                return true;
+            }
+            if (sub === "clear-logs") {
+                const r = await clearAuditLogs();
+                console.log(chalk.dim(`  audit logs cleared (${r.removed} files)`));
+                return true;
+            }
+            if (sub === "clear-artifacts") {
+                const r = await clearArtifacts();
+                console.log(chalk.dim(`  artifacts cleared (${r.removed} files)`));
+                return true;
+            }
+            if (sub === "clear-all") {
+                const a = await clearAllHistory();
+                const b = await clearAuditLogs();
+                const c = await clearArtifacts();
+                console.log(chalk.dim(`  history (${a.detail || "ok"}); logs (${b.removed}); artifacts (${c.removed})`));
+                return true;
+            }
+            console.log(chalk.dim("  usage: /privacy [status|on|off|clear-history|clear-logs|clear-artifacts|clear-all]"));
+            return true;
+        }
+        case "/freeonly": {
+            const arg = (args[0] ?? "").toLowerCase().trim();
+            if (!arg) {
+                const value = getConfig().freeOnly;
+                console.log(chalk.dim(`  freeOnly: ${value ? chalk.green("on") : chalk.dim("off")}  (applies when /fallback is on)`));
+                return true;
+            }
+            if (arg === "on" || arg === "true" || arg === "enable") {
+                updateConfig({ freeOnly: true });
+                console.log(chalk.dim("  freeOnly: " + chalk.green("on")));
+                return true;
+            }
+            if (arg === "off" || arg === "false" || arg === "disable") {
+                updateConfig({ freeOnly: false });
+                console.log(chalk.dim("  freeOnly: " + chalk.dim("off")));
+                return true;
+            }
+            console.log(chalk.dim("  usage: /freeonly [on|off]"));
+            return true;
+        }
+        case "/fallback": {
+            const arg = (args[0] ?? "").toLowerCase().trim();
+            if (!arg) {
+                const value = getConfig().providerFallback;
+                console.log(chalk.dim(`  fallback: ${value ? chalk.green("on") : chalk.dim("off")}  (selected provider/model only when off)`));
+                return true;
+            }
+            if (arg === "on" || arg === "true" || arg === "enable") {
+                updateConfig({ providerFallback: true });
+                console.log(chalk.dim("  fallback: " + chalk.green("on")));
+                return true;
+            }
+            if (arg === "off" || arg === "false" || arg === "disable") {
+                updateConfig({ providerFallback: false });
+                console.log(chalk.dim("  fallback: " + chalk.dim("off")));
+                return true;
+            }
+            console.log(chalk.dim("  usage: /fallback [on|off]"));
+            return true;
+        }
+        case "/output": {
+            const target = args[0] ?? "last";
+            if (target === "list" || target === "ls") {
+                const all = listViewports();
+                if (all.length === 0) {
+                    console.log(chalk.dim("  no tool outputs recorded yet"));
+                }
+                else {
+                    for (const v of all) {
+                        console.log(chalk.dim(`  ${v.id} — ${v.toolName} ${v.argsDisplay}${v.artifactPath ? ` (${v.artifactPath})` : ""}`));
+                    }
+                }
+                return true;
+            }
+            const viewport = target === "last" ? getLastViewport() : getViewport(target);
+            if (!viewport) {
+                console.log(chalk.dim(`  no viewport: ${target}`));
+                return true;
+            }
+            await toggleViewport(viewport.id);
+            return true;
+        }
         case "/think":
         case "/thinking": {
             const thinking = getLastThinking();
@@ -793,9 +1093,6 @@ async function handleSlash(line, state) {
             }
             return true;
         }
-        case "/output":
-            await toggleLastToolOutput();
-            return true;
         case "/exit":
         case "/quit":
             return false;
@@ -812,15 +1109,19 @@ async function handleSlash(line, state) {
 }
 export async function startRepl(options = {}) {
     const config = getConfig();
-    const provider = options.provider ? assertProvider(options.provider) : config.defaultProvider;
+    const provider = options.provider
+        ? assertProvider(options.provider)
+        : config.defaultProvider;
     const state = {
         mode: options.mode ?? config.defaultMode,
         provider,
         model: options.model ?? getProviderModel(provider),
         messages: [],
+        session: createSessionPolicy(),
     };
     const promptHistory = [];
     let isReadingPrompt = false;
+    let outputShortcutBusy = false;
     emitKeypressEvents(input);
     // Survive stray promise rejections (eg AbortError from a cancelled
     // SSE reader) without killing the REPL. Anything that ends up here
@@ -847,16 +1148,33 @@ export async function startRepl(options = {}) {
     const handleThinkingShortcut = () => {
         process.stdout.write(`\n${renderThinkingToggleMessage()}\n`);
     };
+    const handleOutputShortcut = async () => {
+        if (outputShortcutBusy)
+            return;
+        outputShortcutBusy = true;
+        try {
+            const v = getLastViewport();
+            if (v) {
+                if (currentAbortController)
+                    process.stdout.write("\n");
+                await toggleViewport(v.id);
+            }
+            else {
+                process.stdout.write(chalk.dim("\n  (no tool output to expand yet)\n"));
+            }
+        }
+        finally {
+            outputShortcutBusy = false;
+        }
+    };
     const handleKeypress = (_sequence, key) => {
-        if (key.ctrl && key.name === "t" && !isReadingPrompt)
+        if (isCtrlT(key) && !isReadingPrompt)
             handleThinkingShortcut();
-        if (key.ctrl && key.name === "o" && !isReadingPrompt) {
-            void toggleLastToolOutput().catch((error) => {
-                const message = error instanceof Error ? error.message : String(error);
-                process.stderr.write(chalk.dim(`\n  output toggle failed: ${message}\n`));
-            });
+        if (isCtrlO(key) && !isReadingPrompt) {
+            void handleOutputShortcut();
         }
-        if ((key.name === "escape" || (key.ctrl && key.name === "c")) && currentAbortController) {
+        if ((isEscape(key) || isCtrlC(key)) &&
+            currentAbortController) {
             currentAbortController.abort();
         }
     };
@@ -903,7 +1221,7 @@ export async function startRepl(options = {}) {
         mode: state.mode,
     }));
     console.log(renderSuggestions());
-    console.log(chalk.dim("  ESC to abort a response  │  Ctrl+C clears input (twice to exit)  │  Ctrl+T or /think for thinking\n"));
+    console.log(chalk.dim("  ESC abort  │  Ctrl+C clears input  │  Ctrl+T or /think for thinking  │  Ctrl+O or /output last for full tool output\n"));
     // Hint thinking-capable users that the toggle exists. We default it to
     // off for speed, since on NIM many models route through a much slower
     // chat-template path when reasoning is enabled.
@@ -916,22 +1234,15 @@ export async function startRepl(options = {}) {
             chalk.cyan("low|medium|high") +
             chalk.dim(") to enable it.\n"));
     }
-    // Non-blocking update check when enabled.
-    if (getConfig().autoUpdateCheck && process.env.CLAI_OFFLINE !== "1") {
-        checkForUpdateSilent();
-    }
+    // Non-blocking update check
+    checkForUpdateSilent();
     try {
         while (true) {
             isReadingPrompt = true;
             const line = (await readPromptLine({
                 history: promptHistory,
                 onThinkingShortcut: handleThinkingShortcut,
-                onOutputToggle: () => {
-                    void toggleLastToolOutput().catch((error) => {
-                        const message = error instanceof Error ? error.message : String(error);
-                        process.stderr.write(chalk.dim(`\n  output toggle failed: ${message}\n`));
-                    });
-                },
+                onOutputShortcut: handleOutputShortcut,
             })).trim();
             isReadingPrompt = false;
             if (!line)
@@ -969,6 +1280,7 @@ export async function startRepl(options = {}) {
                         model: state.model,
                         history: state.messages,
                         signal,
+                        session: state.session,
                     }));
                 }
                 console.log();
@@ -992,7 +1304,13 @@ export async function startRepl(options = {}) {
         if (siginfoRegistered)
             process.off(siginfo, handleThinkingShortcut);
         if (state.messages.length > 0) {
-            await saveSession(state.messages, `repl-${new Date().toISOString()}`);
+            // Honor `--no-history` and the persistent privateMode setting.
+            // The session.allow set is already in-memory only; saveSession itself
+            // also bails early when privateMode is on, but checking here keeps
+            // intent obvious in the call site.
+            if (!options.noHistory && !getConfig().privateMode) {
+                await saveSession(state.messages, `repl-${new Date().toISOString()}`);
+            }
         }
         if (input.isTTY)
             input.setRawMode(false);