@pheem49/mint 1.5.5 → 1.6.1

package/crates/mint-core/src/safety.rs

@@ -0,0 +1,416 @@
+use std::{
+    path::{Component, Path, PathBuf},
+    sync::LazyLock,
+};
+
+use regex::Regex;
+use serde::Serialize;
+use thiserror::Error;
+
+use crate::MintConfig;
+
+static BLOCKED_COMMAND_PATTERNS: LazyLock<Vec<(Regex, &'static str)>> = LazyLock::new(|| {
+    [
+        (
+            r"\brm\s+(-[^\s]*r[^\s]*f|-rf|-fr)\b",
+            "recursive force delete",
+        ),
+        (r"\bgit\s+reset\s+--hard\b", "destructive git reset"),
+        (
+            r"\bgit\s+checkout\s+--\b",
+            "destructive git checkout path restore",
+        ),
+        (r"\bgit\s+clean\b.*\s-[^\s]*f", "destructive git clean"),
+        (r"\bmkfs(?:\.\w+)?\b", "filesystem formatting"),
+        (r"\bdd\s+.*\bof=/dev/", "raw disk write"),
+        (
+            r">\s*/dev/(?:sd|nvme|hd|mapper)",
+            "write redirection to block device",
+        ),
+        (
+            r"\b(shutdown|reboot|poweroff|halt)\b",
+            "system power command",
+        ),
+        (r"\bsudo\b", "privilege escalation"),
+        (r"\bchmod\s+-R\s+777\b", "unsafe recursive permissions"),
+        (r"\bchown\s+-R\b", "unsafe recursive ownership change"),
+        (
+            r"\b(curl|wget)\b.*\|\s*(sh|bash|zsh)\b",
+            "remote script piping",
+        ),
+    ]
+    .into_iter()
+    .map(|(pattern, reason)| (Regex::new(pattern).unwrap(), reason))
+    .collect()
+});
+
+#[derive(Debug, Clone, Copy, Serialize, PartialEq, Eq)]
+#[serde(rename_all = "lowercase")]
+pub enum SafetyTier {
+    Approval,
+    Blocked,
+}
+
+#[derive(Debug, Clone, Copy, Serialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub enum ShellCommandMode {
+    ReadOnly,
+    Test,
+    Network,
+    Mutating,
+}
+
+impl ShellCommandMode {
+    pub fn as_str(self) -> &'static str {
+        match self {
+            Self::ReadOnly => "readOnly",
+            Self::Test => "test",
+            Self::Network => "network",
+            Self::Mutating => "mutating",
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, PartialEq, Eq)]
+pub struct ShellClassification {
+    pub tier: SafetyTier,
+    pub mode: ShellCommandMode,
+    pub reason: String,
+}
+
+#[derive(Debug, Clone, Copy)]
+pub enum Capability {
+    Read,
+    Write,
+}
+
+impl Capability {
+    fn as_str(self) -> &'static str {
+        match self {
+            Self::Read => "read",
+            Self::Write => "write",
+        }
+    }
+}
+
+#[derive(Debug, Error, PartialEq, Eq)]
+pub enum SafetyError {
+    #[error("target path is required")]
+    TargetPathRequired,
+    #[error("blocked {capability} access to sensitive file name: {file_name}")]
+    BlockedFileName {
+        capability: &'static str,
+        file_name: String,
+    },
+    #[error("blocked {capability} access to protected path: {path}")]
+    BlockedPath {
+        capability: &'static str,
+        path: PathBuf,
+    },
+    #[error("path {capability} denied by capability policy: {path}")]
+    PathDenied {
+        capability: &'static str,
+        path: PathBuf,
+    },
+}
+
+pub fn classify_shell_command(command: &str) -> ShellClassification {
+    let normalized = command.split_whitespace().collect::<Vec<_>>().join(" ");
+    if normalized.is_empty() {
+        return ShellClassification {
+            tier: SafetyTier::Blocked,
+            mode: ShellCommandMode::Mutating,
+            reason: "empty shell command".into(),
+        };
+    }
+    for (pattern, reason) in BLOCKED_COMMAND_PATTERNS.iter() {
+        if pattern.is_match(&normalized) {
+            return ShellClassification {
+                tier: SafetyTier::Blocked,
+                mode: ShellCommandMode::Mutating,
+                reason: (*reason).into(),
+            };
+        }
+    }
+    let mode = classify_shell_mode(&normalized);
+    ShellClassification {
+        tier: SafetyTier::Approval,
+        mode,
+        reason: format!("{} shell command requires approval", mode.as_str()),
+    }
+}
+
+pub fn shell_mode_allowed(config: &MintConfig, mode: ShellCommandMode) -> bool {
+    config
+        .extra
+        .get("allowedShellModes")
+        .and_then(|value| value.as_array())
+        .map(|values| {
+            values
+                .iter()
+                .filter_map(|value| value.as_str())
+                .any(|value| value == "*" || value == mode.as_str())
+        })
+        .unwrap_or(false)
+}
+
+fn classify_shell_mode(command: &str) -> ShellCommandMode {
+    let lower = command.to_ascii_lowercase();
+    if contains_network_command(&lower) {
+        return ShellCommandMode::Network;
+    }
+    if is_test_command(&lower) {
+        return ShellCommandMode::Test;
+    }
+    if is_read_only_command(&lower) {
+        return ShellCommandMode::ReadOnly;
+    }
+    ShellCommandMode::Mutating
+}
+
+fn contains_network_command(command: &str) -> bool {
+    [
+        "curl ",
+        "wget ",
+        "git clone",
+        "npm install",
+        "npm ci",
+        "pnpm install",
+        "pnpm add",
+        "yarn add",
+        "pip install",
+        "cargo install",
+        "go install",
+        "docker pull",
+    ]
+    .iter()
+    .any(|needle| command.contains(needle))
+}
+
+fn is_test_command(command: &str) -> bool {
+    [
+        "cargo test",
+        "cargo check",
+        "cargo clippy",
+        "cargo fmt",
+        "npm test",
+        "npm run test",
+        "npm run -s test",
+        "npm run build",
+        "npm run -s build",
+        "npm run lint",
+        "npm run -s lint",
+        "npm run check",
+        "npm run -s check",
+        "npm run typecheck",
+        "npm run -s typecheck",
+        "pnpm test",
+        "pnpm run test",
+        "pnpm run build",
+        "yarn test",
+        "yarn build",
+        "pytest",
+        "go test",
+    ]
+    .iter()
+    .any(|prefix| command == *prefix || command.starts_with(&format!("{prefix} ")))
+}
+
+fn is_read_only_command(command: &str) -> bool {
+    if command.contains('>') || command.contains(" tee ") {
+        return false;
+    }
+    command
+        .split([';', '&', '|'])
+        .map(str::trim)
+        .filter(|segment| !segment.is_empty())
+        .all(|segment| {
+            let mut words = segment.split_whitespace();
+            matches!(
+                words.next(),
+                Some(
+                    "cat"
+                        | "cd"
+                        | "du"
+                        | "find"
+                        | "grep"
+                        | "git"
+                        | "head"
+                        | "ls"
+                        | "nl"
+                        | "pwd"
+                        | "rg"
+                        | "sed"
+                        | "tail"
+                        | "tree"
+                        | "wc"
+                        | "which"
+                )
+            ) && !segment.starts_with("git ")
+                || is_read_only_git(segment)
+        })
+}
+
+fn is_read_only_git(segment: &str) -> bool {
+    let mut words = segment.split_whitespace();
+    if words.next() != Some("git") {
+        return false;
+    }
+    matches!(
+        words.next(),
+        Some("branch" | "diff" | "log" | "show" | "status")
+    )
+}
+
+pub fn assert_path_capability(
+    target_path: &Path,
+    capability: Capability,
+    config: &MintConfig,
+) -> Result<PathBuf, SafetyError> {
+    if target_path.as_os_str().is_empty() {
+        return Err(SafetyError::TargetPathRequired);
+    }
+    let resolved = resolve_path(target_path);
+    if !config.safety_enabled {
+        return Ok(resolved);
+    }
+    if let Some(file_name) = resolved.file_name().and_then(|value| value.to_str())
+        && config
+            .blocked_file_names
+            .iter()
+            .any(|item| item == file_name)
+    {
+        return Err(SafetyError::BlockedFileName {
+            capability: capability.as_str(),
+            file_name: file_name.into(),
+        });
+    }
+    if config
+        .blocked_paths
+        .iter()
+        .map(|path| resolve_path(path))
+        .any(|path| resolved.starts_with(path))
+    {
+        return Err(SafetyError::BlockedPath {
+            capability: capability.as_str(),
+            path: resolved,
+        });
+    }
+    let allowed_paths = match capability {
+        Capability::Read => &config.allowed_read_paths,
+        Capability::Write => &config.allowed_write_paths,
+    };
+    if !allowed_paths
+        .iter()
+        .map(|path| resolve_path(path))
+        .any(|path| resolved.starts_with(path))
+    {
+        return Err(SafetyError::PathDenied {
+            capability: capability.as_str(),
+            path: resolved,
+        });
+    }
+    Ok(resolved)
+}
+
+fn resolve_path(path: &Path) -> PathBuf {
+    let expanded = expand_home(path);
+    let absolute = if expanded.is_absolute() {
+        expanded
+    } else {
+        std::env::current_dir()
+            .unwrap_or_else(|_| PathBuf::from("."))
+            .join(expanded)
+    };
+    normalize_path(&absolute)
+}
+
+fn expand_home(path: &Path) -> PathBuf {
+    let value = path.to_string_lossy();
+    if value == "~" {
+        return dirs::home_dir().unwrap_or_else(|| path.to_path_buf());
+    }
+    if let Some(remainder) = value.strip_prefix("~/")
+        && let Some(home) = dirs::home_dir()
+    {
+        return home.join(remainder);
+    }
+    path.to_path_buf()
+}
+
+fn normalize_path(path: &Path) -> PathBuf {
+    let mut normalized = PathBuf::new();
+    for component in path.components() {
+        match component {
+            Component::CurDir => {}
+            Component::ParentDir => {
+                normalized.pop();
+            }
+            _ => normalized.push(component),
+        }
+    }
+    normalized
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn blocks_destructive_shell_commands() {
+        let result = classify_shell_command("git reset --hard HEAD");
+        assert_eq!(result.tier, SafetyTier::Blocked);
+        assert_eq!(result.reason, "destructive git reset");
+    }
+
+    #[test]
+    fn shell_commands_require_approval_by_default() {
+        let result = classify_shell_command("git status --short");
+        assert_eq!(result.tier, SafetyTier::Approval);
+        assert_eq!(result.mode, ShellCommandMode::ReadOnly);
+    }
+
+    #[test]
+    fn classifies_test_and_network_shell_modes() {
+        assert_eq!(
+            classify_shell_command("cargo test -p mint-core").mode,
+            ShellCommandMode::Test
+        );
+        assert_eq!(
+            classify_shell_command("npm install").mode,
+            ShellCommandMode::Network
+        );
+    }
+
+    #[test]
+    fn shell_mode_policy_reads_config_allowlist() {
+        let mut config = MintConfig::default();
+        config.extra.insert(
+            "allowedShellModes".to_string(),
+            serde_json::json!(["readOnly", "test"]),
+        );
+        assert!(shell_mode_allowed(&config, ShellCommandMode::ReadOnly));
+        assert!(shell_mode_allowed(&config, ShellCommandMode::Test));
+        assert!(!shell_mode_allowed(&config, ShellCommandMode::Network));
+        assert!(!shell_mode_allowed(&config, ShellCommandMode::Mutating));
+    }
+
+    #[test]
+    fn blocks_sensitive_file_names() {
+        let config = MintConfig::default();
+        let result = assert_path_capability(Path::new(".env"), Capability::Read, &config);
+        assert!(matches!(result, Err(SafetyError::BlockedFileName { .. })));
+    }
+
+    #[test]
+    fn denies_paths_outside_configured_roots() {
+        let config = MintConfig {
+            allowed_read_paths: vec![PathBuf::from("/tmp/mint")],
+            blocked_paths: vec![],
+            ..MintConfig::default()
+        };
+        let result =
+            assert_path_capability(Path::new("/var/lib/private"), Capability::Read, &config);
+        assert!(matches!(result, Err(SafetyError::PathDenied { .. })));
+    }
+}

package/crates/mint-core/src/semantic.rs

@@ -0,0 +1,254 @@
+use std::{
+    cmp::Ordering,
+    fs,
+    path::{Path, PathBuf},
+};
+
+use serde::{Deserialize, Serialize};
+use serde_json::{Value, json};
+use sha2::{Digest, Sha256};
+use thiserror::Error;
+
+use crate::{CodeInspectionError, MintConfig, list_code_files};
+
+const EMBEDDING_MODEL: &str = "gemini-embedding-001";
+const MAX_CHARS: usize = 1800;
+
+#[derive(Debug, Error)]
+pub enum SemanticError {
+    #[error(transparent)]
+    Inspect(#[from] CodeInspectionError),
+    #[error("Gemini API key is required for semantic code embeddings")]
+    MissingApiKey,
+    #[error("unable to read semantic index {path}: {source}")]
+    Read {
+        path: PathBuf,
+        source: std::io::Error,
+    },
+    #[error("unable to write semantic index {path}: {source}")]
+    Write {
+        path: PathBuf,
+        source: std::io::Error,
+    },
+    #[error("unable to parse semantic index {path}: {source}")]
+    Parse {
+        path: PathBuf,
+        source: serde_json::Error,
+    },
+    #[error("semantic embedding request failed: {0}")]
+    Request(#[from] reqwest::Error),
+    #[error("semantic embedding response did not contain an embedding")]
+    MissingEmbedding,
+}
+
+#[derive(Debug, Clone, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SemanticChunk {
+    pub file: PathBuf,
+    pub start_line: usize,
+    pub end_line: usize,
+    pub text: String,
+    pub embedding: Vec<f64>,
+}
+
+#[derive(Debug, Clone, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SemanticIndex {
+    pub root: PathBuf,
+    pub model: String,
+    pub file_count: usize,
+    pub chunk_count: usize,
+    pub chunks: Vec<SemanticChunk>,
+    pub store_path: PathBuf,
+}
+
+#[derive(Debug, Clone, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SemanticHit {
+    pub file: PathBuf,
+    pub start_line: usize,
+    pub end_line: usize,
+    pub score: f64,
+    pub text: String,
+}
+
+pub async fn index_semantic_code(
+    root: &Path,
+    config: &MintConfig,
+) -> Result<SemanticIndex, SemanticError> {
+    let root = fs::canonicalize(root).map_err(|source| SemanticError::Read {
+        path: root.to_path_buf(),
+        source,
+    })?;
+    let files = list_code_files(&root, usize::MAX, config)?;
+    let mut chunks = Vec::new();
+    for file in &files {
+        if file.size > 512 * 1024 || !is_source_file(&file.path) {
+            continue;
+        }
+        let Ok(content) = fs::read_to_string(&file.path) else {
+            continue;
+        };
+        for (start_line, end_line, text) in chunk_text(&content) {
+            chunks.push(SemanticChunk {
+                file: file.path.clone(),
+                start_line,
+                end_line,
+                embedding: embed_text(config, &text).await?,
+                text,
+            });
+        }
+    }
+    let store_path = semantic_store_path(&root)?;
+    let index = SemanticIndex {
+        root,
+        model: EMBEDDING_MODEL.into(),
+        file_count: files.len(),
+        chunk_count: chunks.len(),
+        chunks,
+        store_path: store_path.clone(),
+    };
+    if let Some(directory) = store_path.parent() {
+        fs::create_dir_all(directory).map_err(|source| SemanticError::Write {
+            path: directory.into(),
+            source,
+        })?;
+    }
+    fs::write(&store_path, serde_json::to_string_pretty(&index).unwrap()).map_err(|source| {
+        SemanticError::Write {
+            path: store_path,
+            source,
+        }
+    })?;
+    Ok(index)
+}
+
+pub async fn search_semantic_code(
+    root: &Path,
+    query: &str,
+    limit: usize,
+    config: &MintConfig,
+) -> Result<Vec<SemanticHit>, SemanticError> {
+    let root = fs::canonicalize(root).map_err(|source| SemanticError::Read {
+        path: root.to_path_buf(),
+        source,
+    })?;
+    let path = semantic_store_path(&root)?;
+    let raw = fs::read_to_string(&path).map_err(|source| SemanticError::Read {
+        path: path.clone(),
+        source,
+    })?;
+    let index: SemanticIndex =
+        serde_json::from_str(&raw).map_err(|source| SemanticError::Parse { path, source })?;
+    let query = embed_text(config, query).await?;
+    let mut hits = index
+        .chunks
+        .into_iter()
+        .map(|chunk| SemanticHit {
+            score: cosine_similarity(&query, &chunk.embedding),
+            file: chunk.file,
+            start_line: chunk.start_line,
+            end_line: chunk.end_line,
+            text: chunk.text,
+        })
+        .collect::<Vec<_>>();
+    hits.sort_by(|left, right| {
+        right
+            .score
+            .partial_cmp(&left.score)
+            .unwrap_or(Ordering::Equal)
+    });
+    hits.truncate(limit.max(1));
+    Ok(hits)
+}
+
+fn chunk_text(content: &str) -> Vec<(usize, usize, String)> {
+    let lines = content.lines().collect::<Vec<_>>();
+    let mut chunks = Vec::new();
+    let mut start = 0;
+    while start < lines.len() {
+        let mut end = start;
+        let mut chars = 0;
+        while end < lines.len() && (end == start || chars + lines[end].len() + 1 <= MAX_CHARS) {
+            chars += lines[end].len() + 1;
+            end += 1;
+        }
+        chunks.push((start + 1, end, lines[start..end].join("\n")));
+        start = end;
+    }
+    chunks
+}
+
+async fn embed_text(config: &MintConfig, text: &str) -> Result<Vec<f64>, SemanticError> {
+    let key = if config.api_key.trim().is_empty() {
+        std::env::var("GEMINI_API_KEY").unwrap_or_default()
+    } else {
+        config.api_key.clone()
+    };
+    if key.trim().is_empty() {
+        return Err(SemanticError::MissingApiKey);
+    }
+    let value: Value = crate::HTTP_CLIENT.clone()
+        .post(format!(
+            "https://generativelanguage.googleapis.com/v1beta/models/{EMBEDDING_MODEL}:embedContent?key={key}"
+        ))
+        .json(&json!({ "content": { "parts": [{ "text": text }] } }))
+        .send()
+        .await?
+        .error_for_status()?
+        .json()
+        .await?;
+    value["embedding"]["values"]
+        .as_array()
+        .map(|values| values.iter().filter_map(Value::as_f64).collect())
+        .filter(|values: &Vec<f64>| !values.is_empty())
+        .ok_or(SemanticError::MissingEmbedding)
+}
+
+fn semantic_store_path(root: &Path) -> Result<PathBuf, SemanticError> {
+    let hash = format!("{:x}", Sha256::digest(root.to_string_lossy().as_bytes()));
+    Ok(dirs::config_dir()
+        .unwrap_or_else(|| PathBuf::from("."))
+        .join("mint")
+        .join("semantic-code")
+        .join(format!("{}.json", &hash[..16])))
+}
+
+fn is_source_file(path: &Path) -> bool {
+    path.extension()
+        .and_then(|value| value.to_str())
+        .is_some_and(|extension| matches!(extension, "rs" | "js" | "jsx" | "ts" | "tsx" | "py"))
+}
+
+fn cosine_similarity(left: &[f64], right: &[f64]) -> f64 {
+    let mut dot = 0.0;
+    let mut norm_left = 0.0;
+    let mut norm_right = 0.0;
+    for (left, right) in left.iter().zip(right) {
+        dot += left * right;
+        norm_left += left * left;
+        norm_right += right * right;
+    }
+    if norm_left == 0.0 || norm_right == 0.0 {
+        0.0
+    } else {
+        dot / (norm_left.sqrt() * norm_right.sqrt())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn chunks_large_source_text() {
+        let chunks = chunk_text(&format!("{}\n{}", "a".repeat(1700), "b".repeat(300)));
+        assert_eq!(chunks.len(), 2);
+    }
+
+    #[test]
+    fn computes_cosine_similarity() {
+        assert_eq!(cosine_similarity(&[1.0, 0.0], &[1.0, 0.0]), 1.0);
+        assert_eq!(cosine_similarity(&[1.0, 0.0], &[0.0, 1.0]), 0.0);
+    }
+}