@pi-unipi/compactor 0.1.1

package/src/security/evaluator.ts

@@ -0,0 +1,142 @@
+/**
+ * Security evaluator — command + file path evaluation
+ *
+ * Supports loading permission patterns from .pi/settings.json
+ */
+
+import { realpathSync, existsSync, readFileSync } from "node:fs";
+import { resolve, join } from "node:path";
+import { homedir } from "node:os";
+import type { PermissionDecision, SecurityPolicy } from "./policy.js";
+import { parseBashPattern, parseToolPattern, globToRegex, fileGlobToRegex } from "./policy.js";
+
+/**
+ * Load permission patterns from .pi/settings.json in the given directory.
+ * Returns a SecurityPolicy merged with the provided policy.
+ */
+export function loadProjectPermissions(
+  cwd: string,
+  basePolicy: SecurityPolicy,
+): SecurityPolicy {
+  const settingsPath = join(cwd, ".pi", "settings.json");
+  if (!existsSync(settingsPath)) return basePolicy;
+
+  try {
+    const raw = readFileSync(settingsPath, "utf-8");
+    const settings = JSON.parse(raw);
+    const permissions = settings.permissions ?? settings.security ?? {};
+
+    return {
+      deny: [...basePolicy.deny, ...(permissions.deny ?? [])],
+      ask: [...basePolicy.ask, ...(permissions.ask ?? [])],
+      allow: [...basePolicy.allow, ...(permissions.allow ?? [])],
+    };
+  } catch {
+    return basePolicy;
+  }
+}
+
+export function evaluateCommand(
+  command: string,
+  policy: SecurityPolicy,
+): PermissionDecision {
+  // Deny takes highest precedence
+  for (const pattern of policy.deny) {
+    const bashGlob = parseBashPattern(pattern);
+    if (bashGlob && globToRegex(bashGlob, true).test(command)) return "deny";
+    const toolPattern = parseToolPattern(pattern);
+    if (toolPattern && toolPattern.tool === "Bash" && globToRegex(toolPattern.glob, true).test(command)) {
+      return "deny";
+    }
+  }
+
+  // Ask patterns
+  for (const pattern of policy.ask) {
+    const bashGlob = parseBashPattern(pattern);
+    if (bashGlob && globToRegex(bashGlob, true).test(command)) return "ask";
+    const toolPattern = parseToolPattern(pattern);
+    if (toolPattern && toolPattern.tool === "Bash" && globToRegex(toolPattern.glob, true).test(command)) {
+      return "ask";
+    }
+  }
+
+  // Allow patterns
+  for (const pattern of policy.allow) {
+    const bashGlob = parseBashPattern(pattern);
+    if (bashGlob && globToRegex(bashGlob, true).test(command)) return "allow";
+    const toolPattern = parseToolPattern(pattern);
+    if (toolPattern && toolPattern.tool === "Bash" && globToRegex(toolPattern.glob, true).test(command)) {
+      return "allow";
+    }
+  }
+
+  return "allow";
+}
+
+export function splitChainedCommands(command: string): string[] {
+  const commands: string[] = [];
+  let current = "";
+  let inQuotes = false;
+  let quoteChar = "";
+
+  for (let i = 0; i < command.length; i++) {
+    const char = command[i];
+
+    if (!inQuotes && (char === '"' || char === "'" || char === "`")) {
+      inQuotes = true;
+      quoteChar = char;
+      current += char;
+    } else if (inQuotes && char === quoteChar) {
+      inQuotes = false;
+      quoteChar = "";
+      current += char;
+    } else if (!inQuotes && (char === "&" || char === "|" || char === ";")) {
+      if (current.trim()) commands.push(current.trim());
+      current = "";
+      // Skip the next char if it's part of && or ||
+      if ((char === "&" || char === "|") && command[i + 1] === char) i++;
+    } else {
+      current += char;
+    }
+  }
+
+  if (current.trim()) commands.push(current.trim());
+  return commands;
+}
+
+export function evaluateFilePath(
+  filePath: string,
+  policy: SecurityPolicy,
+  cwd: string = process.cwd(),
+): PermissionDecision {
+  const resolved = resolve(cwd, filePath);
+
+  // Prevent symlink escape
+  try {
+    const real = realpathSync(resolved);
+    const home = homedir();
+    if (!real.startsWith(cwd) && !real.startsWith(home)) {
+      return "deny";
+    }
+  } catch {
+    // File doesn't exist yet — check path pattern
+  }
+
+  for (const pattern of policy.deny) {
+    const toolPattern = parseToolPattern(pattern);
+    if (!toolPattern) continue;
+    if (["Read", "Edit", "Write", "read", "edit", "write"].includes(toolPattern.tool)) {
+      if (fileGlobToRegex(toolPattern.glob, true).test(resolved)) return "deny";
+    }
+  }
+
+  for (const pattern of policy.ask) {
+    const toolPattern = parseToolPattern(pattern);
+    if (!toolPattern) continue;
+    if (["Read", "Edit", "Write", "read", "edit", "write"].includes(toolPattern.tool)) {
+      if (fileGlobToRegex(toolPattern.glob, true).test(resolved)) return "ask";
+    }
+  }
+
+  return "allow";
+}

package/src/security/policy.ts

@@ -0,0 +1,74 @@
+/**
+ * Security policy — pattern parsing, glob-to-regex
+ */
+
+export type PermissionDecision = "allow" | "deny" | "ask";
+
+export interface SecurityPolicy {
+  allow: string[];
+  deny: string[];
+  ask: string[];
+}
+
+export function parseBashPattern(pattern: string): string | null {
+  const match = pattern.match(/^Bash\((.+)\)$/);
+  return match ? match[1] : null;
+}
+
+export function parseToolPattern(pattern: string): { tool: string; glob: string } | null {
+  const match = pattern.match(/^(\w+)\((.+)\)$/);
+  return match ? { tool: match[1], glob: match[2] } : null;
+}
+
+function escapeRegex(str: string): string {
+  return str.replace(/[.*+?^${}()|[\]\\/\-]/g, "\\$&");
+}
+
+function convertGlobPart(glob: string): string {
+  return glob
+    .replace(/[.+?^${}()|[\]\\/\-]/g, "\\$&")
+    .replace(/\*/g, ".*");
+}
+
+export function globToRegex(glob: string, caseInsensitive: boolean = false): RegExp {
+  let regexStr: string;
+  const colonIdx = glob.indexOf(":");
+  if (colonIdx !== -1) {
+    const command = glob.slice(0, colonIdx);
+    const argsGlob = glob.slice(colonIdx + 1);
+    const escapedCmd = escapeRegex(command);
+    const argsRegex = convertGlobPart(argsGlob);
+    regexStr = `^${escapedCmd}(\\s${argsRegex})?$`;
+  } else {
+    regexStr = `^${convertGlobPart(glob)}$`;
+  }
+  return new RegExp(regexStr, caseInsensitive ? "i" : "");
+}
+
+export function fileGlobToRegex(glob: string, caseInsensitive: boolean = false): RegExp {
+  let regexStr = "";
+  let i = 0;
+
+  while (i < glob.length) {
+    if (glob[i] === "*" && glob[i + 1] === "*") {
+      if (i + 2 < glob.length && glob[i + 2] === "/") {
+        regexStr += "(.*/)?";
+        i += 3;
+      } else {
+        regexStr += ".*";
+        i += 2;
+      }
+    } else if (glob[i] === "*") {
+      regexStr += "[^/]*";
+      i++;
+    } else if (glob[i] === "?") {
+      regexStr += "[^/]";
+      i++;
+    } else {
+      regexStr += escapeRegex(glob[i]);
+      i++;
+    }
+  }
+
+  return new RegExp(`^${regexStr}$`, caseInsensitive ? "i" : "");
+}

package/src/security/scanner.ts

@@ -0,0 +1,65 @@
+/**
+ * Shell-escape scanning — detect subprocess calls in code
+ */
+
+const SHELL_ESCAPE_PATTERNS: Record<string, RegExp[]> = {
+  python: [
+    /\bos\.system\s*\(/i,
+    /\bsubprocess\.(?:call|run|Popen)\s*\(/i,
+    /\bexec\s*\(/i,
+    /\beval\s*\(/i,
+  ],
+  javascript: [
+    /\bchild_process\b/i,
+    /\bexec\s*\(/i,
+    /\bexecSync\s*\(/i,
+    /\bspawn\s*\(/i,
+    /\beval\s*\(/i,
+  ],
+  typescript: [
+    /\bchild_process\b/i,
+    /\bexec\s*\(/i,
+    /\bexecSync\s*\(/i,
+    /\bspawn\s*\(/i,
+    /\beval\s*\(/i,
+  ],
+  ruby: [
+    /\bbacktick\b/i,
+    /\bsystem\s*\(/i,
+    /\bexec\s*\(/i,
+    /\bspawn\s*\(/i,
+    /\b`[^`]*`/,
+  ],
+  go: [
+    /\bos\.Exec\s*\(/i,
+    /\bexec\.Command\s*\(/i,
+  ],
+  php: [
+    /\bexec\s*\(/i,
+    /\bsystem\s*\(/i,
+    /\bshell_exec\s*\(/i,
+    /\bpassthru\s*\(/i,
+    /\bproc_open\s*\(/i,
+  ],
+  rust: [
+    /\bCommand::new\s*\(/i,
+    /\bstd::process::Command\b/i,
+  ],
+};
+
+export function scanForShellEscapes(code: string, language: string): string[] {
+  const patterns = SHELL_ESCAPE_PATTERNS[language] ?? [];
+  const findings: string[] = [];
+
+  for (const pattern of patterns) {
+    if (pattern.test(code)) {
+      findings.push(`Potential shell escape: ${pattern.source}`);
+    }
+  }
+
+  return findings;
+}
+
+export function hasShellEscapes(code: string, language: string): boolean {
+  return scanForShellEscapes(code, language).length > 0;
+}

package/src/session/db.ts

@@ -0,0 +1,237 @@
+/**
+ * SessionDB — Persistent per-project SQLite database for session events
+ */
+
+import { createHash } from "node:crypto";
+import { execFileSync } from "node:child_process";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import type { SessionEvent, StoredEvent, SessionMeta, ResumeRow } from "../types.js";
+
+export function getWorktreeSuffix(): string {
+  const envSuffix = process.env.COMPACTOR_SESSION_SUFFIX;
+  if (envSuffix !== undefined) {
+    return envSuffix ? `__${envSuffix}` : "";
+  }
+  try {
+    const cwd = process.cwd();
+    const mainWorktree = execFileSync(
+      "git",
+      ["worktree", "list", "--porcelain"],
+      { encoding: "utf-8", timeout: 2000, stdio: ["ignore", "pipe", "ignore"] },
+    )
+      .split(/\r?\n/)
+      .find((l) => l.startsWith("worktree "))
+      ?.replace("worktree ", "")
+      ?.trim();
+
+    if (mainWorktree && cwd !== mainWorktree) {
+      const suffix = createHash("sha256").update(cwd).digest("hex").slice(0, 8);
+      return `__${suffix}`;
+    }
+  } catch {
+    // git not available
+  }
+  return "";
+}
+
+function defaultDBPath(name: string): string {
+  return join(homedir(), ".unipi", "db", "compactor", `${name}.db`);
+}
+
+// Simple SQLite abstraction using dynamic imports
+let sqliteLib: any = null;
+
+async function getSQLite() {
+  if (sqliteLib) return sqliteLib;
+  try {
+    sqliteLib = await import("bun:sqlite" as any);
+    return sqliteLib;
+  } catch {
+    try {
+      sqliteLib = await import("node:sqlite" as any);
+      return sqliteLib;
+    } catch {
+      sqliteLib = await import("better-sqlite3");
+      return sqliteLib;
+    }
+  }
+}
+
+interface PreparedStatement {
+  get(...args: any[]): any;
+  all(...args: any[]): any[];
+  run(...args: any[]): { changes: number };
+}
+
+const MAX_EVENTS_PER_SESSION = 1000;
+const DEDUP_WINDOW = 5;
+
+export class SessionDB {
+  private db: any;
+  private stmts: Map<string, PreparedStatement> = new Map();
+  private dbPath: string;
+
+  constructor(opts?: { dbPath?: string }) {
+    this.dbPath = opts?.dbPath ?? defaultDBPath("session");
+  }
+
+  async init(): Promise<void> {
+    const sqlite: any = await getSQLite();
+    // Handle different SQLite API shapes
+    const Database = sqlite.Database ?? sqlite.default?.Database ?? sqlite;
+    this.db = new Database(this.dbPath);
+    this.db.exec("PRAGMA journal_mode = WAL;");
+    this.initSchema();
+    this.prepareStatements();
+  }
+
+  private initSchema(): void {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS session_events (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        session_id TEXT NOT NULL,
+        type TEXT NOT NULL,
+        category TEXT NOT NULL,
+        priority INTEGER NOT NULL DEFAULT 2,
+        data TEXT NOT NULL,
+        project_dir TEXT NOT NULL DEFAULT '',
+        attribution_source TEXT NOT NULL DEFAULT 'unknown',
+        attribution_confidence REAL NOT NULL DEFAULT 0,
+        source_hook TEXT NOT NULL,
+        created_at TEXT NOT NULL DEFAULT (datetime('now')),
+        data_hash TEXT NOT NULL DEFAULT ''
+      );
+      CREATE INDEX IF NOT EXISTS idx_session_events_session ON session_events(session_id);
+      CREATE INDEX IF NOT EXISTS idx_session_events_type ON session_events(session_id, type);
+      CREATE INDEX IF NOT EXISTS idx_session_events_priority ON session_events(session_id, priority);
+
+      CREATE TABLE IF NOT EXISTS session_meta (
+        session_id TEXT PRIMARY KEY,
+        project_dir TEXT NOT NULL,
+        started_at TEXT NOT NULL DEFAULT (datetime('now')),
+        last_event_at TEXT,
+        event_count INTEGER NOT NULL DEFAULT 0,
+        compact_count INTEGER NOT NULL DEFAULT 0
+      );
+
+      CREATE TABLE IF NOT EXISTS session_resume (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        session_id TEXT NOT NULL UNIQUE,
+        snapshot TEXT NOT NULL,
+        event_count INTEGER NOT NULL,
+        created_at TEXT NOT NULL DEFAULT (datetime('now')),
+        consumed INTEGER NOT NULL DEFAULT 0
+      );
+    `);
+  }
+
+  private prepareStatements(): void {
+    const p = (key: string, sql: string) => {
+      this.stmts.set(key, this.db.prepare(sql) as PreparedStatement);
+    };
+
+    p("insertEvent", `INSERT INTO session_events (session_id, type, category, priority, data, project_dir, attribution_source, attribution_confidence, source_hook, data_hash) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`);
+    p("getEvents", `SELECT id, session_id, type, category, priority, data, project_dir, attribution_source, attribution_confidence, source_hook, created_at, data_hash FROM session_events WHERE session_id = ? ORDER BY id ASC LIMIT ?`);
+    p("getEventCount", `SELECT COUNT(*) AS cnt FROM session_events WHERE session_id = ?`);
+    p("checkDuplicate", `SELECT 1 FROM (SELECT type, data_hash FROM session_events WHERE session_id = ? ORDER BY id DESC LIMIT ?) AS recent WHERE recent.type = ? AND recent.data_hash = ? LIMIT 1`);
+    p("evictLowestPriority", `DELETE FROM session_events WHERE id = (SELECT id FROM session_events WHERE session_id = ? ORDER BY priority ASC, id ASC LIMIT 1)`);
+    p("updateMetaLastEvent", `UPDATE session_meta SET last_event_at = datetime('now'), event_count = event_count + 1 WHERE session_id = ?`);
+    p("ensureSession", `INSERT OR IGNORE INTO session_meta (session_id, project_dir) VALUES (?, ?)`);
+    p("getSessionStats", `SELECT session_id, project_dir, started_at, last_event_at, event_count, compact_count FROM session_meta WHERE session_id = ?`);
+    p("incrementCompactCount", `UPDATE session_meta SET compact_count = compact_count + 1 WHERE session_id = ?`);
+    p("upsertResume", `INSERT INTO session_resume (session_id, snapshot, event_count) VALUES (?, ?, ?) ON CONFLICT(session_id) DO UPDATE SET snapshot = excluded.snapshot, event_count = excluded.event_count, created_at = datetime('now'), consumed = 0`);
+    p("getResume", `SELECT snapshot, event_count, consumed FROM session_resume WHERE session_id = ?`);
+    p("markResumeConsumed", `UPDATE session_resume SET consumed = 1 WHERE session_id = ?`);
+    p("deleteEvents", `DELETE FROM session_events WHERE session_id = ?`);
+    p("deleteMeta", `DELETE FROM session_meta WHERE session_id = ?`);
+    p("deleteResume", `DELETE FROM session_resume WHERE session_id = ?`);
+    p("getOldSessions", `SELECT session_id FROM session_meta WHERE started_at < datetime('now', ? || ' days')`);
+  }
+
+  private stmt(key: string): PreparedStatement {
+    return this.stmts.get(key)!;
+  }
+
+  insertEvent(sessionId: string, event: SessionEvent, sourceHook: string = "PostToolUse"): void {
+    const dataHash = createHash("sha256").update(event.data).digest("hex").slice(0, 16).toUpperCase();
+    const projectDir = String(event.project_dir ?? "").trim();
+    const attributionSource = String(event.attribution_source ?? "unknown");
+    const rawConfidence = Number(event.attribution_confidence ?? 0);
+    const attributionConfidence = Number.isFinite(rawConfidence) ? Math.max(0, Math.min(1, rawConfidence)) : 0;
+
+    const transaction = this.db.transaction(() => {
+      const dup = this.stmt("checkDuplicate").get(sessionId, DEDUP_WINDOW, event.type, dataHash);
+      if (dup) return;
+
+      const countRow = this.stmt("getEventCount").get(sessionId) as { cnt: number };
+      if (countRow.cnt >= MAX_EVENTS_PER_SESSION) {
+        this.stmt("evictLowestPriority").run(sessionId);
+      }
+
+      this.stmt("insertEvent").run(
+        sessionId, event.type, event.category, event.priority, event.data,
+        projectDir, attributionSource, attributionConfidence, sourceHook, dataHash,
+      );
+      this.stmt("updateMetaLastEvent").run(sessionId);
+    });
+
+    transaction();
+  }
+
+  getEvents(sessionId: string, opts?: { type?: string; minPriority?: number; limit?: number }): StoredEvent[] {
+    const limit = opts?.limit ?? 1000;
+    return this.stmt("getEvents").all(sessionId, limit) as StoredEvent[];
+  }
+
+  getEventCount(sessionId: string): number {
+    const row = this.stmt("getEventCount").get(sessionId) as { cnt: number };
+    return row.cnt;
+  }
+
+  ensureSession(sessionId: string, projectDir: string): void {
+    this.stmt("ensureSession").run(sessionId, projectDir);
+  }
+
+  getSessionStats(sessionId: string): SessionMeta | null {
+    const row = this.stmt("getSessionStats").get(sessionId) as SessionMeta | undefined;
+    return row ?? null;
+  }
+
+  incrementCompactCount(sessionId: string): void {
+    this.stmt("incrementCompactCount").run(sessionId);
+  }
+
+  upsertResume(sessionId: string, snapshot: string, eventCount?: number): void {
+    this.stmt("upsertResume").run(sessionId, snapshot, eventCount ?? 0);
+  }
+
+  getResume(sessionId: string): ResumeRow | null {
+    const row = this.stmt("getResume").get(sessionId) as ResumeRow | undefined;
+    return row ?? null;
+  }
+
+  markResumeConsumed(sessionId: string): void {
+    this.stmt("markResumeConsumed").run(sessionId);
+  }
+
+  deleteSession(sessionId: string): void {
+    this.db.transaction(() => {
+      this.stmt("deleteEvents").run(sessionId);
+      this.stmt("deleteResume").run(sessionId);
+      this.stmt("deleteMeta").run(sessionId);
+    })();
+  }
+
+  cleanupOldSessions(maxAgeDays: number = 7): number {
+    const oldSessions = this.stmt("getOldSessions").all(`-${maxAgeDays}`) as Array<{ session_id: string }>;
+    for (const { session_id } of oldSessions) {
+      this.deleteSession(session_id);
+    }
+    return oldSessions.length;
+  }
+
+  close(): void {
+    try { this.db.close(); } catch { /* ignore */ }
+  }
+}

package/src/session/extract.ts

@@ -0,0 +1,107 @@
+/**
+ * Event extraction from tool results and messages
+ */
+
+import type { SessionEvent } from "../types.js";
+
+const EventPriority = {
+  LOW: 1,
+  NORMAL: 2,
+  HIGH: 3,
+  CRITICAL: 4,
+} as const;
+
+export interface ToolResult {
+  toolName: string;
+  toolInput: Record<string, unknown>;
+  toolResponse?: string;
+  isError?: boolean;
+}
+
+export function extractEventsFromToolResult(result: ToolResult): SessionEvent[] {
+  const events: SessionEvent[] = [];
+
+  if (result.isError) {
+    events.push({
+      type: "tool_error",
+      category: "error",
+      data: `[${result.toolName}] ${String(result.toolResponse ?? "").slice(0, 500)}`,
+      priority: EventPriority.HIGH,
+      data_hash: "",
+    });
+  }
+
+  // File operations
+  if (["read", "Read", "edit", "Edit", "write", "Write"].includes(result.toolName)) {
+    const path = String(result.toolInput.file_path ?? result.toolInput.path ?? "");
+    if (path) {
+      const type = result.toolName.toLowerCase() === "write" ? "file_write"
+        : result.toolName.toLowerCase() === "edit" ? "file_edit"
+        : "file_read";
+      events.push({
+        type,
+        category: "file",
+        data: path,
+        priority: EventPriority.NORMAL,
+        data_hash: "",
+      });
+    }
+  }
+
+  // Bash commands
+  if (["bash", "Bash"].includes(result.toolName)) {
+    const cmd = String(result.toolInput.command ?? result.toolInput.description ?? "").slice(0, 200);
+    if (cmd) {
+      events.push({
+        type: "bash_executed",
+        category: "env",
+        data: cmd,
+        priority: EventPriority.LOW,
+        data_hash: "",
+      });
+    }
+  }
+
+  // Git operations
+  if (result.toolName.toLowerCase().includes("git")) {
+    events.push({
+      type: "git_operation",
+      category: "git",
+      data: `${result.toolName}: ${String(result.toolInput.command ?? "").slice(0, 200)}`,
+      priority: EventPriority.NORMAL,
+      data_hash: "",
+    });
+  }
+
+  return events;
+}
+
+export function extractEventsFromUserMessage(content: string): SessionEvent[] {
+  const events: SessionEvent[] = [];
+
+  // Detect explicit preferences
+  const prefRe = /\b(prefer|preference|want|would like|should|must|need to|important|critical|avoid|don't|do not|never|always)\b/i;
+  if (prefRe.test(content)) {
+    events.push({
+      type: "user_preference",
+      category: "decision",
+      data: content.slice(0, 500),
+      priority: EventPriority.NORMAL,
+      data_hash: "",
+    });
+  }
+
+  // Detect task mentions
+  const taskRe = /\b(task|todo|fixme|hack|bug|feature|story|epic)\b/i;
+  if (taskRe.test(content)) {
+    events.push({
+      type: "task_mentioned",
+      category: "task",
+      data: content.slice(0, 500),
+      priority: EventPriority.NORMAL,
+      data_hash: "",
+    });
+  }
+
+  return events;
+}

package/src/session/resume-inject.ts

@@ -0,0 +1,25 @@
+/**
+ * Resume injection — inject snapshot into session context post-compaction
+ */
+
+import type { SessionDB } from "./db.js";
+import { buildResumeSnapshot } from "./snapshot.js";
+
+export async function injectResumeSnapshot(
+  db: SessionDB,
+  sessionId: string,
+  opts?: { searchTool?: string },
+): Promise<string | null> {
+  const resume = db.getResume(sessionId);
+  if (!resume || resume.consumed) return null;
+
+  const events = db.getEvents(sessionId, { limit: 1000 });
+  const stats = db.getSessionStats(sessionId);
+  const snapshot = buildResumeSnapshot(events, {
+    compactCount: stats?.compact_count ?? 1,
+    searchTool: opts?.searchTool ?? "ctx_search",
+  });
+
+  db.markResumeConsumed(sessionId);
+  return snapshot;
+}