@shykaruu/jarvis-brain 0.4.0

package/src/sites/builder-tools.ts

@@ -0,0 +1,215 @@
+/**
+ * Site Builder — LLM Tools
+ *
+ * Tools available to the LLM when working in the context of a site builder project.
+ * These are scoped to the active project directory.
+ */
+
+import type { ToolDefinition } from '../actions/tools/registry.ts';
+import type { ProjectManager } from './project-manager.ts';
+import type { GitManager } from './git-manager.ts';
+import type { GitHubManager } from './github-manager.ts';
+
+/** Block patterns for long-running dev servers that conflict with the managed server */
+const BLOCKED_SERVER_PATTERNS = /\b(make\s+dev|bun\s+--hot|vite\s*$|next\s+dev|npm\s+run\s+dev|yarn\s+dev)\b/i;
+
+/** Env keys that must never leak to subprocesses */
+const SECRET_ENV_PATTERNS = [
+  /api[_-]?key/i, /secret/i, /token/i, /password/i, /credential/i,
+  /^JARVIS_API_KEY$/, /^JARVIS_AUTH_TOKEN$/, /^JARVIS_OPENAI_KEY$/,
+  /^JARVIS_OPENROUTER_KEY$/, /^ANTHROPIC_API_KEY$/, /^OPENAI_API_KEY$/,
+];
+
+/** Build a sanitized env with secrets stripped */
+function sanitizedEnv(): Record<string, string> {
+  const env: Record<string, string> = {};
+  for (const [key, value] of Object.entries(process.env)) {
+    if (value === undefined) continue;
+    if (SECRET_ENV_PATTERNS.some(p => p.test(key))) continue;
+    env[key] = value;
+  }
+  return env;
+}
+
+export function createSiteBuilderTools(
+  projectManager: ProjectManager,
+  gitManager: GitManager,
+  githubManager?: GitHubManager,
+): ToolDefinition[] {
+  return [
+    {
+      name: 'site_read_file',
+      description: 'Read a file from the current site builder project. Returns the file content as text.',
+      category: 'site-builder',
+      parameters: {
+        project_id: { type: 'string', description: 'The project ID', required: true },
+        path: { type: 'string', description: 'Relative path to the file (e.g., "src/App.tsx")', required: true },
+      },
+      execute: async (params) => {
+        try {
+          const content = await projectManager.readFile(params.project_id as string, params.path as string);
+          return content;
+        } catch (err) {
+          return `Error: ${err instanceof Error ? err.message : String(err)}`;
+        }
+      },
+    },
+    {
+      name: 'site_write_file',
+      description: 'Write content to a file in the current site builder project. Creates parent directories if needed.',
+      category: 'site-builder',
+      parameters: {
+        project_id: { type: 'string', description: 'The project ID', required: true },
+        path: { type: 'string', description: 'Relative path to the file (e.g., "src/App.tsx")', required: true },
+        content: { type: 'string', description: 'The full file content to write', required: true },
+      },
+      execute: async (params) => {
+        try {
+          await projectManager.writeFile(params.project_id as string, params.path as string, params.content as string);
+          return `File written: ${params.path}`;
+        } catch (err) {
+          return `Error: ${err instanceof Error ? err.message : String(err)}`;
+        }
+      },
+    },
+    {
+      name: 'site_delete_file',
+      description: 'Delete a file from the current site builder project.',
+      category: 'site-builder',
+      parameters: {
+        project_id: { type: 'string', description: 'The project ID', required: true },
+        path: { type: 'string', description: 'Relative path to the file to delete', required: true },
+      },
+      execute: async (params) => {
+        try {
+          await projectManager.deleteFile(params.project_id as string, params.path as string);
+          return `File deleted: ${params.path}`;
+        } catch (err) {
+          return `Error: ${err instanceof Error ? err.message : String(err)}`;
+        }
+      },
+    },
+    {
+      name: 'site_list_files',
+      description: 'List the file tree of the current site builder project. Returns the directory structure.',
+      category: 'site-builder',
+      parameters: {
+        project_id: { type: 'string', description: 'The project ID', required: true },
+      },
+      execute: async (params) => {
+        try {
+          const tree = projectManager.getFileTree(params.project_id as string);
+          return JSON.stringify(tree, null, 2);
+        } catch (err) {
+          return `Error: ${err instanceof Error ? err.message : String(err)}`;
+        }
+      },
+    },
+    {
+      name: 'site_run_command',
+      description: 'Run a shell command in the project directory. Use for installing packages, building, running one-off scripts, etc. Has a 30-second timeout. Do NOT use this to start dev servers — use the dashboard Start button or /api/sites/projects/:id/start instead.',
+      category: 'site-builder',
+      parameters: {
+        project_id: { type: 'string', description: 'The project ID', required: true },
+        command: { type: 'string', description: 'The command to run (e.g., "bun add react-router"). Do NOT run long-lived servers here.', required: true },
+      },
+      execute: async (params) => {
+        const projectPath = projectManager.getProjectPath(params.project_id as string);
+        if (!projectPath) return 'Error: Project not found';
+
+        const cmd = (params.command as string).trim();
+
+        // Block commands that start long-running dev servers (conflicts with managed server)
+        if (BLOCKED_SERVER_PATTERNS.test(cmd)) {
+          return 'Error: Do not start dev servers with site_run_command. The dev server is managed automatically — use the Start button in the Sites page or POST /api/sites/projects/:id/start instead.';
+        }
+
+        try {
+          const proc = Bun.spawn(['sh', '-c', cmd], {
+            cwd: projectPath,
+            stdout: 'pipe',
+            stderr: 'pipe',
+            env: sanitizedEnv(),
+          });
+
+          // 30-second timeout to prevent hanging
+          const result = await Promise.race([
+            (async () => {
+              const [stdout, stderr] = await Promise.all([
+                new Response(proc.stdout).text(),
+                new Response(proc.stderr).text(),
+              ]);
+              const exitCode = await proc.exited;
+
+              let output = '';
+              if (stdout.trim()) output += stdout.trim();
+              if (stderr.trim()) output += (output ? '\n' : '') + stderr.trim();
+              if (exitCode !== 0) output += `\n(exit code: ${exitCode})`;
+              return output || '(no output)';
+            })(),
+            new Promise<string>((resolve) => {
+              setTimeout(() => {
+                try { proc.kill(); } catch { /* ignore */ }
+                resolve('Error: Command timed out after 30 seconds. If you were trying to start a dev server, use the Sites page Start button instead.');
+              }, 30_000);
+            }),
+          ]);
+
+          return result;
+        } catch (err) {
+          return `Error: ${err instanceof Error ? err.message : String(err)}`;
+        }
+      },
+    },
+    {
+      name: 'site_git_commit',
+      description: 'Stage all changes and commit in the site builder project.',
+      category: 'site-builder',
+      parameters: {
+        project_id: { type: 'string', description: 'The project ID', required: true },
+        message: { type: 'string', description: 'Commit message', required: true },
+      },
+      execute: async (params) => {
+        const projectPath = projectManager.getProjectPath(params.project_id as string);
+        if (!projectPath) return 'Error: Project not found';
+
+        try {
+          const commit = await gitManager.autoCommit(projectPath, params.message as string);
+          if (!commit) return 'Nothing to commit — working tree clean';
+          return `Committed: ${commit.shortHash} ${commit.message}`;
+        } catch (err) {
+          return `Error: ${err instanceof Error ? err.message : String(err)}`;
+        }
+      },
+    },
+    ...(githubManager ? [{
+      name: 'site_github_push',
+      description: 'Push the current site builder project to GitHub. The project must already be connected to a GitHub repository (via the Git panel). Commits all pending changes before pushing.',
+      category: 'site-builder',
+      parameters: {
+        project_id: { type: 'string', description: 'The project ID', required: true },
+        commit_message: { type: 'string', description: 'Optional commit message for any uncommitted changes. If omitted, uncommitted changes are not committed before pushing.', required: false },
+      },
+      execute: async (params) => {
+        const projectPath = projectManager.getProjectPath(params.project_id as string);
+        if (!projectPath) return 'Error: Project not found';
+
+        try {
+          // Optionally commit pending changes first
+          if (params.commit_message) {
+            const commit = await gitManager.autoCommit(projectPath, params.commit_message as string);
+            if (commit) {
+              // continue to push
+            }
+          }
+
+          const result = await githubManager.push(projectPath);
+          if (!result.success) return `Error: ${result.error}`;
+          return 'Pushed to GitHub successfully';
+        } catch (err) {
+          return `Error: ${err instanceof Error ? err.message : String(err)}`;
+        }
+      },
+    } as ToolDefinition] : []),
+  ];
+}

package/src/sites/dev-server-manager.ts

@@ -0,0 +1,286 @@
+/**
+ * Site Builder — Dev Server Manager
+ *
+ * Manages spawned `make dev` processes for project previews.
+ * Tracks PIDs for cleanup, manages port allocation, health checks.
+ */
+
+import type { Subprocess } from 'bun';
+import type { SiteBuilderConfig } from './types.ts';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+
+type RunningServer = {
+  proc: Subprocess;
+  port: number;
+  projectId: string;
+  projectPath: string;
+  logs: string[];
+  startedAt: number;
+};
+
+const MAX_LOG_LINES = 500;
+const READY_POLL_INTERVAL = 500;
+const READY_TIMEOUT = 30_000;
+
+export class DevServerManager {
+  private servers = new Map<string, RunningServer>();
+  private allocatedPorts = new Set<number>();
+  private portStart: number;
+  private portEnd: number;
+  private maxConcurrent: number;
+  private pidFilePath: string;
+
+  constructor(config: SiteBuilderConfig) {
+    this.portStart = config.port_range_start;
+    this.portEnd = config.port_range_end;
+    this.maxConcurrent = config.max_concurrent_servers;
+    this.pidFilePath = join(config.projects_dir.replace(/^~/, homedir()), '.running-pids.json');
+  }
+
+  /**
+   * Start a dev server for a project.
+   */
+  async start(projectId: string, projectPath: string): Promise<{ port: number; pid: number }> {
+    // Already running?
+    if (this.servers.has(projectId)) {
+      const existing = this.servers.get(projectId)!;
+      return { port: existing.port, pid: existing.proc.pid };
+    }
+
+    // Check concurrency limit
+    if (this.servers.size >= this.maxConcurrent) {
+      throw new Error(`Max concurrent servers reached (${this.maxConcurrent}). Stop another project first.`);
+    }
+
+    const port = await this.allocatePort();
+
+    const proc = Bun.spawn(['make', 'dev'], {
+      cwd: projectPath,
+      stdout: 'pipe',
+      stderr: 'pipe',
+      env: {
+        ...process.env,
+        PORT: String(port),
+        // Enforce loopback bind — prevent dev servers from listening on 0.0.0.0
+        HOST: '127.0.0.1',
+        // Dev servers (Vite, Next.js) fail or behave unexpectedly under NODE_ENV=production
+        NODE_ENV: 'development',
+      },
+    });
+
+    const server: RunningServer = {
+      proc,
+      port,
+      projectId,
+      projectPath,
+      logs: [],
+      startedAt: Date.now(),
+    };
+
+    this.servers.set(projectId, server);
+
+    // Pipe stdout/stderr to log buffer
+    this.pipeToLogs(server, proc.stdout, 'stdout');
+    this.pipeToLogs(server, proc.stderr, 'stderr');
+
+    // Handle process exit
+    proc.exited.then(code => {
+      if (this.servers.get(projectId) === server) {
+        this.servers.delete(projectId);
+        this.releasePort(port);
+        console.log(`[SiteBuilder] Dev server for "${projectId}" exited with code ${code}`);
+      }
+    });
+
+    // Save PIDs for crash recovery
+    this.savePids();
+
+    console.log(`[SiteBuilder] Starting dev server for "${projectId}" on port ${port} (pid ${proc.pid})`);
+
+    return { port, pid: proc.pid };
+  }
+
+  /**
+   * Stop a running dev server.
+   */
+  async stop(projectId: string): Promise<void> {
+    const server = this.servers.get(projectId);
+    if (!server) return;
+
+    try {
+      server.proc.kill();
+      // Give it a moment to exit gracefully
+      await Promise.race([
+        server.proc.exited,
+        new Promise(resolve => setTimeout(resolve, 3000)),
+      ]);
+    } catch { /* process may already be dead */ }
+
+    this.servers.delete(projectId);
+    this.releasePort(server.port);
+    this.savePids();
+
+    console.log(`[SiteBuilder] Stopped dev server for "${projectId}"`);
+  }
+
+  /**
+   * Stop all running dev servers.
+   */
+  async stopAll(): Promise<void> {
+    const ids = Array.from(this.servers.keys());
+    await Promise.all(ids.map(id => this.stop(id)));
+  }
+
+  /**
+   * Check if a dev server is running.
+   */
+  isRunning(projectId: string): boolean {
+    return this.servers.has(projectId);
+  }
+
+  /**
+   * Get the port for a running project.
+   */
+  getPort(projectId: string): number | null {
+    return this.servers.get(projectId)?.port ?? null;
+  }
+
+  /**
+   * Get recent logs for a project's dev server.
+   */
+  getLogs(projectId: string, limit: number = 100): string[] {
+    const server = this.servers.get(projectId);
+    if (!server) return [];
+    return server.logs.slice(-limit);
+  }
+
+  /**
+   * Wait for the dev server to respond on its port.
+   */
+  async waitForReady(port: number, timeoutMs: number = READY_TIMEOUT): Promise<boolean> {
+    const start = Date.now();
+    while (Date.now() - start < timeoutMs) {
+      try {
+        const resp = await fetch(`http://127.0.0.1:${port}/`, {
+          signal: AbortSignal.timeout(2000),
+        });
+        if (resp.status < 500) return true;
+      } catch { /* server not ready yet */ }
+      await Bun.sleep(READY_POLL_INTERVAL);
+    }
+    return false;
+  }
+
+  /**
+   * Get info about all running servers.
+   */
+  getRunningServers(): Array<{ projectId: string; port: number; pid: number; startedAt: number }> {
+    return Array.from(this.servers.values()).map(s => ({
+      projectId: s.projectId,
+      port: s.port,
+      pid: s.proc.pid,
+      startedAt: s.startedAt,
+    }));
+  }
+
+  // ── Port Management ──
+
+  private async allocatePort(): Promise<number> {
+    for (let port = this.portStart; port <= this.portEnd; port++) {
+      if (!this.allocatedPorts.has(port)) {
+        // Verify the port is actually free on the system
+        const available = await this.isPortAvailable(port);
+        if (available) {
+          this.allocatedPorts.add(port);
+          return port;
+        }
+      }
+    }
+    throw new Error(`No available ports in range ${this.portStart}-${this.portEnd}`);
+  }
+
+  /** Probe whether a port is free by attempting a TCP connect */
+  private isPortAvailable(port: number): Promise<boolean> {
+    return new Promise((resolve) => {
+      const { createServer } = require('node:net');
+      const server = createServer();
+      server.once('error', () => resolve(false));
+      server.once('listening', () => { server.close(() => resolve(true)); });
+      server.listen(port, '127.0.0.1');
+    });
+  }
+
+  private releasePort(port: number): void {
+    this.allocatedPorts.delete(port);
+  }
+
+  // ── Log Piping ──
+
+  private async pipeToLogs(server: RunningServer, stream: ReadableStream<Uint8Array> | null, label: string): Promise<void> {
+    if (!stream) return;
+    const reader = stream.getReader();
+    const decoder = new TextDecoder();
+
+    try {
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done) break;
+
+        const text = decoder.decode(value, { stream: true });
+        const lines = text.split('\n').filter(l => l.trim());
+        for (const line of lines) {
+          server.logs.push(`[${label}] ${line}`);
+          if (server.logs.length > MAX_LOG_LINES) {
+            server.logs.shift();
+          }
+        }
+      }
+    } catch { /* stream closed */ }
+  }
+
+  // ── PID Persistence ──
+
+  private savePids(): void {
+    const pids: Record<string, { pid: number; port: number; projectPath: string }> = {};
+    for (const [id, server] of this.servers) {
+      pids[id] = { pid: server.proc.pid, port: server.port, projectPath: server.projectPath };
+    }
+    try {
+      Bun.write(this.pidFilePath, JSON.stringify(pids, null, 2));
+    } catch { /* best effort */ }
+  }
+
+  /**
+   * Kill any orphaned processes from a previous crash.
+   */
+  async cleanupOrphans(): Promise<void> {
+    try {
+      const file = Bun.file(this.pidFilePath);
+      if (!await file.exists()) return;
+
+      const { readFileSync, unlinkSync } = await import('node:fs');
+
+      const pids = JSON.parse(await file.text()) as Record<string, { pid: number; port: number }>;
+      for (const [id, { pid }] of Object.entries(pids)) {
+        try {
+          // Verify PID belongs to a Jarvis-spawned process before killing
+          const cmdline = readFileSync(`/proc/${pid}/cmdline`, 'utf-8');
+          const isMakeDev = cmdline.includes('make') && cmdline.includes('dev');
+          const isBunHot = cmdline.includes('bun') && cmdline.includes('--hot');
+          const isVite = cmdline.includes('vite');
+          const isNext = cmdline.includes('next');
+          if (isMakeDev || isBunHot || isVite || isNext) {
+            process.kill(pid, 'SIGTERM');
+            console.log(`[SiteBuilder] Killed orphaned process ${pid} for project "${id}"`);
+          } else {
+            console.log(`[SiteBuilder] Skipped PID ${pid} — not a recognized dev server process`);
+          }
+        } catch { /* process already gone or /proc not available */ }
+      }
+
+      // Clean up the PID file
+      try { unlinkSync(this.pidFilePath); } catch { /* ignore */ }
+    } catch { /* no PID file or parse error */ }
+  }
+}

package/src/sites/fixtures/security-test-site/.jarvis-project.json

@@ -0,0 +1,6 @@
+{
+  "name": "security-test",
+  "framework": "bun-react",
+  "createdAt": 1711800000000,
+  "lastOpenedAt": 1774881285792
+}

package/src/sites/fixtures/security-test-site/Makefile

@@ -0,0 +1,15 @@
+.PHONY: dev build clean install
+
+PORT ?= 3000
+
+install:
+	bun install
+
+dev:
+	BUN_PORT=$(PORT) bun --hot index.ts
+
+build:
+	bun build index.html --outdir=dist
+
+clean:
+	rm -rf dist node_modules

package/src/sites/fixtures/security-test-site/README.md

@@ -0,0 +1,18 @@
+# Security Test Site (Fixture)
+
+Browser-based attack suite for the site builder proxy. Tests iframe sandbox,
+same-origin isolation, WebSocket origin checks, and capability restrictions.
+
+## Usage
+
+Copy to the Jarvis projects directory, install, and open in the Sites page:
+
+```sh
+cp -r src/sites/fixtures/security-test-site ~/.jarvis/projects/security-test
+cd ~/.jarvis/projects/security-test
+bun install
+git init && git add -A && git commit -m "init"
+```
+
+Then open the Jarvis dashboard, go to Sites, and start the `security-test` project.
+All 28 tests should show **BLOCKED**.

package/src/sites/fixtures/security-test-site/index.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>Site Builder Security Tests</title>
+</head>
+<body>
+  <div id="root"></div>
+  <script type="module" src="./src/app.tsx"></script>
+</body>
+</html>

package/src/sites/fixtures/security-test-site/index.ts

@@ -0,0 +1,16 @@
+import index from "./index.html";
+
+const port = parseInt(process.env.BUN_PORT || "3000", 10);
+
+Bun.serve({
+  port,
+  routes: {
+    "/": index,
+  },
+  development: {
+    hmr: true,
+    console: true,
+  },
+});
+
+console.log(`Security test site running on http://localhost:${port}`);

package/src/sites/fixtures/security-test-site/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "security-test",
+  "private": true,
+  "version": "0.0.0",
+  "dependencies": {
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0"
+  },
+  "devDependencies": {
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0"
+  }
+}