@thegitai/cli 1.0.0-beta.1

package/dist/src/scanner.js

@@ -0,0 +1,362 @@
+import { execSync } from 'child_process';
+import { readFileSync, statSync } from 'fs';
+import { glob } from 'glob';
+import path from 'path';
+import { getNodePrimarySignature, getStructuralChildren, parseRepoSource, } from './tree-sitter-runtime.js';
+import { ARTIFACT_FALLBACK_IGNORE_GLOBS, ARTIFACT_IGNORE_DIRS, ARTIFACT_IGNORE_FILES, ARTIFACT_INSPECT_BLOCK_DIRS, BINARY_ARTIFACT_EXTENSIONS, isSensitiveProjectPath, shouldIgnoreArtifactPath, } from './artifact-policy.js';
+const BINARY_EXTENSIONS = BINARY_ARTIFACT_EXTENSIONS;
+const ALWAYS_IGNORE_FILES = ARTIFACT_IGNORE_FILES;
+export const ALWAYS_IGNORE_DIRS = ARTIFACT_IGNORE_DIRS;
+export const BLOCKED_PATH_INSPECT_DIRS = ARTIFACT_INSPECT_BLOCK_DIRS;
+const FALLBACK_IGNORE = ARTIFACT_FALLBACK_IGNORE_GLOBS;
+export const SCANNER_MAX_SOURCE_FILE_BYTES = 100 * 1024;
+const MAX_FILE_SIZE = SCANNER_MAX_SOURCE_FILE_BYTES;
+const MAX_CHUNKS = 2000;
+const TARGET_CHUNK_CHARS = 1800;
+const MAX_CHUNK_CHARS = 2800;
+const FALLBACK_OVERLAP_LINES = 10;
+const MAX_STRUCTURE_DEPTH = 2;
+function getFiles(rootDir, { limit = Infinity } = {}) {
+    try {
+        const output = execSync('git ls-files --cached --others --exclude-standard', { cwd: rootDir, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+        const files = output
+            .split('\n')
+            .filter(Boolean)
+            .filter((filePath) => !shouldIgnorePath(filePath));
+        return Number.isFinite(limit) ? files.slice(0, limit) : files;
+    }
+    catch {
+        return glob
+            .sync('**/*', {
+            cwd: rootDir,
+            nodir: true,
+            dot: false,
+            ignore: FALLBACK_IGNORE,
+        })
+            .slice(0, Number.isFinite(limit) ? limit : undefined);
+    }
+}
+function shouldSkipFile(relPath, stat) {
+    if (shouldIgnorePath(relPath))
+        return true;
+    const fileName = path.basename(relPath);
+    if (ALWAYS_IGNORE_FILES.has(fileName))
+        return true;
+    const ext = path.extname(relPath).toLowerCase();
+    if (BINARY_EXTENSIONS.has(ext))
+        return true;
+    if (relPath.endsWith('.min.js') ||
+        relPath.endsWith('.min.css') ||
+        relPath.endsWith('.chunk.js') ||
+        relPath.endsWith('.bundle.js')) {
+        return true;
+    }
+    return stat.size > MAX_FILE_SIZE;
+}
+function getRangeCharCount(lines, startLine, endLine) {
+    let total = 0;
+    for (let lineNum = startLine; lineNum <= endLine; lineNum++) {
+        total += (lines[lineNum - 1] ?? '').length + 1;
+    }
+    return total;
+}
+function normalizeLineRange(lines, startLine, endLine) {
+    let start = Math.max(1, startLine);
+    let end = Math.min(endLine, lines.length);
+    while (start <= end && !(lines[start - 1] ?? '').trim())
+        start++;
+    while (end >= start && !(lines[end - 1] ?? '').trim())
+        end--;
+    return start <= end ? { startLine: start, endLine: end } : null;
+}
+function createChunkFromRange(relPath, lines, startLine, endLine, label, kind = 'context') {
+    const range = normalizeLineRange(lines, startLine, endLine);
+    if (!range)
+        return null;
+    return {
+        filePath: relPath,
+        content: lines.slice(range.startLine - 1, range.endLine).join('\n'),
+        startLine: range.startLine,
+        endLine: range.endLine,
+        label,
+        kind,
+    };
+}
+function createSegmentUnit(lines, startLine, endLine, label, kind, node) {
+    const range = normalizeLineRange(lines, startLine, endLine);
+    if (!range)
+        return null;
+    return {
+        startLine: range.startLine,
+        endLine: range.endLine,
+        charCount: getRangeCharCount(lines, range.startLine, range.endLine),
+        label,
+        kind,
+        node,
+    };
+}
+function deriveChunkLabel(units) {
+    const labels = [...new Set(units.map((unit) => unit.label).filter(Boolean))];
+    return labels.length === 1 ? labels[0] : undefined;
+}
+function shouldMergeUnits(lines, currentUnits, nextUnit) {
+    if (!currentUnits.length)
+        return true;
+    const currentStart = currentUnits[0].startLine;
+    const currentEnd = currentUnits[currentUnits.length - 1].endLine;
+    if (nextUnit.startLine - currentEnd > 3) {
+        return false;
+    }
+    const mergedChars = getRangeCharCount(lines, currentStart, nextUnit.endLine);
+    if (mergedChars > MAX_CHUNK_CHARS) {
+        return false;
+    }
+    const hasContext = currentUnits.some((unit) => unit.kind === 'context') ||
+        nextUnit.kind === 'context';
+    if (!hasContext) {
+        return false;
+    }
+    if (mergedChars > TARGET_CHUNK_CHARS) {
+        return false;
+    }
+    return (!currentUnits.some((unit) => unit.kind === 'symbol') ||
+        nextUnit.kind === 'context');
+}
+function buildSlidingWindowChunks(relPath, lines, startLine, endLine, label, kind = 'context') {
+    const chunks = [];
+    const range = normalizeLineRange(lines, startLine, endLine);
+    if (!range)
+        return chunks;
+    let cursor = range.startLine;
+    while (cursor <= range.endLine) {
+        let chunkEnd = cursor - 1;
+        let charCount = 0;
+        while (chunkEnd < range.endLine) {
+            const nextLineNum = chunkEnd + 1;
+            const nextChars = (lines[nextLineNum - 1] ?? '').length + 1;
+            if (charCount >= TARGET_CHUNK_CHARS &&
+                charCount + nextChars > MAX_CHUNK_CHARS) {
+                break;
+            }
+            chunkEnd = nextLineNum;
+            charCount += nextChars;
+            if (charCount >= TARGET_CHUNK_CHARS) {
+                const lineText = (lines[chunkEnd - 1] ?? '').trim();
+                if (!lineText ||
+                    /^[}\])]+[;,]?$/.test(lineText) ||
+                    /^(export |function |class |interface |type |const |let |var |async function |def |async def |pub |impl |trait |enum |struct )/.test(lineText)) {
+                    break;
+                }
+            }
+        }
+        if (chunkEnd < cursor) {
+            chunkEnd = cursor;
+        }
+        const chunk = createChunkFromRange(relPath, lines, cursor, chunkEnd, label, kind);
+        if (chunk) {
+            chunks.push(chunk);
+        }
+        if (chunkEnd >= range.endLine) {
+            break;
+        }
+        cursor = Math.max(cursor + 1, chunkEnd - FALLBACK_OVERLAP_LINES + 1);
+    }
+    return chunks;
+}
+function buildUnitsFromNode(node, lines, languageId) {
+    const children = getStructuralChildren(node);
+    const nodeStartLine = (node?.startPosition?.row ?? 0) + 1;
+    const nodeEndLine = (node?.endPosition?.row ?? 0) + 1;
+    const signature = getNodePrimarySignature(node, languageId) ?? undefined;
+    if (!children.length) {
+        const onlyUnit = createSegmentUnit(lines, nodeStartLine, nodeEndLine, signature, signature ? 'symbol' : 'context', node);
+        return onlyUnit ? [onlyUnit] : [];
+    }
+    const units = [];
+    const firstChildStartLine = (children[0]?.startPosition?.row ?? 0) + 1;
+    const headerUnit = createSegmentUnit(lines, nodeStartLine, firstChildStartLine - 1, signature, 'context', null);
+    if (headerUnit) {
+        units.push(headerUnit);
+    }
+    for (const child of children) {
+        const label = getNodePrimarySignature(child, languageId) ?? undefined;
+        const childUnit = createSegmentUnit(lines, (child?.startPosition?.row ?? 0) + 1, (child?.endPosition?.row ?? 0) + 1, label, label ? 'symbol' : 'context', child);
+        if (childUnit) {
+            units.push(childUnit);
+        }
+    }
+    const lastChildEndLine = (children[children.length - 1]?.endPosition?.row ?? nodeEndLine - 1) + 1;
+    const footerUnit = createSegmentUnit(lines, lastChildEndLine + 1, nodeEndLine, undefined, 'context', null);
+    if (footerUnit) {
+        units.push(footerUnit);
+    }
+    return units;
+}
+function buildChunksFromUnits(relPath, lines, units, languageId, depth) {
+    const chunks = [];
+    let currentUnits = [];
+    function flush() {
+        if (!currentUnits.length)
+            return;
+        const label = deriveChunkLabel(currentUnits);
+        const kind = currentUnits.every((unit) => unit.kind === 'symbol') && label
+            ? 'symbol'
+            : 'context';
+        const chunk = createChunkFromRange(relPath, lines, currentUnits[0].startLine, currentUnits[currentUnits.length - 1].endLine, label, kind);
+        if (chunk) {
+            chunks.push(chunk);
+        }
+        currentUnits = [];
+    }
+    for (const unit of units) {
+        if (unit.charCount > MAX_CHUNK_CHARS) {
+            flush();
+            const nestedUnits = unit.node && depth < MAX_STRUCTURE_DEPTH
+                ? buildUnitsFromNode(unit.node, lines, languageId)
+                : [];
+            const madeProgress = nestedUnits.some((nested) => nested.startLine > unit.startLine || nested.endLine < unit.endLine);
+            if (nestedUnits.length >= 2 && madeProgress) {
+                chunks.push(...buildChunksFromUnits(relPath, lines, nestedUnits, languageId, depth + 1));
+                continue;
+            }
+            chunks.push(...buildSlidingWindowChunks(relPath, lines, unit.startLine, unit.endLine, unit.label, unit.kind));
+            continue;
+        }
+        if (shouldMergeUnits(lines, currentUnits, unit)) {
+            currentUnits.push(unit);
+            continue;
+        }
+        flush();
+        currentUnits.push(unit);
+    }
+    flush();
+    return chunks;
+}
+async function chunkFileContent(relPath, content) {
+    const lines = content.split('\n');
+    const parsed = await parseRepoSource(relPath, content);
+    if (parsed) {
+        const units = buildUnitsFromNode(parsed.tree.rootNode, lines, parsed.languageId);
+        const chunks = buildChunksFromUnits(relPath, lines, units, parsed.languageId, 0);
+        if (chunks.length > 0) {
+            return chunks;
+        }
+    }
+    return buildSlidingWindowChunks(relPath, lines, 1, lines.length);
+}
+export function shouldIgnorePath(relPath) {
+    return shouldIgnoreArtifactPath(relPath) || isSensitiveProjectPath(relPath);
+}
+export function listProjectFiles(rootDir, opts = {}) {
+    return getFiles(rootDir, opts);
+}
+export async function scanFiles(rootDir, relPaths) {
+    const chunks = [];
+    for (const relPath of relPaths) {
+        const absPath = path.join(rootDir, relPath);
+        let stat;
+        try {
+            stat = statSync(absPath);
+        }
+        catch {
+            continue;
+        }
+        if (!stat.isFile() || shouldSkipFile(relPath, stat))
+            continue;
+        let content;
+        try {
+            content = readFileSync(absPath, 'utf-8');
+        }
+        catch {
+            continue;
+        }
+        if (isBinary(content))
+            continue;
+        chunks.push(...(await chunkFileContent(relPath, content)));
+    }
+    return chunks;
+}
+export async function scanProject(rootDir) {
+    const files = getFiles(rootDir);
+    const chunks = await scanFiles(rootDir, files);
+    if (chunks.length > MAX_CHUNKS) {
+        return chunks.slice(0, MAX_CHUNKS);
+    }
+    return chunks;
+}
+export function estimateChunkUpperBoundForPath(rootDir, relPath) {
+    return getPathIndexMetadata(rootDir, relPath).estimatedChunks;
+}
+function getPathIndexMetadata(rootDir, relPath) {
+    const depth = relPath.split(/[/\\]+/).filter(Boolean).length;
+    try {
+        const absPath = path.join(rootDir, relPath);
+        const stat = statSync(absPath);
+        if (!stat.isFile() || shouldSkipFile(relPath, stat)) {
+            return { depth, estimatedChunks: 0, size: stat.size };
+        }
+        const capped = Math.min(stat.size, MAX_FILE_SIZE);
+        return {
+            depth,
+            estimatedChunks: Math.max(1, Math.ceil(capped / TARGET_CHUNK_CHARS)),
+            size: stat.size,
+        };
+    }
+    catch {
+        return { depth, estimatedChunks: 0, size: Number.MAX_SAFE_INTEGER };
+    }
+}
+export function buildPathIndexMetadata(rootDir, relPaths) {
+    const metadata = new Map();
+    for (const relPath of relPaths) {
+        metadata.set(relPath, getPathIndexMetadata(rootDir, relPath));
+    }
+    return metadata;
+}
+export function estimateChunkCountUpperBoundForFiles(rootDir, relPaths) {
+    let n = 0;
+    const metadata = buildPathIndexMetadata(rootDir, relPaths);
+    for (const relPath of relPaths) {
+        n += metadata.get(relPath)?.estimatedChunks ?? 0;
+    }
+    return n;
+}
+export function sortPathsForIndexedCoverage(rootDir, relPaths, metadata = buildPathIndexMetadata(rootDir, relPaths)) {
+    return [...relPaths].sort((a, b) => {
+        const ma = metadata.get(a) ?? getPathIndexMetadata(rootDir, a);
+        const mb = metadata.get(b) ?? getPathIndexMetadata(rootDir, b);
+        if (ma.depth !== mb.depth)
+            return ma.depth - mb.depth;
+        if (ma.size !== mb.size)
+            return ma.size - mb.size;
+        return a.localeCompare(b);
+    });
+}
+export function takePathsForChunkBudget(rootDir, orderedPaths, maxChunks, metadata = buildPathIndexMetadata(rootDir, orderedPaths)) {
+    if (maxChunks <= 0) {
+        return { selected: [], rest: [...orderedPaths] };
+    }
+    if (!Number.isFinite(maxChunks)) {
+        return { selected: [...orderedPaths], rest: [] };
+    }
+    const selected = [];
+    let used = 0;
+    for (const p of orderedPaths) {
+        const add = metadata.get(p)?.estimatedChunks ??
+            getPathIndexMetadata(rootDir, p).estimatedChunks;
+        if (add <= 0)
+            continue;
+        if (used + add > maxChunks && selected.length > 0)
+            break;
+        selected.push(p);
+        used += add;
+        if (used >= maxChunks)
+            break;
+    }
+    const sel = new Set(selected);
+    return { selected, rest: orderedPaths.filter((p) => !sel.has(p)) };
+}
+function isBinary(content) {
+    const sample = content.slice(0, 8192);
+    return sample.includes('\0');
+}

package/dist/src/secret-preview.js

@@ -0,0 +1,137 @@
+import path from 'node:path';
+import { isSensitiveProjectPath } from './artifact-policy.js';
+export const SECRET_FILE_REDACTION = '[REDACTED: secrets file]';
+const VALUE_REDACTION = '[REDACTED]';
+const PRIVATE_KEY_REDACTION = '[REDACTED: private key]';
+const SENSITIVE_JSON_KEY_PATTERN = /^(?:private[_-]?key|secret|api[_-]?key|password|client_secret|refresh_token|access_token|id_token|auth_provider_x509_cert_url)$/i;
+const PEM_BLOCK_PATTERN = /-----BEGIN [^-]*(?:PRIVATE KEY|SECRET KEY|OPENSSH PRIVATE KEY)[\s\S]*?-----END [^-]*(?:PRIVATE KEY|SECRET KEY|OPENSSH PRIVATE KEY)-----/gi;
+const PEM_SECRET_PATH_PATTERN = /\.(?:pem|key)$/i;
+// Password embedded in a connection-string URL, e.g.
+// `postgresql://user:PASS@host`. Redacted from shell output so secrets in
+// commands like `cat .env` do not leak into history or telemetry.
+const URL_CREDENTIALS_PATTERN = /\b([a-z][a-z0-9+.-]*:\/\/[^\s:/@]+:)([^\s/@]+)(@)/gi;
+/** Redact only userinfo passwords in connection-string URLs (zero false positives). */
+export function redactConnectionStringCredentials(text) {
+    return text.replace(URL_CREDENTIALS_PATTERN, (_match, prefix, _password, at) => `${prefix}${VALUE_REDACTION}${at}`);
+}
+function isSensitiveJsonKey(key) {
+    return SENSITIVE_JSON_KEY_PATTERN.test(key);
+}
+function previewJsonValue(value) {
+    if (typeof value === 'string') {
+        PEM_BLOCK_PATTERN.lastIndex = 0;
+        if (PEM_BLOCK_PATTERN.test(value))
+            return PRIVATE_KEY_REDACTION;
+        return value.length > 160 ? `${value.slice(0, 160)}…` : value;
+    }
+    if (Array.isArray(value)) {
+        return value.map((entry) => typeof entry === 'string' || typeof entry === 'number' || typeof entry === 'boolean'
+            ? previewJsonValue(entry)
+            : '[REDACTED: nested value]');
+    }
+    if (value && typeof value === 'object') {
+        return '[REDACTED: nested object]';
+    }
+    return value;
+}
+export function isCredentialJsonContent(content) {
+    const trimmed = content.trim();
+    if (!trimmed.startsWith('{'))
+        return false;
+    try {
+        const parsed = JSON.parse(trimmed);
+        if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
+            return false;
+        const record = parsed;
+        const type = String(record.type ?? '').toLowerCase();
+        if (type === 'service_account' ||
+            type === 'authorized_user' ||
+            type === 'external_account') {
+            return true;
+        }
+        return Object.keys(record).some((key) => isSensitiveJsonKey(key));
+    }
+    catch {
+        return false;
+    }
+}
+export function shouldUseSecretFilePreview(filePath, content) {
+    const normalized = String(filePath ?? '')
+        .replace(/\\/g, '/')
+        .trim();
+    return (isSensitiveProjectPath(normalized) ||
+        isSensitiveProjectPath(path.posix.basename(normalized)) ||
+        isCredentialJsonContent(content));
+}
+const DOTENV_BASENAME_PATTERN = /^\.env(?:\..+)?$/i;
+const DOTENV_ASSIGNMENT_PATTERN = /^(\s*(?:export\s+)?[A-Za-z_][A-Za-z0-9_]*\s*=)(.*)$/;
+export function isDotenvLikePath(value) {
+    const text = String(value ?? '').trim();
+    if (!text)
+        return false;
+    const base = path.posix.basename(text.replace(/\\/g, '/'));
+    return DOTENV_BASENAME_PATTERN.test(base);
+}
+/**
+ * True only for a clean dotenv file we can safely show with keys visible and
+ * values tokenized: no PEM block, not JSON, and every non-blank/non-comment line
+ * is a `KEY=VALUE` assignment. Anything ambiguous (a stray line that might be a
+ * raw secret) returns false so the caller keeps the opaque blackout instead.
+ */
+export function looksLikeEditableDotenv(content) {
+    PEM_BLOCK_PATTERN.lastIndex = 0;
+    if (PEM_BLOCK_PATTERN.test(content))
+        return false;
+    if (content.trimStart().startsWith('{'))
+        return false;
+    let sawAssignment = false;
+    for (const line of content.split('\n')) {
+        const trimmed = line.trim();
+        if (trimmed === '' || trimmed.startsWith('#'))
+            continue;
+        if (!DOTENV_ASSIGNMENT_PATTERN.test(line))
+            return false;
+        sawAssignment = true;
+    }
+    return sawAssignment;
+}
+export function buildSecretFilePreview(filePath, content) {
+    PEM_BLOCK_PATTERN.lastIndex = 0;
+    if (!content.trimStart().startsWith('{') &&
+        (PEM_BLOCK_PATTERN.test(content) || PEM_SECRET_PATH_PATTERN.test(filePath))) {
+        return {
+            kind: 'pem',
+            filePath,
+            redacted: true,
+            keys: ['private_key_block'],
+            preview: { private_key_block: PRIVATE_KEY_REDACTION },
+        };
+    }
+    try {
+        const parsed = JSON.parse(content);
+        if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+            const record = parsed;
+            const keys = Object.keys(record);
+            const preview = {};
+            for (const key of keys) {
+                preview[key] = isSensitiveJsonKey(key)
+                    ? VALUE_REDACTION
+                    : previewJsonValue(record[key]);
+            }
+            return {
+                kind: 'json-credentials',
+                filePath,
+                redacted: true,
+                keys,
+                preview,
+            };
+        }
+    }
+    catch { }
+    return {
+        kind: 'opaque-secret-file',
+        filePath,
+        redacted: true,
+        output: SECRET_FILE_REDACTION,
+    };
+}

package/dist/src/session-exit.js

@@ -0,0 +1,17 @@
+export function formatSessionResumeCommand(sessionId, executableName = 'ai') {
+    const normalizedSessionId = String(sessionId ?? '').trim();
+    if (!normalizedSessionId) {
+        throw new Error('Session id is required.');
+    }
+    return `${executableName} --resume ${normalizedSessionId}`;
+}
+export function formatSessionExitNotice(sessionId, executableName = 'ai') {
+    const normalizedSessionId = String(sessionId ?? '').trim();
+    if (!normalizedSessionId) {
+        throw new Error('Session id is required.');
+    }
+    return [
+        `Session ID: ${normalizedSessionId}`,
+        `To resume this session, run ${formatSessionResumeCommand(normalizedSessionId, executableName)}`,
+    ].join('\n');
+}