@travisennis/acai 0.0.1 → 0.0.3

package/dist/tools/bash.js

@@ -9,69 +9,6 @@ import { CommandValidation } from "./command-validation.js";
 export const BashTool = {
     name: "bash",
 };
-function tokenize(inputStr) {
-    const tokens = [];
-    let current = "";
-    let inSingle = false;
-    let inDouble = false;
-    for (let i = 0; i < inputStr.length; i++) {
-        const ch = inputStr[i];
-        if (ch === "'" && !inDouble) {
-            inSingle = !inSingle;
-            current += ch;
-            continue;
-        }
-        if (ch === '"' && !inSingle) {
-            inDouble = !inDouble;
-            current += ch;
-            continue;
-        }
-        if (!inSingle && !inDouble && /\s/.test(ch)) {
-            if (current.length > 0) {
-                const raw = current;
-                const unquoted = raw.replace(/^['"]|['"]$/g, "");
-                tokens.push({ raw, unquoted });
-                current = "";
-            }
-            continue;
-        }
-        if (ch === "\\" && inDouble && i + 1 < inputStr.length) {
-            const next = inputStr[i + 1];
-            if (next === '"' || next === "\\") {
-                current += next;
-                i++;
-                continue;
-            }
-        }
-        current += ch;
-    }
-    if (current.length > 0) {
-        const raw = current;
-        const unquoted = raw.replace(/^['"]|['"]$/g, "");
-        tokens.push({ raw, unquoted });
-    }
-    return tokens;
-}
-function shouldSkipPathValidation(tokens, index) {
-    if (index === 0)
-        return false;
-    const cmd = tokens[0]?.unquoted;
-    if (cmd !== "git")
-        return false;
-    const sub = tokens[1]?.unquoted;
-    if (sub !== "commit" &&
-        sub !== "tag" &&
-        !(sub === "notes" && tokens[2]?.unquoted === "add")) {
-        return false;
-    }
-    const prev = tokens[index - 1]?.unquoted;
-    if (prev === "-m" || prev === "--message")
-        return true;
-    return false;
-}
-function looksLikeUrl(str) {
-    return str.startsWith("http://") || str.startsWith("https://");
-}
 // Whitelist of allowed commands
 const ALLOWED_COMMANDS = [
     "chmod",
@@ -104,23 +41,84 @@ const ALLOWED_COMMANDS = [
 ];
 // Command execution timeout in milliseconds
 const DEFAULT_TIMEOUT = 1.5 * 60 * 1000; // 1.5 minutes
-// Initialize command validator with allowed commands
-const commandValidator = new CommandValidation(ALLOWED_COMMANDS);
 // Ensure path is within base directory
 function isPathWithinBaseDir(requestedPath, baseDir) {
     const normalizedRequestedPath = path.normalize(requestedPath);
     const normalizedBaseDir = path.normalize(baseDir);
     return normalizedRequestedPath.startsWith(normalizedBaseDir);
 }
+// Validate path arguments to ensure they're within the project
+function validatePaths(command, baseDir, cwd) {
+    // Simple tokenization - split on spaces but respect quotes
+    const tokens = [];
+    let current = "";
+    let inQuotes = false;
+    let quoteChar = "";
+    for (let i = 0; i < command.length; i++) {
+        const char = command[i];
+        if ((char === '"' || char === "'") && !inQuotes) {
+            inQuotes = true;
+            quoteChar = char;
+            current += char;
+        }
+        else if (char === quoteChar && inQuotes) {
+            inQuotes = false;
+            quoteChar = "";
+            current += char;
+        }
+        else if (char === " " && !inQuotes) {
+            if (current) {
+                tokens.push(current);
+                current = "";
+            }
+        }
+        else {
+            current += char;
+        }
+    }
+    if (current)
+        tokens.push(current);
+    // Check each token that looks like a path
+    for (let i = 1; i < tokens.length; i++) {
+        // Skip the command itself
+        const token = tokens[i];
+        if (!token)
+            continue;
+        // Remove quotes for path checking
+        const cleanToken = token.replace(/^['"]|['"]$/g, "");
+        // Skip if it's clearly not a path
+        if (cleanToken.startsWith("-") ||
+            cleanToken.includes("://") ||
+            !cleanToken.includes("/")) {
+            continue;
+        }
+        // Skip git commit messages and other special cases
+        const prevToken = tokens[i - 1]?.replace(/^['"]|['"]$/g, "");
+        if (prevToken === "-m" || prevToken === "--message") {
+            continue;
+        }
+        try {
+            const resolvedPath = path.resolve(cwd, cleanToken);
+            if (!isPathWithinBaseDir(resolvedPath, baseDir)) {
+                return {
+                    isValid: false,
+                    error: `Path '${cleanToken}' resolves outside the project directory (${resolvedPath}). All paths must be within ${baseDir}`,
+                };
+            }
+        }
+        catch (_e) { }
+    }
+    return { isValid: true };
+}
+// Initialize command validator with allowed commands
+const commandValidator = new CommandValidation(ALLOWED_COMMANDS);
 export const createBashTool = ({ baseDir, sendData, tokenCounter, terminal, autoAcceptAll, }) => {
     let autoAcceptCommands = autoAcceptAll;
     return {
         [BashTool.name]: tool({
             description: `Execute bash commands and return their output. Limited to a whitelist of safe commands: ${ALLOWED_COMMANDS.join(", ")}. Commands will only execute within the project directory for security. Always specify absolute paths to avoid errors.`,
             inputSchema: z.object({
-                command: z
-                    .string()
-                    .describe("Full CLI command to execute. Must be from the allowed list without chaining operators."),
+                command: z.string().describe("Full CLI command to execute."),
                 cwd: z
                     .string()
                     .nullable()
@@ -139,61 +137,41 @@ export const createBashTool = ({ baseDir, sendData, tokenCounter, terminal, auto
                     id: toolCallId,
                     data: `Executing: ${chalk.cyan(command)} in ${chalk.cyan(safeCwd)}`,
                 });
-                // Validate command using CommandValidation
-                if (!commandValidator.isValid(command)) {
-                    const errorMsg = `Command not allowed. Ensure all sub-commands are in the approved list: ${ALLOWED_COMMANDS.join(", ")} and no unsafe operators (>, <, \`, $()) are used.`;
-                    sendData?.({ event: "tool-error", id: toolCallId, data: errorMsg });
-                    return errorMsg;
-                }
                 // Validate working directory
                 if (!isPathWithinBaseDir(safeCwd, baseDir)) {
                     const errorMsg = `Working directory must be within the project directory: ${baseDir}`;
                     sendData?.({ event: "tool-error", id: toolCallId, data: errorMsg });
                     return errorMsg;
                 }
-                // Validate command arguments for paths outside baseDir
-                const tokens = tokenize(command);
-                for (let i = 0; i < tokens.length; i++) {
-                    const token = tokens[i];
-                    if (token == null)
-                        continue;
-                    const part = token.unquoted;
-                    if (shouldSkipPathValidation(tokens, i)) {
-                        continue;
-                    }
-                    if (looksLikeUrl(part)) {
-                        continue;
-                    }
-                    if (part.startsWith("/") ||
-                        part.includes("../") ||
-                        part.includes("./") ||
-                        (part.includes("/") && !part.startsWith("-"))) {
-                        try {
-                            const resolvedPath = path.resolve(safeCwd, part);
-                            if (!isPathWithinBaseDir(resolvedPath, baseDir)) {
-                                const errorMsg = `Command argument references path outside the project directory: ${part} (resolved to ${resolvedPath})`;
-                                sendData?.({
-                                    event: "tool-error",
-                                    id: toolCallId,
-                                    data: errorMsg,
-                                });
-                                return errorMsg;
-                            }
-                        }
-                        catch (e) {
-                            console.info(`Could not resolve potential path argument: ${part}`, e);
-                        }
-                    }
+                // Validate command using improved validation
+                const commandValidation = commandValidator.isValid(command);
+                if (!commandValidation.isValid) {
+                    sendData?.({
+                        event: "tool-error",
+                        id: toolCallId,
+                        data: commandValidation.error ?? "Unknown error.",
+                    });
+                    return commandValidation.error ?? "Unknown error.";
+                }
+                // Validate paths
+                const pathValidation = validatePaths(command, baseDir, safeCwd);
+                if (!pathValidation.isValid) {
+                    sendData?.({
+                        event: "tool-error",
+                        id: toolCallId,
+                        data: pathValidation.error ?? "Unknown error.",
+                    });
+                    return pathValidation.error ?? "Unknown error.";
                 }
                 // Prompt user for command execution approval (only in interactive mode)
                 if (terminal) {
                     if (!autoAcceptCommands) {
                         await new Promise((resolve) => setTimeout(resolve, 1000));
+                        terminal.lineBreak();
+                        terminal.writeln(`${chalk.blue.bold("●")} About to execute command: ${chalk.cyan(command)}`);
+                        terminal.writeln(`${chalk.gray("Working directory:")} ${safeCwd}`);
+                        terminal.lineBreak();
                     }
-                    terminal.lineBreak();
-                    terminal.writeln(`${chalk.blue.bold("●")} About to execute command: ${chalk.cyan(command)}`);
-                    terminal.writeln(`${chalk.gray("Working directory:")} ${safeCwd}`);
-                    terminal.lineBreak();
                     let userChoice;
                     if (autoAcceptCommands) {
                         terminal.writeln(chalk.green("✓ Auto-accepting command (all future commands will be accepted)"));
@@ -231,6 +209,7 @@ export const createBashTool = ({ baseDir, sendData, tokenCounter, terminal, auto
                         return rejectionMsg;
                     }
                 }
+                // Execute command
                 try {
                     const result = await executeCommand(command, {
                         cwd: safeCwd,
@@ -262,28 +241,27 @@ export const createBashTool = ({ baseDir, sendData, tokenCounter, terminal, auto
                     }
                     catch (tokenError) {
                         console.error("Error calculating token count:", tokenError);
-                        // Log or handle error, but don't block file return
                     }
                     const maxTokens = (await config.readProjectConfig()).tools.maxTokens;
-                    // Adjust max token check message if line selection was used
-                    const maxTokenMessage = `Output of commmand (${tokenCount} tokens) exceeds maximum allowed tokens (${maxTokens}). Please adjust how you call the command to get back more specific results`;
+                    const maxTokenMessage = `Output of command (${tokenCount} tokens) exceeds maximum allowed tokens (${maxTokens}). Please adjust how you call the command to get back more specific results`;
                     const finalResult = tokenCount <= maxTokens ? formattedResult : maxTokenMessage;
                     sendData?.({
                         event: "tool-completion",
                         id: toolCallId,
                         data: tokenCount <= maxTokens
                             ? "Command executed successfully."
-                            : `Output of commmand (${tokenCount} tokens) exceeds maximum allowed tokens (${maxTokens}).`,
+                            : `Output of command (${tokenCount} tokens) exceeds maximum allowed tokens (${maxTokens}).`,
                     });
                     return finalResult;
                 }
                 catch (error) {
+                    const errorMsg = `Command failed: ${error.message}`;
                     sendData?.({
                         event: "tool-error",
                         id: toolCallId,
-                        data: `Command failed: ${error.message}`,
+                        data: errorMsg,
                     });
-                    return `Command failed: ${error.message}`;
+                    return errorMsg;
                 }
             },
         }),

package/dist/tools/code-interpreter.js

@@ -8,10 +8,20 @@ import { z } from "zod";
 export const CodeInterpreterTool = {
     name: "codeInterpreter",
 };
+const toolDescription = `Executes JavaScript code in a separate Node.js process using Node's Permission Model. By default, the child process has no permissions except read/write within the current working directory. The tool returns stdout, stderr, and exitCode. Use console.log/console.error to produce output.
+
+⚠️ **IMPORTANT**: This tool uses ES Modules (ESM) only.
+- Use \`import\` statements, NOT \`require()\`
+- Examples: \`import fs from 'node:fs'\` NOT \`const fs = require('fs')\`
+- Add file extensions for relative imports: \`import { utils } from './utils.js'\`
+
+These scripts are run in the \`${process.cwd}/.acai-ci-tmp\`. Keep this in mind if you intend to import or reference files from this project in your script.
+
+Timeout defaults to 5 seconds and can be extended up to 60 seconds.`;
 export const createCodeInterpreterTool = ({ sendData, }) => {
     return {
         [CodeInterpreterTool.name]: tool({
-            description: "Executes JavaScript code in a separate Node.js process using Node's Permission Model. By default, the child process has no permissions except read/write within the current working directory. The tool returns stdout, stderr, and exitCode. Use console.log/console.error to produce output. Timeout defaults to 5 seconds and can be extended up to 60 seconds.",
+            description: toolDescription,
             inputSchema: z.object({
                 code: z.string().describe("JavaScript code to be executed."),
                 timeoutSeconds: z

package/dist/tools/command-validation.d.ts

@@ -1,8 +1,12 @@
 export declare class CommandValidation {
     private readonly allowedCommands;
-    private readonly unsafeOperatorPatterns;
+    private readonly dangerousPatterns;
     constructor(allowedCommands: string[]);
     private isCommandAllowed;
-    private hasUnsafeOperators;
-    isValid(command: string): boolean;
+    private hasDangerousPatterns;
+    isValid(command: string): {
+        isValid: boolean;
+        error?: string;
+    };
+    private splitOnPipes;
 }

package/dist/tools/command-validation.js

@@ -1,35 +1,40 @@
 export class CommandValidation {
     allowedCommands;
-    unsafeOperatorPatterns;
+    dangerousPatterns;
     constructor(allowedCommands) {
         this.allowedCommands = allowedCommands;
-        this.unsafeOperatorPatterns = [
-            /`/, // backticks
-            /\$\(/, // $(
-            />/, // redirect out
-            /</, // redirect in
+        // Only block truly dangerous patterns, not useful shell operations
+        this.dangerousPatterns = [
+            /`/, // backticks (command substitution)
+            /\$\(/, // $() command substitution
+            /&&\s*rm\s+-rf/, // dangerous rm chains
+            /;\s*rm\s+-rf/, // dangerous rm chains
         ];
     }
     isCommandAllowed(command) {
         const baseCommand = command.split(" ")[0] || "";
         return this.allowedCommands.includes(baseCommand);
     }
-    hasUnsafeOperators(command) {
+    hasDangerousPatterns(command) {
         // Remove all quoted segments first
         const stripped = command
             .replace(/'([^'\\]|\\.)*'/g, "")
             .replace(/"([^"\\]|\\.)*"/g, "");
-        // Check for unsafe operators only in unquoted portions
-        return this.unsafeOperatorPatterns.some((re) => re.test(stripped));
+        // Check for dangerous patterns only in unquoted portions
+        return this.dangerousPatterns.some((re) => re.test(stripped));
     }
     isValid(command) {
-        if (!command.trim())
-            return false;
-        // First check for unsafe operators in unquoted portions
-        if (this.hasUnsafeOperators(command)) {
-            return false;
+        if (!command.trim()) {
+            return { isValid: false, error: "Command cannot be empty" };
         }
-        // Process command while preserving quoted strings
+        // First check for dangerous patterns
+        if (this.hasDangerousPatterns(command)) {
+            return {
+                isValid: false,
+                error: "Command contains dangerous patterns (command substitution or unsafe rm chains)",
+            };
+        }
+        // Process command while preserving quoted strings to extract sub-commands
         const subCommands = [];
         let currentSegment = "";
         let inSingleQuote = false;
@@ -41,17 +46,16 @@ export class CommandValidation {
                 inSingleQuote = !inSingleQuote;
             if (char === '"' && !inSingleQuote)
                 inDoubleQuote = !inDoubleQuote;
-            // Split on operators only when not in quotes
-            if (!inSingleQuote &&
-                !inDoubleQuote &&
-                (char === "&" || char === "|" || char === ";")) {
+            // Split on command separators only when not in quotes
+            // Note: We allow pipes (|) and redirects (>, <) but split on command separators
+            if (!inSingleQuote && !inDoubleQuote && (char === "&" || char === ";")) {
                 if (currentSegment.trim()) {
                     subCommands.push(currentSegment.trim());
                     currentSegment = "";
                 }
-                // Skip the operator and any subsequent same operators (like && or ||)
+                // Skip the operator and any subsequent same operators (like &&)
                 while (i + 1 < command.length &&
-                    ["&", "|", ";"].includes(command[i + 1] ?? "")) {
+                    ["&", ";"].includes(command[i + 1] ?? "")) {
                     i++;
                 }
             }
@@ -63,7 +67,47 @@ export class CommandValidation {
         if (currentSegment.trim()) {
             subCommands.push(currentSegment.trim());
         }
-        // Validate all sub-commands
-        return subCommands.every((cmd) => this.isCommandAllowed(cmd));
+        // Validate all sub-commands (but be smart about pipes)
+        for (const subCmd of subCommands) {
+            // For piped commands, validate each part of the pipe
+            const pipeParts = this.splitOnPipes(subCmd);
+            for (const part of pipeParts) {
+                const trimmedPart = part.trim();
+                if (trimmedPart && !this.isCommandAllowed(trimmedPart)) {
+                    const baseCmd = trimmedPart.split(" ")[0] || "";
+                    return {
+                        isValid: false,
+                        error: `Command '${baseCmd}' is not allowed. Allowed commands: ${this.allowedCommands.join(", ")}`,
+                    };
+                }
+            }
+        }
+        return { isValid: true };
+    }
+    splitOnPipes(command) {
+        const parts = [];
+        let current = "";
+        let inSingleQuote = false;
+        let inDoubleQuote = false;
+        for (let i = 0; i < command.length; i++) {
+            const char = command[i];
+            if (char === "'" && !inDoubleQuote)
+                inSingleQuote = !inSingleQuote;
+            if (char === '"' && !inSingleQuote)
+                inDoubleQuote = !inDoubleQuote;
+            if (char === "|" && !inSingleQuote && !inDoubleQuote) {
+                if (current.trim()) {
+                    parts.push(current.trim());
+                    current = "";
+                }
+            }
+            else {
+                current += char;
+            }
+        }
+        if (current.trim()) {
+            parts.push(current.trim());
+        }
+        return parts;
     }
 }

package/dist/tools/delete-file.d.ts

@@ -1,10 +1,13 @@
+import type { Terminal } from "../terminal/index.ts";
 import type { SendData } from "./types.ts";
 export declare const DeleteFileTool: {
     name: "deleteFile";
 };
-export declare const createDeleteFileTool: ({ workingDir, sendData, }: {
+export declare const createDeleteFileTool: ({ workingDir, sendData, terminal, autoAcceptAll, }: {
     workingDir: string;
     sendData?: SendData;
+    terminal?: Terminal;
+    autoAcceptAll?: boolean;
 }) => Promise<{
     deleteFile: import("ai").Tool<{
         path: string;

package/dist/tools/delete-file.js

@@ -1,5 +1,6 @@
 import { existsSync } from "node:fs";
 import fs from "node:fs/promises";
+import { input, select } from "@inquirer/prompts";
 import { tool } from "ai";
 import chalk from "chalk";
 import { z } from "zod";
@@ -7,8 +8,9 @@ import { joinWorkingDir, validatePath } from "./filesystem-utils.js";
 export const DeleteFileTool = {
     name: "deleteFile",
 };
-export const createDeleteFileTool = async ({ workingDir, sendData, }) => {
+export const createDeleteFileTool = async ({ workingDir, sendData, terminal, autoAcceptAll, }) => {
     const allowedDirectory = workingDir;
+    let autoAcceptDeletes = autoAcceptAll ?? false;
     return {
         [DeleteFileTool.name]: tool({
             description: "Delete a file permanently.",
@@ -32,12 +34,54 @@ export const createDeleteFileTool = async ({ workingDir, sendData, }) => {
                     if (stats.isDirectory()) {
                         throw new Error(`Path is a directory, not a file: ${filePath}`);
                     }
-                    // Delete the original file
+                    if (terminal) {
+                        terminal.writeln(`\n${chalk.red.bold("●")} Proposing file deletion: ${chalk.cyan(userPath)}`);
+                        terminal.lineBreak();
+                        terminal.writeln("This action cannot be undone.");
+                        terminal.lineBreak();
+                        let userChoice;
+                        if (autoAcceptDeletes) {
+                            terminal.writeln(chalk.green("✓ Auto-accepting deletions (all future deletions will be accepted)"));
+                            userChoice = "accept";
+                        }
+                        else {
+                            userChoice = await select({
+                                message: "What would you like to do with this file?",
+                                choices: [
+                                    { name: "Accept and delete this file", value: "accept" },
+                                    {
+                                        name: "Accept all future deletions (including this)",
+                                        value: "accept-all",
+                                    },
+                                    { name: "Reject this deletion", value: "reject" },
+                                ],
+                                default: "accept",
+                            });
+                        }
+                        terminal.lineBreak();
+                        if (userChoice === "accept-all") {
+                            autoAcceptDeletes = true;
+                            terminal.writeln(chalk.yellow("✓ Auto-accept mode enabled for all future deletions"));
+                            terminal.lineBreak();
+                        }
+                        if (userChoice === "reject") {
+                            const reason = await input({ message: "Feedback: " });
+                            terminal.lineBreak();
+                            sendData?.({
+                                id: toolCallId,
+                                event: "tool-completion",
+                                data: `Deletion rejected by user. Reason: ${reason}`,
+                            });
+                            return `The user rejected this deletion. Reason: ${reason}`;
+                        }
+                        // If accepted, proceed to delete file
+                    }
+                    // Delete the file
                     await fs.unlink(filePath);
                     sendData?.({
                         id: toolCallId,
                         event: "tool-completion",
-                        data: `File deleted successfully: ${userPath}`,
+                        data: "File deleted successfully",
                     });
                     return `Successfully deleted ${filePath}`;
                 }

package/dist/tools/git-utils.d.ts

@@ -3,6 +3,12 @@ export declare function getDiffStat(): Promise<{
     insertions: number;
     deletions: number;
 }>;
+export declare function getGitStatus(): Promise<{
+    added: number;
+    modified: number;
+    deleted: number;
+    untracked: number;
+}>;
 export declare const inGitDirectory: () => Promise<boolean>;
 /**
  * Check if there are uncommitted changes