@ulpi/cli 0.1.0

package/dist/templates/quality-of-life.yml

@@ -0,0 +1,111 @@
+id: quality-of-life
+name: Quality of Life
+category: universal
+
+# ============================================================================
+# QUALITY OF LIFE TEMPLATE
+# ============================================================================
+# This template provides core safety rules without blocking legitimate work.
+#
+# Three-Tier Philosophy:
+#   1. UNIVERSAL SAFETY - Block truly dangerous operations (narrow patterns)
+#   2. WORKFLOW GUIDANCE - Guide best practices (context-aware, not blocking)
+#   3. PRODUCTIVITY - Auto-approve safe operations (broad patterns)
+#
+# Built-In Protection:
+#   The evaluator automatically blocks dangerous commands with proper regex:
+#   - rm -rf / (root filesystem deletion)
+#   - sudo rm (privileged deletion)
+#   - chmod 777 (insecure permissions)
+#   - git push --force (without --force-with-lease)
+#   - git push to main/master
+#   - Database destruction (prisma reset, artisan wipe, rails drop, SQL DROP)
+#
+#   You don't need custom rules for these unless you want stricter policies.
+# ============================================================================
+
+rules:
+  preconditions:
+    read-before-write:
+      enabled: true
+      trigger: PreToolUse
+      matcher: "Write|Edit|MultiEdit"
+      requires_read: true
+      message: "Read {file_path} before editing it."
+      locked: true
+      priority: 10
+    read-before-edit:
+      enabled: true
+      trigger: PreToolUse
+      matcher: "Edit|MultiEdit"
+      requires_read: true
+      message: "Read {file_path} first."
+      locked: true
+      priority: 10
+    no-empty-overwrites:
+      enabled: true
+      trigger: PreToolUse
+      matcher: "Write"
+      message: "You're overwriting with empty content. Provide actual content."
+      locked: true
+      priority: 10
+    branch-before-commit:
+      enabled: true
+      trigger: PreToolUse
+      matcher: "Bash"
+      command_pattern: "git commit"
+      requires: [branch_created]
+      message: "Create a feature branch first: git checkout -b feature/your-feature-name"
+      priority: 20
+
+  permissions:
+    auto-approve-reads:
+      enabled: true
+      trigger: PermissionRequest
+      matcher: "Read|LS|Glob|Grep"
+      decision: allow
+      priority: 100
+
+    block-env-files:
+      enabled: true
+      trigger: PreToolUse
+      matcher: "Write|Edit"
+      file_pattern: ".env*"
+      decision: deny
+      message: "Cannot edit .env files directly. Use .env.example as template."
+      priority: 50
+
+  # ============================================================================
+  # OPTIONAL RULES (Disabled by Default)
+  # ============================================================================
+  # The evaluator has built-in protection that blocks:
+  #   - rm -rf / (root filesystem deletion)
+  #   - sudo rm (privileged deletion)
+  #   - chmod 777 (insecure permissions)
+  #   - git push --force (without --force-with-lease)
+  #   - git push to main/master
+  #   - Database destruction (prisma reset, artisan wipe, etc.)
+  #
+  # Enable these rules only if you need CUSTOM patterns beyond the built-in protection.
+
+    custom-dangerous-commands:
+      enabled: false
+      trigger: PreToolUse
+      matcher: "Bash"
+      command_pattern: "your-custom-pattern-here"
+      decision: deny
+      message: "Custom dangerous command blocked."
+      # TIP: command_pattern uses PREFIX matching, not regex
+      # EXAMPLE: "docker rm -f" blocks "docker rm -f container-name"
+      # WARNING: Setting this rule disables built-in protection - be careful!
+
+    custom-auto-approvals:
+      enabled: false
+      trigger: PermissionRequest
+      matcher: "Bash"
+      command_pattern: "npm test"
+      decision: allow
+      message: "Auto-approved test command."
+      # TIP: Customize command_pattern for your project tools
+      # EXAMPLES: "pnpm", "vitest", "pytest", "cargo test"
+      # NOTE: Stack-specific templates provide better auto-approvals

package/dist/templates/ruby.yml

@@ -0,0 +1,25 @@
+id: ruby
+name: Ruby
+category: runtime
+variables:
+  test_command: "bundle exec rspec"
+  lint_command: "bundle exec rubocop"
+  package_manager: bundle
+
+rules:
+  preconditions:
+    test-before-commit:
+      enabled: true
+      trigger: PreToolUse
+      matcher: "Bash"
+      command_pattern: "git commit"
+      requires: [tests_run]
+      message: "Run {test_command} before committing."
+  postconditions:
+    bundle-install:
+      enabled: true
+      trigger: PostToolUse
+      matcher: "Write|Edit"
+      file_pattern: "Gemfile"
+      run: "bundle install"
+      timeout: 60000

package/dist/templates/rust.yml

@@ -0,0 +1,34 @@
+id: rust
+name: Rust
+category: runtime
+variables:
+  test_command: "cargo test"
+  lint_command: "cargo clippy"
+  build_command: "cargo build"
+
+rules:
+  preconditions:
+    test-before-commit:
+      enabled: true
+      trigger: PreToolUse
+      matcher: "Bash"
+      command_pattern: "git commit"
+      requires: [tests_run]
+      message: "Run {test_command} before committing."
+  postconditions:
+    cargo-check-after-edit:
+      enabled: true
+      trigger: PostToolUse
+      matcher: "Write|Edit|MultiEdit"
+      file_pattern: "*.rs"
+      run: "cargo check"
+      timeout: 60000
+      block_on_failure: false
+  permissions:
+    auto-approve-cargo:
+      enabled: true
+      trigger: PermissionRequest
+      matcher: "Bash"
+      command_pattern: "cargo"
+      decision: allow
+      message: "Auto-approved cargo command."

package/dist/templates/typescript.yml

@@ -0,0 +1,14 @@
+id: typescript
+name: TypeScript
+category: language
+
+rules:
+  postconditions:
+    typecheck-after-edit:
+      enabled: true
+      trigger: PostToolUse
+      matcher: "Write|Edit|MultiEdit"
+      file_pattern: "*.{ts,tsx}"
+      run: "npx tsc --noEmit"
+      timeout: 30000
+      block_on_failure: false

package/dist/templates/vitest.yml

@@ -0,0 +1,24 @@
+id: vitest
+name: Vitest
+category: test-runner
+variables:
+  test_command: "npx vitest run"
+
+rules:
+  permissions:
+    auto-approve-vitest:
+      enabled: true
+      trigger: PermissionRequest
+      matcher: "Bash"
+      command_pattern: "vitest"
+      decision: allow
+      message: "Auto-approved vitest command."
+  postconditions:
+    run-tests-after-edit:
+      enabled: true
+      trigger: PostToolUse
+      matcher: "Write|Edit|MultiEdit"
+      file_pattern: "*.{test,spec}.{ts,tsx,js,jsx}"
+      run: "npx vitest run {file_path}"
+      timeout: 30000
+      block_on_failure: false

package/dist/templates/yarn.yml

@@ -0,0 +1,15 @@
+id: yarn
+name: Yarn
+category: package-manager
+variables:
+  package_manager: yarn
+
+rules:
+  permissions:
+    auto-approve-yarn:
+      enabled: true
+      trigger: PermissionRequest
+      matcher: "Bash"
+      command_pattern: "yarn"
+      decision: allow
+      message: "Auto-approved yarn command."

package/dist/templates-U7T6MARD.js

@@ -0,0 +1,156 @@
+import {
+  deleteUserTemplate,
+  exportUserTemplate,
+  importUserTemplate,
+  listUserTemplates,
+  loadBundledTemplates,
+  saveUserTemplate
+} from "./chunk-6OCEY7JY.js";
+import {
+  loadRulesSync
+} from "./chunk-SIAQVRKG.js";
+import "./chunk-KIKPIH6N.js";
+import "./chunk-7LXY5UVC.js";
+import "./chunk-4VNS5WPM.js";
+
+// src/commands/templates.ts
+import * as fs from "fs";
+import * as path from "path";
+import chalk from "chalk";
+async function runTemplates(args, _projectDir) {
+  const subcommand = args[0];
+  switch (subcommand) {
+    case "list":
+      return listTemplates();
+    case "save":
+      return saveTemplate(args[1]);
+    case "delete":
+      return deleteTemplate(args[1]);
+    case "export":
+      return exportTemplate(args[1], args[2]);
+    case "import":
+      return importTemplate(args[1]);
+    default:
+      console.log(`
+Usage: ulpi templates <subcommand>
+
+Subcommands:
+  list       List bundled and user templates
+  save       Save current rules as a user template
+  delete     Delete a user template
+  export     Export a template to file
+  import     Import a template from file
+`.trim());
+  }
+}
+function listTemplates() {
+  console.log(chalk.bold("\nBundled Templates:\n"));
+  const bundled = loadBundledTemplates();
+  for (const t of bundled) {
+    console.log(`  ${chalk.cyan(t.id.padEnd(25))} ${chalk.dim(t.category)} \u2014 ${t.name}`);
+  }
+  console.log(chalk.bold("\nUser Templates:\n"));
+  const userTemplates = listUserTemplates();
+  if (userTemplates.length === 0) {
+    console.log(chalk.dim("  No user templates saved."));
+  } else {
+    for (const t of userTemplates) {
+      console.log(`  ${chalk.green(t.name.padEnd(25))} ${t.description ?? ""}`);
+    }
+  }
+  console.log("");
+}
+function saveTemplate(name) {
+  if (!name) {
+    console.log(chalk.red("Usage: ulpi templates save <name>"));
+    return;
+  }
+  const projectRulesPath = path.join(process.cwd(), ".ulpi", "guards.yml");
+  if (!fs.existsSync(projectRulesPath)) {
+    console.log(chalk.red("No guards.yml found in current project."));
+    console.log(chalk.dim("Run 'ulpi init' first to generate rules."));
+    return;
+  }
+  const config = loadRulesSync(projectRulesPath);
+  if (!config) {
+    console.log(chalk.red("Failed to parse guards.yml"));
+    return;
+  }
+  const extractRules = (section) => {
+    const result = {};
+    for (const [key, rule] of Object.entries(section)) {
+      const { id, type, ...rest } = rule;
+      result[key] = rest;
+    }
+    return result;
+  };
+  const template = {
+    name,
+    description: `Saved from ${config.project.name} on ${(/* @__PURE__ */ new Date()).toISOString().split("T")[0]}`,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    stack: config.project,
+    layers: [],
+    // No bundled layer references since this is a custom save
+    rules: {
+      preconditions: extractRules(config.preconditions),
+      postconditions: extractRules(config.postconditions),
+      permissions: extractRules(config.permissions),
+      pipelines: extractRules(config.pipelines)
+    },
+    skills: []
+    // Could extract skill references from rules if needed
+  };
+  try {
+    saveUserTemplate(template);
+    console.log(chalk.green(`\u2713 Template "${name}" saved`));
+    console.log(chalk.dim(`  Location: ~/.ulpi/templates/${name}.yml`));
+    console.log(chalk.dim(`  Rules: ${Object.keys(config.preconditions).length} preconditions, ${Object.keys(config.permissions).length} permissions`));
+  } catch (err) {
+    console.log(chalk.red(`Failed to save template: ${err instanceof Error ? err.message : String(err)}`));
+  }
+}
+function deleteTemplate(id) {
+  if (!id) {
+    console.log(chalk.red("Usage: ulpi templates delete <id>"));
+    return;
+  }
+  const deleted = deleteUserTemplate(id);
+  if (deleted) {
+    console.log(chalk.green(`\u2713 Template "${id}" deleted`));
+  } else {
+    console.log(chalk.red(`Template "${id}" not found`));
+  }
+}
+function exportTemplate(name, outputPath) {
+  if (!name) {
+    console.log(chalk.red("Usage: ulpi templates export <name> [output-path]"));
+    return;
+  }
+  const exported = exportUserTemplate(name);
+  if (exported) {
+    if (outputPath) {
+      fs.writeFileSync(outputPath, exported, "utf-8");
+      console.log(chalk.green(`\u2713 Template "${name}" exported to ${outputPath}`));
+    } else {
+      console.log(exported);
+    }
+  } else {
+    console.log(chalk.red(`Template "${name}" not found`));
+  }
+}
+function importTemplate(inputPath) {
+  if (!inputPath) {
+    console.log(chalk.red("Usage: ulpi templates import <file-path>"));
+    return;
+  }
+  try {
+    const content = fs.readFileSync(inputPath, "utf-8");
+    const imported = importUserTemplate(content);
+    console.log(chalk.green(`\u2713 Template imported as "${imported.name}"`));
+  } catch (err) {
+    console.log(chalk.red(`Failed to import template: ${err instanceof Error ? err.message : String(err)}`));
+  }
+}
+export {
+  runTemplates
+};

package/dist/ui-L7UAWXDY.js

@@ -0,0 +1,167 @@
+import {
+  createApiServer,
+  setUiServerPort
+} from "./chunk-Q4HIY43N.js";
+import {
+  attachWebSocket
+} from "./chunk-7AL4DOEJ.js";
+import {
+  generateApiSecret,
+  setApiSecret
+} from "./chunk-MIAQVCFW.js";
+import "./chunk-2MZER6ND.js";
+import "./chunk-3SBPZRB5.js";
+import "./chunk-2CLNOKPA.js";
+import "./chunk-SPOI23SB.js";
+import "./chunk-6OCEY7JY.js";
+import "./chunk-SIAQVRKG.js";
+import "./chunk-NNUWU6CV.js";
+import "./chunk-YM2HV4IA.js";
+import "./chunk-KIKPIH6N.js";
+import {
+  API_LOCK_FILE,
+  getApiHost,
+  getApiPort
+} from "./chunk-7LXY5UVC.js";
+import "./chunk-4VNS5WPM.js";
+
+// src/commands/ui.ts
+import chalk from "chalk";
+
+// ../api/dist/index.js
+import * as fs from "fs";
+import * as path from "path";
+function writeApiLockFile(port, secret) {
+  try {
+    const dir = path.dirname(API_LOCK_FILE);
+    fs.mkdirSync(dir, { recursive: true });
+    const lockData = { port, pid: process.pid, startedAt: (/* @__PURE__ */ new Date()).toISOString() };
+    if (secret) lockData.secret = secret;
+    fs.writeFileSync(API_LOCK_FILE, JSON.stringify(lockData), { encoding: "utf-8", mode: 384 });
+  } catch {
+  }
+}
+function removeApiLockFile() {
+  try {
+    fs.unlinkSync(API_LOCK_FILE);
+  } catch {
+  }
+}
+async function main() {
+  const { getApiPort: getApiPort2, getApiHost: getApiHost2 } = await import("./dist-RKOGLK7R.js");
+  const { generateApiSecret: generateApiSecret2, setApiSecret: setApiSecret2 } = await import("./auth-PN7TMQHV-2W4ICG64.js");
+  const port = getApiPort2();
+  const host = getApiHost2();
+  const projectDir = process.argv[2] || process.cwd();
+  const secret = generateApiSecret2();
+  setApiSecret2(secret);
+  const { createApiServer: createApiServer2 } = await import("./server-MOYPE4SM-N7SE2AN7.js");
+  const { attachWebSocket: attachWebSocket2 } = await import("./server-X5P6WH2M-7K2RY34N.js");
+  const server = createApiServer2(projectDir);
+  const wss = attachWebSocket2(server, projectDir);
+  const shutdown = () => {
+    console.log("\nShutting down ULPI API server...");
+    removeApiLockFile();
+    for (const client of wss.clients) {
+      client.close();
+    }
+    wss.close();
+    server.close(() => {
+      console.log("Server stopped.");
+      process.exit(0);
+    });
+    setTimeout(() => process.exit(0), 5e3).unref();
+  };
+  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", shutdown);
+  server.listen(port, host, () => {
+    writeApiLockFile(port, secret);
+    console.log(`ULPI API server running at http://${host}:${port}`);
+    console.log(`  WebSocket: ws://${host}:${port}/ws`);
+    console.log(`  API:       http://${host}:${port}/api/health`);
+    console.log(`  Project:   ${projectDir}`);
+  });
+}
+var isDirectRun = process.argv[1] && (process.argv[1].endsWith("index.js") || process.argv[1].endsWith("index.mjs"));
+if (isDirectRun) {
+  main().catch((err) => {
+    console.error(
+      "Fatal:",
+      err instanceof Error ? err.message : String(err)
+    );
+    process.exit(1);
+  });
+}
+
+// src/commands/ui.ts
+async function runUI(args, projectDir) {
+  const portIndex = args.indexOf("--port");
+  let port = getApiPort();
+  if (portIndex !== -1 && args[portIndex + 1]) {
+    const parsed = parseInt(args[portIndex + 1], 10);
+    if (isNaN(parsed) || parsed < 1 || parsed > 65535) {
+      console.log(chalk.red("Invalid port number. Must be between 1 and 65535."));
+      process.exit(1);
+    }
+    port = parsed;
+  }
+  const host = getApiHost();
+  try {
+    const secret = generateApiSecret();
+    setApiSecret(secret);
+    setUiServerPort(port);
+    const server = createApiServer(projectDir);
+    const wss = attachWebSocket(server, projectDir);
+    const shutdown = () => {
+      console.log("\nShutting down ULPI server...");
+      removeApiLockFile();
+      for (const client of wss.clients) {
+        client.close();
+      }
+      wss.close();
+      server.close(() => {
+        console.log("Server stopped.");
+        process.exit(0);
+      });
+      setTimeout(() => process.exit(0), 5e3).unref();
+    };
+    process.on("SIGTERM", shutdown);
+    process.on("SIGINT", shutdown);
+    await new Promise((resolve, reject) => {
+      server.on("error", (err) => {
+        if (err.code === "EADDRINUSE") {
+          console.error(
+            `Port ${port} is already in use. Try a different port with --port.`
+          );
+        }
+        reject(err);
+      });
+      server.listen(port, host, () => {
+        writeApiLockFile(port, secret);
+        console.log(`
+ULPI server running at:
+`);
+        console.log(`  http://${host}:${port}
+`);
+        console.log(`  WebSocket: ws://${host}:${port}/ws`);
+        console.log(`  API:       http://${host}:${port}/api/rules
+`);
+        console.log(`Project dir: ${projectDir}
+`);
+        console.log(`Press Ctrl+C to stop.
+`);
+        resolve();
+      });
+    });
+  } catch (err) {
+    console.error(
+      chalk.red(
+        `Failed to start UI server: ${err instanceof Error ? err.message : String(err)}`
+      )
+    );
+    process.exit(1);
+  }
+}
+export {
+  runUI
+};