npm - assistme - Versions diffs - 0.2.3 → 0.2.4 - Mend

assistme 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js +4 -2
package/package.json +1 -1
package/src/agent/mcp-servers.ts +0 -2
package/src/agent/processor.test.ts +1 -4
package/src/agent/skill-extractor.ts +0 -459
package/src/agent/skills.ts +7 -3
package/src/agent/memory-extractor.ts +0 -128
package/src/utils/validation.test.ts +0 -153
package/src/utils/validation.ts +0 -101

package/dist/index.js CHANGED Viewed

@@ -1985,8 +1985,10 @@ _(${skills.length - included} additional skills available \u2014 use skill_invok
         log.debug(`Skill create returned no data for "${name}"`);
         return null;
       }
-      log.info(`Skill "${name}" created in skills table (pending approval)`);
-      return row;
+      const id = row.out_id || row.id;
+      const skillName = row.out_name || row.name;
+      log.info(`Skill "${skillName}" created in skills table (pending approval)`);
+      return { id, name: skillName };
     } catch (err) {
       log.debug(`Skill create error: ${err}`);
       return null;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "assistme",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "description": "AssistMe CLI Agent - AI-powered assistant that controls your real browser",
   "type": "module",
   "main": "dist/index.js",

package/src/agent/mcp-servers.ts CHANGED Viewed

@@ -10,8 +10,6 @@ import { log } from "../utils/logger.js";
 import type { MemoryManager, MemoryCategory } from "./memory.js";
 import type { SkillManager } from "./skills.js";
 import { substituteArguments, preprocessDynamicContext } from "./skills.js";
-// decomposeJob and generateSkillFromDescription removed — the agent SDK handles
-// job analysis and skill generation directly (no separate LLM API calls needed)
 import { getSupabase } from "../db/supabase.js";
 import { JobRunner } from "./job-runner.js";
 import {

package/src/agent/processor.test.ts CHANGED Viewed

@@ -92,11 +92,8 @@ vi.mock("./skills.js", () => ({
   },
 }));
-vi.mock("./memory-extractor.js", () => ({
-  extractMemoriesWithLLM: vi.fn().mockResolvedValue([]),
-}));
 vi.mock("./skill-extractor.js", () => ({
-  // Only ToolCallRecord type is used — no functions imported
+  // Only ToolCallRecord type is used
 }));
 vi.mock("../utils/rate-limiter.js", () => ({

package/src/agent/skill-extractor.ts CHANGED Viewed

@@ -1,16 +1,3 @@
-import { getConfig } from "../utils/config.js";
-import { log } from "../utils/logger.js";
-/**
- * Extracted skill from LLM analysis of a multi-step task.
- */
-export interface ExtractedSkill {
-  name: string; // kebab-case, e.g. "price-comparison-amazon"
-  description: string; // One-line description
-  steps: string; // Markdown step-by-step instructions
-  emoji: string; // Single emoji for this skill
-}
 /**
  * A record of a tool call made during task execution.
  */
@@ -19,449 +6,3 @@ export interface ToolCallRecord {
   input: Record<string, unknown>;
   result: string;
 }
-const EXTRACTION_PROMPT = `You are a skill extraction system for an AI agent that controls a real web browser (Chrome via CDP) and can read/write files. Your job is to analyze completed task conversations and extract REUSABLE WORKFLOWS as skills.
-A skill is a step-by-step instruction template that teaches the agent how to handle a TYPE of task (not a specific instance).
-Rules:
-- Only extract skills for tasks that involved 3+ distinct steps (multi-step workflows)
-- The skill must be GENERALIZABLE — it should work for similar future tasks, not just this specific one
-- Replace specific values (URLs, product names, prices) with generic placeholders like {product}, {website}, {query}
-- Focus on the WORKFLOW PATTERN, not the specific data
-- Write clear markdown instructions that another AI agent could follow
-- If the task was too simple or too specific to generalize, return null
-- The name must be kebab-case (lowercase, hyphens)
-- Description should be one concise line
-DO NOT extract skills for:
-- Simple single-step tasks (just opening one page)
-- Tasks that failed or had errors
-- Tasks that are too specific to generalize (e.g. "buy exactly this item at this price")
-Respond with ONLY valid JSON — no markdown wrapping, no explanation:
-If a reusable skill was found:
-{"name": "skill-name", "description": "What this skill does", "steps": "## Workflow\\n\\n1. **Step one**\\n...", "emoji": "🔧"}
-If nothing worth extracting:
-null`;
-/**
- * Use Haiku to analyze a completed multi-step task and extract a reusable skill.
- * Only called when a task involved 3+ tool calls (multi-step workflow).
- *
- * Cost: ~$0.002 per extraction (slightly more context than memory extraction).
- */
-export async function extractSkillWithLLM(
-  taskPrompt: string,
-  taskResult: string,
-  toolCalls: ToolCallRecord[]
-): Promise<ExtractedSkill | null> {
-  const config = getConfig();
-  const apiKey = config.anthropicApiKey;
-  if (!apiKey) {
-    log.debug("No API key, skipping skill extraction");
-    return null;
-  }
-  // Build a summary of tool calls (not the full data, just the flow)
-  const toolFlow = toolCalls
-    .map((tc, i) => {
-      const inputSummary = Object.entries(tc.input)
-        .map(([k, v]) => `${k}=${String(v).slice(0, 100)}`)
-        .join(", ");
-      const resultSummary = tc.result.slice(0, 150);
-      return `${i + 1}. ${tc.name}(${inputSummary}) → ${resultSummary}`;
-    })
-    .slice(0, 20) // Max 20 tool calls in summary
-    .join("\n");
-  const userMessage = `<task_prompt>
-${taskPrompt.slice(0, 1500)}
-</task_prompt>
-<tool_calls_flow>
-${toolFlow.slice(0, 3000)}
-</tool_calls_flow>
-<final_result>
-${taskResult.slice(0, 2000)}
-</final_result>`;
-  try {
-    const response = await fetch("https://api.anthropic.com/v1/messages", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": apiKey,
-        "anthropic-version": "2023-06-01",
-      },
-      body: JSON.stringify({
-        model: "claude-haiku-4-5-20251001",
-        max_tokens: 1024,
-        system: EXTRACTION_PROMPT,
-        messages: [{ role: "user", content: userMessage }],
-      }),
-    });
-    if (!response.ok) {
-      const errText = await response.text();
-      log.debug(
-        `Skill extraction API error: ${response.status} ${errText.slice(0, 200)}`
-      );
-      return null;
-    }
-    const data = await response.json();
-    const text =
-      data.content?.[0]?.type === "text" ? data.content[0].text : "";
-    if (!text || text.trim() === "null") {
-      log.debug("Skill extraction: nothing reusable found");
-      return null;
-    }
-    // Parse JSON
-    const jsonStr = text
-      .replace(/```json\n?/g, "")
-      .replace(/```\n?/g, "")
-      .trim();
-    const skill: ExtractedSkill = JSON.parse(jsonStr);
-    // Validate
-    if (!skill || !skill.name || !skill.steps || !skill.description) {
-      return null;
-    }
-    // Sanitize name to kebab-case
-    skill.name = skill.name
-      .toLowerCase()
-      .replace(/[^a-z0-9-]/g, "-")
-      .replace(/-+/g, "-")
-      .replace(/^-|-$/g, "");
-    if (skill.name.length < 3) return null;
-    return skill;
-  } catch (err) {
-    log.debug(
-      `Skill extraction failed: ${err instanceof Error ? err.message : err}`
-    );
-    return null;
-  }
-}
-// ── Proactive Skill Generation (from description, not from completed tasks) ──
-/**
- * A skill specification decomposed from a work profile.
- */
-export interface SkillSpec {
-  name: string;
-  description: string;
-  category: string; // e.g. "data-processing", "communication", "reporting"
-  priority: "high" | "medium" | "low";
-  automatable: boolean; // whether the agent can fully automate this
-}
-const DECOMPOSE_JOB_PROMPT = `You are a job analysis system. Given a person's job description, decompose their work into individual AUTOMATABLE SKILLS that an AI agent could learn and execute.
-The AI agent has these capabilities:
-- Control a real Chrome browser (navigate, click, type, read pages, take screenshots)
-- Read/write files on the local machine
-- Execute shell commands
-- Store memories and learn from interactions
-Rules:
-- Focus on RECURRING, REPETITIVE tasks that benefit from automation
-- Each skill should be a single, well-defined workflow
-- Prioritize tasks the person does frequently
-- Mark tasks as automatable:true only if the agent can handle them end-to-end
-- Name skills in kebab-case
-- Be specific — "check-email" is too vague, "summarize-unread-gmail" is better
-- Generate 5-15 skills depending on job complexity
-- Consider both web-based and file-based workflows
-Respond with ONLY valid JSON array — no markdown wrapping:
-[{"name": "skill-name", "description": "What this skill does", "category": "category", "priority": "high|medium|low", "automatable": true|false}]`;
-/**
- * Decompose a job description into individual skill specifications.
- * This is the first step: understand what the person does and break it into automatable units.
- *
- * Cost: ~$0.003 per call (Haiku, moderate context).
- */
-export async function decomposeJob(
-  jobDescription: string,
-  existingSkillNames: string[] = []
-): Promise<SkillSpec[]> {
-  const config = getConfig();
-  const apiKey = config.anthropicApiKey;
-  if (!apiKey) return [];
-  const existingNote =
-    existingSkillNames.length > 0
-      ? `\n\nThe agent already has these skills (do NOT duplicate): ${existingSkillNames.join(", ")}`
-      : "";
-  try {
-    const response = await fetch("https://api.anthropic.com/v1/messages", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": apiKey,
-        "anthropic-version": "2023-06-01",
-      },
-      body: JSON.stringify({
-        model: "claude-haiku-4-5-20251001",
-        max_tokens: 2048,
-        system: DECOMPOSE_JOB_PROMPT,
-        messages: [
-          {
-            role: "user",
-            content: `<job_description>\n${jobDescription.slice(0, 3000)}\n</job_description>${existingNote}`,
-          },
-        ],
-      }),
-    });
-    if (!response.ok) {
-      const errText = await response.text().catch(() => "");
-      log.debug(`decomposeJob API error: ${response.status} ${errText.slice(0, 300)}`);
-      return [];
-    }
-    const data = await response.json();
-    const text =
-      data.content?.[0]?.type === "text" ? data.content[0].text : "";
-    if (!text) {
-      log.debug(`decomposeJob: empty response from API`);
-      return [];
-    }
-    const jsonStr = text
-      .replace(/```json\n?/g, "")
-      .replace(/```\n?/g, "")
-      .trim();
-    const specs: SkillSpec[] = JSON.parse(jsonStr);
-    if (!Array.isArray(specs)) {
-      log.debug(`decomposeJob: response is not an array: ${jsonStr.slice(0, 200)}`);
-      return [];
-    }
-    // Sanitize names
-    return specs
-      .filter((s) => s.name && s.description)
-      .map((s) => ({
-        ...s,
-        name: s.name
-          .toLowerCase()
-          .replace(/[^a-z0-9-]/g, "-")
-          .replace(/-+/g, "-")
-          .replace(/^-|-$/g, ""),
-      }));
-  } catch (err) {
-    log.debug(`Job decomposition failed: ${err instanceof Error ? err.message : err}`);
-    return [];
-  }
-}
-const GENERATE_PROMPT = `You are a skill authoring system for an AI agent. Given a skill name, description, and context about the user's work, generate detailed step-by-step instructions that the AI agent can follow to execute this skill.
-The AI agent has these capabilities:
-- Control a real Chrome browser (navigate, click, type, read pages, take screenshots)
-- Read/write files on the local machine
-- Execute shell commands (Bash)
-- Store memories about the user
-Rules:
-- Write clear, actionable markdown instructions
-- Use numbered steps with bold action names
-- Include error handling (what to do if a page doesn't load, element not found, etc.)
-- Use placeholders like {query}, {date}, {recipient} for variable inputs
-- Include a $ARGUMENTS line at the top if the skill accepts parameters
-- Be specific about which browser tools to use (browser_navigate, browser_click, etc.)
-- Include validation steps (verify the action worked)
-- Keep instructions thorough but concise (10-25 steps)
-Respond with ONLY valid JSON — no markdown wrapping:
-{"name": "skill-name", "description": "One-line description", "steps": "## Workflow\\n\\n$ARGUMENTS: describe expected arguments\\n\\n1. **Step one**\\n...", "emoji": "🔧", "keywords": ["keyword1", "keyword2"]}`;
-/**
- * Generate a complete skill (with full instructions) from a description.
- * Unlike extractSkillWithLLM which requires a completed task, this generates proactively.
- *
- * Cost: ~$0.003 per generation (Haiku, moderate output).
- */
-export async function generateSkillFromDescription(
-  name: string,
-  description: string,
-  jobContext?: string
-): Promise<ExtractedSkill & { keywords?: string[] } | null> {
-  const config = getConfig();
-  const apiKey = config.anthropicApiKey;
-  if (!apiKey) return null;
-  const contextBlock = jobContext
-    ? `\n\n<user_job_context>\n${jobContext.slice(0, 1000)}\n</user_job_context>`
-    : "";
-  try {
-    const response = await fetch("https://api.anthropic.com/v1/messages", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": apiKey,
-        "anthropic-version": "2023-06-01",
-      },
-      body: JSON.stringify({
-        model: "claude-haiku-4-5-20251001",
-        max_tokens: 2048,
-        system: GENERATE_PROMPT,
-        messages: [
-          {
-            role: "user",
-            content: `Generate a skill for:\nName: ${name}\nDescription: ${description}${contextBlock}`,
-          },
-        ],
-      }),
-    });
-    if (!response.ok) {
-      const errText = await response.text().catch(() => "");
-      log.debug(`generateSkill API error: ${response.status} ${errText.slice(0, 300)}`);
-      return null;
-    }
-    const data = await response.json();
-    const text =
-      data.content?.[0]?.type === "text" ? data.content[0].text : "";
-    if (!text) {
-      log.debug(`generateSkill: empty response from API`);
-      return null;
-    }
-    const jsonStr = text
-      .replace(/```json\n?/g, "")
-      .replace(/```\n?/g, "")
-      .trim();
-    const skill = JSON.parse(jsonStr);
-    if (!skill || !skill.name || !skill.steps) {
-      log.debug(`generateSkill: invalid response structure: ${jsonStr.slice(0, 200)}`);
-      return null;
-    }
-    skill.name = skill.name
-      .toLowerCase()
-      .replace(/[^a-z0-9-]/g, "-")
-      .replace(/-+/g, "-")
-      .replace(/^-|-$/g, "");
-    return skill;
-  } catch (err) {
-    log.debug(`Skill generation failed: ${err instanceof Error ? err.message : err}`);
-    return null;
-  }
-}
-const IMPROVEMENT_PROMPT = `You are a skill improvement system. You have an EXISTING skill (workflow instructions for an AI agent) and a NEW task execution that used this skill. Analyze if the new execution discovered a BETTER approach than what the current skill describes.
-Rules:
-- Only suggest improvements if the new execution found a genuinely better workflow
-- Merge the best parts of the old skill and new execution
-- Keep instructions general/reusable (use placeholders like {product}, {query})
-- Preserve the overall structure but update specific steps that improved
-- If the existing skill is already optimal, return null
-- The output must be the FULL updated skill content (not a diff)
-Respond with ONLY valid JSON — no markdown wrapping:
-If improvement found:
-{"improved_steps": "## Workflow\\n\\n1. **Step one**\\n...", "change_summary": "Brief description of what changed"}
-If no improvement needed:
-null`;
-/**
- * Analyze whether a skill should be improved based on a new task execution.
- * Called when a task used an existing skill and completed successfully.
- */
-export async function analyzeSkillImprovement(
-  existingSkillContent: string,
-  taskPrompt: string,
-  taskResult: string,
-  toolCalls: ToolCallRecord[]
-): Promise<{ improved_steps: string; change_summary: string } | null> {
-  const config = getConfig();
-  const apiKey = config.anthropicApiKey;
-  if (!apiKey) return null;
-  const toolFlow = toolCalls
-    .map((tc, i) => {
-      const inputSummary = Object.entries(tc.input)
-        .map(([k, v]) => `${k}=${String(v).slice(0, 80)}`)
-        .join(", ");
-      return `${i + 1}. ${tc.name}(${inputSummary})`;
-    })
-    .slice(0, 15)
-    .join("\n");
-  const userMessage = `<existing_skill>
-${existingSkillContent.slice(0, 2000)}
-</existing_skill>
-<new_task>
-${taskPrompt.slice(0, 1000)}
-</new_task>
-<actual_tool_flow>
-${toolFlow.slice(0, 2000)}
-</actual_tool_flow>
-<task_result>
-${taskResult.slice(0, 1500)}
-</task_result>`;
-  try {
-    const response = await fetch("https://api.anthropic.com/v1/messages", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": apiKey,
-        "anthropic-version": "2023-06-01",
-      },
-      body: JSON.stringify({
-        model: "claude-haiku-4-5-20251001",
-        max_tokens: 1024,
-        system: IMPROVEMENT_PROMPT,
-        messages: [{ role: "user", content: userMessage }],
-      }),
-    });
-    if (!response.ok) return null;
-    const data = await response.json();
-    const text =
-      data.content?.[0]?.type === "text" ? data.content[0].text : "";
-    if (!text || text.trim() === "null") return null;
-    const jsonStr = text
-      .replace(/```json\n?/g, "")
-      .replace(/```\n?/g, "")
-      .trim();
-    const result = JSON.parse(jsonStr);
-    if (!result || !result.improved_steps) return null;
-    return result;
-  } catch {
-    return null;
-  }
-}

package/src/agent/skills.ts CHANGED Viewed

@@ -388,14 +388,18 @@ export class SkillManager {
         return null;
       }
-      const row = Array.isArray(data) ? data[0] : data;
+      const row = (Array.isArray(data) ? data[0] : data) as Record<string, unknown> | null;
       if (!row) {
         log.debug(`Skill create returned no data for "${name}"`);
         return null;
       }
-      log.info(`Skill "${name}" created in skills table (pending approval)`);
-      return row as { id: string; name: string };
+      // RPC returns out_id/out_name to avoid column ambiguity
+      const id = (row.out_id || row.id) as string;
+      const skillName = (row.out_name || row.name) as string;
+      log.info(`Skill "${skillName}" created in skills table (pending approval)`);
+      return { id, name: skillName };
     } catch (err) {
       log.debug(`Skill create error: ${err}`);
       return null;

package/src/agent/memory-extractor.ts DELETED Viewed

@@ -1,128 +0,0 @@
-import { getConfig } from "../utils/config.js";
-import { log } from "../utils/logger.js";
-import type { MemoryCategory } from "./memory.js";
-/**
- * Extracted memory from LLM analysis of a conversation.
- */
-export interface ExtractedMemory {
-  content: string;
-  category: MemoryCategory;
-  importance: number;
-  tags: string[];
-}
-const EXTRACTION_PROMPT = `You are a memory extraction system. Analyze the following conversation between a user and an AI assistant. Extract any facts worth remembering about the user for future conversations.
-Rules:
-- Only extract FACTUAL information about the user, not about the task itself
-- Be concise: each memory should be a single clear statement
-- Don't extract trivial/obvious things (e.g. "user asked a question")
-- Categories: "preference" (likes/dislikes/habits), "instruction" (standing orders like "always do X"), "context" (work/life info), "fact" (specific facts), "general" (other)
-- Importance: 3-4 for minor preferences, 5-6 for useful context, 7-8 for strong preferences/instructions, 9-10 for critical standing instructions
-- If nothing worth remembering, return an empty array
-- Max 3 memories per conversation
-- Support both English and Chinese content
-Respond with ONLY valid JSON — no markdown, no explanation:
-[{"content": "...", "category": "...", "importance": N, "tags": ["..."]}]
-If nothing to remember: []`;
-/**
- * Use Haiku to analyze a task conversation and extract memories.
- * This runs as a fire-and-forget background task after each completed task.
- * Cost: ~$0.001 per extraction (Haiku is very cheap).
- */
-export async function extractMemoriesWithLLM(
-  taskPrompt: string,
-  taskResult: string
-): Promise<ExtractedMemory[]> {
-  const config = getConfig();
-  const apiKey = config.anthropicApiKey;
-  if (!apiKey) {
-    log.debug("No API key, skipping LLM memory extraction");
-    return [];
-  }
-  // Truncate to keep costs low — Haiku context is cheap but no need to waste
-  const truncatedPrompt = taskPrompt.slice(0, 2000);
-  const truncatedResult = taskResult.slice(0, 3000);
-  const userMessage = `<user_request>
-${truncatedPrompt}
-</user_request>
-<assistant_response>
-${truncatedResult}
-</assistant_response>`;
-  try {
-    const response = await fetch("https://api.anthropic.com/v1/messages", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-api-key": apiKey,
-        "anthropic-version": "2023-06-01",
-      },
-      body: JSON.stringify({
-        model: "claude-haiku-4-5-20251001",
-        max_tokens: 512,
-        system: EXTRACTION_PROMPT,
-        messages: [{ role: "user", content: userMessage }],
-      }),
-    });
-    if (!response.ok) {
-      const errText = await response.text();
-      log.debug(`Memory extraction API error: ${response.status} ${errText.slice(0, 200)}`);
-      return [];
-    }
-    const data = await response.json();
-    // Extract text from response
-    const text =
-      data.content?.[0]?.type === "text" ? data.content[0].text : "";
-    if (!text || text.trim() === "[]") {
-      log.debug("LLM memory extraction: nothing to remember");
-      return [];
-    }
-    // Parse JSON — handle potential markdown wrapping
-    const jsonStr = text.replace(/```json\n?/g, "").replace(/```\n?/g, "").trim();
-    const memories: ExtractedMemory[] = JSON.parse(jsonStr);
-    // Validate
-    const validCategories: MemoryCategory[] = [
-      "general",
-      "preference",
-      "instruction",
-      "context",
-      "skill_learned",
-      "fact",
-    ];
-    return memories
-      .filter(
-        (m) =>
-          m.content &&
-          m.content.length > 5 &&
-          validCategories.includes(m.category)
-      )
-      .map((m) => ({
-        content: m.content.slice(0, 500),
-        category: m.category,
-        importance: Math.max(1, Math.min(10, m.importance || 5)),
-        tags: Array.isArray(m.tags) ? m.tags.slice(0, 5) : [],
-      }))
-      .slice(0, 3); // Max 3 memories per conversation
-  } catch (err) {
-    log.debug(
-      `LLM memory extraction failed: ${err instanceof Error ? err.message : err}`
-    );
-    return [];
-  }
-}

package/src/utils/validation.test.ts DELETED Viewed

@@ -1,153 +0,0 @@
-import { describe, it, expect } from "vitest";
-import {
-  isValidUrl,
-  isValidApiKey,
-  isValidPort,
-  isValidMaxTurns,
-  validateConfig,
-  sanitizeForIlike,
-  sanitizeSelector,
-} from "./validation.js";
-describe("isValidUrl", () => {
-  it("accepts valid HTTPS URLs", () => {
-    expect(isValidUrl("https://example.supabase.co")).toBe(true);
-    expect(isValidUrl("https://localhost:3000")).toBe(true);
-  });
-  it("accepts HTTP URLs", () => {
-    expect(isValidUrl("http://localhost:54321")).toBe(true);
-  });
-  it("rejects invalid URLs", () => {
-    expect(isValidUrl("not-a-url")).toBe(false);
-    expect(isValidUrl("ftp://files.example.com")).toBe(false);
-    expect(isValidUrl("")).toBe(false);
-  });
-});
-describe("isValidApiKey", () => {
-  it("accepts valid Anthropic keys", () => {
-    expect(isValidApiKey("sk-ant-api03-aaaabbbbccccddddeeeeffffgggghhhhiiiijjjj")).toBe(true);
-  });
-  it("rejects invalid keys", () => {
-    expect(isValidApiKey("sk-1234567890")).toBe(false);
-    expect(isValidApiKey("")).toBe(false);
-    expect(isValidApiKey("sk-ant-short")).toBe(false);
-  });
-});
-describe("isValidPort", () => {
-  it("accepts valid ports", () => {
-    expect(isValidPort(9222)).toBe(true);
-    expect(isValidPort(1)).toBe(true);
-    expect(isValidPort(65535)).toBe(true);
-  });
-  it("rejects invalid ports", () => {
-    expect(isValidPort(0)).toBe(false);
-    expect(isValidPort(65536)).toBe(false);
-    expect(isValidPort(-1)).toBe(false);
-    expect(isValidPort(3.5)).toBe(false);
-  });
-});
-describe("isValidMaxTurns", () => {
-  it("accepts valid turn counts", () => {
-    expect(isValidMaxTurns(50)).toBe(true);
-    expect(isValidMaxTurns(1)).toBe(true);
-    expect(isValidMaxTurns(500)).toBe(true);
-  });
-  it("rejects invalid turn counts", () => {
-    expect(isValidMaxTurns(0)).toBe(false);
-    expect(isValidMaxTurns(501)).toBe(false);
-    expect(isValidMaxTurns(-10)).toBe(false);
-  });
-});
-describe("validateConfig", () => {
-  const validConfig = {
-    supabaseUrl: "https://example.supabase.co",
-    supabaseAnonKey: "some-anon-key",
-    anthropicApiKey: "sk-ant-api03-aaaabbbbccccddddeeeeffffgggghhhhiiiijjjj",
-    workspacePath: "/home/user/workspace",
-    maxTurns: 50,
-  };
-  it("validates a correct config", () => {
-    const result = validateConfig(validConfig);
-    expect(result.valid).toBe(true);
-    expect(result.errors).toHaveLength(0);
-  });
-  it("catches missing supabaseUrl", () => {
-    const result = validateConfig({ ...validConfig, supabaseUrl: "" });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("supabaseUrl"))).toBe(true);
-  });
-  it("catches invalid URL format", () => {
-    const result = validateConfig({ ...validConfig, supabaseUrl: "not-url" });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("not a valid URL"))).toBe(true);
-  });
-  it("catches missing API key", () => {
-    const result = validateConfig({ ...validConfig, anthropicApiKey: "" });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("anthropicApiKey"))).toBe(true);
-  });
-  it("catches invalid API key format", () => {
-    const result = validateConfig({ ...validConfig, anthropicApiKey: "bad-key" });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("sk-ant-"))).toBe(true);
-  });
-  it("catches invalid maxTurns", () => {
-    const result = validateConfig({ ...validConfig, maxTurns: 0 });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("maxTurns"))).toBe(true);
-  });
-  it("collects multiple errors", () => {
-    const result = validateConfig({
-      supabaseUrl: "",
-      supabaseAnonKey: "",
-      anthropicApiKey: "",
-      workspacePath: "",
-      maxTurns: -1,
-    });
-    expect(result.valid).toBe(false);
-    expect(result.errors.length).toBeGreaterThanOrEqual(4);
-  });
-});
-describe("sanitizeForIlike", () => {
-  it("escapes % and _ wildcards", () => {
-    expect(sanitizeForIlike("test%value_here")).toBe("test\\%value\\_here");
-  });
-  it("leaves normal strings unchanged", () => {
-    expect(sanitizeForIlike("hello world")).toBe("hello world");
-  });
-});
-describe("sanitizeSelector", () => {
-  it("removes script tags", () => {
-    expect(sanitizeSelector("<script>alert(1)</script>#btn")).toBe(
-      "alert(1)#btn"
-    );
-  });
-  it("removes event handlers", () => {
-    expect(sanitizeSelector("div[onclick=evil]")).toBe("div[evil]");
-  });
-  it("passes through valid selectors", () => {
-    expect(sanitizeSelector("#submit-btn")).toBe("#submit-btn");
-    expect(sanitizeSelector("a.nav-link")).toBe("a.nav-link");
-  });
-});

package/src/utils/validation.ts DELETED Viewed

@@ -1,101 +0,0 @@
-/**
- * Input validation helpers for CLI configuration and tool inputs.
- */
-export interface ValidationResult {
-  valid: boolean;
-  errors: string[];
-}
-/**
- * Validate that a URL is well-formed (https:// or http://).
- */
-export function isValidUrl(url: string): boolean {
-  try {
-    const parsed = new URL(url);
-    return parsed.protocol === "https:" || parsed.protocol === "http:";
-  } catch {
-    return false;
-  }
-}
-/**
- * Validate an Anthropic API key format.
- * Real keys start with "sk-ant-" and are at least 40 chars.
- */
-export function isValidApiKey(key: string): boolean {
-  return key.startsWith("sk-ant-") && key.length >= 40;
-}
-/**
- * Validate a port number is in valid range.
- */
-export function isValidPort(port: number): boolean {
-  return Number.isInteger(port) && port >= 1 && port <= 65535;
-}
-/**
- * Validate maxTurns is a reasonable number.
- */
-export function isValidMaxTurns(turns: number): boolean {
-  return Number.isInteger(turns) && turns >= 1 && turns <= 500;
-}
-/**
- * Validate the full CLI configuration.
- * Returns errors for any required/invalid fields.
- */
-export function validateConfig(config: {
-  supabaseUrl: string;
-  supabaseAnonKey: string;
-  anthropicApiKey: string;
-  workspacePath: string;
-  maxTurns: number;
-}): ValidationResult {
-  const errors: string[] = [];
-  if (!config.supabaseUrl) {
-    errors.push("supabaseUrl is required. Run: assistme config set supabaseUrl <url>");
-  } else if (!isValidUrl(config.supabaseUrl)) {
-    errors.push(`supabaseUrl is not a valid URL: "${config.supabaseUrl}"`);
-  }
-  if (!config.supabaseAnonKey) {
-    errors.push("supabaseAnonKey is required. Run: assistme config set supabaseAnonKey <key>");
-  }
-  if (!config.anthropicApiKey) {
-    errors.push("anthropicApiKey is required. Set ANTHROPIC_API_KEY env var or run: assistme config set anthropicApiKey <key>");
-  } else if (!isValidApiKey(config.anthropicApiKey)) {
-    errors.push("anthropicApiKey does not look like a valid Anthropic key (expected sk-ant-...)");
-  }
-  if (!config.workspacePath) {
-    errors.push("workspacePath is required");
-  }
-  if (!isValidMaxTurns(config.maxTurns)) {
-    errors.push(`maxTurns must be between 1 and 500, got: ${config.maxTurns}`);
-  }
-  return { valid: errors.length === 0, errors };
-}
-/**
- * Sanitize user-provided strings for safe use in ILIKE queries.
- * Escapes SQL wildcards % and _.
- */
-export function sanitizeForIlike(input: string): string {
-  return input.replace(/[%_]/g, "\\$&");
-}
-/**
- * Validate and sanitize a CSS selector to prevent obvious injection.
- */
-export function sanitizeSelector(selector: string): string {
-  // Remove any embedded script tags (opening and closing) or event handlers
-  return selector
-    .replace(/<\/?script[^>]*>/gi, "")
-    .replace(/on\w+\s*=/gi, "")
-    .trim();
-}