chad-code 1.3.1 → 1.3.2

package/src/permission/arity.ts

@@ -1,163 +0,0 @@
-export namespace BashArity {
-  export function prefix(tokens: string[]) {
-    for (let len = tokens.length; len > 0; len--) {
-      const prefix = tokens.slice(0, len).join(" ")
-      const arity = ARITY[prefix]
-      if (arity !== undefined) return tokens.slice(0, arity)
-    }
-    if (tokens.length === 0) return []
-    return tokens.slice(0, 1)
-  }
-
-  /* Generated with following prompt:
-You are generating a dictionary of command-prefix arities for bash-style commands.
-This dictionary is used to identify the "human-understandable command" from an input shell command.### **RULES (follow strictly)**1. Each entry maps a **command prefix string → number**, representing how many **tokens** define the command.
-2. **Flags NEVER count as tokens**. Only subcommands count.
-3. **Longest matching prefix wins**.
-4. **Only include a longer prefix if its arity is different from what the shorter prefix already implies**.   * Example: If `git` is 2, then do **not** include `git checkout`, `git commit`, etc. unless they require *different* arity.
-5. The output must be a **single JSON object**. Each entry should have a comment with an example real world matching command. DO NOT MAKE ANY OTHER COMMENTS. Should be alphabetical
-6. Include the **most commonly used commands** across many stacks and languages. More is better.### **Semantics examples*** `touch foo.txt` → `touch` (arity 1, explicitly listed)
-* `git checkout main` → `git checkout` (because `git` has arity 2)
-* `npm install` → `npm install` (because `npm` has arity 2)
-* `npm run dev` → `npm run dev` (because `npm run` has arity 3)
-* `python script.py` → `python script.py` (default: whole input, not in dictionary)### **Now generate the dictionary.**
-*/
-  const ARITY: Record<string, number> = {
-    cat: 1, // cat file.txt
-    cd: 1, // cd /path/to/dir
-    chmod: 1, // chmod 755 script.sh
-    chown: 1, // chown user:group file.txt
-    cp: 1, // cp source.txt dest.txt
-    echo: 1, // echo "hello world"
-    env: 1, // env
-    export: 1, // export PATH=/usr/bin
-    grep: 1, // grep pattern file.txt
-    kill: 1, // kill 1234
-    killall: 1, // killall process
-    ln: 1, // ln -s source target
-    ls: 1, // ls -la
-    mkdir: 1, // mkdir new-dir
-    mv: 1, // mv old.txt new.txt
-    ps: 1, // ps aux
-    pwd: 1, // pwd
-    rm: 1, // rm file.txt
-    rmdir: 1, // rmdir empty-dir
-    sleep: 1, // sleep 5
-    source: 1, // source ~/.bashrc
-    tail: 1, // tail -f log.txt
-    touch: 1, // touch file.txt
-    unset: 1, // unset VAR
-    which: 1, // which node
-    aws: 3, // aws s3 ls
-    az: 3, // az storage blob list
-    bazel: 2, // bazel build
-    brew: 2, // brew install node
-    bun: 2, // bun install
-    "bun run": 3, // bun run dev
-    "bun x": 3, // bun x vite
-    cargo: 2, // cargo build
-    "cargo add": 3, // cargo add tokio
-    "cargo run": 3, // cargo run main
-    cdk: 2, // cdk deploy
-    cf: 2, // cf push app
-    cmake: 2, // cmake build
-    composer: 2, // composer require laravel
-    consul: 2, // consul members
-    "consul kv": 3, // consul kv get config/app
-    crictl: 2, // crictl ps
-    deno: 2, // deno run server.ts
-    "deno task": 3, // deno task dev
-    doctl: 3, // doctl kubernetes cluster list
-    docker: 2, // docker run nginx
-    "docker builder": 3, // docker builder prune
-    "docker compose": 3, // docker compose up
-    "docker container": 3, // docker container ls
-    "docker image": 3, // docker image prune
-    "docker network": 3, // docker network inspect
-    "docker volume": 3, // docker volume ls
-    eksctl: 2, // eksctl get clusters
-    "eksctl create": 3, // eksctl create cluster
-    firebase: 2, // firebase deploy
-    flyctl: 2, // flyctl deploy
-    gcloud: 3, // gcloud compute instances list
-    gh: 3, // gh pr list
-    git: 2, // git checkout main
-    "git config": 3, // git config user.name
-    "git remote": 3, // git remote add origin
-    "git stash": 3, // git stash pop
-    go: 2, // go build
-    gradle: 2, // gradle build
-    helm: 2, // helm install mychart
-    heroku: 2, // heroku logs
-    hugo: 2, // hugo new site blog
-    ip: 2, // ip link show
-    "ip addr": 3, // ip addr show
-    "ip link": 3, // ip link set eth0 up
-    "ip netns": 3, // ip netns exec foo bash
-    "ip route": 3, // ip route add default via 1.1.1.1
-    kind: 2, // kind delete cluster
-    "kind create": 3, // kind create cluster
-    kubectl: 2, // kubectl get pods
-    "kubectl kustomize": 3, // kubectl kustomize overlays/dev
-    "kubectl rollout": 3, // kubectl rollout restart deploy/api
-    kustomize: 2, // kustomize build .
-    make: 2, // make build
-    mc: 2, // mc ls myminio
-    "mc admin": 3, // mc admin info myminio
-    minikube: 2, // minikube start
-    mongosh: 2, // mongosh test
-    mysql: 2, // mysql -u root
-    mvn: 2, // mvn compile
-    ng: 2, // ng generate component home
-    npm: 2, // npm install
-    "npm exec": 3, // npm exec vite
-    "npm init": 3, // npm init vue
-    "npm run": 3, // npm run dev
-    "npm view": 3, // npm view react version
-    nvm: 2, // nvm use 18
-    nx: 2, // nx build
-    openssl: 2, // openssl genrsa 2048
-    "openssl req": 3, // openssl req -new -key key.pem
-    "openssl x509": 3, // openssl x509 -in cert.pem
-    pip: 2, // pip install numpy
-    pipenv: 2, // pipenv install flask
-    pnpm: 2, // pnpm install
-    "pnpm dlx": 3, // pnpm dlx create-next-app
-    "pnpm exec": 3, // pnpm exec vite
-    "pnpm run": 3, // pnpm run dev
-    poetry: 2, // poetry add requests
-    podman: 2, // podman run alpine
-    "podman container": 3, // podman container ls
-    "podman image": 3, // podman image prune
-    psql: 2, // psql -d mydb
-    pulumi: 2, // pulumi up
-    "pulumi stack": 3, // pulumi stack output
-    pyenv: 2, // pyenv install 3.11
-    python: 2, // python -m venv env
-    rake: 2, // rake db:migrate
-    rbenv: 2, // rbenv install 3.2.0
-    "redis-cli": 2, // redis-cli ping
-    rustup: 2, // rustup update
-    serverless: 2, // serverless invoke
-    sfdx: 3, // sfdx force:org:list
-    skaffold: 2, // skaffold dev
-    sls: 2, // sls deploy
-    sst: 2, // sst deploy
-    swift: 2, // swift build
-    systemctl: 2, // systemctl restart nginx
-    terraform: 2, // terraform apply
-    "terraform workspace": 3, // terraform workspace select prod
-    tmux: 2, // tmux new -s dev
-    turbo: 2, // turbo run build
-    ufw: 2, // ufw allow 22
-    vault: 2, // vault login
-    "vault auth": 3, // vault auth list
-    "vault kv": 3, // vault kv get secret/api
-    vercel: 2, // vercel deploy
-    volta: 2, // volta install node
-    wp: 2, // wp plugin install
-    yarn: 2, // yarn add react
-    "yarn dlx": 3, // yarn dlx create-react-app
-    "yarn run": 3, // yarn run dev
-  }
-}

package/src/permission/index.ts

@@ -1,210 +0,0 @@
-import { BusEvent } from "@/bus/bus-event"
-import { Bus } from "@/bus"
-import z from "zod"
-import { Log } from "../util/log"
-import { Identifier } from "../id/id"
-import { Plugin } from "../plugin"
-import { Instance } from "../project/instance"
-import { Wildcard } from "../util/wildcard"
-
-export namespace Permission {
-  const log = Log.create({ service: "permission" })
-
-  function toKeys(pattern: Info["pattern"], type: string): string[] {
-    return pattern === undefined ? [type] : Array.isArray(pattern) ? pattern : [pattern]
-  }
-
-  function covered(keys: string[], approved: Record<string, boolean>): boolean {
-    const pats = Object.keys(approved)
-    return keys.every((k) => pats.some((p) => Wildcard.match(k, p)))
-  }
-
-  export const Info = z
-    .object({
-      id: z.string(),
-      type: z.string(),
-      pattern: z.union([z.string(), z.array(z.string())]).optional(),
-      sessionID: z.string(),
-      messageID: z.string(),
-      callID: z.string().optional(),
-      message: z.string(),
-      metadata: z.record(z.string(), z.any()),
-      time: z.object({
-        created: z.number(),
-      }),
-    })
-    .meta({
-      ref: "Permission",
-    })
-  export type Info = z.infer<typeof Info>
-
-  export const Event = {
-    Updated: BusEvent.define("permission.updated", Info),
-    Replied: BusEvent.define(
-      "permission.replied",
-      z.object({
-        sessionID: z.string(),
-        permissionID: z.string(),
-        response: z.string(),
-      }),
-    ),
-  }
-
-  const state = Instance.state(
-    () => {
-      const pending: {
-        [sessionID: string]: {
-          [permissionID: string]: {
-            info: Info
-            resolve: () => void
-            reject: (e: any) => void
-          }
-        }
-      } = {}
-
-      const approved: {
-        [sessionID: string]: {
-          [permissionID: string]: boolean
-        }
-      } = {}
-
-      return {
-        pending,
-        approved,
-      }
-    },
-    async (state) => {
-      for (const pending of Object.values(state.pending)) {
-        for (const item of Object.values(pending)) {
-          item.reject(new RejectedError(item.info.sessionID, item.info.id, item.info.callID, item.info.metadata))
-        }
-      }
-    },
-  )
-
-  export function pending() {
-    return state().pending
-  }
-
-  export function list() {
-    const { pending } = state()
-    const result: Info[] = []
-    for (const items of Object.values(pending)) {
-      for (const item of Object.values(items)) {
-        result.push(item.info)
-      }
-    }
-    return result.sort((a, b) => a.id.localeCompare(b.id))
-  }
-
-  export async function ask(input: {
-    type: Info["type"]
-    message: Info["message"]
-    pattern?: Info["pattern"]
-    callID?: Info["callID"]
-    sessionID: Info["sessionID"]
-    messageID: Info["messageID"]
-    metadata: Info["metadata"]
-  }) {
-    const { pending, approved } = state()
-    log.info("asking", {
-      sessionID: input.sessionID,
-      messageID: input.messageID,
-      toolCallID: input.callID,
-      pattern: input.pattern,
-    })
-    const approvedForSession = approved[input.sessionID] || {}
-    const keys = toKeys(input.pattern, input.type)
-    if (covered(keys, approvedForSession)) return
-    const info: Info = {
-      id: Identifier.ascending("permission"),
-      type: input.type,
-      pattern: input.pattern,
-      sessionID: input.sessionID,
-      messageID: input.messageID,
-      callID: input.callID,
-      message: input.message,
-      metadata: input.metadata,
-      time: {
-        created: Date.now(),
-      },
-    }
-
-    switch (
-      await Plugin.trigger("permission.ask", info, {
-        status: "ask",
-      }).then((x) => x.status)
-    ) {
-      case "deny":
-        throw new RejectedError(info.sessionID, info.id, info.callID, info.metadata)
-      case "allow":
-        return
-    }
-
-    pending[input.sessionID] = pending[input.sessionID] || {}
-    return new Promise<void>((resolve, reject) => {
-      pending[input.sessionID][info.id] = {
-        info,
-        resolve,
-        reject,
-      }
-      Bus.publish(Event.Updated, info)
-    })
-  }
-
-  export const Response = z.enum(["once", "always", "reject"])
-  export type Response = z.infer<typeof Response>
-
-  export function respond(input: { sessionID: Info["sessionID"]; permissionID: Info["id"]; response: Response }) {
-    log.info("response", input)
-    const { pending, approved } = state()
-    const match = pending[input.sessionID]?.[input.permissionID]
-    if (!match) return
-    delete pending[input.sessionID][input.permissionID]
-    Bus.publish(Event.Replied, {
-      sessionID: input.sessionID,
-      permissionID: input.permissionID,
-      response: input.response,
-    })
-    if (input.response === "reject") {
-      match.reject(new RejectedError(input.sessionID, input.permissionID, match.info.callID, match.info.metadata))
-      return
-    }
-    match.resolve()
-    if (input.response === "always") {
-      approved[input.sessionID] = approved[input.sessionID] || {}
-      const approveKeys = toKeys(match.info.pattern, match.info.type)
-      for (const k of approveKeys) {
-        approved[input.sessionID][k] = true
-      }
-      const items = pending[input.sessionID]
-      if (!items) return
-      for (const item of Object.values(items)) {
-        const itemKeys = toKeys(item.info.pattern, item.info.type)
-        if (covered(itemKeys, approved[input.sessionID])) {
-          respond({
-            sessionID: item.info.sessionID,
-            permissionID: item.info.id,
-            response: input.response,
-          })
-        }
-      }
-    }
-  }
-
-  export class RejectedError extends Error {
-    constructor(
-      public readonly sessionID: string,
-      public readonly permissionID: string,
-      public readonly toolCallID?: string,
-      public readonly metadata?: Record<string, any>,
-      public readonly reason?: string,
-    ) {
-      super(
-        reason !== undefined
-          ? reason
-          : `The user rejected permission to use this specific tool call. You may try again with different parameters.`,
-      )
-    }
-  }
-}

package/src/permission/next.ts

@@ -1,268 +0,0 @@
-import { Bus } from "@/bus"
-import { BusEvent } from "@/bus/bus-event"
-import { Config } from "@/config/config"
-import { Identifier } from "@/id/id"
-import { Instance } from "@/project/instance"
-import { Storage } from "@/storage/storage"
-import { fn } from "@/util/fn"
-import { Log } from "@/util/log"
-import { Wildcard } from "@/util/wildcard"
-import z from "zod"
-
-export namespace PermissionNext {
-  const log = Log.create({ service: "permission" })
-
-  export const Action = z.enum(["allow", "deny", "ask"]).meta({
-    ref: "PermissionAction",
-  })
-  export type Action = z.infer<typeof Action>
-
-  export const Rule = z
-    .object({
-      permission: z.string(),
-      pattern: z.string(),
-      action: Action,
-    })
-    .meta({
-      ref: "PermissionRule",
-    })
-  export type Rule = z.infer<typeof Rule>
-
-  export const Ruleset = Rule.array().meta({
-    ref: "PermissionRuleset",
-  })
-  export type Ruleset = z.infer<typeof Ruleset>
-
-  export function fromConfig(permission: Config.Permission) {
-    const ruleset: Ruleset = []
-    for (const [key, value] of Object.entries(permission)) {
-      if (typeof value === "string") {
-        ruleset.push({
-          permission: key,
-          action: value,
-          pattern: "*",
-        })
-        continue
-      }
-      ruleset.push(...Object.entries(value).map(([pattern, action]) => ({ permission: key, pattern, action })))
-    }
-    return ruleset
-  }
-
-  export function merge(...rulesets: Ruleset[]): Ruleset {
-    return rulesets.flat()
-  }
-
-  export const Request = z
-    .object({
-      id: Identifier.schema("permission"),
-      sessionID: Identifier.schema("session"),
-      permission: z.string(),
-      patterns: z.string().array(),
-      metadata: z.record(z.string(), z.any()),
-      always: z.string().array(),
-      tool: z
-        .object({
-          messageID: z.string(),
-          callID: z.string(),
-        })
-        .optional(),
-    })
-    .meta({
-      ref: "PermissionRequest",
-    })
-
-  export type Request = z.infer<typeof Request>
-
-  export const Reply = z.enum(["once", "always", "reject"])
-  export type Reply = z.infer<typeof Reply>
-
-  export const Approval = z.object({
-    projectID: z.string(),
-    patterns: z.string().array(),
-  })
-
-  export const Event = {
-    Asked: BusEvent.define("permission.asked", Request),
-    Replied: BusEvent.define(
-      "permission.replied",
-      z.object({
-        sessionID: z.string(),
-        requestID: z.string(),
-        reply: Reply,
-      }),
-    ),
-  }
-
-  const state = Instance.state(async () => {
-    const projectID = Instance.project.id
-    const stored = await Storage.read<Ruleset>(["permission", projectID]).catch(() => [] as Ruleset)
-
-    const pending: Record<
-      string,
-      {
-        info: Request
-        resolve: () => void
-        reject: (e: any) => void
-      }
-    > = {}
-
-    return {
-      pending,
-      approved: stored,
-    }
-  })
-
-  export const ask = fn(
-    Request.partial({ id: true }).extend({
-      ruleset: Ruleset,
-    }),
-    async (input) => {
-      const s = await state()
-      const { ruleset, ...request } = input
-      for (const pattern of request.patterns ?? []) {
-        const rule = evaluate(request.permission, pattern, ruleset, s.approved)
-        log.info("evaluated", { permission: request.permission, pattern, action: rule })
-        if (rule.action === "deny")
-          throw new DeniedError(ruleset.filter((r) => Wildcard.match(request.permission, r.permission)))
-        if (rule.action === "ask") {
-          const id = input.id ?? Identifier.ascending("permission")
-          return new Promise<void>((resolve, reject) => {
-            const info: Request = {
-              id,
-              ...request,
-            }
-            s.pending[id] = {
-              info,
-              resolve,
-              reject,
-            }
-            Bus.publish(Event.Asked, info)
-          })
-        }
-        if (rule.action === "allow") continue
-      }
-    },
-  )
-
-  export const reply = fn(
-    z.object({
-      requestID: Identifier.schema("permission"),
-      reply: Reply,
-      message: z.string().optional(),
-    }),
-    async (input) => {
-      const s = await state()
-      const existing = s.pending[input.requestID]
-      if (!existing) return
-      delete s.pending[input.requestID]
-      Bus.publish(Event.Replied, {
-        sessionID: existing.info.sessionID,
-        requestID: existing.info.id,
-        reply: input.reply,
-      })
-      if (input.reply === "reject") {
-        existing.reject(input.message ? new CorrectedError(input.message) : new RejectedError())
-        // Reject all other pending permissions for this session
-        const sessionID = existing.info.sessionID
-        for (const [id, pending] of Object.entries(s.pending)) {
-          if (pending.info.sessionID === sessionID) {
-            delete s.pending[id]
-            Bus.publish(Event.Replied, {
-              sessionID: pending.info.sessionID,
-              requestID: pending.info.id,
-              reply: "reject",
-            })
-            pending.reject(new RejectedError())
-          }
-        }
-        return
-      }
-      if (input.reply === "once") {
-        existing.resolve()
-        return
-      }
-      if (input.reply === "always") {
-        for (const pattern of existing.info.always) {
-          s.approved.push({
-            permission: existing.info.permission,
-            pattern,
-            action: "allow",
-          })
-        }
-
-        existing.resolve()
-
-        const sessionID = existing.info.sessionID
-        for (const [id, pending] of Object.entries(s.pending)) {
-          if (pending.info.sessionID !== sessionID) continue
-          const ok = pending.info.patterns.every(
-            (pattern) => evaluate(pending.info.permission, pattern, s.approved).action === "allow",
-          )
-          if (!ok) continue
-          delete s.pending[id]
-          Bus.publish(Event.Replied, {
-            sessionID: pending.info.sessionID,
-            requestID: pending.info.id,
-            reply: "always",
-          })
-          pending.resolve()
-        }
-
-        // TODO: we don't save the permission ruleset to disk yet until there's
-        // UI to manage it
-        // await Storage.write(["permission", Instance.project.id], s.approved)
-        return
-      }
-    },
-  )
-
-  export function evaluate(permission: string, pattern: string, ...rulesets: Ruleset[]): Rule {
-    const merged = merge(...rulesets)
-    log.info("evaluate", { permission, pattern, ruleset: merged })
-    const match = merged.findLast(
-      (rule) => Wildcard.match(permission, rule.permission) && Wildcard.match(pattern, rule.pattern),
-    )
-    return match ?? { action: "ask", permission, pattern: "*" }
-  }
-
-  const EDIT_TOOLS = ["edit", "write", "patch", "multiedit"]
-
-  export function disabled(tools: string[], ruleset: Ruleset): Set<string> {
-    const result = new Set<string>()
-    for (const tool of tools) {
-      const permission = EDIT_TOOLS.includes(tool) ? "edit" : tool
-      if (evaluate(permission, "*", ruleset).action === "deny") {
-        result.add(tool)
-      }
-    }
-    return result
-  }
-
-  /** User rejected without message - halts execution */
-  export class RejectedError extends Error {
-    constructor() {
-      super(`The user rejected permission to use this specific tool call.`)
-    }
-  }
-
-  /** User rejected with message - continues with guidance */
-  export class CorrectedError extends Error {
-    constructor(message: string) {
-      super(`The user rejected permission to use this specific tool call with the following feedback: ${message}`)
-    }
-  }
-
-  /** Auto-rejected by config rule - halts execution */
-  export class DeniedError extends Error {
-    constructor(public readonly ruleset: Ruleset) {
-      super(
-        `The user has specified a rule which prevents you from using this specific tool call. Here are some of the relevant rules ${JSON.stringify(ruleset)}`,
-      )
-    }
-  }
-
-  export async function list() {
-    return state().then((x) => Object.values(x.pending).map((x) => x.info))
-  }
-}