chainlesschain 0.45.81 → 0.47.0

package/src/lib/web-fetch.js

@@ -0,0 +1,224 @@
+/**
+ * Web Fetch — agent-safe HTTP(S) GET with allowlist + size/timeout limits.
+ *
+ * Inspired by open-agents web_fetch tool. Guards against SSRF by rejecting
+ * private/loopback hosts unless explicitly allowlisted.
+ */
+
+import http from "http";
+import https from "https";
+import { URL } from "url";
+
+const DEFAULT_MAX_BYTES = 2_000_000;
+const DEFAULT_TIMEOUT_MS = 15_000;
+
+// RFC 1918 + loopback + link-local. Blocked by default unless config.allowPrivateHosts.
+const PRIVATE_HOST_PATTERNS = [
+  /^127\./,
+  /^10\./,
+  /^192\.168\./,
+  /^172\.(1[6-9]|2\d|3[01])\./,
+  /^169\.254\./,
+  /^0\.0\.0\.0$/,
+  /^::1$/,
+  /^localhost$/i,
+];
+
+export function isPrivateHost(host) {
+  if (!host) return true;
+  return PRIVATE_HOST_PATTERNS.some((re) => re.test(host));
+}
+
+export function checkAllowed(urlStr, config = {}) {
+  let parsed;
+  try {
+    parsed = new URL(urlStr);
+  } catch {
+    return { allowed: false, reason: "invalid URL" };
+  }
+  if (!/^https?:$/.test(parsed.protocol)) {
+    return {
+      allowed: false,
+      reason: `unsupported protocol: ${parsed.protocol}`,
+    };
+  }
+  if (isPrivateHost(parsed.hostname) && !config.allowPrivateHosts) {
+    return {
+      allowed: false,
+      reason: `private/loopback host blocked: ${parsed.hostname}`,
+    };
+  }
+  const allowed = Array.isArray(config.allowedDomains)
+    ? config.allowedDomains
+    : ["*"];
+  if (!allowed.includes("*")) {
+    const match = allowed.some((pattern) => {
+      if (pattern.startsWith("*.")) {
+        return parsed.hostname.endsWith(pattern.slice(1));
+      }
+      return parsed.hostname === pattern;
+    });
+    if (!match) {
+      return {
+        allowed: false,
+        reason: `host not in allowedDomains: ${parsed.hostname}`,
+      };
+    }
+  }
+  return { allowed: true, url: parsed };
+}
+
+export function htmlToMarkdown(html) {
+  if (!html) return "";
+  let text = String(html);
+  // Strip scripts/styles entirely
+  text = text.replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, "");
+  text = text.replace(/<style\b[^>]*>[\s\S]*?<\/style>/gi, "");
+  text = text.replace(/<!--[\s\S]*?-->/g, "");
+  // Convert headings
+  text = text.replace(/<h([1-6])[^>]*>([\s\S]*?)<\/h\1>/gi, (_, n, inner) => {
+    return `\n\n${"#".repeat(Number(n))} ${inner.trim()}\n\n`;
+  });
+  // Paragraphs / breaks
+  text = text.replace(/<br\s*\/?>/gi, "\n");
+  text = text.replace(/<\/p>/gi, "\n\n");
+  // Links: [text](href)
+  text = text.replace(
+    /<a\b[^>]*href=["']([^"']+)["'][^>]*>([\s\S]*?)<\/a>/gi,
+    (_, href, inner) => `[${stripTags(inner).trim()}](${href})`,
+  );
+  // List items
+  text = text.replace(/<li[^>]*>([\s\S]*?)<\/li>/gi, (_, inner) => {
+    return `- ${stripTags(inner).trim()}\n`;
+  });
+  // Strip remaining tags
+  text = stripTags(text);
+  // Decode minimal HTML entities
+  text = text
+    .replace(/&nbsp;/g, " ")
+    .replace(/&amp;/g, "&")
+    .replace(/&lt;/g, "<")
+    .replace(/&gt;/g, ">")
+    .replace(/&quot;/g, '"')
+    .replace(/&#39;/g, "'");
+  // Collapse whitespace
+  text = text.replace(/\n{3,}/g, "\n\n").replace(/[ \t]+/g, " ");
+  return text.trim();
+}
+
+function stripTags(html) {
+  return String(html).replace(/<[^>]+>/g, "");
+}
+
+async function _doRequest(parsed, { maxBytes, timeout, headers }) {
+  const lib = parsed.protocol === "https:" ? https : http;
+  return new Promise((resolve, reject) => {
+    const req = lib.request(
+      {
+        method: "GET",
+        protocol: parsed.protocol,
+        hostname: parsed.hostname,
+        port: parsed.port || (parsed.protocol === "https:" ? 443 : 80),
+        path: parsed.pathname + parsed.search,
+        headers: {
+          "User-Agent": "ChainlessChain-Agent/1.0",
+          Accept: "*/*",
+          ...headers,
+        },
+        timeout,
+      },
+      (res) => {
+        if (
+          res.statusCode >= 300 &&
+          res.statusCode < 400 &&
+          res.headers.location
+        ) {
+          res.resume();
+          return resolve({ redirect: res.headers.location });
+        }
+        const chunks = [];
+        let size = 0;
+        res.on("data", (chunk) => {
+          size += chunk.length;
+          if (size > maxBytes) {
+            req.destroy(new Error(`response exceeds maxBytes (${maxBytes})`));
+            return;
+          }
+          chunks.push(chunk);
+        });
+        res.on("end", () => {
+          resolve({
+            statusCode: res.statusCode,
+            headers: res.headers,
+            body: Buffer.concat(chunks).toString("utf8"),
+          });
+        });
+        res.on("error", reject);
+      },
+    );
+    req.on("error", reject);
+    req.on("timeout", () => req.destroy(new Error("request timeout")));
+    req.end();
+  });
+}
+
+export async function webFetch(url, options = {}) {
+  const {
+    format = "markdown",
+    maxBytes = DEFAULT_MAX_BYTES,
+    timeout = DEFAULT_TIMEOUT_MS,
+    config = {},
+    headers = {},
+    maxRedirects = 3,
+  } = options;
+
+  const check = checkAllowed(url, config);
+  if (!check.allowed) {
+    return { error: `web_fetch blocked: ${check.reason}` };
+  }
+
+  let parsed = check.url;
+  let redirects = 0;
+  let response;
+  while (true) {
+    response = await _doRequest(parsed, { maxBytes, timeout, headers });
+    if (!response.redirect) break;
+    if (++redirects > maxRedirects) {
+      return { error: "too many redirects" };
+    }
+    const next = new URL(response.redirect, parsed);
+    const nextCheck = checkAllowed(next.toString(), config);
+    if (!nextCheck.allowed) {
+      return { error: `redirect blocked: ${nextCheck.reason}` };
+    }
+    parsed = nextCheck.url;
+  }
+
+  const { statusCode, headers: respHeaders, body } = response;
+  const contentType = String(respHeaders["content-type"] || "");
+
+  let output = body;
+  let outputFormat = format;
+  if (format === "markdown") {
+    output = /html/i.test(contentType) ? htmlToMarkdown(body) : body;
+  } else if (format === "text") {
+    output = /html/i.test(contentType) ? stripTags(body) : body;
+  } else if (format === "json") {
+    try {
+      output = JSON.parse(body);
+    } catch {
+      return { error: "response is not valid JSON", statusCode, body };
+    }
+  }
+
+  return {
+    url: parsed.toString(),
+    statusCode,
+    contentType,
+    format: outputFormat,
+    bytes: Buffer.byteLength(body, "utf8"),
+    content: output,
+  };
+}
+
+export const _deps = { http, https };

package/src/lib/workflow-expr.js

@@ -0,0 +1,318 @@
+/**
+ * Workflow expression sandbox — evaluate `when` conditions and resolve
+ * typed step-result references for `forEach` expansion.
+ *
+ * SAFETY: hand-written tokenizer + recursive-descent parser, no
+ * `Function` / `eval`. Only the operators below are supported.
+ *
+ * Grammar (informal):
+ *
+ *   expr    := or
+ *   or      := and ( "||" and )*
+ *   and     := not ( "&&" not )*
+ *   not     := "!" not | cmp
+ *   cmp     := primary ( OP primary )?        OP ∈ { == != < <= > >= contains }
+ *   primary := "(" expr ")" | ref | string | number | bool | null
+ *   ref     := "${" "step" "." ID "." ID "}"   OR  "${item}"
+ *
+ * String literals use single or double quotes; `\'` / `\"` / `\\` escapes.
+ *
+ * `evaluate(expr, ctx)` returns a boolean. `ctx` shape:
+ *   {
+ *     step: Map<stepId, { status, taskId, result: { summary, tokenCount, ... } }>,
+ *     item: any,  // for forEach expansion
+ *   }
+ *
+ * `resolveReference(ref, ctx)` returns the raw value of a `${...}` token
+ * (used by forEach to materialize array sources).
+ *
+ * @module workflow-expr
+ */
+
+const TOKEN_OP = new Set([
+  "==",
+  "!=",
+  "<",
+  "<=",
+  ">",
+  ">=",
+  "contains",
+  "&&",
+  "||",
+  "!",
+  "(",
+  ")",
+]);
+
+/**
+ * Tokenize an expression string. Returns an array of `{ type, value }`.
+ * Types: `op`, `ref`, `string`, `number`, `bool`, `null`.
+ */
+export function tokenize(src) {
+  if (typeof src !== "string") throw new Error("expr must be a string");
+  const tokens = [];
+  let i = 0;
+  const n = src.length;
+  while (i < n) {
+    const c = src[i];
+    if (c === " " || c === "\t" || c === "\n") {
+      i++;
+      continue;
+    }
+    if (c === "(" || c === ")") {
+      tokens.push({ type: "op", value: c });
+      i++;
+      continue;
+    }
+    if (c === "$" && src[i + 1] === "{") {
+      const end = src.indexOf("}", i + 2);
+      if (end === -1) throw new Error("unterminated reference");
+      tokens.push({ type: "ref", value: src.slice(i + 2, end).trim() });
+      i = end + 1;
+      continue;
+    }
+    if (c === "'" || c === '"') {
+      let j = i + 1;
+      let out = "";
+      while (j < n && src[j] !== c) {
+        if (src[j] === "\\" && j + 1 < n) {
+          out += src[j + 1];
+          j += 2;
+        } else {
+          out += src[j];
+          j++;
+        }
+      }
+      if (j >= n) throw new Error("unterminated string literal");
+      tokens.push({ type: "string", value: out });
+      i = j + 1;
+      continue;
+    }
+    if (/[0-9-]/.test(c)) {
+      let j = i;
+      if (src[j] === "-") j++;
+      while (j < n && /[0-9.]/.test(src[j])) j++;
+      const lit = src.slice(i, j);
+      const num = Number(lit);
+      if (!Number.isFinite(num)) throw new Error(`bad number: ${lit}`);
+      tokens.push({ type: "number", value: num });
+      i = j;
+      continue;
+    }
+    // Multi-char ops
+    const two = src.slice(i, i + 2);
+    if (
+      two === "==" ||
+      two === "!=" ||
+      two === "<=" ||
+      two === ">=" ||
+      two === "&&" ||
+      two === "||"
+    ) {
+      tokens.push({ type: "op", value: two });
+      i += 2;
+      continue;
+    }
+    if (c === "<" || c === ">" || c === "!") {
+      tokens.push({ type: "op", value: c });
+      i++;
+      continue;
+    }
+    // Identifiers: contains / true / false / null
+    if (/[a-zA-Z_]/.test(c)) {
+      let j = i;
+      while (j < n && /[a-zA-Z0-9_]/.test(src[j])) j++;
+      const id = src.slice(i, j);
+      if (id === "true" || id === "false") {
+        tokens.push({ type: "bool", value: id === "true" });
+      } else if (id === "null") {
+        tokens.push({ type: "null", value: null });
+      } else if (id === "contains") {
+        tokens.push({ type: "op", value: "contains" });
+      } else {
+        throw new Error(`unknown identifier: ${id}`);
+      }
+      i = j;
+      continue;
+    }
+    throw new Error(`unexpected char at ${i}: ${c}`);
+  }
+  return tokens;
+}
+
+/** Resolve a ref token like `step.fetch.summary` or `item` against ctx. */
+export function resolveReference(ref, ctx) {
+  if (ref === "item") return ctx?.item;
+  const parts = ref.split(".");
+  if (parts[0] !== "step") {
+    throw new Error(`unknown reference root: ${parts[0]}`);
+  }
+  if (parts.length !== 3) {
+    throw new Error(`ref must be step.<id>.<field>: ${ref}`);
+  }
+  const [, stepId, field] = parts;
+  const entry = ctx?.step?.get?.(stepId);
+  if (!entry) return undefined;
+  if (field === "status") return entry.status;
+  if (field === "taskId") return entry.taskId;
+  if (field === "summary") return entry.result?.summary;
+  if (field === "tokenCount") return entry.result?.tokenCount;
+  if (field === "iterationCount") return entry.result?.iterationCount;
+  if (field === "toolsUsed") return entry.result?.toolsUsed;
+  if (field === "items") return entry.result?.items;
+  // Generic fallback: look up directly on result
+  return entry.result?.[field];
+}
+
+/** Recursive-descent parser returning an AST. */
+function parse(tokens) {
+  let pos = 0;
+  function peek() {
+    return tokens[pos];
+  }
+  function consume(expected) {
+    const t = tokens[pos];
+    if (!t) throw new Error("unexpected end of expression");
+    if (expected && (t.type !== "op" || t.value !== expected)) {
+      throw new Error(`expected ${expected}, got ${t.value ?? t.type}`);
+    }
+    pos++;
+    return t;
+  }
+  function parseExpr() {
+    return parseOr();
+  }
+  function parseOr() {
+    let left = parseAnd();
+    while (peek() && peek().type === "op" && peek().value === "||") {
+      pos++;
+      const right = parseAnd();
+      left = { kind: "or", left, right };
+    }
+    return left;
+  }
+  function parseAnd() {
+    let left = parseNot();
+    while (peek() && peek().type === "op" && peek().value === "&&") {
+      pos++;
+      const right = parseNot();
+      left = { kind: "and", left, right };
+    }
+    return left;
+  }
+  function parseNot() {
+    if (peek() && peek().type === "op" && peek().value === "!") {
+      pos++;
+      return { kind: "not", expr: parseNot() };
+    }
+    return parseCmp();
+  }
+  function parseCmp() {
+    const left = parsePrimary();
+    const t = peek();
+    const cmpOps = new Set(["==", "!=", "<", "<=", ">", ">=", "contains"]);
+    if (t && t.type === "op" && cmpOps.has(t.value)) {
+      pos++;
+      const right = parsePrimary();
+      return { kind: "cmp", op: t.value, left, right };
+    }
+    // bare value → truthiness check
+    return { kind: "truthy", expr: left };
+  }
+  function parsePrimary() {
+    const t = peek();
+    if (!t) throw new Error("unexpected end of expression");
+    if (t.type === "op" && t.value === "(") {
+      pos++;
+      const e = parseExpr();
+      consume(")");
+      return e;
+    }
+    if (t.type === "ref") {
+      pos++;
+      return { kind: "ref", name: t.value };
+    }
+    if (
+      t.type === "string" ||
+      t.type === "number" ||
+      t.type === "bool" ||
+      t.type === "null"
+    ) {
+      pos++;
+      return { kind: "lit", value: t.value };
+    }
+    throw new Error(`unexpected token: ${t.value ?? t.type}`);
+  }
+
+  const ast = parseExpr();
+  if (pos !== tokens.length) {
+    throw new Error(`trailing tokens at ${pos}`);
+  }
+  return ast;
+}
+
+function evalAst(ast, ctx) {
+  switch (ast.kind) {
+    case "lit":
+      return ast.value;
+    case "ref":
+      return resolveReference(ast.name, ctx);
+    case "not":
+      return !evalAst(ast.expr, ctx);
+    case "and":
+      return evalAst(ast.left, ctx) && evalAst(ast.right, ctx);
+    case "or":
+      return evalAst(ast.left, ctx) || evalAst(ast.right, ctx);
+    case "truthy": {
+      const v = evalAst(ast.expr, ctx);
+      return !!v;
+    }
+    case "cmp": {
+      const l = evalAst(ast.left, ctx);
+      const r = evalAst(ast.right, ctx);
+      switch (ast.op) {
+        case "==":
+          // Loose equality across string/number for ergonomic use
+          // eslint-disable-next-line eqeqeq
+          return l == r;
+        case "!=":
+          // eslint-disable-next-line eqeqeq
+          return l != r;
+        case "<":
+          return l < r;
+        case "<=":
+          return l <= r;
+        case ">":
+          return l > r;
+        case ">=":
+          return l >= r;
+        case "contains": {
+          if (l == null) return false;
+          if (Array.isArray(l)) return l.includes(r);
+          return String(l).includes(String(r));
+        }
+        default:
+          throw new Error(`unknown op: ${ast.op}`);
+      }
+    }
+    default:
+      throw new Error(`unknown node: ${ast.kind}`);
+  }
+}
+
+/** Evaluate an expression string against a context. Returns a boolean. */
+export function evaluate(src, ctx) {
+  const tokens = tokenize(src);
+  const ast = parse(tokens);
+  const v = evalAst(ast, ctx);
+  return !!v;
+}
+
+/** Evaluate an expression and return the raw (non-coerced) value. */
+export function evaluateRaw(src, ctx) {
+  const tokens = tokenize(src);
+  let ast = parse(tokens);
+  // Strip the implicit truthy-wrapper so bare refs return raw values.
+  if (ast.kind === "truthy") ast = ast.expr;
+  return evalAst(ast, ctx);
+}

package/src/repl/agent-repl.js

@@ -39,6 +39,7 @@ import {
 } from "../harness/jsonl-session-store.js";
 import { storeMemory, consolidateMemory } from "../lib/hierarchical-memory.js";
 import { CLIContextEngineering } from "../lib/cli-context-engineering.js";
+import { defaultPrepareCall } from "../lib/turn-context.js";
 import { createChatFn } from "../lib/cowork-adapter.js";
 import {
   detectTaskType,
@@ -1223,6 +1224,9 @@ export async function startAgentRepl(options = {}) {
         apiKey,
         contextEngine,
         iterationBudget,
+        sessionId,
+        cwd: process.cwd(),
+        prepareCall: defaultPrepareCall,
       });
 
       if (response) {