cli4ai 1.2.0 → 1.2.1

package/src/core/manifest.ts

@@ -1,327 +0,0 @@
-/**
- * cli4ai.json manifest validation and parsing
- */
-
-import { readFileSync, existsSync } from 'fs';
-import { resolve, dirname, basename } from 'path';
-import { outputError } from '../lib/cli.js';
-
-// ═══════════════════════════════════════════════════════════════════════════
-// ERRORS
-// ═══════════════════════════════════════════════════════════════════════════
-
-export class ManifestValidationError extends Error {
-  constructor(
-    message: string,
-    public details?: Record<string, unknown>
-  ) {
-    super(message);
-    this.name = 'ManifestValidationError';
-  }
-}
-
-// ═══════════════════════════════════════════════════════════════════════════
-// TYPES
-// ═══════════════════════════════════════════════════════════════════════════
-
-export interface CommandArg {
-  name: string;
-  description?: string;
-  required?: boolean;
-  type?: 'string' | 'number' | 'boolean';
-  default?: string | number | boolean;
-}
-
-export interface CommandOption {
-  name: string;
-  short?: string;
-  description?: string;
-  type?: 'string' | 'number' | 'boolean';
-  default?: string | number | boolean;
-}
-
-export interface CommandDef {
-  description: string;
-  args?: CommandArg[];
-  options?: CommandOption[];
-}
-
-export interface EnvDef {
-  required?: boolean;
-  description?: string;
-  default?: string;
-  secret?: boolean;
-}
-
-export interface McpConfig {
-  enabled?: boolean;
-  transport?: 'stdio' | 'http';
-  port?: number;
-}
-
-export interface Manifest {
-  // Required fields
-  name: string;
-  version: string;
-  entry: string;
-
-  // Optional metadata
-  description?: string;
-  author?: string;
-  license?: string;
-  repository?: string;
-  homepage?: string;
-  keywords?: string[];
-
-  // Runtime (node is default, bun kept for backwards compatibility)
-  runtime?: 'node' | 'bun';
-
-  // Commands (for MCP generation)
-  commands?: Record<string, CommandDef>;
-
-  // Environment variables
-  env?: Record<string, EnvDef>;
-
-  // Dependencies
-  dependencies?: Record<string, string>;
-  peerDependencies?: Record<string, string>;
-
-  // MCP configuration
-  mcp?: McpConfig;
-
-  // Scripts
-  scripts?: Record<string, string>;
-
-  // Files to include when publishing
-  files?: string[];
-}
-
-// ═══════════════════════════════════════════════════════════════════════════
-// VALIDATION
-// ═══════════════════════════════════════════════════════════════════════════
-
-const NAME_PATTERN = /^[a-z][a-z0-9-]*$/;
-const VERSION_PATTERN = /^\d+\.\d+\.\d+(-[a-zA-Z0-9.]+)?$/;
-
-export function validateManifest(manifest: unknown, source?: string): Manifest {
-  if (!manifest || typeof manifest !== 'object') {
-    throw new ManifestValidationError('Manifest must be an object', { source });
-  }
-
-  const m = manifest as Record<string, unknown>;
-
-  // Required: name
-  if (typeof m.name !== 'string' || !NAME_PATTERN.test(m.name)) {
-    throw new ManifestValidationError('Invalid or missing "name" (lowercase letters, numbers, hyphens)', {
-      source,
-      got: m.name
-    });
-  }
-
-  // Required: version
-  if (typeof m.version !== 'string' || !VERSION_PATTERN.test(m.version)) {
-    throw new ManifestValidationError('Invalid or missing "version" (semver format: x.y.z)', {
-      source,
-      got: m.version
-    });
-  }
-
-  // Required: entry
-  if (typeof m.entry !== 'string' || m.entry.length === 0) {
-    throw new ManifestValidationError('Invalid or missing "entry" (path to main file)', {
-      source,
-      got: m.entry
-    });
-  }
-
-  // SECURITY: Validate entry is a relative path that stays within package directory
-  if (m.entry.startsWith('/') || m.entry.startsWith('\\') || m.entry.includes('..')) {
-    throw new ManifestValidationError(
-      'Invalid "entry" - must be a relative path without ".." (security: path traversal)',
-      { source, got: m.entry }
-    );
-  }
-
-  // Optional: runtime (deno not supported)
-  if (m.runtime !== undefined && !['bun', 'node'].includes(m.runtime as string)) {
-    throw new ManifestValidationError('Invalid "runtime" (must be bun or node)', {
-      source,
-      got: m.runtime
-    });
-  }
-
-  // Optional: commands
-  if (m.commands !== undefined) {
-    if (typeof m.commands !== 'object' || m.commands === null) {
-      throw new ManifestValidationError('Invalid "commands" (must be an object)', { source });
-    }
-    for (const [cmdName, cmdDef] of Object.entries(m.commands as object)) {
-      if (typeof cmdDef !== 'object' || cmdDef === null) {
-        throw new ManifestValidationError(`Invalid command definition for "${cmdName}"`, { source });
-      }
-      const def = cmdDef as Record<string, unknown>;
-      if (typeof def.description !== 'string') {
-        throw new ManifestValidationError(`Command "${cmdName}" missing description`, { source });
-      }
-    }
-  }
-
-  return manifest as Manifest;
-}
-
-// ═══════════════════════════════════════════════════════════════════════════
-// LOADING
-// ═══════════════════════════════════════════════════════════════════════════
-
-export const MANIFEST_FILENAME = 'cli4ai.json';
-
-export class ManifestNotFoundError extends Error {
-  constructor(public path: string) {
-    super(`No ${MANIFEST_FILENAME} found at ${path}`);
-    this.name = 'ManifestNotFoundError';
-  }
-}
-
-export class ManifestParseError extends Error {
-  constructor(public path: string, message: string) {
-    super(message);
-    this.name = 'ManifestParseError';
-  }
-}
-
-/**
- * Load and validate cli4ai.json from a directory (throws on error)
- * Use this for programmatic/testable usage
- */
-export function loadManifestOrThrow(dir: string): Manifest {
-  const manifestPath = resolve(dir, MANIFEST_FILENAME);
-
-  if (!existsSync(manifestPath)) {
-    throw new ManifestNotFoundError(manifestPath);
-  }
-
-  let content: string;
-  try {
-    content = readFileSync(manifestPath, 'utf-8');
-  } catch (err) {
-    throw new ManifestParseError(manifestPath, `Failed to read: ${err instanceof Error ? err.message : String(err)}`);
-  }
-
-  let data: unknown;
-  try {
-    data = JSON.parse(content);
-  } catch {
-    throw new ManifestParseError(manifestPath, 'Invalid JSON');
-  }
-
-  return validateManifest(data, manifestPath);
-}
-
-/**
- * Load manifest from package.json (fallback for npm packages)
- */
-export function loadFromPackageJson(dir: string): Manifest | null {
-  const pkgJsonPath = resolve(dir, 'package.json');
-  if (!existsSync(pkgJsonPath)) return null;
-
-  try {
-    const content = readFileSync(pkgJsonPath, 'utf-8');
-    const pkg = JSON.parse(content);
-
-    // Extract name without @cli4ai/ scope
-    const name = pkg.name?.replace('@cli4ai/', '') || basename(dir);
-
-    return {
-      name,
-      version: pkg.version || '1.0.0',
-      entry: pkg.main || 'run.ts',
-      description: pkg.description,
-      author: pkg.author,
-      license: pkg.license,
-      runtime: 'node',
-      keywords: pkg.keywords
-    };
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Load and validate cli4ai.json from a directory
- * Falls back to package.json for npm packages
- * Exits with error on failure (for CLI usage)
- */
-export function loadManifest(dir: string): Manifest {
-  // Try cli4ai.json first
-  try {
-    return loadManifestOrThrow(dir);
-  } catch (err) {
-    if (err instanceof ManifestNotFoundError) {
-      // Fallback to package.json
-      const fromPkgJson = loadFromPackageJson(dir);
-      if (fromPkgJson) return fromPkgJson;
-
-      outputError('NOT_FOUND', `No ${MANIFEST_FILENAME} found`, {
-        path: err.path,
-        hint: 'Run "cli4ai init" to create one'
-      });
-    }
-    if (err instanceof ManifestParseError) {
-      outputError('PARSE_ERROR', err.message, { path: err.path });
-    }
-    if (err instanceof ManifestValidationError) {
-      outputError('MANIFEST_ERROR', err.message, err.details);
-    }
-    throw err;
-  }
-}
-
-/**
- * Try to load manifest, return null if not found
- */
-export function tryLoadManifest(dir: string): Manifest | null {
-  const manifestPath = resolve(dir, MANIFEST_FILENAME);
-  if (!existsSync(manifestPath)) return null;
-
-  try {
-    const content = readFileSync(manifestPath, 'utf-8');
-    const data = JSON.parse(content);
-    return validateManifest(data, manifestPath);
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Find manifest by walking up directory tree
- */
-export function findManifest(startDir?: string): { manifest: Manifest; dir: string } | null {
-  let dir = startDir || process.cwd();
-
-  for (let i = 0; i < 10; i++) {
-    const manifest = tryLoadManifest(dir);
-    if (manifest) {
-      return { manifest, dir };
-    }
-
-    const parent = dirname(dir);
-    if (parent === dir) break;
-    dir = parent;
-  }
-
-  return null;
-}
-
-/**
- * Create a minimal manifest
- */
-export function createManifest(name: string, options: Partial<Manifest> = {}): Manifest {
-  return {
-    name: name.toLowerCase().replace(/[^a-z0-9-]/g, '-'),
-    version: '1.0.0',
-    entry: 'run.ts',
-    runtime: 'node',
-    description: options.description || `${name} tool`,
-    ...options
-  };
-}

package/src/core/registry.ts

@@ -1,165 +0,0 @@
-/**
- * Package Registry
- *
- * Fetches and caches package metadata from cli4ai.com registry.
- * Provides integrity hashes for verification.
- */
-
-import { createHash } from 'crypto';
-import { readdirSync, readFileSync, existsSync } from 'fs';
-import { join } from 'path';
-
-const REGISTRY_URL = 'https://cli4ai.com/registry/packages.json';
-const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
-
-interface RegistryPackage {
-  name: string;
-  version: string;
-  description: string;
-  integrity: string;
-  readme: string;
-  commands: Record<string, { description: string; args?: Array<{ name: string; required: boolean }> }>;
-  dependencies: Record<string, string>;
-  env: Record<string, { required: boolean; description: string }>;
-  category: string;
-  keywords: string[];
-  author: string;
-  license: string;
-  runtime: string;
-  mcp: boolean;
-  repository: string;
-  homepage: string;
-  npm: string;
-  updatedAt: string;
-}
-
-interface Registry {
-  version: number;
-  generatedAt: string;
-  packages: RegistryPackage[];
-}
-
-// In-memory cache
-let cachedRegistry: Registry | null = null;
-let cacheTimestamp = 0;
-
-/**
- * Fetch registry from cli4ai.com
- */
-export async function fetchRegistry(): Promise<Registry | null> {
-  // Return cached if fresh
-  if (cachedRegistry && Date.now() - cacheTimestamp < CACHE_TTL) {
-    return cachedRegistry;
-  }
-
-  try {
-    const response = await fetch(REGISTRY_URL, {
-      headers: { 'Accept': 'application/json' },
-      signal: AbortSignal.timeout(10000), // 10 second timeout
-    });
-
-    if (!response.ok) {
-      return null;
-    }
-
-    const registry = await response.json() as Registry;
-    cachedRegistry = registry;
-    cacheTimestamp = Date.now();
-    return registry;
-  } catch {
-    // Return cached even if stale, or null if no cache
-    return cachedRegistry;
-  }
-}
-
-/**
- * Get package info from registry
- */
-export async function getRegistryPackage(name: string): Promise<RegistryPackage | null> {
-  const registry = await fetchRegistry();
-  if (!registry) return null;
-
-  return registry.packages.find(p => p.name === name) || null;
-}
-
-/**
- * Get integrity hash for a package from registry
- */
-export async function getRegistryIntegrity(name: string): Promise<string | null> {
-  const pkg = await getRegistryPackage(name);
-  return pkg?.integrity || null;
-}
-
-/**
- * Get all package names from registry
- */
-export async function getRegistryPackageNames(): Promise<string[]> {
-  const registry = await fetchRegistry();
-  if (!registry) return [];
-  return registry.packages.map(p => p.name);
-}
-
-/**
- * Compute SHA-512 integrity hash for a directory
- * Same algorithm as used by generate-registry.ts
- */
-export function computeDirectoryIntegrity(dirPath: string): string {
-  const hash = createHash('sha512');
-
-  function processDir(dir: string) {
-    const entries = readdirSync(dir, { withFileTypes: true }).sort((a, b) =>
-      a.name.localeCompare(b.name)
-    );
-
-    for (const entry of entries) {
-      const fullPath = join(dir, entry.name);
-
-      // Skip node_modules and hidden files
-      if (entry.name === 'node_modules' || entry.name.startsWith('.')) {
-        continue;
-      }
-
-      if (entry.isDirectory()) {
-        processDir(fullPath);
-      } else if (entry.isFile()) {
-        // Include relative path in hash for structure integrity
-        const relativePath = fullPath.slice(dirPath.length + 1);
-        hash.update(relativePath);
-        hash.update(readFileSync(fullPath));
-      }
-    }
-  }
-
-  processDir(dirPath);
-  return `sha512-${hash.digest('base64')}`;
-}
-
-/**
- * Verify package integrity against registry
- */
-export async function verifyPackageIntegrity(
-  packageName: string,
-  packagePath: string
-): Promise<{ valid: boolean; expected: string | null; actual: string }> {
-  const expected = await getRegistryIntegrity(packageName);
-  const actual = computeDirectoryIntegrity(packagePath);
-
-  if (!expected) {
-    // Package not in registry, can't verify
-    return { valid: true, expected: null, actual };
-  }
-
-  return {
-    valid: expected === actual,
-    expected,
-    actual,
-  };
-}
-
-/**
- * Clear the registry cache
- */
-export function clearRegistryCache(): void {
-  cachedRegistry = null;
-  cacheTimestamp = 0;
-}