cli4ai 1.2.0 → 1.2.2

package/dist/core/config.js

@@ -0,0 +1,738 @@
+/**
+ * Global cli4ai configuration (~/.cli4ai/)
+ */
+import { readFileSync, writeFileSync, mkdirSync, existsSync, readdirSync, lstatSync, realpathSync, openSync, closeSync, unlinkSync, renameSync } from 'fs';
+import { resolve, join, normalize, sep } from 'path';
+import { homedir } from 'os';
+import { outputError, log } from '../lib/cli.js';
+// ═══════════════════════════════════════════════════════════════════════════
+// SECURITY: Symlink validation
+// ═══════════════════════════════════════════════════════════════════════════
+/**
+ * Safe directories that symlinks are allowed to point to.
+ * This prevents symlink attacks pointing to sensitive system directories.
+ */
+const SAFE_SYMLINK_PREFIXES = [
+    homedir(), // User's home directory
+    '/tmp', // Temp directory
+    '/var/tmp', // Var temp
+    '/private/tmp', // macOS temp
+    process.cwd(), // Current working directory
+];
+/**
+ * Validate that a symlink target is within safe boundaries.
+ * Returns the resolved real path if safe, null if unsafe.
+ */
+function validateSymlinkTarget(symlinkPath) {
+    try {
+        const stat = lstatSync(symlinkPath);
+        if (!stat.isSymbolicLink()) {
+            // Not a symlink, return the path as-is
+            return symlinkPath;
+        }
+        // Resolve the real path (follows all symlinks)
+        const realPath = realpathSync(symlinkPath);
+        const normalizedRealPath = normalize(realPath);
+        // Check if the real path is within a safe prefix
+        const isSafe = SAFE_SYMLINK_PREFIXES.some(prefix => {
+            const normalizedPrefix = normalize(prefix);
+            return normalizedRealPath.startsWith(normalizedPrefix + sep) ||
+                normalizedRealPath === normalizedPrefix;
+        });
+        if (!isSafe) {
+            console.error(`Warning: Symlink ${symlinkPath} points to ${realPath} which is outside safe directories. Skipping.`);
+            return null;
+        }
+        return realPath;
+    }
+    catch (err) {
+        // Broken symlink or permission error
+        return null;
+    }
+}
+/**
+ * Check if a path is safe to use (not a malicious symlink)
+ */
+export function isPathSafe(path) {
+    return validateSymlinkTarget(path) !== null;
+}
+// ═══════════════════════════════════════════════════════════════════════════
+// PATHS
+// ═══════════════════════════════════════════════════════════════════════════
+export const CLI4AI_HOME = process.env.CLI4AI_HOME
+    ? resolve(process.env.CLI4AI_HOME)
+    : resolve(homedir(), '.cli4ai');
+export const CONFIG_FILE = resolve(CLI4AI_HOME, 'config.json');
+export const PACKAGES_DIR = resolve(CLI4AI_HOME, 'packages');
+export const CACHE_DIR = resolve(CLI4AI_HOME, 'cache');
+export const ROUTINES_DIR = resolve(CLI4AI_HOME, 'routines');
+export const SCHEDULER_DIR = resolve(CLI4AI_HOME, 'scheduler');
+export const CREDENTIALS_FILE = resolve(CLI4AI_HOME, 'credentials.json');
+const CONFIG_LOCK_FILE = CONFIG_FILE + '.lock';
+const CONFIG_TMP_FILE = CONFIG_FILE + '.tmp';
+// Local project paths
+export const LOCAL_DIR = '.cli4ai';
+export const LOCAL_PACKAGES_DIR = join(LOCAL_DIR, 'packages');
+export const LOCAL_ROUTINES_DIR = join(LOCAL_DIR, 'routines');
+// ═══════════════════════════════════════════════════════════════════════════
+// DEFAULT CONFIG
+// ═══════════════════════════════════════════════════════════════════════════
+export const DEFAULT_CONFIG = {
+    registry: 'https://registry.cli4ai.com',
+    localRegistries: [],
+    defaultRuntime: 'node',
+    mcp: {
+        transport: 'stdio',
+        port: 3100
+    },
+    audit: {
+        enabled: true
+    },
+    telemetry: false
+};
+// ═══════════════════════════════════════════════════════════════════════════
+// INITIALIZATION
+// ═══════════════════════════════════════════════════════════════════════════
+/**
+ * Ensure ~/.cli4ai directory exists with required subdirectories
+ */
+export function ensureCli4aiHome() {
+    const dirs = [CLI4AI_HOME, PACKAGES_DIR, CACHE_DIR, ROUTINES_DIR, SCHEDULER_DIR];
+    for (const dir of dirs) {
+        if (!existsSync(dir)) {
+            mkdirSync(dir, { recursive: true });
+        }
+    }
+}
+/**
+ * Ensure local .cli4ai directory exists
+ */
+export function ensureLocalDir(projectDir) {
+    const localDir = resolve(projectDir, LOCAL_DIR);
+    const packagesDir = resolve(projectDir, LOCAL_PACKAGES_DIR);
+    const routinesDir = resolve(projectDir, LOCAL_ROUTINES_DIR);
+    if (!existsSync(localDir)) {
+        mkdirSync(localDir, { recursive: true });
+    }
+    if (!existsSync(packagesDir)) {
+        mkdirSync(packagesDir, { recursive: true });
+    }
+    if (!existsSync(routinesDir)) {
+        mkdirSync(routinesDir, { recursive: true });
+    }
+}
+// ═══════════════════════════════════════════════════════════════════════════
+// CONFIG FILE
+// ═══════════════════════════════════════════════════════════════════════════
+/**
+ * Deep merge two objects, where source values override target values
+ */
+function deepMerge(target, source) {
+    const result = { ...target };
+    // Handle each key explicitly to maintain type safety
+    if (source.registry !== undefined) {
+        result.registry = source.registry;
+    }
+    if (source.localRegistries !== undefined) {
+        result.localRegistries = source.localRegistries;
+    }
+    if (source.defaultRuntime !== undefined) {
+        result.defaultRuntime = source.defaultRuntime;
+    }
+    if (source.telemetry !== undefined) {
+        result.telemetry = source.telemetry;
+    }
+    // Deep merge mcp config
+    if (source.mcp !== undefined) {
+        result.mcp = {
+            transport: source.mcp.transport ?? target.mcp.transport,
+            port: source.mcp.port ?? target.mcp.port
+        };
+    }
+    // Deep merge audit config
+    if (source.audit !== undefined) {
+        result.audit = {
+            enabled: source.audit.enabled ?? target.audit.enabled
+        };
+    }
+    return result;
+}
+/**
+ * Load global config, creating defaults if needed
+ */
+export function loadConfig() {
+    return withConfigLock(() => loadConfigUnlocked());
+}
+/**
+ * Save global config
+ */
+export function saveConfig(config) {
+    withConfigLock(() => saveConfigUnlocked(config));
+}
+/**
+ * Update config with a read-modify-write lock to avoid cross-process races.
+ */
+export function updateConfig(mutator) {
+    return withConfigLock(() => {
+        const current = loadConfigUnlocked();
+        const next = mutator(current);
+        saveConfigUnlocked(next);
+        return next;
+    });
+}
+/**
+ * Get a config value
+ */
+export function getConfigValue(key) {
+    const config = loadConfig();
+    return config[key];
+}
+/**
+ * Set a config value
+ */
+export function setConfigValue(key, value) {
+    updateConfig((config) => {
+        config[key] = value;
+        return config;
+    });
+}
+// ═══════════════════════════════════════════════════════════════════════════
+// LOCAL REGISTRIES
+// ═══════════════════════════════════════════════════════════════════════════
+/**
+ * Directories that should not be used as registries
+ * to prevent accidental exposure of sensitive system files.
+ */
+const UNSAFE_REGISTRY_PATHS = [
+    '/etc',
+    '/usr',
+    '/bin',
+    '/sbin',
+    '/var',
+    '/sys',
+    '/proc',
+    '/dev',
+    '/boot',
+    '/root',
+    '/lib',
+    '/lib64',
+    '/System', // macOS
+    '/Library', // macOS
+    '/private/etc', // macOS
+    '/private/var', // macOS
+    'C:\\Windows', // Windows
+    'C:\\Program Files', // Windows
+];
+/**
+ * Validate that a registry path is safe to use.
+ */
+function isRegistryPathSafe(registryPath) {
+    const normalizedPath = normalize(registryPath);
+    // Check against unsafe paths
+    for (const unsafePath of UNSAFE_REGISTRY_PATHS) {
+        const normalizedUnsafe = normalize(unsafePath);
+        if (normalizedPath === normalizedUnsafe ||
+            normalizedPath.startsWith(normalizedUnsafe + '/') ||
+            normalizedPath.startsWith(normalizedUnsafe + '\\')) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Add a local registry path
+ */
+export function addLocalRegistry(path) {
+    const absolutePath = resolve(path);
+    // SECURITY: Validate registry path is not in sensitive system directories
+    if (!isRegistryPathSafe(absolutePath)) {
+        outputError('INVALID_INPUT', `Registry path is in a protected system directory: ${absolutePath}`, {
+            hint: 'Use a path in your home directory or a project directory'
+        });
+    }
+    if (!existsSync(absolutePath)) {
+        outputError('NOT_FOUND', `Directory does not exist: ${absolutePath}`);
+    }
+    // SECURITY: Validate symlink target if it's a symlink
+    const safePath = validateSymlinkTarget(absolutePath);
+    if (!safePath) {
+        outputError('INVALID_INPUT', `Registry path points to an unsafe location: ${absolutePath}`, {
+            hint: 'Symlinks must point to directories within safe locations'
+        });
+    }
+    let added = false;
+    updateConfig((config) => {
+        if (!config.localRegistries.includes(safePath)) {
+            config.localRegistries.push(safePath);
+            added = true;
+        }
+        return config;
+    });
+    if (added)
+        log(`Added local registry: ${safePath}`);
+}
+/**
+ * Remove a local registry path
+ */
+export function removeLocalRegistry(path) {
+    const absolutePath = resolve(path);
+    // SECURITY: Validate symlink target consistently with addLocalRegistry
+    const safePath = validateSymlinkTarget(absolutePath);
+    if (!safePath) {
+        outputError('INVALID_INPUT', `Registry path points to an unsafe location: ${absolutePath}`, {
+            hint: 'Symlinks must point to directories within safe locations'
+        });
+    }
+    let removed = false;
+    updateConfig((config) => {
+        const index = config.localRegistries.indexOf(safePath);
+        if (index !== -1) {
+            config.localRegistries.splice(index, 1);
+            removed = true;
+        }
+        return config;
+    });
+    if (removed)
+        log(`Removed local registry: ${safePath}`);
+}
+function sleepSync(ms) {
+    if (ms <= 0)
+        return;
+    try {
+        const buf = new SharedArrayBuffer(4);
+        const view = new Int32Array(buf);
+        Atomics.wait(view, 0, 0, ms);
+    }
+    catch {
+        const end = Date.now() + ms;
+        while (Date.now() < end) {
+            // busy wait (best effort)
+        }
+    }
+}
+function isPidRunning(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function isLockStale(lockPath, staleMs) {
+    try {
+        const stat = lstatSync(lockPath);
+        if (Date.now() - stat.mtimeMs > staleMs)
+            return true;
+    }
+    catch {
+        return false;
+    }
+    try {
+        const raw = readFileSync(lockPath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        const pid = typeof parsed.pid === 'number' ? parsed.pid : null;
+        const createdAtMs = typeof parsed.createdAt === 'number'
+            ? parsed.createdAt
+            : typeof parsed.createdAt === 'string'
+                ? Date.parse(parsed.createdAt)
+                : NaN;
+        if (pid !== null && !isPidRunning(pid))
+            return true;
+        if (Number.isFinite(createdAtMs) && Date.now() - createdAtMs > staleMs)
+            return true;
+    }
+    catch {
+        // ignore parse errors (fall back to mtime check above)
+    }
+    return false;
+}
+function acquireLock(lockPath, timeoutMs, staleMs) {
+    const start = Date.now();
+    while (true) {
+        try {
+            const fd = openSync(lockPath, 'wx');
+            try {
+                writeFileSync(fd, JSON.stringify({ pid: process.pid, createdAt: new Date().toISOString() }) + '\n');
+            }
+            catch {
+                // best effort
+            }
+            return fd;
+        }
+        catch (err) {
+            const code = err.code;
+            if (code !== 'EEXIST') {
+                throw err;
+            }
+            if (isLockStale(lockPath, staleMs)) {
+                try {
+                    unlinkSync(lockPath);
+                    continue;
+                }
+                catch {
+                    // fall through to wait
+                }
+            }
+            if (Date.now() - start > timeoutMs) {
+                throw new Error(`Timed out waiting for config lock: ${lockPath}`);
+            }
+            sleepSync(25);
+        }
+    }
+}
+function releaseLock(lockPath, fd) {
+    try {
+        closeSync(fd);
+    }
+    catch {
+        // ignore
+    }
+    try {
+        unlinkSync(lockPath);
+    }
+    catch {
+        // ignore
+    }
+}
+let configLockDepth = 0;
+let configLockFd = null;
+function withConfigLock(fn) {
+    const timeoutMs = 2000;
+    const staleMs = 30000;
+    if (configLockDepth > 0) {
+        configLockDepth++;
+        try {
+            return fn();
+        }
+        finally {
+            configLockDepth--;
+        }
+    }
+    configLockDepth = 1;
+    const fd = acquireLock(CONFIG_LOCK_FILE, timeoutMs, staleMs);
+    configLockFd = fd;
+    try {
+        return fn();
+    }
+    finally {
+        configLockFd = null;
+        configLockDepth = 0;
+        releaseLock(CONFIG_LOCK_FILE, fd);
+    }
+}
+function loadConfigUnlocked() {
+    ensureCli4aiHome();
+    if (!existsSync(CONFIG_FILE)) {
+        saveConfigUnlocked(DEFAULT_CONFIG);
+        return DEFAULT_CONFIG;
+    }
+    try {
+        const content = readFileSync(CONFIG_FILE, 'utf-8');
+        const data = JSON.parse(content);
+        // Deep merge with defaults to handle missing nested fields (e.g., mcp.port)
+        return deepMerge(DEFAULT_CONFIG, data);
+    }
+    catch {
+        log(`Warning: Invalid config file, using defaults`);
+        return DEFAULT_CONFIG;
+    }
+}
+function saveConfigUnlocked(config) {
+    ensureCli4aiHome();
+    const content = JSON.stringify(config, null, 2) + '\n';
+    writeFileSync(CONFIG_TMP_FILE, content);
+    renameSync(CONFIG_TMP_FILE, CONFIG_FILE);
+}
+// ═══════════════════════════════════════════════════════════════════════════
+// INSTALLED PACKAGES TRACKING
+// ═══════════════════════════════════════════════════════════════════════════
+/**
+ * Get list of globally installed packages
+ */
+export function getGlobalPackages() {
+    ensureCli4aiHome();
+    if (!existsSync(PACKAGES_DIR)) {
+        return [];
+    }
+    const packages = [];
+    for (const entry of readdirSync(PACKAGES_DIR, { withFileTypes: true })) {
+        if (!entry.isDirectory() && !entry.isSymbolicLink())
+            continue;
+        const pkgPath = resolve(PACKAGES_DIR, entry.name);
+        // SECURITY: Validate symlink targets
+        const safePath = validateSymlinkTarget(pkgPath);
+        if (!safePath)
+            continue;
+        const manifestPath = resolve(safePath, 'cli4ai.json');
+        if (existsSync(manifestPath)) {
+            try {
+                const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8'));
+                packages.push({
+                    name: manifest.name,
+                    version: manifest.version,
+                    path: safePath,
+                    source: 'registry',
+                    installedAt: new Date().toISOString()
+                });
+            }
+            catch {
+                // Skip invalid packages
+            }
+        }
+    }
+    return packages;
+}
+/**
+ * Get list of locally installed packages (in project)
+ */
+export function getLocalPackages(projectDir) {
+    const packagesDir = resolve(projectDir, LOCAL_PACKAGES_DIR);
+    if (!existsSync(packagesDir)) {
+        return [];
+    }
+    const packages = [];
+    for (const entry of readdirSync(packagesDir, { withFileTypes: true })) {
+        if (!entry.isDirectory() && !entry.isSymbolicLink())
+            continue;
+        const pkgPath = resolve(packagesDir, entry.name);
+        // SECURITY: Validate symlink targets
+        const safePath = validateSymlinkTarget(pkgPath);
+        if (!safePath)
+            continue;
+        const manifestPath = resolve(safePath, 'cli4ai.json');
+        if (existsSync(manifestPath)) {
+            try {
+                const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8'));
+                packages.push({
+                    name: manifest.name,
+                    version: manifest.version,
+                    path: safePath,
+                    source: 'local',
+                    installedAt: new Date().toISOString()
+                });
+            }
+            catch {
+                // Skip invalid packages
+            }
+        }
+    }
+    return packages;
+}
+// Cache npm global dir to avoid repeated lookups
+let cachedNpmGlobalDir = undefined;
+/**
+ * Get npm global packages directory
+ */
+function getNpmGlobalDir() {
+    if (cachedNpmGlobalDir !== undefined)
+        return cachedNpmGlobalDir;
+    // Try common locations first (faster than calling npm)
+    const commonPaths = [
+        resolve(homedir(), '.npm-global', 'lib', 'node_modules'), // Custom npm prefix
+        '/usr/local/lib/node_modules', // macOS/Linux default
+        '/usr/lib/node_modules', // Some Linux distros
+        resolve(homedir(), '.nvm', 'versions', 'node'), // nvm (check later)
+    ];
+    for (const p of commonPaths) {
+        if (existsSync(p)) {
+            cachedNpmGlobalDir = p;
+            return p;
+        }
+    }
+    // Fall back to npm config (with timeout)
+    try {
+        const { execSync } = require('child_process');
+        const prefix = execSync('npm config get prefix', {
+            encoding: 'utf-8',
+            timeout: 3000, // 3 second timeout
+            stdio: ['pipe', 'pipe', 'pipe']
+        }).trim();
+        // On Unix: prefix/lib/node_modules, on Windows: prefix/node_modules
+        const libPath = resolve(prefix, 'lib', 'node_modules');
+        if (existsSync(libPath)) {
+            cachedNpmGlobalDir = libPath;
+            return libPath;
+        }
+        const winPath = resolve(prefix, 'node_modules');
+        if (existsSync(winPath)) {
+            cachedNpmGlobalDir = winPath;
+            return winPath;
+        }
+    }
+    catch {
+        // npm command failed or timed out
+    }
+    cachedNpmGlobalDir = null;
+    return null;
+}
+/**
+ * Get bun global packages directory
+ */
+function getBunGlobalDir() {
+    // Bun installs global packages to ~/.bun/install/global/node_modules
+    const bunGlobalDir = resolve(homedir(), '.bun', 'install', 'global', 'node_modules');
+    if (existsSync(bunGlobalDir))
+        return bunGlobalDir;
+    return null;
+}
+/**
+ * Get packages from a global node_modules/@cli4ai directory
+ */
+function getPackagesFromGlobalDir(globalDir) {
+    const cli4aiDir = resolve(globalDir, '@cli4ai');
+    if (!existsSync(cli4aiDir))
+        return [];
+    const packages = [];
+    try {
+        for (const entry of readdirSync(cli4aiDir, { withFileTypes: true })) {
+            if (!entry.isDirectory() && !entry.isSymbolicLink())
+                continue;
+            if (entry.name === 'lib')
+                continue; // Skip @cli4ai/lib
+            const pkgPath = resolve(cli4aiDir, entry.name);
+            // SECURITY: Validate symlink targets
+            const safePath = validateSymlinkTarget(pkgPath);
+            if (!safePath)
+                continue;
+            const pkgJsonPath = resolve(safePath, 'package.json');
+            const cli4aiJsonPath = resolve(safePath, 'cli4ai.json');
+            // Try cli4ai.json first, then package.json
+            if (existsSync(cli4aiJsonPath)) {
+                try {
+                    const manifest = JSON.parse(readFileSync(cli4aiJsonPath, 'utf-8'));
+                    packages.push({
+                        name: entry.name,
+                        version: manifest.version,
+                        path: safePath,
+                        source: 'registry',
+                        installedAt: new Date().toISOString()
+                    });
+                    continue;
+                }
+                catch { }
+            }
+            if (existsSync(pkgJsonPath)) {
+                try {
+                    const pkgJson = JSON.parse(readFileSync(pkgJsonPath, 'utf-8'));
+                    packages.push({
+                        name: entry.name,
+                        version: pkgJson.version,
+                        path: safePath,
+                        source: 'registry',
+                        installedAt: new Date().toISOString()
+                    });
+                }
+                catch { }
+            }
+        }
+    }
+    catch { }
+    return packages;
+}
+/**
+ * Get all global @cli4ai packages (from both npm and bun)
+ */
+export function getNpmGlobalPackages() {
+    const packages = [];
+    const seen = new Set();
+    // Check npm global first (this is where we install)
+    const npmGlobalDir = getNpmGlobalDir();
+    if (npmGlobalDir) {
+        for (const pkg of getPackagesFromGlobalDir(npmGlobalDir)) {
+            if (!seen.has(pkg.name)) {
+                seen.add(pkg.name);
+                packages.push(pkg);
+            }
+        }
+    }
+    // Check bun global (for backwards compat with old installs)
+    const bunGlobalDir = getBunGlobalDir();
+    if (bunGlobalDir) {
+        for (const pkg of getPackagesFromGlobalDir(bunGlobalDir)) {
+            if (!seen.has(pkg.name)) {
+                seen.add(pkg.name);
+                packages.push(pkg);
+            }
+        }
+    }
+    return packages;
+}
+/**
+ * Try to find a package in a global directory
+ */
+function findPackageInGlobalDir(globalDir, name) {
+    // SECURITY: Validate name to prevent path traversal
+    if (name.includes('..') || name.includes('/') || name.includes('\\') || name.startsWith('.')) {
+        return null;
+    }
+    const scopedPath = resolve(globalDir, '@cli4ai', name);
+    // SECURITY: Verify resolved path is under globalDir
+    if (!scopedPath.startsWith(resolve(globalDir))) {
+        return null;
+    }
+    if (!existsSync(scopedPath))
+        return null;
+    const manifestPath = resolve(scopedPath, 'cli4ai.json');
+    if (existsSync(manifestPath)) {
+        try {
+            const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8'));
+            return {
+                name: manifest.name || name,
+                version: manifest.version,
+                path: scopedPath,
+                source: 'registry',
+                installedAt: new Date().toISOString()
+            };
+        }
+        catch { }
+    }
+    // Even without cli4ai.json, try package.json
+    const pkgJsonPath = resolve(scopedPath, 'package.json');
+    if (existsSync(pkgJsonPath)) {
+        try {
+            const pkgJson = JSON.parse(readFileSync(pkgJsonPath, 'utf-8'));
+            return {
+                name: name,
+                version: pkgJson.version,
+                path: scopedPath,
+                source: 'registry',
+                installedAt: new Date().toISOString()
+            };
+        }
+        catch { }
+    }
+    return null;
+}
+/**
+ * Find a package by name (checks local, global cli4ai, bun global, then npm global)
+ */
+export function findPackage(name, projectDir) {
+    // Check local packages first
+    if (projectDir) {
+        const localPkgs = getLocalPackages(projectDir);
+        const local = localPkgs.find(p => p.name === name);
+        if (local)
+            return local;
+    }
+    // Check cli4ai global packages
+    const globalPkgs = getGlobalPackages();
+    const globalPkg = globalPkgs.find(p => p.name === name);
+    if (globalPkg)
+        return globalPkg;
+    // Check npm global packages first (this is where we install)
+    const npmGlobalDir = getNpmGlobalDir();
+    if (npmGlobalDir) {
+        const pkg = findPackageInGlobalDir(npmGlobalDir, name);
+        if (pkg)
+            return pkg;
+    }
+    // Check bun global packages (for backwards compat)
+    const bunGlobalDir = getBunGlobalDir();
+    if (bunGlobalDir) {
+        const pkg = findPackageInGlobalDir(bunGlobalDir, name);
+        if (pkg)
+            return pkg;
+    }
+    return null;
+}