codeep 1.0.0

package/dist/utils/update.d.ts

@@ -0,0 +1,22 @@
+export interface VersionInfo {
+    current: string;
+    latest: string | null;
+    hasUpdate: boolean;
+    error?: string;
+}
+/**
+ * Get current version from package.json
+ */
+export declare function getCurrentVersion(): string;
+/**
+ * Check for updates from npm registry
+ */
+export declare function checkForUpdates(): Promise<VersionInfo>;
+/**
+ * Get update instructions based on installation method
+ */
+export declare function getUpdateInstructions(): string;
+/**
+ * Format version info for display
+ */
+export declare function formatVersionInfo(info: VersionInfo): string;

package/dist/utils/update.js

@@ -0,0 +1,128 @@
+import { readFileSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Get current version from package.json
+ */
+export function getCurrentVersion() {
+    try {
+        // In built version, package.json is in parent directory
+        const packagePath = join(__dirname, '../../package.json');
+        const packageJson = JSON.parse(readFileSync(packagePath, 'utf-8'));
+        return packageJson.version;
+    }
+    catch {
+        return 'unknown';
+    }
+}
+/**
+ * Check for updates from npm registry
+ */
+export async function checkForUpdates() {
+    const current = getCurrentVersion();
+    if (current === 'unknown') {
+        return {
+            current,
+            latest: null,
+            hasUpdate: false,
+            error: 'Could not determine current version',
+        };
+    }
+    try {
+        const response = await fetch('https://registry.npmjs.org/codeep/latest', {
+            headers: { 'Accept': 'application/json' },
+        });
+        if (!response.ok) {
+            throw new Error(`HTTP ${response.status}`);
+        }
+        const data = await response.json();
+        const latest = data.version;
+        const hasUpdate = compareVersions(latest, current) > 0;
+        return {
+            current,
+            latest,
+            hasUpdate,
+        };
+    }
+    catch (error) {
+        return {
+            current,
+            latest: null,
+            hasUpdate: false,
+            error: error instanceof Error ? error.message : 'Failed to check for updates',
+        };
+    }
+}
+/**
+ * Compare two semver versions
+ * Returns: 1 if a > b, -1 if a < b, 0 if equal
+ */
+function compareVersions(a, b) {
+    const aParts = a.replace(/^v/, '').split('.').map(Number);
+    const bParts = b.replace(/^v/, '').split('.').map(Number);
+    for (let i = 0; i < Math.max(aParts.length, bParts.length); i++) {
+        const aPart = aParts[i] || 0;
+        const bPart = bParts[i] || 0;
+        if (aPart > bPart)
+            return 1;
+        if (aPart < bPart)
+            return -1;
+    }
+    return 0;
+}
+/**
+ * Detect installation method
+ */
+function detectInstallMethod() {
+    const execPath = process.execPath;
+    const argv0 = process.argv[0];
+    // Homebrew detection - installed in Cellar or with homebrew in path
+    if (execPath.includes('/Cellar/codeep') ||
+        execPath.includes('homebrew') ||
+        execPath.includes('/opt/homebrew')) {
+        return 'homebrew';
+    }
+    // npm global detection - running via node with npm in path
+    if (process.env.npm_package_name === 'codeep' ||
+        execPath.includes('/.npm/') ||
+        execPath.includes('/npm/') ||
+        argv0.includes('node')) {
+        return 'npm';
+    }
+    // Binary installation (curl install or manual download)
+    return 'binary';
+}
+/**
+ * Get update instructions based on installation method
+ */
+export function getUpdateInstructions() {
+    const method = detectInstallMethod();
+    switch (method) {
+        case 'homebrew':
+            return 'brew update && brew upgrade codeep';
+        case 'npm':
+            return 'npm update -g codeep';
+        case 'binary':
+            return 'curl -fsSL https://raw.githubusercontent.com/VladoIvankovic/Codeep/main/install.sh | bash';
+        default:
+            return 'Visit: https://codeep.dev';
+    }
+}
+/**
+ * Format version info for display
+ */
+export function formatVersionInfo(info) {
+    if (info.error) {
+        return `Current: ${info.current}\nUpdate check failed: ${info.error}`;
+    }
+    if (!info.latest) {
+        return `Current: ${info.current}\nCould not check for updates`;
+    }
+    if (info.hasUpdate) {
+        const instructions = getUpdateInstructions();
+        return `Current: ${info.current}\nLatest: ${info.latest}\n\nUpdate available! Run:\n  ${instructions}`;
+    }
+    return `Current: ${info.current}\nYou're running the latest version! 🎉`;
+}

package/dist/utils/validation.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Input validation and sanitization utilities
+ */
+export interface ValidationResult {
+    valid: boolean;
+    sanitized?: string;
+    error?: string;
+}
+/**
+ * Validate and sanitize user input before sending to API
+ */
+export declare function validateInput(input: string): ValidationResult;
+/**
+ * Validate API key format
+ */
+export declare function validateApiKey(key: string): ValidationResult;
+/**
+ * Validate command arguments
+ */
+export declare function validateCommandArgs(command: string, args: string[]): ValidationResult;
+/**
+ * Validate file path (for file operations)
+ */
+export declare function validateFilePath(path: string): ValidationResult;
+/**
+ * Sanitize output before display (prevent terminal escape sequence injection)
+ */
+export declare function sanitizeOutput(output: string): string;

package/dist/utils/validation.js

@@ -0,0 +1,141 @@
+/**
+ * Input validation and sanitization utilities
+ */
+const MAX_INPUT_LENGTH = 50000; // ~50KB max input
+const MAX_LINES = 5000;
+/**
+ * Validate and sanitize user input before sending to API
+ */
+export function validateInput(input) {
+    // Check for empty input
+    if (!input || input.trim().length === 0) {
+        return {
+            valid: false,
+            error: 'Input cannot be empty',
+        };
+    }
+    // Check length
+    if (input.length > MAX_INPUT_LENGTH) {
+        return {
+            valid: false,
+            error: `Input too long (max ${MAX_INPUT_LENGTH} characters)`,
+        };
+    }
+    // Check line count
+    const lines = input.split('\n');
+    if (lines.length > MAX_LINES) {
+        return {
+            valid: false,
+            error: `Too many lines (max ${MAX_LINES} lines)`,
+        };
+    }
+    // Sanitize: remove null bytes and other control characters (except newlines, tabs)
+    let sanitized = input
+        .replace(/\0/g, '') // Remove null bytes
+        .replace(/[\x01-\x08\x0B-\x0C\x0E-\x1F\x7F]/g, ''); // Remove other control chars
+    // Trim excessive whitespace (but preserve intentional formatting)
+    sanitized = sanitized.replace(/\n{5,}/g, '\n\n\n\n'); // Max 4 consecutive newlines
+    return {
+        valid: true,
+        sanitized,
+    };
+}
+/**
+ * Validate API key format
+ */
+export function validateApiKey(key) {
+    if (!key || key.trim().length === 0) {
+        return {
+            valid: false,
+            error: 'API key cannot be empty',
+        };
+    }
+    // Basic format check - most API keys are alphanumeric with some special chars
+    const keyPattern = /^[a-zA-Z0-9._-]+$/;
+    if (!keyPattern.test(key)) {
+        return {
+            valid: false,
+            error: 'API key contains invalid characters',
+        };
+    }
+    // Length check - most API keys are 20-100 characters
+    if (key.length < 10 || key.length > 200) {
+        return {
+            valid: false,
+            error: 'API key length invalid (expected 10-200 characters)',
+        };
+    }
+    return {
+        valid: true,
+        sanitized: key.trim(),
+    };
+}
+/**
+ * Validate command arguments
+ */
+export function validateCommandArgs(command, args) {
+    // Check for command injection attempts
+    const dangerousPatterns = [
+        /[;&|`$()]/, // Shell metacharacters
+        /\.\./, // Path traversal
+        /\beval\b/i, // eval() attempts
+        /\bexec\b/i, // exec() attempts
+    ];
+    const fullCommand = [command, ...args].join(' ');
+    for (const pattern of dangerousPatterns) {
+        if (pattern.test(fullCommand)) {
+            return {
+                valid: false,
+                error: 'Command contains potentially dangerous characters',
+            };
+        }
+    }
+    return {
+        valid: true,
+        sanitized: fullCommand,
+    };
+}
+/**
+ * Validate file path (for file operations)
+ */
+export function validateFilePath(path) {
+    if (!path || path.trim().length === 0) {
+        return {
+            valid: false,
+            error: 'File path cannot be empty',
+        };
+    }
+    // Check for path traversal
+    if (path.includes('..')) {
+        return {
+            valid: false,
+            error: 'Path traversal not allowed',
+        };
+    }
+    // Check for absolute paths outside project (basic check)
+    if (path.startsWith('/etc/') ||
+        path.startsWith('/sys/') ||
+        path.startsWith('/proc/') ||
+        path.startsWith('C:\\Windows\\') ||
+        path.startsWith('C:\\System')) {
+        return {
+            valid: false,
+            error: 'Access to system paths not allowed',
+        };
+    }
+    return {
+        valid: true,
+        sanitized: path.trim(),
+    };
+}
+/**
+ * Sanitize output before display (prevent terminal escape sequence injection)
+ */
+export function sanitizeOutput(output) {
+    // Remove ANSI escape sequences that could be malicious
+    // Keep basic formatting codes but remove cursor movement, clear screen, etc.
+    return output
+        .replace(/\x1b\[(\d+;)*\d*[ABCDEFGHJKSTfmsu]/g, '') // Remove cursor control
+        .replace(/\x1b\].*?\x07/g, '') // Remove OSC sequences
+        .replace(/\x1b\[.*?~/g, ''); // Remove other escape sequences
+}

package/dist/utils/validation.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/validation.test.js

@@ -0,0 +1,164 @@
+import { describe, it, expect } from 'vitest';
+import { validateInput, validateApiKey, validateCommandArgs, validateFilePath, sanitizeOutput, } from './validation';
+describe('validation utilities', () => {
+    describe('validateInput', () => {
+        it('should reject empty input', () => {
+            expect(validateInput('').valid).toBe(false);
+            expect(validateInput('   ').valid).toBe(false);
+        });
+        it('should accept valid input', () => {
+            const result = validateInput('Hello, world!');
+            expect(result.valid).toBe(true);
+            expect(result.sanitized).toBe('Hello, world!');
+        });
+        it('should reject input exceeding max length', () => {
+            const longInput = 'a'.repeat(60000);
+            const result = validateInput(longInput);
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too long');
+        });
+        it('should reject input with too many lines', () => {
+            const manyLines = Array(6000).fill('line').join('\n');
+            const result = validateInput(manyLines);
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('Too many lines');
+        });
+        it('should remove null bytes', () => {
+            const result = validateInput('hello\0world');
+            expect(result.valid).toBe(true);
+            expect(result.sanitized).toBe('helloworld');
+        });
+        it('should remove control characters except newlines and tabs', () => {
+            const result = validateInput('hello\x01\x02world\n\ttab');
+            expect(result.valid).toBe(true);
+            expect(result.sanitized).toBe('helloworld\n\ttab');
+        });
+        it('should limit consecutive newlines to 4', () => {
+            const result = validateInput('hello\n\n\n\n\n\n\nworld');
+            expect(result.valid).toBe(true);
+            expect(result.sanitized).toBe('hello\n\n\n\nworld');
+        });
+        it('should preserve normal formatting', () => {
+            const input = 'function test() {\n  return true;\n}';
+            const result = validateInput(input);
+            expect(result.valid).toBe(true);
+            expect(result.sanitized).toBe(input);
+        });
+    });
+    describe('validateApiKey', () => {
+        it('should reject empty key', () => {
+            expect(validateApiKey('').valid).toBe(false);
+            expect(validateApiKey('   ').valid).toBe(false);
+        });
+        it('should accept valid API key', () => {
+            const result = validateApiKey('sk-abcdef123456789012345');
+            expect(result.valid).toBe(true);
+            expect(result.sanitized).toBe('sk-abcdef123456789012345');
+        });
+        it('should reject key with invalid characters', () => {
+            const result = validateApiKey('sk-test!@#$%');
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('invalid characters');
+        });
+        it('should reject too short keys', () => {
+            const result = validateApiKey('short');
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('length invalid');
+        });
+        it('should reject too long keys', () => {
+            const result = validateApiKey('a'.repeat(250));
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('length invalid');
+        });
+        it('should reject keys with whitespace', () => {
+            // API keys with leading/trailing spaces contain invalid characters
+            const result = validateApiKey('  sk-validkey12345678  ');
+            expect(result.valid).toBe(false);
+        });
+        it('should accept keys with dots, underscores, and dashes', () => {
+            const result = validateApiKey('sk_test.key-123456789');
+            expect(result.valid).toBe(true);
+        });
+    });
+    describe('validateCommandArgs', () => {
+        it('should accept safe commands', () => {
+            const result = validateCommandArgs('help', []);
+            expect(result.valid).toBe(true);
+        });
+        it('should reject shell metacharacters', () => {
+            expect(validateCommandArgs('test', ['; rm -rf /']).valid).toBe(false);
+            expect(validateCommandArgs('test', ['| cat /etc/passwd']).valid).toBe(false);
+            expect(validateCommandArgs('test', ['`whoami`']).valid).toBe(false);
+            expect(validateCommandArgs('test', ['$(id)']).valid).toBe(false);
+            expect(validateCommandArgs('test', ['&& echo']).valid).toBe(false);
+        });
+        it('should reject path traversal', () => {
+            const result = validateCommandArgs('read', ['../../etc/passwd']);
+            expect(result.valid).toBe(false);
+        });
+        it('should reject eval attempts', () => {
+            const result = validateCommandArgs('run', ['eval("code")', 'test']);
+            expect(result.valid).toBe(false);
+        });
+        it('should reject exec attempts', () => {
+            const result = validateCommandArgs('run', ['exec(cmd)']);
+            expect(result.valid).toBe(false);
+        });
+    });
+    describe('validateFilePath', () => {
+        it('should reject empty path', () => {
+            expect(validateFilePath('').valid).toBe(false);
+            expect(validateFilePath('   ').valid).toBe(false);
+        });
+        it('should accept valid paths', () => {
+            expect(validateFilePath('src/index.ts').valid).toBe(true);
+            expect(validateFilePath('./package.json').valid).toBe(true);
+            expect(validateFilePath('utils/helper.js').valid).toBe(true);
+        });
+        it('should reject path traversal', () => {
+            expect(validateFilePath('../secret.txt').valid).toBe(false);
+            expect(validateFilePath('src/../../etc/passwd').valid).toBe(false);
+            expect(validateFilePath('..').valid).toBe(false);
+        });
+        it('should reject system paths on Unix', () => {
+            expect(validateFilePath('/etc/passwd').valid).toBe(false);
+            expect(validateFilePath('/sys/kernel').valid).toBe(false);
+            expect(validateFilePath('/proc/self').valid).toBe(false);
+        });
+        it('should reject system paths on Windows', () => {
+            expect(validateFilePath('C:\\Windows\\System32').valid).toBe(false);
+            expect(validateFilePath('C:\\System\\config').valid).toBe(false);
+        });
+        it('should trim whitespace', () => {
+            const result = validateFilePath('  src/index.ts  ');
+            expect(result.valid).toBe(true);
+            expect(result.sanitized).toBe('src/index.ts');
+        });
+    });
+    describe('sanitizeOutput', () => {
+        it('should preserve normal text', () => {
+            expect(sanitizeOutput('Hello, world!')).toBe('Hello, world!');
+        });
+        it('should remove cursor control sequences', () => {
+            // Move cursor up
+            expect(sanitizeOutput('text\x1b[2Amore')).toBe('textmore');
+            // Move cursor down
+            expect(sanitizeOutput('text\x1b[5Bmore')).toBe('textmore');
+            // Clear screen
+            expect(sanitizeOutput('text\x1b[2Jmore')).toBe('textmore');
+        });
+        it('should remove OSC sequences', () => {
+            // Set window title
+            expect(sanitizeOutput('text\x1b]0;malicious title\x07more')).toBe('textmore');
+        });
+        it('should handle multiple escape sequences', () => {
+            const malicious = '\x1b[2J\x1b[H\x1b]0;pwned\x07dangerous content';
+            const result = sanitizeOutput(malicious);
+            expect(result).not.toContain('\x1b');
+            expect(result).toContain('dangerous content');
+        });
+        it('should handle empty string', () => {
+            expect(sanitizeOutput('')).toBe('');
+        });
+    });
+});

package/dist/utils/verify.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Self-verification module for agent
+ * Runs build/test and analyzes errors for auto-fixing
+ */
+export interface VerifyResult {
+    success: boolean;
+    type: 'build' | 'test' | 'lint' | 'typecheck';
+    command: string;
+    output: string;
+    errors: ParsedError[];
+    duration: number;
+}
+export interface ParsedError {
+    file?: string;
+    line?: number;
+    column?: number;
+    message: string;
+    code?: string;
+    severity: 'error' | 'warning';
+}
+export interface VerifyOptions {
+    runBuild: boolean;
+    runTest: boolean;
+    runLint: boolean;
+    runTypecheck: boolean;
+    timeout: number;
+}
+/**
+ * Detect project type and available scripts
+ */
+export declare function detectProjectScripts(projectRoot: string): {
+    build?: string;
+    test?: string;
+    lint?: string;
+    typecheck?: string;
+    packageManager: 'npm' | 'yarn' | 'pnpm' | 'bun';
+};
+/**
+ * Run build verification
+ */
+export declare function runBuildVerification(projectRoot: string, timeout?: number): VerifyResult | null;
+/**
+ * Run test verification
+ */
+export declare function runTestVerification(projectRoot: string, timeout?: number): VerifyResult | null;
+/**
+ * Run TypeScript type checking
+ */
+export declare function runTypecheckVerification(projectRoot: string, timeout?: number): VerifyResult | null;
+/**
+ * Run lint verification
+ */
+export declare function runLintVerification(projectRoot: string, timeout?: number): VerifyResult | null;
+/**
+ * Run all verifications
+ */
+export declare function runAllVerifications(projectRoot: string, options?: Partial<VerifyOptions>): VerifyResult[];
+/**
+ * Format verification results for display
+ */
+export declare function formatVerifyResults(results: VerifyResult[]): string;
+/**
+ * Format errors for agent to fix
+ */
+export declare function formatErrorsForAgent(results: VerifyResult[]): string;
+/**
+ * Check if any verification failed
+ */
+export declare function hasVerificationErrors(results: VerifyResult[]): boolean;
+/**
+ * Get summary of verification
+ */
+export declare function getVerificationSummary(results: VerifyResult[]): {
+    passed: number;
+    failed: number;
+    total: number;
+    errors: number;
+};