codegpt-ai 1.0.0 → 1.2.0

package/chat.py

@@ -589,9 +589,29 @@ def audit_log(action, detail=""):
 def is_shell_safe(cmd_text):
     """Check if a shell command is safe to run."""
     cmd_lower = cmd_text.lower().strip()
+
+    # Blocklist check
     for blocked in SHELL_BLOCKLIST:
         if blocked in cmd_lower:
             return False, blocked
+
+    # Block shell injection patterns
+    injection_patterns = [
+        r'[;&|`]',      # Command chaining/injection
+        r'\$\(',        # Command substitution
+        r'>\s*/dev/',   # Device writes
+        r'\\x[0-9a-f]', # Hex escapes
+        r'\\u[0-9a-f]', # Unicode escapes
+        r'\brm\b.*-[rR]', # rm with recursive flag (any form)
+    ]
+    for pattern in injection_patterns:
+        if re.search(pattern, cmd_text):
+            return False, f"blocked pattern: {pattern}"
+
+    # Max command length
+    if len(cmd_text) > 500:
+        return False, "command too long (500 char limit)"
+
     return True, ""
 
 
@@ -1978,10 +1998,11 @@ def run_shell(cmd_text):
         print_sys("Usage: /shell <command>\nExample: /shell dir")
         return
 
-    # Safety check — use the global blocklist
+    # Safety check
     safe, blocked = is_shell_safe(cmd_text)
     if not safe:
-        print_err(f"Blocked: dangerous command detected ({blocked})")
+        print_err(f"Blocked: {blocked}")
+        audit_log("SHELL_BLOCKED", f"{blocked}: {cmd_text[:80]}")
         return
 
     console.print(Panel(
@@ -1991,10 +2012,19 @@ def run_shell(cmd_text):
     ))
 
     try:
-        result = subprocess.run(
-            cmd_text, shell=True, capture_output=True, text=True, timeout=30,
-            cwd=str(Path.home()),
-        )
+        # Use shlex.split for safer argument parsing on non-Windows
+        if os.name != "nt":
+            import shlex
+            args = shlex.split(cmd_text)
+            result = subprocess.run(
+                args, capture_output=True, text=True, timeout=30,
+                cwd=str(Path.home()),
+            )
+        else:
+            result = subprocess.run(
+                cmd_text, shell=True, capture_output=True, text=True, timeout=30,
+                cwd=str(Path.home()),
+            )
         output = ""
         if result.stdout:
             output += result.stdout

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codegpt-ai",
-  "version": "1.0.0",
+  "version": "1.2.0",
   "description": "Local AI Assistant Hub — 80+ commands, 29 tools, 8 agents, training, security",
   "author": "ArukuX",
   "license": "MIT",
@@ -29,7 +29,11 @@
   "engines": {
     "node": ">=16.0.0"
   },
-  "dependencies": {
-    "settings": "^0.1.1"
-  }
+  "files": [
+    "bin/",
+    "chat.py",
+    "ai_cli/",
+    "CLAUDE.md",
+    "README.md"
+  ]
 }

package/.claude/settings.local.json

@@ -1,7 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(wc:*)"
-    ]
-  }
-}

package/.github/workflows/release.yml

@@ -1,40 +0,0 @@
-name: Build & Release
-
-on:
-  push:
-    tags:
-      - 'v*'
-
-permissions:
-  contents: write
-
-jobs:
-  build:
-    runs-on: windows-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-
-      - name: Install dependencies
-        run: |
-          pip install requests rich prompt-toolkit pyinstaller
-
-      - name: Build exe
-        run: |
-          pyinstaller ai.spec
-
-      - name: Verify exe
-        run: |
-          dist\ai.exe --version
-
-      - name: Create Release
-        uses: softprops/action-gh-release@v2
-        with:
-          files: dist/ai.exe
-          generate_release_notes: true
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/ai.spec

@@ -1,81 +0,0 @@
-# -*- mode: python ; coding: utf-8 -*-
-# PyInstaller spec file for CodeGPT -> ai.exe
-
-import sys
-from pathlib import Path
-
-block_cipher = None
-
-a = Analysis(
-    ['ai_cli/__main__.py'],
-    pathex=['.'],
-    binaries=[],
-    datas=[
-        ('chat.py', '.'),
-        ('CLAUDE.md', '.'),
-    ],
-    hiddenimports=[
-        'requests',
-        'rich',
-        'rich.console',
-        'rich.markdown',
-        'rich.panel',
-        'rich.table',
-        'rich.text',
-        'rich.live',
-        'rich.rule',
-        'rich.align',
-        'prompt_toolkit',
-        'prompt_toolkit.history',
-        'prompt_toolkit.completion',
-        'prompt_toolkit.styles',
-        'ai_cli',
-        'ai_cli.__main__',
-        'ai_cli.updater',
-        'ai_cli.doctor',
-    ],
-    hookspath=[],
-    hooksconfig={},
-    runtime_hooks=[],
-    excludes=[
-        'textual',
-        'telegram',
-        'flask',
-        'groq',
-        'flet',
-        'tkinter',
-        'unittest',
-        'xmlrpc',
-        'pydoc',
-        'doctest',
-    ],
-    win_no_prefer_redirects=False,
-    win_private_assemblies=False,
-    cipher=block_cipher,
-    noarchive=False,
-)
-
-pyz = PYZ(a.pure, a.zipped_data, cipher=block_cipher)
-
-exe = EXE(
-    pyz,
-    a.scripts,
-    a.binaries,
-    a.zipfiles,
-    a.datas,
-    [],
-    name='ai',
-    debug=False,
-    bootloader_ignore_signals=False,
-    strip=False,
-    upx=True,
-    upx_exclude=[],
-    runtime_tmpdir=None,
-    console=True,
-    disable_windowed_traceback=False,
-    argv_emulation=False,
-    target_arch=None,
-    codesign_identity=None,
-    entitlements_file=None,
-    icon=None,
-)