cowork-cli 0.0.1 → 0.2.8

package/src/engine/tools/webFetch.js

@@ -0,0 +1,154 @@
+import { lookup } from 'node:dns/promises';
+import { URL } from 'node:url';
+import ipaddr from 'ipaddr.js';
+
+const MAX_CHARS = 15000;
+const TIMEOUT_MS = 10000;
+const MAX_REDIRECTS = 5;
+
+/**
+ * Checks if a hostname resolves to a private or reserved IP address.
+ */
+async function validateUrlSafety(url) {
+  try {
+    const parsedUrl = new URL(url);
+    
+    // Enforce protocol
+    if (parsedUrl.protocol !== 'http:' && parsedUrl.protocol !== 'https:') {
+      throw new Error(`Unsupported protocol: ${parsedUrl.protocol}`);
+    }
+
+    const hostname = parsedUrl.hostname;
+
+    // Resolve hostname to IP addresses
+    // This also handles cases where hostname is already an IP address
+    const addresses = await lookup(hostname, { all: true });
+
+    if (addresses.length === 0) {
+      throw new Error(`Could not resolve hostname: ${hostname}`);
+    }
+
+    for (const addr of addresses) {
+      if (!ipaddr.isValid(addr.address)) continue;
+      
+      const parsedAddr = ipaddr.parse(addr.address);
+      let addrToTest = parsedAddr;
+      
+      // IPv4-mapped IPv6 handling
+      if (parsedAddr instanceof ipaddr.IPv6 && parsedAddr.isIPv4MappedAddress()) {
+        addrToTest = parsedAddr.toIPv4Address();
+      }
+
+      // Check range
+      const range = addrToTest.range();
+      
+      // We only allow 'unicast' for public internet access.
+      // This blocks: 'private', 'loopback', 'linkLocal', 'multicast', 'reserved', etc.
+      if (range !== 'unicast') {
+        return { safe: false, reason: `Address ${addr.address} (${range}) is not allowed.` };
+      }
+
+      // Explicitly block IANA benchmark range (198.18.0.0/15)
+      if (addrToTest instanceof ipaddr.IPv4) {
+        const [benchmarkRange, mask] = ipaddr.parseCIDR('198.18.0.0/15');
+        if (addrToTest.match(benchmarkRange, mask)) {
+          return { safe: false, reason: `Address ${addr.address} is in a reserved benchmark range.` };
+        }
+      }
+    }
+    return { safe: true };
+  } catch (err) {
+    throw new Error(`Safety validation failed: ${err.message}`);
+  }
+}
+
+/**
+ * webFetch tool implementation.
+ * Hardened with manual redirect following and SSRF protection at every hop.
+ */
+export default async function webFetch({ url }) {
+  let currentUrl = url;
+  let redirectCount = 0;
+
+  try {
+    while (redirectCount <= MAX_REDIRECTS) {
+      // 1. Safety Check for the current hop
+      const validation = await validateUrlSafety(currentUrl);
+      if (!validation.safe) {
+        throw new Error(`SSRF Protection: ${validation.reason}`);
+      }
+
+      // 2. Fetch with Timeout and manual redirect handling
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
+
+      const response = await fetch(currentUrl, {
+        method: 'GET',
+        signal: controller.signal,
+        redirect: 'manual', // We handle redirects manually for safety
+        headers: {
+          'User-Agent': 'cowork-cli/0.1 (Analyst Tool; SSRF-Protected)',
+          'Accept': 'text/html,application/xhtml+xml,application/json,text/plain'
+        }
+      });
+
+      clearTimeout(timeoutId);
+
+      // 3. Handle Redirects
+      if ([301, 302, 303, 307, 308].includes(response.status)) {
+        const location = response.headers.get('location');
+        if (!location) {
+          throw new Error(`Redirect status ${response.status} received without Location header.`);
+        }
+        
+        // Resolve relative redirects
+        currentUrl = new URL(location, currentUrl).href;
+        redirectCount++;
+        continue; 
+      }
+
+      if (!response.ok) {
+        throw new Error(`HTTP error! status: ${response.status}`);
+      }
+
+      // 4. Process Response
+      let text = await response.text();
+      const contentType = response.headers.get('content-type') || '';
+
+      // 5. HTML Stripping (Aggressive for context awareness)
+      if (contentType.includes('text/html')) {
+        text = text
+          .replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '')
+          .replace(/<style\b[^<]*(?:(?!<\/style>)<[^<]*)*<\/style>/gi, '')
+          .replace(/<nav\b[^<]*(?:(?!<\/nav>)<[^<]*)*<\/nav>/gi, '')
+          .replace(/<header\b[^<]*(?:(?!<\/header>)<[^<]*)*<\/header>/gi, '')
+          .replace(/<footer\b[^<]*(?:(?!<\/footer>)<[^<]*)*<\/footer>/gi, '')
+          .replace(/<aside\b[^<]*(?:(?!<\/aside>)<[^<]*)*<\/aside>/gi, '')
+          .replace(/<[^>]+>/g, ' ')
+          .replace(/\s+/g, ' ')
+          .trim();
+      } else if (contentType.includes('application/json')) {
+        try {
+          text = JSON.stringify(JSON.parse(text), null, 2);
+        } catch (e) {
+          // Fallback to raw text if JSON parsing fails
+        }
+      }
+
+      // 6. Context Awareness: Truncation
+      if (text.length > MAX_CHARS) {
+        text = text.slice(0, MAX_CHARS) + "\n\n[Warning: Output truncated to fit context limits]";
+      }
+
+      return text;
+    }
+
+    throw new Error(`Too many redirects (max ${MAX_REDIRECTS})`);
+
+  } catch (err) {
+    if (err.name === 'AbortError') {
+      return `Error: Request timed out after ${TIMEOUT_MS}ms`;
+    }
+    return `Error: ${err.message}`;
+  }
+}

package/src/main.js

@@ -0,0 +1,50 @@
+import show_help from "./utils/helpMsg.js";
+import clientLoader from "./engine/client.js";
+import runQuery from "./engine/run.js";
+import { loadConfig, verifyConnectivity } from "./utils/configManager.js";
+import { logger } from "./utils/logger.js";
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const PKG_PATH = path.join(__dirname, '../package.json');
+
+/**
+ * Main entry point for the cwk CLI.
+ * @param {string[]} args Command line arguments.
+ */
+export default async function main(args) {
+  // Handle empty arguments or help flags
+  if (args.length === 0 || args[0] === '-h' || args[0] === '--help') {
+    show_help();
+    return;
+  }
+
+  // Handle version flags
+  if (args[0] === '-v' || args[0] === '--version') {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(PKG_PATH, 'utf8'));
+      console.log(`cwk version ${pkg.version}`);
+    } catch (e) {
+      logger.error("Error reading version from package.json");
+    }
+    return;
+  }
+
+  // Handle query execution
+  const query = args[0];
+  const config = loadConfig();
+
+  // clientLoader handles config validation and throws if invalid
+  const client = clientLoader();
+  
+  // Silent connectivity check: logs only on failure
+  const isConnected = await verifyConnectivity(client);
+  if (!isConnected) {
+    process.exitCode = 1;
+    return;
+  }
+
+  await runQuery(client, config, query);
+}

package/src/utils/configManager.js

@@ -0,0 +1,71 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import dotenv from 'dotenv';
+import { logger } from './logger.js';
+
+const CONFIG_PATH = path.join(os.homedir(), '.env');
+
+/**
+ * Loads the user configuration from ~/.env file.
+ * @returns {Object|null} The configuration object or null if it doesn't exist or is invalid.
+ */
+export const loadConfig = () => {
+  try {
+    if (fs.existsSync(CONFIG_PATH)) {
+      const content = fs.readFileSync(CONFIG_PATH, 'utf8');
+      const envConfig = dotenv.parse(content);
+      
+      const config = {
+        model_name: envConfig.CWK_MODEL_NAME || envConfig.BTW_MODEL_NAME || envConfig.MODEL_NAME,
+        model_url: envConfig.CWK_MODEL_URL || envConfig.BTW_MODEL_URL || envConfig.MODEL_URL,
+        model_api_key: envConfig.CWK_MODEL_API_KEY || envConfig.BTW_MODEL_API_KEY || envConfig.MODEL_API_KEY,
+        model_type: envConfig.CWK_MODEL_TYPE || envConfig.BTW_MODEL_TYPE || envConfig.MODEL_TYPE
+      };
+
+      // Remove undefined/empty values
+      const filteredConfig = Object.fromEntries(
+        Object.entries(config).filter(([_, v]) => v !== undefined && v !== '')
+      );
+
+      if (Object.keys(filteredConfig).length > 0) {
+        return filteredConfig;
+      }
+    }
+  } catch (err) {
+    logger.error(`Error loading configuration from ~/.env: ${err.message}`);
+  }
+  return null;
+};
+
+/**
+ * Validates the configuration object.
+ * @param {Object} config The configuration object to validate.
+ * @returns {boolean} True if valid, false otherwise.
+ */
+export const validateConfig = (config) => {
+  if (!config) return false;
+  const requiredKeys = ['model_name', 'model_url', 'model_api_key', 'model_type'];
+  const hasAllKeys = requiredKeys.every(key => config[key] && config[key].trim() !== '');
+  
+  if (!hasAllKeys) return false;
+
+  const validTypes = ['openai', 'gemini'];
+  return validTypes.includes(config.model_type.toLowerCase());
+};
+
+/**
+ * Verifies the connectivity and credentials by listing models.
+ * @param {Object} client The initialized OpenAI client.
+ * @returns {Promise<boolean>} True if connectivity is verified, false otherwise.
+ */
+export const verifyConnectivity = async (client) => {
+  try {
+    // This call verifies both the API Key and the Base URL
+    await client.models.list();
+    return true;
+  } catch (err) {
+    logger.error(`Connection verification failed: ${err.message}`);
+    return false;
+  }
+};

package/src/utils/fsUtils.js

@@ -0,0 +1,37 @@
+import fs from 'fs/promises';
+import path from 'path';
+
+const DEFAULT_IGNORES = ['.git', 'node_modules', 'dist', 'build', '.npm', '.DS_Store'];
+
+/**
+ * Loads .gitignore patterns from the current working directory.
+ * @returns {Promise<string[]>} Array of ignore patterns.
+ */
+export async function getIgnorePatterns() {
+  const ignoreList = [...DEFAULT_IGNORES];
+  try {
+    const gitignorePath = path.join(process.cwd(), '.gitignore');
+    const content = await fs.readFile(gitignorePath, 'utf8');
+    const lines = content.split('\n')
+      .map(l => l.trim())
+      .filter(l => l && !l.startsWith('#'));
+    ignoreList.push(...lines);
+  } catch (e) {
+    // Ignore if not found or unreadable
+  }
+  return ignoreList;
+}
+
+/**
+ * Checks if a file or directory should be ignored.
+ * @param {string} name Item name.
+ * @param {string[]} ignoreList List of patterns.
+ * @returns {boolean}
+ */
+export function shouldIgnore(name, ignoreList) {
+  for (const ignore of ignoreList) {
+    const pattern = ignore.endsWith('/') ? ignore.slice(0, -1) : ignore;
+    if (name === pattern) return true;
+  }
+  return false;
+}

package/src/utils/helpMsg.js

@@ -0,0 +1,23 @@
+import { formatMain, formatSecondary, formatNormal } from './logger.js';
+
+const helpMsg = `${formatMain('cwk - Ask AI from your terminal')}
+
+${formatSecondary('Usage:')}
+  ${formatNormal('cwk "<query>"         Ask a question to your configured AI model.')}
+  ${formatNormal('cwk -v, --version     Show version information.')}
+  ${formatNormal('cwk -h, --help        Show this help message.')}
+
+${formatSecondary('Examples:')}
+  ${formatNormal('cwk "How do I list files in Node.js?"')}
+  ${formatNormal('cwk -h')}
+
+${formatSecondary('Configuration:')}
+  ${formatNormal('Provide API settings in your ~/.env file using these keys:')}
+  ${formatNormal('  CWK_MODEL_NAME=gpt-4')}
+  ${formatNormal('  CWK_MODEL_URL=https://api.openai.com/v1')}
+  ${formatNormal('  CWK_MODEL_API_KEY=your_key_here')}
+  ${formatNormal('  CWK_MODEL_TYPE=openai')}`;
+
+export default function show_help() {
+  console.log(helpMsg);
+}

package/src/utils/logger.js

@@ -0,0 +1,45 @@
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const configPath = path.join(__dirname, '../configs/config.json');
+
+let config;
+try {
+  config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+} catch (e) {
+  // Fallback config if file is missing or invalid
+  config = {
+    accents: {
+      orangex: "#D97757",
+      greyx: "#808080",
+      resetx: "#FFFFFF"
+    }
+  };
+}
+
+function hexToAnsi(hex) {
+  const r = parseInt(hex.slice(1, 3), 16);
+  const g = parseInt(hex.slice(3, 5), 16);
+  const b = parseInt(hex.slice(5, 7), 16);
+  return `\x1b[38;2;${r};${g};${b}m`;
+}
+
+const colors = {
+  main: hexToAnsi(config.accents.orangex),
+  secondary: hexToAnsi(config.accents.greyx),
+  normal: hexToAnsi(config.accents.resetx),
+  reset: '\x1b[0m'
+};
+
+export const formatMain = (text) => `${colors.main}${text}${colors.reset}`;
+export const formatSecondary = (text) => `${colors.secondary}${text}${colors.reset}`;
+export const formatNormal = (text) => `${colors.normal}${text}${colors.reset}`;
+
+export const logger = {
+  main: (msg) => console.log(formatMain(msg)),
+  secondary: (msg) => console.log(formatSecondary(msg)),
+  normal: (msg) => console.log(formatNormal(msg)),
+  error: (msg) => console.error(formatMain(msg))
+};

package/src/utils/outputFormatter.js

@@ -0,0 +1,72 @@
+/**
+ * Wraps text to the current terminal width without breaking words unless necessary.
+ * Dynamically detects terminal width and preserves whitespace/indentation.
+ * @param {string} text The text to format.
+ * @param {number} [overrideWidth] Optional manual width override.
+ * @returns {string} The formatted text.
+ */
+export function outputFormatted(text, overrideWidth) {
+  if (!text) return '';
+  
+  // Dynamically determine width (fallback to 80 if not detectable)
+  const width = overrideWidth || process.stdout.columns || 80;
+  
+  const lines = text.split('\n');
+  const wrappedLines = lines.map(line => {
+    if (line.length <= width) return line;
+
+    // Split by whitespace but keep the whitespace as tokens
+    const tokens = line.split(/(\s+)/);
+    const result = [];
+    let currentLine = '';
+
+    for (const token of tokens) {
+      if (!token) continue;
+
+      // If adding this token exceeds width
+      if ((currentLine + token).length > width) {
+        
+        // If it's a long word (not whitespace) that exceeds the entire width
+        if (token.length > width && !/^\s+$/.test(token)) {
+          // If we have content in currentLine, push it first
+          if (currentLine) {
+            result.push(currentLine.trimEnd());
+            currentLine = '';
+          }
+          
+          // Force-break the long word
+          let remainingWord = token;
+          while (remainingWord.length > width) {
+            result.push(remainingWord.substring(0, width));
+            remainingWord = remainingWord.substring(width);
+          }
+          currentLine = remainingWord;
+        } 
+        // If it's whitespace that causes overflow, just wrap to next line
+        else if (/^\s+$/.test(token)) {
+          if (currentLine) {
+            result.push(currentLine.trimEnd());
+            currentLine = '';
+          }
+          // Do not start a new line with just spaces if it was leading spaces for a wrapped line
+          // (Unless they are the very first spaces on a line, which we handled)
+        }
+        // If it's a normal word that exceeds width, push currentLine and start new with this word
+        else {
+          if (currentLine) {
+            result.push(currentLine.trimEnd());
+          }
+          currentLine = token;
+        }
+      } else {
+        // Just append the token (word or whitespace)
+        currentLine += token;
+      }
+    }
+    
+    if (currentLine) result.push(currentLine.trimEnd());
+    return result.join('\n');
+  });
+
+  return wrappedLines.join('\n');
+}

package/src/utils/ui.js

@@ -0,0 +1,68 @@
+import { formatSecondary } from './logger.js';
+
+/**
+ * A minimalist terminal spinner that uses text-based dot animations.
+ */
+export class Spinner {
+  constructor() {
+    this.frames = ['', '.', '..', '...'];
+    this.interval = null;
+    this.currentFrame = 0;
+    this.text = '';
+    this.isSpinning = false;
+  }
+
+  /**
+   * Starts the spinner with a base message.
+   */
+  start(text) {
+    if (this.isSpinning) this.stop(true);
+    process.stdout.write('\x1b[?25l'); // Hide cursor
+    this.text = text;
+    this.isSpinning = true;
+    this.render();
+    this.interval = setInterval(() => {
+      this.currentFrame = (this.currentFrame + 1) % this.frames.length;
+      this.render();
+    }, 400); // Slower interval for dot cycle
+  }
+
+  /**
+   * Updates the base text message.
+   */
+  update(text) {
+    this.text = text;
+    if (this.isSpinning) this.render();
+  }
+
+  /**
+   * Stops the spinner and restores the cursor.
+   * @param {boolean} clear If true, clears the entire line.
+   */
+  stop(clear = true) {
+    if (!this.isSpinning) {
+      process.stdout.write('\x1b[?25h'); // Ensure cursor is shown
+      return;
+    }
+    clearInterval(this.interval);
+    this.isSpinning = false;
+    if (clear) {
+      process.stdout.write('\r\x1b[K'); // Clear entire line
+    } else {
+      process.stdout.write('\n'); 
+    }
+    process.stdout.write('\x1b[?25h'); // Show cursor
+    this.currentFrame = 0;
+  }
+
+  /**
+   * @private
+   */
+  render() {
+    const dots = this.frames[this.currentFrame];
+    // Renders the text followed by the cycling dots
+    process.stdout.write(`\r\x1b[K${formatSecondary(`${this.text}${dots}`)}`);
+  }
+}
+
+export const spinner = new Spinner();

package/index.js

@@ -1,2 +0,0 @@
-#!/usr/bin/env node
-console.log("Coming soon!");