create-walle 0.9.11 → 0.9.13

package/template/wall-e/coding/instruction-service.js

@@ -0,0 +1,224 @@
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const os = require('node:os');
+
+const DEFAULT_INSTRUCTION_FILES = ['AGENTS.md', 'CLAUDE.md', 'CONTEXT.md'];
+const DEFAULT_TIMEOUT_MS = 1500;
+const _loadedByScope = new Map();
+
+class InstructionService {
+  constructor({
+    instructionFiles = DEFAULT_INSTRUCTION_FILES,
+    configured = [],
+    fetchImpl = globalThis.fetch,
+    timeoutMs = DEFAULT_TIMEOUT_MS,
+  } = {}) {
+    this.instructionFiles = instructionFiles;
+    this.configured = configured;
+    this.fetchImpl = fetchImpl;
+    this.timeoutMs = timeoutMs;
+  }
+
+  getSystemInstructions({ projectRoot = process.cwd(), includeGlobal = true } = {}) {
+    const instructions = [];
+    const project = this._firstExisting(projectRoot, this.instructionFiles);
+    if (project) instructions.push(project);
+
+    if (includeGlobal) {
+      for (const candidate of [
+        path.join(os.homedir(), '.walle', 'instructions.md'),
+        path.join(os.homedir(), '.claude', 'CLAUDE.md'),
+      ]) {
+        const loaded = readInstruction(candidate);
+        if (loaded) instructions.push(loaded);
+      }
+    }
+    return dedupeInstructions(instructions);
+  }
+
+  discoverForRead(filePath, {
+    projectRoot = process.cwd(),
+    sessionId = '',
+    messageId = '',
+    dedupe = true,
+  } = {}) {
+    const scope = `${sessionId || 'global'}:${messageId || 'session'}`;
+    return this.discoverForFile(filePath, projectRoot, { scope, dedupe, skipPath: filePath });
+  }
+
+  discoverForFile(filePath, projectRoot = process.cwd(), { scope = '', dedupe = false, skipPath = '' } = {}) {
+    const resolvedRoot = realpathBestEffort(projectRoot);
+    const resolvedFile = realpathBestEffort(filePath);
+    let dir = fs.existsSync(resolvedFile) && fs.statSync(resolvedFile).isDirectory()
+      ? resolvedFile
+      : path.dirname(resolvedFile);
+    const found = [];
+    const loaded = scope ? getLoadedSet(scope) : null;
+
+    while (isWithin(resolvedRoot, dir)) {
+      for (const name of this.instructionFiles) {
+        const candidate = path.join(dir, name);
+        if (path.resolve(candidate) === path.resolve(skipPath || '')) continue;
+        const instruction = readInstruction(candidate);
+        if (!instruction) continue;
+        if (dedupe && loaded?.has(instruction.path)) continue;
+        found.push(instruction);
+        if (dedupe) loaded?.add(instruction.path);
+      }
+      const parent = path.dirname(dir);
+      if (parent === dir) break;
+      dir = parent;
+    }
+    return {
+      instructions: dedupeInstructions(found),
+      loadedPaths: found.map((item) => item.path),
+    };
+  }
+
+  async loadConfiguredInstructions() {
+    const out = [];
+    for (const entry of this.configured || []) {
+      if (!entry) continue;
+      if (/^https?:\/\//i.test(entry)) {
+        const loaded = await this._fetchInstruction(entry);
+        if (loaded) out.push(loaded);
+      } else if (entry.includes('*')) {
+        for (const filePath of expandGlob(entry)) {
+          const loaded = readInstruction(filePath);
+          if (loaded) out.push(loaded);
+        }
+      } else {
+        const loaded = readInstruction(entry);
+        if (loaded) out.push(loaded);
+      }
+    }
+    return dedupeInstructions(out);
+  }
+
+  async _fetchInstruction(url) {
+    if (typeof this.fetchImpl !== 'function') return null;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+    try {
+      const response = await this.fetchImpl(url, { signal: controller.signal });
+      if (!response?.ok) return null;
+      const content = await response.text();
+      return { path: url, content };
+    } catch {
+      return null;
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+
+  _firstExisting(root, names) {
+    for (const name of names) {
+      const loaded = readInstruction(path.join(root, name));
+      if (loaded) return loaded;
+    }
+    return null;
+  }
+}
+
+function readInstruction(filePath) {
+  try {
+    if (!fs.existsSync(filePath)) return null;
+    const stat = fs.statSync(filePath);
+    if (!stat.isFile()) return null;
+    return {
+      path: path.resolve(filePath),
+      content: fs.readFileSync(filePath, 'utf8'),
+    };
+  } catch {
+    return null;
+  }
+}
+
+function dedupeInstructions(instructions) {
+  const seen = new Set();
+  const out = [];
+  for (const item of instructions || []) {
+    if (!item?.path || seen.has(item.path)) continue;
+    seen.add(item.path);
+    out.push(item);
+  }
+  return out;
+}
+
+function getLoadedSet(scope) {
+  if (!_loadedByScope.has(scope)) _loadedByScope.set(scope, new Set());
+  return _loadedByScope.get(scope);
+}
+
+function isWithin(root, target) {
+  return target === root || target.startsWith(root + path.sep);
+}
+
+function realpathBestEffort(filePath) {
+  try {
+    return fs.realpathSync(filePath);
+  } catch {
+    return path.resolve(filePath);
+  }
+}
+
+function expandGlob(pattern) {
+  const absolutePattern = path.resolve(pattern);
+  const firstGlob = absolutePattern.search(/[*?]/);
+  const base = firstGlob === -1
+    ? path.dirname(absolutePattern)
+    : nearestExistingParent(absolutePattern.slice(0, firstGlob));
+  const regex = globToRegExp(absolutePattern);
+  const matches = [];
+  walkFiles(base, (filePath) => {
+    if (regex.test(path.resolve(filePath))) matches.push(filePath);
+  });
+  return matches;
+}
+
+function nearestExistingParent(prefix) {
+  let dir = prefix.endsWith(path.sep) ? prefix.slice(0, -1) : path.dirname(prefix);
+  while (dir && dir !== path.dirname(dir)) {
+    if (fs.existsSync(dir)) return dir;
+    dir = path.dirname(dir);
+  }
+  return fs.existsSync(dir) ? dir : process.cwd();
+}
+
+function walkFiles(dir, visit) {
+  let entries;
+  try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+  for (const entry of entries) {
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      if (entry.name === 'node_modules' || entry.name === '.git') continue;
+      walkFiles(full, visit);
+    } else if (entry.isFile()) {
+      visit(full);
+    }
+  }
+}
+
+function globToRegExp(pattern) {
+  const escaped = path.resolve(pattern)
+    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+    .replace(/\*\*/g, '<<GLOBSTAR>>')
+    .replace(/\*/g, '[^/]*')
+    .replace(/\?/g, '[^/]')
+    .replace(/<<GLOBSTAR>>/g, '.*');
+  return new RegExp(`^${escaped}$`);
+}
+
+function resetInstructionDedupe() {
+  _loadedByScope.clear();
+}
+
+module.exports = {
+  InstructionService,
+  DEFAULT_INSTRUCTION_FILES,
+  DEFAULT_TIMEOUT_MS,
+  resetInstructionDedupe,
+  expandGlob,
+};

package/template/wall-e/coding/model-message.js

@@ -0,0 +1,67 @@
+'use strict';
+
+const crypto = require('node:crypto');
+
+function newId(prefix = 'msg') {
+  return `${prefix}_${crypto.randomUUID ? crypto.randomUUID() : crypto.randomBytes(16).toString('hex')}`;
+}
+
+function textFromContent(content) {
+  if (!content) return '';
+  if (typeof content === 'string') return content;
+  if (Array.isArray(content)) {
+    return content.map((part) => {
+      if (!part) return '';
+      if (typeof part === 'string') return part;
+      return part.text || part.content || '';
+    }).filter(Boolean).join('\n');
+  }
+  if (typeof content === 'object') {
+    if (content.text != null) return textFromContent(content.text);
+    if (content.content != null) return textFromContent(content.content);
+    try { return JSON.stringify(content); } catch { return String(content); }
+  }
+  return String(content);
+}
+
+function normalizeToolCall(call = {}, index = 0) {
+  return {
+    id: call.id || call.toolCallId || call.tool_use_id || newId(`tool_${index}`),
+    name: call.name || call.tool || call.function?.name || '',
+    input: call.input || call.arguments || call.function?.arguments || {},
+  };
+}
+
+function assistantMessageFromResponse(response = {}) {
+  const toolCalls = (response.toolCalls || []).map(normalizeToolCall);
+  const content = [];
+  if (response.reasoningContent) content.push({ type: 'reasoning', text: response.reasoningContent });
+  if (response.content) content.push({ type: 'text', text: textFromContent(response.content) });
+  for (const call of toolCalls) {
+    content.push({ type: 'tool_use', id: call.id, name: call.name, input: call.input });
+  }
+  return {
+    role: 'assistant',
+    content: content.length === 1 && content[0].type === 'text' ? content[0].text : content,
+  };
+}
+
+function toolResultMessage(toolResults = []) {
+  return {
+    role: 'user',
+    content: toolResults.map((result) => ({
+      type: 'tool_result',
+      tool_use_id: result.toolCallId || result.id,
+      content: textFromContent(result.content ?? result.result ?? result.error ?? ''),
+      is_error: Boolean(result.error),
+    })),
+  };
+}
+
+module.exports = {
+  newId,
+  textFromContent,
+  normalizeToolCall,
+  assistantMessageFromResponse,
+  toolResultMessage,
+};

package/template/wall-e/coding/permission-rules-store.js

@@ -0,0 +1,111 @@
+'use strict';
+
+const path = require('node:path');
+const { wildcardMatch } = require('../tools/permission-rules');
+
+const KV_PREFIX = 'permission:always:';
+const _memoryRules = new Map();
+
+class PermissionRulesStore {
+  constructor({ brain = null, namespace = KV_PREFIX } = {}) {
+    this.brain = brain;
+    this.namespace = namespace;
+  }
+
+  list(projectRoot = '') {
+    return this._load(projectRoot);
+  }
+
+  addAlways({ projectRoot = '', permission, pattern = '*', tool = '', metadata = {} } = {}) {
+    if (!permission) throw new Error('permission is required');
+    const rules = this._load(projectRoot);
+    const normalized = {
+      permission,
+      pattern,
+      tool,
+      metadata,
+      createdAt: new Date().toISOString(),
+    };
+    const exists = rules.some((rule) =>
+      rule.permission === normalized.permission &&
+      rule.pattern === normalized.pattern &&
+      rule.tool === normalized.tool
+    );
+    if (!exists) {
+      rules.push(normalized);
+      this._save(projectRoot, rules);
+    }
+    return normalized;
+  }
+
+  findAlways({ projectRoot = '', permission, pattern = '*', tool = '' } = {}) {
+    const roots = uniqueRoots(projectRoot);
+    for (const root of roots) {
+      for (const rule of this._load(root)) {
+        if (tool && rule.tool && rule.tool !== tool) continue;
+        if (wildcardMatch(permission || '', rule.permission || '*') && wildcardMatch(pattern || '', rule.pattern || '*')) {
+          return rule;
+        }
+      }
+    }
+    return null;
+  }
+
+  _load(projectRoot = '') {
+    const key = this._key(projectRoot);
+    const raw = this._getKv(key);
+    if (!raw) return [];
+    try {
+      const parsed = JSON.parse(raw);
+      return Array.isArray(parsed) ? parsed : [];
+    } catch {
+      return [];
+    }
+  }
+
+  _save(projectRoot = '', rules = []) {
+    this._setKv(this._key(projectRoot), JSON.stringify(rules));
+  }
+
+  _key(projectRoot = '') {
+    return this.namespace + normalizeRoot(projectRoot || 'global');
+  }
+
+  _getKv(key) {
+    if (this.brain?.getKv) return this.brain.getKv(key);
+    try {
+      const brain = require('../brain');
+      if (brain?.getKv) return brain.getKv(key);
+    } catch {}
+    return _memoryRules.get(key) || '';
+  }
+
+  _setKv(key, value) {
+    if (this.brain?.setKv) return this.brain.setKv(key, value);
+    try {
+      const brain = require('../brain');
+      if (brain?.setKv) return brain.setKv(key, value);
+    } catch {}
+    _memoryRules.set(key, value);
+    return null;
+  }
+}
+
+function normalizeRoot(projectRoot) {
+  if (!projectRoot || projectRoot === 'global') return 'global';
+  return path.resolve(projectRoot);
+}
+
+function uniqueRoots(projectRoot) {
+  const roots = [normalizeRoot(projectRoot), 'global'];
+  return [...new Set(roots)];
+}
+
+function clearMemoryRules() {
+  _memoryRules.clear();
+}
+
+module.exports = {
+  PermissionRulesStore,
+  clearMemoryRules,
+};

package/template/wall-e/coding/permission-service.js

@@ -0,0 +1,266 @@
+'use strict';
+
+const crypto = require('node:crypto');
+const path = require('node:path');
+const { checkPermission } = require('../tools/permission-checker');
+const { analyzeShellCommand, initParser: initShellParser } = require('../tools/shell-analyzer');
+const { PermissionRulesStore } = require('./permission-rules-store');
+const { inferPatchPaths } = require('./snapshot-service');
+
+const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000;
+const _sharedPending = new Map();
+
+class PermissionService {
+  constructor({
+    events = null,
+    rulesStore = null,
+    timeoutMs = DEFAULT_TIMEOUT_MS,
+    headlessPolicy = 'reject',
+    evaluatePermission = checkPermission,
+  } = {}) {
+    this.events = events;
+    this.rulesStore = rulesStore || new PermissionRulesStore();
+    this.timeoutMs = timeoutMs;
+    this.headlessPolicy = headlessPolicy;
+    this.evaluatePermission = evaluatePermission;
+    this.pending = _sharedPending;
+  }
+
+  async authorize({ sessionId = '', tool, input = {}, cwd = '', projectRoot = '', mode = '', metadata = {}, timeoutMs, headless = false } = {}) {
+    const requests = await buildToolPermissionRequests(tool, input, {
+      cwd,
+      projectRoot: projectRoot || cwd,
+      sessionId,
+      mode,
+      metadata,
+    });
+    if (requests.length === 0) return { decision: 'allow', source: 'default', reason: 'No permission required' };
+
+    for (const request of requests) {
+      const evaluated = await this.evaluatePermission(request.check);
+      if (evaluated.decision === 'allow') continue;
+      if (evaluated.decision === 'deny') {
+        return { ...evaluated, request };
+      }
+
+      const always = this.rulesStore.findAlways({
+        projectRoot: request.projectRoot,
+        permission: request.permission,
+        pattern: request.pattern,
+        tool: request.tool,
+      });
+      if (always) {
+        continue;
+      }
+
+      if (headless || (timeoutMs ?? this.timeoutMs) === 0) {
+        return {
+          decision: this.headlessPolicy === 'allow' ? 'allow' : 'deny',
+          source: 'headless',
+          reason: `Permission required for ${request.permission}/${request.pattern}`,
+          request,
+        };
+      }
+
+      const reply = await this.ask({
+        ...request,
+        sessionId,
+        metadata: { ...metadata, ...request.metadata, evaluated },
+        timeoutMs,
+      });
+      if (reply.decision !== 'allow') return { ...reply, request };
+    }
+
+    return { decision: 'allow', source: 'permissions', reason: 'Permission checks passed' };
+  }
+
+  ask({ sessionId = '', permission, pattern = '*', patterns = null, tool = '', metadata = {}, timeoutMs } = {}) {
+    if (!permission) throw new Error('permission is required');
+    const id = `perm_${crypto.randomUUID().slice(0, 8)}`;
+    const effectiveTimeout = timeoutMs ?? this.timeoutMs;
+
+    return new Promise((resolve) => {
+      const timer = effectiveTimeout > 0
+        ? setTimeout(() => this._expire(id), effectiveTimeout)
+        : null;
+      const entry = {
+        id,
+        sessionId,
+        permission,
+        pattern,
+        patterns: patterns || [pattern],
+        tool,
+        metadata,
+        createdAt: Date.now(),
+        timer,
+        resolve,
+      };
+      this.pending.set(id, entry);
+      this._emit('permission.asked', publicEntry(entry));
+    });
+  }
+
+  reply({ requestId, reply, message = '' } = {}) {
+    const entry = this.pending.get(requestId);
+    if (!entry) return false;
+    const decision = reply === 'once' || reply === 'always' ? 'allow' : 'deny';
+    this._resolveEntry(entry, { decision, reply, message, source: 'user' });
+    if (reply === 'always') {
+      const rule = this.rulesStore.addAlways({
+        projectRoot: entry.metadata.projectRoot || '',
+        permission: entry.permission,
+        pattern: entry.pattern,
+        tool: entry.tool,
+        metadata: { message },
+      });
+      this._resolveCompatibleAlways(entry, rule, message);
+    }
+    return true;
+  }
+
+  list({ sessionId = '' } = {}) {
+    const out = [];
+    for (const entry of this.pending.values()) {
+      if (sessionId && entry.sessionId !== sessionId) continue;
+      out.push(publicEntry(entry));
+    }
+    return out;
+  }
+
+  clear({ sessionId = '' } = {}) {
+    for (const entry of [...this.pending.values()]) {
+      if (sessionId && entry.sessionId !== sessionId) continue;
+      this._resolveEntry(entry, { decision: 'deny', reply: 'reject', message: 'Permission request cleared', source: 'clear' });
+    }
+  }
+
+  _resolveCompatibleAlways(sourceEntry, rule, message) {
+    for (const entry of [...this.pending.values()]) {
+      if (entry.id === sourceEntry.id) continue;
+      if (entry.permission !== sourceEntry.permission) continue;
+      if (entry.tool !== sourceEntry.tool) continue;
+      if ((entry.metadata.projectRoot || '') !== (sourceEntry.metadata.projectRoot || '')) continue;
+      if (entry.pattern !== sourceEntry.pattern) continue;
+      this._resolveEntry(entry, { decision: 'allow', reply: 'always', message, source: 'always', rule });
+    }
+  }
+
+  _resolveEntry(entry, result) {
+    if (entry.timer) clearTimeout(entry.timer);
+    this.pending.delete(entry.id);
+    this._emit('permission.replied', { ...publicEntry(entry), result });
+    entry.resolve(result);
+  }
+
+  _expire(id) {
+    const entry = this.pending.get(id);
+    if (!entry) return;
+    this._resolveEntry(entry, {
+      decision: 'deny',
+      reply: 'timeout',
+      message: 'Permission request timed out',
+      source: 'timeout',
+    });
+  }
+
+  _emit(type, payload) {
+    if (this.events?.emit) this.events.emit(type, payload);
+  }
+}
+
+async function buildToolPermissionRequests(tool, input = {}, { cwd = '', projectRoot = '', sessionId = '', mode = '', metadata = {} } = {}) {
+  const root = path.resolve(projectRoot || cwd || process.cwd());
+  const base = { sessionId, tool, projectRoot: root, metadata: { ...metadata, projectRoot: root } };
+  if (!tool) return [];
+
+  if (tool === 'run_shell') {
+    const command = input.command || '';
+    await initShellParser();
+    const analysis = await analyzeShellCommand(command, input.cwd || cwd || root);
+    const commandTokens = analysis.commandTokens.length > 0 ? analysis.commandTokens[0] : undefined;
+    const pattern = commandTokens && commandTokens.length > 0 ? `${commandTokens[0]} *` : `${String(command).split(/\s+/)[0] || '*'} *`;
+    return [{
+      ...base,
+      permission: 'bash',
+      pattern,
+      metadata: { ...base.metadata, command, commandTokens },
+      check: { tool: 'run_shell', command, commandTokens, projectPath: root, sessionId, mode },
+    }];
+  }
+
+  if (tool === 'read_file') {
+    const filePath = resolveInputPath(input.file_path || input.path || '', root);
+    return [fileRequest({ ...base, permission: 'read', pattern: filePath, filePath, mode })];
+  }
+
+  if (tool === 'write_file' || tool === 'edit_file' || tool === 'multi_edit') {
+    const filePath = resolveInputPath(input.file_path || input.path || '', root);
+    return [fileRequest({ ...base, tool, permission: 'edit', pattern: filePath, filePath, mode })];
+  }
+
+  if (tool === 'apply_patch') {
+    const files = inferPatchPaths(input.patch_text || input.patch || '', root);
+    return files.map((filePath) => fileRequest({ ...base, tool, permission: 'edit', pattern: filePath, filePath, mode }));
+  }
+
+  if (['applescript', 'claude_code', 'mail_send', 'slack_send_message'].includes(tool)) {
+    return [{
+      ...base,
+      permission: tool,
+      pattern: '*',
+      check: { tool, command: '', args: [], projectPath: root, sessionId, mode },
+    }];
+  }
+
+  return [];
+}
+
+function fileRequest({ sessionId, tool, projectRoot, permission, pattern, filePath, mode, metadata }) {
+  const checkTool = permission === 'read' ? 'read_file' : 'edit_file';
+  return {
+    sessionId,
+    tool,
+    projectRoot,
+    permission,
+    pattern,
+    metadata: { ...metadata, filePath, projectRoot },
+    check: { tool: checkTool, command: filePath, args: [], projectPath: projectRoot, sessionId, mode },
+  };
+}
+
+function resolveInputPath(filePath, root) {
+  if (!filePath) return '';
+  return path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(root, filePath);
+}
+
+function publicEntry(entry) {
+  return {
+    id: entry.id,
+    sessionId: entry.sessionId,
+    permission: entry.permission,
+    pattern: entry.pattern,
+    patterns: entry.patterns,
+    tool: entry.tool,
+    metadata: entry.metadata,
+    createdAt: entry.createdAt,
+  };
+}
+
+function getDefaultPermissionService() {
+  return new PermissionService();
+}
+
+function clearPendingPermissions() {
+  for (const entry of _sharedPending.values()) {
+    if (entry.timer) clearTimeout(entry.timer);
+  }
+  _sharedPending.clear();
+}
+
+module.exports = {
+  PermissionService,
+  buildToolPermissionRequests,
+  getDefaultPermissionService,
+  clearPendingPermissions,
+  DEFAULT_TIMEOUT_MS,
+};