create-walle 0.9.7 → 0.9.9

package/template/claude-task-manager/approval-agent.js

@@ -14,6 +14,15 @@ const dbModule = require('./db');
 const PROCEED_PATTERN = /Do you want to (proceed|make this edit to .+|create .+|overwrite .+)\??/;
 const YES_NO_PATTERN = /[>❯]\s*1\.\s*Yes/;
 
+// Delay (ms) before sending the auto-approve keystroke. Lower = faster response.
+const APPROVE_DELAY_MS = 100;
+const ENTER_DELAY_MS = 30;
+
+// Determine which option to send: "2" for "Yes, allow all" when available, "1" for plain "Yes"
+function getApproveKeystroke(context) {
+  return context.hasAllowAll ? '2' : '1';
+}
+
 // Parse the terminal buffer to extract the approval context
 function parseApprovalContext(cleanText) {
   const lines = cleanText.split('\n').map(l => l.trim()).filter(Boolean);
@@ -78,14 +87,61 @@ function parseApprovalContext(cleanText) {
   const ctxEnd = Math.min(lines.length, proceedIdx + 5); // include Yes/No options
   const fullContext = lines.slice(ctxStart, ctxEnd).join('\n');
 
+  // Detect if "2. Yes, allow all..." option is available (Edit/Write prompts)
+  let hasAllowAll = false;
+  for (let i = proceedIdx + 1; i < Math.min(proceedIdx + 8, lines.length); i++) {
+    if (/2\.\s*Yes,\s*allow all/i.test(lines[i])) { hasAllowAll = true; break; }
+  }
+
   return {
     toolName: toolName || 'Unknown',
     command: command.slice(0, 2000),
     warning: warning || '',
     fullContext: fullContext.slice(0, 2000),
+    hasAllowAll,
   };
 }
 
+// Normalize a command into a stable "signature" by extracting the command structure
+// and replacing variable parts (paths, strings, numbers) with placeholders.
+// Examples:
+//   "node -e 'console.log(1+2)'"         → "node -e <arg>"
+//   "git commit -m 'fix typo'"           → "git commit -m <arg>"
+//   "cat /Users/bob/ws/foo/bar.js"       → "cat <path>"
+//   "python3 -c 'import json; ...'"      → "python3 -c <arg>"
+//   "ls -la /some/dir"                   → "ls -la <path>"
+//   "kill -9 12345"                      → "kill -9 <num>"
+//   "curl http://localhost:3000/api"     → "curl <url>"
+function normalizeCommandSignature(toolName, command) {
+  const tool = (toolName || '').replace(/^[⏺●\s]+/, '').trim();
+  const cmd = (command || '').trim();
+  if (!cmd) return tool.toLowerCase();
+
+  // For non-Bash tools (Edit, Write, Read, etc.), signature is just the tool name
+  if (!/bash/i.test(tool)) return tool.toLowerCase();
+
+  // Extract the shell command — take first line, strip leading whitespace
+  const firstLine = cmd.split('\n')[0].trim();
+
+  let sig = firstLine
+    // Replace quoted strings (single/double/backtick) with <arg>
+    .replace(/(["'`])(?:(?!\1).)*\1/g, '<arg>')
+    // Replace URLs with <url>
+    .replace(/https?:\/\/\S+/g, '<url>')
+    // Replace absolute paths with <path>
+    .replace(/(?:\/[\w._-]+){2,}/g, '<path>')
+    // Replace standalone numbers (PIDs, ports, line numbers) with <num>
+    .replace(/\b\d{2,}\b/g, '<num>')
+    // Collapse multiple spaces
+    .replace(/\s+/g, ' ')
+    .trim();
+
+  // Limit length to prevent bloated signatures
+  if (sig.length > 150) sig = sig.slice(0, 150);
+
+  return sig.toLowerCase();
+}
+
 // Reject regex patterns that could cause catastrophic backtracking (ReDoS).
 // Looks for nested quantifiers like (a+)+, (a*)*,  (a+|b+)+ etc.
 function isSafeRegex(pattern) {
@@ -98,8 +154,20 @@ function isSafeRegex(pattern) {
   return true;
 }
 
-// Check if a learned rule already covers this situation
+// Check if a learned rule already covers this situation.
+// Two-tier matching: (1) exact signature lookup in DB (fast, O(1)),
+// then (2) regex scan over all rules (slower, backwards-compatible).
 function findMatchingRule(context) {
+  // Tier 1: Signature-based lookup (indexed, instant)
+  const signature = normalizeCommandSignature(context.toolName, context.command);
+  if (signature) {
+    try {
+      const sigRule = dbModule.findApprovalRuleBySignature(signature);
+      if (sigRule) return sigRule;
+    } catch {}
+  }
+
+  // Tier 2: Regex-based scan (backwards-compatible with existing rules)
   let rules;
   try {
     rules = dbModule.listApprovalRules();
@@ -114,8 +182,8 @@ function findMatchingRule(context) {
   for (const rule of rules) {
     if (!rule.enabled) continue;
     try {
-      if (!rule.pattern || rule.pattern.length > 200) continue; // skip overly complex patterns
-      if (!isSafeRegex(rule.pattern)) continue; // skip ReDoS-prone patterns
+      if (!rule.pattern || rule.pattern.length > 200) continue;
+      if (!isSafeRegex(rule.pattern)) continue;
       const re = new RegExp(rule.pattern, 'i');
       if (re.test(searchText) || re.test(cmdText) || re.test(warnText)) {
         return rule;
@@ -172,6 +240,14 @@ function reviewWithHeuristics(context) {
     { re: /touch\s/, label: 'Create empty file', desc: 'Create or update file timestamps' },
     { re: /cp\s/, label: 'Copy files', desc: 'Copy files or directories' },
     { re: /mv\s/, label: 'Move/rename files', desc: 'Move or rename files' },
+    { re: /curl\s+(-[sSwfkL]+\s+)*(https?:\/\/localhost|http:\/\/127\.0\.0\.1)/, label: 'Curl localhost (GET)', desc: 'Read-only HTTP requests to local dev servers' },
+    { re: /grep\s+-?[crn]/, label: 'Grep search', desc: 'Search file contents with grep' },
+    { re: /wc\s/, label: 'Word count', desc: 'Count lines/words/bytes' },
+    { re: /head\s|tail\s/, label: 'Read file head/tail', desc: 'View beginning or end of files' },
+    { re: /which\s|type\s/, label: 'Find command', desc: 'Locate commands in PATH' },
+    { re: /echo\s[^|>]+$/, label: 'Echo output', desc: 'Print text to stdout (no redirect/pipe)' },
+    { re: /find\s.*-name/, label: 'Find files', desc: 'Search for files by name' },
+    { re: /sort\s|uniq\s/, label: 'Sort/unique', desc: 'Sort or deduplicate output' },
   ];
   for (const { re, label, desc } of devSafe) {
     if (re.test(cmd)) {
@@ -181,8 +257,8 @@ function reviewWithHeuristics(context) {
     }
   }
 
-  // Default: approve with medium risk (user can review in the decisions log)
-  return { decision: 'approve', reasoning: 'No API key; auto-approved with medium risk (heuristic)', riskLevel: 'medium',
+  // Default: approve with medium risk — NOT auto-approved (sent to AI reviewer or held for user)
+  return { decision: 'approve', reasoning: 'Unrecognized command — needs review', riskLevel: 'medium', fallback: true,
     ruleLabel: context.toolName || 'Unknown', rulePattern: '',
     ruleDescription: 'Auto-approved without AI review' };
 }
@@ -310,12 +386,15 @@ async function handleApprovalCheck(sessionId, session, cleanText, broadcastFn) {
     };
 
     // Record and execute
-    try { dbModule.addApprovalDecision(decision); } catch (e) { console.error('[approval-agent] DB error:', e.message); }
+    try {
+      dbModule.addApprovalDecision(decision);
+      dbModule.incrementApprovalRuleMatch(matchingRule.id);
+    } catch (e) { console.error('[approval-agent] DB error:', e.message); }
 
-    // Send "1" for Yes then Enter
+    // Send approval keystroke ("2" for allow-all when available, "1" for plain Yes)
     setTimeout(() => {
-      session.ptyProcess.write('1');
-      setTimeout(() => session.ptyProcess.write('\r'), 50);
+      session.ptyProcess.write(getApproveKeystroke(context));
+      setTimeout(() => session.ptyProcess.write('\r'), ENTER_DELAY_MS);
       // Notify clients
       broadcastFn(sessionId, session, {
         type: 'approval-decision',
@@ -326,15 +405,15 @@ async function handleApprovalCheck(sessionId, session, cleanText, broadcastFn) {
         reasoning: decision.reasoning,
         riskLevel: decision.riskLevel,
       });
-    }, 400);
+    }, APPROVE_DELAY_MS);
 
     return true;
   }
 
   // No matching rule — check heuristics for obvious safe/dangerous patterns first
   const heuristic = reviewWithHeuristics(context);
-  if (heuristic.riskLevel === 'low') {
-    // Heuristic says it's safe — auto-approve without AI call
+  if (heuristic.riskLevel === 'low' || (heuristic.riskLevel === 'medium' && heuristic.decision === 'approve' && !heuristic.fallback)) {
+    // Low risk or medium with explicit rule match: auto-approve without AI call
     const decision = {
       sessionId,
       toolName: context.toolName,
@@ -347,14 +426,34 @@ async function handleApprovalCheck(sessionId, session, cleanText, broadcastFn) {
       riskLevel: 'low',
     };
     try { dbModule.addApprovalDecision(decision); } catch (e) { console.error('[approval-agent] DB error:', e.message); }
+
+    // Learn signature from heuristic approval so future matches use fast DB path.
+    // Only write if no signature rule exists yet (avoid DB write on every approval).
+    const heuristicSig = normalizeCommandSignature(context.toolName, context.command);
+    if (heuristicSig && heuristic.rulePattern) {
+      try {
+        if (!dbModule.findApprovalRuleBySignature(heuristicSig)) {
+          dbModule.upsertApprovalRule({
+            pattern: heuristic.rulePattern,
+            label: heuristic.ruleLabel || context.toolName,
+            description: heuristic.ruleDescription || '',
+            category: context.toolName.toLowerCase().replace(/\s+/g, '-'),
+            riskLevel: 'low',
+            enabled: true,
+            commandSignature: heuristicSig,
+          });
+        }
+      } catch {}
+    }
+
     setTimeout(() => {
-      session.ptyProcess.write('1');
-      setTimeout(() => session.ptyProcess.write('\r'), 50);
+      session.ptyProcess.write(getApproveKeystroke(context));
+      setTimeout(() => session.ptyProcess.write('\r'), ENTER_DELAY_MS);
       broadcastFn(sessionId, session, {
         type: 'approval-decision', sessionId, decision: 'approved', decidedBy: 'heuristic',
         label: heuristic.ruleLabel || context.toolName, reasoning: heuristic.reasoning, riskLevel: 'low',
       });
-    }, 400);
+    }, APPROVE_DELAY_MS);
     return true;
   }
   if (heuristic.riskLevel === 'high') {
@@ -401,23 +500,28 @@ async function handleApprovalCheck(sessionId, session, cleanText, broadcastFn) {
   try { decisionId = dbModule.addApprovalDecision(decision); } catch (e) { console.error('[approval-agent] DB error:', e.message); }
 
   if (review.decision === 'approve') {
-    // Auto-approve and learn a new rule
-    if (review.rulePattern && review.ruleLabel) {
+    // Auto-approve and learn a new rule with command signature for fast future matching
+    const signature = normalizeCommandSignature(context.toolName, context.command);
+    const rulePattern = review.rulePattern || signature || '';
+    const ruleLabel = review.ruleLabel || context.toolName || 'Unknown';
+    if (rulePattern) {
       try {
         dbModule.upsertApprovalRule({
-          pattern: review.rulePattern,
-          label: review.ruleLabel,
+          pattern: rulePattern,
+          label: ruleLabel,
           description: review.ruleDescription || '',
           category: context.toolName.toLowerCase().replace(/\s+/g, '-'),
           riskLevel: review.riskLevel || 'low',
           enabled: true,
+          commandSignature: signature,
         });
+        console.log(`[approval-agent] Learned rule: "${ruleLabel}" sig="${signature}" pattern="${rulePattern}"`);
       } catch (e) { console.error('[approval-agent] Rule save error:', e.message); }
     }
 
     setTimeout(() => {
-      session.ptyProcess.write('1');
-      setTimeout(() => session.ptyProcess.write('\r'), 50);
+      session.ptyProcess.write(getApproveKeystroke(context));
+      setTimeout(() => session.ptyProcess.write('\r'), ENTER_DELAY_MS);
       broadcastFn(sessionId, session, {
         type: 'approval-decision',
         sessionId,
@@ -427,7 +531,7 @@ async function handleApprovalCheck(sessionId, session, cleanText, broadcastFn) {
         reasoning: review.reasoning,
         riskLevel: review.riskLevel,
       });
-    }, 400);
+    }, APPROVE_DELAY_MS);
   } else {
     // Escalate to user
     broadcastFn(sessionId, session, {
@@ -449,6 +553,7 @@ async function handleApprovalCheck(sessionId, session, cleanText, broadcastFn) {
 
 module.exports = {
   parseApprovalContext,
+  normalizeCommandSignature,
   findMatchingRule,
   reviewWithAI,
   handleApprovalCheck,

package/template/claude-task-manager/atomic-write.js

@@ -0,0 +1,22 @@
+'use strict';
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * Atomic file write using tmp + rename (POSIX rename is atomic on same filesystem).
+ * Prevents read-modify-write races when multiple sessions write to .env concurrently.
+ */
+function atomicWriteFileSync(filePath, data, options) {
+  const resolved = path.resolve(filePath);
+  const tmp = resolved + '.tmp.' + process.pid + '.' + Date.now();
+  try {
+    fs.writeFileSync(tmp, data, options);
+    fs.renameSync(tmp, resolved);
+  } catch (e) {
+    // Clean up tmp file on failure
+    try { fs.unlinkSync(tmp); } catch {}
+    throw e;
+  }
+}
+
+module.exports = { atomicWriteFileSync };