dev-mcp-server 0.0.2 → 1.0.0

package/src/tasks/taskManager.js

@@ -0,0 +1,151 @@
+/**
+ * Lightweight task tracker that integrates with the query engine.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const logger = require('../utils/logger');
+
+const TASKS_FILE = path.join(process.cwd(), 'data', 'tasks.json');
+
+const STATUS = { TODO: 'todo', IN_PROGRESS: 'in_progress', DONE: 'done', BLOCKED: 'blocked' };
+const PRIORITY = { LOW: 'low', MEDIUM: 'medium', HIGH: 'high', CRITICAL: 'critical' };
+
+class TaskManager {
+    constructor() {
+        this._data = this._load();
+    }
+
+    _load() {
+        try {
+            if (fs.existsSync(TASKS_FILE)) return JSON.parse(fs.readFileSync(TASKS_FILE, 'utf-8'));
+        } catch { }
+        return { tasks: [], nextId: 1 };
+    }
+
+    _save() {
+        fs.writeFileSync(TASKS_FILE, JSON.stringify(this._data, null, 2));
+    }
+
+    /**
+     * Create a new task
+     */
+    create(options = {}) {
+        const {
+            title,
+            description = '',
+            priority = PRIORITY.MEDIUM,
+            tags = [],
+            linkedFiles = [],
+            linkedQuery = null,
+            assignee = null,
+        } = options;
+
+        if (!title) throw new Error('Task title is required');
+
+        const task = {
+            id: this._data.nextId++,
+            title: title.trim(),
+            description: description.trim(),
+            status: STATUS.TODO,
+            priority,
+            tags,
+            linkedFiles,
+            linkedQuery,
+            assignee,
+            createdAt: new Date().toISOString(),
+            updatedAt: new Date().toISOString(),
+            completedAt: null,
+            notes: [],
+        };
+
+        this._data.tasks.push(task);
+        this._save();
+        logger.info(`[Tasks] Created #${task.id}: ${task.title}`);
+        return task;
+    }
+
+    /**
+     * Update a task
+     */
+    update(id, updates = {}) {
+        const task = this._data.tasks.find(t => t.id === id);
+        if (!task) throw new Error(`Task #${id} not found`);
+
+        const allowed = ['title', 'description', 'status', 'priority', 'tags', 'linkedFiles', 'assignee'];
+        for (const key of allowed) {
+            if (updates[key] !== undefined) task[key] = updates[key];
+        }
+
+        task.updatedAt = new Date().toISOString();
+        if (updates.status === STATUS.DONE && !task.completedAt) {
+            task.completedAt = new Date().toISOString();
+        }
+
+        this._save();
+        return task;
+    }
+
+    /**
+     * Add a note to a task
+     */
+    addNote(id, note) {
+        const task = this._data.tasks.find(t => t.id === id);
+        if (!task) throw new Error(`Task #${id} not found`);
+        task.notes.push({ text: note, addedAt: new Date().toISOString() });
+        task.updatedAt = new Date().toISOString();
+        this._save();
+        return task;
+    }
+
+    /**
+     * Get tasks with optional filters
+     */
+    list(filters = {}) {
+        let tasks = [...this._data.tasks];
+        if (filters.status) tasks = tasks.filter(t => t.status === filters.status);
+        if (filters.priority) tasks = tasks.filter(t => t.priority === filters.priority);
+        if (filters.tags?.length) tasks = tasks.filter(t => filters.tags.some(tag => t.tags.includes(tag)));
+        if (filters.assignee) tasks = tasks.filter(t => t.assignee === filters.assignee);
+        if (!filters.includeDone) tasks = tasks.filter(t => t.status !== STATUS.DONE);
+
+        // Sort: critical > high > medium > low, then by date
+        const priorityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+        tasks.sort((a, b) => {
+            const pdiff = (priorityOrder[a.priority] || 2) - (priorityOrder[b.priority] || 2);
+            if (pdiff !== 0) return pdiff;
+            return new Date(b.createdAt) - new Date(a.createdAt);
+        });
+
+        return tasks;
+    }
+
+    get(id) {
+        return this._data.tasks.find(t => t.id === id) || null;
+    }
+
+    delete(id) {
+        const before = this._data.tasks.length;
+        this._data.tasks = this._data.tasks.filter(t => t.id !== id);
+        this._save();
+        return before !== this._data.tasks.length;
+    }
+
+    getStats() {
+        const tasks = this._data.tasks;
+        const byStatus = {};
+        const byPriority = {};
+        for (const t of tasks) {
+            byStatus[t.status] = (byStatus[t.status] || 0) + 1;
+            byPriority[t.priority] = (byPriority[t.priority] || 0) + 1;
+        }
+        return {
+            total: tasks.length,
+            byStatus,
+            byPriority,
+            overdue: tasks.filter(t => t.status !== STATUS.DONE && t.dueDate && new Date(t.dueDate) < new Date()).length,
+        };
+    }
+}
+
+module.exports = { TaskManager: new TaskManager(), STATUS, PRIORITY };

package/src/tools/BashTool.js

@@ -0,0 +1,154 @@
+/**
+ * BashTool — executes shell commands with a permission model.
+ * Supports: allow-once, allow-session, deny, auto-approve safe commands.
+ */
+
+const { execSync, exec } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const logger = require('../utils/logger');
+
+// Commands that are always safe to run without asking
+const SAFE_COMMANDS = new Set([
+    'ls', 'pwd', 'echo', 'cat', 'head', 'tail', 'wc', 'grep', 'find',
+    'git status', 'git log', 'git diff', 'git branch', 'git show',
+    'node --version', 'npm list', 'npm outdated', 'npx --version',
+    'which', 'env', 'printenv', 'date', 'uname', 'whoami', 'hostname',
+]);
+
+// Commands that are always dangerous — never auto-approve
+const DANGEROUS_PATTERNS = [
+    /rm\s+-rf?\s+\//,
+    /sudo\s+rm/,
+    />\s*\/dev\/(sd|hd|nvme)/,
+    /mkfs\./,
+    /dd\s+if=/,
+    /chmod\s+-R\s+777\s+\//,
+    /curl.*(sh|bash)\s*\|.*sh/,
+    /wget.*(sh|bash)\s*\|.*sh/,
+    /:(){ :|:& };:/,   // fork bomb
+];
+
+const PERMISSION_FILE = path.join(process.cwd(), 'data', 'bash-permissions.json');
+
+class BashTool {
+    constructor() {
+        this._sessionPermissions = new Map(); // command -> 'allow' | 'deny'
+        this._loadPersisted();
+    }
+
+    _loadPersisted() {
+        try {
+            if (fs.existsSync(PERMISSION_FILE)) {
+                const data = JSON.parse(fs.readFileSync(PERMISSION_FILE, 'utf-8'));
+                // Only load 'always-allow' entries (not session ones)
+                for (const [cmd, perm] of Object.entries(data.alwaysAllow || {})) {
+                    this._sessionPermissions.set(cmd, 'allow');
+                }
+            }
+        } catch { }
+    }
+
+    _savePersisted() {
+        const alwaysAllow = {};
+        for (const [cmd, perm] of this._sessionPermissions.entries()) {
+            if (perm === 'allow-always') alwaysAllow[cmd] = true;
+        }
+        fs.writeFileSync(PERMISSION_FILE, JSON.stringify({ alwaysAllow }, null, 2));
+    }
+
+    /**
+     * Check permission level for a command.
+     * Returns: 'auto-safe' | 'session-allowed' | 'needs-approval' | 'dangerous'
+     */
+    checkPermission(command) {
+        const cmd = command.trim();
+
+        // Check dangerous patterns first
+        for (const pattern of DANGEROUS_PATTERNS) {
+            if (pattern.test(cmd)) return 'dangerous';
+        }
+
+        // Check if first token is a safe command
+        const firstToken = cmd.split(/\s+/)[0];
+        if (SAFE_COMMANDS.has(firstToken) || SAFE_COMMANDS.has(cmd.slice(0, 20))) {
+            return 'auto-safe';
+        }
+
+        // Check session/persisted permissions
+        if (this._sessionPermissions.has(cmd)) {
+            return 'session-allowed';
+        }
+
+        return 'needs-approval';
+    }
+
+    /**
+     * Grant permission for a command (session or always)
+     */
+    grantPermission(command, level = 'session') {
+        if (level === 'always') {
+            this._sessionPermissions.set(command.trim(), 'allow-always');
+            this._savePersisted();
+        } else {
+            this._sessionPermissions.set(command.trim(), 'allow');
+        }
+    }
+
+    /**
+     * Execute a command and return { stdout, stderr, exitCode, durationMs }
+     */
+    async execute(command, options = {}) {
+        const { cwd = process.cwd(), timeout = 30000, env = {} } = options;
+
+        const permission = this.checkPermission(command);
+
+        if (permission === 'dangerous') {
+            throw new Error(`⛔ Dangerous command blocked: ${command}`);
+        }
+
+        if (permission === 'needs-approval' && !options.approved) {
+            return {
+                needsApproval: true,
+                command,
+                permission,
+                message: `Command requires approval: ${command}`,
+            };
+        }
+
+        const start = Date.now();
+        logger.info(`[BashTool] exec: ${command.slice(0, 100)}`);
+
+        return new Promise((resolve) => {
+            exec(command, {
+                cwd,
+                timeout,
+                env: { ...process.env, ...env },
+                maxBuffer: 10 * 1024 * 1024, // 10MB
+            }, (error, stdout, stderr) => {
+                const durationMs = Date.now() - start;
+                resolve({
+                    stdout: stdout || '',
+                    stderr: stderr || '',
+                    exitCode: error ? (error.code || 1) : 0,
+                    durationMs,
+                    command,
+                    timedOut: error?.killed || false,
+                });
+            });
+        });
+    }
+
+    /**
+     * Execute and throw if non-zero exit
+     */
+    async executeOrThrow(command, options = {}) {
+        const result = await this.execute(command, { ...options, approved: true });
+        if (result.exitCode !== 0) {
+            throw new Error(`Command failed (exit ${result.exitCode}): ${result.stderr || result.stdout}`);
+        }
+        return result;
+    }
+}
+
+module.exports = new BashTool();

package/src/tools/FileEditTool.js

@@ -0,0 +1,280 @@
+/**
+ * The most powerful tool in the system: applies AI-suggested edits to actual files.
+ *
+ * Safety model:
+ *  1. Always creates a .bak before editing
+ *  2. Validates the edit would produce a syntactically valid change
+ *  3. Supports three edit modes: str_replace, insert_after, full_rewrite
+ *  4. Dry-run mode shows the diff without writing
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+const llm = require('../utils/llmClient');
+const logger = require('../utils/logger');
+const costTracker = require('../utils/costTracker');
+
+// Max file size we'll edit (safety check)
+const MAX_EDIT_SIZE = 200 * 1024; // 200KB
+
+class FileEditTool {
+    /**
+     * Apply a string replacement edit to a file.
+     *
+     * @param {string} filePath   - Absolute or relative path
+     * @param {string} oldStr     - Exact string to find (must be unique in the file)
+     * @param {string} newStr     - Replacement string
+     * @param {object} opts       - { dryRun, backup }
+     */
+    async strReplace(filePath, oldStr, newStr, opts = {}) {
+        const { dryRun = false, backup = true } = opts;
+        const abs = path.resolve(filePath);
+
+        this._assertSafe(abs);
+        const original = fs.readFileSync(abs, 'utf-8');
+
+        const occurrences = this._countOccurrences(original, oldStr);
+        if (occurrences === 0) {
+            throw new Error(`str_replace: oldStr not found in ${path.basename(abs)}`);
+        }
+        if (occurrences > 1) {
+            throw new Error(`str_replace: oldStr found ${occurrences} times — must be unique. Add more context around it.`);
+        }
+
+        const edited = original.replace(oldStr, newStr);
+        const diff = this._diffSummary(original, edited, abs);
+
+        if (dryRun) {
+            return { dryRun: true, diff, filePath: abs, wouldChange: original !== edited };
+        }
+
+        if (backup) this._backup(abs, original);
+        fs.writeFileSync(abs, edited, 'utf-8');
+
+        logger.info(`[FileEdit] str_replace in ${path.basename(abs)} (+${this._lineCount(newStr)} -${this._lineCount(oldStr)} lines)`);
+        return { success: true, filePath: abs, diff, linesAdded: this._lineCount(newStr), linesRemoved: this._lineCount(oldStr), backedUp: backup };
+    }
+
+    /**
+     * Insert text after a specific line number or after a matching string.
+     */
+    async insertAfter(filePath, afterStr, insertText, opts = {}) {
+        const { dryRun = false, backup = true } = opts;
+        const abs = path.resolve(filePath);
+
+        this._assertSafe(abs);
+        const original = fs.readFileSync(abs, 'utf-8');
+
+        if (!original.includes(afterStr)) {
+            throw new Error(`insert_after: anchor string not found in ${path.basename(abs)}`);
+        }
+
+        const edited = original.replace(afterStr, afterStr + '\n' + insertText);
+        const diff = this._diffSummary(original, edited, abs);
+
+        if (dryRun) return { dryRun: true, diff, filePath: abs };
+
+        if (backup) this._backup(abs, original);
+        fs.writeFileSync(abs, edited, 'utf-8');
+
+        logger.info(`[FileEdit] insert_after in ${path.basename(abs)}`);
+        return { success: true, filePath: abs, diff, backedUp: backup };
+    }
+
+    /**
+     * Full file rewrite. Use sparingly — prefers str_replace for smaller edits.
+     */
+    async rewrite(filePath, newContent, opts = {}) {
+        const { dryRun = false, backup = true } = opts;
+        const abs = path.resolve(filePath);
+
+        this._assertSafe(abs);
+
+        let original = '';
+        if (fs.existsSync(abs)) {
+            original = fs.readFileSync(abs, 'utf-8');
+        }
+
+        const diff = this._diffSummary(original, newContent, abs);
+
+        if (dryRun) return { dryRun: true, diff, filePath: abs };
+
+        if (backup && original) this._backup(abs, original);
+        fs.mkdirSync(path.dirname(abs), { recursive: true });
+        fs.writeFileSync(abs, newContent, 'utf-8');
+
+        logger.info(`[FileWrite] wrote ${path.basename(abs)} (${newContent.length} chars)`);
+        return { success: true, filePath: abs, diff, isNew: !original, backedUp: backup && !!original };
+    }
+
+    /**
+     * AI-powered edit: describe what to change, LLM generates the edit.
+     *
+     * This is the killer feature — "add error handling to getUserById"
+     * and it will find the function, understand it, and apply the change.
+     */
+    async aiEdit(filePath, instruction, opts = {}) {
+        const { dryRun = false, sessionId = 'default' } = opts;
+        const abs = path.resolve(filePath);
+
+        this._assertSafe(abs);
+        const content = fs.readFileSync(abs, 'utf-8');
+        const filename = path.basename(abs);
+
+        logger.info(`[FileEdit] AI edit: "${instruction.slice(0, 60)}" on ${filename}`);
+
+        const response = await llm.chat({
+            model: llm.model('smart'),
+            max_tokens: 2000,
+            system: `You are a precise code editor. Apply the instruction to the file and return ONLY the edited file content.
+Rules:
+- Make the MINIMAL change that satisfies the instruction
+- Preserve all existing code, formatting, and style
+- Do NOT add explanations or markdown code fences
+- Return the COMPLETE file content (not just the changed part)
+- If you cannot safely make the change, return: ERROR: <reason>`,
+            messages: [{
+                role: 'user',
+                content: `File: ${filename}\nInstruction: ${instruction}\n\nCurrent content:\n${content}`,
+            }],
+        });
+
+        costTracker.record({
+            model: llm.model('smart'),
+            inputTokens: response.usage.input_tokens,
+            outputTokens: response.usage.output_tokens,
+            sessionId,
+            queryType: 'file-edit',
+        });
+
+        const newContent = response.content[0].text;
+
+        if (newContent.startsWith('ERROR:')) {
+            throw new Error(newContent);
+        }
+
+        const diff = this._diffSummary(content, newContent, abs);
+
+        if (dryRun) {
+            return { dryRun: true, diff, filePath: abs, instruction };
+        }
+
+        return this.rewrite(abs, newContent, { backup: true });
+    }
+
+    /**
+     * Undo the last edit by restoring from backup
+     */
+    undo(filePath) {
+        const abs = path.resolve(filePath);
+        const backupPath = abs + '.bak';
+
+        if (!fs.existsSync(backupPath)) {
+            throw new Error(`No backup found for ${path.basename(abs)}`);
+        }
+
+        const backup = fs.readFileSync(backupPath, 'utf-8');
+        const current = fs.readFileSync(abs, 'utf-8');
+
+        fs.writeFileSync(abs, backup, 'utf-8');
+        fs.unlinkSync(backupPath);
+
+        logger.info(`[FileEdit] Undone: ${path.basename(abs)}`);
+        return { success: true, filePath: abs, restoredLength: backup.length };
+    }
+
+    /**
+     * Read a file (FileReadTool equivalent)
+     */
+    read(filePath, opts = {}) {
+        const { startLine, endLine, maxChars = 50000 } = opts;
+        const abs = path.resolve(filePath);
+
+        if (!fs.existsSync(abs)) throw new Error(`File not found: ${abs}`);
+
+        let content = fs.readFileSync(abs, 'utf-8');
+
+        if (startLine || endLine) {
+            const lines = content.split('\n');
+            const start = (startLine || 1) - 1;
+            const end = endLine || lines.length;
+            content = lines.slice(start, end).join('\n');
+        }
+
+        if (content.length > maxChars) {
+            content = content.slice(0, maxChars) + `\n... [truncated at ${maxChars} chars]`;
+        }
+
+        return {
+            filePath: abs,
+            filename: path.basename(abs),
+            content,
+            lines: content.split('\n').length,
+            size: fs.statSync(abs).size,
+        };
+    }
+
+    // ── Private helpers ─────────────────────────────────────────────────────────
+
+    _assertSafe(abs) {
+        if (!fs.existsSync(abs) && !abs.endsWith('.js') && !abs.endsWith('.ts') && !abs.endsWith('.json') && !abs.endsWith('.md')) {
+            // Allow creating new files with known extensions, but existing files must exist for edits
+        }
+        if (fs.existsSync(abs)) {
+            const stat = fs.statSync(abs);
+            if (stat.size > MAX_EDIT_SIZE) throw new Error(`File too large to edit (${(stat.size / 1024).toFixed(0)}KB > ${MAX_EDIT_SIZE / 1024}KB)`);
+        }
+        // Prevent editing outside cwd
+        const cwd = process.cwd();
+        if (!abs.startsWith(cwd) && !abs.startsWith('/home') && !abs.startsWith('/tmp')) {
+            throw new Error(`Safety: refusing to edit outside working directory: ${abs}`);
+        }
+    }
+
+    _backup(abs, content) {
+        fs.writeFileSync(abs + '.bak', content, 'utf-8');
+    }
+
+    _countOccurrences(str, sub) {
+        let count = 0;
+        let pos = 0;
+        while ((pos = str.indexOf(sub, pos)) !== -1) { count++; pos += sub.length; }
+        return count;
+    }
+
+    _lineCount(text) {
+        return (text || '').split('\n').length;
+    }
+
+    _diffSummary(original, edited, filePath) {
+        const origLines = original.split('\n');
+        const editLines = edited.split('\n');
+        const added = editLines.length - origLines.length;
+
+        // Simple unified-diff-like summary
+        const changes = [];
+        const maxLines = Math.max(origLines.length, editLines.length);
+        let inChange = false;
+
+        for (let i = 0; i < Math.min(maxLines, 200); i++) {
+            const o = origLines[i] || '';
+            const e = editLines[i] || '';
+            if (o !== e) {
+                if (!inChange) { changes.push(`@@ line ${i + 1} @@`); inChange = true; }
+                if (o) changes.push(`- ${o}`);
+                if (e) changes.push(`+ ${e}`);
+            } else {
+                inChange = false;
+            }
+        }
+
+        return {
+            summary: `${Math.abs(added)} line(s) ${added >= 0 ? 'added' : 'removed'} in ${path.basename(filePath)}`,
+            changes: changes.slice(0, 50),
+            linesChanged: changes.filter(l => l.startsWith('+') || l.startsWith('-')).length,
+        };
+    }
+}
+
+module.exports = new FileEditTool();