droid-mode 0.0.1

package/templates/skills/droid-mode/lib/run.mjs

@@ -0,0 +1,213 @@
+import fs from "node:fs";
+import path from "node:path";
+import vm from "node:vm";
+import { nowIsoCompact, sha256Hex, safeIdentifier, ensureDir, getDroidModeDataDir, writeJson } from "./util.mjs";
+
+/**
+ * Static, best-effort disallow list for sandboxed workflows.
+ * This is not meant to be perfect security; it is intended to prevent accidental escalation.
+ */
+const DEFAULT_BANNED_PATTERNS = [
+  /\brequire\s*\(/,
+  /\bimport\s+/,
+  /\bprocess\b/,
+  /\bchild_process\b/,
+  /\bfs\b/,
+  /\bnet\b/,
+  /\bhttp\b/,
+  /\bhttps\b/,
+  /\bfetch\b/,
+  /\beval\s*\(/,
+  /\bFunction\s*\(/,
+  /\bWebAssembly\b/,
+];
+
+/**
+ * @param {string} source
+ * @param {{ allowUnsafe?: boolean }} opts
+ */
+export function validateWorkflowSource(source, opts = {}) {
+  if (opts.allowUnsafe) return;
+  for (const re of DEFAULT_BANNED_PATTERNS) {
+    if (re.test(source)) {
+      throw new Error(
+        `Workflow source contains a disallowed pattern (${re}).\n` +
+          `This runner executes workflows in a restricted sandbox; ` +
+          `use MCP tools via the provided 't' / 'tools' objects.`
+      );
+    }
+  }
+}
+
+/**
+ * Create tool functions for the sandbox.
+ * @param {{
+ *   client: import("./mcp_client.mjs").McpClient,
+ *   toolNames: string[],
+ *   perCallTimeoutMs?: number,
+ *   maxRetries?: number,
+ *   trace: any[],
+ * }} opts
+ */
+export function createToolApi(opts) {
+  const perCallTimeoutMs =
+    typeof opts.perCallTimeoutMs === "number" ? opts.perCallTimeoutMs : 60_000;
+  const maxRetries = typeof opts.maxRetries === "number" ? opts.maxRetries : 3;
+
+  const call = async (name, args) => {
+    const startedAt = new Date();
+    const argsStr = JSON.stringify(args ?? {});
+    const traceItem = {
+      tool: name,
+      argsKeys: args && typeof args === "object" ? Object.keys(args) : [],
+      argsSha256: sha256Hex(argsStr),
+      startedAt: startedAt.toISOString(),
+      durationMs: null,
+      isError: null,
+      retries: 0,
+    };
+    opts.trace.push(traceItem);
+
+    let lastError;
+    for (let attempt = 1; attempt <= maxRetries; attempt++) {
+      try {
+        const res = await opts.client.callTool({
+          name,
+          arguments: args ?? {},
+          timeoutMs: perCallTimeoutMs,
+        });
+        traceItem.isError = !!res?.isError;
+        traceItem.durationMs = new Date() - startedAt;
+        traceItem.retries = attempt - 1;
+        traceItem.resultSummary = {
+          hasStructured: !!res?.structured,
+          textLength: (res?.text || "").length,
+        };
+        return res.structured ?? (res.text ? { text: res.text } : res.raw);
+      } catch (err) {
+        lastError = err;
+        traceItem.retries = attempt;
+        if (attempt < maxRetries) {
+          const delay = Math.min(1000 * Math.pow(2, attempt - 1), 5000);
+          await new Promise((r) => setTimeout(r, delay));
+        }
+      }
+    }
+
+    traceItem.isError = true;
+    traceItem.durationMs = new Date() - startedAt;
+    traceItem.error = String(lastError?.message || lastError);
+    throw lastError;
+  };
+
+  // safe-name wrapper map
+  const t = {};
+  const toolmap = {};
+
+  for (const toolName of opts.toolNames) {
+    const safe = safeIdentifier(toolName);
+    toolmap[safe] = toolName;
+    t[safe] = (args) => call(toolName, args);
+  }
+
+  const tools = {
+    call,
+    // raw mapping by original tool names as well (tools["tool-name"](args))
+    ...Object.fromEntries(opts.toolNames.map((n) => [n, (args) => call(n, args)])),
+  };
+
+  return { t, tools, toolmap, call };
+}
+
+/**
+ * Execute a workflow file inside a restricted vm context.
+ * Workflow file MUST set global `workflow = async () => { ... }`.
+ * @param {{
+ *   workflowPath: string,
+ *   toolApi: { t: any, tools: any, toolmap: any },
+ *   timeoutMs?: number,
+ *   allowUnsafe?: boolean,
+ * }} opts
+ */
+export async function executeWorkflow(opts) {
+  const timeoutMs = typeof opts.timeoutMs === "number" ? opts.timeoutMs : 5 * 60_000;
+
+  const source = fs.readFileSync(opts.workflowPath, "utf-8");
+  validateWorkflowSource(source, { allowUnsafe: opts.allowUnsafe });
+
+  const logs = [];
+  const log = (...args) => {
+    const line = args.map((a) => (typeof a === "string" ? a : JSON.stringify(a))).join(" ");
+    logs.push(line);
+  };
+
+  const sandbox = {
+    // Provide only the API surface we want.
+    t: opts.toolApi.t,
+    tools: opts.toolApi.tools,
+    toolmap: opts.toolApi.toolmap,
+    log,
+    console: { log }, // convenience
+    // Helpers
+    sleep: (ms) => new Promise((r) => setTimeout(r, ms)),
+    assert: (cond, msg) => {
+      if (!cond) throw new Error(msg || "Assertion failed");
+    },
+    workflow: undefined,
+  };
+
+  // Create context with code generation from strings disabled where supported.
+  const context = vm.createContext(sandbox, {
+    name: "droid-mode-workflow",
+    codeGeneration: { strings: false, wasm: false },
+  });
+
+  const script = new vm.Script(source, { filename: path.basename(opts.workflowPath) });
+
+  // This timeout only applies to synchronous execution of the top-level script.
+  script.runInContext(context, { timeout: 1_000 });
+
+  if (typeof sandbox.workflow !== "function") {
+    throw new Error(
+      `Workflow file must assign an async function to global variable 'workflow'.\n` +
+        `Example:\n  workflow = async () => { return { ok: true } }`
+    );
+  }
+
+  const resultPromise = Promise.resolve().then(() => sandbox.workflow());
+  const timed = Promise.race([
+    resultPromise,
+    new Promise((_, reject) => setTimeout(() => reject(new Error(`Workflow timed out after ${timeoutMs}ms`)), timeoutMs)),
+  ]);
+
+  const result = await timed;
+  return { result, logs };
+}
+
+/**
+ * Persist a run artifact in the droid-mode data dir.
+ * @param {{
+ *   serverName: string,
+ *   workflowPath: string,
+ *   tools: string[],
+ *   output: any,
+ *   trace: any[],
+ * }} opts
+ */
+export function writeRunArtifact(opts) {
+  const dataDir = getDroidModeDataDir();
+  const ts = nowIsoCompact();
+  const outDir = path.join(dataDir, "runs", opts.serverName, ts);
+  ensureDir(outDir);
+  const payload = {
+    serverName: opts.serverName,
+    workflowPath: opts.workflowPath,
+    tools: opts.tools,
+    finishedAt: new Date().toISOString(),
+    output: opts.output,
+    trace: opts.trace,
+  };
+  const file = path.join(outDir, "run.json");
+  writeJson(file, payload);
+  return { outDir, file };
+}

package/templates/skills/droid-mode/lib/search.mjs

@@ -0,0 +1,67 @@
+import { safeIdentifier } from "./util.mjs";
+
+/** @param {string} s */
+function tokenize(s) {
+  return (s || "")
+    .toLowerCase()
+    .split(/[^a-z0-9]+/g)
+    .filter(Boolean);
+}
+
+/**
+ * Very lightweight ranking for tool search.
+ * @param {{name?:string,title?:string,description?:string}} tool
+ * @param {string[]} qTokens
+ * @param {string} qRaw
+ */
+function score(tool, qTokens, qRaw) {
+  const name = (tool?.name || "").toLowerCase();
+  const title = (tool?.title || "").toLowerCase();
+  const desc = (tool?.description || "").toLowerCase();
+
+  let s = 0;
+
+  if (qRaw && name.includes(qRaw)) s += 10;
+  if (qRaw && title.includes(qRaw)) s += 5;
+  if (qRaw && desc.includes(qRaw)) s += 3;
+
+  for (const tok of qTokens) {
+    if (name.includes(tok)) s += 4;
+    if (title.includes(tok)) s += 2;
+    if (desc.includes(tok)) s += 1;
+  }
+
+  // Prefer shorter tool names (minor)
+  s += Math.max(0, 2 - name.length / 30);
+
+  return s;
+}
+
+/**
+ * Search tools.
+ * @param {any[]} tools
+ * @param {string} query
+ * @param {{ limit?: number }} opts
+ */
+export function searchTools(tools, query, opts = {}) {
+  const limit = typeof opts.limit === "number" ? opts.limit : 8;
+  const qRaw = (query || "").trim().toLowerCase();
+  const qTokens = tokenize(query);
+
+  const ranked = (tools || [])
+    .map((t) => ({
+      tool: t,
+      score: score(t, qTokens, qRaw),
+    }))
+    .filter((x) => x.score > 0)
+    .sort((a, b) => b.score - a.score)
+    .slice(0, limit);
+
+  return ranked.map((r) => ({
+    name: r.tool?.name || "",
+    title: r.tool?.title || "",
+    description: (r.tool?.description || "").replace(/\s+/g, " ").trim(),
+    score: r.score,
+    safeName: safeIdentifier(r.tool?.name || ""),
+  }));
+}

package/templates/skills/droid-mode/lib/tool_index.mjs

@@ -0,0 +1,89 @@
+import path from "node:path";
+import { getDroidModeDataDir, readJsonFileIfExists, writeJson } from "./util.mjs";
+
+/**
+ * @param {import("./mcp_client.mjs").McpClient} client
+ */
+export async function fetchAllTools(client) {
+  const tools = [];
+  let cursor = undefined;
+  for (let i = 0; i < 10_000; i++) {
+    const res = await client.listTools({ cursor, timeoutMs: 60_000 });
+    if (Array.isArray(res?.tools)) tools.push(...res.tools);
+    cursor = res?.nextCursor;
+    if (!cursor) break;
+  }
+  return tools;
+}
+
+/**
+ * Load cached tools, optionally refresh if stale.
+ * @param {{
+ *   serverName: string,
+ *   client: import("./mcp_client.mjs").McpClient,
+ *   refresh?: boolean,
+ *   maxAgeMs?: number,
+ * }} opts
+ */
+export async function getToolsCached(opts) {
+  const dataDir = getDroidModeDataDir();
+  const cacheFile = path.join(dataDir, "cache", opts.serverName, "tools.json");
+  const maxAgeMs = typeof opts.maxAgeMs === "number" ? opts.maxAgeMs : 30 * 60 * 1000; // 30 minutes
+
+  if (!opts.refresh) {
+    const cached = readJsonFileIfExists(cacheFile);
+    if (cached?.fetchedAt && Array.isArray(cached?.tools)) {
+      const age = Date.now() - new Date(cached.fetchedAt).getTime();
+      if (!Number.isNaN(age) && age < maxAgeMs) {
+        return { tools: cached.tools, cacheFile, cached: true, meta: cached };
+      }
+    }
+  }
+
+  // Refresh
+  await opts.client.init();
+  const tools = await fetchAllTools(opts.client);
+  const payload = {
+    fetchedAt: new Date().toISOString(),
+    serverName: opts.serverName,
+    protocolVersion: opts.client.negotiatedProtocolVersion,
+    serverInfo: opts.client.serverInfo,
+    capabilities: opts.client.serverCapabilities,
+    tools,
+  };
+  writeJson(cacheFile, payload);
+  return { tools, cacheFile, cached: false, meta: payload };
+}
+
+/**
+ * Extract required parameters from a tool's inputSchema.
+ * @param {any} tool
+ * @returns {string[]}
+ */
+function getRequiredParams(tool) {
+  const schema = tool?.inputSchema;
+  if (!schema) return [];
+  const required = schema.required || [];
+  return Array.isArray(required) ? required : [];
+}
+
+/**
+ * Return a compact tool list for display.
+ * @param {any[]} tools
+ * @param {{ includeParams?: boolean }} opts
+ */
+export function compactToolSummaries(tools, opts = {}) {
+  const includeParams = opts.includeParams !== false; // default true
+  return (tools || []).map((t) => {
+    const summary = {
+      name: t?.name || "",
+      title: t?.title || "",
+      description: (t?.description || "").replace(/\s+/g, " ").trim().slice(0, 200),
+    };
+    if (includeParams) {
+      const required = getRequiredParams(t);
+      summary.requires = required.length > 0 ? required.join(", ") : "-";
+    }
+    return summary;
+  });
+}

package/templates/skills/droid-mode/lib/util.mjs

@@ -0,0 +1,160 @@
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import crypto from "node:crypto";
+
+/** @returns {string} */
+export function nowIsoCompact() {
+  const d = new Date();
+  const pad = (n) => String(n).padStart(2, "0");
+  return `${d.getFullYear()}${pad(d.getMonth() + 1)}${pad(d.getDate())}-${pad(
+    d.getHours()
+  )}${pad(d.getMinutes())}${pad(d.getSeconds())}`;
+}
+
+/** @param {string} s */
+export function sha256Hex(s) {
+  return crypto.createHash("sha256").update(s).digest("hex");
+}
+
+/**
+ * Convert a tool name (often snake_case or kebab-case) to a safe camelCase identifier.
+ * @param {string} toolName
+ */
+export function safeIdentifier(toolName) {
+  const cleaned = toolName
+    .replace(/[^a-zA-Z0-9_ -]/g, " ")
+    .trim()
+    .replace(/[-\s]+/g, "_");
+  const parts = cleaned.split("_").filter(Boolean);
+  if (!parts.length) return "tool";
+  const [first, ...rest] = parts;
+  const camel =
+    first.toLowerCase() +
+    rest.map((p) => p.charAt(0).toUpperCase() + p.slice(1).toLowerCase()).join("");
+  // Ensure identifier starts with a letter or underscore.
+  if (/^[a-zA-Z_]/.test(camel)) return camel;
+  return "_" + camel;
+}
+
+/**
+ * Lightweight CLI args parser (supports: --k=v, --k v, flags, positional args).
+ * Returns { _: string[], flags: Record<string, string|boolean> }.
+ * @param {string[]} argv
+ */
+export function parseArgs(argv) {
+  const out = { _: [], flags: {} };
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (!a.startsWith("--")) {
+      out._.push(a);
+      continue;
+    }
+    const eq = a.indexOf("=");
+    if (eq !== -1) {
+      const k = a.slice(2, eq);
+      const v = a.slice(eq + 1);
+      out.flags[k] = v;
+      continue;
+    }
+    const k = a.slice(2);
+    const next = argv[i + 1];
+    if (next && !next.startsWith("--")) {
+      out.flags[k] = next;
+      i++;
+    } else {
+      out.flags[k] = true;
+    }
+  }
+  return out;
+}
+
+/** @param {string} p */
+export function ensureDir(p) {
+  fs.mkdirSync(p, { recursive: true });
+}
+
+/** @param {string} filePath */
+export function readJsonFileIfExists(filePath) {
+  try {
+    if (!fs.existsSync(filePath)) return null;
+    const txt = fs.readFileSync(filePath, "utf-8");
+    return JSON.parse(txt);
+  } catch (err) {
+    return null;
+  }
+}
+
+/**
+ * @param {string} filePath
+ * @param {any} data
+ */
+export function writeJson(filePath, data) {
+  ensureDir(path.dirname(filePath));
+  fs.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n", "utf-8");
+}
+
+/**
+ * Walk upward from cwd to find a directory containing ".factory".
+ * Returns null if not found.
+ * @param {string} startDir
+ */
+export function findProjectRoot(startDir = process.cwd()) {
+  let cur = path.resolve(startDir);
+  for (let i = 0; i < 50; i++) {
+    const candidate = path.join(cur, ".factory");
+    if (fs.existsSync(candidate) && fs.statSync(candidate).isDirectory()) return cur;
+    const parent = path.dirname(cur);
+    if (parent === cur) break;
+    cur = parent;
+  }
+  return null;
+}
+
+/**
+ * Returns the preferred working data dir:
+ * - <project>/.factory/droid-mode when in a project
+ * - ~/.factory/droid-mode otherwise
+ */
+export function getDroidModeDataDir() {
+  const root = findProjectRoot();
+  if (root) return path.join(root, ".factory", "droid-mode");
+  return path.join(os.homedir(), ".factory", "droid-mode");
+}
+
+/**
+ * Print a compact table for humans.
+ * @param {Array<Record<string, string>>} rows
+ * @param {string[]} cols
+ */
+export function printTable(rows, cols) {
+  const widths = {};
+  for (const c of cols) widths[c] = c.length;
+  for (const r of rows) {
+    for (const c of cols) widths[c] = Math.max(widths[c], String(r[c] ?? "").length);
+  }
+  const sep =
+    cols.map((c) => "-".repeat(widths[c])).join("  ") + "\n";
+  const header =
+    cols.map((c) => String(c).padEnd(widths[c])).join("  ") + "\n";
+  const body = rows
+    .map((r) => cols.map((c) => String(r[c] ?? "").padEnd(widths[c])).join("  "))
+    .join("\n");
+  process.stdout.write(header);
+  process.stdout.write(sep);
+  process.stdout.write(body + (body ? "\n" : ""));
+}
+
+/**
+ * Best-effort: remove secrets from an env object for logging.
+ * @param {Record<string,string>|undefined|null} envObj
+ */
+export function redactEnvForDisplay(envObj) {
+  if (!envObj) return {};
+  const out = {};
+  for (const [k, v] of Object.entries(envObj)) {
+    const isSecret = /(key|token|secret|password|auth|bearer)/i.test(k);
+    out[k] = isSecret ? "***" : String(v);
+  }
+  return out;
+}