erosolar-cli 1.5.2 → 1.5.4

package/dist/bin/core/errors/safetyValidator.js

@@ -0,0 +1,304 @@
+/**
+ * Safety Validator - Enhanced validation with auto-fixing
+ *
+ * Validates operations for safety, provides suggestions, and attempts auto-fixing
+ */
+import { DangerousOperationError, BlockedOperationError, ResourceLimitError, ValidationError, } from './errorTypes.js';
+const DANGEROUS_PATTERNS = [
+    // Critical - system destruction
+    {
+        pattern: /rm\s+-rf\s+\/($|\s)/,
+        reason: 'Attempts to delete entire root filesystem',
+        severity: 'critical',
+        safeAlternative: 'rm -rf ./specific-directory',
+    },
+    {
+        pattern: /:\(\)\s*\{[^}]*\}\s*;\s*:/,
+        reason: 'Fork bomb that crashes system',
+        severity: 'critical',
+    },
+    {
+        pattern: /mkfs\./,
+        reason: 'Formats filesystem, destroying all data',
+        severity: 'critical',
+    },
+    {
+        pattern: /dd\s+.*of=\/dev\/(sd|hd|nvme)/,
+        reason: 'Writes directly to disk, can destroy data',
+        severity: 'critical',
+    },
+    // High - data loss
+    {
+        pattern: /rm\s+-rf\s+(\/(?!\s)|~\/)/,
+        reason: 'Removes files recursively without confirmation',
+        severity: 'high',
+        safeAlternative: 'rm -ri ./directory (interactive)',
+    },
+    {
+        pattern: />\s*\/dev\/(sd|hd|nvme)/,
+        reason: 'Redirects output to disk device',
+        severity: 'high',
+    },
+    {
+        pattern: /shred\s+-[a-z]*n/,
+        reason: 'Securely deletes files, unrecoverable',
+        severity: 'high',
+    },
+    // Medium - risky operations
+    {
+        pattern: /chmod\s+-R\s+777/,
+        reason: 'Makes all files world-writable (security risk)',
+        severity: 'medium',
+        safeAlternative: 'chmod -R 755 ./directory',
+    },
+    {
+        pattern: /curl.*\|\s*sh/,
+        reason: 'Pipes remote script to shell (security risk)',
+        severity: 'medium',
+        safeAlternative: 'Download and inspect script first',
+    },
+    {
+        pattern: /wget.*\|\s*sh/,
+        reason: 'Pipes remote script to shell (security risk)',
+        severity: 'medium',
+        safeAlternative: 'Download and inspect script first',
+    },
+    {
+        pattern: /eval\s+\$\(/,
+        reason: 'Executes arbitrary code (injection risk)',
+        severity: 'medium',
+    },
+];
+const BLOCKED_OPERATIONS = [
+    {
+        pattern: /npm\s+publish/,
+        policy: 'Publishing requires explicit user approval',
+        allowedAlternatives: ['npm publish --dry-run'],
+    },
+    {
+        pattern: /git\s+push\s+--force/,
+        policy: 'Force push can overwrite remote history',
+        allowedAlternatives: ['git push --force-with-lease'],
+    },
+    {
+        pattern: /docker\s+system\s+prune\s+-a/,
+        policy: 'Removes all unused Docker resources',
+        allowedAlternatives: ['docker system prune'],
+    },
+];
+/**
+ * Validate bash command for safety
+ */
+export function validateBashCommand(command) {
+    const warnings = [];
+    // Check for dangerous patterns (CRITICAL - must block)
+    for (const { pattern, reason, severity, safeAlternative } of DANGEROUS_PATTERNS) {
+        if (pattern.test(command)) {
+            if (severity === 'critical' || severity === 'high') {
+                const error = new DangerousOperationError(command, reason, safeAlternative);
+                return {
+                    valid: false,
+                    error,
+                    warnings,
+                    autoFix: safeAlternative ? {
+                        available: true,
+                        apply: () => safeAlternative,
+                        description: `Replace with: ${safeAlternative}`,
+                    } : undefined,
+                };
+            }
+            else {
+                // Medium severity - warn but allow
+                warnings.push(`Warning: ${reason}. Consider: ${safeAlternative || 'reviewing command'}`);
+            }
+        }
+    }
+    // Check for blocked operations (ERROR - policy violation)
+    for (const { pattern, policy, allowedAlternatives } of BLOCKED_OPERATIONS) {
+        if (pattern.test(command)) {
+            const error = new BlockedOperationError(command, policy, allowedAlternatives);
+            return {
+                valid: false,
+                error,
+                warnings,
+                autoFix: allowedAlternatives && allowedAlternatives.length > 0 ? {
+                    available: true,
+                    apply: () => allowedAlternatives[0],
+                    description: `Replace with: ${allowedAlternatives[0]}`,
+                } : undefined,
+            };
+        }
+    }
+    return { valid: true, warnings };
+}
+/**
+ * Validate tool arguments with auto-fixing
+ */
+export function validateToolArgs(_toolName, args, constraints) {
+    const warnings = [];
+    for (const [field, value] of Object.entries(args)) {
+        const constraint = constraints[field];
+        if (!constraint)
+            continue;
+        // Type validation
+        if (typeof value !== constraint.type) {
+            const error = new ValidationError(field, value, `Must be ${constraint.type}`, `${field}: <${constraint.type} value>`);
+            return {
+                valid: false,
+                error,
+                warnings,
+                autoFix: {
+                    available: true,
+                    apply: () => convertType(value, constraint.type),
+                    description: `Convert ${field} to ${constraint.type}`,
+                },
+            };
+        }
+        // Range validation (for numbers)
+        if (constraint.type === 'number' && typeof value === 'number') {
+            if (constraint.max !== undefined && value > constraint.max) {
+                const error = new ResourceLimitError(field, value, constraint.max);
+                const safeValue = Math.floor(constraint.max * 0.8);
+                return {
+                    valid: false,
+                    error,
+                    warnings,
+                    autoFix: {
+                        available: true,
+                        apply: () => safeValue,
+                        description: `Reduce ${field} to ${safeValue}`,
+                    },
+                };
+            }
+            if (constraint.min !== undefined && value < constraint.min) {
+                const error = new ValidationError(field, value, `Must be at least ${constraint.min}`, `${constraint.min}`);
+                return {
+                    valid: false,
+                    error,
+                    warnings,
+                    autoFix: {
+                        available: true,
+                        apply: () => constraint.min,
+                        description: `Set ${field} to minimum value ${constraint.min}`,
+                    },
+                };
+            }
+            // Warning thresholds (80% of max)
+            if (constraint.max !== undefined && value > constraint.max * 0.8) {
+                warnings.push(`${field} is ${value}, approaching maximum of ${constraint.max}`);
+            }
+        }
+    }
+    return { valid: true, warnings };
+}
+/**
+ * Helper: Convert value to target type
+ */
+function convertType(value, targetType) {
+    switch (targetType) {
+        case 'number':
+            return Number(value);
+        case 'string':
+            return String(value);
+        case 'boolean':
+            return Boolean(value);
+        default:
+            return value;
+    }
+}
+/**
+ * Smart fixer - attempts to automatically fix common issues
+ */
+export class SmartFixer {
+    /**
+     * Fix dangerous bash commands by replacing with safe alternatives
+     */
+    static fixDangerousCommand(command) {
+        let fixed = command;
+        const changes = [];
+        // Fix rm -rf / → rm -rf ./
+        if (/rm\s+-rf\s+\/($|\s)/.test(fixed)) {
+            fixed = fixed.replace(/rm\s+-rf\s+\/($|\s)/, 'rm -rf ./');
+            changes.push('Changed "rm -rf /" to "rm -rf ./"');
+        }
+        // Fix chmod 777 → chmod 755
+        if (/chmod\s+-R\s+777/.test(fixed)) {
+            fixed = fixed.replace(/chmod\s+-R\s+777/g, 'chmod -R 755');
+            changes.push('Changed "chmod -R 777" to "chmod -R 755"');
+        }
+        // Fix git push --force → git push --force-with-lease
+        if (/git\s+push\s+--force($|\s)/.test(fixed)) {
+            fixed = fixed.replace(/git\s+push\s+--force($|\s)/g, 'git push --force-with-lease ');
+            changes.push('Changed "git push --force" to "git push --force-with-lease"');
+        }
+        return { fixed, changes };
+    }
+    /**
+     * Fix resource limits by reducing to safe values
+     */
+    static fixResourceLimits(args, limits) {
+        const fixed = { ...args };
+        const changes = [];
+        for (const [field, limit] of Object.entries(limits)) {
+            if (field in fixed && typeof fixed[field] === 'number') {
+                const value = fixed[field];
+                if (value > limit) {
+                    const safeValue = Math.floor(limit * 0.8); // 80% of limit
+                    fixed[field] = safeValue;
+                    changes.push(`Reduced ${field} from ${value} to ${safeValue}`);
+                }
+            }
+        }
+        return { fixed, changes };
+    }
+    /**
+     * Fix validation errors by coercing types
+     */
+    static fixValidationErrors(args, schema) {
+        const fixed = { ...args };
+        const changes = [];
+        for (const [field, constraint] of Object.entries(schema)) {
+            if (field in fixed && typeof fixed[field] !== constraint.type) {
+                const original = fixed[field];
+                fixed[field] = convertType(original, constraint.type);
+                changes.push(`Converted ${field} from ${typeof original} to ${constraint.type}`);
+            }
+        }
+        return { fixed, changes };
+    }
+}
+/**
+ * Validator with auto-fix integration
+ */
+export class AutoFixValidator {
+    constructor(autoFixEnabled = false) {
+        this.autoFixEnabled = autoFixEnabled;
+    }
+    /**
+     * Validate with optional auto-fixing
+     */
+    async validate(value, validator) {
+        let result = validator(value);
+        // If invalid and auto-fix is available, try to fix
+        if (!result.valid && this.autoFixEnabled && result.autoFix?.available) {
+            console.warn(`[AutoFix] Attempting to fix: ${result.error?.message}`);
+            try {
+                const fixedValue = result.autoFix.apply();
+                console.warn(`[AutoFix] Applied: ${result.autoFix.description}`);
+                // Re-validate fixed value
+                result = validator(fixedValue);
+                if (result.valid) {
+                    console.log('[AutoFix] Validation passed after fix');
+                    return { value: fixedValue, result };
+                }
+            }
+            catch (error) {
+                console.error('[AutoFix] Failed to apply fix:', error);
+            }
+        }
+        return { value, result };
+    }
+    setAutoFix(enabled) {
+        this.autoFixEnabled = enabled;
+    }
+}

package/dist/bin/core/errors.js

@@ -0,0 +1,32 @@
+export function buildError(action, error, context) {
+    const message = error instanceof Error ? error.message : String(error);
+    const contextDetails = formatContext(context);
+    return contextDetails ? `Error ${action}: ${message} (${contextDetails})` : `Error ${action}: ${message}`;
+}
+function formatContext(context) {
+    if (!context) {
+        return '';
+    }
+    const entries = Object.entries(context).filter(([, value]) => value !== undefined && value !== null);
+    if (entries.length === 0) {
+        return '';
+    }
+    return entries
+        .map(([key, value]) => `${formatContextKey(key)} ${formatContextValue(value)}`)
+        .join(', ');
+}
+function formatContextKey(key) {
+    if (!key) {
+        return key;
+    }
+    return key.slice(0, 1).toUpperCase() + key.slice(1);
+}
+function formatContextValue(value) {
+    if (typeof value === 'string') {
+        return value || '(empty)';
+    }
+    if (typeof value === 'number' || typeof value === 'boolean') {
+        return String(value);
+    }
+    return '(unknown)';
+}