facult 2.5.2 → 2.7.0

package/src/trust.ts

@@ -4,6 +4,13 @@ import type { FacultIndex } from "./index-builder";
 import { facultAiIndexPath, facultRootDir } from "./paths";
 
 type TrustMode = "trust" | "untrust";
+type TrustTargetKind = "skills" | "mcp";
+
+interface TrustArgs {
+  all: boolean;
+  kind?: TrustTargetKind;
+  names: string[];
+}
 
 function isPlainObject(v: unknown): v is Record<string, unknown> {
   return !!v && typeof v === "object" && !Array.isArray(v);
@@ -28,6 +35,34 @@ function parseEntryName(raw: string): { kind: "skill" | "mcp"; name: string } {
   return { kind: "skill", name: raw };
 }
 
+function collectTargetNames(args: {
+  index: FacultIndex;
+  all: boolean;
+  kind?: TrustTargetKind;
+  names: string[];
+}): string[] {
+  if (!args.all) {
+    return args.names;
+  }
+
+  if (args.kind === "skills") {
+    return Object.keys(args.index.skills).sort();
+  }
+
+  if (args.kind === "mcp") {
+    return Object.keys(args.index.mcp?.servers ?? {})
+      .sort()
+      .map((name) => `mcp:${name}`);
+  }
+
+  return [
+    ...Object.keys(args.index.skills).sort(),
+    ...Object.keys(args.index.mcp?.servers ?? {})
+      .sort()
+      .map((name) => `mcp:${name}`),
+  ];
+}
+
 async function loadIndex(homeDir: string): Promise<FacultIndex> {
   const { path: indexPath } = await ensureAiIndexPath({
     homeDir,
@@ -71,23 +106,33 @@ function setTrustFields(
 
 export async function applyTrust({
   names,
+  all,
+  kind,
   mode,
   homeDir,
 }: {
   names: string[];
+  all?: boolean;
+  kind?: TrustTargetKind;
   mode: TrustMode;
   homeDir?: string;
 }) {
-  if (!names.length) {
-    throw new Error("At least one name is required.");
-  }
   const home = homeDir ?? homedir();
 
   const index = ensureIndexStructure(await loadIndex(home));
+  const targetNames = collectTargetNames({
+    index,
+    all: all === true,
+    kind,
+    names,
+  });
+  if (!targetNames.length) {
+    throw new Error("No matching entries found.");
+  }
   const now = new Date().toISOString();
 
   const missing: string[] = [];
-  for (const raw of names) {
+  for (const raw of targetNames) {
     const { kind, name } = parseEntryName(raw);
     if (kind === "skill") {
       const entry = index.skills[name] as unknown;
@@ -115,17 +160,44 @@ export async function applyTrust({
 }
 
 function parseNamesFromArgv(argv: string[]): string[] {
+  return parseTrustArgs(argv).names;
+}
+
+function parseTrustArgs(argv: string[]): TrustArgs {
   const names: string[] = [];
+  let all = false;
+
   for (const arg of argv) {
     if (!arg) {
       continue;
     }
+    if (arg === "--all") {
+      all = true;
+      continue;
+    }
     if (arg.startsWith("-")) {
       throw new Error(`Unknown option: ${arg}`);
     }
     names.push(arg);
   }
-  return names;
+
+  if (all) {
+    if (names.length === 0) {
+      return { all: true, names: [] };
+    }
+    if (names.length === 1 && (names[0] === "skills" || names[0] === "mcp")) {
+      return { all: true, kind: names[0], names: [] };
+    }
+    throw new Error(
+      'When using --all, optionally pass only "skills" or "mcp".'
+    );
+  }
+
+  if (!names.length) {
+    throw new Error("At least one name is required.");
+  }
+
+  return { all: false, names };
 }
 
 export async function trustCommand(argv: string[]) {
@@ -135,13 +207,31 @@ export async function trustCommand(argv: string[]) {
 Usage:
   fclt trust <name> [moreNames...]
   fclt trust mcp:<name> [moreNames...]
+  fclt trust --all
+  fclt trust skills --all
+  fclt trust mcp --all
 `);
     return;
   }
   try {
-    const names = parseNamesFromArgv(argv);
-    await applyTrust({ names, mode: "trust" });
-    console.log(`Marked as trusted: ${names.join(", ")}`);
+    const parsed = parseTrustArgs(argv);
+    await applyTrust({
+      names: parsed.names,
+      all: parsed.all,
+      kind: parsed.kind,
+      mode: "trust",
+    });
+    if (parsed.all) {
+      const targetLabel =
+        parsed.kind === "skills"
+          ? "all skills"
+          : parsed.kind === "mcp"
+            ? "all MCP servers"
+            : "all skills and MCP servers";
+      console.log(`Marked as trusted: ${targetLabel}`);
+    } else {
+      console.log(`Marked as trusted: ${parsed.names.join(", ")}`);
+    }
     console.log(
       'Note: Trust is an annotation. Run "fclt audit" for security review.'
     );
@@ -158,13 +248,31 @@ export async function untrustCommand(argv: string[]) {
 Usage:
   fclt untrust <name> [moreNames...]
   fclt untrust mcp:<name> [moreNames...]
+  fclt untrust --all
+  fclt untrust skills --all
+  fclt untrust mcp --all
 `);
     return;
   }
   try {
-    const names = parseNamesFromArgv(argv);
-    await applyTrust({ names, mode: "untrust" });
-    console.log(`Marked as untrusted: ${names.join(", ")}`);
+    const parsed = parseTrustArgs(argv);
+    await applyTrust({
+      names: parsed.names,
+      all: parsed.all,
+      kind: parsed.kind,
+      mode: "untrust",
+    });
+    if (parsed.all) {
+      const targetLabel =
+        parsed.kind === "skills"
+          ? "all skills"
+          : parsed.kind === "mcp"
+            ? "all MCP servers"
+            : "all skills and MCP servers";
+      console.log(`Marked as untrusted: ${targetLabel}`);
+    } else {
+      console.log(`Marked as untrusted: ${parsed.names.join(", ")}`);
+    }
   } catch (err) {
     console.error(err instanceof Error ? err.message : String(err));
     process.exitCode = 1;

package/src/util/git.ts

@@ -0,0 +1,95 @@
+import { realpath } from "node:fs/promises";
+import { dirname, relative } from "node:path";
+
+export type GitPathExposure =
+  | {
+      insideRepo: false;
+      repoRoot: null;
+      state: "outside-repo";
+    }
+  | {
+      insideRepo: true;
+      repoRoot: string;
+      state: "tracked" | "ignored" | "untracked";
+    };
+
+async function runGit(
+  args: string[],
+  cwd: string
+): Promise<{ exitCode: number; stdout: string; stderr: string }> {
+  const gitBinary = Bun.which("git") ?? "/usr/bin/git";
+  const proc = Bun.spawn({
+    cmd: [gitBinary, ...args],
+    cwd,
+    stdout: "pipe",
+    stderr: "pipe",
+  });
+  const [stdout, stderr, exitCode] = await Promise.all([
+    new Response(proc.stdout).text(),
+    new Response(proc.stderr).text(),
+    proc.exited,
+  ]);
+  return { exitCode, stdout, stderr };
+}
+
+async function resolveGitRepoRoot(pathValue: string): Promise<string | null> {
+  const cwd = dirname(pathValue);
+  const result = await runGit(["rev-parse", "--show-toplevel"], cwd);
+  if (result.exitCode !== 0) {
+    return null;
+  }
+  const repoRoot = result.stdout.trim();
+  if (!repoRoot) {
+    return null;
+  }
+  return await realpath(repoRoot).catch(() => repoRoot);
+}
+
+export async function getGitPathExposure(
+  pathValue: string
+): Promise<GitPathExposure> {
+  const repoRoot = await resolveGitRepoRoot(pathValue);
+  if (!repoRoot) {
+    return {
+      insideRepo: false,
+      repoRoot: null,
+      state: "outside-repo",
+    };
+  }
+
+  const resolvedPath = await realpath(pathValue).catch(() => pathValue);
+  const repoRelativePath = relative(repoRoot, resolvedPath);
+  if (
+    !repoRelativePath ||
+    repoRelativePath === "" ||
+    repoRelativePath.startsWith("../")
+  ) {
+    return {
+      insideRepo: false,
+      repoRoot: null,
+      state: "outside-repo",
+    };
+  }
+
+  const tracked = await runGit(
+    ["ls-files", "--error-unmatch", "--", repoRelativePath],
+    repoRoot
+  );
+  if (tracked.exitCode === 0) {
+    return {
+      insideRepo: true,
+      repoRoot,
+      state: "tracked",
+    };
+  }
+
+  const ignored = await runGit(
+    ["check-ignore", "-q", "--", repoRelativePath],
+    repoRoot
+  );
+  return {
+    insideRepo: true,
+    repoRoot,
+    state: ignored.exitCode === 0 ? "ignored" : "untracked",
+  };
+}