freddie 0.0.41 → 0.0.42

package/src/tools/tirith_security.js

@@ -1,25 +0,0 @@
-import fs from 'node:fs'
-import path from 'node:path'
-import { getFophHome } from '../home.js'
-import { registry } from './registry.js'
-
-function policyPath() { return path.join(getFophHome(), 'policy.json') }
-function loadPolicy() { try { return JSON.parse(fs.readFileSync(policyPath(), 'utf8')) } catch { return { tools: {}, hosts: { allow: [], deny: [] } } } }
-
-registry.register({
-    name: 'tirith_security',
-    toolset: 'core',
-    schema: { name: 'tirith_security', description: 'Evaluate a candidate action against ~/.freddie/policy.json. Returns allow|deny|ask.', parameters: { type: 'object', properties: { kind: { type: 'string' }, target: { type: 'string' } }, required: ['kind', 'target'] } },
-    handler: async ({ kind, target }) => {
-        const p = loadPolicy()
-        if (kind === 'tool') {
-            const t = p.tools?.[target]
-            if (t === 'allow' || t === 'deny') return { decision: t }
-        }
-        if (kind === 'host') {
-            if (p.hosts?.deny?.some(d => target.includes(d))) return { decision: 'deny' }
-            if (p.hosts?.allow?.some(d => target.includes(d))) return { decision: 'allow' }
-        }
-        return { decision: 'ask' }
-    },
-})

package/src/tools/todo.js

@@ -1,54 +0,0 @@
-import { db } from '../db.js'
-import { registry } from './registry.js'
-
-async function init() {
-    const d = await db()
-    d.exec(`CREATE TABLE IF NOT EXISTS todos (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT, content TEXT NOT NULL, status TEXT NOT NULL DEFAULT 'pending', created INTEGER NOT NULL, updated INTEGER NOT NULL)`)
-    return d
-}
-
-const ACTIONS = {
-    add: async ({ session_id = null, content }) => {
-        if (!content) return { error: 'content required' }
-        const d = await init(); const now = Date.now()
-        const info = d.prepare(`INSERT INTO todos (session_id, content, status, created, updated) VALUES (?, ?, 'pending', ?, ?)`).run(session_id, content, now, now)
-        return { id: info.lastInsertRowid, content, status: 'pending' }
-    },
-    list: async ({ session_id = null }) => {
-        const d = await init()
-        const rows = session_id ? d.prepare(`SELECT * FROM todos WHERE session_id = ? ORDER BY id DESC`).all(session_id) : d.prepare(`SELECT * FROM todos ORDER BY id DESC`).all()
-        return { todos: rows }
-    },
-    update: async ({ id, status }) => {
-        if (!id) return { error: 'id required' }
-        (await init()).prepare(`UPDATE todos SET status = ?, updated = ? WHERE id = ?`).run(status, Date.now(), id)
-        return { id, status }
-    },
-    complete: async ({ id }) => ACTIONS.update({ id, status: 'completed' }),
-    delete: async ({ id }) => { (await init()).prepare(`DELETE FROM todos WHERE id = ?`).run(id); return { id, deleted: true } },
-}
-
-registry.register({
-    name: 'todo',
-    toolset: 'core',
-    schema: {
-        name: 'todo',
-        description: 'Manage per-session todos. Actions: add, list, update, complete, delete.',
-        parameters: {
-            type: 'object',
-            properties: {
-                action: { type: 'string', enum: Object.keys(ACTIONS) },
-                content: { type: 'string' },
-                id: { type: 'number' },
-                status: { type: 'string' },
-                session_id: { type: 'string' },
-            },
-            required: ['action'],
-        },
-    },
-    handler: async (args) => {
-        const fn = ACTIONS[args.action]
-        if (!fn) return { error: 'unknown action: ' + args.action }
-        return fn(args)
-    },
-})

package/src/tools/tool_backend_helpers.js

@@ -1,26 +0,0 @@
-import { registry } from './registry.js'
-
-export function shapeArgs(schema, args) {
-    if (!schema?.properties) return args
-    const out = {}
-    for (const [k, def] of Object.entries(schema.properties)) {
-        if (k in args) out[k] = args[k]
-        else if ('default' in def) out[k] = def.default
-    }
-    return out
-}
-export function describeTools(filter = null) {
-    let list = registry.list()
-    if (filter) list = list.filter(t => t.toolset === filter)
-    return list.map(t => ({ name: t.name, description: t.schema.description, toolset: t.toolset }))
-}
-registry.register({
-    name: 'tool_backend_helpers',
-    toolset: 'core',
-    schema: { name: 'tool_backend_helpers', description: 'Helper meta-tool: describeTools(filter), shapeArgs(schema, args).', parameters: { type: 'object', properties: { action: { type: 'string', enum: ['describe', 'shape'] }, filter: { type: 'string' }, schema: {}, args: {} }, required: ['action'] } },
-    handler: async ({ action, filter, schema, args }) => {
-        if (action === 'describe') return { tools: describeTools(filter) }
-        if (action === 'shape') return { args: shapeArgs(schema, args || {}) }
-        return { error: 'unknown action' }
-    },
-})

package/src/tools/tool_output_limits.js

@@ -1,15 +0,0 @@
-import { registry } from './registry.js'
-import { getConfigValue } from '../config.js'
-
-export function truncate(s, max = null) {
-    const limit = max ?? getConfigValue('tool.output_limit', 100_000)
-    const t = String(s)
-    if (t.length <= limit) return t
-    return t.slice(0, limit) + `\n…[truncated ${t.length - limit} chars]`
-}
-registry.register({
-    name: 'tool_output_limits',
-    toolset: 'core',
-    schema: { name: 'tool_output_limits', description: 'Apply the configured output truncation cap to a string.', parameters: { type: 'object', properties: { text: { type: 'string' }, max: { type: 'number' } }, required: ['text'] } },
-    handler: async ({ text, max }) => ({ text: truncate(text, max) }),
-})

package/src/tools/tool_result_storage.js

@@ -1,20 +0,0 @@
-import fs from 'node:fs'
-import path from 'node:path'
-import crypto from 'node:crypto'
-import { getFophHome } from '../home.js'
-import { registry } from './registry.js'
-
-function dir() { const d = path.join(getFophHome(), 'tool-results'); fs.mkdirSync(d, { recursive: true }); return d }
-
-registry.register({
-    name: 'tool_result_storage',
-    toolset: 'core',
-    schema: { name: 'tool_result_storage', description: 'Persist a large tool result to disk; return reference token. Actions: store, fetch, list, delete.', parameters: { type: 'object', properties: { action: { type: 'string', enum: ['store', 'fetch', 'list', 'delete'] }, content: { type: 'string' }, token: { type: 'string' } }, required: ['action'] } },
-    handler: async ({ action, content, token }) => {
-        if (action === 'store') { const t = crypto.randomBytes(8).toString('hex'); fs.writeFileSync(path.join(dir(), t + '.txt'), content || '', 'utf8'); return { token: t, bytes: (content || '').length } }
-        if (action === 'fetch') { const f = path.join(dir(), token + '.txt'); return fs.existsSync(f) ? { content: fs.readFileSync(f, 'utf8') } : { error: 'not found' } }
-        if (action === 'list') return { tokens: fs.readdirSync(dir()).filter(f => f.endsWith('.txt')).map(f => f.replace(/\.txt$/, '')) }
-        if (action === 'delete') { const f = path.join(dir(), token + '.txt'); if (fs.existsSync(f)) fs.unlinkSync(f); return { deleted: token } }
-        return { error: 'unknown action' }
-    },
-})

package/src/tools/transcription.js

@@ -1,19 +0,0 @@
-import fs from 'node:fs'
-import { registry } from './registry.js'
-registry.register({
-    name: 'transcription',
-    toolset: 'creative',
-    schema: { name: 'transcription', description: 'Transcribe audio with OpenAI Whisper.', parameters: { type: 'object', properties: { file_path: { type: 'string' }, model: { type: 'string', default: 'whisper-1' } }, required: ['file_path'] } },
-    requiresEnv: ['OPENAI_API_KEY'],
-    checkFn: () => Boolean(process.env.OPENAI_API_KEY),
-    handler: async ({ file_path, model = 'whisper-1' }) => {
-        if (!process.env.OPENAI_API_KEY) return { error: 'OPENAI_API_KEY required' }
-        if (!fs.existsSync(file_path)) return { error: 'file not found: ' + file_path }
-        const blob = new Blob([fs.readFileSync(file_path)])
-        const fd = new FormData()
-        fd.append('file', blob, file_path.split(/[\\/]/).pop())
-        fd.append('model', model)
-        const r = await fetch('https://api.openai.com/v1/audio/transcriptions', { method: 'POST', headers: { authorization: `Bearer ${process.env.OPENAI_API_KEY}` }, body: fd })
-        return await r.json()
-    },
-})

package/src/tools/tts.js

@@ -1,19 +0,0 @@
-import { registry } from './registry.js'
-registry.register({
-    name: 'tts',
-    toolset: 'creative',
-    schema: { name: 'tts', description: 'Synthesize speech (OpenAI tts-1 or ElevenLabs).', parameters: { type: 'object', properties: { text: { type: 'string' }, provider: { type: 'string', enum: ['openai', 'elevenlabs'], default: 'openai' }, voice: { type: 'string' } }, required: ['text'] } },
-    requiresEnv: ['OPENAI_API_KEY or ELEVENLABS_API_KEY'],
-    checkFn: () => Boolean(process.env.OPENAI_API_KEY || process.env.ELEVENLABS_API_KEY),
-    handler: async ({ text, provider = 'openai', voice = 'alloy' }) => {
-        if (provider === 'elevenlabs') {
-            if (!process.env.ELEVENLABS_API_KEY) return { error: 'ELEVENLABS_API_KEY required' }
-            const v = voice || '21m00Tcm4TlvDq8ikWAM'
-            const r = await fetch(`https://api.elevenlabs.io/v1/text-to-speech/${v}`, { method: 'POST', headers: { 'xi-api-key': process.env.ELEVENLABS_API_KEY, 'content-type': 'application/json' }, body: JSON.stringify({ text }) })
-            return { status: r.status, contentType: r.headers.get('content-type'), bytes: (await r.arrayBuffer()).byteLength }
-        }
-        if (!process.env.OPENAI_API_KEY) return { error: 'OPENAI_API_KEY required' }
-        const r = await fetch('https://api.openai.com/v1/audio/speech', { method: 'POST', headers: { authorization: `Bearer ${process.env.OPENAI_API_KEY}`, 'content-type': 'application/json' }, body: JSON.stringify({ model: 'tts-1', input: text, voice }) })
-        return { status: r.status, bytes: (await r.arrayBuffer()).byteLength }
-    },
-})

package/src/tools/url_safety.js

@@ -1,15 +0,0 @@
-import { registry } from './registry.js'
-const SUSPICIOUS = ['phish', 'malware', '.onion']
-const PRIVATE_RANGES = [/^10\./, /^192\.168\./, /^172\.(1[6-9]|2\d|3[01])\./, /^127\./, /^0\./, /^169\.254\./]
-registry.register({
-    name: 'url_safety',
-    toolset: 'core',
-    schema: { name: 'url_safety', description: 'Heuristic URL safety check (private IPs, known-bad TLDs, scheme).', parameters: { type: 'object', properties: { url: { type: 'string' } }, required: ['url'] } },
-    handler: async ({ url }) => {
-        let u; try { u = new URL(url) } catch { return { safe: false, reason: 'invalid URL' } }
-        if (!['http:', 'https:'].includes(u.protocol)) return { safe: false, reason: 'unsupported scheme: ' + u.protocol }
-        if (PRIVATE_RANGES.some(re => re.test(u.hostname))) return { safe: false, reason: 'private IP host' }
-        for (const s of SUSPICIOUS) if (u.hostname.includes(s)) return { safe: false, reason: 'suspicious token: ' + s }
-        return { safe: true, host: u.hostname }
-    },
-})

package/src/tools/vision.js

@@ -1,18 +0,0 @@
-import { registry } from './registry.js'
-registry.register({
-    name: 'vision',
-    toolset: 'creative',
-    schema: { name: 'vision', description: 'Describe an image (URL or base64) using a vision-capable LLM.', parameters: { type: 'object', properties: { image_url: { type: 'string' }, prompt: { type: 'string', default: 'Describe this image.' }, provider: { type: 'string', enum: ['openai', 'anthropic'], default: 'openai' } }, required: ['image_url'] } },
-    requiresEnv: ['OPENAI_API_KEY or ANTHROPIC_API_KEY'],
-    checkFn: () => Boolean(process.env.OPENAI_API_KEY || process.env.ANTHROPIC_API_KEY),
-    handler: async ({ image_url, prompt = 'Describe this image.', provider = 'openai' }) => {
-        if (provider === 'anthropic') {
-            if (!process.env.ANTHROPIC_API_KEY) return { error: 'ANTHROPIC_API_KEY required' }
-            const r = await fetch('https://api.anthropic.com/v1/messages', { method: 'POST', headers: { 'x-api-key': process.env.ANTHROPIC_API_KEY, 'anthropic-version': '2023-06-01', 'content-type': 'application/json' }, body: JSON.stringify({ model: 'claude-sonnet-4-6', max_tokens: 1024, messages: [{ role: 'user', content: [{ type: 'image', source: { type: 'url', url: image_url } }, { type: 'text', text: prompt }] }] }) })
-            return await r.json()
-        }
-        if (!process.env.OPENAI_API_KEY) return { error: 'OPENAI_API_KEY required' }
-        const r = await fetch('https://api.openai.com/v1/chat/completions', { method: 'POST', headers: { authorization: `Bearer ${process.env.OPENAI_API_KEY}`, 'content-type': 'application/json' }, body: JSON.stringify({ model: 'gpt-4o-mini', messages: [{ role: 'user', content: [{ type: 'text', text: prompt }, { type: 'image_url', image_url: { url: image_url } }] }] }) })
-        return await r.json()
-    },
-})

package/src/tools/voice_mode.js

@@ -1,10 +0,0 @@
-import { registry } from './registry.js'
-registry.register({
-    name: 'voice_mode',
-    toolset: 'creative',
-    schema: { name: 'voice_mode', description: 'Toggle full-duplex voice (transcription in + tts out) for the active session. Returns the new state.', parameters: { type: 'object', properties: { enabled: { type: 'boolean' } } } },
-    handler: async ({ enabled }, ctx = {}) => {
-        if (typeof ctx.setVoiceMode === 'function') return await ctx.setVoiceMode(Boolean(enabled))
-        return { enabled: Boolean(enabled), note: 'voice mode toggled in-process; bind ctx.setVoiceMode to wire to a real audio loop' }
-    },
-})

package/src/tools/web_search.js

@@ -1,37 +0,0 @@
-import { registry } from './registry.js'
-
-registry.register({
-    name: 'web_search',
-    toolset: 'browse',
-    schema: {
-        name: 'web_search',
-        description: 'Search the web (DuckDuckGo HTML or SerpAPI). Returns title/url/snippet list.',
-        parameters: {
-            type: 'object',
-            properties: {
-                query: { type: 'string' },
-                limit: { type: 'number', default: 5 },
-            },
-            required: ['query'],
-        },
-    },
-    checkFn: () => true,
-    requiresEnv: ['SERPAPI_KEY (optional, falls back to DDG)'],
-    handler: async ({ query, limit = 5 }) => {
-        if (process.env.SERPAPI_KEY) {
-            const url = `https://serpapi.com/search.json?q=${encodeURIComponent(query)}&api_key=${process.env.SERPAPI_KEY}`
-            const data = await fetch(url).then(r => r.json())
-            const results = (data.organic_results || []).slice(0, limit).map(r => ({ title: r.title, url: r.link, snippet: r.snippet }))
-            return { results }
-        }
-        const fetchFn = globalThis.__fophFetch || fetch
-        const html = await fetchFn(`https://html.duckduckgo.com/html/?q=${encodeURIComponent(query)}`).then(r => r.text())
-        const results = []
-        const re = /<a class="result__a"[^>]*href="([^"]+)"[^>]*>([^<]+)<\/a>[\s\S]*?<a class="result__snippet"[^>]*>([^<]+)<\/a>/g
-        let m
-        while ((m = re.exec(html)) && results.length < limit) {
-            results.push({ url: m[1], title: m[2].replace(/&amp;/g, '&'), snippet: m[3].replace(/<\/?b>/g, '') })
-        }
-        return { results }
-    },
-})

package/src/tools/web_tools.js

@@ -1,18 +0,0 @@
-import { registry } from './registry.js'
-registry.register({
-    name: 'web_fetch',
-    toolset: 'browse',
-    schema: { name: 'web_fetch', description: 'Fetch a URL and return text/json/headers.', parameters: { type: 'object', properties: { url: { type: 'string' }, method: { type: 'string', default: 'GET' }, headers: {}, body: { type: 'string' }, parse: { type: 'string', enum: ['text', 'json'] } }, required: ['url'] } },
-    handler: async ({ url, method = 'GET', headers = {}, body, parse = 'text' }) => {
-        const r = await fetch(url, { method, headers, body })
-        const ct = r.headers.get('content-type')
-        const out = parse === 'json' ? await r.json().catch(() => null) : await r.text()
-        return { status: r.status, contentType: ct, body: out }
-    },
-})
-registry.register({
-    name: 'web_extract',
-    toolset: 'browse',
-    schema: { name: 'web_extract', description: 'Strip tags from HTML to plain text.', parameters: { type: 'object', properties: { html: { type: 'string' } }, required: ['html'] } },
-    handler: async ({ html }) => ({ text: String(html).replace(/<script[\s\S]*?<\/script>/gi, '').replace(/<style[\s\S]*?<\/style>/gi, '').replace(/<[^>]+>/g, ' ').replace(/\s+/g, ' ').trim() }),
-})

package/src/tools/website_policy.js

@@ -1,14 +0,0 @@
-import { registry } from './registry.js'
-import { getConfigValue } from '../config.js'
-registry.register({
-    name: 'website_policy',
-    toolset: 'core',
-    schema: { name: 'website_policy', description: 'Per-host fetch policy (rate limit, allow/deny). Reads config.website_policy.', parameters: { type: 'object', properties: { url: { type: 'string' } }, required: ['url'] } },
-    handler: async ({ url }) => {
-        const policy = getConfigValue('website_policy', { allow: [], deny: [], ratelimit_ms: 1000 }) || {}
-        const u = new URL(url)
-        if (policy.deny?.some(d => u.hostname.includes(d))) return { decision: 'deny' }
-        if (policy.allow?.length && !policy.allow.some(a => u.hostname.includes(a))) return { decision: 'deny', reason: 'not in allow list' }
-        return { decision: 'allow', ratelimit_ms: policy.ratelimit_ms || 1000 }
-    },
-})

package/src/tools/write.js

@@ -1,25 +0,0 @@
-import fs from 'node:fs'
-import path from 'node:path'
-import { registry } from './registry.js'
-
-registry.register({
-    name: 'write',
-    toolset: 'core',
-    schema: {
-        name: 'write',
-        description: 'Write content to a file (overwrites).',
-        parameters: {
-            type: 'object',
-            properties: {
-                path: { type: 'string' },
-                content: { type: 'string' },
-            },
-            required: ['path', 'content'],
-        },
-    },
-    handler: async ({ path: p, content }) => {
-        fs.mkdirSync(path.dirname(p), { recursive: true })
-        fs.writeFileSync(p, content, 'utf8')
-        return { path: p, bytes: Buffer.byteLength(content, 'utf8') }
-    },
-})

package/src/tools/xai_http.js

@@ -1,13 +0,0 @@
-import { registry } from './registry.js'
-registry.register({
-    name: 'xai_grok',
-    toolset: 'core',
-    schema: { name: 'xai_grok', description: 'Chat completion via xAI Grok.', parameters: { type: 'object', properties: { prompt: { type: 'string' }, model: { type: 'string', default: 'grok-3' } }, required: ['prompt'] } },
-    requiresEnv: ['XAI_API_KEY'],
-    checkFn: () => Boolean(process.env.XAI_API_KEY),
-    handler: async ({ prompt, model = 'grok-3' }) => {
-        if (!process.env.XAI_API_KEY) return { error: 'XAI_API_KEY required' }
-        const r = await fetch('https://api.x.ai/v1/chat/completions', { method: 'POST', headers: { authorization: `Bearer ${process.env.XAI_API_KEY}`, 'content-type': 'application/json' }, body: JSON.stringify({ model, messages: [{ role: 'user', content: prompt }] }) })
-        return await r.json()
-    },
-})

package/src/tools/yuanbao_tools.js

@@ -1,13 +0,0 @@
-import { registry } from './registry.js'
-registry.register({
-    name: 'yuanbao_tools',
-    toolset: 'core',
-    schema: { name: 'yuanbao_tools', description: 'Tencent Yuanbao chat completion (Hunyuan).', parameters: { type: 'object', properties: { prompt: { type: 'string' }, model: { type: 'string', default: 'hunyuan-pro' } }, required: ['prompt'] } },
-    requiresEnv: ['YUANBAO_API_KEY'],
-    checkFn: () => Boolean(process.env.YUANBAO_API_KEY),
-    handler: async ({ prompt, model = 'hunyuan-pro' }) => {
-        if (!process.env.YUANBAO_API_KEY) return { error: 'YUANBAO_API_KEY required' }
-        const r = await fetch('https://api.hunyuan.cloud.tencent.com/v1/chat/completions', { method: 'POST', headers: { authorization: `Bearer ${process.env.YUANBAO_API_KEY}`, 'content-type': 'application/json' }, body: JSON.stringify({ model, messages: [{ role: 'user', content: prompt }] }) })
-        return await r.json()
-    },
-})