matex-cli 1.2.81 → 1.2.84

package/src/utils/augov-logger.ts

@@ -1,34 +0,0 @@
-import fs from 'fs';
-import path from 'path';
-
-/**
- * IRAP-Compliant Audit Logger
- * The Australian Government requires strict logging of AI tool usage.
- * This logger records prompts and actions locally so security teams can audit them.
- */
-export class GovAuditLogger {
-    private logFile: string;
-
-    constructor(baseDir: string = process.cwd()) {
-        const logDir = path.join(baseDir, '.matex_audit');
-        if (!fs.existsSync(logDir)) {
-            fs.mkdirSync(logDir, { recursive: true });
-        }
-
-        // Create an auditable log per day
-        const today = new Date().toISOString().split('T')[0];
-        this.logFile = path.join(logDir, `augov_audit_${today}.log`);
-
-        if (!fs.existsSync(this.logFile)) {
-            fs.writeFileSync(this.logFile, 'TIMESTAMP | ROLE | ACTION | CONTENT\n');
-        }
-    }
-
-    public logInteraction(role: 'USER' | 'AI_SWARM' | 'SYSTEM', action: string, content: string) {
-        const timestamp = new Date().toISOString();
-        const cleanContent = content.replace(/\n/g, ' ').substring(0, 500); // truncate for CSV safety, full logs can be large
-        const logEntry = `${timestamp} | ${role} | ${action} | ${cleanContent}\n`;
-
-        fs.appendFileSync(this.logFile, logEntry);
-    }
-}

package/src/utils/augov-scrubber.ts

@@ -1,67 +0,0 @@
-import chalk from 'chalk';
-
-/**
- * Citizen Privacy Shield
- * A local redaction engine that scrubs Australian PII (Personally Identifiable Information)
- * BEFORE it ever leaves the user's computer to hit an AI API.
- */
-export class GovPrivacyScrubber {
-
-    // Regex patterns for Australian specific sensitive data
-    private static patterns = [
-        // Australian Tax File Number (TFN) - 9 digits
-        { regex: /\b\d{3}[- ]?\d{3}[- ]?\d{3}\b/g, replacement: '[REDACTED_TFN]' },
-        // Medicare Number - 10 digits
-        { regex: /\b[2-6]\d{9}\b/g, replacement: '[REDACTED_MEDICARE]' },
-        // Australian Phone Numbers (Mobile & Landline)
-        { regex: /(?:\+?61|0)[2-478](?:[ -]?[0-9]){8}\b/g, replacement: '[REDACTED_PHONE]' },
-        // Email Addresses
-        { regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, replacement: '[REDACTED_EMAIL]' },
-        // Credit Card Numbers
-        { regex: /\b(?:\d[ -]*?){13,16}\b/g, replacement: '[REDACTED_CREDIT_CARD]' },
-
-        // --- FOI (Freedom of Information) Specific Redactions ---
-
-        // Cabinet in Confidence Markers
-        { regex: /Cabinet in Confidence/ig, replacement: '[REDACTED_CABINET_MATERIAL]' },
-        { regex: /National Cabinet/ig, replacement: '[REDACTED_NATIONAL_CABINET_MATERIAL]' },
-        // Highly Classified Clearance Words
-        { regex: /TOP SECRET/ig, replacement: '[REDACTED_CLASSIFICATION]' },
-        // Military Base Locations (Example subset for ADF)
-        { regex: /HMAS Stirling|RAAF Base Tindal|Pine Gap|Russell Offices/ig, replacement: '[REDACTED_DEFENCE_ASSET]' },
-        // Diplomatic Identifiers
-        { regex: /Ambassador [A-Z][a-z]+/ig, replacement: '[REDACTED_DIPLOMAT]' },
-        { regex: /Five Eyes|AUKUS/ig, replacement: '[REDACTED_INTELLIGENCE_ALLIANCE]' }
-    ];
-
-    /**
-     * Scrubs sensitive data from a string.
-     * @param input Raw string from user or file
-     * @returns Scrubbed string safe for AI processing
-     */
-    public static scrub(input: string): string {
-        let scrubbed = input;
-        for (const rule of this.patterns) {
-            scrubbed = scrubbed.replace(rule.regex, rule.replacement);
-        }
-        return scrubbed;
-    }
-
-    /**
-     * Specialized FOI Document Scrubber
-     * Used exclusively for the `matex augov redact` command
-     */
-    public static async redactDocumentContent(content: string): Promise<{ scrubbed: string, redactionCount: number }> {
-        let scrubbed = content;
-        let redactionCount = 0;
-
-        for (const rule of this.patterns) {
-            const matches = content.match(rule.regex);
-            if (matches) {
-                redactionCount += matches.length;
-                scrubbed = scrubbed.replace(rule.regex, chalk.bgBlack.white(rule.replacement));
-            }
-        }
-        return { scrubbed, redactionCount };
-    }
-}

package/src/utils/command-executor.ts

@@ -1,529 +0,0 @@
-import * as fs from 'fs';
-import * as path from 'path';
-import chalk from 'chalk';
-import { exec, spawn } from 'child_process';
-import { promisify } from 'util';
-import inquirer from 'inquirer';
-import { TUI } from './tui';
-import { AgentOrchestrator } from './agent-orchestrator';
-import { Patcher } from './patcher';
-
-const execAsync = promisify(exec);
-
-export interface CommandBlock {
-    language: string;
-    code: string;
-    dangerous: boolean;
-    description?: string;
-}
-
-/**
- * Extract executable commands from AI response
- */
-export function extractCommands(response: string): CommandBlock[] {
-    const commands: CommandBlock[] = [];
-
-    // Match code blocks with language tags (case-insensitive)
-    const codeBlockRegex = /```(\w+)?\n([\s\S]*?)```/gi;
-    let match;
-
-    while ((match = codeBlockRegex.exec(response)) !== null) {
-        const language = match[1] || 'bash';
-        const code = match[2].trim();
-
-        // 🛡️ HEURISTIC: Reject directory trees formatted as "commands"
-        const isTree = /├──|└──|│\s+├──/.test(code);
-        if (isTree) continue;
-
-        // Only extract shell commands
-        if (['bash', 'sh', 'zsh', 'shell', 'powershell', 'cmd'].includes(language.toLowerCase())) {
-            // 🛡️ DIALOGUE FILTER: Strip lines that look like agent banter [Ajay Vai]: etc.
-            const lines = code.split('\n');
-            const filteredLines = lines.filter(line => {
-                const trimmed = line.trim();
-                // If it starts with [Agent Name] or typical agent markers, it's NOT a command
-                const isAgent = /^(?:\[\**\s*|\b)(Ajay|Sunil|Sandip|Bishal|Narayan|Big Bro)\s*(?:Vai|Dai)?\s*\**\]?[:\s]*/i.test(trimmed);
-                return !isAgent;
-            });
-
-            const filteredCode = filteredLines.join('\n').trim();
-            if (filteredCode) {
-                commands.push({
-                    language,
-                    code: filteredCode,
-                    dangerous: isDangerousCommand(filteredCode)
-                });
-            }
-        }
-    }
-
-    return commands;
-}
-
-/**
- * Check if command is potentially dangerous
- */
-function isDangerousCommand(command: string): boolean {
-    const dangerousPatterns = [
-        /rm\s+-rf\s+\//, // rm -rf /
-        /rm\s+-rf\s+~/, // rm -rf ~
-        /rm\s+-rf\s+\*/, // rm -rf *
-        /:\(\)\{.*\}/, // Fork bomb
-        /dd\s+if=.*of=\/dev/, // Disk operations
-        /mkfs/, // Format filesystem
-        /fdisk/, // Partition operations
-        />\s*\/dev\/sd/, // Write to disk
-        /chmod\s+-R\s+777/, // Dangerous permissions
-        /curl.*\|\s*bash/, // Pipe to bash
-        /wget.*\|\s*sh/, // Pipe to shell
-        /sudo\s+rm/, // Sudo remove
-        /format\s+[A-Z]:/, // Windows format
-        /del\s+\/[FS]/, // Windows delete
-    ];
-
-    return dangerousPatterns.some(pattern => pattern.test(command));
-}
-
-/**
- * Check if command is safe to auto-execute
- */
-export function isSafeAutoCommand(command: string): boolean {
-    const safePrefixes = [
-        // File Discovery & Read
-        'cat ', 'ls ', 'grep ', 'find ', 'pwd', 'echo ', 'read ', 'type ', 'dir',
-        // File Operations
-        'mkdir ', 'touch ', 'cp ', 'mv ', 'rm ', 'del ', 'copy ', 'move ',
-        // Dev Tools
-        'npm ', 'npx ', 'git ', 'node ', 'python ', 'python3 ', 'pip ', 'pip3 ',
-        // Cloud & Mobile
-        'firebase ', 'gcloud ', 'docker ', 'flutter ', 'react-native ',
-        // Build & Package
-        'cd ', 'tsc ', 'vite ', 'next ', 'cargo ', 'go ', 'swift '
-    ];
-    const trimmed = command.trim();
-    return safePrefixes.some(prefix => trimmed.startsWith(prefix));
-}
-
-/**
- * Ask user for permission to execute command
- */
-export async function askPermission(command: CommandBlock): Promise<boolean> {
-    // Clean Codex-style Prompt with Multi-Agent Iconography
-    console.log();
-
-    // Remove auto-execution logic to prevent infinite "run forever" loops
-    // The user should always be prompted or have the option to safely step through.
-
-    console.log(chalk.yellow('🛡️ SyntaxGuard ') + chalk.white('Analysis:'));
-    console.log(chalk.gray('> ') + chalk.white(command.code));
-    console.log();
-
-    if (command.dangerous) {
-        console.log(chalk.red('🚨 WARNING: Dangerous command'));
-    }
-
-    const { execute } = await inquirer.prompt([{
-        type: 'confirm',
-        name: 'execute',
-        message: command.dangerous ?
-            chalk.red('Execute?') :
-            chalk.gray('Execute?'),
-        default: true // Default to true for seamless flow (Codex style)
-    }]);
-
-    return execute;
-}
-
-/**
- * Execute a shell command with real-time streaming and interruption support
- */
-export async function executeCommand(command: string, shell?: string, cwd?: string): Promise<{ stdout: string; stderr: string; aborted?: boolean }> {
-    return new Promise((resolve, reject) => {
-        const shellPath = shell || process.env.SHELL || '/bin/bash';
-        const child = spawn(shellPath, ['-c', command], {
-            cwd: cwd || process.cwd(),
-            env: { ...process.env, FORCE_COLOR: 'true' }
-        });
-
-        let stdout = '';
-        let stderr = '';
-        let isAborted = false;
-        const commandStartTime = Date.now();
-
-        // Listen for "Enter" or "Escape" to kill the command
-        const onData = (data: Buffer) => {
-            // Check for Enter (13), Newline (10), Escape (27), or Ctrl+C (3)
-            // 🏁 GRACE PERIOD: Ignore aborts in the first 200ms to prevent stray newlines
-            if (Date.now() - commandStartTime < 200) return;
-
-            if (data[0] === 13 || data[0] === 10 || data[0] === 27 || data[0] === 3) {
-                isAborted = true;
-                child.kill('SIGINT'); // Send SIGINT to gracefully terminate
-            }
-        };
-
-        const isRaw = process.stdin.isRaw;
-        process.stdin.resume();
-        if (process.stdin.setRawMode) process.stdin.setRawMode(true);
-        process.stdin.on('data', onData);
-
-        child.stdout.on('data', (data: Buffer) => {
-            const chunk = data.toString();
-            stdout += chunk;
-            // No direct process.stdout.write here to prevent leaks
-        });
-
-        child.stderr.on('data', (data: Buffer) => {
-            const chunk = data.toString();
-            stderr += chunk;
-            // No direct process.stderr.write here to prevent leaks
-        });
-
-        child.on('close', (code: number | null) => {
-            // Restore terminal state
-            process.stdin.removeListener('data', onData);
-            if (process.stdin.setRawMode) process.stdin.setRawMode(isRaw);
-            process.stdin.pause();
-
-            if (isAborted) {
-                resolve({ stdout, stderr, aborted: true });
-            } else if (code === 0) {
-                resolve({ stdout, stderr });
-            } else {
-                resolve({ stdout, stderr }); // Resolve instead of reject to keep agent loop alive
-            }
-        });
-
-        child.on('error', (err: Error) => {
-            process.stdin.removeListener('data', onData);
-            if (process.stdin.setRawMode) process.stdin.setRawMode(isRaw);
-            process.stdin.pause();
-            reject(err);
-        });
-    });
-}
-
-/**
- * Execute commands with user permission
- */
-export interface ExecutionResult {
-    success: boolean;
-    executed: boolean;
-    output?: string;
-    error?: string;
-}
-
-/**
- * Execute commands and surgical patches with user permission
- */
-export async function executeWithPermission(response: string, currentSessionCwd?: string): Promise<ExecutionResult & { newCwd?: string }> {
-    const commands = extractCommands(response);
-    const patches = Patcher.parseEditBlocks(response);
-    const files = Patcher.parseFileBlocks(response);
-
-    let activeCwd = currentSessionCwd || process.cwd();
-    let accumulatedOutput = '';
-    let accumulatedError = '';
-
-    if (commands.length === 0 && patches.length === 0 && files.length === 0) {
-        return { success: true, executed: false, newCwd: activeCwd };
-    }
-
-    // 1. Handle New File Creation
-    for (const file of files) {
-        // Ensure creation happens relative to activeCwd if path is relative
-        const originalPath = file.filePath;
-        if (!path.isAbsolute(file.filePath)) {
-            file.filePath = path.join(activeCwd, file.filePath);
-        }
-
-        let showFull = false;
-        let decided = false;
-
-        while (!decided) {
-            const isTruncated = Patcher.showDiff(file, showFull);
-
-            const choices = [
-                { name: '✅ Create this new file brother', value: 'create' },
-                { name: '⏭️  Skip', value: 'skip' }
-            ];
-
-            if (isTruncated && !showFull) {
-                choices.splice(1, 0, { name: '🔍 View Full Code', value: 'full' });
-            }
-
-            const { action } = await inquirer.prompt([{
-                type: 'list',
-                name: 'action',
-                message: chalk.cyan(`Create ${originalPath}?`),
-                choices: choices
-            }]);
-
-            if (action === 'full') {
-                showFull = true;
-                continue;
-            }
-
-            if (action === 'create') {
-                const result = Patcher.createFile(file);
-                if (!result.success) return { success: false, executed: true, error: result.error, newCwd: activeCwd };
-            }
-            decided = true;
-        }
-    }
-
-    // 2. Handle Shell Commands
-    for (let i = 0; i < commands.length; i++) {
-        const command = commands[i];
-
-        // 🛡️ PRE-EXECUTION HALLUCINATION GUARD: Check for fake directories
-        const commandLines = command.code.split('\n');
-        let skipThisCommand = false;
-        let sanitizedCode = command.code;
-
-        for (const line of commandLines) {
-            const trimmed = line.trim();
-            // Check standalone cd commands
-            if (trimmed.startsWith('cd ')) {
-                let targetDir = trimmed.substring(3).replace(/['"]/g, '').trim();
-                const potentialCwd = path.isAbsolute(targetDir) ? targetDir : path.resolve(activeCwd, targetDir);
-
-                if (!fs.existsSync(potentialCwd) || !fs.statSync(potentialCwd).isDirectory()) {
-                    console.log(chalk.yellow(`\n  ⚠️  Skipped hallucinated directory: "${targetDir}"`));
-                    console.log(chalk.gray(`     (Does not exist at: ${potentialCwd})`));
-                    console.log(chalk.gray(`     Current CWD stays: ${activeCwd}\n`));
-                    skipThisCommand = true;
-                    break;
-                }
-            }
-            // Check cd inside combined commands like: cd "fake" && npm install
-            const cdChainMatch = trimmed.match(/^cd\s+["']?([^"'&]+)["']?\s*&&/);
-            if (cdChainMatch) {
-                let targetDir = cdChainMatch[1].trim();
-                const potentialCwd = path.isAbsolute(targetDir) ? targetDir : path.resolve(activeCwd, targetDir);
-
-                if (!fs.existsSync(potentialCwd) || !fs.statSync(potentialCwd).isDirectory()) {
-                    console.log(chalk.yellow(`\n  ⚠️  Stripping hallucinated cd from command: "${targetDir}"`));
-                    // Remove the cd part and execute the rest
-                    sanitizedCode = trimmed.replace(/^cd\s+["']?[^"'&]+["']?\s*&&\s*/, '');
-                    console.log(chalk.gray(`     Running remaining: ${sanitizedCode}\n`));
-                }
-            }
-        }
-
-        if (skipThisCommand) continue;
-
-        // Update command code with sanitized version
-        command.code = sanitizedCode;
-
-        // 🚀 MCP INTERCEPTION: If the command matches an MCP tool directly, use MCPServer
-        const mcpMatch = command.code.trim().match(/^(web_search|read_file|write_file|list_directory|search_files|run_command|fetch_url|git_status)\s+(.*)$/);
-
-        if (mcpMatch) {
-            const toolName = mcpMatch[1];
-            const rawArgs = mcpMatch[2].trim();
-            console.log(chalk.cyan(`⚡ Intercepted MCP Tool: `) + chalk.white(`${toolName}(${rawArgs})`));
-
-            try {
-                const { MCPServer } = await import('./mcp-server');
-                const mcp = new MCPServer(activeCwd);
-
-                // Heuristic: If it's just a string, wrap it in a query/path object
-                let args: any = {};
-                if (toolName === 'web_search') args = { query: rawArgs.replace(/^['"]|['"]$/g, '') };
-                else if (toolName === 'fetch_url') args = { url: rawArgs.replace(/^['"]|['"]$/g, '') };
-                else if (['read_file', 'list_directory', 'git_status'].includes(toolName)) args = { path: rawArgs.replace(/^['"]|['"]$/g, '') };
-                else args = { command: rawArgs }; // Default fallback
-
-                const result = await mcp.execute(toolName, args);
-
-                if (result.success) {
-                    accumulatedOutput += `[MCP ${toolName} Output]:\n${result.output}\n\n`;
-                    AgentOrchestrator.terminal(command.code, result.output);
-                } else {
-                    accumulatedError += `[MCP ${toolName} Error]: ${result.error}\n`;
-                    AgentOrchestrator.terminal(command.code, undefined, result.error);
-                }
-                continue; // Move to next command
-            } catch (e: any) {
-                console.log(chalk.red(`  ❌ MCP Execution Error: ${e.message}`));
-            }
-        }
-
-        const shouldExecute = await askPermission(command);
-
-        if (shouldExecute) {
-            try {
-                // Persistent CWD logic: Trace 'cd' commands
-                const lines = command.code.split('\n');
-                for (const line of lines) {
-                    const trimmed = line.trim();
-                    if (trimmed.startsWith('cd ')) {
-                        let targetDir = trimmed.substring(3).replace(/['"]/g, '').trim();
-                        // Resolve relative to activeCwd
-                        const potentialCwd = path.isAbsolute(targetDir) ? targetDir : path.resolve(activeCwd, targetDir);
-
-                        if (fs.existsSync(potentialCwd) && fs.statSync(potentialCwd).isDirectory()) {
-                            activeCwd = potentialCwd;
-                        } else {
-                            // Directory doesn't exist - skip silently instead of crashing
-                            console.log(chalk.yellow(`  ⚠️  Directory not found: ${targetDir} — staying in ${activeCwd}`));
-                            continue;
-                        }
-                    }
-                }
-
-                TUI.drawLiveTerminalStart(command.code);
-
-                const shellPath = process.env.SHELL || '/bin/bash';
-                const child = spawn(shellPath, ['-c', command.code], {
-                    cwd: activeCwd,
-                    env: { ...process.env, FORCE_COLOR: 'true' }
-                });
-
-                let stdout = '';
-                let stderr = '';
-                let isAborted = false;
-                const commandStartTime = Date.now();
-
-                const onData = (data: Buffer) => {
-                    if (Date.now() - commandStartTime < 500) return; // Hardened 500ms grace period
-                    if (data[0] === 13 || data[0] === 10 || data[0] === 27 || data[0] === 3) {
-                        isAborted = true;
-                        child.kill('SIGINT');
-                    }
-                };
-
-                const isRaw = process.stdin.isRaw;
-                process.stdin.resume();
-                if (process.stdin.setRawMode) process.stdin.setRawMode(true);
-                process.stdin.on('data', onData);
-
-                child.stdout.on('data', (data: Buffer) => {
-                    const chunk = data.toString();
-                    stdout += chunk;
-                    TUI.drawLiveTerminalLine(chunk);
-                });
-
-                child.stderr.on('data', (data: Buffer) => {
-                    const chunk = data.toString();
-                    stderr += chunk;
-                    TUI.drawLiveTerminalLine(chunk, true);
-                });
-
-                const { code } = await new Promise<{ code: number | null }>(resolve => {
-                    child.on('close', (code) => {
-                        process.stdin.removeListener('data', onData);
-                        if (process.stdin.setRawMode) process.stdin.setRawMode(isRaw);
-                        process.stdin.pause();
-                        TUI.drawLiveTerminalEnd();
-                        resolve({ code });
-                    });
-                });
-
-                accumulatedOutput += stdout;
-                accumulatedError += stderr;
-
-                if (isAborted) {
-                    console.log(chalk.yellow('  [🛑] Command aborted by brother.\n'));
-                    AgentOrchestrator.terminal(command.code, stdout, stderr + '\n(Aborted)');
-                } else if (code === 0) {
-                    if (stdout || stderr) {
-                        AgentOrchestrator.terminal(command.code, stdout, stderr);
-                    } else {
-                        AgentOrchestrator.terminal(command.code, '✓ Success (No output)');
-                    }
-                } else {
-                    AgentOrchestrator.terminal(command.code, stdout, stderr || `Failed with code ${code}`);
-                }
-            } catch (error: any) {
-                accumulatedError += error.message;
-                AgentOrchestrator.terminal(command.code, undefined, error.message);
-                return { success: false, executed: true, error: accumulatedError, output: accumulatedOutput, newCwd: activeCwd };
-            }
-        }
-    }
-
-    // 3. Handle Surgical Patches
-    for (const surgicalPatch of patches) {
-        // Ensure patch happens relative to activeCwd if path is relative
-        const originalPath = surgicalPatch.filePath;
-        if (!path.isAbsolute(surgicalPatch.filePath)) {
-            surgicalPatch.filePath = path.join(activeCwd, surgicalPatch.filePath);
-        }
-
-        let showFull = false;
-        let decided = false;
-
-        while (!decided) {
-            const isTruncated = Patcher.showDiff(surgicalPatch, showFull);
-
-            const choices = [
-                { name: '✅ Apply this surgical patch brother', value: 'apply' },
-                { name: '⏭️  Skip', value: 'skip' }
-            ];
-
-            if (isTruncated && !showFull) {
-                choices.splice(1, 0, { name: '🔍 View Full Diff', value: 'full' });
-            }
-
-            const { action } = await inquirer.prompt([{
-                type: 'list',
-                name: 'action',
-                message: chalk.cyan(`Patch ${originalPath}?`),
-                choices: choices
-            }]);
-
-            if (action === 'full') {
-                showFull = true;
-                continue;
-            }
-
-            if (action === 'apply') {
-                const result = Patcher.applyPatch(surgicalPatch);
-                if (result.success) {
-                    console.log(chalk.green(`  ✅ Applied surgical patch to ${originalPath}\n`));
-                } else {
-                    console.log(chalk.red(`  ❌ Error applying patch: ${result.error}\n`));
-                    return { success: false, executed: true, error: result.error, newCwd: activeCwd };
-                }
-            } else {
-                console.log(chalk.gray('  Skipped.\n'));
-            }
-            decided = true;
-        }
-    }
-
-    return {
-        success: true,
-        executed: true,
-        output: accumulatedOutput.trim(),
-        error: accumulatedError.trim(),
-        newCwd: activeCwd
-    };
-}
-
-/**
- * Command history for undo/rollback
- */
-export class CommandHistory {
-    private history: Array<{ command: string; timestamp: Date; success: boolean }> = [];
-
-    add(command: string, success: boolean) {
-        this.history.push({
-            command,
-            timestamp: new Date(),
-            success
-        });
-    }
-
-    getHistory() {
-        return this.history;
-    }
-
-    clear() {
-        this.history = [];
-    }
-}
-
-export const commandHistory = new CommandHistory();