npm - natureco-cli - Versions diffs - 2.23.32 → 4.4.1 - Mend

natureco-cli 2.23.32 → 4.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (174) hide show

package/AUDIT.md +178 -0
package/CHANGELOG.md +422 -0
package/DEPLOY_v2.0.0.md +400 -0
package/README.md +159 -1
package/bin/natureco.js +170 -8
package/package.json +43 -11
package/skills/code-review/SKILL.md +0 -0
package/skills/summarize/SKILL.md +0 -0
package/skills/translate/SKILL.md +0 -0
package/src/commands/acp.js +0 -0
package/src/commands/admin-rpc.js +0 -0
package/src/commands/agent.js +0 -0
package/src/commands/agents.js +0 -0
package/src/commands/approvals.js +0 -0
package/src/commands/ask.js +0 -0
package/src/commands/audit.js +209 -0
package/src/commands/backup.js +0 -0
package/src/commands/bonjour.js +0 -0
package/src/commands/bots.js +0 -0
package/src/commands/browser.js +0 -0
package/src/commands/capability.js +0 -0
package/src/commands/channels.js +0 -0
package/src/commands/chat.js +0 -0
package/src/commands/clawbot.js +0 -0
package/src/commands/clickclack.js +0 -0
package/src/commands/code.js +0 -0
package/src/commands/commands.js +0 -0
package/src/commands/commitments.js +0 -0
package/src/commands/completion.js +0 -0
package/src/commands/config.js +0 -0
package/src/commands/configure.js +0 -0
package/src/commands/cost.js +210 -0
package/src/commands/crestodian.js +0 -0
package/src/commands/cron.js +0 -0
package/src/commands/daemon.js +0 -0
package/src/commands/dashboard.js +126 -45
package/src/commands/device-pair.js +0 -0
package/src/commands/devices.js +0 -0
package/src/commands/directory.js +0 -0
package/src/commands/discord.js +0 -0
package/src/commands/dns.js +0 -0
package/src/commands/docs.js +0 -0
package/src/commands/doctor.js +134 -15
package/src/commands/exec-policy.js +0 -0
package/src/commands/gateway-server.js +0 -0
package/src/commands/gateway.js +0 -0
package/src/commands/git.js +0 -0
package/src/commands/health.js +0 -0
package/src/commands/help.js +0 -0
package/src/commands/hooks.js +0 -0
package/src/commands/imessage.js +0 -0
package/src/commands/infer.js +0 -0
package/src/commands/init.js +0 -0
package/src/commands/irc.js +0 -0
package/src/commands/login.js +0 -0
package/src/commands/logout.js +0 -0
package/src/commands/logs.js +0 -0
package/src/commands/mattermost.js +0 -0
package/src/commands/mcp.js +0 -0
package/src/commands/medium.js +206 -0
package/src/commands/memory-cmd.js +0 -0
package/src/commands/memory.js +0 -0
package/src/commands/message.js +0 -0
package/src/commands/migrate.js +0 -0
package/src/commands/models.js +0 -0
package/src/commands/naturehub.js +156 -0
package/src/commands/node.js +0 -0
package/src/commands/nodes.js +0 -0
package/src/commands/oc-path.js +0 -0
package/src/commands/onboard.js +0 -0
package/src/commands/open-prose.js +0 -0
package/src/commands/pairing.js +0 -0
package/src/commands/path.js +0 -0
package/src/commands/plugins.js +0 -0
package/src/commands/policy.js +0 -0
package/src/commands/proxy.js +0 -0
package/src/commands/qr.js +0 -0
package/src/commands/reset.js +0 -0
package/src/commands/run.js +0 -0
package/src/commands/sandbox.js +0 -0
package/src/commands/secrets.js +0 -0
package/src/commands/security.js +0 -0
package/src/commands/seo.js +268 -0
package/src/commands/sessions.js +0 -0
package/src/commands/setup.js +13 -6
package/src/commands/signal.js +0 -0
package/src/commands/skills.js +82 -1
package/src/commands/slack.js +0 -0
package/src/commands/sms.js +0 -0
package/src/commands/status.js +0 -0
package/src/commands/system.js +0 -0
package/src/commands/tasks.js +0 -0
package/src/commands/team.js +171 -0
package/src/commands/telegram.js +0 -0
package/src/commands/terminal.js +0 -0
package/src/commands/thread-ownership.js +0 -0
package/src/commands/transcripts.js +0 -0
package/src/commands/tui.js +0 -0
package/src/commands/ultrareview.js +0 -0
package/src/commands/uninstall.js +0 -0
package/src/commands/update.js +0 -0
package/src/commands/voice.js +0 -0
package/src/commands/vydra.js +0 -0
package/src/commands/web-fetch.js +0 -0
package/src/commands/webhooks.js +0 -0
package/src/commands/whatsapp.js +0 -0
package/src/commands/wiki.js +0 -0
package/src/commands/workboard.js +0 -0
package/src/commands/xp.js +194 -0
package/src/tools/audio_understanding.js +0 -0
package/src/tools/bash.js +0 -0
package/src/tools/browser.js +0 -0
package/src/tools/canvas.js +0 -0
package/src/tools/document_extract.js +0 -0
package/src/tools/duckduckgo.js +0 -0
package/src/tools/exa_search.js +0 -0
package/src/tools/filesystem.js +0 -0
package/src/tools/firecrawl.js +0 -0
package/src/tools/git.js +0 -0
package/src/tools/http.js +0 -0
package/src/tools/image_generation.js +0 -0
package/src/tools/list_dir.js +0 -0
package/src/tools/llm_task.js +43 -11
package/src/tools/media_understanding.js +0 -0
package/src/tools/music_generation.js +0 -0
package/src/tools/parallel_search.js +0 -0
package/src/tools/phone_control.js +0 -0
package/src/tools/phone_control_enhanced.js +0 -0
package/src/tools/read_file.js +0 -0
package/src/tools/searxng.js +0 -0
package/src/tools/speech_to_text.js +0 -0
package/src/tools/text_to_speech.js +0 -0
package/src/tools/thread_ownership.js +0 -0
package/src/tools/video_generation.js +0 -0
package/src/tools/web_readability.js +0 -0
package/src/tools/web_search.js +0 -0
package/src/tools/write_file.js +0 -0
package/src/utils/agents-md.js +0 -0
package/src/utils/agents.js +0 -0
package/src/utils/api.js +5 -1
package/src/utils/approvals.js +0 -0
package/src/utils/audit.js +199 -0
package/src/utils/background.js +0 -0
package/src/utils/baileys.js +0 -0
package/src/utils/branding.js +136 -0
package/src/utils/commands.js +0 -0
package/src/utils/config.js +0 -0
package/src/utils/cost-tracker.js +360 -0
package/src/utils/cron.js +0 -0
package/src/utils/dashboard-server.js +284 -0
package/src/utils/errors.js +0 -0
package/src/utils/format.js +7 -10
package/src/utils/gateway-ws.js +0 -0
package/src/utils/headless.js +0 -0
package/src/utils/history.js +0 -0
package/src/utils/hooks.js +0 -0
package/src/utils/inquirer-wrapper.js +0 -0
package/src/utils/mcp-client.js +0 -0
package/src/utils/mcp.js +0 -0
package/src/utils/memory.js +0 -0
package/src/utils/parallel-tools.js +0 -0
package/src/utils/path-utils.js +0 -0
package/src/utils/pattern-detector.js +314 -0
package/src/utils/plugin-registry.js +0 -0
package/src/utils/secret-scanner.js +204 -0
package/src/utils/secrets.js +0 -0
package/src/utils/sessions.js +0 -0
package/src/utils/skills.js +0 -0
package/src/utils/sub-agent.js +6 -0
package/src/utils/token-budget.js +0 -0
package/src/utils/tool-adapter.js +0 -0
package/src/utils/tool-runner.js +0 -0
package/src/utils/tui.js +750 -0
package/src/utils/web-fetch.js +0 -0

package/src/utils/secret-scanner.js ADDED Viewed

@@ -0,0 +1,204 @@
+/**
+ * NatureCo CLI — Secret Scanner (Phase 2)
+ *
+ * Kod metinlerinde veya dosya içeriklerinde hardcoded API key,
+ * token, password gibi hassas verilerin sızmasını önceden tespit eder.
+ *
+ * OpenClaw'ın en büyük güvenlik açıklarından biri buydu —
+ * kullanıcı farkında olmadan key'ini GitHub'a push'luyordu.
+ *
+ * Bu modül:
+ * - Statik metin tarama (regex)
+ * - Entropy analizi (rastgele yüksek entropi = muhtemelen secret)
+ * - Dosya tarama (skip: .git, node_modules, .natureco, lock dosyaları)
+ * - Pre-commit hook entegrasyonu için tasarlandı
+ */
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+// Bilinen secret pattern'leri — provider/format eşleşmesi
+const SECRET_PATTERNS = [
+  { name: 'OpenAI', regex: /\bsk-[A-Za-z0-9]{20,}(?:T3BlbkFJ[A-Za-z0-9]{20,})?/g, severity: 'critical' },
+  { name: 'Anthropic', regex: /\bsk-ant-[A-Za-z0-9-]{20,}/g, severity: 'critical' },
+  { name: 'Groq', regex: /\bgsk_[A-Za-z0-20]{20,}/g, severity: 'critical' },
+  { name: 'Google API', regex: /\bAIza[A-Za-z0-9_-]{35}/g, severity: 'critical' },
+  { name: 'AWS Access Key', regex: /\bAKIA[0-9A-Z]{16}/g, severity: 'critical' },
+  { name: 'AWS Secret Key', regex: /\b[A-Za-z0-9/+=]{40}\b/g, severity: 'high' }, // false positive riski yüksek
+  { name: 'GitHub Token', regex: /\bgh[pousr]_[A-Za-z0-9]{36,}/g, severity: 'critical' },
+  { name: 'GitHub Fine-grained', regex: /\bgithub_pat_[A-Za-z0-9_]{82}/g, severity: 'critical' },
+  { name: 'Slack Token', regex: /\bxox[baprs]-[A-Za-z0-9-]{10,}/g, severity: 'critical' },
+  { name: 'Stripe Live', regex: /\bsk_live_[A-Za-z0-9]{24,}/g, severity: 'critical' },
+  { name: 'Stripe Test', regex: /\bsk_test_[A-Za-z0-9]{24,}/g, severity: 'medium' },
+  { name: 'Tavily', regex: /\btvly-[A-Za-z0-9_-]{20,}/g, severity: 'critical' },
+  { name: 'OpenAI Project', regex: /\bsk-proj-[A-Za-z0-9_-]{20,}/g, severity: 'critical' },
+  { name: 'HuggingFace', regex: /\bhf_[A-Za-z0-9]{20,}/g, severity: 'critical' },
+  { name: 'Replicate', regex: /\br8_[A-Za-z0-9]{40,}/g, severity: 'critical' },
+  { name: 'Firecrawl', regex: /\bfc-[A-Za-z0-9]{20,}/g, severity: 'critical' },
+  { name: 'NatureCo', regex: /\bnc_[A-Za-z0-9]{20,}/g, severity: 'critical' },
+  { name: 'NatureCo Legacy', regex: /\bnco_[A-Za-z0-9]{20,}/g, severity: 'critical' },
+  { name: 'JWT', regex: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g, severity: 'high' },
+  { name: 'Private Key', regex: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g, severity: 'critical' },
+  { name: 'Generic Password Assignment', regex: /(?:password|passwd|pwd|secret)\s*[=:]\s*['"]([^'"]{8,})['"]/gi, severity: 'medium' },
+  { name: 'Bearer Token', regex: /\bBearer\s+[A-Za-z0-9_-]{20,}/g, severity: 'high' },
+];
+// Tarama dışı dosyalar
+const SKIP_DIRS = new Set([
+  'node_modules', '.git', '.natureco', 'dist', 'build',
+  'coverage', '.next', '.cache', '.venv', 'venv',
+]);
+const SKIP_EXT = new Set([
+  '.png', '.jpg', '.jpeg', '.gif', '.pdf', '.zip', '.tar', '.gz',
+  '.mp4', '.mp3', '.mov', '.ico', '.woff', '.woff2', '.ttf',
+  '.lock', '.bin', '.exe', '.dmg', '.dylib', '.so',
+]);
+// Entropy hesaplama (Shannon)
+function shannonEntropy(str) {
+  if (!str || str.length < 16) return 0;
+  const freq = {};
+  for (const c of str) freq[c] = (freq[c] || 0) + 1;
+  let entropy = 0;
+  const len = str.length;
+  for (const c in freq) {
+    const p = freq[c] / len;
+    entropy -= p * Math.log2(p);
+  }
+  return entropy;
+}
+/**
+ * Bir metin parçasını tarar, bulunan secret'ları döner.
+ */
+function scanText(text, options = {}) {
+  const { minEntropy = 4.0 } = options;
+  const findings = [];
+  for (const { name, regex, severity } of SECRET_PATTERNS) {
+    regex.lastIndex = 0;
+    let m;
+    while ((m = regex.exec(text)) !== null) {
+      findings.push({
+        type: name,
+        severity,
+        match: redactSecret(m[0]),
+        index: m.index,
+      });
+      if (!regex.global) break;
+    }
+  }
+  // Entropy tabanlı genel tarama (bilinmeyen format)
+  // Yüksek entropili 32+ karakterlik ardışık dizileri yakala
+  const highEntropyRe = /[A-Za-z0-9_\-+/=]{32,}/g;
+  let m;
+  while ((m = highEntropyRe.exec(text)) !== null) {
+    const candidate = m[0];
+    if (shannonEntropy(candidate) >= minEntropy) {
+      // Zaten bilinen bir pattern tarafından yakalanmadıysa ekle
+      if (!findings.some(f => Math.abs(f.index - m.index) < 10)) {
+        findings.push({
+          type: 'HighEntropyString',
+          severity: 'low',
+          match: redactSecret(candidate),
+          entropy: shannonEntropy(candidate).toFixed(2),
+          index: m.index,
+        });
+      }
+    }
+  }
+  return findings;
+}
+/**
+ * Secret'ı güvenli şekilde maskele (ilk 4 + son 4 karakter, ortası ***).
+ */
+function redactSecret(secret) {
+  if (!secret || secret.length < 12) return '***';
+  return secret.slice(0, 4) + '***' + secret.slice(-4);
+}
+/**
+ * Bir dosyayı tara.
+ */
+function scanFile(filePath, options = {}) {
+  try {
+    const stat = fs.statSync(filePath);
+    if (stat.size > 5 * 1024 * 1024) return []; // 5 MB'dan büyük dosyaları atla
+    const content = fs.readFileSync(filePath, 'utf8');
+    const findings = scanText(content, options);
+    return findings.map(f => ({ ...f, file: filePath, line: lineFromIndex(content, f.index) }));
+  } catch {
+    return [];
+  }
+}
+function lineFromIndex(text, idx) {
+  return text.slice(0, idx).split('\n').length;
+}
+/**
+ * Bir dizini recursive olarak tara.
+ */
+function scanDir(dirPath, options = {}) {
+  const { maxFiles = 10000 } = options;
+  const findings = [];
+  let count = 0;
+  function walk(dir) {
+    if (count >= maxFiles) return;
+    let entries;
+    try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+    for (const entry of entries) {
+      if (count >= maxFiles) return;
+      if (SKIP_DIRS.has(entry.name)) continue;
+      const p = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        walk(p);
+      } else if (entry.isFile()) {
+        const ext = path.extname(entry.name).toLowerCase();
+        if (SKIP_EXT.has(ext)) continue;
+        findings.push(...scanFile(p));
+        count++;
+      }
+    }
+  }
+  walk(dirPath);
+  return findings;
+}
+/**
+ * Tarama sonuçlarını kritik/yüksek/orta/düşük olarak özetler.
+ */
+function summarize(findings) {
+  const counts = { critical: 0, high: 0, medium: 0, low: 0 };
+  for (const f of findings) counts[f.severity] = (counts[f.severity] || 0) + 1;
+  return counts;
+}
+/**
+ * Hızlı tahlil — verilen bir dizinde tarama yapar ve özet döner.
+ */
+function quickScan(dirPath) {
+  const findings = scanDir(dirPath);
+  return {
+    dir: dirPath,
+    timestamp: new Date().toISOString(),
+    findings,
+    summary: summarize(findings),
+  };
+}
+module.exports = {
+  scanText,
+  scanFile,
+  scanDir,
+  summarize,
+  quickScan,
+  shannonEntropy,
+  redactSecret,
+  SECRET_PATTERNS,
+};

package/src/utils/secrets.js CHANGED Viewed

File without changes

package/src/utils/sessions.js CHANGED Viewed

File without changes

package/src/utils/skills.js CHANGED Viewed

File without changes

package/src/utils/sub-agent.js CHANGED Viewed

@@ -9,6 +9,12 @@ const SYSTEM_PROMPTS = {
   explore: 'You are a research agent. Find information, explore codebases, search files. Be concise.',
   general: 'You are a general-purpose implementation agent. Write code, fix bugs, refactor.',
   review: 'You are a code review agent. Analyze code for bugs, security, performance, style.',
+  // Phase 7 — NatureCo specialized agents
+  seo: 'Sen bir SEO uzmanısın. Anahtar kelime analizi, meta tag önerisi, içerik optimizasyonu yaparsın. Türkçe ve İngilizce içerik için öneri ver.',
+  content: 'Sen bir içerik yazarısın. NatureCo için SEO uyumlu, özgün blog yazıları ve sosyal medya içerikleri üretirsin. Hedef kitle: doğa ve teknoloji meraklıları, geliştiriciler.',
+  security: 'Sen bir güvenlik uzmanısın. OWASP top 10, dependency güvenliği, secret sızıntısı tespiti yapar, remediation önerirsin.',
+  translator: 'Sen bir çevirmensin. Doğal, akıcı, bağlama uygun çeviriler yaparsın. Teknik terimleri koruyarak sade dil kullanırsın.',
+  debugger: 'Sen bir debugging uzmanısın. Hata mesajlarını analiz eder, kök nedeni bulur, minimal bir fix önerir veya uygularsın.',
 };
 function ensureDir() {

package/src/utils/token-budget.js CHANGED Viewed

File without changes

package/src/utils/tool-adapter.js CHANGED Viewed

File without changes

package/src/utils/tool-runner.js CHANGED Viewed

File without changes