npm - navada-edge-cli - Versions diffs - 3.1.0 → 3.2.0 - Mend

navada-edge-cli 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/docker-compose.yml CHANGED Viewed

@@ -1,7 +1,7 @@
 services:
   cli:
     build: .
-    image: navada-edge-cli:3.1.0
+    image: navada-edge-cli:3.2.0
     container_name: navada-edge-cli
     restart: always
     stdin_open: true

package/lib/agent.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict';
-const { execSync } = require('child_process');
+const { execSync, execFileSync } = require('child_process');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
@@ -58,10 +58,8 @@ Keep responses short. Code blocks when needed. No fluff.`,
       'Raven Terminal — security terminal',
     ],
     contact: {
-      email: 'leeakpareva@hotmail.com',
       github: 'github.com/leeakpareva',
       website: 'navada-lab.space',
-      phone: '+447935237704',
     },
   },
 };
@@ -88,8 +86,30 @@ const sessionState = {
   messages: 0,
   startTime: Date.now(),
   learningMode: null,  // 'python' | 'csharp' | 'node' | null
+  history: [],         // conversation history for context continuity
 };
+// Conversation history management
+function addToHistory(role, content) {
+  sessionState.history.push({ role, content });
+  // Keep last 40 turns to avoid token overflow
+  if (sessionState.history.length > 40) {
+    sessionState.history = sessionState.history.slice(-40);
+  }
+  sessionState.messages++;
+}
+function getConversationHistory() {
+  return sessionState.history;
+}
+function clearHistory() {
+  sessionState.history = [];
+  sessionState.messages = 0;
+  sessionState.tokens = { input: 0, output: 0, total: 0 };
+  sessionState.cost = 0;
+}
 // ---------------------------------------------------------------------------
 // Rate limit tracking (in-memory, per session)
 // ---------------------------------------------------------------------------
@@ -192,7 +212,8 @@ const localTools = {
     execute: (code) => {
       try {
         const py = process.platform === 'win32' ? 'python' : 'python3';
-        const output = execSync(`${py} -c "${code.replace(/"/g, '\\"')}"`, {
+        // Safe: use execFileSync with -c flag — no shell interpolation
+        const output = execFileSync(py, ['-c', code], {
           timeout: 30000, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'],
         });
         return output.trim();
@@ -206,8 +227,12 @@ const localTools = {
     description: 'Install a Python package',
     execute: (pkg) => {
       try {
+        // Validate package name — alphanumeric, hyphens, underscores, dots, brackets, version specifiers
+        if (!/^[a-zA-Z0-9._\-\[\],>=<! ]+$/.test(pkg)) {
+          return 'Error: Invalid package name';
+        }
         const py = process.platform === 'win32' ? 'python' : 'python3';
-        const output = execSync(`${py} -m pip install ${pkg}`, {
+        const output = execFileSync(py, ['-m', 'pip', 'install', ...pkg.split(/\s+/)], {
           timeout: 60000, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'],
         });
         return output.trim().split('\n').slice(-3).join('\n');
@@ -221,10 +246,12 @@ const localTools = {
     description: 'Run a Python script file',
     execute: (scriptPath) => {
       try {
+        const resolved = path.resolve(scriptPath);
+        if (!fs.existsSync(resolved)) return `Error: File not found: ${resolved}`;
         const py = process.platform === 'win32' ? 'python' : 'python3';
-        const output = execSync(`${py} "${path.resolve(scriptPath)}"`, {
+        const output = execFileSync(py, [resolved], {
           timeout: 60000, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'],
-          cwd: path.dirname(path.resolve(scriptPath)),
+          cwd: path.dirname(resolved),
         });
         return output.trim();
       } catch (e) {
@@ -244,7 +271,6 @@ const localTools = {
 // ---------------------------------------------------------------------------
 const FREE_TIER_ENDPOINTS = [
   'https://api.navada-edge-server.uk/api/v1/chat',    // Cloudflare tunnel (public, works for all)
-  'http://100.88.118.128:7900/api/v1/chat',           // Direct Tailscale (VPN users only)
 ];
 async function callFreeTier(messages, stream = false) {
@@ -932,7 +958,6 @@ function getUpdateInfo() { return _updateInfo; }
 async function reportTelemetry(event, data = {}) {
   // Try dashboard first, then public tunnel
   const endpoints = [
-    'http://100.88.118.128:7900',
     'https://api.navada-edge-server.uk',
   ];
@@ -959,4 +984,4 @@ async function reportTelemetry(event, data = {}) {
   }
 }
-module.exports = { IDENTITY, chat, localTools, reportTelemetry, fallbackChat, checkForUpdate, getUpdateInfo, rateTracker, sessionState };
+module.exports = { IDENTITY, chat, localTools, reportTelemetry, fallbackChat, checkForUpdate, getUpdateInfo, rateTracker, sessionState, addToHistory, getConversationHistory, clearHistory };

package/lib/cli.js CHANGED Viewed

@@ -10,6 +10,15 @@ const { execute, getCompletions } = require('./registry');
 const { loadAll } = require('./commands/index');
 const { reportTelemetry, checkForUpdate, getUpdateInfo, rateTracker } = require('./agent');
+// Global error safety — prevent unhandled crashes
+process.on('unhandledRejection', (err) => {
+  console.log(ui.error(`Unhandled error: ${err?.message || err}`));
+});
+process.on('uncaughtException', (err) => {
+  console.log(ui.error(`Fatal: ${err?.message || err}`));
+  process.exit(1);
+});
 function applyConfig() {
   const cfg = config.getAll();
   const overrides = {};

package/lib/commands/ai.js CHANGED Viewed

@@ -3,13 +3,10 @@
 const navada = require('navada-edge-sdk');
 const ui = require('../ui');
 const config = require('../config');
-const { chat: agentChat, reportTelemetry, rateTracker } = require('../agent');
+const { chat: agentChat, reportTelemetry, rateTracker, addToHistory, getConversationHistory, clearHistory } = require('../agent');
 module.exports = function(reg) {
-  // Conversation history for multi-turn
-  const conversationHistory = [];
   reg('chat', 'Chat with NAVADA Edge AI agent', async (args) => {
     const msg = args.join(' ');
     if (!msg) { console.log(ui.dim('Just type naturally — no /command needed.')); return; }
@@ -17,24 +14,22 @@ module.exports = function(reg) {
     const hasKey = config.getApiKey() || config.get('anthropicKey') || process.env.ANTHROPIC_API_KEY;
     // Show a brief "thinking" indicator, then clear it when streaming starts
+    let spinner;
     if (!hasKey) {
       process.stdout.write(ui.dim('  NAVADA > '));
     } else {
       const ora = require('ora');
-      var spinner = ora({ text: '  NAVADA thinking...', color: 'white' }).start();
+      spinner = ora({ text: '  NAVADA thinking...', color: 'white' }).start();
     }
     try {
-      const response = await agentChat(msg, conversationHistory);
+      const response = await agentChat(msg, getConversationHistory());
       if (spinner) spinner.stop();
       // Update conversation history
-      conversationHistory.push({ role: 'user', content: msg });
-      conversationHistory.push({ role: 'assistant', content: response });
-      // Keep history manageable (last 20 turns)
-      while (conversationHistory.length > 40) conversationHistory.splice(0, 2);
+      addToHistory('user', msg);
+      addToHistory('assistant', response);
       // Only print if not already streamed
       if (!response._streamed) {
@@ -51,6 +46,14 @@ module.exports = function(reg) {
     }
   }, { category: 'AI', aliases: ['ask'] });
+  reg('clear', 'Clear conversation history and reset session', () => {
+    clearHistory();
+    console.clear();
+    const banner = require('../ui').banner;
+    console.log(banner());
+    console.log(ui.success('Conversation cleared — fresh session'));
+  }, { category: 'AI' });
   reg('qwen', 'Qwen Coder 32B (FREE via HuggingFace)', async (args) => {
     const prompt = args.join(' ');
     if (!prompt) { console.log(ui.dim('Usage: /qwen Write a function to validate UK postcodes')); return; }

package/lib/commands/index.js CHANGED Viewed

@@ -3,28 +3,22 @@
 const { register } = require('../registry');
 // Load all command modules — each exports a function(register)
-const modules = [
-  require('./network'),
-  require('./mcp'),
-  require('./lucas'),
-  require('./docker'),
-  require('./database'),
-  require('./cloudflare'),
-  require('./ai'),
-  require('./azure'),
-  require('./agents'),
-  require('./tasks'),
-  require('./keys'),
-  require('./setup'),
-  require('./system'),
-  require('./learn'),
-  require('./sandbox'),
-  require('./nvidia'),
+const moduleNames = [
+  'network', 'mcp', 'lucas', 'docker', 'database', 'cloudflare',
+  'ai', 'azure', 'agents', 'tasks', 'keys', 'setup', 'system',
+  'learn', 'sandbox', 'nvidia',
 ];
 function loadAll() {
-  for (const mod of modules) {
-    mod(register);
+  for (const name of moduleNames) {
+    try {
+      const mod = require(`./${name}`);
+      mod(register);
+    } catch (e) {
+      // Don't crash the entire CLI if one module fails to load
+      const ui = require('../ui');
+      console.log(ui.warn(`Failed to load module: ${name} — ${e.message}`));
+    }
   }
 }

package/lib/config.js CHANGED Viewed

@@ -15,13 +15,28 @@ function ensureDir() {
 function load() {
   try {
     if (!fs.existsSync(CONFIG_FILE)) return {};
-    return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8'));
-  } catch { return {}; }
+    const raw = fs.readFileSync(CONFIG_FILE, 'utf-8');
+    if (!raw.trim()) return {};
+    return JSON.parse(raw);
+  } catch (e) {
+    // Back up corrupted config
+    try {
+      const backupPath = CONFIG_FILE + '.bak';
+      if (fs.existsSync(CONFIG_FILE)) fs.copyFileSync(CONFIG_FILE, backupPath);
+    } catch {}
+    return {};
+  }
 }
 function save(config) {
   ensureDir();
-  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+  const data = JSON.stringify(config, null, 2);
+  // Write atomically via temp file
+  const tmpFile = CONFIG_FILE + '.tmp';
+  fs.writeFileSync(tmpFile, data);
+  fs.renameSync(tmpFile, CONFIG_FILE);
+  // Restrict permissions on config file (contains API keys)
+  try { fs.chmodSync(CONFIG_FILE, 0o600); } catch {}
 }
 function isFirstRun() { return !fs.existsSync(CONFIG_FILE); }

package/lib/serve.js CHANGED Viewed

@@ -9,8 +9,10 @@ function start(port = 7800) {
   const server = http.createServer(async (req, res) => {
     const url = req.url.split('?')[0];
-    // CORS
-    res.setHeader('Access-Control-Allow-Origin', '*');
+    // CORS — restrict to local/Tailscale origins
+    const origin = req.headers.origin || '';
+    const allowedOrigin = (origin.includes('localhost') || origin.includes('127.0.0.1') || origin.includes('100.')) ? origin : '';
+    res.setHeader('Access-Control-Allow-Origin', allowedOrigin || `http://localhost:${port}`);
     res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
     res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
     if (req.method === 'OPTIONS') { res.writeHead(204); return res.end(); }
@@ -24,25 +26,36 @@ function start(port = 7800) {
     // Execute command
     if (url === '/api/cmd' && req.method === 'POST') {
       let body = '';
-      req.on('data', c => body += c);
+      let bodySize = 0;
+      const MAX_BODY = 8192;
+      req.on('data', c => {
+        bodySize += c.length;
+        if (bodySize > MAX_BODY) { req.destroy(); return; }
+        body += c;
+      });
       req.on('end', async () => {
         try {
+          if (bodySize > MAX_BODY) { res.writeHead(413); return res.end(JSON.stringify({ error: 'Request too large' })); }
           const { command } = JSON.parse(body);
-          if (!command) { res.writeHead(400); return res.end(JSON.stringify({ error: 'command required' })); }
+          if (!command || typeof command !== 'string') { res.writeHead(400); return res.end(JSON.stringify({ error: 'command required (string)' })); }
+          if (command.length > 2000) { res.writeHead(400); return res.end(JSON.stringify({ error: 'command too long' })); }
           // Capture output
           const orig = console.log;
           const buf = [];
           console.log = (...args) => buf.push(args.join(' '));
-          await execute(command);
-          console.log = orig;
+          try {
+            await execute(command);
+          } finally {
+            console.log = orig;
+          }
           const output = buf.join('\n').replace(/\x1b\[[0-9;]*m/g, ''); // strip ANSI
           res.writeHead(200, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ command, output }));
         } catch (e) {
           res.writeHead(500, { 'Content-Type': 'application/json' });
-          res.end(JSON.stringify({ error: e.message }));
+          res.end(JSON.stringify({ error: 'Internal server error' }));
         }
       });
       return;

package/lib/ui.js CHANGED Viewed

@@ -90,8 +90,9 @@ function sessionPanel(width) {
     kvLine(' Model:   ', model),
     kvLine(' Tier:    ', tier),
     '',
-    sectionLine('Token Usage'),
-    kvLine(' Total:   ', String(state.tokens?.total || 0)),
+    sectionLine('Usage'),
+    kvLine(' Messages:', String(state.messages || 0)),
+    kvLine(' Tokens:  ', String(state.tokens?.total || 0)),
     kvLine(' Cost:    ', `$${(state.cost || 0).toFixed(4)}`),
     '',
     sectionLine('Configuration'),
@@ -114,15 +115,18 @@ function sessionPanel(width) {
   return lines;
 }
+let _pythonCache = null;
 function detectPython() {
+  if (_pythonCache !== null) return _pythonCache;
   try {
     const { execSync } = require('child_process');
     const py = process.platform === 'win32' ? 'python' : 'python3';
     const ver = execSync(`${py} --version`, { timeout: 3000, encoding: 'utf-8' }).trim();
-    return style('success', ver.replace('Python ', ''));
+    _pythonCache = style('success', ver.replace('Python ', ''));
   } catch {
-    return style('offline', 'not found');
+    _pythonCache = style('offline', 'not found');
   }
+  return _pythonCache;
 }
 function footerBar(width) {
@@ -178,7 +182,9 @@ function prompt() {
   try { state = require('./agent').sessionState; } catch { state = {}; }
   const mode = state?.learningMode;
   const modeTag = mode ? style('accent', `[${mode}]`) + ' ' : '';
-  return modeTag + style('dim', 'navada') + style('accent', '> ');
+  const msgCount = state?.messages || 0;
+  const countTag = msgCount > 0 ? style('dim', `(${msgCount}) `) : '';
+  return modeTag + countTag + style('dim', 'navada') + style('accent', '> ');
 }
 function box(title, content) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "navada-edge-cli",
-  "version": "3.1.0",
+  "version": "3.2.0",
   "description": "Interactive CLI for the NAVADA Edge Network — explore nodes, agents, Cloudflare, AI, Docker, and MCP from your terminal",
   "main": "lib/cli.js",
   "bin": {
@@ -41,14 +41,14 @@
     "url": "git+https://github.com/Navada25/edge-sdk.git"
   },
   "dependencies": {
-    "navada-edge-sdk": "^1.1.0",
     "chalk": "^4.1.2",
     "cli-table3": "^0.6.5",
+    "navada-edge-sdk": "^1.1.0",
     "ora": "^5.4.1"
   },
   "optionalDependencies": {
-    "qrcode-terminal": "^0.12.0",
-    "nodemailer": "^6.9.0"
+    "nodemailer": "^8.0.4",
+    "qrcode-terminal": "^0.12.0"
   },
   "publishConfig": {
     "access": "public"