notoken-core 1.0.0

package/dist/conversation/secrets.d.ts

@@ -0,0 +1,43 @@
+export interface RedactionResult {
+    /** Text with secrets replaced by placeholders */
+    redactedText: string;
+    /** Number of secrets found */
+    secretCount: number;
+    /** The placeholder IDs created */
+    placeholders: Array<{
+        id: string;
+        label: string;
+    }>;
+}
+/**
+ * Scan text for secrets and replace with placeholders.
+ * Secrets are stored in memory only.
+ */
+export declare function redactSecrets(text: string): RedactionResult;
+/**
+ * Retrieve a secret from memory by placeholder ID.
+ */
+export declare function getSecret(placeholderId: string): string | undefined;
+/**
+ * List all secret placeholder IDs in memory.
+ */
+export declare function listSecrets(): Array<{
+    id: string;
+    preview: string;
+}>;
+/**
+ * Save secrets to a file (only when user explicitly asks).
+ */
+export declare function saveSecretsToFile(filepath?: string): string;
+/**
+ * Load secrets from a previously saved file back into memory.
+ */
+export declare function loadSecretsFromFile(filepath: string): number;
+/**
+ * Clear all secrets from memory.
+ */
+export declare function clearSecrets(): void;
+/**
+ * Resolve placeholders back to real values (for execution only, not storage).
+ */
+export declare function resolvePlaceholders(text: string): string;

package/dist/conversation/secrets.js

@@ -0,0 +1,129 @@
+import { randomUUID } from "node:crypto";
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "node:fs";
+import { resolve, dirname } from "node:path";
+import { DATA_DIR } from "../utils/paths.js";
+/**
+ * Secret manager.
+ *
+ * Detects passwords, tokens, and secrets in conversation text.
+ * Replaces them with <password.UUID> placeholders in stored conversations.
+ * Secrets live only in memory unless the user explicitly saves them.
+ */
+// In-memory secret store (never persisted unless user asks)
+const secretStore = new Map();
+// Patterns that look like secrets
+const SECRET_PATTERNS = [
+    // Explicit password flags
+    { pattern: /(?:--password|--pass|-p)\s+(\S+)/i, label: "password" },
+    { pattern: /(?:password|passwd|pass)\s*[=:]\s*(\S+)/i, label: "password" },
+    // API keys / tokens
+    { pattern: /(?:api[_-]?key|token|secret|auth)\s*[=:]\s*(\S+)/i, label: "api_key" },
+    { pattern: /\b(sk-[a-zA-Z0-9]{20,})\b/, label: "api_key" },
+    { pattern: /\b(ghp_[a-zA-Z0-9]{36,})\b/, label: "github_token" },
+    { pattern: /\b(glpat-[a-zA-Z0-9\-_]{20,})\b/, label: "gitlab_token" },
+    // SSH private key content
+    { pattern: /(-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |DSA )?PRIVATE KEY-----)/, label: "private_key" },
+    // Generic high-entropy strings that look like secrets (32+ chars, mixed case + digits)
+    { pattern: /\b([A-Za-z0-9+\/]{32,}={0,2})\b/, label: "possible_secret" },
+    // Connection strings with passwords
+    { pattern: /:\/\/([^:]+):([^@]+)@/i, label: "connection_password" },
+];
+/**
+ * Scan text for secrets and replace with placeholders.
+ * Secrets are stored in memory only.
+ */
+export function redactSecrets(text) {
+    let redacted = text;
+    const placeholders = [];
+    for (const { pattern, label } of SECRET_PATTERNS) {
+        // Skip the generic high-entropy pattern for short texts
+        if (label === "possible_secret" && text.length < 50)
+            continue;
+        const match = redacted.match(pattern);
+        if (!match)
+            continue;
+        // For connection strings, redact just the password part (group 2)
+        const secretValue = match[2] ?? match[1];
+        if (!secretValue || secretValue.length < 6)
+            continue;
+        // Don't redact common words that happen to match
+        if (isCommonWord(secretValue))
+            continue;
+        const id = `<${label}.${randomUUID().slice(0, 8)}>`;
+        secretStore.set(id, secretValue);
+        redacted = redacted.replace(secretValue, id);
+        placeholders.push({ id, label });
+    }
+    return {
+        redactedText: redacted,
+        secretCount: placeholders.length,
+        placeholders,
+    };
+}
+/**
+ * Retrieve a secret from memory by placeholder ID.
+ */
+export function getSecret(placeholderId) {
+    return secretStore.get(placeholderId);
+}
+/**
+ * List all secret placeholder IDs in memory.
+ */
+export function listSecrets() {
+    return Array.from(secretStore.entries()).map(([id, value]) => ({
+        id,
+        preview: value.slice(0, 4) + "****",
+    }));
+}
+/**
+ * Save secrets to a file (only when user explicitly asks).
+ */
+export function saveSecretsToFile(filepath) {
+    const file = filepath ?? resolve(DATA_DIR, `secrets_${Date.now()}.json`);
+    const dir = dirname(file);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const data = {};
+    for (const [id, value] of secretStore.entries()) {
+        data[id] = value;
+    }
+    writeFileSync(file, JSON.stringify(data, null, 2), { mode: 0o600 });
+    return file;
+}
+/**
+ * Load secrets from a previously saved file back into memory.
+ */
+export function loadSecretsFromFile(filepath) {
+    if (!existsSync(filepath))
+        return 0;
+    const data = JSON.parse(readFileSync(filepath, "utf-8"));
+    let count = 0;
+    for (const [id, value] of Object.entries(data)) {
+        secretStore.set(id, value);
+        count++;
+    }
+    return count;
+}
+/**
+ * Clear all secrets from memory.
+ */
+export function clearSecrets() {
+    secretStore.clear();
+}
+/**
+ * Resolve placeholders back to real values (for execution only, not storage).
+ */
+export function resolvePlaceholders(text) {
+    let resolved = text;
+    for (const [id, value] of secretStore.entries()) {
+        resolved = resolved.replaceAll(id, value);
+    }
+    return resolved;
+}
+function isCommonWord(value) {
+    const common = new Set([
+        "password", "secret", "token", "admin", "root", "localhost",
+        "default", "staging", "production", "develop", "master", "main",
+    ]);
+    return common.has(value.toLowerCase());
+}

package/dist/conversation/store.d.ts

@@ -0,0 +1,94 @@
+export interface ConversationTurn {
+    id: number;
+    timestamp: string;
+    role: "user" | "system";
+    rawText: string;
+    intent?: string;
+    confidence?: number;
+    fields?: Record<string, unknown>;
+    result?: string;
+    error?: string;
+    /** Entities mentioned in this turn */
+    entities: ConversationEntity[];
+    /** Uncertainty info for this turn */
+    uncertainty?: UncertaintyReport;
+}
+export interface ConversationEntity {
+    text: string;
+    type: "service" | "environment" | "path" | "user" | "branch" | "container" | "unknown";
+    resolved?: string;
+}
+export interface UncertaintyReport {
+    unknownTokens: string[];
+    lowConfidenceFields: Array<{
+        field: string;
+        value: string;
+        confidence: number;
+    }>;
+    overallConfidence: number;
+}
+export interface Conversation {
+    id: string;
+    folderPath: string;
+    createdAt: string;
+    updatedAt: string;
+    turns: ConversationTurn[];
+    /** Running knowledge of entities mentioned across turns */
+    knowledgeTree: KnowledgeNode[];
+}
+export interface KnowledgeNode {
+    entity: string;
+    type: ConversationEntity["type"];
+    firstMentioned: number;
+    lastMentioned: number;
+    /** How many turns reference this entity */
+    frequency: number;
+    /** Related entities seen in the same turns */
+    coOccurrences: string[];
+    /** Most recent field role (service, environment, target, etc.) */
+    lastRole?: string;
+}
+/**
+ * Create a new conversation.
+ */
+export declare function createConversation(folderPath: string): Conversation;
+/**
+ * Save a conversation to disk.
+ */
+export declare function saveConversation(conv: Conversation): void;
+/**
+ * Load a conversation by ID.
+ */
+export declare function loadConversation(folderPath: string, conversationId: string): Conversation | null;
+/**
+ * Load the most recent conversation for a folder path, or create a new one.
+ */
+export declare function getOrCreateConversation(folderPath: string): Conversation;
+/**
+ * List all conversations for a folder path.
+ */
+export declare function listConversations(folderPath: string): Array<{
+    id: string;
+    createdAt: string;
+    turns: number;
+}>;
+/**
+ * Add a user turn to the conversation.
+ */
+export declare function addUserTurn(conv: Conversation, rawText: string, intent?: string, confidence?: number, fields?: Record<string, unknown>, entities?: ConversationEntity[], uncertainty?: UncertaintyReport): ConversationTurn;
+/**
+ * Add a system result turn.
+ */
+export declare function addSystemTurn(conv: Conversation, rawText: string, result?: string, error?: string): ConversationTurn;
+/**
+ * Get the most recently mentioned entity of a given type.
+ */
+export declare function getLastEntity(conv: Conversation, type: ConversationEntity["type"]): KnowledgeNode | undefined;
+/**
+ * Get all entities, sorted by recency.
+ */
+export declare function getRecentEntities(conv: Conversation, limit?: number): KnowledgeNode[];
+/**
+ * Get the last N user turns.
+ */
+export declare function getRecentTurns(conv: Conversation, count?: number): ConversationTurn[];

package/dist/conversation/store.js

@@ -0,0 +1,184 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync } from "node:fs";
+import { resolve } from "node:path";
+import { homedir } from "node:os";
+const CONVERSATIONS_ROOT = resolve(homedir(), ".notoken", "conversations");
+// ─── Store ───────────────────────────────────────────────────────────────────
+function getConversationDir(folderPath) {
+    // Sanitize the folder path for filesystem use
+    const safePath = folderPath.replace(/[^a-zA-Z0-9_\-\/]/g, "_").replace(/^\/+/, "");
+    const dir = resolve(CONVERSATIONS_ROOT, safePath || "default");
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    return dir;
+}
+function getConversationFile(folderPath, conversationId) {
+    return resolve(getConversationDir(folderPath), `${conversationId}.json`);
+}
+/**
+ * Create a new conversation.
+ */
+export function createConversation(folderPath) {
+    const id = `conv_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+    const conv = {
+        id,
+        folderPath,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        turns: [],
+        knowledgeTree: [],
+    };
+    saveConversation(conv);
+    return conv;
+}
+/**
+ * Save a conversation to disk.
+ */
+export function saveConversation(conv) {
+    const file = getConversationFile(conv.folderPath, conv.id);
+    conv.updatedAt = new Date().toISOString();
+    writeFileSync(file, JSON.stringify(conv, null, 2));
+}
+/**
+ * Load a conversation by ID.
+ */
+export function loadConversation(folderPath, conversationId) {
+    const file = getConversationFile(folderPath, conversationId);
+    if (!existsSync(file))
+        return null;
+    return JSON.parse(readFileSync(file, "utf-8"));
+}
+/**
+ * Load the most recent conversation for a folder path, or create a new one.
+ */
+export function getOrCreateConversation(folderPath) {
+    const dir = getConversationDir(folderPath);
+    const files = readdirSync(dir)
+        .filter((f) => f.endsWith(".json"))
+        .sort()
+        .reverse();
+    if (files.length > 0) {
+        const latest = JSON.parse(readFileSync(resolve(dir, files[0]), "utf-8"));
+        // If last activity was within 1 hour, continue it
+        const age = Date.now() - new Date(latest.updatedAt).getTime();
+        if (age < 3600_000)
+            return latest;
+    }
+    return createConversation(folderPath);
+}
+/**
+ * List all conversations for a folder path.
+ */
+export function listConversations(folderPath) {
+    const dir = getConversationDir(folderPath);
+    if (!existsSync(dir))
+        return [];
+    return readdirSync(dir)
+        .filter((f) => f.endsWith(".json"))
+        .map((f) => {
+        const conv = JSON.parse(readFileSync(resolve(dir, f), "utf-8"));
+        return { id: conv.id, createdAt: conv.createdAt, turns: conv.turns.length };
+    })
+        .sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+}
+// ─── Turn Management ─────────────────────────────────────────────────────────
+/**
+ * Add a user turn to the conversation.
+ */
+export function addUserTurn(conv, rawText, intent, confidence, fields, entities, uncertainty) {
+    const turn = {
+        id: conv.turns.length + 1,
+        timestamp: new Date().toISOString(),
+        role: "user",
+        rawText,
+        intent,
+        confidence,
+        fields,
+        entities: entities ?? [],
+        uncertainty,
+    };
+    conv.turns.push(turn);
+    // Update knowledge tree
+    for (const entity of turn.entities) {
+        updateKnowledge(conv, entity, turn.id, fields);
+    }
+    saveConversation(conv);
+    return turn;
+}
+/**
+ * Add a system result turn.
+ */
+export function addSystemTurn(conv, rawText, result, error) {
+    const turn = {
+        id: conv.turns.length + 1,
+        timestamp: new Date().toISOString(),
+        role: "system",
+        rawText,
+        result,
+        error,
+        entities: [],
+    };
+    conv.turns.push(turn);
+    saveConversation(conv);
+    return turn;
+}
+// ─── Knowledge Tree ──────────────────────────────────────────────────────────
+function updateKnowledge(conv, entity, turnId, fields) {
+    const key = entity.resolved ?? entity.text;
+    let node = conv.knowledgeTree.find((n) => n.entity === key);
+    if (!node) {
+        node = {
+            entity: key,
+            type: entity.type,
+            firstMentioned: turnId,
+            lastMentioned: turnId,
+            frequency: 0,
+            coOccurrences: [],
+        };
+        conv.knowledgeTree.push(node);
+    }
+    node.lastMentioned = turnId;
+    node.frequency++;
+    // Determine role from fields
+    if (fields) {
+        for (const [role, value] of Object.entries(fields)) {
+            if (String(value) === key) {
+                node.lastRole = role;
+            }
+        }
+    }
+    // Track co-occurrences with other entities in same turn
+    const turnEntities = conv.turns
+        .find((t) => t.id === turnId)
+        ?.entities.map((e) => e.resolved ?? e.text)
+        .filter((e) => e !== key) ?? [];
+    for (const co of turnEntities) {
+        if (!node.coOccurrences.includes(co)) {
+            node.coOccurrences.push(co);
+        }
+    }
+}
+/**
+ * Get the most recently mentioned entity of a given type.
+ */
+export function getLastEntity(conv, type) {
+    return conv.knowledgeTree
+        .filter((n) => n.type === type)
+        .sort((a, b) => b.lastMentioned - a.lastMentioned)[0];
+}
+/**
+ * Get all entities, sorted by recency.
+ */
+export function getRecentEntities(conv, limit = 10) {
+    return [...conv.knowledgeTree]
+        .sort((a, b) => b.lastMentioned - a.lastMentioned)
+        .slice(0, limit);
+}
+/**
+ * Get the last N user turns.
+ */
+export function getRecentTurns(conv, count = 5) {
+    return conv.turns
+        .filter((t) => t.role === "user")
+        .slice(-count);
+}

package/dist/execution/git.d.ts

@@ -0,0 +1,11 @@
+export declare function gitStatus(path?: string): Promise<string>;
+export declare function gitLog(path?: string, count?: number): Promise<string>;
+export declare function gitDiff(path?: string, target?: string): Promise<string>;
+export declare function gitPull(path?: string, remote?: string, branch?: string): Promise<string>;
+export declare function gitPush(path?: string, remote?: string, branch?: string): Promise<string>;
+export declare function gitBranch(path?: string): Promise<string>;
+export declare function gitCheckout(branch: string, path?: string): Promise<string>;
+export declare function gitCommit(message: string, path?: string): Promise<string>;
+export declare function gitAdd(target?: string, path?: string): Promise<string>;
+export declare function gitStash(action?: string, path?: string): Promise<string>;
+export declare function gitReset(target?: string, path?: string): Promise<string>;

package/dist/execution/git.js

@@ -0,0 +1,146 @@
+import { simpleGit } from "simple-git";
+/**
+ * Git execution layer using simple-git.
+ *
+ * Provides programmatic git operations with richer output
+ * than raw shell commands. Used by the executor when an
+ * intent is a git.* intent.
+ */
+function getGit(path = ".") {
+    return simpleGit(path);
+}
+export async function gitStatus(path = ".") {
+    const git = getGit(path);
+    const status = await git.status();
+    const lines = [];
+    lines.push(`Branch: ${status.current ?? "detached"}`);
+    if (status.tracking) {
+        lines.push(`Tracking: ${status.tracking}`);
+        if (status.ahead > 0)
+            lines.push(`  Ahead: ${status.ahead} commit(s)`);
+        if (status.behind > 0)
+            lines.push(`  Behind: ${status.behind} commit(s)`);
+    }
+    if (status.staged.length > 0) {
+        lines.push(`\nStaged (${status.staged.length}):`);
+        for (const f of status.staged)
+            lines.push(`  + ${f}`);
+    }
+    if (status.modified.length > 0) {
+        lines.push(`\nModified (${status.modified.length}):`);
+        for (const f of status.modified)
+            lines.push(`  ~ ${f}`);
+    }
+    if (status.not_added.length > 0) {
+        lines.push(`\nUntracked (${status.not_added.length}):`);
+        for (const f of status.not_added)
+            lines.push(`  ? ${f}`);
+    }
+    if (status.deleted.length > 0) {
+        lines.push(`\nDeleted (${status.deleted.length}):`);
+        for (const f of status.deleted)
+            lines.push(`  - ${f}`);
+    }
+    if (status.conflicted.length > 0) {
+        lines.push(`\nConflicted (${status.conflicted.length}):`);
+        for (const f of status.conflicted)
+            lines.push(`  ! ${f}`);
+    }
+    if (status.staged.length === 0 &&
+        status.modified.length === 0 &&
+        status.not_added.length === 0 &&
+        status.deleted.length === 0) {
+        lines.push("\nWorking tree clean.");
+    }
+    return lines.join("\n");
+}
+export async function gitLog(path = ".", count = 10) {
+    const git = getGit(path);
+    const log = await git.log({ maxCount: count });
+    const lines = [];
+    for (const entry of log.all) {
+        const date = entry.date.split("T")[0] ?? entry.date;
+        const hash = entry.hash.slice(0, 7);
+        lines.push(`${hash} ${date} ${entry.message} (${entry.author_name})`);
+    }
+    return lines.join("\n") || "No commits found.";
+}
+export async function gitDiff(path = ".", target) {
+    const git = getGit(path);
+    const args = target ? [target] : [];
+    const diff = await git.diff(args);
+    return diff || "No differences.";
+}
+export async function gitPull(path = ".", remote = "origin", branch) {
+    const git = getGit(path);
+    const result = await git.pull(remote, branch);
+    const lines = [];
+    if (result.summary.changes)
+        lines.push(`Changes: ${result.summary.changes}`);
+    if (result.summary.insertions)
+        lines.push(`Insertions: ${result.summary.insertions}`);
+    if (result.summary.deletions)
+        lines.push(`Deletions: ${result.summary.deletions}`);
+    if (result.files.length > 0) {
+        lines.push(`\nFiles updated (${result.files.length}):`);
+        for (const f of result.files)
+            lines.push(`  ${f}`);
+    }
+    return lines.join("\n") || "Already up to date.";
+}
+export async function gitPush(path = ".", remote = "origin", branch) {
+    const git = getGit(path);
+    const result = await git.push(remote, branch);
+    const lines = [];
+    if (result.pushed.length > 0) {
+        for (const p of result.pushed) {
+            lines.push(`Pushed: ${p.local} → ${p.remote}`);
+        }
+    }
+    return lines.join("\n") || "Push complete.";
+}
+export async function gitBranch(path = ".") {
+    const git = getGit(path);
+    const branches = await git.branch();
+    const lines = [];
+    lines.push(`Current: ${branches.current}`);
+    lines.push(`\nAll branches:`);
+    for (const name of branches.all) {
+        const prefix = name === branches.current ? "* " : "  ";
+        lines.push(`${prefix}${name}`);
+    }
+    return lines.join("\n");
+}
+export async function gitCheckout(branch, path = ".") {
+    const git = getGit(path);
+    await git.checkout(branch);
+    return `Switched to branch: ${branch}`;
+}
+export async function gitCommit(message, path = ".") {
+    const git = getGit(path);
+    const result = await git.commit(message);
+    return `Committed: ${result.commit} — ${message}\n${result.summary.changes} file(s) changed, ${result.summary.insertions} insertions, ${result.summary.deletions} deletions`;
+}
+export async function gitAdd(target = ".", path = ".") {
+    const git = getGit(path);
+    await git.add(target);
+    return `Staged: ${target}`;
+}
+export async function gitStash(action = "push", path = ".") {
+    const git = getGit(path);
+    if (action === "pop" || action === "restore") {
+        const result = await git.stash(["pop"]);
+        return result || "Stash popped.";
+    }
+    if (action === "list") {
+        const result = await git.stash(["list"]);
+        return result || "No stashes.";
+    }
+    const result = await git.stash(["push"]);
+    return result || "Changes stashed.";
+}
+export async function gitReset(target = "HEAD", path = ".") {
+    const git = getGit(path);
+    await git.reset([target]);
+    return `Reset to: ${target}`;
+}

package/dist/execution/ssh.d.ts

@@ -0,0 +1,2 @@
+export declare function runRemoteCommand(environment: string, command: string): Promise<string>;
+export declare function runLocalCommand(command: string): Promise<string>;

package/dist/execution/ssh.js

@@ -0,0 +1,17 @@
+import { exec } from "node:child_process";
+import { promisify } from "node:util";
+import { loadHosts } from "../utils/config.js";
+const execAsync = promisify(exec);
+export async function runRemoteCommand(environment, command) {
+    const hosts = loadHosts();
+    const entry = hosts[environment];
+    if (!entry) {
+        throw new Error(`No host configured for environment: ${environment}`);
+    }
+    const { stdout, stderr } = await execAsync(`ssh ${entry.host} ${JSON.stringify(command)}`, { timeout: 30_000 });
+    return stderr ? `${stdout}\n${stderr}` : stdout;
+}
+export async function runLocalCommand(command) {
+    const { stdout, stderr } = await execAsync(command, { timeout: 30_000 });
+    return stderr ? `${stdout}\n${stderr}` : stdout;
+}

package/dist/handlers/executor.d.ts

@@ -0,0 +1,8 @@
+import type { DynamicIntent } from "../types/intent.js";
+/**
+ * Generic command executor.
+ *
+ * For git.* intents, uses simple-git for richer programmatic output.
+ * For everything else, interpolates command templates and runs via shell.
+ */
+export declare function executeIntent(intent: DynamicIntent): Promise<string>;