openreport 0.1.0

package/src/storage/report-store.ts

@@ -0,0 +1,128 @@
+import * as fs from "fs";
+import * as path from "path";
+import type { FullReport, ReportMetadata } from "../types/index.js";
+import { saveMetadata, listMetadata, deleteMetadata } from "./metadata.js";
+import { renderReportToHtml } from "../report/html-renderer.js";
+import { debugLog } from "../utils/debug.js";
+
+const SAFE_ID_REGEX = /^[a-zA-Z0-9_-]+$/;
+
+function validateReportId(id: string): void {
+  if (!SAFE_ID_REGEX.test(id)) {
+    throw new Error(`Invalid report ID: ${id}`);
+  }
+}
+
+function getReportsDir(projectRoot: string): string {
+  return path.join(projectRoot, ".openreport", "reports");
+}
+
+export async function saveReport(projectRoot: string, report: FullReport): Promise<string> {
+  const reportsDir = getReportsDir(projectRoot);
+  validateReportId(report.metadata.id);
+  await fs.promises.mkdir(reportsDir, { recursive: true });
+
+  const reportPath = path.join(reportsDir, `${report.metadata.id}.md`);
+  const htmlPath = path.join(reportsDir, `${report.metadata.id}.html`);
+  const htmlContent = renderReportToHtml(report);
+
+  const writes: Promise<void>[] = [
+    fs.promises.writeFile(reportPath, report.markdownContent, "utf-8"),
+    fs.promises.writeFile(htmlPath, htmlContent, "utf-8"),
+    saveMetadata(reportsDir, report.metadata),
+  ];
+
+  // Save standalone todo file if a todo-generator sub-report exists
+  const todoSubReport = report.subReports.find((sr) => sr.agentId === "todo-generator");
+  if (todoSubReport) {
+    const todoPath = path.join(reportsDir, `${report.metadata.id}.todo.md`);
+    const todoContent = buildStandaloneTodo(report.metadata.projectName, todoSubReport);
+    writes.push(fs.promises.writeFile(todoPath, todoContent, "utf-8"));
+  }
+
+  await Promise.all(writes);
+
+  return reportPath;
+}
+
+function buildStandaloneTodo(projectName: string, sub: { title: string; summary: string; sections: Array<{ heading: string; content: string }> }): string {
+  const parts: string[] = [];
+  parts.push(`# ${sub.title}\n\n`);
+  parts.push(`> ${projectName} — Generated by OpenReport on ${new Date().toISOString().split("T")[0]}\n\n`);
+  parts.push(`${sub.summary}\n\n---\n\n`);
+  for (const section of sub.sections) {
+    parts.push(`## ${section.heading}\n\n`);
+    parts.push(section.content);
+    parts.push("\n\n");
+  }
+  return parts.join("");
+}
+
+export async function loadReport(projectRoot: string, id: string): Promise<string | null> {
+  validateReportId(id);
+  const reportsDir = getReportsDir(projectRoot);
+  const reportPath = path.join(reportsDir, `${id}.md`);
+
+  try {
+    return await fs.promises.readFile(reportPath, "utf-8");
+  } catch (e) {
+    debugLog("store:loadReport", e);
+    return null;
+  }
+}
+
+export async function listReports(projectRoot: string, limit?: number): Promise<ReportMetadata[]> {
+  const reportsDir = getReportsDir(projectRoot);
+  return listMetadata(reportsDir, limit);
+}
+
+export async function deleteReport(projectRoot: string, id: string): Promise<boolean> {
+  validateReportId(id);
+  const reportsDir = getReportsDir(projectRoot);
+
+  let deleted = false;
+
+  // Delete markdown file
+  const reportPath = path.join(reportsDir, `${id}.md`);
+  try {
+    await fs.promises.unlink(reportPath);
+    deleted = true;
+  } catch (e) {
+    debugLog("store:deleteFile", e);
+  }
+
+  // Delete HTML file
+  const htmlPath = path.join(reportsDir, `${id}.html`);
+  try {
+    await fs.promises.unlink(htmlPath);
+  } catch (e) {
+    debugLog("store:deleteFile", e);
+  }
+
+  // Delete todo file (if exists)
+  const todoPath = path.join(reportsDir, `${id}.todo.md`);
+  try {
+    await fs.promises.unlink(todoPath);
+  } catch (e) {
+    debugLog("store:deleteFile", e);
+  }
+
+  // Delete metadata
+  if (await deleteMetadata(reportsDir, id)) {
+    deleted = true;
+  }
+
+  return deleted;
+}
+
+export async function getReportFilePath(projectRoot: string, id: string, ext: string): Promise<string | null> {
+  validateReportId(id);
+  const reportsDir = getReportsDir(projectRoot);
+  const filePath = path.join(reportsDir, `${id}${ext}`);
+  try {
+    await fs.promises.access(filePath);
+    return filePath;
+  } catch {
+    return null;
+  }
+}

package/src/tools/get-file-tree.ts

@@ -0,0 +1,157 @@
+import { tool } from "ai";
+import { z } from "zod";
+import * as fs from "fs";
+import * as path from "path";
+import { debugLog } from "../utils/debug.js";
+import { resolveAndValidatePath } from "../utils/file-utils.js";
+
+const IGNORE_DIRS = new Set([
+  "node_modules",
+  ".git",
+  "dist",
+  "build",
+  ".next",
+  ".nuxt",
+  "coverage",
+  ".cache",
+  "__pycache__",
+  ".turbo",
+  ".vercel",
+  ".output",
+]);
+
+const BINARY_EXTENSIONS = new Set([
+  ".png", ".jpg", ".jpeg", ".gif", ".ico", ".svg",
+  ".woff", ".woff2", ".ttf", ".eot",
+  ".zip", ".tar", ".gz",
+  ".exe", ".dll", ".so", ".dylib",
+  ".mp3", ".mp4", ".wav", ".avi",
+  ".pdf", ".doc", ".docx",
+]);
+
+interface TreeNode {
+  name: string;
+  path: string;
+  type: "file" | "directory";
+  children?: TreeNode[];
+  size?: number;
+}
+
+async function buildTree(
+  dir: string,
+  projectRoot: string,
+  maxDepth: number,
+  currentDepth: number = 0
+): Promise<TreeNode[]> {
+  if (currentDepth >= maxDepth) return [];
+
+  try {
+    const entries = await fs.promises.readdir(dir, { withFileTypes: true });
+    const nodes: TreeNode[] = [];
+
+    for (const entry of entries) {
+      if (entry.name.startsWith(".") && entry.name !== ".env.example") continue;
+      if (IGNORE_DIRS.has(entry.name)) continue;
+
+      const fullPath = path.join(dir, entry.name);
+      const relativePath = path.relative(projectRoot, fullPath);
+
+      if (entry.isDirectory()) {
+        const children = await buildTree(
+          fullPath,
+          projectRoot,
+          maxDepth,
+          currentDepth + 1
+        );
+        nodes.push({
+          name: entry.name,
+          path: relativePath.replace(/\\/g, "/"),
+          type: "directory",
+          children,
+        });
+      } else {
+        const ext = path.extname(entry.name).toLowerCase();
+        if (BINARY_EXTENSIONS.has(ext)) continue;
+
+        let size: number | undefined;
+        try {
+          size = (await fs.promises.stat(fullPath)).size;
+        } catch (e) {
+          debugLog("getFileTree:stat", e);
+        }
+
+        nodes.push({
+          name: entry.name,
+          path: relativePath.replace(/\\/g, "/"),
+          type: "file",
+          size,
+        });
+      }
+    }
+
+    return nodes.sort((a, b) => {
+      if (a.type !== b.type) return a.type === "directory" ? -1 : 1;
+      return a.name.localeCompare(b.name);
+    });
+  } catch {
+    return [];
+  }
+}
+
+function treeToString(nodes: TreeNode[], prefix = ""): string {
+  let result = "";
+  for (let i = 0; i < nodes.length; i++) {
+    const node = nodes[i];
+    const isLast = i === nodes.length - 1;
+    const connector = isLast ? "└── " : "├── ";
+    const sizeStr =
+      node.size && node.size > 50000
+        ? ` (${(node.size / 1024).toFixed(1)}KB)`
+        : "";
+
+    result += `${prefix}${connector}${node.name}${sizeStr}\n`;
+
+    if (node.children && node.children.length > 0) {
+      const childPrefix = prefix + (isLast ? "    " : "│   ");
+      result += treeToString(node.children, childPrefix);
+    }
+  }
+  return result;
+}
+
+export function createGetFileTreeTool(projectRoot: string) {
+  return tool({
+    description:
+      "Get the complete file tree of the project. Excludes node_modules, .git, dist, and binary files. Shows file sizes for large files.",
+    parameters: z.object({
+      maxDepth: z
+        .number()
+        .optional()
+        .describe("Maximum directory depth (default: 6)"),
+      path: z
+        .string()
+        .optional()
+        .describe("Subdirectory to start from (default: project root)"),
+    }),
+    execute: async ({ maxDepth = 6, path: subPath }) => {
+      let startDir: string;
+      if (subPath) {
+        const validated = resolveAndValidatePath(projectRoot, subPath);
+        if (!validated) {
+          return { error: "Path is outside project root" };
+        }
+        startDir = validated;
+      } else {
+        startDir = projectRoot;
+      }
+
+      const tree = await buildTree(startDir, projectRoot, maxDepth);
+      const treeString = treeToString(tree);
+
+      return {
+        tree: treeString,
+        rootPath: subPath || ".",
+      };
+    },
+  });
+}

package/src/tools/get-git-info.ts

@@ -0,0 +1,123 @@
+import { tool } from "ai";
+import { z } from "zod";
+import { execFileSync } from "child_process";
+
+function runGit(args: string[], cwd: string): string {
+  try {
+    return execFileSync("git", args, {
+      cwd,
+      encoding: "utf-8",
+      timeout: 10_000,
+      stdio: ["pipe", "pipe", "pipe"],
+    }).trim();
+  } catch {
+    return "";
+  }
+}
+
+export function createGetGitInfoTool(projectRoot: string) {
+  return tool({
+    description:
+      "Get git information about the project: recent commits, branches, most-changed files, and contributors.",
+    parameters: z.object({
+      type: z
+        .enum(["summary", "recent-commits", "file-frequency", "contributors"])
+        .describe("Type of git information to retrieve"),
+      limit: z
+        .number()
+        .optional()
+        .describe("Number of results to return (default: 20)"),
+    }),
+    execute: async ({ type, limit = 20 }) => {
+      // Check if it's a git repo
+      const isGit = runGit(["rev-parse", "--is-inside-work-tree"], projectRoot);
+      if (isGit !== "true") {
+        return { error: "Not a git repository" };
+      }
+
+      switch (type) {
+        case "summary": {
+          const branch = runGit(["branch", "--show-current"], projectRoot);
+          const commitCount = runGit(
+            ["rev-list", "--count", "HEAD"],
+            projectRoot
+          );
+          const lastCommit = runGit(
+            ["log", "-1", "--format=%H %s (%ar)"],
+            projectRoot
+          );
+          const remoteUrl = runGit(
+            ["config", "--get", "remote.origin.url"],
+            projectRoot
+          );
+          const branches = runGit(["branch", "-a", "--list"], projectRoot)
+            .split("\n")
+            .filter(Boolean).length;
+
+          return {
+            currentBranch: branch,
+            totalCommits: parseInt(commitCount) || 0,
+            lastCommit,
+            remoteUrl,
+            branchCount: branches,
+          };
+        }
+
+        case "recent-commits": {
+          const log = runGit(
+            ["log", `-${limit}`, "--format=%h|%s|%an|%ar"],
+            projectRoot
+          );
+          const commits = log
+            .split("\n")
+            .filter(Boolean)
+            .map((line) => {
+              const [hash, subject, author, date] = line.split("|");
+              return { hash, subject, author, date };
+            });
+          return { commits };
+        }
+
+        case "file-frequency": {
+          const raw = runGit(
+            ["log", "--pretty=format:", "--name-only", `-${Math.min(limit * 5, 500)}`],
+            projectRoot
+          );
+          // Count occurrences of each file path in JS instead of shell pipes
+          const counts = new Map<string, number>();
+          for (const line of raw.split("\n")) {
+            const name = line.trim();
+            if (name) {
+              counts.set(name, (counts.get(name) || 0) + 1);
+            }
+          }
+          const files = [...counts.entries()]
+            .sort((a, b) => b[1] - a[1])
+            .slice(0, limit)
+            .map(([file, changes]) => ({ file, changes }));
+          return { mostChangedFiles: files };
+        }
+
+        case "contributors": {
+          const result = runGit(
+            ["shortlog", "-sn", "--no-merges", "HEAD"],
+            projectRoot
+          );
+          const contributors = result
+            .split("\n")
+            .filter(Boolean)
+            .slice(0, limit)
+            .map((line) => {
+              const trimmed = line.trim();
+              const tabIdx = trimmed.indexOf("\t");
+              return {
+                name: trimmed.slice(tabIdx + 1),
+                commits: parseInt(trimmed.slice(0, tabIdx)) || 0,
+              };
+            });
+          return { contributors };
+        }
+      }
+    },
+  });
+}

package/src/tools/glob.ts

@@ -0,0 +1,48 @@
+import { tool } from "ai";
+import { z } from "zod";
+import { filterIgnoredFiles } from "./shared-ignore.js";
+
+export function createGlobTool(projectRoot: string) {
+  return tool({
+    description:
+      "Find files matching a glob pattern within the project. Returns up to 200 matching file paths.",
+    parameters: z.object({
+      pattern: z
+        .string()
+        .describe(
+          'Glob pattern (e.g., "**/*.ts", "src/**/*.tsx", "*.json")'
+        ),
+      ignore: z
+        .array(z.string())
+        .optional()
+        .describe("Additional patterns to ignore"),
+    }),
+    execute: async ({ pattern, ignore: extraIgnore = [] }) => {
+      try {
+        // Block path traversal attempts
+        if (pattern.includes("..")) {
+          return { error: "Glob pattern must not contain '..' (path traversal)." };
+        }
+
+        const glob = new Bun.Glob(pattern);
+        const allFiles: string[] = [];
+        for await (const f of glob.scan({ cwd: projectRoot, dot: false })) {
+          allFiles.push(f);
+        }
+
+        const files = await filterIgnoredFiles(allFiles, projectRoot, extraIgnore);
+
+        const limited = files.slice(0, 200);
+
+        return {
+          files: limited,
+          totalMatches: files.length,
+          truncated: files.length > 200,
+        };
+      } catch (err: unknown) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return { error: `Glob failed: ${msg}` };
+      }
+    },
+  });
+}

package/src/tools/grep.ts

@@ -0,0 +1,149 @@
+import { tool } from "ai";
+import { z } from "zod";
+import * as fs from "fs";
+import * as path from "path";
+import { debugLog } from "../utils/debug.js";
+import { filterIgnoredFiles } from "./shared-ignore.js";
+
+/** Maximum allowed regex pattern length to reject overly complex patterns. */
+const MAX_PATTERN_LENGTH = 200;
+
+/** Maximum total matches to process across all files. */
+const MAX_TOTAL_MATCHES = 1000;
+
+/**
+ * Check if a regex pattern is safe from ReDoS attacks.
+ * Rejects patterns with:
+ * - Nested quantifiers like (a+)+, (a*)*, (?:a+)+, etc.
+ * - Alternation overlap like (a|a)+
+ * - Excessive length (> MAX_PATTERN_LENGTH chars)
+ */
+function isReDoSSafe(pattern: string): boolean {
+  // Reject overly complex patterns by length
+  if (pattern.length > MAX_PATTERN_LENGTH) {
+    return false;
+  }
+
+  // Detect nested quantifiers in capturing and non-capturing groups:
+  // Matches patterns like (x+)+, (?:x+)+, (x*)+, (?:x+)*, (x{2,})*, etc.
+  const nestedQuantifier = /(?:\(\??:?)[^()]*[+*][^()]*\)[+*{]/;
+  if (nestedQuantifier.test(pattern)) {
+    return false;
+  }
+
+  // Detect alternation overlap: (a|a)+, (?:a|a)+ where alternatives are identical
+  const altOverlap = /(?:\(\??:?)([^()|]+)\|\1\)[+*{]/;
+  if (altOverlap.test(pattern)) {
+    return false;
+  }
+
+  return true;
+}
+
+export function createGrepTool(projectRoot: string) {
+  return tool({
+    description:
+      "Search for a regex pattern in project files. Returns matching lines with file paths and line numbers.",
+    parameters: z.object({
+      pattern: z.string().describe("Regex pattern to search for"),
+      filePattern: z
+        .string()
+        .optional()
+        .describe('Glob pattern to filter files (e.g., "**/*.ts")'),
+      maxResults: z
+        .number()
+        .optional()
+        .describe("Maximum number of results (default: 50)"),
+    }),
+    execute: async ({ pattern, filePattern = "**/*", maxResults = 50 }) => {
+      try {
+        const glob = new Bun.Glob(filePattern);
+        const allFiles: string[] = [];
+        for await (const f of glob.scan({ cwd: projectRoot, dot: false })) {
+          allFiles.push(f);
+        }
+
+        const files = await filterIgnoredFiles(allFiles, projectRoot);
+
+        if (!isReDoSSafe(pattern)) {
+          return { error: "Regex pattern rejected: nested quantifiers detected (potential ReDoS). Simplify the pattern." };
+        }
+
+        let regex: RegExp;
+        try {
+          regex = new RegExp(pattern, "gi");
+        } catch (regexErr: unknown) {
+          const msg = regexErr instanceof Error ? regexErr.message : String(regexErr);
+          return { error: `Invalid regex pattern: ${msg}` };
+        }
+        const results: Array<{
+          file: string;
+          line: number;
+          content: string;
+        }> = [];
+
+        // Cap maxResults to the global safety limit
+        const effectiveMax = Math.min(maxResults, MAX_TOTAL_MATCHES);
+
+        // Process files in parallel batches
+        const BATCH_SIZE = 20;
+        for (let i = 0; i < files.length; i += BATCH_SIZE) {
+          if (results.length >= effectiveMax) break;
+
+          const batch = files.slice(i, i + BATCH_SIZE);
+          const batchResults = await Promise.all(
+            batch.map(async (file) => {
+              const matches: Array<{ file: string; line: number; content: string }> = [];
+              try {
+                const fullPath = path.join(projectRoot, file);
+                const stat = await fs.promises.stat(fullPath);
+                if (stat.size > 100_000) return matches;
+
+                const content = await fs.promises.readFile(fullPath, "utf-8");
+                const lines = content.split("\n");
+                // Create new regex per file to avoid shared lastIndex issues
+                const fileRegex = new RegExp(pattern, "gi");
+
+                for (let j = 0; j < lines.length; j++) {
+                  try {
+                    if (fileRegex.test(lines[j])) {
+                      matches.push({
+                        file,
+                        line: j + 1,
+                        content: lines[j].trim().slice(0, 200),
+                      });
+                    }
+                  } catch {
+                    // Regex execution error — skip this line
+                    break;
+                  }
+                  fileRegex.lastIndex = 0;
+                }
+              } catch (e) {
+                debugLog("grep:readFile", e);
+              }
+              return matches;
+            })
+          );
+
+          for (const fileMatches of batchResults) {
+            for (const match of fileMatches) {
+              if (results.length >= effectiveMax) break;
+              results.push(match);
+            }
+            if (results.length >= effectiveMax) break;
+          }
+        }
+
+        return {
+          matches: results,
+          totalMatches: results.length,
+          truncated: results.length >= effectiveMax,
+        };
+      } catch (err: unknown) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return { error: `Grep failed: ${msg}` };
+      }
+    },
+  });
+}

package/src/tools/index.ts

@@ -0,0 +1,30 @@
+import { createReadFileTool } from "./read-file.js";
+import { createGlobTool } from "./glob.js";
+import { createGrepTool } from "./grep.js";
+import { createListDirectoryTool } from "./list-directory.js";
+import { createReadPackageJsonTool } from "./read-package-json.js";
+import { createGetFileTreeTool } from "./get-file-tree.js";
+import { createGetGitInfoTool } from "./get-git-info.js";
+import { createRunCommandTool } from "./run-command.js";
+
+export function createBaseTools(projectRoot: string) {
+  return {
+    readFile: createReadFileTool(projectRoot),
+    glob: createGlobTool(projectRoot),
+    grep: createGrepTool(projectRoot),
+    listDirectory: createListDirectoryTool(projectRoot),
+    getFileTree: createGetFileTreeTool(projectRoot),
+    readPackageJson: createReadPackageJsonTool(projectRoot),
+  };
+}
+
+export function createExtendedTools(projectRoot: string) {
+  return {
+    ...createBaseTools(projectRoot),
+    getGitInfo: createGetGitInfoTool(projectRoot),
+    runCommand: createRunCommandTool(projectRoot),
+  };
+}
+
+export type BaseTools = ReturnType<typeof createBaseTools>;
+export type ExtendedTools = ReturnType<typeof createExtendedTools>;

package/src/tools/list-directory.ts

@@ -0,0 +1,57 @@
+import { tool } from "ai";
+import { z } from "zod";
+import * as fs from "fs";
+import * as path from "path";
+import { resolveAndValidatePath } from "../utils/file-utils.js";
+import { debugLog } from "../utils/debug.js";
+
+export function createListDirectoryTool(projectRoot: string) {
+  return tool({
+    description:
+      "List the contents of a directory relative to the project root. Shows files and subdirectories with basic metadata.",
+    parameters: z.object({
+      path: z
+        .string()
+        .default(".")
+        .describe("Relative directory path (default: project root)"),
+    }),
+    execute: async ({ path: dirPath }) => {
+      const resolved = resolveAndValidatePath(projectRoot, dirPath);
+      if (!resolved) {
+        return { error: "Path is outside project root" };
+      }
+
+      try {
+        const entries = await fs.promises.readdir(resolved, { withFileTypes: true });
+        const items: Array<{ name: string; type: "directory" | "file"; size?: number }> = [];
+        for (const entry of entries) {
+          if (entry.name.startsWith(".") && entry.name !== ".env.example") continue;
+          const fullPath = path.join(resolved, entry.name);
+          const isDir = entry.isDirectory();
+          let size: number | undefined;
+          if (!isDir) {
+            try {
+              size = (await fs.promises.stat(fullPath)).size;
+            } catch (e) {
+              debugLog("listDir:stat", e);
+            }
+          }
+          items.push({
+            name: entry.name,
+            type: isDir ? "directory" : "file",
+            size,
+          });
+        }
+        items.sort((a, b) => {
+          if (a.type !== b.type) return a.type === "directory" ? -1 : 1;
+          return a.name.localeCompare(b.name);
+        });
+
+        return { path: dirPath, entries: items };
+      } catch (err: unknown) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return { error: `Failed to list directory: ${msg}` };
+      }
+    },
+  });
+}