pi-crew 0.2.25 → 0.3.0

package/src/runtime/tool-progress.ts

@@ -0,0 +1,281 @@
+/**
+ * Tool Progress Event System
+ * 
+ * Provides real-time visibility into tool execution within child Pi workers.
+ * 
+ * Event flow:
+ * 1. Child Pi emits JSON events on stdout (tool_execution_start, tool_execution_end, etc.)
+ * 2. child-pi.ts parses these events and passes them to onJsonEvent callback
+ * 3. task-runner.ts calls applyAgentProgressEvent() to update task state
+ * 4. This module provides structured types and utilities for the event system
+ */
+
+import type { CrewAgentProgress } from "../state/types.ts";
+
+// ── Event Types ─────────────────────────────────────────────────────────
+
+export interface ToolExecutionStartEvent {
+	type: "tool_execution_start";
+	toolName: string;
+	toolCallId: string;
+	args?: Record<string, unknown>;
+	timestamp: number;
+}
+
+export interface ToolExecutionEndEvent {
+	type: "tool_execution_end";
+	toolName: string;
+	toolCallId: string;
+	result?: unknown;
+	timestamp: number;
+}
+
+export interface ToolExecutionUpdateEvent {
+	type: "tool_execution_update";
+	toolName: string;
+	toolCallId: string;
+	partialResult?: unknown;
+	timestamp: number;
+}
+
+export interface ToolExecutionErrorEvent {
+	type: "tool_execution_error" | "tool_execution_failed";
+	toolName: string;
+	toolCallId: string;
+	error?: string;
+	timestamp: number;
+}
+
+export interface MessageEndEvent {
+	type: "message_end";
+	message: {
+		role: "assistant" | "user" | "system";
+		content?: unknown[];
+		usage?: UsageStats;
+		model?: string;
+		stopReason?: string;
+	};
+	timestamp: number;
+}
+
+export interface UsageStats {
+	input: number;
+	output: number;
+	cacheRead?: number;
+	cacheWrite?: number;
+	cost?: { total: number };
+	turns?: number;
+	totalTokens?: number;
+}
+
+// Union type of all tool progress events
+export type ToolProgressEvent =
+	| ToolExecutionStartEvent
+	| ToolExecutionEndEvent
+	| ToolExecutionUpdateEvent
+	| ToolExecutionErrorEvent
+	| MessageEndEvent;
+
+// ── Event Utilities ───────────────────────────────────────────────────────
+
+/**
+ * Extract tool name from any event type
+ */
+export function getToolName(event: ToolProgressEvent): string | undefined {
+	if ("toolName" in event) return event.toolName;
+	return undefined;
+}
+
+/**
+ * Check if event indicates tool is running
+ */
+export function isToolRunning(event: ToolProgressEvent): boolean {
+	return event.type === "tool_execution_start";
+}
+
+/**
+ * Check if event indicates tool completed
+ */
+export function isToolComplete(event: ToolProgressEvent): boolean {
+	return event.type === "tool_execution_end";
+}
+
+/**
+ * Check if event indicates tool failed
+ */
+export function isToolError(event: ToolProgressEvent): boolean {
+	return event.type === "tool_execution_error" || event.type === "tool_execution_failed";
+}
+
+/**
+ * Get usage stats from message_end event
+ */
+export function getUsage(event: ToolProgressEvent): UsageStats | undefined {
+	if (event.type === "message_end" && event.message?.usage) {
+		return event.message.usage as UsageStats;
+	}
+	return undefined;
+}
+
+// ── Progress Display ──────────────────────────────────────────────────────
+
+export interface ToolProgressDisplay {
+	/** Current/last tool being executed */
+	currentTool?: string;
+	/** Preview of tool arguments (truncated) */
+	currentToolArgs?: string;
+	/** When tool started */
+	currentToolStartedAt?: string;
+	/** All recent tools with their args */
+	recentTools: Array<{
+		tool: string;
+		args?: string;
+		startedAt?: string;
+		endedAt?: string;
+		status: "running" | "done" | "error";
+	}>;
+	/** Token usage snapshot */
+	tokens?: number;
+	/** Context window usage percentage */
+	contextPercent?: number;
+	/** Total tool count */
+	toolCount: number;
+	/** Last activity timestamp */
+	lastActivityAt?: string;
+	/** Activity state */
+	activityState: "active" | "idle" | "done";
+}
+
+/**
+ * Format tool progress for display
+ */
+export function formatToolProgress(progress: CrewAgentProgress, maxContextTokens = 128000): ToolProgressDisplay {
+	const recentTools = progress.recentTools.map((t) => ({
+		tool: t.tool,
+		args: t.args,
+		startedAt: t.startedAt,
+		endedAt: t.endedAt,
+		status: t.endedAt ? "done" : "running" as const,
+	}));
+
+	// If there's a currentTool but no endedAt, it's still running
+	const currentRunning = progress.recentTools.find(
+		(t) => !t.endedAt && t.tool === progress.currentTool,
+	);
+	if (currentRunning && progress.currentTool) {
+		recentTools.push({
+			tool: progress.currentTool,
+			args: progress.currentToolArgs,
+			startedAt: progress.currentToolStartedAt,
+			status: "running",
+		});
+	}
+
+	const tokens = progress.tokens ?? 0;
+	const contextPercent = maxContextTokens > 0 ? Math.round((tokens / maxContextTokens) * 100) : 0;
+
+	return {
+		currentTool: progress.currentTool,
+		currentToolArgs: progress.currentToolArgs,
+		currentToolStartedAt: progress.currentToolStartedAt,
+		recentTools,
+		tokens,
+		contextPercent,
+		toolCount: progress.toolCount,
+		lastActivityAt: progress.lastActivityAt,
+		activityState: progress.activityState as "active" | "idle" | "done",
+	};
+}
+
+/**
+ * Format a single line summary of current tool
+ */
+export function formatCurrentToolLine(progress: CrewAgentProgress): string {
+	if (!progress.currentTool) return "";
+	
+	const args = progress.currentToolArgs 
+		? ` ${progress.currentToolArgs.slice(0, 50)}${progress.currentToolArgs.length > 50 ? "..." : ""}`
+		: "";
+	
+	const toolCount = progress.toolCount > 0 ? ` (${progress.toolCount})` : "";
+	
+	return `${progress.currentTool}${args}${toolCount}`;
+}
+
+/**
+ * Format token usage for display
+ */
+export function formatTokenUsage(progress: CrewAgentProgress, maxTokens = 128000): string {
+	const tokens = progress.tokens ?? 0;
+	const percent = maxTokens > 0 ? Math.round((tokens / maxTokens) * 100) : 0;
+	return `${tokens.toLocaleString()} / ${maxTokens.toLocaleString()} (${percent}%)`;
+}
+
+// ── Progress Bar Rendering ────────────────────────────────────────────────
+
+export interface ProgressBarOptions {
+	width?: number;
+	showPercent?: boolean;
+	showCount?: boolean;
+}
+
+/**
+ * Render a progress bar for tool execution
+ */
+export function renderProgressBar(
+	progress: CrewAgentProgress,
+	options: ProgressBarOptions = {},
+): string {
+	const width = options.width ?? 20;
+	const showPercent = options.showPercent ?? true;
+	const showCount = options.showCount ?? true;
+
+	// Calculate based on recent tools (max 10)
+	const recentCount = Math.min(progress.recentTools.length, 10);
+	const filled = Math.round((recentCount / 10) * width);
+	const empty = width - filled;
+
+	const bar = "█".repeat(filled) + "░".repeat(empty);
+	const percent = showPercent ? ` ${progress.toolCount} tools` : "";
+	const tokens = progress.tokens 
+		? ` | ${(progress.tokens / 1000).toFixed(1)}k tokens` 
+		: "";
+
+	return `[${bar}]${percent}${tokens}`;
+}
+
+// ── Event Filtering ──────────────────────────────────────────────────────
+
+/**
+ * Filter events to only tool execution events
+ */
+export function filterToolEvents(events: ToolProgressEvent[]): ToolProgressEvent[] {
+	return events.filter(
+		(e) =>
+			e.type === "tool_execution_start" ||
+			e.type === "tool_execution_end" ||
+			e.type === "tool_execution_update" ||
+			e.type === "tool_execution_error" ||
+			e.type === "tool_execution_failed",
+	);
+}
+
+/**
+ * Get events for a specific tool
+ */
+export function getEventsForTool(
+	events: ToolProgressEvent[],
+	toolName: string,
+): ToolProgressEvent[] {
+	return events.filter((e) => {
+		if ("toolName" in e) return e.toolName === toolName;
+		return false;
+	});
+}
+
+/**
+ * Check if any event indicates an error
+ */
+export function hasError(events: ToolProgressEvent[]): boolean {
+	return events.some(isToolError);
+}

package/src/tools/safe-bash-extension.ts

@@ -0,0 +1,95 @@
+/**
+ * Safe Bash Extension for pi-crew
+ * Wraps the built-in bash tool with dangerous command blocking
+ * 
+ * Usage:
+ * 1. Enable in config: { "tools": { "bash": { "safeMode": true } } }
+ * 2. Or use via agent config: { "extensions": ["path/to/safe-bash-extension.ts"] }
+ * 3. Or set env var: PI_CREW_SAFE_BASH=true
+ */
+
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import { createBashTool } from "@mariozechner/pi-coding-agent";
+import { Type } from "@sinclair/typebox";
+import * as path from "node:path";
+
+// Dangerous command patterns to block
+const DANGEROUS_PATTERNS = [
+	// rm -rf on root or home
+	/\brm\s+(-[a-zA-Z]*f[a-zA-Z]*\s+)?(-[a-zA-Z]*r[a-zA-Z]*\s+)?(\/|~\/?\s|~\/?\b)/,
+	/\brm\s+(-[a-zA-Z]*r[a-zA-Z]*\s+)?(-[a-zA-Z]*f[a-zA-Z]*\s+)?(\/|~\/?\s|~\/?\b)/,
+	// Privilege escalation
+	/\bsudo\b/,
+	/\bsu\s+root\b/,
+	// Filesystem destruction
+	/\bmkfs\b/,
+	/\bdd\s+if=/,
+	// Fork bomb
+	/:\(\)\s*\{\s*:\|:&\s*\}\s*;:/,
+	// Device writing
+	/>\s*\/dev\/[sh]d[a-z]/,
+	/\bchmod\s+(-[a-zA-Z]+\s+)?777\s+\//,
+	/\bchown\s+(-[a-zA-Z]+\s+)?root/,
+	// Pipe to shell (download and execute)
+	/\bcurl\s.*\|\s*(ba)?sh/i,
+	/\bwget\s.*\|\s*(ba)?sh/i,
+	// System shutdown/reboot
+	/\bshutdown\b/,
+	/\breboot\b/,
+	/\binit\s+0\b/,
+	// Kill critical processes
+	/\bkill\s+-9\s+1\b/,
+	/\bkillall\b/,
+	// Encoded commands
+	/\|\s*base64\s+-d/,
+	// Network to shell
+	/\bbash\s+-i\s+>\s*\&/,
+	// /etc/passwd manipulation
+	/\becho\s+.*>\s*\/etc\/passwd/,
+];
+
+function isDangerous(command: string): string | null {
+	const normalized = command.replace(/\\\n/g, " ").replace(/\s+/g, " ").trim();
+	for (const pattern of DANGEROUS_PATTERNS) {
+		if (pattern.test(normalized)) {
+			return `Command blocked: matches dangerous pattern \`${pattern}\``;
+		}
+	}
+	return null;
+}
+
+export default function safeBashExtension(pi: ExtensionAPI): void {
+	const cwd = pi.context?.cwd || process.cwd();
+	const bashTool = createBashTool(cwd);
+
+	pi.registerTool({
+		name: "safe_bash",
+		label: "Safe Bash",
+		description:
+			"Execute a bash command safely. Blocks dangerous commands like `rm -rf /`, `sudo`, `curl | sh`, etc.",
+		parameters: Type.Object({
+			command: Type.String({ description: "Bash command to execute" }),
+			timeout: Type.Optional(
+				Type.Number({ description: "Timeout in seconds (optional)" }),
+			),
+			description: Type.Optional(
+				Type.String({ description: "Description of what this command does (optional)" }),
+			),
+		}),
+		async execute(toolCallId, params, signal, onUpdate) {
+			const danger = isDangerous(params.command);
+			if (danger) {
+				return {
+					content: [
+						{
+							type: "text" as const,
+							text: `🚫 ${danger}\n\nIf you need to run this command, use the regular 'bash' tool instead, but be careful!`,
+						},
+					],
+				};
+			}
+			// Safe - delegate to real bash tool
+			return bashTool.execute(toolCallId, params, signal, onUpdate);
+		},
+	});
+}

package/src/tools/safe-bash.ts

@@ -0,0 +1,188 @@
+/**
+ * Safe Bash Tool for pi-crew
+ * Wraps bash with dangerous command blocking
+ */
+
+import { Type } from "@sinclair/typebox";
+
+// Dangerous command patterns to block
+const DANGEROUS_PATTERNS = [
+	// rm -rf / or rm -rf ~ (catastrophic root/home deletion)
+	/\brm\s+(-[a-zA-Z]*[rf][a-zA-Z]*\s*)+(\/|~)(\s*$)/,
+	/\brm\s+(-[a-zA-Z]*[rf][a-zA-Z]*\s*)+(\/|~)($|\s)/,
+	// Privilege escalation
+	/\bsudo\b/,
+	/\bsu\s+root\b/,
+	// Filesystem destruction
+	/\bmkfs\b/,
+	/\bdd\s+if=/,
+	// Fork bomb
+	/^:\s*\(\s*\)\s*\{.*\|.*&.*\}\s*;.*$/,
+	// Device writing
+	/>\s*\/dev\/[sh]d[a-z]/,
+	/\bchmod\s+(-[a-zA-Z]+\s+)?777\s+\//,
+	/\bchown\s+(-[a-zA-Z]+\s+)?root/,
+	// Pipe to shell (download and execute)
+	/\bcurl\s.*\|\s*(ba)?sh/i,
+	/\bwget\s.*\|\s*(ba)?sh/i,
+	// System shutdown/reboot
+	/\bshutdown\b/,
+	/\breboot\b/,
+	/\binit\s+0\b/,
+	// Kill critical processes
+	/\bkill\s+-9\s+1\b/,
+	/\bkillall\b/,
+	// Encoded commands
+	/\|\s*base64\s+-d/,
+	/\|\s*python.*-c/,
+	/\|\s*perl.*-e/,
+	/\|\s*ruby.*-e/,
+	// Network to shell
+	/\bbash\s+-i\s+>\s*\&/,
+	/\bexec\s+.*bash/,
+	// /etc/passwd manipulation
+	/\becho\s+.*>\s*\/etc\/passwd/,
+	/\bcat\s+.*>\s*\/etc\/passwd/,
+];
+
+export interface SafeBashOptions {
+	/** Enable/disable safe mode. Default: true */
+	enabled?: boolean;
+	/** Additional patterns to block */
+	additionalPatterns?: RegExp[];
+	/** Patterns to allow (overrides blocked) */
+	allowPatterns?: RegExp[];
+}
+
+const DEFAULT_ENABLED = true;
+
+/**
+ * Check if a command is dangerous
+ * @returns Error message if dangerous, null if safe
+ */
+export function isDangerous(command: string, options: SafeBashOptions = {}): string | null {
+	const { enabled = DEFAULT_ENABLED, additionalPatterns = [], allowPatterns = [] } = options;
+
+	if (!enabled) return null;
+
+	// Normalize: remove line continuations, collapse whitespace
+	const normalized = command.replace(/\\\n/g, " ").replace(/\s+/g, " ").trim();
+
+	// Check allow patterns first (overrides)
+	for (const pattern of allowPatterns) {
+		if (pattern.test(normalized)) {
+			return null; // Explicitly allowed
+		}
+	}
+
+	// Check dangerous patterns
+	const allPatterns = [...DANGEROUS_PATTERNS, ...additionalPatterns];
+	for (const pattern of allPatterns) {
+		if (pattern.test(normalized)) {
+			return `Command blocked by safe_bash: matches dangerous pattern \`${pattern}\``;
+		}
+	}
+
+	return null;
+}
+
+/**
+ * Validate a bash command before execution
+ * Throws if dangerous
+ */
+export function validateCommand(command: string, options: SafeBashOptions = {}): void {
+	const danger = isDangerous(command, options);
+	if (danger) {
+		throw new Error(danger);
+	}
+}
+
+/**
+ * Create a safe bash tool wrapper
+ * Returns an object with validation function and patterns for integration
+ */
+export function createSafeBash(options: SafeBashOptions = {}) {
+	return {
+		/**
+		 * Validate a command. Throws if dangerous.
+		 */
+		validate(command: string): void {
+			validateCommand(command, options);
+		},
+
+		/**
+		 * Check if a command is dangerous without throwing
+		 */
+		check(command: string): string | null {
+			return isDangerous(command, options);
+		},
+
+		/**
+		 * Get all active patterns (for debugging/config display)
+		 */
+		getPatterns(): { dangerous: RegExp[]; additional: RegExp[]; allow: RegExp[] } {
+			return {
+				dangerous: [...DANGEROUS_PATTERNS],
+				additional: options.additionalPatterns || [],
+				allow: options.allowPatterns || [],
+			};
+		},
+
+		/**
+		 * Check if safe mode is enabled
+		 */
+		isEnabled(): boolean {
+			return options.enabled !== false;
+		},
+	};
+}
+
+/**
+ * Common safe commands that are often blocked but might be needed
+ * These can be used in allowPatterns for specific use cases
+ */
+export const COMMON_SAFE_PATTERNS = {
+	// Safe rm with specific paths
+	safeRm: /\brm\s+(-[a-zA-Z]*f[a-zA-Z]*\s+)?((?![\/~])\/)?(tmp|cache|node_modules|dist|build)\//,
+	// Safe git operations
+	safeGit: /\bgit\s+(clone|pull|push|commit|add|status|diff|log|branch|checkout|merge|rebase)/,
+	// Safe npm/yarn/pnpm
+	safePackage: /\b(npm|yarn|pnpm|bun)\s+(install|run|test|build|start|dev)/,
+	// Safe file read
+	safeRead: /\b(cat|head|tail|less|more|grep|find|ls)\s/,
+};
+
+/**
+ * Preset configurations for different trust levels
+ */
+export const SAFE_BASH_PRESETS = {
+	/** Maximum security - block everything suspicious */
+	strict: {
+		enabled: true,
+		additionalPatterns: [],
+		allowPatterns: [],
+	},
+	/** Moderate - allow common dev operations */
+	development: {
+		enabled: true,
+		additionalPatterns: [],
+		allowPatterns: [COMMON_SAFE_PATTERNS.safePackage],
+	},
+	/** Minimal - only block catastrophic commands */
+	permissive: {
+		enabled: true,
+		additionalPatterns: [],
+		allowPatterns: [
+			COMMON_SAFE_PATTERNS.safeRm,
+			COMMON_SAFE_PATTERNS.safeGit,
+			COMMON_SAFE_PATTERNS.safePackage,
+			COMMON_SAFE_PATTERNS.safeRead,
+		],
+	},
+	/** No safety checks */
+	disabled: {
+		enabled: false,
+		additionalPatterns: [],
+		allowPatterns: [],
+	},
+};