prior-cli 1.6.2 → 1.6.4

package/bin/prior.js

@@ -45,6 +45,48 @@ let _spinIdx   = 0;
 let _spinStart = null;
 let _spinLabel = '';
 
+// ── Tool keyword hints ─────────────────────────────────────────
+// Detects keywords in user input and prepends a hard directive so
+// the model can't second-guess which tool to use.
+const TOOL_HINTS = [
+  {
+    tool: 'ssl_check',
+    patterns: [
+      /\bssl\b/i, /\btls\b/i, /\bcertificate\b/i, /\bcert\b/i,
+      /\bhttps check\b/i, /\bcert expir/i, /\bssl expir/i,
+    ],
+    hint: '[TOOL DIRECTIVE: You MUST call ssl_check — do NOT use zap_scan or zap_alerts]',
+  },
+  {
+    tool: 'dns_lookup',
+    patterns: [
+      /\bdns\b/i, /\bmx record/i, /\bnameserver/i, /\bnslookup\b/i,
+      /\bdig\b/i, /\bdns record/i, /\btxt record/i, /\bcname\b/i,
+      /\bns record/i, /\baaaa record/i,
+    ],
+    hint: '[TOOL DIRECTIVE: You MUST call dns_lookup]',
+  },
+  {
+    tool: 'ip_lookup',
+    patterns: [
+      /\bip lookup\b/i, /\blook up.*ip\b/i, /\bwhere is .+ hosted\b/i,
+      /\bwho owns .+(ip|domain)\b/i, /\basn\b/i, /\bgeolocation\b/i,
+      /\bwhat ip\b/i, /\bresolve .+(domain|host)\b/i,
+      /\blookup\b.*\b(ip|domain|host)\b/i,
+    ],
+    hint: '[TOOL DIRECTIVE: You MUST call ip_lookup]',
+  },
+];
+
+function injectToolHint(text) {
+  for (const { patterns, hint } of TOOL_HINTS) {
+    if (patterns.some(re => re.test(text))) {
+      return `${hint}\n${text}`;
+    }
+  }
+  return text;
+}
+
 function fmtElapsed(ms) {
   const s = Math.floor(ms / 1000);
   if (s < 60) return `${s}s`;
@@ -1285,7 +1327,7 @@ Be concise but thorough — this summary replaces the full history to save conte
 
           _currentAbortController = new AbortController();
           await runAgent({
-            messages:       [...chatHistory, { role: 'user', content: input }],
+            messages:       [...chatHistory, { role: 'user', content: injectToolHint(input) }],
             model:          currentModel,
             cwd:            process.cwd(),
             projectContext,

package/lib/tools.js

@@ -416,6 +416,123 @@ const TOOLS = {
     const data = await res.json();
     return { output: data.output || JSON.stringify(data), summary: data.summary || `spider started for ${url}` };
   },
+
+  async ip_lookup({ target }, {}) {
+    if (!target) throw new Error('"target" is required — provide an IP address or domain');
+    const encoded = encodeURIComponent(target.trim());
+    const res = await fetch(`https://ipinfo.io/${encoded}/json`, {
+      headers: { 'User-Agent': 'prior-cli/1.0', Accept: 'application/json' },
+      timeout: 10000,
+    });
+    if (!res.ok) throw new Error(`ipinfo.io error: HTTP ${res.status}`);
+    const d = await res.json();
+    if (d.error) throw new Error(d.error.message || 'Lookup failed');
+    const lines = [
+      `IP        : ${d.ip || target}`,
+      d.hostname  ? `Hostname  : ${d.hostname}`  : null,
+      d.org       ? `Org / ASN : ${d.org}`        : null,
+      d.city      ? `Location  : ${[d.city, d.region, d.country].filter(Boolean).join(', ')}` : null,
+      d.postal    ? `Postal    : ${d.postal}`     : null,
+      d.timezone  ? `Timezone  : ${d.timezone}`  : null,
+      d.loc       ? `Coords    : ${d.loc}`        : null,
+    ].filter(Boolean);
+    return {
+      output:  lines.join('\n'),
+      summary: `${d.ip || target}${d.org ? ' · ' + d.org : ''}${d.city ? ' · ' + d.city : ''}`,
+    };
+  },
+
+  async dns_lookup({ domain, type = 'A' }, {}) {
+    if (!domain) throw new Error('"domain" is required');
+    const validTypes = ['A', 'AAAA', 'CNAME', 'MX', 'NS', 'TXT', 'SOA', 'PTR', 'SRV'];
+    const qtype = type.toUpperCase();
+    if (!validTypes.includes(qtype)) throw new Error(`Invalid type. Choose from: ${validTypes.join(', ')}`);
+    const res = await fetch(`https://dns.google/resolve?name=${encodeURIComponent(domain)}&type=${qtype}`, {
+      headers: { Accept: 'application/json' },
+      timeout: 10000,
+    });
+    if (!res.ok) throw new Error(`DNS query failed: HTTP ${res.status}`);
+    const data = await res.json();
+    if (data.Status !== 0) {
+      const STATUS = { 1: 'Format error', 2: 'Server failure', 3: 'NXDOMAIN (not found)', 5: 'Refused' };
+      throw new Error(STATUS[data.Status] || `DNS error code ${data.Status}`);
+    }
+    if (!data.Answer || data.Answer.length === 0) {
+      return { output: `No ${qtype} records found for ${domain}`, summary: `0 ${qtype} records` };
+    }
+    const lines = data.Answer.map(r => {
+      const ttl = `TTL ${r.TTL}s`;
+      return `  ${String(r.type).padEnd(6)} ${ttl.padEnd(12)} ${r.data}`;
+    });
+    const header = `${domain}  ${qtype} records (${data.Answer.length})\n`;
+    return {
+      output:  header + lines.join('\n'),
+      summary: `${data.Answer.length} ${qtype} record${data.Answer.length !== 1 ? 's' : ''} for ${domain}`,
+    };
+  },
+
+  async ssl_check({ domain }, {}) {
+    if (!domain) throw new Error('"domain" is required');
+    // Strip protocol if provided
+    const host = domain.replace(/^https?:\/\//, '').split('/')[0].split(':')[0];
+    // Use crt.sh to get cert info + check via HEAD for expiry details
+    const [certRes, headRes] = await Promise.allSettled([
+      fetch(`https://crt.sh/?q=${encodeURIComponent(host)}&output=json`, {
+        headers: { 'User-Agent': 'prior-cli/1.0' },
+        timeout: 12000,
+      }),
+      fetch(`https://${host}`, {
+        method: 'HEAD',
+        headers: { 'User-Agent': 'prior-cli/1.0' },
+        timeout: 8000,
+      }),
+    ]);
+
+    const lines = [`Domain : ${host}`];
+
+    // Live cert check via HTTPS HEAD — Node's TLS gives us nothing in headers,
+    // but we can confirm TLS works and check for errors
+    if (headRes.status === 'fulfilled') {
+      lines.push(`HTTPS  : ✓ reachable (HTTP ${headRes.value.status})`);
+    } else {
+      const msg = headRes.reason?.message || 'unreachable';
+      const expired = /certificate has expired|CERT_HAS_EXPIRED/i.test(msg);
+      lines.push(`HTTPS  : ✗ ${expired ? 'CERTIFICATE EXPIRED' : msg}`);
+    }
+
+    // crt.sh — most recent issuances
+    if (certRes.status === 'fulfilled' && certRes.value.ok) {
+      try {
+        const certs = await certRes.value.json();
+        const recent = certs
+          .filter(c => c.name_value && !c.name_value.startsWith('*'))
+          .sort((a, b) => new Date(b.not_after) - new Date(a.not_after))
+          .slice(0, 3);
+        if (recent.length) {
+          lines.push('');
+          lines.push('Recent certificates (crt.sh):');
+          for (const c of recent) {
+            const expiry  = new Date(c.not_after);
+            const issued  = new Date(c.not_before);
+            const daysLeft = Math.ceil((expiry - Date.now()) / 86400000);
+            const status  = daysLeft < 0 ? '✗ EXPIRED' : daysLeft < 14 ? `⚠ expires in ${daysLeft}d` : `✓ ${daysLeft}d left`;
+            lines.push(`  Issuer  : ${c.issuer_name?.replace(/^.*?CN=/, 'CN=') || '?'}`);
+            lines.push(`  Issued  : ${issued.toLocaleDateString()}`);
+            lines.push(`  Expires : ${expiry.toLocaleDateString()}  (${status})`);
+            lines.push(`  Names   : ${c.name_value.replace(/\n/g, ', ')}`);
+            lines.push('  ─────────────────────────────');
+          }
+        }
+      } catch { /* crt.sh parse failed, HTTPS check is enough */ }
+    }
+
+    // Summary line
+    const httpsOk = headRes.status === 'fulfilled';
+    return {
+      output:  lines.join('\n'),
+      summary: `${host} · HTTPS ${httpsOk ? '✓' : '✗'}`,
+    };
+  },
 };
 
 async function executeTool(name, args, context) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prior-cli",
-  "version": "1.6.2",
+  "version": "1.6.4",
   "description": "Prior Network AI — command-line interface",
   "bin": {
     "prior": "bin/prior.js"