prjct-cli 0.20.0 → 0.21.0

package/core/infrastructure/path-manager.ts

@@ -15,14 +15,7 @@ import crypto from 'crypto'
 import os from 'os'
 import * as dateHelper from '../utils/date-helper'
 import * as fileHelper from '../utils/file-helper'
-
-interface SessionInfo {
-  year: string
-  month: string
-  day: string
-  path: string
-  date: Date
-}
+import type { SessionInfo } from '../types'
 
 class PathManager {
   globalBaseDir: string
@@ -30,7 +23,21 @@ class PathManager {
   globalConfigDir: string
 
   constructor() {
-    this.globalBaseDir = path.join(os.homedir(), '.prjct-cli')
+    const envOverride = process.env.PRJCT_CLI_HOME?.trim()
+    this.globalBaseDir = envOverride ? path.resolve(envOverride) : path.join(os.homedir(), '.prjct-cli')
+    this.globalProjectsDir = path.join(this.globalBaseDir, 'projects')
+    this.globalConfigDir = path.join(this.globalBaseDir, 'config')
+  }
+
+  /**
+   * Override global storage location (primarily for tests and sandboxed environments).
+   *
+   * When unset, global storage defaults to `~/.prjct-cli/`.
+   *
+   * @param {string} globalBaseDir - Base directory that will contain `projects/` and `config/`.
+   */
+  setGlobalBaseDir(globalBaseDir: string): void {
+    this.globalBaseDir = path.resolve(globalBaseDir)
     this.globalProjectsDir = path.join(this.globalBaseDir, 'projects')
     this.globalConfigDir = path.join(this.globalBaseDir, 'config')
   }
@@ -274,6 +281,49 @@ class PathManager {
   getLastSyncPath(projectId: string): string {
     return path.join(this.getGlobalProjectPath(projectId), 'sync', 'last-sync.json')
   }
+
+  /**
+   * Get the running status file path (for status signal)
+   * Used to indicate when prjct CLI is actively running
+   */
+  getRunningStatusPath(): string {
+    return path.join(this.globalBaseDir, '.running')
+  }
+
+  /**
+   * Get the docs directory path
+   * Contains documentation and help files
+   */
+  getDocsPath(): string {
+    return path.join(this.globalBaseDir, 'docs')
+  }
+
+  /**
+   * Get the agents directory path for a project
+   * If projectId is null, returns the global agents directory
+   */
+  getAgentsPath(projectId: string | null): string {
+    if (projectId) {
+      return path.join(this.getGlobalProjectPath(projectId), 'agents')
+    }
+    return path.join(this.globalBaseDir, 'agents')
+  }
+
+  /**
+   * Get the storage file path for a project
+   * Convenience method for accessing storage layer files
+   */
+  getStoragePath(projectId: string, filename: string): string {
+    return path.join(this.getGlobalProjectPath(projectId), 'storage', filename)
+  }
+
+  /**
+   * Get the context directory path for a project
+   * Contains generated markdown context files
+   */
+  getContextPath(projectId: string): string {
+    return path.join(this.getGlobalProjectPath(projectId), 'context')
+  }
 }
 
 const pathManager = new PathManager()

package/core/infrastructure/permission-manager.ts

@@ -0,0 +1,286 @@
+/**
+ * PermissionManager - Granular permission control for CLI operations
+ *
+ * Implements glob-based permission matching inspired by opencode.
+ * Checks bash commands, file operations, and web access against
+ * configurable permission rules.
+ *
+ * @version 1.0.0
+ */
+
+import {
+  type PermissionsConfig,
+  type PermissionLevel,
+  buildDefaultPermissions,
+} from '../schemas/permissions'
+import type { PermissionCheckResult } from '../types'
+
+/**
+ * Simple glob pattern matching
+ * Supports * (any chars) and ? (single char)
+ */
+function matchGlobPattern(pattern: string, text: string): boolean {
+  // Escape regex special chars except * and ?
+  const regexPattern = pattern
+    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+    .replace(/\*/g, '.*')
+    .replace(/\?/g, '.')
+
+  const regex = new RegExp(`^${regexPattern}$`, 'i')
+  return regex.test(text)
+}
+
+/**
+ * Find the most specific matching pattern
+ * More specific = longer pattern without wildcards
+ */
+function findBestMatch(
+  patterns: Record<string, PermissionLevel>,
+  text: string
+): { pattern: string; level: PermissionLevel } | null {
+  let bestMatch: { pattern: string; level: PermissionLevel; specificity: number } | null = null
+
+  for (const [pattern, level] of Object.entries(patterns)) {
+    if (matchGlobPattern(pattern, text)) {
+      // Calculate specificity: longer patterns without wildcards are more specific
+      const wildcardCount = (pattern.match(/\*/g) || []).length
+      const specificity = pattern.length - wildcardCount * 10
+
+      if (!bestMatch || specificity > bestMatch.specificity) {
+        bestMatch = { pattern, level, specificity }
+      }
+    }
+  }
+
+  return bestMatch ? { pattern: bestMatch.pattern, level: bestMatch.level } : null
+}
+
+class PermissionManager {
+  private config: PermissionsConfig
+
+  constructor(config?: PermissionsConfig) {
+    this.config = config || buildDefaultPermissions()
+  }
+
+  /**
+   * Update the permissions configuration
+   */
+  setConfig(config: PermissionsConfig): void {
+    this.config = config
+  }
+
+  /**
+   * Merge custom permissions with defaults
+   */
+  mergeWithDefaults(custom: Partial<PermissionsConfig>): PermissionsConfig {
+    const defaults = buildDefaultPermissions()
+    return {
+      ...defaults,
+      ...custom,
+      bash: { ...defaults.bash, ...custom.bash },
+      files: {
+        read: { ...defaults.files?.read, ...custom.files?.read },
+        write: { ...defaults.files?.write, ...custom.files?.write },
+        delete: { ...defaults.files?.delete, ...custom.files?.delete },
+      },
+      web: {
+        enabled: custom.web?.enabled ?? defaults.web?.enabled ?? true,
+        allowedDomains: custom.web?.allowedDomains ?? defaults.web?.allowedDomains,
+        blockedDomains: custom.web?.blockedDomains ?? defaults.web?.blockedDomains,
+      },
+      doomLoop: {
+        enabled: custom.doomLoop?.enabled ?? defaults.doomLoop?.enabled ?? true,
+        maxRetries: custom.doomLoop?.maxRetries ?? defaults.doomLoop?.maxRetries ?? 3,
+      },
+    }
+  }
+
+  /**
+   * Check if a bash command is allowed
+   */
+  checkBashCommand(command: string): PermissionCheckResult {
+    if (!this.config.bash) {
+      return { allowed: true, level: 'allow', reason: 'No bash permissions configured' }
+    }
+
+    const match = findBestMatch(this.config.bash, command)
+
+    if (!match) {
+      // Default: allow if no pattern matches
+      return { allowed: true, level: 'allow', reason: 'No matching pattern' }
+    }
+
+    return {
+      allowed: match.level === 'allow',
+      level: match.level,
+      matchedPattern: match.pattern,
+      reason: match.level === 'deny'
+        ? `Command denied by pattern: ${match.pattern}`
+        : match.level === 'ask'
+          ? `Command requires approval: ${match.pattern}`
+          : undefined,
+    }
+  }
+
+  /**
+   * Check if a file operation is allowed
+   */
+  checkFileOperation(
+    operation: 'read' | 'write' | 'delete',
+    filePath: string
+  ): PermissionCheckResult {
+    const filePerms = this.config.files?.[operation]
+
+    if (!filePerms) {
+      return { allowed: true, level: 'allow', reason: 'No file permissions configured' }
+    }
+
+    const match = findBestMatch(filePerms, filePath)
+
+    if (!match) {
+      return { allowed: true, level: 'allow', reason: 'No matching pattern' }
+    }
+
+    return {
+      allowed: match.level === 'allow',
+      level: match.level,
+      matchedPattern: match.pattern,
+      reason: match.level === 'deny'
+        ? `File operation denied: ${operation} on ${match.pattern}`
+        : match.level === 'ask'
+          ? `File operation requires approval: ${operation}`
+          : undefined,
+    }
+  }
+
+  /**
+   * Check if web fetch is allowed for a domain
+   */
+  checkWebFetch(url: string): PermissionCheckResult {
+    const webConfig = this.config.web
+
+    if (!webConfig?.enabled) {
+      return {
+        allowed: false,
+        level: 'deny',
+        reason: 'Web fetch is disabled',
+      }
+    }
+
+    try {
+      const domain = new URL(url).hostname
+
+      // Check blocked domains
+      if (webConfig.blockedDomains?.some((d) => domain.includes(d))) {
+        return {
+          allowed: false,
+          level: 'deny',
+          matchedPattern: domain,
+          reason: `Domain is blocked: ${domain}`,
+        }
+      }
+
+      // Check allowed domains (if specified, only those are allowed)
+      if (webConfig.allowedDomains && webConfig.allowedDomains.length > 0) {
+        const isAllowed = webConfig.allowedDomains.some((d) => domain.includes(d))
+        if (!isAllowed) {
+          return {
+            allowed: false,
+            level: 'deny',
+            matchedPattern: domain,
+            reason: `Domain not in allowed list: ${domain}`,
+          }
+        }
+      }
+
+      return { allowed: true, level: 'allow' }
+    } catch {
+      return {
+        allowed: false,
+        level: 'deny',
+        reason: 'Invalid URL',
+      }
+    }
+  }
+
+  /**
+   * Check if a skill can be invoked
+   */
+  checkSkill(skillName: string): PermissionCheckResult {
+    if (!this.config.skills) {
+      return { allowed: true, level: 'allow', reason: 'No skill permissions configured' }
+    }
+
+    const match = findBestMatch(this.config.skills, skillName)
+
+    if (!match) {
+      return { allowed: true, level: 'allow', reason: 'No matching pattern' }
+    }
+
+    return {
+      allowed: match.level === 'allow',
+      level: match.level,
+      matchedPattern: match.pattern,
+    }
+  }
+
+  /**
+   * Check if external directory access is allowed
+   */
+  checkExternalDirectory(path: string, projectRoot: string): PermissionCheckResult {
+    const isExternal = !path.startsWith(projectRoot)
+
+    if (!isExternal) {
+      return { allowed: true, level: 'allow', reason: 'Path is within project' }
+    }
+
+    const level = this.config.externalDirectories || 'ask'
+
+    return {
+      allowed: level === 'allow',
+      level,
+      reason: level === 'deny'
+        ? 'External directory access denied'
+        : level === 'ask'
+          ? 'External directory access requires approval'
+          : undefined,
+    }
+  }
+
+  /**
+   * Get current permissions config
+   */
+  getConfig(): PermissionsConfig {
+    return this.config
+  }
+
+  /**
+   * Check doom loop protection
+   */
+  checkDoomLoop(retryCount: number): PermissionCheckResult {
+    const doomLoop = this.config.doomLoop
+
+    if (!doomLoop?.enabled) {
+      return { allowed: true, level: 'allow', reason: 'Doom loop protection disabled' }
+    }
+
+    const maxRetries = doomLoop.maxRetries || 3
+
+    if (retryCount >= maxRetries) {
+      return {
+        allowed: false,
+        level: 'deny',
+        reason: `Doom loop detected: ${retryCount} retries exceeded limit of ${maxRetries}`,
+      }
+    }
+
+    return { allowed: true, level: 'allow' }
+  }
+}
+
+// Singleton instance
+const permissionManager = new PermissionManager()
+export default permissionManager
+
+// Export class for testing
+export { PermissionManager }

package/core/integrations/notion/client.ts

@@ -0,0 +1,323 @@
+/**
+ * Notion Client
+ * Wrapper for Notion MCP tools with fallback to direct API.
+ *
+ * Uses MCP tools when available (via Claude), falls back to fetch for CLI usage.
+ */
+
+import type { NotionIntegrationConfig } from '../../types/integrations'
+
+// =============================================================================
+// Types
+// =============================================================================
+
+export interface NotionDatabase {
+  id: string
+  title: string
+  url: string
+}
+
+export interface NotionPage {
+  id: string
+  url: string
+}
+
+export interface NotionProperty {
+  type: string
+  [key: string]: unknown
+}
+
+export interface NotionDatabaseSchema {
+  title: string
+  properties: Record<string, NotionProperty>
+}
+
+export interface NotionQueryFilter {
+  property: string
+  rich_text?: { equals: string }
+  title?: { equals: string }
+  date?: { equals: string }
+}
+
+// Notion API response types
+interface NotionApiResponse {
+  id?: string
+  url?: string
+  bot?: {
+    workspace_name?: string
+    owner?: {
+      workspace?: {
+        id?: string
+      }
+    }
+  }
+  results?: Array<{ id: string; properties: Record<string, unknown> }>
+}
+
+// =============================================================================
+// Notion Client Class
+// =============================================================================
+
+export class NotionClient {
+  private config: NotionIntegrationConfig | null = null
+  private apiToken: string | null = null
+
+  /**
+   * Initialize client with config
+   */
+  initialize(config: NotionIntegrationConfig, apiToken?: string): void {
+    this.config = config
+    this.apiToken = apiToken || process.env.NOTION_TOKEN || null
+  }
+
+  /**
+   * Check if client is ready
+   */
+  isReady(): boolean {
+    return this.config?.enabled === true && this.apiToken !== null
+  }
+
+  /**
+   * Get workspace info
+   */
+  async getWorkspace(): Promise<{ id: string; name: string } | null> {
+    if (!this.apiToken) return null
+
+    try {
+      const response = await this.apiRequest('/users/me')
+      if (response.bot?.workspace_name) {
+        return {
+          id: response.bot.owner?.workspace?.id || 'unknown',
+          name: response.bot.workspace_name,
+        }
+      }
+      return null
+    } catch {
+      return null
+    }
+  }
+
+  /**
+   * Create a database in Notion
+   */
+  async createDatabase(
+    parentPageId: string,
+    schema: NotionDatabaseSchema
+  ): Promise<NotionDatabase | null> {
+    try {
+      const response = await this.apiRequest('/databases', 'POST', {
+        parent: { type: 'page_id', page_id: parentPageId },
+        title: [{ type: 'text', text: { content: schema.title } }],
+        properties: schema.properties,
+      })
+
+      if (!response.id || !response.url) {
+        return null
+      }
+
+      return {
+        id: response.id,
+        title: schema.title,
+        url: response.url,
+      }
+    } catch (error) {
+      console.error('[notion] Failed to create database:', (error as Error).message)
+      return null
+    }
+  }
+
+  /**
+   * Create a page in a database
+   */
+  async createPage(
+    databaseId: string,
+    properties: Record<string, unknown>
+  ): Promise<NotionPage | null> {
+    try {
+      const response = await this.apiRequest('/pages', 'POST', {
+        parent: { type: 'database_id', database_id: databaseId },
+        properties,
+      })
+
+      if (!response.id || !response.url) {
+        return null
+      }
+
+      return {
+        id: response.id,
+        url: response.url,
+      }
+    } catch (error) {
+      console.error('[notion] Failed to create page:', (error as Error).message)
+      return null
+    }
+  }
+
+  /**
+   * Update a page
+   */
+  async updatePage(
+    pageId: string,
+    properties: Record<string, unknown>
+  ): Promise<NotionPage | null> {
+    try {
+      const response = await this.apiRequest(`/pages/${pageId}`, 'PATCH', {
+        properties,
+      })
+
+      if (!response.id || !response.url) {
+        return null
+      }
+
+      return {
+        id: response.id,
+        url: response.url,
+      }
+    } catch (error) {
+      console.error('[notion] Failed to update page:', (error as Error).message)
+      return null
+    }
+  }
+
+  /**
+   * Query a database
+   */
+  async queryDatabase(
+    databaseId: string,
+    filter?: NotionQueryFilter
+  ): Promise<Array<{ id: string; properties: Record<string, unknown> }>> {
+    try {
+      const body: Record<string, unknown> = {}
+      if (filter) {
+        body.filter = filter
+      }
+
+      const response = await this.apiRequest(
+        `/databases/${databaseId}/query`,
+        'POST',
+        body
+      )
+
+      return (response.results || []).map(
+        (page: { id: string; properties: Record<string, unknown> }) => ({
+          id: page.id,
+          properties: page.properties,
+        })
+      )
+    } catch (error) {
+      console.error('[notion] Failed to query database:', (error as Error).message)
+      return []
+    }
+  }
+
+  /**
+   * Find page by project ID and name (for upsert)
+   */
+  async findPageByProjectAndName(
+    databaseId: string,
+    projectId: string,
+    name: string
+  ): Promise<string | null> {
+    try {
+      const response = await this.apiRequest(
+        `/databases/${databaseId}/query`,
+        'POST',
+        {
+          filter: {
+            and: [
+              { property: 'Project', rich_text: { equals: projectId } },
+              { property: 'Name', title: { equals: name } },
+            ],
+          },
+        }
+      )
+
+      const results = response.results || []
+      return results.length > 0 ? results[0].id : null
+    } catch {
+      return null
+    }
+  }
+
+  /**
+   * Create a page (for dashboard)
+   */
+  async createDashboardPage(
+    parentPageId: string,
+    title: string,
+    content: string
+  ): Promise<NotionPage | null> {
+    try {
+      const response = await this.apiRequest('/pages', 'POST', {
+        parent: { type: 'page_id', page_id: parentPageId },
+        properties: {
+          title: [{ type: 'text', text: { content: title } }],
+        },
+        children: [
+          {
+            object: 'block',
+            type: 'paragraph',
+            paragraph: {
+              rich_text: [{ type: 'text', text: { content } }],
+            },
+          },
+        ],
+      })
+
+      if (!response.id || !response.url) {
+        return null
+      }
+
+      return {
+        id: response.id,
+        url: response.url,
+      }
+    } catch (error) {
+      console.error('[notion] Failed to create page:', (error as Error).message)
+      return null
+    }
+  }
+
+  /**
+   * Make API request to Notion
+   */
+  private async apiRequest(
+    endpoint: string,
+    method = 'GET',
+    body?: Record<string, unknown>
+  ): Promise<NotionApiResponse> {
+    if (!this.apiToken) {
+      throw new Error('Notion API token not configured')
+    }
+
+    const url = `https://api.notion.com/v1${endpoint}`
+    const headers: Record<string, string> = {
+      Authorization: `Bearer ${this.apiToken}`,
+      'Content-Type': 'application/json',
+      'Notion-Version': '2022-06-28',
+    }
+
+    const options: RequestInit = {
+      method,
+      headers,
+    }
+
+    if (body) {
+      options.body = JSON.stringify(body)
+    }
+
+    const response = await fetch(url, options)
+
+    if (!response.ok) {
+      const errorData = (await response.json().catch(() => ({}))) as { message?: string }
+      throw new Error(
+        `Notion API error: ${response.status} - ${errorData.message || 'Unknown error'}`
+      )
+    }
+
+    return (await response.json()) as NotionApiResponse
+  }
+}
+
+// Singleton instance
+export const notionClient = new NotionClient()