protoagent 0.0.5 → 0.1.0

package/dist/tools/webfetch.js

@@ -0,0 +1,310 @@
+/**
+ * webfetch tool — Fetch and process web content
+ *
+ * Features:
+ * - Single URL fetch per invocation
+ * - Three output formats: text, markdown, html
+ * - Configurable timeout (default 30s, max 120s)
+ * - 5MB response size limit + 2MB output limit
+ * - HTML to text/markdown conversion
+ * - AbortController support for cancellation
+ * - Robust HTML entity decoding
+ * - Proper redirect limiting
+ * - Charset-aware content decoding
+ */
+import { convert } from 'html-to-text';
+const MAX_RESPONSE_SIZE = 5 * 1024 * 1024; // 5MB
+const MAX_OUTPUT_SIZE = 2 * 1024 * 1024; // 2MB
+const MAX_REDIRECTS = 10;
+const MAX_URL_LENGTH = 4096;
+const FETCH_HEADERS = {
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
+    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+    'Accept-Language': 'en-US,en;q=0.9',
+    'Accept-Encoding': 'gzip, deflate',
+    'DNT': '1',
+    'Connection': 'keep-alive',
+    'Upgrade-Insecure-Requests': '1',
+};
+// Text-based MIME types that are safe to process
+const TEXT_MIME_TYPES = [
+    'text/',
+    'application/json',
+    'application/xml',
+    'application/x-www-form-urlencoded',
+    'application/atom+xml',
+    'application/rss+xml',
+    'application/javascript',
+    'application/typescript',
+];
+// Lazy-loaded Turndown instance (CJS module — dynamic import avoids forcing esbuild CJS output)
+let _turndownService = null;
+async function getTurndownService() {
+    if (!_turndownService) {
+        const { default: TurndownService } = await import('turndown');
+        _turndownService = new TurndownService({
+            headingStyle: 'atx',
+            codeBlockStyle: 'fenced',
+            bulletListMarker: '-',
+            emDelimiter: '*',
+        });
+        _turndownService.remove(['script', 'style', 'meta', 'link']);
+    }
+    return _turndownService;
+}
+// Lazy-loaded he module (CJS module)
+let _he = null;
+async function getHe() {
+    if (!_he) {
+        const { default: he } = await import('he');
+        _he = he;
+    }
+    return _he;
+}
+/**
+ * Check if MIME type is text-based
+ */
+function isTextMimeType(mimeType) {
+    return TEXT_MIME_TYPES.some((type) => mimeType.includes(type));
+}
+/**
+ * Detect if content is HTML
+ */
+function detectHTML(content, contentType) {
+    // Header says HTML
+    if (contentType.includes('text/html')) {
+        return true;
+    }
+    // Sniff content for HTML signature
+    const trimmed = content.slice(0, 1024).trim().toLowerCase();
+    return /^<!doctype html|^<html|^<head|^<body|^<meta/.test(trimmed);
+}
+/**
+ * Parse charset from Content-Type header
+ */
+function parseCharset(contentType) {
+    const match = contentType.match(/charset=([^\s;]+)/i);
+    if (match) {
+        const charset = match[1].replace(/['"]/g, '');
+        // Validate charset is supported by TextDecoder
+        try {
+            new TextDecoder(charset);
+            return charset;
+        }
+        catch {
+            return 'utf-8';
+        }
+    }
+    return 'utf-8';
+}
+/**
+ * Truncate output if too large
+ */
+function truncateOutput(output, maxSize) {
+    if (output.length > maxSize) {
+        const truncatedSize = Math.max(100, maxSize - 100);
+        return (output.slice(0, truncatedSize) +
+            `\n\n[Content truncated: ${output.length} characters exceeds ${maxSize} limit]`);
+    }
+    return output;
+}
+export const webfetchTool = {
+    type: 'function',
+    function: {
+        name: 'webfetch',
+        description: 'Fetch and process content from a web URL. Supports text (plain text extraction), markdown (HTML to markdown conversion), or html (raw HTML) output formats.',
+        parameters: {
+            type: 'object',
+            properties: {
+                url: {
+                    type: 'string',
+                    description: 'HTTP(S) URL to fetch (must start with http:// or https://)',
+                },
+                format: {
+                    type: 'string',
+                    enum: ['text', 'markdown', 'html'],
+                    description: 'Output format: text (plain text), markdown (HTML to markdown), or html (raw HTML)',
+                },
+                timeout: {
+                    type: 'number',
+                    description: 'Timeout in seconds (default 30, min 1, max 120)',
+                },
+            },
+            required: ['url', 'format'],
+        },
+    },
+};
+/**
+ * Convert HTML to plain text using html-to-text library
+ */
+function htmlToText(html) {
+    try {
+        return convert(html, {
+            wordwrap: 120,
+            selectors: [
+                { selector: 'img', options: { ignoreHref: true } },
+                { selector: 'a', options: { ignoreHref: true } },
+            ],
+        });
+    }
+    catch (error) {
+        // Fallback: basic regex if library fails
+        return html
+            .replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '')
+            .replace(/<style\b[^<]*(?:(?!<\/style>)<[^<]*)*<\/style>/gi, '')
+            .replace(/<[^>]+>/g, ' ')
+            .split('\n')
+            .map((line) => line.trim())
+            .filter((line) => line.length > 0)
+            .join('\n');
+    }
+}
+/**
+ * Convert HTML to Markdown using Turndown (cached instance)
+ */
+async function htmlToMarkdown(html) {
+    try {
+        const turndown = await getTurndownService();
+        return turndown.turndown(html);
+    }
+    catch (error) {
+        // Fallback: treat as code block
+        return `\`\`\`html\n${html}\n\`\`\``;
+    }
+}
+/**
+ * Fetch with redirect limiting
+ */
+async function fetchWithRedirectLimit(url, signal) {
+    let redirectCount = 0;
+    let currentUrl = url;
+    // Create a custom fetch wrapper that tracks redirects
+    const originalFetch = global.fetch;
+    while (redirectCount < MAX_REDIRECTS) {
+        const response = await originalFetch(currentUrl, {
+            signal,
+            headers: FETCH_HEADERS,
+            redirect: 'manual', // Handle redirects manually to count them
+        });
+        // Check for redirect status
+        if (response.status >= 300 && response.status < 400) {
+            const location = response.headers.get('location');
+            if (location) {
+                redirectCount++;
+                // Resolve relative URLs
+                currentUrl = new URL(location, currentUrl).href;
+                continue;
+            }
+        }
+        return response;
+    }
+    throw new Error(`Too many redirects (max ${MAX_REDIRECTS})`);
+}
+/**
+ * Fetch and process a URL
+ *
+ * @param url - HTTP(S) URL to fetch
+ * @param format - Output format: 'text', 'markdown', or 'html'
+ * @param timeout - Optional timeout in seconds (default 30, max 120)
+ * @returns Object with output, title, and metadata
+ * @throws Error on validation, network, or processing failures
+ */
+export async function webfetch(url, format, timeout) {
+    // Validate URL
+    if (!url.startsWith('http://') && !url.startsWith('https://')) {
+        throw new Error('Invalid URL format. Must start with http:// or https://');
+    }
+    if (url.length > MAX_URL_LENGTH) {
+        throw new Error(`URL too long (${url.length} characters, max ${MAX_URL_LENGTH})`);
+    }
+    // Validate format
+    if (!['text', 'markdown', 'html'].includes(format)) {
+        throw new Error("Invalid format. Must be 'text', 'markdown', or 'html'");
+    }
+    // Validate timeout
+    const timeoutSeconds = Math.min(timeout ?? 30, 120);
+    if (timeoutSeconds < 1) {
+        throw new Error('Timeout must be between 1 and 120 seconds');
+    }
+    // Setup timeout for entire operation
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeoutSeconds * 1000);
+    try {
+        const startTime = Date.now();
+        // Fetch with redirect limiting
+        const response = await fetchWithRedirectLimit(url, controller.signal);
+        // Check HTTP status
+        if (!response.ok) {
+            throw new Error(`HTTP ${response.status} error: ${response.statusText}`);
+        }
+        // Validate response size by header
+        const contentLength = response.headers.get('content-length');
+        if (contentLength && parseInt(contentLength) > MAX_RESPONSE_SIZE) {
+            throw new Error(`Response too large (exceeds 5MB limit). Content-Length: ${contentLength}`);
+        }
+        // Get content type
+        const contentType = response.headers.get('content-type') ?? 'text/plain';
+        // Check if content type is text-based
+        if (!isTextMimeType(contentType)) {
+            throw new Error(`Content type '${contentType}' is not supported. Only text-based formats are allowed.`);
+        }
+        // Get response as ArrayBuffer
+        const arrayBuffer = await response.arrayBuffer();
+        // Check actual response size
+        if (arrayBuffer.byteLength > MAX_RESPONSE_SIZE) {
+            throw new Error(`Response too large (exceeds 5MB limit). Size: ${arrayBuffer.byteLength}`);
+        }
+        // Parse charset from Content-Type header
+        const charset = parseCharset(contentType);
+        // Decode response with appropriate charset
+        const decoder = new TextDecoder(charset, { fatal: false });
+        const content = decoder.decode(arrayBuffer);
+        const isHTML = detectHTML(content, contentType);
+        // Format content based on requested format
+        let output;
+        if (format === 'text') {
+            output = isHTML ? htmlToText(content) : content;
+        }
+        else if (format === 'markdown') {
+            output = isHTML ? await htmlToMarkdown(content) : `\`\`\`\n${content}\n\`\`\``;
+        }
+        else {
+            // format === 'html'
+            output = content;
+        }
+        // Decode HTML entities ONLY for text/markdown formats (not for raw HTML)
+        if (format !== 'html') {
+            const he = await getHe();
+            output = he.decode(output);
+        }
+        // Truncate output if too large
+        output = truncateOutput(output, MAX_OUTPUT_SIZE);
+        const fetchTime = Date.now() - startTime;
+        const title = `${url} (${contentType})`;
+        const metadata = {
+            url,
+            format,
+            contentType,
+            charset,
+            contentLength: arrayBuffer.byteLength,
+            outputLength: output.length,
+            fetchTime,
+        };
+        return { output, title, metadata };
+    }
+    catch (error) {
+        // Handle AbortError (timeout or cancellation)
+        if (error instanceof Error && error.name === 'AbortError') {
+            throw new Error(`Fetch timeout after ${timeoutSeconds} seconds`);
+        }
+        // Re-throw our errors as-is
+        if (error instanceof Error) {
+            throw error;
+        }
+        // Handle unexpected errors
+        throw new Error(`Failed to fetch ${url}: ${String(error)}`);
+    }
+    finally {
+        clearTimeout(timeoutId);
+    }
+}

package/dist/tools/write-file.js

@@ -1,144 +1,53 @@
-import fs from 'fs/promises';
-import path from 'path';
-import { randomBytes } from 'crypto';
-import { requestFileOperationApproval } from '../utils/file-operations-approval.js';
-import { isUserCancellation } from '../utils/user-cancellation.js';
-import { logger } from '../utils/logger.js';
-// Current working directory for file operations
-const workingDirectory = process.cwd();
-// Security utilities
-function normalizePath(p) {
-    return path.normalize(p);
-}
-async function validatePath(requestedPath) {
-    const absolute = path.isAbsolute(requestedPath)
-        ? path.resolve(requestedPath)
-        : path.resolve(workingDirectory, requestedPath);
-    const normalizedRequested = normalizePath(absolute);
-    // Check if path is within working directory
-    if (!normalizedRequested.startsWith(workingDirectory)) {
-        throw new Error(`Access denied - path outside working directory: ${absolute}`);
-    }
-    // Handle symlinks by checking their real path
-    try {
-        const realPath = await fs.realpath(absolute);
-        const normalizedReal = normalizePath(realPath);
-        if (!normalizedReal.startsWith(workingDirectory)) {
-            throw new Error(`Access denied - symlink target outside working directory: ${realPath}`);
-        }
-        return realPath;
-    }
-    catch (error) {
-        // For new files that don't exist yet, verify parent directory
-        if (error.code === 'ENOENT') {
-            const parentDir = path.dirname(absolute);
-            try {
-                const realParentPath = await fs.realpath(parentDir);
-                const normalizedParent = normalizePath(realParentPath);
-                if (!normalizedParent.startsWith(workingDirectory)) {
-                    throw new Error(`Access denied - parent directory outside working directory: ${realParentPath}`);
-                }
-                return absolute;
-            }
-            catch {
-                throw new Error(`Parent directory does not exist: ${parentDir}`);
-            }
-        }
-        throw error;
-    }
-}
-export async function writeFile(filePath, content) {
-    try {
-        const validPath = await validatePath(filePath);
-        // Check if file already exists for approval context
-        let fileExists = false;
-        try {
-            await fs.access(validPath);
-            fileExists = true;
-        }
-        catch {
-            // File doesn't exist, which is expected for write operations
-        }
-        // Request user approval for write operation
-        const approvalContext = {
-            operation: 'write',
-            filePath: filePath,
-            description: fileExists
-                ? `Overwrite existing file with ${content.length} characters of new content`
-                : `Create new file with ${content.length} characters of content`,
-            contentPreview: undefined, // Will be shown in the enhanced preview
-            newContent: content,
-            changeContext: {
-                linesAdded: content.split('\n').length,
-                linesRemoved: fileExists ? 0 : 0, // We don't know the old content yet
-                totalLines: content.split('\n').length,
-                affectedLineNumbers: []
-            }
-        };
-        // Request user approval for write operation (throws UserCancellationError if cancelled)
-        await requestFileOperationApproval(approvalContext);
-        logger.debug(`📝 Writing file: ${filePath} (${content.length} chars)`, { component: 'WriteFile', operation: 'writeFile' });
-        try {
-            // Security: 'wx' flag ensures exclusive creation - fails if file/symlink exists,
-            // preventing writes through pre-existing symlinks
-            await fs.writeFile(validPath, content, { encoding: "utf-8", flag: 'wx' });
-            logger.info(`✅ Created new file: ${filePath}`, { component: 'WriteFile', operation: 'writeFile' });
-        }
-        catch (error) {
-            if (error.code === 'EEXIST') {
-                // Security: Use atomic rename to prevent race conditions where symlinks
-                // could be created between validation and write. Rename operations
-                // replace the target file atomically and don't follow symlinks.
-                const tempPath = `${validPath}.${randomBytes(16).toString('hex')}.tmp`;
-                try {
-                    await fs.writeFile(tempPath, content, 'utf-8');
-                    await fs.rename(tempPath, validPath);
-                    logger.info(`✅ Overwrote existing file: ${filePath}`, { component: 'WriteFile', operation: 'writeFile' });
-                }
-                catch (renameError) {
-                    try {
-                        await fs.unlink(tempPath);
-                    }
-                    catch { }
-                    throw renameError;
-                }
-            }
-            else {
-                throw error;
-            }
-        }
-        return `Successfully wrote to ${filePath}`;
-    }
-    catch (error) {
-        // Re-throw UserCancellationError without modification
-        if (isUserCancellation(error)) {
-            throw error;
-        }
-        if (error instanceof Error) {
-            throw new Error(`Failed to write file: ${error.message}`);
-        }
-        throw new Error('Failed to write file: Unknown error');
-    }
-}
-// Tool definition
+/**
+ * write_file tool — Create or overwrite a file. Requires approval.
+ */
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { validatePath } from '../utils/path-validation.js';
+import { requestApproval } from '../utils/approval.js';
 export const writeFileTool = {
     type: 'function',
     function: {
         name: 'write_file',
-        description: 'Create a new file or completely overwrite an existing file with new content. Use this when you need to create new files or update existing ones. The file will be created in the current working directory or subdirectories.',
+        description: 'Create a new file or overwrite an existing file with the given content. Prefer edit_file for modifying existing files.',
         parameters: {
             type: 'object',
             properties: {
-                file_path: {
-                    type: 'string',
-                    description: 'The path to the file to write, relative to the current working directory. Examples: "src/newfile.ts", "config.json", "README.md"'
-                },
-                content: {
-                    type: 'string',
-                    description: 'The content to write to the file. This will completely replace any existing content.'
-                }
+                file_path: { type: 'string', description: 'Path to the file to write (relative to working directory).' },
+                content: { type: 'string', description: 'The full content to write to the file.' },
             },
-            required: ['file_path', 'content']
-        }
-    }
+            required: ['file_path', 'content'],
+        },
+    },
 };
+export async function writeFile(filePath, content, sessionId) {
+    const validated = await validatePath(filePath);
+    // Request approval
+    const preview = content.length > 500
+        ? `${content.slice(0, 250)}\n... (${content.length} chars total) ...\n${content.slice(-250)}`
+        : content;
+    const approved = await requestApproval({
+        id: `write-${Date.now()}`,
+        type: 'file_write',
+        description: `Write file: ${filePath}`,
+        detail: preview,
+        sessionId,
+        sessionScopeKey: `file_write:${validated}`,
+    });
+    if (!approved) {
+        return `Operation cancelled: write to ${filePath} was rejected by user.`;
+    }
+    // Ensure parent directory exists
+    await fs.mkdir(path.dirname(validated), { recursive: true });
+    // Atomic write: write to temp file then rename
+    const tmpPath = path.join(path.dirname(validated), `.protoagent-write-${process.pid}-${Date.now()}-${path.basename(validated)}`);
+    try {
+        await fs.writeFile(tmpPath, content, 'utf8');
+        await fs.rename(tmpPath, validated);
+    }
+    finally {
+        await fs.rm(tmpPath, { force: true }).catch(() => undefined);
+    }
+    const lines = content.split('\n').length;
+    return `Successfully wrote ${lines} lines to ${filePath}`;
+}

package/dist/utils/approval.js

@@ -0,0 +1,69 @@
+/**
+ * Approval system for destructive operations.
+ *
+ * Two categories of approval:
+ *  1. File operations (write_file, edit_file)
+ *  2. Shell commands (non-whitelisted)
+ *
+ * Approval can be granted:
+ *  - Per-operation (one-time)
+ *  - Per-operation-type for the session (e.g., "approve all writes")
+ *  - Globally via --dangerously-accept-all
+ *
+ * In the Ink UI, approvals are handled by emitting an event and waiting
+ * for the UI to resolve it (instead of blocking on stdin with inquirer).
+ */
+// Global state
+let dangerouslyAcceptAll = false;
+const sessionApprovals = new Set(); // stores approval keys scoped by session
+// Callback that the Ink UI provides to handle interactive approval
+let approvalHandler = null;
+export function setDangerouslyAcceptAll(value) {
+    dangerouslyAcceptAll = value;
+}
+export function isDangerouslyAcceptAll() {
+    return dangerouslyAcceptAll;
+}
+export function setApprovalHandler(handler) {
+    approvalHandler = handler;
+}
+export function clearApprovalHandler() {
+    approvalHandler = null;
+}
+export function clearSessionApprovals() {
+    sessionApprovals.clear();
+}
+function getApprovalScopeKey(req) {
+    const sessionId = req.sessionId ?? '__global__';
+    const scope = req.sessionScopeKey ?? req.type;
+    return `${sessionId}:${scope}`;
+}
+/**
+ * Request approval for an operation. Returns true if approved.
+ *
+ * Check order:
+ *  1. --dangerously-accept-all → auto-approve
+ *  2. Session approval for this type → auto-approve
+ *  3. Interactive prompt via the UI handler
+ *  4. No handler registered → reject (fail closed)
+ */
+export async function requestApproval(req) {
+    if (dangerouslyAcceptAll)
+        return true;
+    const sessionKey = getApprovalScopeKey(req);
+    if (sessionApprovals.has(sessionKey))
+        return true;
+    if (!approvalHandler) {
+        return false;
+    }
+    const response = await approvalHandler(req);
+    switch (response) {
+        case 'approve_once':
+            return true;
+        case 'approve_session':
+            sessionApprovals.add(sessionKey);
+            return true;
+        case 'reject':
+            return false;
+    }
+}

package/dist/utils/compactor.js

@@ -0,0 +1,87 @@
+/**
+ * Conversation compaction.
+ *
+ * When the conversation approaches the context window limit (≥ 90%),
+ * the compactor summarises the older messages using the LLM and replaces
+ * them with a compact summary. The most recent messages are kept
+ * verbatim so the agent doesn't lose immediate context.
+ */
+import { estimateConversationTokens } from './cost-tracker.js';
+import { logger } from './logger.js';
+const RECENT_MESSAGES_TO_KEEP = 5;
+function isProtectedSkillMessage(message) {
+    return message.role === 'tool' && typeof message.content === 'string' && message.content.includes('<skill_content ');
+}
+const COMPRESSION_PROMPT = `You are a conversation state manager. Your job is to compress a conversation history into a compact summary that preserves all important context.
+
+Produce a structured summary in this format:
+
+<state_snapshot>
+<overall_goal>What the user is trying to accomplish</overall_goal>
+<key_knowledge>Important facts, conventions, constraints discovered</key_knowledge>
+<file_system_state>Files created, read, modified, or deleted (with paths)</file_system_state>
+<recent_actions>Last significant actions and their outcomes</recent_actions>
+<current_plan>Current step-by-step plan with status: [DONE], [IN PROGRESS], [TODO]</current_plan>
+</state_snapshot>
+
+Be thorough but concise. Do not lose any information that would be needed to continue the conversation.`;
+/**
+ * Compact a conversation if it exceeds the context window threshold.
+ * Returns the original messages if compaction isn't needed or fails.
+ */
+export async function compactIfNeeded(client, model, messages, contextWindow, currentTokens) {
+    const utilisation = (currentTokens / contextWindow) * 100;
+    if (utilisation < 90)
+        return messages;
+    logger.info(`Compacting conversation (${utilisation.toFixed(1)}% of context window used)`);
+    try {
+        return await compactConversation(client, model, messages);
+    }
+    catch (err) {
+        logger.error(`Compaction failed, continuing with original messages: ${err}`);
+        return messages;
+    }
+}
+async function compactConversation(client, model, messages) {
+    // Separate system message, history to compress, and recent messages
+    const systemMessage = messages[0];
+    const recentMessages = messages.slice(-RECENT_MESSAGES_TO_KEEP);
+    const middleMessages = messages.slice(1, messages.length - RECENT_MESSAGES_TO_KEEP);
+    const protectedMessages = middleMessages.filter(isProtectedSkillMessage);
+    const historyToCompress = middleMessages.filter((message) => !isProtectedSkillMessage(message));
+    if (historyToCompress.length === 0) {
+        logger.debug('Nothing to compact — conversation too short');
+        return messages;
+    }
+    // Build compression request
+    const compressionMessages = [
+        { role: 'system', content: COMPRESSION_PROMPT },
+        {
+            role: 'user',
+            content: `Here is the conversation history to compress:\n\n${historyToCompress
+                .map((m) => `[${m.role}]: ${m.content || JSON.stringify(m.tool_calls || '')}`)
+                .join('\n\n')}`,
+        },
+    ];
+    const response = await client.chat.completions.create({
+        model,
+        messages: compressionMessages,
+        max_tokens: 2000,
+        temperature: 0.1,
+    });
+    const summary = response.choices[0]?.message?.content;
+    if (!summary) {
+        throw new Error('Compression returned empty response');
+    }
+    // Reconstruct: system + summary + recent messages
+    const compacted = [
+        systemMessage,
+        { role: 'system', content: `Previous conversation summary:\n\n${summary}` },
+        ...protectedMessages,
+        ...recentMessages,
+    ];
+    const oldTokens = estimateConversationTokens(messages);
+    const newTokens = estimateConversationTokens(compacted);
+    logger.info(`Compacted ${oldTokens} → ${newTokens} tokens (${((1 - newTokens / oldTokens) * 100).toFixed(0)}% reduction)`);
+    return compacted;
+}