slashvibe-mcp 0.3.21 → 0.3.22

package/tools/_shared.js

@@ -1,234 +0,0 @@
-/**
- * _shared.js — Common utilities for /vibe MCP tools
- *
- * This module provides shared helpers used across 90+ tools.
- * Import only what you need to keep tool files clean.
- */
-
-const config = require('../config');
-const store = require('../store');
-
-// ─────────────────────────────────────────────────────────────
-// Authentication & Initialization
-// ─────────────────────────────────────────────────────────────
-
-/**
- * Check if user has initialized vibe. Returns error response if not.
- * Use at the top of handler functions:
- *   const initCheck = requireInit();
- *   if (initCheck) return initCheck;
- *
- * @returns {Object|null} Error response object, or null if initialized
- */
-function requireInit() {
-  if (!config.isInitialized()) {
-    return {
-      display: '⚠️ Not initialized. Run `vibe init` first.',
-      error: 'not_initialized'
-    };
-  }
-  return null;
-}
-
-// ─────────────────────────────────────────────────────────────
-// Handle Normalization
-// ─────────────────────────────────────────────────────────────
-
-/**
- * Normalize a handle string (remove @, lowercase, trim)
- * @param {string} handle - Raw handle input
- * @returns {string} Normalized handle
- */
-function normalizeHandle(handle) {
-  if (!handle) return '';
-  return handle.toString().replace(/^@/, '').toLowerCase().trim();
-}
-
-/**
- * Format handle for display (with @)
- * @param {string} handle - Handle to format
- * @returns {string} Display-formatted handle
- */
-function displayHandle(handle) {
-  if (!handle) return '@unknown';
-  const normalized = normalizeHandle(handle);
-  return `@${normalized}`;
-}
-
-// ─────────────────────────────────────────────────────────────
-// Time Formatting
-// ─────────────────────────────────────────────────────────────
-
-/**
- * Format timestamp as relative time (e.g., "5m ago", "2h ago")
- * @param {number} timestamp - Unix timestamp in milliseconds
- * @returns {string} Human-readable relative time
- */
-function formatTimeAgo(timestamp) {
-  if (timestamp === undefined || timestamp === null || isNaN(timestamp)) return 'unknown';
-
-  const now = Date.now();
-  const seconds = Math.floor((now - timestamp) / 1000);
-
-  if (seconds < 0 || isNaN(seconds)) return 'unknown';
-  if (seconds < 60) return 'just now';
-  if (seconds < 3600) return `${Math.floor(seconds / 60)}m ago`;
-  if (seconds < 86400) return `${Math.floor(seconds / 3600)}h ago`;
-  return `${Math.floor(seconds / 86400)}d ago`;
-}
-
-/**
- * Format duration in human-readable form
- * @param {number} ms - Duration in milliseconds
- * @returns {string} Human-readable duration (e.g., "5 minutes", "2 hours")
- */
-function formatDuration(ms) {
-  if (!ms || ms < 0) return 'unknown';
-
-  const seconds = Math.floor(ms / 1000);
-  if (seconds < 60) return `${seconds} second${seconds !== 1 ? 's' : ''}`;
-
-  const minutes = Math.floor(seconds / 60);
-  if (minutes < 60) return `${minutes} minute${minutes !== 1 ? 's' : ''}`;
-
-  const hours = Math.floor(minutes / 60);
-  if (hours < 24) return `${hours} hour${hours !== 1 ? 's' : ''}`;
-
-  const days = Math.floor(hours / 24);
-  return `${days} day${days !== 1 ? 's' : ''}`;
-}
-
-// ─────────────────────────────────────────────────────────────
-// Text Formatting
-// ─────────────────────────────────────────────────────────────
-
-/**
- * Truncate text to max length with ellipsis
- * @param {string} text - Text to truncate
- * @param {number} maxLength - Maximum length (default: 100)
- * @returns {string} Truncated text
- */
-function truncate(text, maxLength = 100) {
-  if (!text) return '';
-  if (text.length <= maxLength) return text;
-  return text.slice(0, maxLength - 3) + '...';
-}
-
-// ─────────────────────────────────────────────────────────────
-// Display Formatting (headers, dividers, status messages)
-// ─────────────────────────────────────────────────────────────
-
-/**
- * Format a section header
- * @param {string} text - Header text
- * @returns {string} Formatted header
- */
-function header(text) {
-  return `\n## ${text}\n`;
-}
-
-/**
- * Horizontal divider
- * @returns {string} Divider string
- */
-function divider() {
-  return '\n---\n';
-}
-
-/**
- * Format empty state message
- * @param {string} message - Message to display
- * @returns {string} Formatted empty state
- */
-function emptyState(message) {
-  return `\n_${message}_\n`;
-}
-
-/**
- * Format success message
- * @param {string} message - Success message
- * @returns {string} Formatted success message
- */
-function success(message) {
-  return `✓ ${message}`;
-}
-
-/**
- * Format warning message
- * @param {string} message - Warning message
- * @returns {string} Formatted warning message
- */
-function warning(message) {
-  return `⚠️ ${message}`;
-}
-
-/**
- * Format error message
- * @param {string} message - Error message
- * @returns {string} Formatted error message
- */
-function error(message) {
-  return `❌ ${message}`;
-}
-
-// ─────────────────────────────────────────────────────────────
-// API Helpers
-// ─────────────────────────────────────────────────────────────
-
-/**
- * Fetch relevant users for a given context
- * Uses the relevancy API to find people worth connecting with
- *
- * @param {string} handle - Current user's handle
- * @param {string} context - Context type: 'dm_suggest', 'notification', etc.
- * @param {number} limit - Max number of results (default: 5)
- * @returns {Promise<{matches: Array}>} Relevant users with reasons
- */
-async function fetchRelevantUsers(handle, context = 'dm_suggest', limit = 5) {
-  try {
-    const apiUrl = config.getApiUrl();
-    const response = await fetch(
-      `${apiUrl}/api/relevancy?handle=${encodeURIComponent(handle)}&context=${context}&limit=${limit}`
-    );
-
-    if (!response.ok) {
-      return { matches: [] };
-    }
-
-    return await response.json();
-  } catch (e) {
-    console.warn('[_shared] fetchRelevantUsers error:', e.message);
-    return { matches: [] };
-  }
-}
-
-// ─────────────────────────────────────────────────────────────
-// Exports
-// ─────────────────────────────────────────────────────────────
-
-module.exports = {
-  // Auth
-  requireInit,
-
-  // Handles
-  normalizeHandle,
-  displayHandle,
-
-  // Time
-  formatTimeAgo,
-  formatDuration,
-
-  // Text
-  truncate,
-
-  // Display
-  header,
-  divider,
-  emptyState,
-  success,
-  warning,
-  error,
-
-  // API
-  fetchRelevantUsers
-};

package/tools/_work-context.js

@@ -1,338 +0,0 @@
-/**
- * Shared work context gathering — used by start.js and work-summary.js
- *
- * SECURITY: Uses execFileSync (not execSync) to prevent shell injection.
- * A malicious branch name like "; rm -rf /" would be harmless with this approach.
- *
- * This module provides:
- * - Git state (branch, recent commits, changed files, uncommitted status)
- * - Project detection (package.json, Cargo.toml, pyproject.toml, or directory name)
- * - Auto-generated suggestions for presence and messages
- */
-
-const { execFileSync } = require('child_process');
-const fs = require('fs');
-const path = require('path');
-
-// ═══════════════════════════════════════════════════════════════════════════
-// SECURITY: Sanitization and limits
-// ═══════════════════════════════════════════════════════════════════════════
-
-// Strip ANSI escape sequences and control characters (prevent terminal injection)
-function sanitize(text) {
-  if (!text) return text;
-  return text
-    .replace(/\x1B\[[0-9;]*[a-zA-Z]/g, '')  // ANSI escape sequences
-    .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, '') // Control chars (keep \t \n \r)
-    .trim();
-}
-
-// Character limits (DoS prevention)
-const LIMITS = {
-  branch: 100,
-  commitMessage: 80,
-  fileName: 50,
-  totalFiles: 10,
-  totalSummary: 200,
-};
-
-function cap(text, limit) {
-  if (!text || text.length <= limit) return text;
-  return text.slice(0, limit - 1) + '…';
-}
-
-// Redaction patterns (prevent accidental secret exposure)
-const REDACT_PATTERNS = [
-  /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,  // emails
-  /[a-fA-F0-9]{32,}/g,                                  // long hex (tokens, hashes)
-  /sk-[a-zA-Z0-9]{20,}/g,                               // OpenAI API keys
-  /ghp_[a-zA-Z0-9]{36}/g,                               // GitHub tokens
-  /\b(password|secret|token|api_key|apikey)\b/gi,       // sensitive words in context
-];
-
-function redact(text) {
-  if (!text) return text;
-  let result = text;
-  for (const pattern of REDACT_PATTERNS) {
-    result = result.replace(pattern, '[REDACTED]');
-  }
-  return result;
-}
-
-// ═══════════════════════════════════════════════════════════════════════════
-// GIT INFO GATHERING (Safe execution)
-// ═══════════════════════════════════════════════════════════════════════════
-
-/**
- * Execute git command safely (no shell, with timeout and output limits)
- * @param {string[]} args - Git command arguments (e.g., ['branch', '--show-current'])
- * @returns {string|null} - Command output or null on failure
- */
-function safeGitExec(args) {
-  try {
-    return execFileSync('git', args, {
-      encoding: 'utf8',
-      timeout: 2000,           // 2s timeout
-      maxBuffer: 100 * 1024,   // 100KB max output
-      shell: false,            // CRITICAL: no shell = no injection
-      stdio: ['pipe', 'pipe', 'pipe']  // Capture stderr too
-    }).trim();
-  } catch (e) {
-    return null;
-  }
-}
-
-/**
- * Get comprehensive git information for the current directory
- */
-function getGitInfo() {
-  // Check if we're in a git repo first
-  const branch = sanitize(safeGitExec(['branch', '--show-current']));
-  if (!branch) {
-    // Not a git repo or detached HEAD - try to get commit hash
-    const headHash = sanitize(safeGitExec(['rev-parse', '--short', 'HEAD']));
-    if (headHash) {
-      return {
-        branch: `detached:${cap(headHash, 10)}`,
-        recentCommits: [],
-        changedFiles: [],
-        hasUncommitted: false,
-        isDetached: true
-      };
-    }
-    return null; // Not a git repo at all
-  }
-
-  // Get recent commits (--no-pager prevents interactive mode)
-  const logOutput = sanitize(safeGitExec(['--no-pager', 'log', '--oneline', '-3'])) || '';
-  const recentCommits = logOutput.split('\n').filter(Boolean).slice(0, 3).map(line => {
-    const [hash, ...msg] = line.split(' ');
-    return {
-      hash: cap(hash, 7),
-      message: redact(cap(msg.join(' '), LIMITS.commitMessage))
-    };
-  });
-
-  // Get changed files (--no-ext-diff --no-textconv prevent custom diff handlers)
-  const diffOutput = sanitize(safeGitExec([
-    '--no-pager', 'diff', '--no-ext-diff', '--no-textconv',
-    '--name-only', 'HEAD~1'
-  ])) || '';
-  const changedFiles = diffOutput.split('\n')
-    .filter(Boolean)
-    .slice(0, LIMITS.totalFiles)
-    .map(f => cap(path.basename(f), LIMITS.fileName)); // Only basename, not full path
-
-  // Check for uncommitted changes (porcelain = machine-readable, safe)
-  const statusOutput = safeGitExec(['status', '--porcelain']);
-
-  return {
-    branch: cap(branch, LIMITS.branch),
-    recentCommits,
-    changedFiles,
-    hasUncommitted: !!statusOutput,
-    isDetached: false
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════
-// PROJECT INFO GATHERING
-// ═══════════════════════════════════════════════════════════════════════════
-
-/**
- * Detect project type and name from manifest files
- */
-function getProjectInfo() {
-  const cwd = process.cwd();
-  const dirName = path.basename(cwd);
-
-  let name = dirName;
-  let type = 'unknown';
-
-  // Try package.json (Node.js projects)
-  try {
-    const pkgPath = path.join(cwd, 'package.json');
-    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
-    name = pkg.name || dirName;
-
-    // Detect more specific type
-    if (pkg.dependencies?.next || pkg.devDependencies?.next) {
-      type = 'nextjs';
-    } else if (pkg.dependencies?.react || pkg.devDependencies?.react) {
-      type = 'react';
-    } else if (pkg.devDependencies?.typescript || pkg.dependencies?.typescript) {
-      type = 'typescript';
-    } else {
-      type = 'node';
-    }
-  } catch (e) {}
-
-  // Try Cargo.toml (Rust projects)
-  try {
-    const cargoPath = path.join(cwd, 'Cargo.toml');
-    fs.accessSync(cargoPath);
-    type = 'rust';
-
-    // Try to extract crate name
-    const cargoContent = fs.readFileSync(cargoPath, 'utf8');
-    const nameMatch = cargoContent.match(/name\s*=\s*"([^"]+)"/);
-    if (nameMatch) name = nameMatch[1];
-  } catch (e) {}
-
-  // Try pyproject.toml (Python projects)
-  try {
-    const pyPath = path.join(cwd, 'pyproject.toml');
-    fs.accessSync(pyPath);
-    type = 'python';
-
-    // Try to extract project name
-    const pyContent = fs.readFileSync(pyPath, 'utf8');
-    const nameMatch = pyContent.match(/name\s*=\s*"([^"]+)"/);
-    if (nameMatch) name = nameMatch[1];
-  } catch (e) {}
-
-  // Try go.mod (Go projects)
-  try {
-    const goPath = path.join(cwd, 'go.mod');
-    const goContent = fs.readFileSync(goPath, 'utf8');
-    type = 'go';
-
-    const moduleMatch = goContent.match(/module\s+(\S+)/);
-    if (moduleMatch) {
-      // Use last part of module path as name
-      const parts = moduleMatch[1].split('/');
-      name = parts[parts.length - 1];
-    }
-  } catch (e) {}
-
-  return {
-    name: cap(name, 50),
-    type,
-    directory: cwd
-  };
-}
-
-// ═══════════════════════════════════════════════════════════════════════════
-// SUGGESTION GENERATION
-// ═══════════════════════════════════════════════════════════════════════════
-
-/**
- * Generate human-readable summaries of current work
- * @param {object} git - Git info from getGitInfo()
- * @param {object} project - Project info from getProjectInfo()
- * @returns {object} - { brief, detailed }
- */
-function generateSuggestions(git, project) {
-  const suggestions = {};
-
-  if (git?.branch && !git.isDetached) {
-    // We have git context - build meaningful summary
-    const branchDesc = ['main', 'master', 'develop'].includes(git.branch) ? '' : ` on ${git.branch}`;
-
-    if (git.recentCommits.length > 0) {
-      // Use most recent commit message as the summary
-      suggestions.brief = `${git.recentCommits[0].message} — ${project.name}`;
-    } else {
-      suggestions.brief = `Working on ${project.name}${branchDesc}`;
-    }
-
-    // Detailed version includes more context
-    const parts = [];
-    if (git.recentCommits.length > 0) {
-      parts.push(`Just pushed: "${git.recentCommits[0].message}"`);
-    }
-    if (branchDesc) {
-      parts.push(branchDesc.trim());
-    }
-    if (git.changedFiles.length > 0) {
-      // Group by directory for context
-      const dirs = [...new Set(git.changedFiles.map(f => {
-        const dir = f.split('/')[0];
-        return dir === f ? '.' : dir;
-      }))];
-      const dirsStr = dirs.slice(0, 2).join(', ');
-      parts.push(`${git.changedFiles.length} files in ${dirsStr}`);
-    }
-    if (git.hasUncommitted) {
-      parts.push('uncommitted changes');
-    }
-
-    suggestions.detailed = parts.join('. ') || suggestions.brief;
-  } else if (git?.isDetached) {
-    // Detached HEAD state
-    suggestions.brief = `Working on ${project.name} (${git.branch})`;
-    suggestions.detailed = suggestions.brief;
-  } else {
-    // No git - just use project info
-    suggestions.brief = `Working on ${project.name}`;
-    suggestions.detailed = suggestions.brief;
-  }
-
-  // Apply final length cap
-  suggestions.brief = cap(suggestions.brief, LIMITS.totalSummary);
-  suggestions.detailed = cap(suggestions.detailed, LIMITS.totalSummary * 2);
-
-  return suggestions;
-}
-
-// ═══════════════════════════════════════════════════════════════════════════
-// MAIN EXPORT
-// ═══════════════════════════════════════════════════════════════════════════
-
-/**
- * Gather complete work context - the main entry point
- * Safe, non-blocking, with graceful degradation
- */
-function gatherWorkContext() {
-  const git = getGitInfo();
-  const project = getProjectInfo();
-  const suggestions = generateSuggestions(git, project);
-
-  return {
-    git,
-    project,
-    suggestions
-  };
-}
-
-/**
- * Gather with timeout - for use in start.js where we can't block
- * @param {number} timeoutMs - Maximum time to wait (default 2000ms)
- */
-async function gatherWithTimeout(timeoutMs = 2000) {
-  return new Promise((resolve) => {
-    // Set a timeout that resolves with minimal fallback
-    const timer = setTimeout(() => {
-      resolve({
-        git: null,
-        project: { name: path.basename(process.cwd()), type: 'unknown', directory: process.cwd() },
-        suggestions: { brief: 'Working locally', detailed: 'Working locally' }
-      });
-    }, timeoutMs);
-
-    // Try to gather context
-    try {
-      const context = gatherWorkContext();
-      clearTimeout(timer);
-      resolve(context);
-    } catch (e) {
-      clearTimeout(timer);
-      resolve({
-        git: null,
-        project: { name: path.basename(process.cwd()), type: 'unknown', directory: process.cwd() },
-        suggestions: { brief: 'Working locally', detailed: 'Working locally' }
-      });
-    }
-  });
-}
-
-module.exports = {
-  gatherWorkContext,
-  gatherWithTimeout,
-  getGitInfo,
-  getProjectInfo,
-  // Exported for testing
-  sanitize,
-  redact,
-  cap
-};