triflux 10.3.2 → 10.3.4

package/scripts/completions/tfx.fish

@@ -1,44 +1,44 @@
-# Installation: ~/.config/fish/completions/에 복사
-# e.g., cp /path/to/tfx.fish ~/.config/fish/completions/tfx.fish
-
-set -l commands setup doctor multi hub auto codex gemini
-set -l multi_cmds status stop kill attach list
-set -l hub_cmds start stop status restart
-
-complete -c tfx -f
-
-# Subcommands
-complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "setup" -d "Setup and sync files"
-complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "doctor" -d "Diagnose CLI and issues"
-complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "multi" -d "Multi-CLI team mode"
-complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "hub" -d "MCP message bus management"
-complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "auto" -d "Auto mode"
-complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "codex" -d "Codex mode"
-complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "gemini" -d "Gemini mode"
-
-# Doctor flags
-complete -c tfx -n "__fish_seen_subcommand_from doctor" -l fix -d "Auto fix issues"
-complete -c tfx -n "__fish_seen_subcommand_from doctor" -l reset -d "Reset all caches"
-
-# Multi subcommands
-complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "status"
-complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "stop"
-complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "kill"
-complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "attach"
-complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "list"
-
-# Hub subcommands
-complete -c tfx -n "__fish_seen_subcommand_from hub; and not __fish_seen_subcommand_from $hub_cmds" -a "start"
-complete -c tfx -n "__fish_seen_subcommand_from hub; and not __fish_seen_subcommand_from $hub_cmds" -a "stop"
-complete -c tfx -n "__fish_seen_subcommand_from hub; and not __fish_seen_subcommand_from $hub_cmds" -a "status"
-complete -c tfx -n "__fish_seen_subcommand_from hub; and not __fish_seen_subcommand_from $hub_cmds" -a "restart"
-
-# Global or multi flags
-set -l flags_cond "__fish_seen_subcommand_from setup multi auto codex gemini"
-complete -c tfx -n "$flags_cond" -l thorough -d "Thorough execution"
-complete -c tfx -n "$flags_cond" -l quick -d "Quick execution"
-complete -c tfx -n "$flags_cond" -l tmux -d "Use tmux"
-complete -c tfx -n "$flags_cond" -l psmux -d "Use psmux"
-complete -c tfx -n "$flags_cond" -l agents -d "Specify agents"
-complete -c tfx -n "$flags_cond" -l no-attach -d "Do not attach"
-complete -c tfx -n "$flags_cond" -l timeout -d "Set timeout"
+# Installation: ~/.config/fish/completions/에 복사
+# e.g., cp /path/to/tfx.fish ~/.config/fish/completions/tfx.fish
+
+set -l commands setup doctor multi hub auto codex gemini
+set -l multi_cmds status stop kill attach list
+set -l hub_cmds start stop status restart
+
+complete -c tfx -f
+
+# Subcommands
+complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "setup" -d "Setup and sync files"
+complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "doctor" -d "Diagnose CLI and issues"
+complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "multi" -d "Multi-CLI team mode"
+complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "hub" -d "MCP message bus management"
+complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "auto" -d "Auto mode"
+complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "codex" -d "Codex mode"
+complete -c tfx -n "not __fish_seen_subcommand_from $commands" -a "gemini" -d "Gemini mode"
+
+# Doctor flags
+complete -c tfx -n "__fish_seen_subcommand_from doctor" -l fix -d "Auto fix issues"
+complete -c tfx -n "__fish_seen_subcommand_from doctor" -l reset -d "Reset all caches"
+
+# Multi subcommands
+complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "status"
+complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "stop"
+complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "kill"
+complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "attach"
+complete -c tfx -n "__fish_seen_subcommand_from multi; and not __fish_seen_subcommand_from $multi_cmds" -a "list"
+
+# Hub subcommands
+complete -c tfx -n "__fish_seen_subcommand_from hub; and not __fish_seen_subcommand_from $hub_cmds" -a "start"
+complete -c tfx -n "__fish_seen_subcommand_from hub; and not __fish_seen_subcommand_from $hub_cmds" -a "stop"
+complete -c tfx -n "__fish_seen_subcommand_from hub; and not __fish_seen_subcommand_from $hub_cmds" -a "status"
+complete -c tfx -n "__fish_seen_subcommand_from hub; and not __fish_seen_subcommand_from $hub_cmds" -a "restart"
+
+# Global or multi flags
+set -l flags_cond "__fish_seen_subcommand_from setup multi auto codex gemini"
+complete -c tfx -n "$flags_cond" -l thorough -d "Thorough execution"
+complete -c tfx -n "$flags_cond" -l quick -d "Quick execution"
+complete -c tfx -n "$flags_cond" -l tmux -d "Use tmux"
+complete -c tfx -n "$flags_cond" -l psmux -d "Use psmux"
+complete -c tfx -n "$flags_cond" -l agents -d "Specify agents"
+complete -c tfx -n "$flags_cond" -l no-attach -d "Do not attach"
+complete -c tfx -n "$flags_cond" -l timeout -d "Set timeout"

package/scripts/completions/tfx.zsh

@@ -1,83 +1,83 @@
-#compdef tfx
-# Installation: fpath에 추가 후 compinit
-# e.g., fpath=(/path/to/dir $fpath) && compinit
-
-_tfx() {
-    local line state
-    local -a commands multi_cmds hub_cmds flags
-
-    commands=(
-        'setup:Setup and sync files'
-        'doctor:Diagnose CLI and issues'
-        'multi:Multi-CLI team mode'
-        'hub:MCP message bus management'
-        'auto:Auto mode'
-        'codex:Codex mode'
-        'gemini:Gemini mode'
-    )
-
-    multi_cmds=(
-        'status:Show status'
-        'stop:Stop multi'
-        'kill:Kill multi'
-        'attach:Attach to multi'
-        'list:List multi sessions'
-    )
-
-    hub_cmds=(
-        'start:Start hub'
-        'stop:Stop hub'
-        'status:Show hub status'
-        'restart:Restart hub'
-    )
-
-    _arguments -C \
-        '1: :->cmds' \
-        '*: :->args'
-
-    case $state in
-        cmds)
-            _describe -t commands 'tfx commands' commands
-            ;;
-        args)
-            case $words[2] in
-                multi)
-                    if (( CURRENT == 3 )) && [[ $words[CURRENT] != -* ]]; then
-                        _describe -t multi_cmds 'multi commands' multi_cmds
-                    else
-                        _arguments \
-                            '--thorough[Thorough execution]' \
-                            '--quick[Quick execution]' \
-                            '--tmux[Use tmux]' \
-                            '--psmux[Use psmux]' \
-                            '--agents[Specify agents]' \
-                            '--no-attach[Do not attach]' \
-                            '--timeout[Set timeout]'
-                    fi
-                    ;;
-                hub)
-                    if (( CURRENT == 3 )); then
-                        _describe -t hub_cmds 'hub commands' hub_cmds
-                    fi
-                    ;;
-                doctor)
-                    _arguments \
-                        '--fix[Auto fix issues]' \
-                        '--reset[Reset all caches]'
-                    ;;
-                *)
-                    _arguments \
-                        '--thorough[Thorough execution]' \
-                        '--quick[Quick execution]' \
-                        '--tmux[Use tmux]' \
-                        '--psmux[Use psmux]' \
-                        '--agents[Specify agents]' \
-                        '--no-attach[Do not attach]' \
-                        '--timeout[Set timeout]'
-                    ;;
-            esac
-            ;;
-    esac
-}
-
-_tfx "$@"
+#compdef tfx
+# Installation: fpath에 추가 후 compinit
+# e.g., fpath=(/path/to/dir $fpath) && compinit
+
+_tfx() {
+    local line state
+    local -a commands multi_cmds hub_cmds flags
+
+    commands=(
+        'setup:Setup and sync files'
+        'doctor:Diagnose CLI and issues'
+        'multi:Multi-CLI team mode'
+        'hub:MCP message bus management'
+        'auto:Auto mode'
+        'codex:Codex mode'
+        'gemini:Gemini mode'
+    )
+
+    multi_cmds=(
+        'status:Show status'
+        'stop:Stop multi'
+        'kill:Kill multi'
+        'attach:Attach to multi'
+        'list:List multi sessions'
+    )
+
+    hub_cmds=(
+        'start:Start hub'
+        'stop:Stop hub'
+        'status:Show hub status'
+        'restart:Restart hub'
+    )
+
+    _arguments -C \
+        '1: :->cmds' \
+        '*: :->args'
+
+    case $state in
+        cmds)
+            _describe -t commands 'tfx commands' commands
+            ;;
+        args)
+            case $words[2] in
+                multi)
+                    if (( CURRENT == 3 )) && [[ $words[CURRENT] != -* ]]; then
+                        _describe -t multi_cmds 'multi commands' multi_cmds
+                    else
+                        _arguments \
+                            '--thorough[Thorough execution]' \
+                            '--quick[Quick execution]' \
+                            '--tmux[Use tmux]' \
+                            '--psmux[Use psmux]' \
+                            '--agents[Specify agents]' \
+                            '--no-attach[Do not attach]' \
+                            '--timeout[Set timeout]'
+                    fi
+                    ;;
+                hub)
+                    if (( CURRENT == 3 )); then
+                        _describe -t hub_cmds 'hub commands' hub_cmds
+                    fi
+                    ;;
+                doctor)
+                    _arguments \
+                        '--fix[Auto fix issues]' \
+                        '--reset[Reset all caches]'
+                    ;;
+                *)
+                    _arguments \
+                        '--thorough[Thorough execution]' \
+                        '--quick[Quick execution]' \
+                        '--tmux[Use tmux]' \
+                        '--psmux[Use psmux]' \
+                        '--agents[Specify agents]' \
+                        '--no-attach[Do not attach]' \
+                        '--timeout[Set timeout]'
+                    ;;
+            esac
+            ;;
+    esac
+}
+
+_tfx "$@"

package/scripts/demo.mjs

@@ -0,0 +1,169 @@
+#!/usr/bin/env node
+
+import childProcess from "node:child_process";
+import { parseArgs } from "node:util";
+
+const { values: flags } = parseArgs({
+  options: {
+    "dry-run": { type: "boolean", default: false },
+    keep: { type: "boolean", default: false },
+  },
+  strict: false,
+});
+
+const SESSION_NAME = "triflux-demo";
+
+const WORKERS = [
+  {
+    pane: 0,
+    agent: "codex",
+    messages: [
+      "[codex] Analyzing auth module...",
+      "[codex] Refactoring JWT validation...",
+      "[codex] Done ✓",
+    ],
+  },
+  {
+    pane: 1,
+    agent: "gemini",
+    messages: [
+      "[gemini] Reviewing UI components...",
+      "[gemini] Optimizing render cycle...",
+      "[gemini] Done ✓",
+    ],
+  },
+  {
+    pane: 2,
+    agent: "claude",
+    messages: [
+      "[claude] Security audit in progress...",
+      "[claude] Found 0 vulnerabilities",
+      "[claude] Done ✓",
+    ],
+  },
+];
+
+export function checkPsmux(opts = {}) {
+  if (opts.dryRun) return false;
+  try {
+    childProcess.execFileSync("psmux", ["-V"], { encoding: "utf8", stdio: "pipe" });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export function createDemoSession(sessionName, opts = {}) {
+  if (opts.dryRun) {
+    console.log(`[dry-run] psmux new-session -d -s ${sessionName}`);
+    console.log(`[dry-run] psmux split-window -h -t ${sessionName}`);
+    console.log(`[dry-run] psmux split-window -h -t ${sessionName}`);
+    return;
+  }
+  childProcess.execFileSync("psmux", ["new-session", "-d", "-s", sessionName], { stdio: "pipe" });
+  childProcess.execFileSync("psmux", ["split-window", "-h", "-t", sessionName], { stdio: "pipe" });
+  childProcess.execFileSync("psmux", ["split-window", "-h", "-t", sessionName], { stdio: "pipe" });
+}
+
+export function simulateWorker(pane, agentName, messages, opts = {}) {
+  const sessionName = opts.sessionName || SESSION_NAME;
+  for (const msg of messages) {
+    const escapedMsg = msg.replace(/'/g, "'\\''");
+    if (opts.dryRun) {
+      console.log(`[dry-run] psmux send-keys -t ${sessionName}:0.${pane} "echo '${escapedMsg}'" Enter`);
+    } else {
+      childProcess.execFileSync(
+        "psmux",
+        ["send-keys", "-t", `${sessionName}:0.${pane}`, `echo '${escapedMsg}'`, "Enter"],
+        { stdio: "pipe" },
+      );
+    }
+  }
+}
+
+export function showSummary() {
+  const lines = [
+    "",
+    "=== triflux demo summary ===",
+    "  codex  → JWT auth refactor    [done]",
+    "  gemini → UI render optimize   [done]",
+    "  claude → Security audit       [done]",
+    "============================",
+    "",
+  ];
+  for (const line of lines) {
+    console.log(line);
+  }
+}
+
+export function cleanup(sessionName, opts = {}) {
+  if (opts.dryRun) {
+    console.log(`[dry-run] psmux kill-session -t ${sessionName}`);
+    return;
+  }
+  try {
+    childProcess.execFileSync("psmux", ["kill-session", "-t", sessionName], { stdio: "pipe" });
+  } catch {
+    // session may already be gone
+  }
+}
+
+async function wait(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function main() {
+  const { values: flags } = parseArgs({
+    options: {
+      "dry-run": { type: "boolean", default: false },
+      keep: { type: "boolean", default: false },
+    },
+    strict: false,
+  });
+
+  const psmuxAvailable = checkPsmux({ dryRun: flags["dry-run"] });
+  const dryRun = flags["dry-run"] || !psmuxAvailable;
+
+  if (!psmuxAvailable && !flags["dry-run"]) {
+    console.log("[demo] psmux not found — switching to dry-run mode");
+  }
+
+  const opts = {
+    dryRun,
+    keep: flags.keep,
+    sessionName: SESSION_NAME,
+  };
+
+  createDemoSession(SESSION_NAME, opts);
+
+  for (const { pane, agent, messages } of WORKERS) {
+    simulateWorker(pane, agent, messages, opts);
+  }
+
+  if (!opts.dryRun) {
+    await wait(2000);
+  }
+  
+  showSummary();
+
+  if (!opts.keep) {
+    cleanup(SESSION_NAME, opts);
+  }
+}
+
+// Only run main when executed directly (not imported as a module)
+// Normalize both paths to forward-slash for cross-platform comparison
+function isDirectExec() {
+  if (!process.argv[1]) return false;
+  const scriptPath = new URL(import.meta.url).pathname.replace(/^\/([A-Za-z]:)/, "$1");
+  const argv1 = process.argv[1].replace(/\\/g, "/");
+  const norm = scriptPath.replace(/\\/g, "/");
+  return argv1 === norm || argv1.endsWith(norm);
+}
+
+if (isDirectExec()) {
+  main().catch((err) => {
+    console.error("demo error:", err.message);
+    process.exit(1);
+  });
+}

package/scripts/headless-guard.mjs

@@ -202,8 +202,12 @@ async function main() {
     // codex/gemini 직접 CLI 호출 → deny (인라인 TFX_ALLOW_DIRECT_CLI=1 우회 허용)
     // 복합 명령(&&, ||, ;, |) 분리 후 각 세그먼트의 커맨드 위치만 검사 (args/quotes 안의 codex는 무시)
     // NOTE: || 는 | 보다 먼저 매칭되므로 logical OR이 단일 pipe로 잘못 분리되지 않음
+    // #37 Bug4: gh/git 명령은 본문에 codex/gemini 문자열이 있어도 차단하지 않음
+    const SAFE_CMD_RE = /^\s*(?:[\w_]+=\S+\s+)*\s*(gh|git)\b/;
     const cmdParts = cmd.split(/\s*(?:&&|\|\||\||;)\s*/);
     let hasDirectCli = cmdParts.some(part => {
+      // gh/git 세그먼트는 건너뜀 (이슈 본문/커밋 메시지 내 codex/gemini 언급은 정상)
+      if (SAFE_CMD_RE.test(part)) return false;
       // 1단계: env var prefix 제거 (FOO=bar ...)
       // 2단계: wrapper prefix 제거 (env, command, nohup, timeout N, 절대경로, bash -c/-lc "...")
       const stripped = part
@@ -216,11 +220,19 @@ async function main() {
     });
     // 2차 휴리스틱: 1차 세그먼트 검사를 통과한 간접 실행 패턴 탐지
     // full AST 파서 대신 현실적 위협 벡터만 커버 — eval, subshell, variable 확장
+    // 2차 휴리스틱: 간접 실행 패턴 탐지 (eval, subshell, variable 확장)
     if (!hasDirectCli) {
-      hasDirectCli = (
-        /\beval\b.*\b(codex\s+exec|gemini\s+(-p|--prompt))\b/i.test(cmd) ||
-        /\$[({].*\b(codex\s+exec|gemini\s+(-p|--prompt))\b/i.test(cmd)
-      );
+      const isAllSafeCmd = cmdParts.every(p => SAFE_CMD_RE.test(p));
+      if (isAllSafeCmd) {
+        // gh/git 전용: $(codex exec ...) 직접 명령 치환만 차단
+        // $(cat <<'EOF'\n...codex exec text...\nEOF) 같은 heredoc 텍스트는 허용
+        hasDirectCli = /\$\(\s*(codex\s+exec|gemini\s+(-p|--prompt))\b/i.test(cmd);
+      } else {
+        hasDirectCli = (
+          /\beval\b.*\b(codex\s+exec|gemini\s+(-p|--prompt))\b/i.test(cmd) ||
+          /\$[({].*\b(codex\s+exec|gemini\s+(-p|--prompt))\b/i.test(cmd)
+        );
+      }
     }
 
     if (hasDirectCli) {