vcode-cli 1.0.0

package/lib/operations/filesystem.js

@@ -0,0 +1,165 @@
+/**
+ * V Code — File System Operations.
+ * Read, write, create, delete, rename, move files and directories.
+ */
+
+import {
+  readFileSync, writeFileSync, unlinkSync, renameSync, copyFileSync,
+  mkdirSync, rmSync, existsSync, readdirSync, statSync, readFile,
+} from 'fs';
+import { join, dirname, basename } from 'path';
+import { requestPermission } from '../permissions.js';
+
+/**
+ * Read a file's contents.
+ */
+export async function readFileOp(filePath) {
+  const allowed = await requestPermission('READ_FILE', filePath);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    const content = readFileSync(filePath, 'utf8');
+    return { success: true, content, path: filePath };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Read specific lines from a file.
+ */
+export async function readFileLinesOp(filePath, startLine, endLine) {
+  const detail = `${filePath} (lines ${startLine}-${endLine})`;
+  const allowed = await requestPermission('READ_FILE_LINES', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    const lines = readFileSync(filePath, 'utf8').split('\n');
+    const selected = lines.slice(startLine - 1, endLine);
+    return { success: true, content: selected.join('\n'), path: filePath, startLine, endLine };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Write content to a file (create or overwrite).
+ */
+export async function writeFileOp(filePath, content) {
+  const action = existsSync(filePath) ? 'WRITE_FILE' : 'CREATE_FILE';
+  const allowed = await requestPermission(action, filePath);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    mkdirSync(dirname(filePath), { recursive: true });
+    writeFileSync(filePath, content, 'utf8');
+    return { success: true, path: filePath };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Delete a file.
+ */
+export async function deleteFileOp(filePath) {
+  const allowed = await requestPermission('DELETE_FILE', filePath);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    unlinkSync(filePath);
+    return { success: true, path: filePath };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Rename / move a file.
+ */
+export async function renameFileOp(oldPath, newPath) {
+  const detail = `${oldPath} → ${newPath}`;
+  const allowed = await requestPermission('RENAME_FILE', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    mkdirSync(dirname(newPath), { recursive: true });
+    renameSync(oldPath, newPath);
+    return { success: true, oldPath, newPath };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Move a file (alias for rename with cross-device support).
+ */
+export async function moveFileOp(oldPath, newPath) {
+  const detail = `${oldPath} → ${newPath}`;
+  const allowed = await requestPermission('MOVE_FILE', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    mkdirSync(dirname(newPath), { recursive: true });
+    try {
+      renameSync(oldPath, newPath);
+    } catch {
+      // Cross-device move: copy then delete
+      copyFileSync(oldPath, newPath);
+      unlinkSync(oldPath);
+    }
+    return { success: true, oldPath, newPath };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Create a directory.
+ */
+export async function createDirOp(dirPath) {
+  const allowed = await requestPermission('CREATE_DIR', dirPath);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    mkdirSync(dirPath, { recursive: true });
+    return { success: true, path: dirPath };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Delete a directory recursively.
+ */
+export async function deleteDirOp(dirPath) {
+  const allowed = await requestPermission('DELETE_DIR', `${dirPath} (recursive)`);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    rmSync(dirPath, { recursive: true, force: true });
+    return { success: true, path: dirPath };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * List directory contents.
+ */
+export async function listDirOp(dirPath) {
+  const allowed = await requestPermission('LIST_DIR', dirPath);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    const entries = readdirSync(dirPath, { withFileTypes: true });
+    const items = entries.map(e => ({
+      name: e.name,
+      type: e.isDirectory() ? 'directory' : 'file',
+      size: e.isFile() ? statSync(join(dirPath, e.name)).size : undefined,
+    }));
+    return { success: true, path: dirPath, items };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}

package/lib/operations/keyboard.js

@@ -0,0 +1,88 @@
+/**
+ * V Code — Keyboard Control Operations.
+ * Type text, press keys, keyboard shortcuts.
+ */
+
+import { requestPermission } from '../permissions.js';
+
+let nativeAvailable = false;
+let keyboard, Key;
+
+try {
+  const nutjs = await import('@nut-tree/nut-js');
+  keyboard = nutjs.keyboard;
+  Key = nutjs.Key;
+  nativeAvailable = true;
+} catch {
+  // Native module not installed
+}
+
+function checkNative() {
+  if (!nativeAvailable) {
+    return { success: false, error: 'Keyboard control requires @nut-tree/nut-js. Install with: npm install -g @nut-tree/nut-js' };
+  }
+  return null;
+}
+
+/**
+ * Type text string.
+ */
+export async function keyType(text) {
+  const err = checkNative();
+  if (err) return err;
+
+  const preview = text.length > 60 ? text.substring(0, 60) + '...' : text;
+  const detail = `Type: "${preview}"`;
+  const allowed = await requestPermission('KEY_TYPE', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    await keyboard.type(text);
+    return { success: true, text };
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+/**
+ * Press a key or key combination (e.g. 'ctrl+c', 'enter', 'alt+tab').
+ */
+export async function keyPress(keys) {
+  const err = checkNative();
+  if (err) return err;
+
+  const detail = `Press: ${keys}`;
+  const allowed = await requestPermission('KEY_PRESS', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    const keyParts = keys.split('+').map(k => k.trim().toLowerCase());
+    const mappedKeys = keyParts.map(k => {
+      const keyMap = {
+        'ctrl': Key.LeftControl, 'control': Key.LeftControl,
+        'alt': Key.LeftAlt, 'option': Key.LeftAlt,
+        'shift': Key.LeftShift,
+        'super': Key.LeftSuper, 'meta': Key.LeftSuper, 'cmd': Key.LeftSuper, 'command': Key.LeftSuper,
+        'enter': Key.Return, 'return': Key.Return,
+        'tab': Key.Tab, 'escape': Key.Escape, 'esc': Key.Escape,
+        'space': Key.Space, 'backspace': Key.Backspace, 'delete': Key.Delete,
+        'up': Key.Up, 'down': Key.Down, 'left': Key.Left, 'right': Key.Right,
+        'home': Key.Home, 'end': Key.End, 'pageup': Key.PageUp, 'pagedown': Key.PageDown,
+        'f1': Key.F1, 'f2': Key.F2, 'f3': Key.F3, 'f4': Key.F4,
+        'f5': Key.F5, 'f6': Key.F6, 'f7': Key.F7, 'f8': Key.F8,
+        'f9': Key.F9, 'f10': Key.F10, 'f11': Key.F11, 'f12': Key.F12,
+      };
+      return keyMap[k] || Key[k.charAt(0).toUpperCase() + k.slice(1)] || Key[k.toUpperCase()];
+    }).filter(Boolean);
+
+    if (mappedKeys.length === 0) {
+      return { success: false, error: `Unknown key combination: ${keys}` };
+    }
+
+    await keyboard.pressKey(...mappedKeys);
+    await keyboard.releaseKey(...mappedKeys);
+    return { success: true, keys };
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}

package/lib/operations/mouse.js

@@ -0,0 +1,114 @@
+/**
+ * V Code — Mouse Control Operations.
+ * Move, click, drag using native bindings.
+ * Falls back gracefully if native modules aren't available.
+ */
+
+import { requestPermission } from '../permissions.js';
+
+let nativeAvailable = false;
+let mouse, screen, Point, Button;
+
+try {
+  const nutjs = await import('@nut-tree/nut-js');
+  mouse = nutjs.mouse;
+  screen = nutjs.screen;
+  Point = nutjs.Point;
+  Button = nutjs.Button;
+  nativeAvailable = true;
+} catch {
+  // Native module not installed — operations will report unavailable
+}
+
+function checkNative() {
+  if (!nativeAvailable) {
+    return { success: false, error: 'Mouse control requires @nut-tree/nut-js. Install with: npm install -g @nut-tree/nut-js' };
+  }
+  return null;
+}
+
+/**
+ * Move mouse to coordinates.
+ */
+export async function mouseMove(x, y) {
+  const err = checkNative();
+  if (err) return err;
+
+  const detail = `Move mouse to (${x}, ${y})`;
+  const allowed = await requestPermission('MOUSE_MOVE', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    await mouse.setPosition(new Point(x, y));
+    return { success: true, x, y };
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+/**
+ * Click at current or specified position.
+ */
+export async function mouseClick(button = 'left', x, y) {
+  const err = checkNative();
+  if (err) return err;
+
+  const detail = `${button} click` + (x !== undefined ? ` at (${x}, ${y})` : ' at current position');
+  const allowed = await requestPermission('MOUSE_CLICK', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    if (x !== undefined && y !== undefined) {
+      await mouse.setPosition(new Point(x, y));
+    }
+    const btn = button === 'right' ? Button.RIGHT : Button.LEFT;
+    await mouse.click(btn);
+    return { success: true, button, x, y };
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+/**
+ * Double click.
+ */
+export async function mouseDoubleClick(x, y) {
+  const err = checkNative();
+  if (err) return err;
+
+  const detail = `Double click` + (x !== undefined ? ` at (${x}, ${y})` : ' at current position');
+  const allowed = await requestPermission('MOUSE_CLICK', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    if (x !== undefined && y !== undefined) {
+      await mouse.setPosition(new Point(x, y));
+    }
+    await mouse.doubleClick(Button.LEFT);
+    return { success: true, x, y };
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}
+
+/**
+ * Drag from one point to another.
+ */
+export async function mouseDrag(fromX, fromY, toX, toY) {
+  const err = checkNative();
+  if (err) return err;
+
+  const detail = `Drag from (${fromX}, ${fromY}) to (${toX}, ${toY})`;
+  const allowed = await requestPermission('MOUSE_DRAG', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    await mouse.setPosition(new Point(fromX, fromY));
+    await mouse.pressButton(Button.LEFT);
+    await mouse.setPosition(new Point(toX, toY));
+    await mouse.releaseButton(Button.LEFT);
+    return { success: true, fromX, fromY, toX, toY };
+  } catch (e) {
+    return { success: false, error: e.message };
+  }
+}

package/lib/operations/process.js

@@ -0,0 +1,66 @@
+/**
+ * V Code — Process Management Operations.
+ * List and kill processes.
+ */
+
+import { exec } from 'child_process';
+import { requestPermission } from '../permissions.js';
+
+/**
+ * List running processes.
+ */
+export async function listProcessesOp() {
+  const allowed = await requestPermission('LIST_PROCESSES', 'List all running processes');
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  const isWin = process.platform === 'win32';
+  const cmd = isWin ? 'tasklist /fo csv /nh' : 'ps aux --sort=-%mem | head -50';
+
+  return new Promise((resolve) => {
+    exec(cmd, { maxBuffer: 5 * 1024 * 1024 }, (err, stdout) => {
+      if (err) {
+        resolve({ success: false, error: err.message });
+        return;
+      }
+
+      let processes;
+      if (isWin) {
+        processes = stdout.trim().split('\n').map(line => {
+          const parts = line.replace(/"/g, '').split(',');
+          return { name: parts[0], pid: parseInt(parts[1]), mem: parts[4] };
+        }).filter(p => !isNaN(p.pid));
+      } else {
+        const lines = stdout.trim().split('\n');
+        const header = lines[0];
+        processes = lines.slice(1).map(line => {
+          const parts = line.trim().split(/\s+/);
+          return {
+            user: parts[0],
+            pid: parseInt(parts[1]),
+            cpu: parseFloat(parts[2]),
+            mem: parseFloat(parts[3]),
+            command: parts.slice(10).join(' '),
+          };
+        });
+      }
+
+      resolve({ success: true, processes });
+    });
+  });
+}
+
+/**
+ * Kill a process by PID.
+ */
+export async function killProcessOp(pid, signal = 'SIGTERM') {
+  const detail = `Kill process PID ${pid} with ${signal}`;
+  const allowed = await requestPermission('KILL_PROCESS', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    process.kill(pid, signal);
+    return { success: true, pid, signal };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}

package/lib/operations/screenshot.js

@@ -0,0 +1,56 @@
+/**
+ * V Code — Screenshot Operations.
+ * Capture full screen or specific windows.
+ */
+
+import { requestPermission } from '../permissions.js';
+import { tmpdir } from 'os';
+import { join } from 'path';
+import { readFileSync, unlinkSync } from 'fs';
+
+let screenshotDesktop;
+try {
+  screenshotDesktop = (await import('screenshot-desktop')).default;
+} catch {
+  // Not available
+}
+
+/**
+ * Capture a screenshot and return as base64.
+ */
+export async function screenshotOp(display = 0) {
+  const detail = `Capture screenshot (display ${display})`;
+  const allowed = await requestPermission('SCREENSHOT', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  if (!screenshotDesktop) {
+    return { success: false, error: 'screenshot-desktop not available. Install with: npm install -g screenshot-desktop' };
+  }
+
+  try {
+    const imgBuffer = await screenshotDesktop({ format: 'png', screen: display });
+    const base64 = imgBuffer.toString('base64');
+    return { success: true, format: 'png', data: base64 };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * List available displays.
+ */
+export async function listDisplaysOp() {
+  const allowed = await requestPermission('SCREENSHOT', 'List available displays');
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  if (!screenshotDesktop || !screenshotDesktop.listDisplays) {
+    return { success: true, displays: [{ id: 0, name: 'Primary' }] };
+  }
+
+  try {
+    const displays = await screenshotDesktop.listDisplays();
+    return { success: true, displays };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}

package/lib/operations/terminal.js

@@ -0,0 +1,85 @@
+/**
+ * V Code — Terminal / Shell Operations.
+ * Execute shell commands with permission checks.
+ */
+
+import { exec, spawn } from 'child_process';
+import { requestPermission } from '../permissions.js';
+
+/**
+ * Execute a shell command and return its output.
+ * @param {string} command — the command to run
+ * @param {string} [cwd] — working directory
+ * @param {number} [timeout] — timeout in ms (default 60000)
+ */
+export async function execCommandOp(command, cwd = process.cwd(), timeout = 60000) {
+  const detail = `\`${command}\` in ${cwd}`;
+  const allowed = await requestPermission('EXEC_COMMAND', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  return new Promise((resolve) => {
+    exec(command, { cwd, timeout, maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
+      if (error) {
+        resolve({
+          success: false,
+          exitCode: error.code,
+          stdout: stdout?.toString() || '',
+          stderr: stderr?.toString() || error.message,
+        });
+      } else {
+        resolve({
+          success: true,
+          exitCode: 0,
+          stdout: stdout?.toString() || '',
+          stderr: stderr?.toString() || '',
+        });
+      }
+    });
+  });
+}
+
+/**
+ * Spawn a long-running command and stream output.
+ * Returns a handle to the running process.
+ */
+export async function spawnCommandOp(command, args = [], cwd = process.cwd()) {
+  const detail = `\`${command} ${args.join(' ')}\` in ${cwd}`;
+  const allowed = await requestPermission('EXEC_COMMAND', detail);
+  if (!allowed) return { success: false, error: 'Permission denied' };
+
+  try {
+    const child = spawn(command, args, {
+      cwd,
+      shell: true,
+      stdio: ['pipe', 'pipe', 'pipe'],
+    });
+
+    let stdout = '';
+    let stderr = '';
+
+    child.stdout.on('data', (data) => { stdout += data.toString(); });
+    child.stderr.on('data', (data) => { stderr += data.toString(); });
+
+    return new Promise((resolve) => {
+      child.on('close', (code) => {
+        resolve({
+          success: code === 0,
+          exitCode: code,
+          stdout,
+          stderr,
+        });
+      });
+
+      child.on('error', (err) => {
+        resolve({
+          success: false,
+          exitCode: -1,
+          stdout,
+          stderr: err.message,
+        });
+      });
+    });
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}

package/lib/permissions.js

@@ -0,0 +1,113 @@
+/**
+ * V Code — Permission System.
+ * Every operation requires explicit user approval.
+ * Color-coded by operation severity.
+ */
+
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { logAudit } from './audit.js';
+
+/**
+ * Operation risk levels and their colors.
+ */
+const RISK_COLORS = {
+  destructive: chalk.red,       // delete, kill, format
+  read: chalk.yellow,           // read file, screenshot, list
+  write: chalk.blue,            // create, edit, write
+  execute: chalk.magenta,       // run command, open URL
+  neutral: chalk.white,         // clipboard read, status
+};
+
+/**
+ * Classify an operation type to a risk level.
+ */
+function classifyRisk(opType) {
+  const op = opType.toUpperCase();
+  if (['DELETE_FILE', 'DELETE_DIR', 'KILL_PROCESS', 'MOVE_FILE'].includes(op)) return 'destructive';
+  if (['READ_FILE', 'LIST_DIR', 'SCREENSHOT', 'LIST_PROCESSES', 'CLIPBOARD_READ', 'READ_FILE_LINES'].includes(op)) return 'read';
+  if (['WRITE_FILE', 'CREATE_FILE', 'CREATE_DIR', 'RENAME_FILE', 'CLIPBOARD_WRITE'].includes(op)) return 'write';
+  if (['EXEC_COMMAND', 'OPEN_URL', 'OPEN_FOLDER', 'MOUSE_CLICK', 'MOUSE_MOVE', 'MOUSE_DRAG', 'KEY_TYPE', 'KEY_PRESS'].includes(op)) return 'execute';
+  return 'neutral';
+}
+
+/**
+ * Format the permission prompt for an operation.
+ */
+function formatPrompt(opType, detail) {
+  const risk = classifyRisk(opType);
+  const color = RISK_COLORS[risk];
+  const label = {
+    destructive: '🔴 DESTRUCTIVE',
+    read: '🟡 READ',
+    write: '🔵 WRITE',
+    execute: '🟣 EXECUTE',
+    neutral: '⚪ INFO',
+  }[risk];
+
+  return color(`\n  ${label}  V Code wants to ${opType.replace(/_/g, ' ').toLowerCase()}\n`) +
+    chalk.gray(`  Details: `) + chalk.white(detail) + '\n';
+}
+
+// Session-wide auto-approve flag
+let sessionApproveAll = false;
+
+/**
+ * Set session-wide auto-approve.
+ */
+export function setSessionApproveAll(val) {
+  sessionApproveAll = val;
+}
+
+/**
+ * Check if session is in auto-approve mode.
+ */
+export function isSessionApproveAll() {
+  return sessionApproveAll;
+}
+
+/**
+ * Request permission from the user for an operation.
+ * Returns true if approved, false if denied.
+ */
+export async function requestPermission(opType, detail) {
+  if (sessionApproveAll) {
+    logAudit(opType, detail, 'approved');
+    const risk = classifyRisk(opType);
+    const color = RISK_COLORS[risk];
+    console.log(color(`  ✓ Auto-approved: ${opType.replace(/_/g, ' ').toLowerCase()} — ${detail}`));
+    return true;
+  }
+
+  console.log(formatPrompt(opType, detail));
+
+  const { choice } = await inquirer.prompt([
+    {
+      type: 'expand',
+      name: 'choice',
+      message: 'Allow this operation?',
+      default: 'n',
+      choices: [
+        { key: 'y', name: 'Yes — approve this operation', value: 'yes' },
+        { key: 'n', name: 'No — deny this operation', value: 'no' },
+        { key: 'a', name: 'Approve all for this session', value: 'all' },
+      ],
+    },
+  ]);
+
+  if (choice === 'all') {
+    sessionApproveAll = true;
+    logAudit(opType, detail, 'approved');
+    console.log(chalk.yellow('  ⚠ All operations will be auto-approved for this session.\n'));
+    return true;
+  }
+
+  if (choice === 'yes') {
+    logAudit(opType, detail, 'approved');
+    return true;
+  }
+
+  logAudit(opType, detail, 'denied');
+  console.log(chalk.red('  ✗ Operation denied.\n'));
+  return false;
+}