veto-leash 0.1.0 → 0.1.2

package/src/native/cursor.ts

@@ -1,131 +0,0 @@
-// src/native/cursor.ts
-// Cursor integration via .cursorrules
-// Cursor doesn't have a hook/permission system - only AI instruction rules
-// We generate .cursorrules that instruct the AI to respect restrictions
-
-import { existsSync, writeFileSync, readFileSync, appendFileSync } from 'fs';
-import { join } from 'path';
-import type { Policy } from '../types.js';
-import { COLORS, SYMBOLS } from '../ui/colors.js';
-
-const CURSORRULES_FILE = '.cursorrules';
-
-/**
- * Install veto-leash instructions into .cursorrules
- * Note: This only provides AI guidance, not enforcement.
- * For actual enforcement, use wrapper mode: leash cursor "..."
- */
-export async function installCursorRules(): Promise<void> {
-  console.log(`\n${COLORS.info}Installing veto-leash for Cursor...${COLORS.reset}\n`);
-
-  const policies = loadStoredPolicies();
-  
-  if (policies.length === 0) {
-    console.log(`${COLORS.warning}${SYMBOLS.warning} No policies found. Add policies first:${COLORS.reset}`);
-    console.log(`  ${COLORS.dim}leash add "don't delete test files"${COLORS.reset}\n`);
-    return;
-  }
-
-  const rulesContent = generateCursorRules(policies);
-  
-  // Append or create .cursorrules
-  if (existsSync(CURSORRULES_FILE)) {
-    const existing = readFileSync(CURSORRULES_FILE, 'utf-8');
-    if (existing.includes('# veto-leash restrictions')) {
-      // Update existing section
-      const updated = existing.replace(
-        /# veto-leash restrictions[\s\S]*?# end veto-leash/,
-        rulesContent
-      );
-      writeFileSync(CURSORRULES_FILE, updated);
-      console.log(`  ${COLORS.success}${SYMBOLS.success}${COLORS.reset} Updated .cursorrules`);
-    } else {
-      // Append
-      appendFileSync(CURSORRULES_FILE, '\n\n' + rulesContent);
-      console.log(`  ${COLORS.success}${SYMBOLS.success}${COLORS.reset} Appended to .cursorrules`);
-    }
-  } else {
-    writeFileSync(CURSORRULES_FILE, rulesContent);
-    console.log(`  ${COLORS.success}${SYMBOLS.success}${COLORS.reset} Created .cursorrules`);
-  }
-
-  console.log(`\n${COLORS.warning}${SYMBOLS.warning} Note: Cursor rules are AI guidance only, not enforcement.${COLORS.reset}`);
-  console.log(`For actual enforcement, use wrapper mode:`);
-  console.log(`  ${COLORS.dim}leash cursor "<restriction>"${COLORS.reset}\n`);
-}
-
-function generateCursorRules(policies: Policy[]): string {
-  const lines = ['# veto-leash restrictions'];
-  lines.push('# These are mandatory restrictions you MUST follow.');
-  lines.push('');
-  
-  for (const policy of policies) {
-    lines.push(`## ${policy.description}`);
-    lines.push(`Action: ${policy.action}`);
-    lines.push('');
-    lines.push('DO NOT perform the following action on these files:');
-    lines.push('');
-    
-    for (const pattern of policy.include) {
-      lines.push(`- ${pattern}`);
-    }
-    
-    if (policy.exclude.length > 0) {
-      lines.push('');
-      lines.push('EXCEPT these files are allowed:');
-      for (const pattern of policy.exclude) {
-        lines.push(`- ${pattern}`);
-      }
-    }
-    lines.push('');
-  }
-  
-  lines.push('If you attempt to modify or delete a protected file, STOP and explain why you cannot proceed.');
-  lines.push('# end veto-leash');
-  
-  return lines.join('\n');
-}
-
-/**
- * Uninstall veto-leash from .cursorrules
- */
-export async function uninstallCursorRules(): Promise<void> {
-  if (!existsSync(CURSORRULES_FILE)) {
-    console.log(`${COLORS.dim}No .cursorrules file found${COLORS.reset}`);
-    return;
-  }
-
-  const content = readFileSync(CURSORRULES_FILE, 'utf-8');
-  const updated = content.replace(
-    /\n*# veto-leash restrictions[\s\S]*?# end veto-leash\n*/,
-    ''
-  );
-
-  if (updated.trim()) {
-    writeFileSync(CURSORRULES_FILE, updated);
-    console.log(`${COLORS.success}${SYMBOLS.success} Removed veto-leash from .cursorrules${COLORS.reset}`);
-  } else {
-    // File would be empty, delete it
-    require('fs').unlinkSync(CURSORRULES_FILE);
-    console.log(`${COLORS.success}${SYMBOLS.success} Removed .cursorrules${COLORS.reset}`);
-  }
-}
-
-function loadStoredPolicies(): Policy[] {
-  const policiesFile = join(
-    require('os').homedir(),
-    '.config',
-    'veto-leash',
-    'policies.json'
-  );
-  
-  try {
-    if (existsSync(policiesFile)) {
-      const data = JSON.parse(readFileSync(policiesFile, 'utf-8'));
-      return data.policies?.map((p: { policy: Policy }) => p.policy) || [];
-    }
-  } catch {
-    // Ignore
-  }
-  return [];
-}

package/src/native/index.ts

@@ -1,233 +0,0 @@
-// src/native/index.ts
-// Agent registry and unified interface for native integrations
-
-import type { Policy } from '../types.js';
-import { COLORS, SYMBOLS } from '../ui/colors.js';
-
-// Import all agent integrations
-import {
-  installClaudeCodeHook,
-  addClaudeCodePolicy,
-  uninstallClaudeCodeHook,
-} from './claude-code.js';
-import {
-  installOpenCodePermissions,
-  uninstallOpenCodePermissions,
-  savePolicy as saveOpenCodePolicy,
-} from './opencode.js';
-import {
-  installWindsurfHooks,
-  addWindsurfPolicy,
-  uninstallWindsurfHooks,
-} from './windsurf.js';
-import {
-  installCursorRules,
-  uninstallCursorRules,
-} from './cursor.js';
-import {
-  installAiderConfig,
-  uninstallAiderConfig,
-} from './aider.js';
-
-export interface AgentInfo {
-  id: string;
-  name: string;
-  aliases: string[];
-  hasNativeHooks: boolean;
-  description: string;
-}
-
-export const AGENTS: AgentInfo[] = [
-  {
-    id: 'claude-code',
-    name: 'Claude Code',
-    aliases: ['cc', 'claude', 'claude-code'],
-    hasNativeHooks: true,
-    description: 'PreToolUse hooks for Bash/Write/Edit',
-  },
-  {
-    id: 'opencode',
-    name: 'OpenCode',
-    aliases: ['oc', 'opencode'],
-    hasNativeHooks: true,
-    description: 'permission.bash rules in opencode.json',
-  },
-  {
-    id: 'windsurf',
-    name: 'Windsurf',
-    aliases: ['ws', 'windsurf', 'cascade'],
-    hasNativeHooks: true,
-    description: 'Cascade hooks for pre_write_code/pre_run_command',
-  },
-  {
-    id: 'cursor',
-    name: 'Cursor',
-    aliases: ['cursor'],
-    hasNativeHooks: false,
-    description: '.cursorrules AI guidance (not enforcement)',
-  },
-  {
-    id: 'aider',
-    name: 'Aider',
-    aliases: ['aider'],
-    hasNativeHooks: false,
-    description: '.aider.conf.yml read-only files',
-  },
-  {
-    id: 'codex',
-    name: 'Codex CLI',
-    aliases: ['codex', 'codex-cli'],
-    hasNativeHooks: false,
-    description: 'OS sandbox - use watchdog mode',
-  },
-  {
-    id: 'copilot',
-    name: 'GitHub Copilot',
-    aliases: ['copilot', 'gh-copilot'],
-    hasNativeHooks: false,
-    description: 'No hook system - use wrapper mode',
-  },
-];
-
-/**
- * Resolve agent alias to agent ID
- */
-export function resolveAgent(input: string): AgentInfo | null {
-  const normalized = input?.toLowerCase().trim();
-  if (!normalized) return null;
-
-  for (const agent of AGENTS) {
-    if (agent.aliases.includes(normalized)) {
-      return agent;
-    }
-  }
-  return null;
-}
-
-/**
- * Install native integration for an agent
- */
-export async function installAgent(
-  agentId: string,
-  options: { global?: boolean } = {}
-): Promise<boolean> {
-  const agent = resolveAgent(agentId);
-  
-  if (!agent) {
-    console.error(`${COLORS.error}${SYMBOLS.error} Unknown agent: ${agentId}${COLORS.reset}`);
-    printSupportedAgents();
-    return false;
-  }
-
-  switch (agent.id) {
-    case 'claude-code':
-      await installClaudeCodeHook();
-      return true;
-      
-    case 'opencode':
-      await installOpenCodePermissions(options.global ? 'global' : 'project');
-      return true;
-      
-    case 'windsurf':
-      await installWindsurfHooks(options.global ? 'user' : 'workspace');
-      return true;
-      
-    case 'cursor':
-      await installCursorRules();
-      return true;
-      
-    case 'aider':
-      await installAiderConfig(options.global ? 'global' : 'project');
-      return true;
-      
-    case 'codex':
-      console.log(`\n${COLORS.warning}${SYMBOLS.warning} Codex CLI uses OS-level sandboxing.${COLORS.reset}`);
-      console.log(`Use watchdog mode for file protection:`);
-      console.log(`  ${COLORS.dim}leash watch "protect test files"${COLORS.reset}\n`);
-      return false;
-      
-    case 'copilot':
-      console.log(`\n${COLORS.warning}${SYMBOLS.warning} GitHub Copilot has no hook system.${COLORS.reset}`);
-      console.log(`Use wrapper mode or watchdog:`);
-      console.log(`  ${COLORS.dim}leash watch "protect .env"${COLORS.reset}\n`);
-      return false;
-      
-    default:
-      console.error(`${COLORS.error}${SYMBOLS.error} No native integration for ${agent.name}${COLORS.reset}`);
-      return false;
-  }
-}
-
-/**
- * Uninstall native integration for an agent
- */
-export async function uninstallAgent(
-  agentId: string,
-  options: { global?: boolean } = {}
-): Promise<boolean> {
-  const agent = resolveAgent(agentId);
-  
-  if (!agent) {
-    console.error(`${COLORS.error}${SYMBOLS.error} Unknown agent: ${agentId}${COLORS.reset}`);
-    return false;
-  }
-
-  switch (agent.id) {
-    case 'claude-code':
-      await uninstallClaudeCodeHook();
-      return true;
-      
-    case 'opencode':
-      await uninstallOpenCodePermissions(options.global ? 'global' : 'project');
-      return true;
-      
-    case 'windsurf':
-      await uninstallWindsurfHooks(options.global ? 'user' : 'workspace');
-      return true;
-      
-    case 'cursor':
-      await uninstallCursorRules();
-      return true;
-      
-    case 'aider':
-      await uninstallAiderConfig(options.global ? 'global' : 'project');
-      return true;
-      
-    default:
-      console.log(`${COLORS.dim}No native integration to remove for ${agent.name}${COLORS.reset}`);
-      return false;
-  }
-}
-
-/**
- * Add a policy to all installed native integrations
- */
-export async function addPolicyToAgents(
-  policy: Policy,
-  name: string
-): Promise<void> {
-  // Always save to veto-leash config
-  saveOpenCodePolicy(name, policy);
-
-  // Claude Code
-  await addClaudeCodePolicy(policy, name);
-
-  // Windsurf
-  await addWindsurfPolicy(policy, name);
-}
-
-function printSupportedAgents(): void {
-  console.log(`\nSupported agents:`);
-  for (const agent of AGENTS) {
-    const hookStatus = agent.hasNativeHooks ? COLORS.success + 'native' : COLORS.dim + 'wrapper';
-    console.log(`  ${COLORS.dim}${agent.aliases[0].padEnd(12)}${COLORS.reset} ${agent.name} (${hookStatus}${COLORS.reset})`);
-  }
-  console.log('');
-}
-
-// Re-export individual modules
-export * from './claude-code.js';
-export * from './opencode.js';
-export * from './windsurf.js';
-export * from './cursor.js';
-export * from './aider.js';

package/src/native/opencode.ts

@@ -1,310 +0,0 @@
-// src/native/opencode.ts
-// OpenCode native permission integration
-// Generates permission rules for OpenCode's opencode.json config
-
-import { existsSync, mkdirSync, writeFileSync, readFileSync } from 'fs';
-import { join } from 'path';
-import { homedir } from 'os';
-import type { Policy } from '../types.js';
-import { COLORS, SYMBOLS } from '../ui/colors.js';
-
-const OPENCODE_GLOBAL_CONFIG = join(
-  homedir(),
-  '.config',
-  'opencode',
-  'opencode.json'
-);
-const OPENCODE_PROJECT_CONFIG = 'opencode.json';
-const VETO_LEASH_CONFIG_DIR = join(homedir(), '.config', 'veto-leash');
-const POLICIES_FILE = join(VETO_LEASH_CONFIG_DIR, 'policies.json');
-
-interface OpenCodeConfig {
-  $schema?: string;
-  permission?: {
-    edit?: string | Record<string, string>;
-    bash?: string | Record<string, string>;
-    [key: string]: unknown;
-  };
-  [key: string]: unknown;
-}
-
-interface StoredPolicies {
-  policies: Array<{
-    restriction: string;
-    policy: Policy;
-  }>;
-}
-
-/**
- * Convert a veto-leash policy to OpenCode permission rules
- */
-function policyToOpenCodeRules(policy: Policy): Record<string, string> {
-  const rules: Record<string, string> = {};
-
-  // Generate bash permission rules based on action and patterns
-  if (policy.action === 'delete') {
-    // Block rm commands for protected files
-    for (const pattern of policy.include) {
-      // Convert glob to OpenCode wildcard format
-      const ocPattern = pattern
-        .replace(/\*\*\//g, '*/')  // **/ -> */
-        .replace(/\*\*/g, '*');    // ** -> *
-      
-      rules[`rm ${ocPattern}`] = 'deny';
-      rules[`rm -f ${ocPattern}`] = 'deny';
-      rules[`rm -rf ${ocPattern}`] = 'deny';
-      rules[`rm -r ${ocPattern}`] = 'deny';
-      rules[`git rm ${ocPattern}`] = 'deny';
-      rules[`git rm -f ${ocPattern}`] = 'deny';
-    }
-    
-    // Allow excluded patterns
-    for (const pattern of policy.exclude) {
-      const ocPattern = pattern
-        .replace(/\*\*\//g, '*/')
-        .replace(/\*\*/g, '*');
-      
-      rules[`rm ${ocPattern}`] = 'allow';
-      rules[`rm -f ${ocPattern}`] = 'allow';
-      rules[`rm -rf ${ocPattern}`] = 'allow';
-    }
-  }
-
-  if (policy.action === 'modify') {
-    // Block modification commands for protected files
-    for (const pattern of policy.include) {
-      const ocPattern = pattern
-        .replace(/\*\*\//g, '*/')
-        .replace(/\*\*/g, '*');
-      
-      rules[`mv ${ocPattern} *`] = 'deny';
-      rules[`cp * ${ocPattern}`] = 'deny';
-    }
-  }
-
-  if (policy.action === 'execute') {
-    // Block execution for protected patterns
-    for (const pattern of policy.include) {
-      const ocPattern = pattern
-        .replace(/\*\*\//g, '*/')
-        .replace(/\*\*/g, '*');
-      
-      // For migrations, block common migration commands
-      if (pattern.includes('migrat')) {
-        rules['*migrate*'] = 'deny';
-        rules['prisma migrate*'] = 'deny';
-        rules['npx prisma migrate*'] = 'deny';
-        rules['drizzle-kit *'] = 'deny';
-      }
-    }
-  }
-
-  return rules;
-}
-
-/**
- * Install veto-leash permissions into OpenCode config
- */
-export async function installOpenCodePermissions(
-  target: 'global' | 'project' = 'project'
-): Promise<void> {
-  console.log(
-    `\n${COLORS.info}Installing veto-leash for OpenCode (${target})...${COLORS.reset}\n`
-  );
-
-  // Load existing policies
-  const storedPolicies = loadStoredPolicies();
-  if (storedPolicies.policies.length === 0) {
-    console.log(
-      `${COLORS.warning}${SYMBOLS.warning} No policies found. Add policies first:${COLORS.reset}`
-    );
-    console.log(`  ${COLORS.dim}leash add "don't delete test files"${COLORS.reset}\n`);
-    return;
-  }
-
-  // Determine config file path
-  const configPath =
-    target === 'global' ? OPENCODE_GLOBAL_CONFIG : OPENCODE_PROJECT_CONFIG;
-
-  // Load existing config
-  let config: OpenCodeConfig = {
-    $schema: 'https://opencode.ai/config.json',
-  };
-
-  if (existsSync(configPath)) {
-    try {
-      config = JSON.parse(readFileSync(configPath, 'utf-8'));
-    } catch {
-      // Keep default if parse fails
-    }
-  }
-
-  // Ensure permission object exists
-  if (!config.permission) {
-    config.permission = {};
-  }
-
-  // Convert existing bash permission to object if it's a string
-  if (typeof config.permission.bash === 'string') {
-    const oldValue = config.permission.bash;
-    config.permission.bash = { '*': oldValue };
-  } else if (!config.permission.bash) {
-    config.permission.bash = {};
-  }
-
-  // Generate and merge rules from all policies
-  for (const { policy } of storedPolicies.policies) {
-    const rules = policyToOpenCodeRules(policy);
-    config.permission.bash = {
-      ...(config.permission.bash as Record<string, string>),
-      ...rules,
-    };
-  }
-
-  // Write config
-  if (target === 'global') {
-    mkdirSync(join(homedir(), '.config', 'opencode'), { recursive: true });
-  }
-  
-  writeFileSync(configPath, JSON.stringify(config, null, 2));
-  console.log(
-    `  ${COLORS.success}${SYMBOLS.success}${COLORS.reset} Updated: ${configPath}`
-  );
-
-  console.log(
-    `\n${COLORS.success}${SYMBOLS.success} veto-leash permissions installed for OpenCode${COLORS.reset}\n`
-  );
-  console.log(`${COLORS.dim}Policies are now enforced via OpenCode's native permission system.${COLORS.reset}`);
-  console.log(`${COLORS.dim}OpenCode will deny matching commands automatically.${COLORS.reset}\n`);
-}
-
-/**
- * Show what permissions would be generated without installing
- */
-export function previewOpenCodePermissions(): void {
-  const storedPolicies = loadStoredPolicies();
-  
-  if (storedPolicies.policies.length === 0) {
-    console.log(`\n${COLORS.warning}No policies stored. Add policies first.${COLORS.reset}\n`);
-    return;
-  }
-
-  console.log(`\n${COLORS.bold}OpenCode Permission Preview${COLORS.reset}`);
-  console.log('═'.repeat(30) + '\n');
-
-  const allRules: Record<string, string> = {};
-  
-  for (const { restriction, policy } of storedPolicies.policies) {
-    console.log(`${COLORS.dim}Policy:${COLORS.reset} "${restriction}"`);
-    console.log(`${COLORS.dim}Action:${COLORS.reset} ${policy.action}\n`);
-    
-    const rules = policyToOpenCodeRules(policy);
-    Object.assign(allRules, rules);
-  }
-
-  console.log(`${COLORS.bold}Generated Rules:${COLORS.reset}`);
-  console.log(JSON.stringify({ permission: { bash: allRules } }, null, 2));
-  console.log(`\n${COLORS.dim}Run 'leash install oc' to apply.${COLORS.reset}\n`);
-}
-
-/**
- * Remove veto-leash permissions from OpenCode config
- */
-export async function uninstallOpenCodePermissions(
-  target: 'global' | 'project' = 'project'
-): Promise<void> {
-  const configPath =
-    target === 'global' ? OPENCODE_GLOBAL_CONFIG : OPENCODE_PROJECT_CONFIG;
-
-  if (!existsSync(configPath)) {
-    console.log(`${COLORS.dim}No config file found at ${configPath}${COLORS.reset}`);
-    return;
-  }
-
-  try {
-    const config: OpenCodeConfig = JSON.parse(
-      readFileSync(configPath, 'utf-8')
-    );
-
-    // Remove veto-leash rules (those with deny for rm/mv/cp patterns)
-    if (config.permission?.bash && typeof config.permission.bash === 'object') {
-      const bash = config.permission.bash as Record<string, string>;
-      for (const key of Object.keys(bash)) {
-        if (
-          key.startsWith('rm ') ||
-          key.startsWith('git rm ') ||
-          key.startsWith('mv ') ||
-          key.startsWith('cp ')
-        ) {
-          delete bash[key];
-        }
-      }
-    }
-
-    writeFileSync(configPath, JSON.stringify(config, null, 2));
-    console.log(
-      `${COLORS.success}${SYMBOLS.success} Removed veto-leash rules from ${configPath}${COLORS.reset}`
-    );
-  } catch {
-    console.log(
-      `${COLORS.warning}${SYMBOLS.warning} Could not parse config file${COLORS.reset}`
-    );
-  }
-}
-
-/**
- * Load stored policies from veto-leash config
- */
-function loadStoredPolicies(): StoredPolicies {
-  try {
-    if (existsSync(POLICIES_FILE)) {
-      return JSON.parse(readFileSync(POLICIES_FILE, 'utf-8'));
-    }
-  } catch {
-    // Return empty if can't load
-  }
-  return { policies: [] };
-}
-
-/**
- * Save a policy to the stored policies file
- */
-export function savePolicy(restriction: string, policy: Policy): void {
-  const stored = loadStoredPolicies();
-  
-  // Check for duplicate
-  const existingIndex = stored.policies.findIndex(
-    (p) => p.restriction === restriction
-  );
-  
-  if (existingIndex >= 0) {
-    stored.policies[existingIndex] = { restriction, policy };
-  } else {
-    stored.policies.push({ restriction, policy });
-  }
-
-  mkdirSync(VETO_LEASH_CONFIG_DIR, { recursive: true });
-  writeFileSync(POLICIES_FILE, JSON.stringify(stored, null, 2));
-}
-
-/**
- * List all stored policies
- */
-export function listPolicies(): void {
-  const stored = loadStoredPolicies();
-  
-  if (stored.policies.length === 0) {
-    console.log(`\n${COLORS.dim}No policies stored.${COLORS.reset}\n`);
-    return;
-  }
-
-  console.log(`\n${COLORS.bold}Stored Policies${COLORS.reset}`);
-  console.log('═'.repeat(20) + '\n');
-
-  for (let i = 0; i < stored.policies.length; i++) {
-    const { restriction, policy } = stored.policies[i];
-    console.log(`${i + 1}. ${COLORS.info}"${restriction}"${COLORS.reset}`);
-    console.log(`   ${COLORS.dim}Action:${COLORS.reset} ${policy.action}`);
-    console.log(`   ${COLORS.dim}Description:${COLORS.reset} ${policy.description}\n`);
-  }
-}