vibehacker 4.1.0

package/src/approve.js

@@ -0,0 +1,217 @@
+'use strict';
+
+const blessed = require('blessed');
+
+// ── Tool descriptions for the approval dialog ─────────────────────────────────
+const TOOL_VERB = {
+  write_file:       'Write file',
+  edit_file:        'Edit file',
+  execute_command:  'Run command',
+  delete_file:      'Delete file',
+  create_directory: 'Create directory',
+  read_file:        'Read file',
+  list_files:       'List files',
+  search_files:     'Search files',
+  grep:             'Search contents',
+  glob:             'Find files',
+};
+
+// Tools that need approval (risky)
+const NEEDS_APPROVAL = new Set([
+  'write_file', 'edit_file', 'execute_command', 'delete_file',
+]);
+
+// ── Format tool args into a human-readable description ────────────────────────
+function describeToolCall(tc) {
+  const { name, args } = tc;
+  if (name === 'write_file')       return args.path || '(unknown path)';
+  if (name === 'execute_command')  return args.command || '(unknown command)';
+  if (name === 'delete_file')      return args.path || '(unknown path)';
+  if (name === 'create_directory') return args.path || '(unknown path)';
+  if (name === 'read_file')        return args.path || '(unknown path)';
+  if (name === 'list_files')       return args.path || '.';
+  if (name === 'search_files')     return `"${args.pattern || ''}" in ${args.path || '.'}`;
+  return JSON.stringify(args).substring(0, 80);
+}
+
+// Get the path/command for "always allow" matching
+function getAllowKey(tc) {
+  const { name, args } = tc;
+  if (name === 'execute_command') {
+    // Allow by command prefix (first word)
+    const cmd = (args.command || '').trim().split(/\s+/)[0];
+    return `cmd:${cmd}`;
+  }
+  // Allow by directory for file ops
+  const p = args.path || '';
+  const parts = p.replace(/\\/g, '/').split('/');
+  return 'path:' + parts.slice(0, -1).join('/'); // parent dir
+}
+
+// ── Main dialog ───────────────────────────────────────────────────────────────
+/**
+ * Show tool approval dialog.
+ * Returns Promise<'yes' | 'always' | 'no'>
+ *
+ * @param {object} screen - blessed screen
+ * @param {object} tc     - tool call { name, args }
+ * @param {string} context - optional one-line AI description of what it's doing
+ */
+function showApproval(screen, tc, context) {
+  return new Promise((resolve) => {
+    const verb     = TOOL_VERB[tc.name] || tc.name;
+    const detail   = describeToolCall(tc);
+    const allowKey = getAllowKey(tc);
+    const isCmd    = tc.name === 'execute_command';
+
+    // "Yes, and always allow…" label
+    const alwaysLabel = isCmd
+      ? `Yes, and always allow {bold}${(tc.args.command || '').split(/\s+/)[0]}{/bold} commands`
+      : `Yes, and always allow writes to {bold}${(detail.replace(/\\/g,'/').split('/').slice(0,-1).join('/') || detail)}{/bold}`;
+
+    const items = [
+      { key: '1', label: 'Yes', value: 'yes', color: '#00ff88' },
+      { key: '2', label: alwaysLabel, value: 'always', color: '#88ff44' },
+      { key: '3', label: 'No', value: 'no', color: '#ff4444' },
+    ];
+
+    const W = Math.min(Math.max(40, screen.width - 6), 70);
+
+    // Fixed chrome: border(2) + blank(1) + header(1) + detail(1) + blank(1)
+    // + "Do you want to proceed?"(1) + blank(1) + buttons(items.length)
+    // + blank(1) + hint(1) = 10 + items.length
+    // Everything else (context line + preview) must fit in remaining space.
+    const maxH    = Math.max(10, screen.height - 4);
+    const fixedH  = 10 + items.length;
+    const budget  = Math.max(0, maxH - fixedH);
+
+    // Context eats 1 line if present
+    const ctxLine = context ? `{#444444-fg}${esc(context)}{/#444444-fg}` : '';
+    const ctxCost = ctxLine ? 1 : 0;
+
+    // Preview: clamp to remaining budget (separator + lines)
+    let preview = '';
+    if (tc.name === 'write_file' && tc.args.content) {
+      preview = tc.args.content;
+    } else if (tc.name === 'execute_command') {
+      preview = tc.args.command || '';
+    }
+    const previewBudget = Math.max(0, budget - ctxCost - (preview ? 1 : 0)); // -1 for separator
+    if (preview) {
+      const allLines = preview.split('\n');
+      if (allLines.length > previewBudget) {
+        preview = allLines.slice(0, Math.max(1, previewBudget - 1)).join('\n') + '\n…';
+      }
+      // Also hard-cap to 6 lines regardless, to keep dialog compact
+      const cappedLines = preview.split('\n');
+      if (cappedLines.length > 6) {
+        preview = cappedLines.slice(0, 5).join('\n') + '\n…';
+      }
+    }
+    const previewCost = preview ? preview.split('\n').length + 1 : 0; // +1 separator
+
+    const H = Math.min(maxH, fixedH + ctxCost + previewCost);
+
+    const box = blessed.box({
+      parent:  screen,
+      top:     'center',
+      left:    'center',
+      width:   W,
+      height:  Math.min(H, screen.height - 4),
+      tags:    true,
+      border:  { type: 'line' },
+      shadow:  false,
+      style: {
+        fg: '#00ff88', bg: '#000a00',
+        border: { fg: '#00aa44' },
+      },
+      keys:    true,
+      mouse:   true,
+    });
+
+    function buildContent(selectedIdx) {
+      const lines = [];
+      lines.push('');
+
+      // Header
+      lines.push(` {bold}{#00ff88-fg}${esc(verb)}{/}{/bold}`);
+
+      // Detail (path / command)
+      lines.push(` {#88ff88-fg}${esc(detail)}{/#88ff88-fg}`);
+
+      // Context
+      if (ctxLine) lines.push(` ${ctxLine}`);
+
+      // Preview block
+      if (preview) {
+        lines.push(` {#333333-fg}${'─'.repeat(W - 4)}{/#333333-fg}`);
+        preview.split('\n').forEach(l => {
+          lines.push(` {#555555-fg}${esc(l.substring(0, W - 4))}{/#555555-fg}`);
+        });
+      }
+
+      lines.push('');
+      lines.push(` {#888888-fg}Do you want to proceed?{/#888888-fg}`);
+      lines.push('');
+
+      // Menu items
+      items.forEach((item, i) => {
+        const cursor  = i === selectedIdx ? '{yellow-fg}❯{/yellow-fg}' : ' ';
+        const numBadge = `{#444444-fg}${item.key}.{/#444444-fg}`;
+        const labelStr = i === selectedIdx
+          ? `{bold}{${item.color}-fg}${item.label}{/}{/bold}`
+          : `{#888888-fg}${item.label}{/#888888-fg}`;
+        lines.push(`  ${cursor} ${numBadge} ${labelStr}`);
+      });
+
+      lines.push('');
+      lines.push(` {#333333-fg}Esc cancel  ·  ↑↓ navigate  ·  Enter confirm{/#333333-fg}`);
+
+      return lines.join('\n');
+    }
+
+    let selectedIdx = 0;
+    box.setContent(buildContent(selectedIdx));
+    box.focus();
+    screen.render();
+
+    function done(value) {
+      try { box.destroy(); } catch (_) {}
+      screen.render();
+      resolve(value);
+    }
+
+    // Keyboard navigation
+    box.on('keypress', (ch, key) => {
+      if (!key) return;
+      const name = key.name;
+
+      if (name === 'escape')  { done('no'); return; }
+      if (name === 'up')      { selectedIdx = Math.max(0, selectedIdx - 1); box.setContent(buildContent(selectedIdx)); screen.render(); return; }
+      if (name === 'down')    { selectedIdx = Math.min(items.length - 1, selectedIdx + 1); box.setContent(buildContent(selectedIdx)); screen.render(); return; }
+      if (name === 'enter' || name === 'return') { done(items[selectedIdx].value); return; }
+
+      // Number shortcuts
+      if (ch === '1') { done('yes'); return; }
+      if (ch === '2') { done('always'); return; }
+      if (ch === '3') { done('no'); return; }
+      if (ch === 'y' || ch === 'Y') { done('yes'); return; }
+      if (ch === 'n' || ch === 'N') { done('no'); return; }
+    });
+
+    // Mouse click on items
+    items.forEach((item, i) => {
+      box.on('click', () => {
+        done(items[selectedIdx].value);
+      });
+    });
+
+    screen.render();
+  });
+}
+
+function esc(str) {
+  return String(str).replace(/\{/g, '\\{').replace(/\}/g, '\\}');
+}
+
+module.exports = { showApproval, NEEDS_APPROVAL, getAllowKey };

package/src/auth.js

@@ -0,0 +1,45 @@
+'use strict';
+
+// ── Vibe Hacker Auth — simple API key entry ──────────────────────────────
+// No browser popup. User gets key from vibsecurity.com, pastes it.
+
+const LOGIN_URL = process.env.VH_LOGIN_URL || 'https://vibsecurity.com/login';
+
+function openBrowser(url) {
+  if (typeof url !== 'string' || !/^https?:\/\//i.test(url)) {
+    return Promise.resolve(false);
+  }
+  const { spawn } = require('child_process');
+  const platform = process.platform;
+  return new Promise((resolve) => {
+    let proc;
+    try {
+      if (platform === 'win32') {
+        proc = spawn('cmd.exe', ['/c', 'start', '""', url], {
+          detached: true, stdio: 'ignore', windowsVerbatimArguments: false,
+        });
+      } else if (platform === 'darwin') {
+        proc = spawn('open', [url], { detached: true, stdio: 'ignore' });
+      } else {
+        proc = spawn('xdg-open', [url], { detached: true, stdio: 'ignore' });
+        proc.on('error', () => {
+          try {
+            const fb = spawn('wslview', [url], { detached: true, stdio: 'ignore' });
+            fb.on('error', () => resolve(false));
+            fb.unref();
+            resolve(true);
+          } catch (_) { resolve(false); }
+        });
+      }
+      if (proc) {
+        proc.on('error', () => resolve(false));
+        proc.unref();
+        setTimeout(() => resolve(true), 100);
+      }
+    } catch (_) {
+      resolve(false);
+    }
+  });
+}
+
+module.exports = { openBrowser, LOGIN_URL };

package/src/config.js

@@ -0,0 +1,59 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const CONFIG_DIR  = path.join(os.homedir(), '.vibehacker');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+
+// Migrate from old ~/.hackerai config if it exists
+try {
+  const oldDir  = path.join(os.homedir(), '.hackerai');
+  const oldFile = path.join(oldDir, 'config.json');
+  if (fs.existsSync(oldFile) && !fs.existsSync(CONFIG_FILE)) {
+    if (!fs.existsSync(CONFIG_DIR)) fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    fs.copyFileSync(oldFile, CONFIG_FILE);
+  }
+} catch (_) {}
+
+// Load once at startup — no repeated fs reads
+let _saved;
+try {
+  _saved = fs.existsSync(CONFIG_FILE) ? JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8')) : {};
+} catch (_) { _saved = {}; }
+
+function saveConfig(data) {
+  try {
+    if (!fs.existsSync(CONFIG_DIR)) fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    // Merge with in-memory saved state (not disk — avoid re-read)
+    Object.assign(_saved, data);
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(_saved, null, 2));
+  } catch (_) {}
+}
+
+const config = {
+  apiKey:  _saved.apiKey  || '',
+  baseURL: _saved.baseURL || 'https://openrouter.ai/api/v1',
+  appName: 'Vibe Hacker',
+  version: '4.1.0',
+  noLogging: true,
+  maxTokens: 8192,
+  temperature: 0.6,       // slightly lower for more reliable tool use
+  maxToolIterations: 30,   // generous for complex tasks
+  httpReferer: 'https://vibsecurity.com',
+  xTitle: 'Vibe Hacker',
+
+  providers: _saved.providers || [],
+
+  hasKey() {
+    return !!(this.apiKey && this.apiKey.length > 10);
+  },
+
+  setApiKey(key) {
+    this.apiKey = key;
+    saveConfig({ apiKey: key });
+  },
+};
+
+module.exports = config;

package/src/models.js

@@ -0,0 +1,218 @@
+'use strict';
+
+// Built-in free models. Run /refresh to update from API.
+// Ordered by speed — faster models first for better default experience.
+const FREE_MODELS = [
+  {
+    id: 'meta-llama/llama-3.3-70b-instruct:free',
+    name: 'llama-3.3-70b',
+    provider: 'Meta',
+    description: 'Llama 3.3 70B — fast & capable',
+    contextWindow: 131072,
+  },
+  {
+    id: 'qwen/qwen3-coder:free',
+    name: 'qwen3-coder',
+    provider: 'Qwen',
+    description: 'Dedicated coding model — 262k context',
+    contextWindow: 262000,
+  },
+  {
+    id: 'qwen/qwen3.6-plus:free',
+    name: 'qwen3.6-plus',
+    provider: 'Qwen',
+    description: 'Qwen 3.6 Plus — 1M context, very capable',
+    contextWindow: 1000000,
+  },
+  {
+    id: 'qwen/qwen3-next-80b-a3b-instruct:free',
+    name: 'qwen3-next-80b',
+    provider: 'Qwen',
+    description: 'Qwen3 Next 80B instruction model',
+    contextWindow: 262144,
+  },
+  {
+    id: 'nvidia/nemotron-3-super-120b-a12b:free',
+    name: 'nemotron-120b',
+    provider: 'NVIDIA',
+    description: 'Nemotron 3 Super 120B — 262k context',
+    contextWindow: 262144,
+  },
+  {
+    id: 'nvidia/nemotron-3-nano-30b-a3b:free',
+    name: 'nemotron-30b',
+    provider: 'NVIDIA',
+    description: 'Nemotron 3 Nano 30B — 256k context',
+    contextWindow: 256000,
+  },
+  {
+    id: 'nvidia/nemotron-nano-12b-v2-vl:free',
+    name: 'nemotron-12b-vl',
+    provider: 'NVIDIA',
+    description: 'Nemotron Nano 12B vision-language',
+    contextWindow: 128000,
+  },
+  {
+    id: 'nvidia/nemotron-nano-9b-v2:free',
+    name: 'nemotron-9b',
+    provider: 'NVIDIA',
+    description: 'Nemotron Nano 9B — 128k context',
+    contextWindow: 128000,
+  },
+  {
+    id: 'meta-llama/llama-3.2-3b-instruct:free',
+    name: 'llama-3.2-3b',
+    provider: 'Meta',
+    description: 'Llama 3.2 3B — fast & lightweight',
+    contextWindow: 131072,
+  },
+  {
+    id: 'nousresearch/hermes-3-llama-3.1-405b:free',
+    name: 'hermes-3-405b',
+    provider: 'Nous',
+    description: 'Hermes 3 on Llama 405B — very capable',
+    contextWindow: 131072,
+  },
+  {
+    id: 'google/gemma-3-27b-it:free',
+    name: 'gemma-3-27b',
+    provider: 'Google',
+    description: 'Gemma 3 27B instruction-tuned',
+    contextWindow: 131072,
+  },
+  {
+    id: 'google/gemma-3-12b-it:free',
+    name: 'gemma-3-12b',
+    provider: 'Google',
+    description: 'Gemma 3 12B instruction-tuned',
+    contextWindow: 32768,
+  },
+  {
+    id: 'google/gemma-3-4b-it:free',
+    name: 'gemma-3-4b',
+    provider: 'Google',
+    description: 'Gemma 3 4B — fast & compact',
+    contextWindow: 32768,
+  },
+  {
+    id: 'arcee-ai/trinity-large-preview:free',
+    name: 'trinity-large',
+    provider: 'Arcee',
+    description: 'Trinity Large Preview — 131k context',
+    contextWindow: 131000,
+  },
+  {
+    id: 'arcee-ai/trinity-mini:free',
+    name: 'trinity-mini',
+    provider: 'Arcee',
+    description: 'Trinity Mini — fast, 131k context',
+    contextWindow: 131072,
+  },
+  {
+    id: 'minimax/minimax-m2.5:free',
+    name: 'minimax-m2.5',
+    provider: 'MiniMax',
+    description: 'MiniMax M2.5 — 196k context',
+    contextWindow: 196608,
+  },
+  {
+    id: 'stepfun/step-3.5-flash:free',
+    name: 'step-3.5-flash',
+    provider: 'StepFun',
+    description: 'Step 3.5 Flash — fast, 256k context',
+    contextWindow: 256000,
+  },
+  {
+    id: 'z-ai/glm-4.5-air:free',
+    name: 'glm-4.5-air',
+    provider: 'Z-AI',
+    description: 'GLM 4.5 Air — 131k context',
+    contextWindow: 131072,
+  },
+  {
+    id: 'cognitivecomputations/dolphin-mistral-24b-venice-edition:free',
+    name: 'dolphin-24b',
+    provider: 'CogComp',
+    description: 'Dolphin Mistral 24B Venice Edition',
+    contextWindow: 32768,
+  },
+  {
+    id: 'liquid/lfm-2.5-1.2b-thinking:free',
+    name: 'lfm-thinking-1.2b',
+    provider: 'Liquid',
+    description: 'LFM 2.5 1.2B with thinking mode',
+    contextWindow: 32768,
+  },
+];
+
+class ModelManager {
+  constructor() {
+    this.models = FREE_MODELS;
+    this.currentIndex = 0;
+  }
+
+  current() {
+    return this.models[this.currentIndex];
+  }
+
+  next() {
+    this.currentIndex = (this.currentIndex + 1) % this.models.length;
+    return this.current();
+  }
+
+  prev() {
+    this.currentIndex = (this.currentIndex - 1 + this.models.length) % this.models.length;
+    return this.current();
+  }
+
+  selectById(id) {
+    const idx = this.models.findIndex(m => m.id === id);
+    if (idx !== -1) {
+      this.currentIndex = idx;
+      return this.current();
+    }
+    return null;
+  }
+
+  list() {
+    return this.models;
+  }
+
+  // Refresh model list from API — replaces list with all live free models
+  async refresh(apiKey, baseURL) {
+    try {
+      const axios = require('axios');
+      const r = await axios.get(`${baseURL}/models`, {
+        headers: { 'Authorization': `Bearer ${apiKey}` },
+        timeout: 15000,
+      });
+      const allModels = r.data?.data || [];
+      // Get all free models from API
+      const live = allModels.filter(m =>
+        m.id.endsWith(':free') && m.pricing?.prompt === '0'
+      );
+      if (live.length > 0) {
+        // Sort by context window (largest first), then alphabetically
+        live.sort((a, b) => (b.context_length || 0) - (a.context_length || 0) || a.id.localeCompare(b.id));
+
+        const currentId = this.models[this.currentIndex]?.id;
+        this.models = live.map(m => ({
+          id: m.id,
+          name: m.id.split('/')[1].replace(':free', ''),
+          provider: m.id.split('/')[0],
+          description: m.name || m.id,
+          contextWindow: m.context_length || 32768,
+          free: true,
+        }));
+
+        // Try to keep current selection
+        const newIdx = this.models.findIndex(m => m.id === currentId);
+        this.currentIndex = newIdx >= 0 ? newIdx : 0;
+        return this.models.length;
+      }
+    } catch (_) {}
+    return 0;
+  }
+}
+
+module.exports = { ModelManager, FREE_MODELS };