vigthoria-cli 1.1.0 → 1.4.0

package/src/utils/tools.ts

@@ -1,7 +1,7 @@
 /**
  * Vigthoria CLI Tools - Agentic Tool System
  * 
- * This module provides Claude Code-like autonomous tool execution.
+ * This module provides Vigthoria Autonomous autonomous tool execution.
  * Tools can be called by the AI to perform actions.
  * 
  * Enhanced with:
@@ -159,7 +159,7 @@ export class AgenticTools {
   }
 
   /**
-   * List of available tools - similar to Claude Code
+   * List of available tools - Vigthoria's advanced
    * Enhanced with risk levels and categories
    */
   static getToolDefinitions(): ToolDefinition[] {
@@ -262,6 +262,22 @@ export class AgenticTools {
         riskLevel: 'medium',
         category: 'execute',
       },
+      {
+        name: 'repo',
+        description: 'Manage projects in Vigthoria Repository - push, pull, list, share, delete, or clone projects',
+        parameters: [
+          { name: 'action', description: 'Action: push, pull, list, status, share, delete, clone', required: true },
+          { name: 'project', description: 'Project name (for push/pull/status/share/delete)', required: false },
+          { name: 'visibility', description: 'Visibility: public or private (for push)', required: false },
+          { name: 'path', description: 'Directory path (for push) or target path (for clone)', required: false },
+          { name: 'username', description: 'Username to share with (for share action)', required: false },
+          { name: 'permission', description: 'Permission level: read, write, admin (for share action)', required: false },
+        ],
+        requiresPermission: true,
+        dangerous: false,
+        riskLevel: 'medium',
+        category: 'execute',
+      },
     ];
   }
 
@@ -376,6 +392,8 @@ export class AgenticTools {
         return this.glob(call.args);
       case 'git':
         return this.git(call.args);
+      case 'repo':
+        return this.repo(call.args);
       default:
         return this.createErrorResult(
           ToolErrorType.INVALID_ARGS,
@@ -708,11 +726,40 @@ export class AgenticTools {
 
   /**
    * Execute bash command with enhanced error handling
+   * SECURITY: Commands are sandboxed to workspace directory
    */
   private bash(args: Record<string, string>): ToolResult {
     const cwd = args.cwd ? this.resolvePath(args.cwd) : this.cwd;
     const timeout = args.timeout ? parseInt(args.timeout) * 1000 : 30000;
     
+    // SECURITY: Block dangerous commands that could access outside workspace
+    const blockedPatterns = [
+      /\bcat\s+\/etc\//i,                    // Reading system files
+      /\bcat\s+\/var\/(?!log)/i,              // Reading /var/ except logs
+      /\bcat\s+\/root\//i,                    // Reading root home
+      /\bcat\s+\/home\/[^\/]+\/\.[^\/]/i,     // Reading hidden files in home dirs
+      /\bcat\s+~\/\./i,                       // Reading hidden files via ~
+      /\bcd\s+(\/etc|\/var\/www|\/root|\/home)/i,  // CD to sensitive dirs
+      /\brm\s+-rf?\s+\//i,                    // Dangerous rm commands
+      /\b(curl|wget).*\|\s*(bash|sh)\b/i,     // Downloading and executing scripts
+      /\bsudo\b/i,                             // Sudo commands
+      /\bsu\s+-/i,                             // Su to root
+      /\bchmod\s+[0-7]*777/i,                  // World-writable permissions
+      /\/(var\/www|opt)\/[a-z]+-?(database|models|coder|mcp|operator|voice|music)/i, // Vigthoria ecosystem
+      /vigthoria-(models|database|mcp|operator|voice|music)/i, // Vigthoria project names
+    ];
+    
+    for (const pattern of blockedPatterns) {
+      if (pattern.test(args.command)) {
+        this.logger.warn(`Security: Blocked potentially dangerous command: ${args.command.substring(0, 50)}...`);
+        return this.createErrorResult(
+          ToolErrorType.PERMISSION_DENIED,
+          'This command is blocked for security reasons',
+          'Commands must operate within your current project workspace.'
+        );
+      }
+    }
+    
     // Validate working directory
     if (!fs.existsSync(cwd)) {
       return this.createErrorResult(
@@ -850,27 +897,218 @@ export class AgenticTools {
     }
   }
 
+  /**
+   * Vigthoria Repository management tool
+   * Allows AI to push, pull, list, share, and manage projects in the Vigthoria Repository
+   */
+  private async repo(args: Record<string, string>): Promise<ToolResult> {
+    const action = args.action?.toLowerCase();
+    const project = args.project;
+    const visibility = args.visibility || 'private';
+    const targetPath = args.path || this.cwd;
+    
+    try {
+      // Use vigthoria CLI for repo operations
+      let command: string;
+      
+      switch (action) {
+        case 'push':
+          if (!project) {
+            return { 
+              success: false, 
+              error: 'Project name is required for push',
+              suggestion: 'Provide a project name, e.g., repo action=push project=my-project'
+            };
+          }
+          command = `vigthoria repo push "${project}" "${targetPath}" --visibility ${visibility}`;
+          break;
+          
+        case 'pull':
+          if (!project) {
+            return { 
+              success: false, 
+              error: 'Project name is required for pull',
+              suggestion: 'Provide a project name, e.g., repo action=pull project=my-project'
+            };
+          }
+          command = `vigthoria repo pull "${project}"`;
+          break;
+          
+        case 'list':
+          command = 'vigthoria repo list';
+          break;
+          
+        case 'status':
+          if (!project) {
+            return { 
+              success: false, 
+              error: 'Project name is required for status',
+              suggestion: 'Provide a project name, e.g., repo action=status project=my-project'
+            };
+          }
+          command = `vigthoria repo status "${project}"`;
+          break;
+          
+        case 'share':
+          if (!project || !args.username) {
+            return { 
+              success: false, 
+              error: 'Project name and username are required for share',
+              suggestion: 'Provide both, e.g., repo action=share project=my-project username=collaborator permission=read'
+            };
+          }
+          const permission = args.permission || 'read';
+          command = `vigthoria repo share "${project}" "${args.username}" --permission ${permission}`;
+          break;
+          
+        case 'delete':
+          if (!project) {
+            return { 
+              success: false, 
+              error: 'Project name is required for delete',
+              suggestion: 'Provide a project name, e.g., repo action=delete project=my-project'
+            };
+          }
+          command = `vigthoria repo delete "${project}" --force`;
+          break;
+          
+        case 'clone':
+          if (!project) {
+            return { 
+              success: false, 
+              error: 'Project name is required for clone',
+              suggestion: 'Provide a project name, e.g., repo action=clone project=my-project path=/path/to/target'
+            };
+          }
+          command = `vigthoria repo clone "${project}" "${targetPath}"`;
+          break;
+          
+        default:
+          return {
+            success: false,
+            error: `Unknown repo action: ${action}`,
+            suggestion: 'Available actions: push, pull, list, status, share, delete, clone'
+          };
+      }
+      
+      const output = execSync(command, {
+        cwd: this.cwd,
+        encoding: 'utf-8',
+        timeout: 120000, // 2 minute timeout for repo operations
+        env: { ...process.env, FORCE_COLOR: '0' } // Disable colors for clean output
+      });
+      
+      return { 
+        success: true, 
+        output: output.trim(),
+        metadata: { action, project }
+      };
+    } catch (error: any) {
+      return { 
+        success: false, 
+        error: error.stderr || error.message,
+        suggestion: 'Make sure you are logged in with vigthoria login and have the required permissions.'
+      };
+    }
+  }
+
+  /**
+   * Resolve and SANITIZE path - prevent path traversal outside workspace
+   * SECURITY: All paths MUST stay within the workspace (cwd)
+   */
   private resolvePath(p: string): string {
+    // Resolve the full path (handles both relative and absolute)
+    let resolvedPath: string;
     if (path.isAbsolute(p)) {
-      return p;
+      resolvedPath = path.normalize(p);
+    } else {
+      resolvedPath = path.normalize(path.join(this.cwd, p));
+    }
+    
+    // SECURITY CHECK: Ensure path is within workspace
+    const workspaceRoot = path.normalize(this.cwd);
+    if (!resolvedPath.startsWith(workspaceRoot + path.sep) && resolvedPath !== workspaceRoot) {
+      // Path is outside workspace - force it back to workspace
+      this.logger.warn(`Security: Blocked access to path outside workspace: ${p}`);
+      // Return the sanitized relative path within workspace
+      const basename = path.basename(p);
+      return path.join(this.cwd, basename);
     }
-    return path.join(this.cwd, p);
+    
+    return resolvedPath;
+  }
+  
+  /**
+   * Check if a path is within the allowed workspace
+   */
+  private isPathWithinWorkspace(p: string): boolean {
+    const resolvedPath = path.normalize(path.isAbsolute(p) ? p : path.join(this.cwd, p));
+    const workspaceRoot = path.normalize(this.cwd);
+    return resolvedPath.startsWith(workspaceRoot + path.sep) || resolvedPath === workspaceRoot;
   }
 
   /**
-   * Parse tool calls from AI response (Claude Code format)
+   * Parse tool calls from AI response (Vigthoria Agent format)
+   * Enhanced to handle various AI output formats including malformed JSON
    */
   static parseToolCalls(text: string): ToolCall[] {
     const calls: ToolCall[] = [];
-    
-    // Match <tool_call>...</tool_call> blocks
-    const toolCallRegex = /<tool_call>\s*(\{[\s\S]*?\})\s*<\/tool_call>/g;
     let match;
     
+    // Helper to fix common JSON issues from AI outputs
+    const fixJson = (jsonStr: string): string => {
+      return jsonStr
+        .replace(/'/g, '"')  // Replace single quotes with double
+        .replace(/([{,]\s*)(\w+):/g, '$1"$2":')  // Quote unquoted keys
+        .replace(/:\s*'([^']*)'\s*([,}])/g, ': "$1"$2')  // Quote values with single quotes
+        .replace(/\n/g, '\\n')  // Escape newlines
+        .replace(/\r/g, '')  // Remove carriage returns
+        .replace(/\t/g, '\\t')  // Escape tabs
+        .replace(/,\s*}/g, '}')  // Remove trailing commas in objects
+        .replace(/,\s*]/g, ']');  // Remove trailing commas in arrays
+    };
+
+    // Normalize tool name from various formats
+    const normalizeToolName = (name: string): string => {
+      const normalized = name
+        .replace(/^__/, '')  // Remove leading underscores
+        .replace(/__$/, '')  // Remove trailing underscores
+        .replace(/^execute_/i, '')  // Remove execute_ prefix
+        .replace(/_execute$/i, '')  // Remove _execute suffix
+        .toLowerCase();
+      
+      // Map common variations
+      const toolMap: Record<string, string> = {
+        'bash': 'bash',
+        'shell': 'bash',
+        'run': 'bash',
+        'command': 'bash',
+        'list_dir': 'list_dir',
+        'list_directory': 'list_dir',
+        'ls': 'list_dir',
+        'dir': 'list_dir',
+        'read_file': 'read_file',
+        'readfile': 'read_file',
+        'read': 'read_file',
+        'write_file': 'write_file',
+        'writefile': 'write_file',
+        'write': 'write_file',
+        'edit_file': 'edit_file',
+        'editfile': 'edit_file',
+        'edit': 'edit_file',
+      };
+      
+      return toolMap[normalized] || normalized;
+    };
+    
+    // Match <tool_call>...</tool_call> blocks
+    const toolCallRegex = /<tool_call>\s*([\s\S]*?)\s*<\/tool_call>/g;
     while ((match = toolCallRegex.exec(text)) !== null) {
       try {
-        const parsed = JSON.parse(match[1]);
+        const fixed = fixJson(match[1]);
+        const parsed = JSON.parse(fixed);
         if (parsed.tool && parsed.args) {
+          parsed.tool = normalizeToolName(parsed.tool);
           calls.push(parsed);
         }
       } catch (e) {
@@ -878,12 +1116,14 @@ export class AgenticTools {
       }
     }
     
-    // Also match ```tool format
-    const codeBlockRegex = /```tool\s*\n(\{[\s\S]*?\})\n```/g;
+    // Match ```tool format
+    const codeBlockRegex = /```tool\s*\n([\s\S]*?)\n```/g;
     while ((match = codeBlockRegex.exec(text)) !== null) {
       try {
-        const parsed = JSON.parse(match[1]);
+        const fixed = fixJson(match[1]);
+        const parsed = JSON.parse(fixed);
         if (parsed.tool && parsed.args) {
+          parsed.tool = normalizeToolName(parsed.tool);
           calls.push(parsed);
         }
       } catch (e) {
@@ -891,6 +1131,67 @@ export class AgenticTools {
       }
     }
     
+    // Match ```json blocks with tool definitions
+    const jsonBlockRegex = /```(?:json)?\s*\n?([\s\S]*?"tool"[\s\S]*?)\n?```/g;
+    while ((match = jsonBlockRegex.exec(text)) !== null) {
+      try {
+        const fixed = fixJson(match[1]);
+        const parsed = JSON.parse(fixed);
+        if (parsed.tool && parsed.args) {
+          parsed.tool = normalizeToolName(parsed.tool);
+          // Prevent duplicates
+          if (!calls.some(c => c.tool === parsed.tool && JSON.stringify(c.args) === JSON.stringify(parsed.args))) {
+            calls.push(parsed);
+          }
+        }
+      } catch (e) {
+        // Invalid JSON, skip
+      }
+    }
+    
+    // Match inline JSON with "tool" key (various formats)
+    const inlineToolRegex = /\{[^{}]*"?tool"?\s*:\s*["']?([^"',}]+)["']?[^{}]*"?args"?\s*:\s*\{([^{}]*)\}[^{}]*\}/gi;
+    while ((match = inlineToolRegex.exec(text)) !== null) {
+      try {
+        const fixed = fixJson(match[0]);
+        const parsed = JSON.parse(fixed);
+        if (parsed.tool && parsed.args) {
+          parsed.tool = normalizeToolName(parsed.tool);
+          if (!calls.some(c => c.tool === parsed.tool && JSON.stringify(c.args) === JSON.stringify(parsed.args))) {
+            calls.push(parsed);
+          }
+        }
+      } catch (e) {
+        // Invalid JSON, skip
+      }
+    }
+    
+    // Parse Vigthoria V2 format: {"tool": "__BASH__", ...}
+    const vigV2Regex = /"?tool"?\s*:\s*["']__?([A-Za-z_]+)__?["']/gi;
+    while ((match = vigV2Regex.exec(text)) !== null) {
+      try {
+        const toolName = normalizeToolName(match[1]);
+        // Extract args from nearby context
+        const pathMatch = text.match(/"?(?:arg_)?path"?\s*:\s*["']([^"']+)["']/i);
+        const cmdMatch = text.match(/"?command"?\s*:\s*(?:["']([^"']+)["']|\[\s*["']([^"']+)["']\s*\])/i);
+        const contentMatch = text.match(/"?content"?\s*:\s*["']([^"']+)["']/i);
+        
+        const args: Record<string, string> = {};
+        if (pathMatch) args.path = pathMatch[1];
+        if (cmdMatch) args.command = cmdMatch[1] || cmdMatch[2];
+        if (contentMatch) args.content = contentMatch[1];
+        
+        if (Object.keys(args).length > 0) {
+          // Prevent duplicates
+          if (!calls.some(c => c.tool === toolName && JSON.stringify(c.args) === JSON.stringify(args))) {
+            calls.push({ tool: toolName, args });
+          }
+        }
+      } catch (e) {
+        // Skip
+      }
+    }
+    
     return calls;
   }
 
@@ -914,18 +1215,44 @@ ${tool.parameters.map(p => `  - ${p.name}${p.required ? ' (required)' : ''}: ${p
     }
     
     prompt += `
-To use a tool, respond with a tool_call block:
+## How to Use Tools
+
+To use a tool, output a JSON block in a code fence with "tool" language:
+
 \`\`\`tool
-{
-  "tool": "tool_name",
-  "args": {
-    "param1": "value1"
-  }
-}
+{"tool": "tool_name", "args": {"param1": "value1"}}
+\`\`\`
+
+### Examples:
+
+1. List directory contents:
+\`\`\`tool
+{"tool": "list_dir", "args": {"path": "."}}
+\`\`\`
+
+2. Read a file:
+\`\`\`tool
+{"tool": "read_file", "args": {"path": "src/index.js"}}
+\`\`\`
+
+3. Run a shell command:
+\`\`\`tool
+{"tool": "bash", "args": {"command": "ls -la"}}
+\`\`\`
+
+4. Write a file:
+\`\`\`tool
+{"tool": "write_file", "args": {"path": "hello.py", "content": "print('Hello World')"}}
 \`\`\`
 
-You can use multiple tool calls in one response. After tool execution, you'll receive the results and can continue.
-Always explain what you're doing before using tools.
+IMPORTANT:
+- You can ONLY access files within the current project workspace
+- Use relative paths (e.g., "src/file.js", "app.py", "./config.json")
+- Never try to access system files or directories outside the workspace
+- Use ONLY the exact tool names: list_dir, read_file, write_file, edit_file, bash, grep, glob, git
+- The JSON must be valid with double quotes for all keys and string values
+- After tool execution, you will receive results and can continue with the next step
+- Explain what you're doing before using tools
 `;
     
     return prompt;