vigthoria-cli 1.5.0 → 1.5.2

package/src/utils/tools.ts

@@ -78,7 +78,7 @@ export enum ToolErrorType {
 export class AgenticTools {
   private logger: Logger;
   private cwd: string;
-  private permissionCallback: (action: string) => Promise<boolean>;
+  private permissionCallback: (action: string, options?: { batchApproval?: boolean }) => Promise<boolean | 'batch'>;
   private autoApprove: boolean;
   private undoStack: UndoOperation[] = [];
   private maxUndoStack: number = 50;
@@ -88,11 +88,14 @@ export class AgenticTools {
     maxDelayMs: 10000,
     retryableErrors: ['ECONNRESET', 'ETIMEDOUT', 'ENOTFOUND', 'ECONNREFUSED', 'EAI_AGAIN'],
   };
+  
+  // Session-based tool approvals - remembers which tools user approved for this turn
+  private sessionApprovedTools: Set<string> = new Set();
 
   constructor(
     logger: Logger,
     cwd: string,
-    permissionCallback: (action: string) => Promise<boolean>,
+    permissionCallback: (action: string, options?: { batchApproval?: boolean }) => Promise<boolean | 'batch'>,
     autoApprove: boolean = false
   ) {
     this.logger = logger;
@@ -101,6 +104,20 @@ export class AgenticTools {
     this.autoApprove = autoApprove;
   }
 
+  /**
+   * Clear session-approved tools (call this at the start of each new AI turn)
+   */
+  clearSessionApprovals(): void {
+    this.sessionApprovedTools.clear();
+  }
+
+  /**
+   * Get currently approved tools for this session
+   */
+  getSessionApprovedTools(): string[] {
+    return Array.from(this.sessionApprovedTools);
+  }
+
   /**
    * Get the undo stack for inspection
    */
@@ -278,6 +295,34 @@ export class AgenticTools {
         riskLevel: 'medium',
         category: 'execute',
       },
+      {
+        name: 'fetch_url',
+        description: 'Fetch content from a URL (web page, API endpoint). Works cross-platform on Windows, Mac, and Linux.',
+        parameters: [
+          { name: 'url', description: 'URL to fetch (must be http or https)', required: true },
+          { name: 'method', description: 'HTTP method (GET, POST, etc.)', required: false },
+          { name: 'headers', description: 'JSON string of headers to send', required: false },
+          { name: 'body', description: 'Request body for POST/PUT requests', required: false },
+          { name: 'selector', description: 'CSS selector to extract specific content (for HTML)', required: false },
+        ],
+        requiresPermission: true,
+        dangerous: false,
+        riskLevel: 'low',
+        category: 'read',
+      },
+      {
+        name: 'ssh_exec',
+        description: 'Execute a command on a remote server via SSH (useful for Unix commands from Windows)',
+        parameters: [
+          { name: 'command', description: 'Command to execute on remote server', required: true },
+          { name: 'host', description: 'SSH host (default: vigthoria-server)', required: false },
+          { name: 'timeout', description: 'Timeout in seconds', required: false },
+        ],
+        requiresPermission: true,
+        dangerous: true,
+        riskLevel: 'high',
+        category: 'execute',
+      },
     ];
   }
 
@@ -303,16 +348,28 @@ export class AgenticTools {
 
     // Check permission for dangerous/modifying actions
     if (tool.requiresPermission && !this.autoApprove) {
-      const approved = await this.permissionCallback(
-        this.formatPermissionRequest(call, tool)
-      );
-      
-      if (!approved) {
-        return {
-          success: false,
-          error: 'Permission denied by user',
-          canRetry: true,
-        };
+      // Check if this tool was already approved for this session/turn
+      if (this.sessionApprovedTools.has(call.tool)) {
+        // Already approved - skip permission prompt
+        this.logger.info(`${call.tool}: Auto-approved (batch)`);
+      } else {
+        const approved = await this.permissionCallback(
+          this.formatPermissionRequest(call, tool),
+          { batchApproval: true }
+        );
+        
+        if (approved === false) {
+          return {
+            success: false,
+            error: 'Permission denied by user',
+            canRetry: true,
+          };
+        }
+        
+        // If user approved with 'batch' or just 'yes', remember for this session
+        if (approved === 'batch' || approved === true) {
+          this.sessionApprovedTools.add(call.tool);
+        }
       }
     }
 
@@ -394,6 +451,10 @@ export class AgenticTools {
         return this.git(call.args);
       case 'repo':
         return this.repo(call.args);
+      case 'fetch_url':
+        return this.fetchUrl(call.args);
+      case 'ssh_exec':
+        return this.sshExec(call.args);
       default:
         return this.createErrorResult(
           ToolErrorType.INVALID_ARGS,
@@ -507,6 +568,9 @@ export class AgenticTools {
       msg += chalk.red('   The AI is requesting to execute commands on your system.\n');
     }
     
+    // Add batch approval hint
+    msg += `\n${chalk.gray('Respond:')} ${chalk.white('[y]es')} ${chalk.gray('/')} ${chalk.white('[n]o')} ${chalk.gray('/')} ${chalk.cyan('[a]pprove all')} ${chalk.cyan(call.tool)} ${chalk.gray('for this turn')}\n`;
+    
     return msg;
   }
 
@@ -727,10 +791,51 @@ export class AgenticTools {
   /**
    * Execute bash command with enhanced error handling
    * SECURITY: Commands are sandboxed to workspace directory
+   * WINDOWS: Detects Unix-specific commands and suggests alternatives
    */
   private bash(args: Record<string, string>): ToolResult {
     const cwd = args.cwd ? this.resolvePath(args.cwd) : this.cwd;
     const timeout = args.timeout ? parseInt(args.timeout) * 1000 : 30000;
+    const os = require('os');
+    const platform = os.platform();
+    
+    // Unix-specific commands that don't exist on Windows
+    const unixOnlyCommands = [
+      'head', 'tail', 'grep', 'awk', 'sed', 'wc', 'cut', 'sort', 'uniq',
+      'xargs', 'find', 'chmod', 'chown', 'ln', 'df', 'du', 'ps', 'kill',
+      'top', 'htop', 'which', 'whereis', 'man', 'less', 'more', 'cat',
+    ];
+    
+    // Check if command uses Unix-only tools on Windows
+    if (platform === 'win32') {
+      const cmdParts = args.command.split(/[|&;]/);
+      for (const part of cmdParts) {
+        const firstWord = part.trim().split(/\s+/)[0].toLowerCase();
+        if (unixOnlyCommands.includes(firstWord)) {
+          return this.createErrorResult(
+            ToolErrorType.EXECUTION_FAILED,
+            `Command '${firstWord}' is not available on Windows`,
+            `Use the 'ssh_exec' tool to run Unix commands on the server, ` +
+            `or use 'fetch_url' for web requests. ` +
+            `PowerShell alternatives: dir (ls), type (cat), findstr (grep), select-string (grep)`
+          );
+        }
+      }
+      
+      // Check for pipe to Unix command
+      if (args.command.includes('|')) {
+        const pipedCommands = args.command.split('|').map(c => c.trim().split(/\s+/)[0].toLowerCase());
+        for (const cmd of pipedCommands) {
+          if (unixOnlyCommands.includes(cmd)) {
+            return this.createErrorResult(
+              ToolErrorType.EXECUTION_FAILED,
+              `Piped command '${cmd}' is not available on Windows`,
+              `Windows doesn't have '${cmd}'. Use 'ssh_exec' tool to run this command on the Vigthoria server instead.`
+            );
+          }
+        }
+      }
+    }
     
     // SECURITY: Block dangerous commands that could access outside workspace
     const blockedPatterns = [
@@ -771,8 +876,6 @@ export class AgenticTools {
     
     try {
       const startTime = Date.now();
-      const os = require('os');
-      const platform = os.platform();
       
       // Build exec options based on platform
       const execOptions: any = {
@@ -1051,6 +1154,217 @@ export class AgenticTools {
     }
   }
 
+  /**
+   * Fetch URL content - Cross-platform web fetching
+   * Uses Node.js native fetch (available in Node 18+)
+   */
+  private async fetchUrl(args: Record<string, string>): Promise<ToolResult> {
+    const url = args.url;
+    const method = (args.method || 'GET').toUpperCase();
+    
+    // Validate URL
+    if (!url.startsWith('http://') && !url.startsWith('https://')) {
+      return this.createErrorResult(
+        ToolErrorType.INVALID_ARGS,
+        'URL must start with http:// or https://',
+        'Provide a valid URL, e.g., https://example.com'
+      );
+    }
+    
+    try {
+      const fetchOptions: RequestInit = {
+        method,
+        headers: {
+          'User-Agent': 'Vigthoria-CLI/1.5.1',
+          'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+        },
+      };
+      
+      // Parse custom headers if provided
+      if (args.headers) {
+        try {
+          const customHeaders = JSON.parse(args.headers);
+          fetchOptions.headers = { ...fetchOptions.headers, ...customHeaders };
+        } catch {
+          this.logger.warn('Invalid headers JSON, using defaults');
+        }
+      }
+      
+      // Add body for POST/PUT requests
+      if (args.body && ['POST', 'PUT', 'PATCH'].includes(method)) {
+        fetchOptions.body = args.body;
+        (fetchOptions.headers as Record<string, string>)['Content-Type'] = 'application/json';
+      }
+      
+      // Use AbortController for timeout
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 30000);
+      fetchOptions.signal = controller.signal;
+      
+      const response = await fetch(url, fetchOptions);
+      clearTimeout(timeout);
+      
+      if (!response.ok) {
+        return this.createErrorResult(
+          ToolErrorType.NETWORK_ERROR,
+          `HTTP ${response.status}: ${response.statusText}`,
+          `The server returned an error. Status: ${response.status}`
+        );
+      }
+      
+      let content = await response.text();
+      
+      // Extract content based on selector if provided (basic HTML extraction)
+      if (args.selector && content.includes('<')) {
+        // Basic extraction - for title, meta, etc.
+        const selector = args.selector.toLowerCase();
+        
+        if (selector === 'title') {
+          const match = content.match(/<title[^>]*>([^<]*)<\/title>/i);
+          content = match ? match[1].trim() : 'No title found';
+        } else if (selector === 'meta') {
+          const matches = content.match(/<meta[^>]+>/gi) || [];
+          content = matches.join('\n');
+        } else if (selector === 'body') {
+          const match = content.match(/<body[^>]*>([\s\S]*)<\/body>/i);
+          content = match ? match[1].replace(/<script[\s\S]*?<\/script>/gi, '').replace(/<style[\s\S]*?<\/style>/gi, '').replace(/<[^>]+>/g, ' ').replace(/\s+/g, ' ').trim() : content;
+        } else if (selector.startsWith('h')) {
+          const regex = new RegExp(`<${selector}[^>]*>([^<]*)</${selector}>`, 'gi');
+          const matches: string[] = [];
+          let match;
+          while ((match = regex.exec(content)) !== null) {
+            matches.push(match[1].trim());
+          }
+          content = matches.length > 0 ? matches.join('\n') : `No ${selector} tags found`;
+        }
+      }
+      
+      // Truncate if too long
+      if (content.length > 50000) {
+        content = content.substring(0, 50000) + '\n... (truncated, content too long)';
+      }
+      
+      return {
+        success: true,
+        output: content,
+        metadata: {
+          url,
+          status: response.status,
+          contentType: response.headers.get('content-type') || 'unknown',
+          contentLength: content.length,
+        },
+      };
+    } catch (error: any) {
+      if (error.name === 'AbortError') {
+        return this.createErrorResult(
+          ToolErrorType.TIMEOUT,
+          'Request timed out after 30 seconds',
+          'The server took too long to respond. Try again or use a different URL.'
+        );
+      }
+      
+      return this.createErrorResult(
+        ToolErrorType.NETWORK_ERROR,
+        error.message,
+        'Check your internet connection and ensure the URL is correct.'
+      );
+    }
+  }
+
+  /**
+   * Execute command via SSH on remote server
+   * Useful for running Unix commands from Windows
+   */
+  private async sshExec(args: Record<string, string>): Promise<ToolResult> {
+    const command = args.command;
+    const host = args.host || 'vigthoria-server';
+    const timeout = args.timeout ? parseInt(args.timeout) * 1000 : 60000;
+    
+    // Security checks for SSH commands
+    const blockedPatterns = [
+      /\brm\s+-rf?\s+\//i,          // Dangerous rm commands
+      /\bsudo\s+rm/i,                // Sudo rm
+      />\s*\/dev\/sd/i,              // Writing to disk devices
+      /\bdd\s+.*of=\/dev/i,          // dd to devices
+      /\bmkfs/i,                     // Format filesystems
+      /shutdown|reboot|halt|poweroff/i, // System control
+    ];
+    
+    for (const pattern of blockedPatterns) {
+      if (pattern.test(command)) {
+        return this.createErrorResult(
+          ToolErrorType.PERMISSION_DENIED,
+          'This command is blocked for security reasons',
+          'Dangerous system commands cannot be executed via SSH.'
+        );
+      }
+    }
+    
+    try {
+      const os = require('os');
+      const platform = os.platform();
+      
+      let sshCommand: string;
+      let execOptions: any = {
+        encoding: 'utf-8',
+        timeout,
+        maxBuffer: 10 * 1024 * 1024,
+      };
+      
+      if (platform === 'win32') {
+        // On Windows, use the ssh command from OpenSSH
+        sshCommand = `ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${host} "${command.replace(/"/g, '\\"')}"`;
+        execOptions.shell = true;
+      } else {
+        // On Unix-like systems
+        sshCommand = `ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${host} '${command.replace(/'/g, "'\\''")}'`;
+        execOptions.shell = '/bin/sh';
+      }
+      
+      const output = execSync(sshCommand, execOptions) as string;
+      
+      return {
+        success: true,
+        output: output.trim(),
+        metadata: { host, command },
+      };
+    } catch (error: any) {
+      // Check for common SSH errors
+      const errorMsg = error.stderr || error.message || '';
+      
+      if (errorMsg.includes('Connection refused') || errorMsg.includes('No route to host')) {
+        return this.createErrorResult(
+          ToolErrorType.NETWORK_ERROR,
+          `Cannot connect to SSH host: ${host}`,
+          'Check that the SSH host is correct and the server is running.'
+        );
+      }
+      
+      if (errorMsg.includes('Permission denied') || errorMsg.includes('authentication')) {
+        return this.createErrorResult(
+          ToolErrorType.PERMISSION_DENIED,
+          'SSH authentication failed',
+          'Make sure you have SSH key authentication set up for this host.'
+        );
+      }
+      
+      if (error.killed) {
+        return this.createErrorResult(
+          ToolErrorType.TIMEOUT,
+          `SSH command timed out after ${timeout/1000}s`,
+          'Try a simpler command or increase the timeout.'
+        );
+      }
+      
+      return {
+        success: false,
+        output: error.stdout || '',
+        error: errorMsg,
+        suggestion: 'Check the command syntax and ensure SSH access is configured.',
+      };
+    }
+  }
+
   /**
    * Resolve and SANITIZE path - prevent path traversal outside workspace
    * SECURITY: All paths MUST stay within the workspace (cwd)
@@ -1274,21 +1588,44 @@ To use a tool, output a JSON block in a code fence with "tool" language:
 {"tool": "read_file", "args": {"path": "src/index.js"}}
 \`\`\`
 
-3. Run a shell command:
+3. Fetch a web page:
+\`\`\`tool
+{"tool": "fetch_url", "args": {"url": "https://example.com", "selector": "title"}}
+\`\`\`
+
+4. Run command on remote server (for Unix commands from Windows):
 \`\`\`tool
-{"tool": "bash", "args": {"command": "ls -la"}}
+{"tool": "ssh_exec", "args": {"command": "curl -s https://example.com | head -20"}}
 \`\`\`
 
-4. Write a file:
+5. Write a file:
 \`\`\`tool
 {"tool": "write_file", "args": {"path": "hello.py", "content": "print('Hello World')"}}
 \`\`\`
 
-IMPORTANT:
+## CRITICAL RULES:
+
+### Cross-Platform Compatibility:
+- On Windows, Unix commands (head, tail, grep, awk, sed, wc) are NOT available
+- Use \`fetch_url\` for web requests instead of curl|grep
+- Use \`ssh_exec\` to run Unix commands on the Vigthoria server if needed
+- Use \`read_file\` instead of cat
+- Use \`list_dir\` instead of ls
+
+### Handling Tool Failures:
+- If a tool fails, REPORT the failure honestly to the user
+- NEVER make up or hallucinate content when a tool fails
+- If you cannot access a URL, say "I was unable to fetch the URL because..."
+- If a command fails, explain what happened and suggest alternatives
+- Do NOT write analysis or comparison reports if you couldn't gather the actual data
+
+### File Access:
 - You can ONLY access files within the current project workspace
 - Use relative paths (e.g., "src/file.js", "app.py", "./config.json")
 - Never try to access system files or directories outside the workspace
-- Use ONLY the exact tool names: list_dir, read_file, write_file, edit_file, bash, grep, glob, git
+
+### Tool Names:
+- Use ONLY these exact tool names: list_dir, read_file, write_file, edit_file, bash, grep, glob, git, repo, fetch_url, ssh_exec
 - The JSON must be valid with double quotes for all keys and string values
 - After tool execution, you will receive results and can continue with the next step
 - Explain what you're doing before using tools