vigthoria-cli 1.9.2 → 1.9.8

package/dist/index.js

@@ -54,6 +54,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.__cliErrorHandlingReady = void 0;
+exports.validateReleaseMetadata = validateReleaseMetadata;
 exports.setupErrorHandlers = setupErrorHandlers;
 exports.main = main;
 const commander_1 = require("commander");
@@ -75,6 +76,7 @@ const history_js_1 = require("./commands/history.js");
 const replay_js_1 = require("./commands/replay.js");
 const fork_js_1 = require("./commands/fork.js");
 const cancel_js_1 = require("./commands/cancel.js");
+const security_js_1 = require("./commands/security.js");
 const config_js_2 = require("./utils/config.js");
 const logger_js_1 = require("./utils/logger.js");
 const chalk_1 = __importDefault(require("chalk"));
@@ -96,17 +98,19 @@ function getInvokedBinaryName() {
     return path.basename(executable, path.extname(executable)).toLowerCase();
 }
 // Get version from package.json dynamically
+function getPackageMetadataPaths() {
+    return [
+        path.join(__dirname, '..', 'package.json'),
+        path.join(__dirname, '..', '..', 'package.json'),
+        path.join(process.cwd(), 'package.json'),
+        path.join(process.cwd(), 'node_modules', 'vigthoria-cli', 'package.json'),
+        // Also check global npm paths on Windows
+        path.join(process.env.APPDATA || '', 'npm', 'node_modules', 'vigthoria-cli', 'package.json'),
+    ];
+}
 function getVersion() {
     try {
-        // Try multiple paths to find package.json
-        const possiblePaths = [
-            path.join(__dirname, '..', 'package.json'),
-            path.join(__dirname, '..', '..', 'package.json'),
-            path.join(process.cwd(), 'node_modules', 'vigthoria-cli', 'package.json'),
-            // Also check global npm paths on Windows
-            path.join(process.env.APPDATA || '', 'npm', 'node_modules', 'vigthoria-cli', 'package.json'),
-        ];
-        for (const p of possiblePaths) {
+        for (const p of getPackageMetadataPaths()) {
             if (fs.existsSync(p)) {
                 const pkg = JSON.parse(fs.readFileSync(p, 'utf8'));
                 if (pkg.name === 'vigthoria-cli') {
@@ -116,16 +120,55 @@ function getVersion() {
         }
     }
     catch (e) {
-        // Fallback to hardcoded version
+        const message = e instanceof Error ? e.message : String(e);
+        if (process.env.VIGTHORIA_DEBUG_VERSION === '1') {
+            console.error(chalk_1.default.gray(`Unable to read package version: ${message}`));
+        }
+    }
+    return '0.0.0';
+}
+function validateReleaseMetadata() {
+    try {
+        const packagePath = getPackageMetadataPaths().find((candidate) => fs.existsSync(candidate));
+        if (!packagePath) {
+            return false;
+        }
+        const pkg = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
+        const packageDir = path.dirname(packagePath);
+        const readmePath = path.join(packageDir, 'README.md');
+        if (!fs.existsSync(readmePath)) {
+            return false;
+        }
+        const readme = fs.readFileSync(readmePath, 'utf8');
+        const bins = pkg.bin && typeof pkg.bin === 'object' ? pkg.bin : {};
+        const requiredReadmePhrases = [
+            'npm install -g vigthoria-cli',
+            'curl -fsSL https://cli.vigthoria.io/install.sh | bash',
+            'irm https://cli.vigthoria.io/install.ps1 | iex',
+            'vigthoria login',
+            'vigthoria chat',
+            'vig c',
+            'vigthoria edit',
+            'vigthoria update',
+            'vigthoria doctor',
+        ];
+        return (pkg.name === 'vigthoria-cli' &&
+            typeof pkg.version === 'string' &&
+            pkg.description === 'Vigthoria Coder CLI - AI-powered terminal coding assistant' &&
+            pkg.main === 'dist/index.js' &&
+            bins.vigthoria === 'dist/index.js' &&
+            bins.vig === 'dist/index.js' &&
+            bins['vigthoria-chat'] === 'dist/index.js' &&
+            requiredReadmePhrases.every((phrase) => readme.includes(phrase)));
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (process.env.VIGTHORIA_DEBUG_VERSION === '1') {
+            console.error(chalk_1.default.gray(`Release metadata validation failed: ${message}`));
+        }
+        return false;
     }
-    return '1.9.2';
 }
-const VERSION = getVersion();
-const VIGTHORIA_DEFAULT_MANIFEST_URL = process.env.VIGTHORIA_UPDATE_MANIFEST_URL || "https://coder.vigthoria.io/releases/manifest.json";
-/**
- * Compare semantic versions properly
- * Returns: -1 if v1 < v2, 0 if equal, 1 if v1 > v2
- */
 function compareVersions(v1, v2) {
     const parts1 = v1.split('.').map(Number);
     const parts2 = v2.split('.').map(Number);
@@ -139,6 +182,8 @@ function compareVersions(v1, v2) {
     }
     return 0;
 }
+const VERSION = getVersion();
+const VIGTHORIA_DEFAULT_MANIFEST_URL = process.env.VIGTHORIA_UPDATE_MANIFEST_URL || "https://coder.vigthoria.io/releases/manifest.json";
 function resolveManifestEntry(manifest, channel) {
     const normalized = String(channel || 'stable').trim() || 'stable';
     if (manifest.channels && manifest.channels[normalized]) {
@@ -177,6 +222,13 @@ async function installGlobalPackageWithNpm(packageSpec) {
     const { execFileSync, execSync } = await import('child_process');
     const attempts = [];
     if (process.platform === 'win32') {
+        // First-choice: cmd.exe /c npm — resolves npm.cmd shims on any Windows Node setup
+        const comspec = process.env.COMSPEC || 'cmd.exe';
+        attempts.push({
+            label: 'cmd.exe /c npm',
+            command: comspec,
+            args: ['/c', 'npm', 'install', '-g', packageSpec],
+        });
         const npmExecPath = process.env.npm_execpath;
         if (npmExecPath && fs.existsSync(npmExecPath)) {
             attempts.push({
@@ -403,32 +455,35 @@ function setupErrorHandlers() {
         }
     });
 }
-async function main() {
+async function main(args) {
     const program = new commander_1.Command();
     const config = new config_js_2.Config();
     const logger = new logger_js_1.Logger();
     const invokedBinaryName = getInvokedBinaryName();
-    const firstArg = process.argv[2];
-    const jsonOutputRequested = process.argv.includes('--json');
-    const directPromptRequested = process.argv.includes('--prompt') || process.argv.includes('-P');
+    const argv = [...args];
+    const firstArg = argv[2];
+    const jsonOutputRequested = argv.includes('--json');
+    const directPromptRequested = argv.includes('--prompt') || argv.includes('-P');
+    const isLegionCortexRequest = invokedBinaryName === 'vigthoria' && argv[2] === 'legion' && argv.includes('--cortex');
     if (invokedBinaryName === 'vigthoria-chat') {
         const knownCommands = new Set([
             'chat', 'chat-resume', 'agent', 'edit', 'generate', 'explain', 'fix', 'review', 'cancel',
-            'hub', 'repo', 'deploy', 'operator', 'workflow', 'flow', 'login', 'logout', 'status', 'config', 'update',
+            'hub', 'repo', 'deploy', 'operator', 'workflow', 'flow', 'security', 'vsec', 'login', 'logout', 'status', 'config', 'update',
             '--help', '-h', '--version', '-V', 'help', 'version',
         ]);
         if (!firstArg || firstArg.startsWith('-') || !knownCommands.has(firstArg)) {
-            process.argv.splice(2, 0, 'chat');
+            argv.splice(2, 0, 'chat');
         }
     }
-    const requestedCommand = resolveRequestedCommand(process.argv);
-    // Skip gateway JWT auth when running on-server with a service key (e.g., GodMode on-box).
+    const requestedCommand = resolveRequestedCommand(argv);
+    // Skip gateway JWT auth when running on-server with a service key (e.g., Cortex on-box).
     // The service key is checked by Hyper Loop directly — no user session needed.
     const hasServiceKey = !!(process.env.HYPERLOOP_SERVICE_KEY ||
         process.env.V3_SERVICE_KEY);
-    if (!hasServiceKey && requestedCommand && isAuthProtectedCommand(requestedCommand)) {
+    if (!hasServiceKey && !isLegionCortexRequest && requestedCommand && isAuthProtectedCommand(requestedCommand)) {
         const authOk = await enforceGatewayAuthSession(config, logger, jsonOutputRequested);
         if (!authOk) {
+            process.exitCode = 1;
             return;
         }
     }
@@ -584,6 +639,40 @@ async function main() {
         const bridge = new bridge_js_1.BridgeCommand(config, logger);
         await bridge.status();
     });
+    // Security command group - Security DevOps scans and fix plans
+    const securityCommand = program
+        .command('security')
+        .alias('vsec')
+        .description('Run security scans, scores, and fix plans via Vigthoria MCP security tools');
+    securityCommand
+        .command('scan')
+        .description('Scan project for security issues')
+        .option('-d, --dir <path>', 'Directory to scan (default: current directory)')
+        .option('--json', 'Emit JSON output', false)
+        .action(async (options) => {
+        const security = new security_js_1.SecurityCommand(config, logger);
+        await security.scan({ dir: options.dir, json: options.json });
+    });
+    securityCommand
+        .command('score')
+        .description('Calculate project security score')
+        .option('-d, --dir <path>', 'Directory to score (default: current directory)')
+        .option('--json', 'Emit JSON output', false)
+        .action(async (options) => {
+        const security = new security_js_1.SecurityCommand(config, logger);
+        await security.score({ dir: options.dir, json: options.json });
+    });
+    securityCommand
+        .command('fix')
+        .description('Generate security fix plan')
+        .option('-d, --dir <path>', 'Directory to inspect (default: current directory)')
+        .option('-i, --issue-id <id>', 'Single issue id to target')
+        .option('--apply', 'Request auto-apply mode (safe mode still requires explicit patching)', false)
+        .option('--json', 'Emit JSON output', false)
+        .action(async (options) => {
+        const security = new security_js_1.SecurityCommand(config, logger);
+        await security.fix({ dir: options.dir, issueId: options.issueId, apply: options.apply, json: options.json });
+    });
     // Edit command - Edit files with AI
     program
         .command('edit <file>')
@@ -988,13 +1077,18 @@ Examples:
         .description('Run parallel tasks via Hyper Loop Legion orchestrator')
         .option('--workers', 'List available Legion workers')
         .option('--status', 'Show Legion infrastructure status')
-        .option('--godmode', 'Estimate, isolate, parallel-attack, and synthesize with strongest models')
-        .option('--approve', 'Auto-approve Godmode execution prompt')
+        .option('--cortex', 'Vigthoria Cortex: maximum intelligence execution')
+        .option('--approve', 'Auto-approve Cortex execution prompt')
         .option('--no-approve', 'Require interactive approval before execution')
-        .option('--auto-charge', 'Attempt direct VigCoin top-up when Godmode balance is low')
-        .option('--plan-only', 'Run Godmode estimator only; do not execute Legion job')
-        .option('--models <csv>', 'Comma-separated model IDs to constrain Godmode selection')
-        .option('--timeout <seconds>', 'Override Legion execution timeout in seconds (defaults to server policy)')
+        .option('--auto-charge', 'Attempt direct VigCoin top-up when Cortex balance is low')
+        .option('--plan-only', 'Run Cortex estimator only; do not execute Legion job')
+        .option('--force-budget', 'Allow execution when estimated budget exceeds the hard safe-stop ceiling')
+        .option('--ignore-preflight', 'Bypass mandatory local preflight checks (no warranty)')
+        .option('--speed', 'Enable speed mode (allows optional role skips when convergence is detected)')
+        .option('--repro-cmd <command>', 'Local reproduction/preflight command to validate before cloud spend')
+        .option('--expect-repro-fail', 'Require repro command to fail (non-zero) before proceeding')
+        .option('--models <csv>', 'Comma-separated model IDs to constrain Cortex selection')
+        .option('-t, --timeout <seconds>', 'Override Legion execution timeout in seconds (defaults to server policy)')
         .option('-w, --worker <name>', 'Execute a specific worker')
         .option('-p, --project <path>', 'Project directory', process.cwd())
         .action(async (request, options) => {
@@ -1003,11 +1097,16 @@ Examples:
         await legion.run(request, {
             workers: options.workers,
             status: options.status,
-            godmode: options.godmode,
+            cortex: Boolean(options.cortex),
             approve: options.approve,
             noApprove: options.approve === false,
             autoCharge: options.autoCharge,
             planOnly: options.planOnly,
+            forceBudget: options.forceBudget,
+            ignorePreflight: options.ignorePreflight,
+            speed: options.speed,
+            reproCmd: options.reproCmd,
+            expectReproFail: options.expectReproFail,
             models: options.models,
             timeoutSec: Number.isFinite(parsedTimeout) && parsedTimeout > 0 ? parsedTimeout : undefined,
             worker: options.worker,
@@ -1060,8 +1159,11 @@ Examples:
     // Auth commands
     program
         .command('login')
-        .description('Login to Vigthoria Coder')
-        .option('-t, --token <token>', 'API token')
+        .description('Login to Vigthoria Coder (prompts for credentials when run without flags)')
+        .option('-t, --token <token>', 'API token for token-based authentication')
+        .option('-e, --email <email>', 'Account email for credential-based login')
+        .option('-p, --password <password>', 'Account password for credential-based login')
+        .option('--device', 'Use OAuth device flow (requires server support)')
         .action(async (options) => {
         await (0, auth_js_1.handleLogin)(options);
     });
@@ -1083,13 +1185,14 @@ Examples:
         .action(() => {
         const checks = [
             ['Node.js', process.version],
-            ['Platform', `linux x64`],
+            ['Platform', `${process.platform} ${process.arch}`],
             ['Working directory', process.cwd()],
         ];
         console.log('Vigthoria CLI diagnostics');
         for (const [label, value] of checks) {
             console.log(`- ${label}: ${value}`);
         }
+        process.exitCode = 0;
     });
     // Config command
     program
@@ -1264,7 +1367,7 @@ Examples:
         await legion.run(undefined, {
             status: true,
             workers: false,
-            godmode: false,
+            cortex: false,
             approve: false,
             noApprove: true,
             planOnly: false,
@@ -1317,12 +1420,16 @@ Examples:
     }
     try {
         // Default to chat if no command
-        if (process.argv.length === 2) {
+        if (args.length === 2) {
             const chat = new chat_js_1.ChatCommand(config, logger);
             await chat.run({ model: 'code', project: process.cwd() });
+            process.exitCode = 0;
             return;
         }
-        await program.parseAsync(process.argv);
+        await program.parseAsync(args);
+        if (process.exitCode === undefined || process.exitCode === 0) {
+            process.exitCode = 0;
+        }
     }
     catch (error) {
         reportCliError(error, jsonOutputRequested);
@@ -1336,7 +1443,7 @@ process.on('unhandledRejection', (reason) => {
 });
 async function bootstrapCli() {
     try {
-        await main();
+        await main(process.argv);
     }
     catch (err) {
         handleFatalCliError(err, process.argv.includes('--json'));

package/dist/utils/api.d.ts

@@ -9,30 +9,12 @@ export declare class CLIError extends Error {
     category: CLIErrorCategory;
     statusCode?: number;
     endpoint?: string;
-    code: string;
-    details?: any;
-    isCritical: boolean;
     constructor(message: string, category: CLIErrorCategory, opts?: {
         statusCode?: number;
         endpoint?: string;
         cause?: Error;
     });
 }
-export type CliError = {
-    code: string;
-    message: string;
-    details?: any;
-    isCritical: boolean;
-};
-export type ApiError = {
-    code: number;
-    message: string;
-    details?: any;
-    isAuthError: boolean;
-};
-export declare function handleApiError(error: any): CliError;
-export declare function handleAuthError(error: any): CliError;
-export declare function propagateError(err: any): never;
 /** Classify an axios or fetch error into a structured CLIError. */
 export declare function classifyError(error: unknown, fallbackCategory?: CLIErrorCategory): CLIError;
 /** Format a CLIError for user-facing display. */
@@ -40,6 +22,7 @@ export declare function formatCLIError(err: CLIError): string;
 export declare function sanitizeUserFacingErrorText(input: string): string;
 export declare function isServerRuntime(): boolean;
 export declare function describeUpstreamStatus(status: number): string;
+export declare function propagateError(err: any): never;
 export interface ChatMessage {
     role: 'user' | 'assistant' | 'system';
     content: string;
@@ -110,6 +93,7 @@ export interface OperatorWorkflowResponse {
         sourceWorkflowId?: string | null;
     } | null;
     metadata?: Record<string, unknown>;
+    changedFiles?: Record<string, string>;
 }
 export interface StreamChunk {
     type: 'content' | 'done' | 'error';
@@ -207,43 +191,26 @@ export interface VigthoriUser {
         adminAccess: boolean;
     };
 }
-export interface JwtPayload {
-    exp?: number;
-    iat?: number;
-    sub?: string;
-    [claim: string]: unknown;
-}
-export type JwtState = {
-    token: string | null;
-    expiresAt: number | null;
-    isExpired?: () => boolean;
-};
-export declare function validateJwtExpiry(token: string): boolean;
-export declare function validateJwt(token: string): JwtPayload | null;
-export type ApiConfig = Config;
-export type ApiClient = APIClient;
-export declare function refreshJwtIfNeeded(state: JwtState): Promise<string | null>;
-export declare function createApiClient(config: any): {
-    get: (path: string) => Promise<any>;
-    post: (path: string, body: any) => Promise<any>;
-    handleAuthError: (err: any) => void;
-};
 export declare class APIClient {
     private client;
     private modelRouterClient;
     private selfHostedModelRouterClient;
-    config: Config;
-    token: string | null;
-    expiresAt: number | null;
+    private config;
     private logger;
     private ws;
     private vigFlowTokens;
+    private _httpsAgent;
     constructor(config: Config, logger: Logger);
+    /**
+     * Destroy keep-alive sockets so the Node.js event loop can drain
+     * naturally.  Call this before exiting commands that run HTTP probes
+     * (e.g. `status`) to avoid the libuv UV_HANDLE_CLOSING assertion
+     * on Windows / Node 25+.
+     */
     destroy(): void;
     private getSelfHostedModelsApiUrl;
     login(email: string, password: string): Promise<boolean>;
     loginWithToken(token: string): Promise<boolean>;
-    private decodeJwtPayload;
     private extractUserProfile;
     private refreshToken;
     getSubscriptionStatus(): Promise<void>;
@@ -267,7 +234,6 @@ export declare class APIClient {
     getMcpBaseUrls(): string[];
     getVigFlowBaseUrls(): string[];
     getTemplateServiceBaseUrls(): string[];
-    private allowLocalServiceFallbacks;
     private isFrontendTask;
     /**
      * Returns true when the prompt describes a read-only / analysis task.
@@ -328,6 +294,7 @@ export declare class APIClient {
     private compactV3Context;
     buildMinimalV3AgentContext(context?: Record<string, any>): string;
     private extractEmergencyAppName;
+    private materializeEmergencySaaSWorkspace;
     private ensureExecutionContext;
     bindExecutionContext(context?: Record<string, any>): Promise<Record<string, any>>;
     private resolveAgentTargetPath;
@@ -398,6 +365,11 @@ export declare class APIClient {
      * Ensure code has balanced curly braces by appending missing closing braces.
      */
     private ensureBalancedBraces;
+    /**
+     * Quick JS/TS syntax validation using Node's built-in parser.
+     * Returns true if the code parses without errors.
+     */
+    private validateJsSyntax;
     /**
      * Extract the first complete function/class from code.
      * Used as last-resort when the model keeps over-producing.
@@ -481,39 +453,22 @@ export declare class APIClient {
      * the fix has fewer closers than the original, appends the missing ones.
      */
     private repairBracketBalance;
-    /**
-     * Build workspace summary re-ordered by semantic relevance to the prompt.
-     * Changed files are listed first, then keyword-matched files, then the rest.
-     * Falls back to plain buildLocalWorkspaceSummary when no prompt is provided.
-     */
-    private buildSemanticWorkspaceSummary;
-    /**
-     * Self-healing cycle: run post-write validators and, if errors are found,
-     * send a targeted correction prompt to the V3 agent (max one healing round).
-     *
-     * This is a best-effort operation — failures never propagate to the user as
-     * hard errors; they are surfaced as a status line in the terminal output.
-     */
-    runSelfHealingCycle(originalPrompt: string, workspacePath: string, context?: Record<string, any>): Promise<{
-        healingAttempted: boolean;
-        passed: boolean;
-        tool: string;
-    }>;
     private resolveModelId;
     private getCoderHealth;
     private getModelsHealth;
     private getSelfHostedHealth;
-    attemptV3ServiceRecovery(reason?: string, options?: {
-        attempts?: number;
-        delayMs?: number;
-    }): Promise<{
-        recovered: boolean;
-        message: string;
-        endpoint?: string;
-    }>;
     private getV3AgentHealth;
     private getHyperLoopHealth;
     private getRepoMemoryHealth;
+    runSelfHealingCycle(_originalPrompt: string, _workspacePath: string, _context?: Record<string, any>): Promise<{
+        healingAttempted: boolean;
+        passed: boolean;
+        tool: string;
+    }>;
+    attemptV3ServiceRecovery(reason?: string, _options?: Record<string, any>): Promise<{
+        recovered: boolean;
+        message: string;
+    }>;
     getDevtoolsBridgeStatus(): Promise<EndpointHealthStatus>;
     getCapabilityTruthStatus(context?: Record<string, any>): Promise<CapabilityTruthStatus>;
     getHealthStatus(): Promise<APIHealthStatus>;