wave-agent-sdk 0.0.10 → 0.0.11

package/src/utils/bashParser.ts

@@ -0,0 +1,444 @@
+/**
+ * Splits a complex bash command into individual simple commands by shell operators (&&, ||, ;, |, &).
+ * Correctly handles quotes, escaped characters, and subshells.
+ */
+export function splitBashCommand(command: string): string[] {
+  let inSingleQuote = false;
+  let inDoubleQuote = false;
+  let escaped = false;
+  let parenLevel = 0;
+  const splitPositions: number[] = [];
+
+  for (let i = 0; i < command.length; i++) {
+    const char = command[i];
+    const nextChar = command[i + 1];
+
+    if (escaped) {
+      escaped = false;
+      continue;
+    }
+
+    if (char === "\\") {
+      escaped = true;
+      continue;
+    }
+
+    if (char === "'" && !inDoubleQuote) {
+      inSingleQuote = !inSingleQuote;
+      continue;
+    }
+
+    if (char === '"' && !inSingleQuote) {
+      inDoubleQuote = !inDoubleQuote;
+      continue;
+    }
+
+    if (inSingleQuote || inDoubleQuote) {
+      continue;
+    }
+
+    if (char === "(") {
+      parenLevel++;
+      continue;
+    }
+
+    if (char === ")") {
+      parenLevel--;
+      continue;
+    }
+
+    if (parenLevel > 0) {
+      continue;
+    }
+
+    // Check for operators
+    let opLen = 0;
+    if (char === "&" && nextChar === "&") opLen = 2;
+    else if (char === "|" && nextChar === "|") opLen = 2;
+    else if (char === "|" && nextChar === "&") opLen = 2;
+    else if (char === ";") opLen = 1;
+    else if (char === "|") opLen = 1;
+    else if (char === "&" && nextChar !== ">") opLen = 1;
+
+    if (opLen > 0) {
+      // Check if preceded by an odd number of backslashes
+      let backslashCount = 0;
+      for (let j = i - 1; j >= 0; j--) {
+        if (command[j] === "\\") backslashCount++;
+        else break;
+      }
+
+      // ALSO check if preceded by an escaped operator character (e.g., \&&)
+      let precededByEscapedOp = false;
+      if (i > 0 && /[&|;]/.test(command[i - 1])) {
+        let bsCount = 0;
+        for (let j = i - 2; j >= 0; j--) {
+          if (command[j] === "\\") bsCount++;
+          else break;
+        }
+        if (bsCount % 2 !== 0) precededByEscapedOp = true;
+      }
+
+      if (backslashCount % 2 === 0 && !precededByEscapedOp) {
+        splitPositions.push(i, i + opLen);
+        i += opLen - 1;
+      }
+    }
+  }
+
+  let lastPos = 0;
+  const parts: string[] = [];
+  for (let i = 0; i < splitPositions.length; i += 2) {
+    const start = splitPositions[i];
+    const end = splitPositions[i + 1];
+    const part = command.substring(lastPos, start).trim();
+    if (part) parts.push(part);
+    lastPos = end;
+  }
+  const lastPart = command.substring(lastPos).trim();
+  if (lastPart) parts.push(lastPart);
+
+  const finalResult: string[] = [];
+  for (const part of parts) {
+    const stripped = stripRedirections(stripEnvVars(part));
+    if (stripped.startsWith("(") && stripped.endsWith(")")) {
+      const inner = stripped.substring(1, stripped.length - 1).trim();
+      if (inner) {
+        finalResult.push(...splitBashCommand(inner));
+      }
+    } else {
+      finalResult.push(part);
+    }
+  }
+
+  return finalResult;
+}
+
+/**
+ * Removes inline environment variable assignments (e.g., VAR=val cmd -> cmd).
+ */
+export function stripEnvVars(command: string): string {
+  let result = command.trim();
+  while (true) {
+    const match = result.match(/^([a-zA-Z_][a-zA-Z0-9_]*)=/);
+    if (!match) break;
+
+    const varNameEnd = match[0].length;
+    let valueEnd = varNameEnd;
+
+    if (result[varNameEnd] === "'") {
+      valueEnd = result.indexOf("'", varNameEnd + 1);
+      if (valueEnd === -1) break;
+      valueEnd++;
+    } else if (result[varNameEnd] === '"') {
+      let escaped = false;
+      let found = false;
+      for (let i = varNameEnd + 1; i < result.length; i++) {
+        if (escaped) {
+          escaped = false;
+          continue;
+        }
+        if (result[i] === "\\") {
+          escaped = true;
+          continue;
+        }
+        if (result[i] === '"') {
+          valueEnd = i + 1;
+          found = true;
+          break;
+        }
+      }
+      if (!found) break;
+    } else {
+      const spaceIndex = result.search(/\s/);
+      if (spaceIndex === -1) {
+        return "";
+      }
+      valueEnd = spaceIndex;
+    }
+
+    result = result.substring(valueEnd).trim();
+  }
+  return result;
+}
+
+/**
+ * Removes redirections (e.g., echo "data" > output.txt -> echo "data").
+ */
+export function stripRedirections(command: string): string {
+  let result = "";
+  let inSingleQuote = false;
+  let inDoubleQuote = false;
+  let escaped = false;
+
+  for (let i = 0; i < command.length; i++) {
+    const char = command[i];
+
+    if (escaped) {
+      result += char;
+      escaped = false;
+      continue;
+    }
+
+    if (char === "\\") {
+      result += char;
+      escaped = true;
+      continue;
+    }
+
+    if (char === "'" && !inDoubleQuote) {
+      inSingleQuote = !inSingleQuote;
+      result += char;
+      continue;
+    }
+
+    if (char === '"' && !inSingleQuote) {
+      inDoubleQuote = !inDoubleQuote;
+      result += char;
+      continue;
+    }
+
+    if (inSingleQuote || inDoubleQuote) {
+      result += char;
+      continue;
+    }
+
+    // Handle whitespace outside quotes: collapse multiple spaces into one
+    if (/\s/.test(char)) {
+      if (result.length > 0 && !/\s/.test(result[result.length - 1])) {
+        result += " ";
+      }
+      continue;
+    }
+
+    // Check for redirection
+    if (char === ">" || char === "<") {
+      // Check if preceded by a digit or & (for 2> or &>)
+      if (result.length > 0 && /[0-9&]/.test(result[result.length - 1])) {
+        // Ensure it's at the start of a word or preceded by whitespace
+        if (result.length === 1 || /\s/.test(result[result.length - 2])) {
+          // Remove the digit/& from result
+          result = result.substring(0, result.length - 1);
+        }
+      }
+
+      let end = i + 1;
+      if (command[end] === char) {
+        end++;
+        if (char === "<" && command[end] === "-") {
+          end++;
+        }
+      } else if (
+        command[end] === "&" ||
+        (char === ">" && command[end] === "|")
+      ) {
+        end++;
+      }
+
+      // Skip whitespace after operator
+      while (end < command.length && /\s/.test(command[end])) {
+        end++;
+      }
+
+      // Skip the following word (the target of redirection)
+      let wordEscaped = false;
+      let wordInSingleQuote = false;
+      let wordInDoubleQuote = false;
+      while (end < command.length) {
+        const c = command[end];
+        if (wordEscaped) {
+          wordEscaped = false;
+          end++;
+          continue;
+        }
+        if (c === "\\") {
+          wordEscaped = true;
+          end++;
+          continue;
+        }
+        if (c === "'" && !wordInDoubleQuote) {
+          wordInSingleQuote = !wordInSingleQuote;
+          end++;
+          continue;
+        }
+        if (c === '"' && !wordInSingleQuote) {
+          wordInDoubleQuote = !wordInDoubleQuote;
+          end++;
+          continue;
+        }
+        if (!wordInSingleQuote && !wordInDoubleQuote && /\s/.test(c)) {
+          break;
+        }
+        end++;
+      }
+
+      i = end - 1;
+      // After stripping a redirection, ensure there's a space if we're not at the end
+      if (result.length > 0 && !/\s/.test(result[result.length - 1])) {
+        result += " ";
+      }
+      continue;
+    }
+
+    result += char;
+  }
+
+  return result.trim();
+}
+
+/**
+ * Blacklist of dangerous commands that should not be safely prefix-matched
+ * and should not have persistent permissions.
+ */
+export const DANGEROUS_COMMANDS = [
+  "rm",
+  "mv",
+  "chmod",
+  "chown",
+  "sh",
+  "bash",
+  "sudo",
+  "dd",
+  "apt",
+  "apt-get",
+  "yum",
+  "dnf",
+];
+
+/**
+ * Extracts a "smart prefix" from a bash command based on common developer tools.
+ * Returns null if the command is blacklisted or cannot be safely prefix-matched.
+ */
+export function getSmartPrefix(command: string): string | null {
+  const parts = splitBashCommand(command);
+  if (parts.length === 0) return null;
+
+  // For now, we only support prefix matching for single commands or the first command in a chain
+  // to keep it simple and safe.
+  const firstCommand = parts[0];
+  let stripped = stripRedirections(stripEnvVars(firstCommand));
+
+  // Handle sudo
+  if (stripped.startsWith("sudo ")) {
+    stripped = stripped.substring(5).trim();
+  }
+
+  const tokens = stripped.split(/\s+/);
+  if (tokens.length === 0) return null;
+
+  const exe = tokens[0];
+  const sub = tokens[1];
+
+  // Blacklist - Hard blacklist for dangerous commands
+  if (DANGEROUS_COMMANDS.includes(exe)) return null;
+
+  // Node/JS
+  if (["npm", "pnpm", "yarn", "deno", "bun"].includes(exe)) {
+    if (
+      [
+        "install",
+        "i",
+        "add",
+        "remove",
+        "test",
+        "t",
+        "build",
+        "start",
+        "dev",
+      ].includes(sub)
+    ) {
+      return `${exe} ${sub}`;
+    }
+    if (sub === "run" && tokens[2]) {
+      return `${exe} run ${tokens[2]}`;
+    }
+    return exe;
+  }
+
+  // Git
+  if (exe === "git") {
+    if (
+      [
+        "commit",
+        "push",
+        "pull",
+        "checkout",
+        "add",
+        "status",
+        "diff",
+        "branch",
+        "merge",
+        "rebase",
+        "log",
+        "fetch",
+        "remote",
+        "stash",
+      ].includes(sub)
+    ) {
+      return `${exe} ${sub}`;
+    }
+    return exe;
+  }
+
+  // Python
+  if (["python", "python3", "pip", "pip3", "poetry", "conda"].includes(exe)) {
+    if (exe === "python" || exe === "python3") {
+      if (sub === "-m" && tokens[2] === "pip" && tokens[3] === "install") {
+        return `${exe} -m pip install`;
+      }
+      return exe;
+    }
+    if (["install", "add", "remove", "test", "run"].includes(sub)) {
+      return `${exe} ${sub}`;
+    }
+    return exe;
+  }
+
+  // Java
+  if (["mvn", "gradle"].includes(exe)) {
+    if (sub && !sub.startsWith("-")) {
+      return `${exe} ${sub}`;
+    }
+    return exe;
+  }
+  if (exe === "java") {
+    if (sub === "-jar") return "java -jar";
+    return "java";
+  }
+
+  // Rust & Go
+  if (exe === "cargo") {
+    if (["build", "test", "run", "add", "check"].includes(sub)) {
+      return `${exe} ${sub}`;
+    }
+    return exe;
+  }
+  if (exe === "go") {
+    if (["build", "test", "run", "get", "mod"].includes(sub)) {
+      return `${exe} ${sub}`;
+    }
+    return exe;
+  }
+
+  // Containers & Infrastructure
+  if (exe === "docker" || exe === "docker-compose") {
+    if (["run", "build", "ps", "exec", "up", "down"].includes(sub)) {
+      return `${exe} ${sub}`;
+    }
+    return exe;
+  }
+  if (exe === "kubectl") {
+    if (["get", "describe", "apply", "logs"].includes(sub)) {
+      return `${exe} ${sub}`;
+    }
+    return exe;
+  }
+  if (exe === "terraform") {
+    if (["plan", "apply", "destroy", "init"].includes(sub)) {
+      return `${exe} ${sub}`;
+    }
+    return exe;
+  }
+
+  return null;
+}

package/src/utils/pathSafety.ts

@@ -0,0 +1,26 @@
+import path from "node:path";
+import fs from "node:fs";
+
+/**
+ * Check if a target path is inside a parent directory.
+ * Resolves symlinks and handles absolute paths.
+ * Returns true if target is the same as parent or is a subdirectory of parent.
+ * @param target The path to check
+ * @param parent The parent directory path
+ * @returns boolean
+ */
+export function isPathInside(target: string, parent: string): boolean {
+  try {
+    const absoluteTarget = path.resolve(target);
+    const absoluteParent = path.resolve(parent);
+
+    const realTarget = fs.realpathSync(absoluteTarget);
+    const realParent = fs.realpathSync(absoluteParent);
+
+    const relative = path.relative(realParent, realTarget);
+
+    return !relative.startsWith("..") && !path.isAbsolute(relative);
+  } catch {
+    return false;
+  }
+}

package/dist/utils/largeOutputHandler.d.ts

@@ -1,15 +0,0 @@
-export declare const LARGE_OUTPUT_TOKEN_THRESHOLD = 20000;
-/**
- * Handle large command output by writing to temporary file when token threshold is exceeded
- *
- * Uses token-based threshold (20k tokens) to determine when output should be written to temp file.
- * This provides accurate estimation of actual token cost for LLM processing.
- *
- * @param output - The command output string
- * @returns Object containing processed content and optional file path
- */
-export declare function handleLargeOutput(output: string): Promise<{
-    content: string;
-    filePath?: string;
-}>;
-//# sourceMappingURL=largeOutputHandler.d.ts.map

package/dist/utils/largeOutputHandler.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"largeOutputHandler.d.ts","sourceRoot":"","sources":["../../src/utils/largeOutputHandler.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,4BAA4B,QAAQ,CAAC;AAElD;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAC/D,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC,CA8BD"}

package/dist/utils/largeOutputHandler.js

@@ -1,40 +0,0 @@
-import { writeFile } from "fs/promises";
-import { join } from "path";
-import { tmpdir } from "os";
-import { logger } from "./globalLogger.js";
-import { estimateTokenCount, getTokenUsageDescription, } from "./tokenEstimator.js";
-// Token threshold for writing output to temp file (20k tokens)
-export const LARGE_OUTPUT_TOKEN_THRESHOLD = 20000;
-/**
- * Handle large command output by writing to temporary file when token threshold is exceeded
- *
- * Uses token-based threshold (20k tokens) to determine when output should be written to temp file.
- * This provides accurate estimation of actual token cost for LLM processing.
- *
- * @param output - The command output string
- * @returns Object containing processed content and optional file path
- */
-export async function handleLargeOutput(output) {
-    const estimatedTokens = estimateTokenCount(output);
-    // Check token threshold
-    if (estimatedTokens <= LARGE_OUTPUT_TOKEN_THRESHOLD) {
-        return { content: output };
-    }
-    try {
-        // Create temp file for large output
-        const tempFileName = `bash-output-${Date.now()}-${Math.random().toString(36).substr(2, 9)}.txt`;
-        const tempFilePath = join(tmpdir(), tempFileName);
-        await writeFile(tempFilePath, output, "utf8");
-        const sizeKB = Math.round(output.length / 1024);
-        const tokenDescription = getTokenUsageDescription(output, LARGE_OUTPUT_TOKEN_THRESHOLD);
-        return {
-            content: `Large output (${sizeKB} KB, ${tokenDescription}) written to temporary file. Use the Read tool to access the full content.`,
-            filePath: tempFilePath,
-        };
-    }
-    catch (error) {
-        logger.warn(`Failed to write large output to temp file: ${error}`);
-        // Fallback to direct output if temp file creation fails
-        return { content: output };
-    }
-}

package/dist/utils/tokenEstimator.d.ts

@@ -1,39 +0,0 @@
-/**
- * Simple token estimation utility for text content
- *
- * This provides a fast approximation of token count without requiring
- * actual tokenization, which would be expensive for large content.
- */
-/**
- * Estimate the number of tokens in a text string
- *
- * Uses a simple heuristic based on character count and common patterns:
- * - Average token length varies by language and content type
- * - English text: ~4-5 characters per token
- * - Code/structured text: ~3-4 characters per token
- * - Numbers/symbols: ~2-3 characters per token
- *
- * This function uses a conservative estimate of 4 characters per token
- * which works well for mixed content (text + code + symbols).
- *
- * @param text - The text to estimate tokens for
- * @returns Estimated number of tokens
- */
-export declare function estimateTokenCount(text: string): number;
-/**
- * Check if estimated token count exceeds a threshold
- *
- * @param text - The text to check
- * @param threshold - Token threshold (default: 20,000)
- * @returns True if estimated tokens exceed threshold
- */
-export declare function exceedsTokenThreshold(text: string, threshold?: number): boolean;
-/**
- * Get a human-readable description of estimated token usage
- *
- * @param text - The text to analyze
- * @param threshold - Token threshold for comparison
- * @returns Description string with token count and threshold info
- */
-export declare function getTokenUsageDescription(text: string, threshold?: number): string;
-//# sourceMappingURL=tokenEstimator.d.ts.map

package/dist/utils/tokenEstimator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tokenEstimator.d.ts","sourceRoot":"","sources":["../../src/utils/tokenEstimator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAcvD;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,MAAc,GACxB,OAAO,CAET;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,MAAc,GACxB,MAAM,CAKR"}

package/dist/utils/tokenEstimator.js

@@ -1,55 +0,0 @@
-/**
- * Simple token estimation utility for text content
- *
- * This provides a fast approximation of token count without requiring
- * actual tokenization, which would be expensive for large content.
- */
-/**
- * Estimate the number of tokens in a text string
- *
- * Uses a simple heuristic based on character count and common patterns:
- * - Average token length varies by language and content type
- * - English text: ~4-5 characters per token
- * - Code/structured text: ~3-4 characters per token
- * - Numbers/symbols: ~2-3 characters per token
- *
- * This function uses a conservative estimate of 4 characters per token
- * which works well for mixed content (text + code + symbols).
- *
- * @param text - The text to estimate tokens for
- * @returns Estimated number of tokens
- */
-export function estimateTokenCount(text) {
-    if (!text || text.length === 0) {
-        return 0;
-    }
-    // Base estimation: 4 characters per token (conservative)
-    const baseEstimate = Math.ceil(text.length / 4);
-    // Adjust for whitespace (spaces don't contribute much to token count)
-    const whitespaceCount = (text.match(/\s/g) || []).length;
-    const adjustedEstimate = Math.ceil((text.length - whitespaceCount * 0.5) / 4);
-    // Use the more conservative (higher) estimate
-    return Math.max(baseEstimate, adjustedEstimate);
-}
-/**
- * Check if estimated token count exceeds a threshold
- *
- * @param text - The text to check
- * @param threshold - Token threshold (default: 20,000)
- * @returns True if estimated tokens exceed threshold
- */
-export function exceedsTokenThreshold(text, threshold = 20000) {
-    return estimateTokenCount(text) > threshold;
-}
-/**
- * Get a human-readable description of estimated token usage
- *
- * @param text - The text to analyze
- * @param threshold - Token threshold for comparison
- * @returns Description string with token count and threshold info
- */
-export function getTokenUsageDescription(text, threshold = 20000) {
-    const estimatedTokens = estimateTokenCount(text);
-    const exceedsThreshold = estimatedTokens > threshold;
-    return `${estimatedTokens.toLocaleString()} tokens (${exceedsThreshold ? "exceeds" : "within"} ${threshold.toLocaleString()} limit)`;
-}

package/src/utils/largeOutputHandler.ts

@@ -1,55 +0,0 @@
-import { writeFile } from "fs/promises";
-import { join } from "path";
-import { tmpdir } from "os";
-import { logger } from "./globalLogger.js";
-import {
-  estimateTokenCount,
-  getTokenUsageDescription,
-} from "./tokenEstimator.js";
-
-// Token threshold for writing output to temp file (20k tokens)
-export const LARGE_OUTPUT_TOKEN_THRESHOLD = 20000;
-
-/**
- * Handle large command output by writing to temporary file when token threshold is exceeded
- *
- * Uses token-based threshold (20k tokens) to determine when output should be written to temp file.
- * This provides accurate estimation of actual token cost for LLM processing.
- *
- * @param output - The command output string
- * @returns Object containing processed content and optional file path
- */
-export async function handleLargeOutput(output: string): Promise<{
-  content: string;
-  filePath?: string;
-}> {
-  const estimatedTokens = estimateTokenCount(output);
-
-  // Check token threshold
-  if (estimatedTokens <= LARGE_OUTPUT_TOKEN_THRESHOLD) {
-    return { content: output };
-  }
-
-  try {
-    // Create temp file for large output
-    const tempFileName = `bash-output-${Date.now()}-${Math.random().toString(36).substr(2, 9)}.txt`;
-    const tempFilePath = join(tmpdir(), tempFileName);
-
-    await writeFile(tempFilePath, output, "utf8");
-
-    const sizeKB = Math.round(output.length / 1024);
-    const tokenDescription = getTokenUsageDescription(
-      output,
-      LARGE_OUTPUT_TOKEN_THRESHOLD,
-    );
-
-    return {
-      content: `Large output (${sizeKB} KB, ${tokenDescription}) written to temporary file. Use the Read tool to access the full content.`,
-      filePath: tempFilePath,
-    };
-  } catch (error) {
-    logger.warn(`Failed to write large output to temp file: ${error}`);
-    // Fallback to direct output if temp file creation fails
-    return { content: output };
-  }
-}