wispy-cli 0.2.2 → 0.3.1

package/lib/wispy-repl.mjs

@@ -676,6 +676,80 @@ const TOOL_DEFINITIONS = [
       required: ["query"],
     },
   },
+  {
+    name: "file_edit",
+    description: "Edit a file by replacing specific text. More precise than write_file — use this for targeted changes.",
+    parameters: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "File path" },
+        old_text: { type: "string", description: "Exact text to find and replace" },
+        new_text: { type: "string", description: "Replacement text" },
+      },
+      required: ["path", "old_text", "new_text"],
+    },
+  },
+  {
+    name: "file_search",
+    description: "Search for text patterns in files recursively (like grep). Returns matching lines with file paths and line numbers.",
+    parameters: {
+      type: "object",
+      properties: {
+        pattern: { type: "string", description: "Text or regex pattern to search for" },
+        path: { type: "string", description: "Directory to search in (default: current dir)" },
+        file_glob: { type: "string", description: "File glob filter (e.g., '*.ts', '*.py')" },
+      },
+      required: ["pattern"],
+    },
+  },
+  {
+    name: "git",
+    description: "Run git operations: status, diff, log, branch, add, commit, stash, checkout. Use for version control tasks.",
+    parameters: {
+      type: "object",
+      properties: {
+        command: { type: "string", description: "Git subcommand and args (e.g., 'status', 'diff --cached', 'log --oneline -10', 'commit -m \"msg\"')" },
+      },
+      required: ["command"],
+    },
+  },
+  {
+    name: "web_fetch",
+    description: "Fetch content from a URL and return it as text/markdown. Use to read web pages, docs, APIs.",
+    parameters: {
+      type: "object",
+      properties: {
+        url: { type: "string", description: "URL to fetch" },
+      },
+      required: ["url"],
+    },
+  },
+  {
+    name: "keychain",
+    description: "Manage macOS Keychain secrets. Read (masked), store, or delete credentials. Values are never shown in full — only first 4 + last 4 chars.",
+    parameters: {
+      type: "object",
+      properties: {
+        action: { type: "string", enum: ["get", "set", "delete", "list"], description: "get: read secret (masked), set: store secret, delete: remove, list: search" },
+        service: { type: "string", description: "Service name (e.g., 'google-ai-key', 'my-api-token')" },
+        account: { type: "string", description: "Account name (default: 'wispy')" },
+        value: { type: "string", description: "Secret value (only for 'set' action)" },
+      },
+      required: ["action", "service"],
+    },
+  },
+  {
+    name: "clipboard",
+    description: "Copy text to clipboard (macOS/Linux) or read current clipboard contents.",
+    parameters: {
+      type: "object",
+      properties: {
+        action: { type: "string", enum: ["copy", "paste"], description: "copy: write to clipboard, paste: read from clipboard" },
+        text: { type: "string", description: "Text to copy (only for copy action)" },
+      },
+      required: ["action"],
+    },
+  },
   {
     name: "spawn_agent",
     description: "Spawn a sub-agent for a well-scoped task. Use for sidecar tasks that can run in parallel. Do NOT spawn for the immediate blocking step — do that yourself. Each agent gets its own context. Prefer concrete, bounded tasks with clear deliverables.",
@@ -863,6 +937,10 @@ async function executeTool(name, args) {
       }
 
       case "run_command": {
+        // Block direct keychain password reads via run_command — use keychain tool instead
+        if (/security\s+find-generic-password.*-w/i.test(args.command)) {
+          return { success: false, error: "Use the 'keychain' tool instead of run_command for secrets. It masks sensitive values." };
+        }
         console.log(dim(`  $ ${args.command}`));
         const { stdout, stderr } = await execAsync("/bin/bash", ["-c", args.command], {
           timeout: 30_000,
@@ -939,6 +1017,170 @@ async function executeTool(name, args) {
         };
       }
 
+      case "file_edit": {
+        const filePath = args.path.replace(/^~/, os.homedir());
+        try {
+          const content = await readFile(filePath, "utf8");
+          if (!content.includes(args.old_text)) {
+            return { success: false, error: `Text not found in ${filePath}` };
+          }
+          const newContent = content.replace(args.old_text, args.new_text);
+          await writeFile(filePath, newContent, "utf8");
+          return { success: true, message: `Edited ${filePath}: replaced ${args.old_text.length} chars` };
+        } catch (err) {
+          return { success: false, error: err.message };
+        }
+      }
+
+      case "file_search": {
+        const { promisify: prom } = await import("node:util");
+        const { execFile: ef2 } = await import("node:child_process");
+        const exec2 = prom(ef2);
+        const searchPath = (args.path || ".").replace(/^~/, os.homedir());
+        const glob = args.file_glob ? `--include="${args.file_glob}"` : "";
+        try {
+          const { stdout } = await exec2("/bin/bash", ["-c",
+            `grep -rn ${glob} "${args.pattern}" "${searchPath}" 2>/dev/null | head -30`
+          ], { timeout: 10_000 });
+          const lines = stdout.trim().split("\n").filter(Boolean);
+          return { success: true, matches: lines.length, results: stdout.trim().slice(0, 5000) };
+        } catch {
+          return { success: true, matches: 0, results: "No matches found." };
+        }
+      }
+
+      case "git": {
+        const { promisify: prom } = await import("node:util");
+        const { execFile: ef2 } = await import("node:child_process");
+        const exec2 = prom(ef2);
+        console.log(dim(`  $ git ${args.command}`));
+        try {
+          const { stdout, stderr } = await exec2("/bin/bash", ["-c", `git ${args.command}`], {
+            timeout: 15_000, cwd: process.cwd(),
+          });
+          return { success: true, output: (stdout + (stderr ? `\n${stderr}` : "")).trim().slice(0, 5000) };
+        } catch (err) {
+          return { success: false, error: err.stderr?.trim() || err.message };
+        }
+      }
+
+      case "web_fetch": {
+        try {
+          const resp = await fetch(args.url, {
+            headers: { "User-Agent": "Wispy/0.2" },
+            signal: AbortSignal.timeout(15_000),
+          });
+          const contentType = resp.headers.get("content-type") ?? "";
+          const text = await resp.text();
+          // Basic HTML → text conversion
+          const cleaned = contentType.includes("html")
+            ? text.replace(/<script[\s\S]*?<\/script>/gi, "")
+                  .replace(/<style[\s\S]*?<\/style>/gi, "")
+                  .replace(/<[^>]+>/g, " ")
+                  .replace(/\s+/g, " ")
+                  .trim()
+            : text;
+          return { success: true, content: cleaned.slice(0, 10_000), contentType, status: resp.status };
+        } catch (err) {
+          return { success: false, error: err.message };
+        }
+      }
+
+      case "keychain": {
+        const { promisify: prom } = await import("node:util");
+        const { execFile: ef2 } = await import("node:child_process");
+        const exec2 = prom(ef2);
+        const account = args.account ?? "wispy";
+
+        if (process.platform !== "darwin") {
+          return { success: false, error: "Keychain is only supported on macOS" };
+        }
+
+        if (args.action === "get") {
+          try {
+            const { stdout } = await exec2("security", [
+              "find-generic-password", "-s", args.service, "-a", account, "-w"
+            ], { timeout: 5000 });
+            const val = stdout.trim();
+            // NEVER expose full secret — mask middle
+            const masked = val.length > 8
+              ? `${val.slice(0, 4)}${"*".repeat(Math.min(val.length - 8, 20))}${val.slice(-4)}`
+              : "****";
+            return { success: true, service: args.service, account, value_masked: masked, length: val.length };
+          } catch {
+            return { success: false, error: `No keychain entry found for service="${args.service}" account="${account}"` };
+          }
+        }
+
+        if (args.action === "set") {
+          if (!args.value) return { success: false, error: "value is required for set action" };
+          try {
+            // Delete existing first (ignore error if not found)
+            await exec2("security", [
+              "delete-generic-password", "-s", args.service, "-a", account
+            ]).catch(() => {});
+            await exec2("security", [
+              "add-generic-password", "-s", args.service, "-a", account, "-w", args.value
+            ], { timeout: 5000 });
+            return { success: true, message: `Stored secret for service="${args.service}" account="${account}"` };
+          } catch (err) {
+            return { success: false, error: err.message };
+          }
+        }
+
+        if (args.action === "delete") {
+          try {
+            await exec2("security", [
+              "delete-generic-password", "-s", args.service, "-a", account
+            ], { timeout: 5000 });
+            return { success: true, message: `Deleted keychain entry for service="${args.service}"` };
+          } catch {
+            return { success: false, error: `No entry found for service="${args.service}"` };
+          }
+        }
+
+        if (args.action === "list") {
+          try {
+            const { stdout } = await exec2("/bin/bash", ["-c",
+              `security dump-keychain 2>/dev/null | grep -A 4 "\"svce\"" | grep -E "svce|acct" | head -20`
+            ], { timeout: 5000 });
+            return { success: true, entries: stdout.trim() || "No entries found" };
+          } catch {
+            return { success: true, entries: "No entries found" };
+          }
+        }
+
+        return { success: false, error: "action must be get, set, delete, or list" };
+      }
+
+      case "clipboard": {
+        const { promisify: prom } = await import("node:util");
+        const { execFile: ef2 } = await import("node:child_process");
+        const exec2 = prom(ef2);
+        if (args.action === "copy") {
+          const { exec: execCb } = await import("node:child_process");
+          const execP = prom(execCb);
+          try {
+            // macOS: pbcopy, Linux: xclip
+            const copyCmd = process.platform === "darwin" ? "pbcopy" : "xclip -selection clipboard";
+            await execP(`echo "${args.text.replace(/"/g, '\\"')}" | ${copyCmd}`);
+            return { success: true, message: `Copied ${args.text.length} chars to clipboard` };
+          } catch (err) {
+            return { success: false, error: err.message };
+          }
+        }
+        if (args.action === "paste") {
+          try {
+            const pasteCmd = process.platform === "darwin" ? "pbpaste" : "xclip -selection clipboard -o";
+            const { stdout } = await exec2("/bin/bash", ["-c", pasteCmd], { timeout: 3000 });
+            return { success: true, content: stdout.slice(0, 5000) };
+          } catch (err) {
+            return { success: false, error: err.message };
+          }
+        }
+        return { success: false, error: "action must be 'copy' or 'paste'" };
+      }
+
       case "spawn_agent": {
         const role = args.role ?? "worker";
         const tierMap = { explorer: "cheap", planner: "mid", worker: "mid", reviewer: "mid" };
@@ -1282,7 +1524,14 @@ async function buildSystemPrompt(messages = []) {
     "  - NEVER reply in Korean when the user wrote in English.",
     "",
     "## Tools",
-    "You have: read_file, write_file, run_command, list_directory, web_search, spawn_agent, spawn_async_agent, pipeline, ralph_loop, update_plan, list_agents, get_agent_result.",
+    "You have 18 tools: read_file, write_file, file_edit, file_search, run_command, list_directory, git, web_search, web_fetch, keychain, clipboard, spawn_agent, spawn_async_agent, pipeline, ralph_loop, update_plan, list_agents, get_agent_result.",
+    "- file_edit: for targeted text replacement (prefer over write_file for edits)",
+    "- file_search: grep across codebase",
+    "- git: any git command",
+    "- web_fetch: read URL content",
+    "- keychain: macOS Keychain secrets (ALWAYS use this for secrets, NEVER run_command)",
+    "- clipboard: copy/paste system clipboard",
+    "- SECURITY: Never show full API keys or secrets. Always use keychain tool which masks values.",
     "Use them proactively. Briefly mention what you're doing.",
     "",
   ];
@@ -1882,6 +2131,66 @@ ${bold("Wispy Commands:")}
     return true;
   }
 
+  if (cmd === "/sessions" || cmd === "/ls") {
+    const wsList = await listWorkstreams();
+    if (wsList.length === 0) {
+      console.log(dim("No sessions yet."));
+    } else {
+      console.log(bold("\n📂 Sessions:\n"));
+      for (const ws of wsList) {
+        const conv = await loadWorkstreamConversation(ws);
+        const msgs = conv.filter(m => m.role === "user").length;
+        const marker = ws === ACTIVE_WORKSTREAM ? green("● ") : "  ";
+        console.log(`${marker}${ws.padEnd(20)} ${dim(`${msgs} messages`)}`);
+      }
+    }
+    console.log(dim(`\nSwitch: wispy -w <name> | Delete: /delete <name>`));
+    return true;
+  }
+
+  if (cmd === "/delete" || cmd === "/rm") {
+    const target = parts[1];
+    if (!target) { console.log(yellow("Usage: /delete <workstream-name>")); return true; }
+    const wsPath = path.join(CONVERSATIONS_DIR, `${target}.json`);
+    try {
+      const { unlink } = await import("node:fs/promises");
+      await unlink(wsPath);
+      // Also delete work.md and plan
+      await unlink(path.join(CONVERSATIONS_DIR, `${target}.work.md`)).catch(() => {});
+      await unlink(path.join(CONVERSATIONS_DIR, `${target}.plan.json`)).catch(() => {});
+      console.log(green(`🗑️  Deleted session "${target}"`));
+    } catch {
+      console.log(red(`Session "${target}" not found.`));
+    }
+    return true;
+  }
+
+  if (cmd === "/export") {
+    const conv = await loadConversation();
+    const userAssistant = conv.filter(m => m.role === "user" || m.role === "assistant");
+    if (userAssistant.length === 0) { console.log(dim("Nothing to export.")); return true; }
+
+    const format = parts[1] ?? "md";
+    const lines = userAssistant.map(m => {
+      const role = m.role === "user" ? "**You**" : "**Wispy**";
+      return `${role}: ${m.content}`;
+    });
+
+    if (format === "clipboard" || format === "copy") {
+      const { execSync: es } = await import("node:child_process");
+      try {
+        const text = lines.join("\n\n");
+        es(`echo "${text.replace(/"/g, '\\"').slice(0, 50000)}" | pbcopy`);
+        console.log(green(`📋 Copied ${userAssistant.length} messages to clipboard`));
+      } catch { console.log(red("Clipboard copy failed.")); }
+    } else {
+      const exportPath = path.join(CONVERSATIONS_DIR, `${ACTIVE_WORKSTREAM}.export.md`);
+      await writeFile(exportPath, `# ${ACTIVE_WORKSTREAM}\n\n${lines.join("\n\n")}\n`, "utf8");
+      console.log(green(`📄 Exported to ${exportPath}`));
+    }
+    return true;
+  }
+
   if (cmd === "/provider") {
     console.log(dim(`Provider: ${PROVIDERS[PROVIDER]?.label ?? PROVIDER}`));
     console.log(dim(`Model: ${MODEL}`));
@@ -2276,6 +2585,9 @@ ${bold("In-session commands:")}
   /workstreams              List all workstreams
   /overview                 Director view — all workstreams at a glance
   /search <keyword>         Search across all workstreams
+  /sessions                 List all sessions
+  /delete <name>            Delete a session
+  /export [md|clipboard]    Export conversation
   /provider                 Show current provider info
   /quit                     Exit
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wispy-cli",
-  "version": "0.2.2",
+  "version": "0.3.1",
   "description": "🌿 Wispy — AI workspace assistant with multi-agent orchestration",
   "license": "Apache-2.0",
   "author": "Minseo & Poropo",