npm - wispy-cli - Versions diffs - 2.7.11 → 2.7.13 - Mend

wispy-cli 2.7.11 → 2.7.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/core/harness.mjs CHANGED Viewed

@@ -13,12 +13,145 @@
  */
 import { EventEmitter } from "node:events";
-import { readFile } from "node:fs/promises";
+import { readFile, writeFile, mkdir } from "node:fs/promises";
 import path from "node:path";
 import os from "node:os";
 import { EVENT_TYPES } from "./audit.mjs";
+// ── Approval gate constants ────────────────────────────────────────────────────
+// Tools that require approval depending on security mode
+const DANGEROUS_TOOLS = new Set([
+  "run_command", "write_file", "file_edit", "delete_file",
+  "spawn_subagent", "browser_navigate",
+]);
+// Tools that ALWAYS require approval (even in yolo mode)
+const ALWAYS_APPROVE = new Set(["delete_file"]);
+// System-path prefixes — writing here requires approval even in balanced mode
+const SYSTEM_PATH_PREFIXES = ["/usr", "/etc", "/System", "/bin", "/sbin", "/Library/LaunchDaemons"];
+const APPROVALS_PATH = path.join(os.homedir(), ".wispy", "approvals.json");
+const DEFAULT_ALLOWLIST = {
+  run_command: ["npm test", "npm run build", "git status", "git diff", "ls"],
+  write_file: [],
+  file_edit: [],
+  delete_file: [],
+  spawn_subagent: [],
+  browser_navigate: [],
+};
+// ── Allowlist manager ─────────────────────────────────────────────────────────
+export class ApprovalAllowlist {
+  constructor() {
+    this._list = null; // lazy load
+  }
+  async _load() {
+    if (this._list !== null) return;
+    try {
+      const raw = await readFile(APPROVALS_PATH, "utf8");
+      this._list = JSON.parse(raw);
+    } catch {
+      this._list = { ...DEFAULT_ALLOWLIST };
+    }
+  }
+  async _save() {
+    await mkdir(path.dirname(APPROVALS_PATH), { recursive: true });
+    await writeFile(APPROVALS_PATH, JSON.stringify(this._list, null, 2) + "\n", "utf8");
+  }
+  async matches(toolName, args) {
+    await this._load();
+    const patterns = this._list[toolName] ?? [];
+    if (patterns.length === 0) return false;
+    // Get a string representation of args for matching
+    const argStr = _getArgString(toolName, args);
+    if (!argStr) return false;
+    return patterns.some(pattern => {
+      // Glob-style: "*" matches everything
+      if (pattern === "*") return true;
+      // Prefix match or exact match
+      if (pattern.endsWith("*")) return argStr.startsWith(pattern.slice(0, -1));
+      return argStr === pattern || argStr.startsWith(pattern);
+    });
+  }
+  async add(toolName, pattern) {
+    await this._load();
+    if (!this._list[toolName]) this._list[toolName] = [];
+    if (!this._list[toolName].includes(pattern)) {
+      this._list[toolName].push(pattern);
+      await this._save();
+    }
+  }
+  async clear() {
+    this._list = {};
+    await this._save();
+  }
+  async reset() {
+    this._list = { ...DEFAULT_ALLOWLIST };
+    await this._save();
+  }
+  async getAll() {
+    await this._load();
+    return { ...this._list };
+  }
+}
+// Singleton allowlist instance
+const globalAllowlist = new ApprovalAllowlist();
+function _getArgString(toolName, args) {
+  if (!args) return "";
+  if (toolName === "run_command") return args.command ?? "";
+  if (toolName === "write_file" || toolName === "file_edit") return args.path ?? "";
+  if (toolName === "delete_file") return args.path ?? "";
+  if (toolName === "browser_navigate") return args.url ?? "";
+  if (toolName === "spawn_subagent") return args.task ?? "";
+  return JSON.stringify(args);
+}
+/**
+ * Determine if a tool+args needs approval based on security mode.
+ * @param {string} toolName
+ * @param {object} args
+ * @param {string} mode - "careful" | "balanced" | "yolo"
+ * @returns {boolean}
+ */
+function _needsApproval(toolName, args, mode) {
+  if (ALWAYS_APPROVE.has(toolName)) return true;
+  if (!DANGEROUS_TOOLS.has(toolName)) return false;
+  if (mode === "careful") return true;
+  if (mode === "balanced") {
+    // Only destructive tools or writes to system paths
+    if (toolName === "delete_file") return true;
+    if (toolName === "write_file" || toolName === "file_edit") {
+      const filePath = args?.path ?? "";
+      const resolved = filePath.replace(/^~/, os.homedir());
+      return SYSTEM_PATH_PREFIXES.some(prefix => resolved.startsWith(prefix));
+    }
+    return false;
+  }
+  // yolo: only ALWAYS_APPROVE (handled above)
+  return false;
+}
+export { globalAllowlist };
 // ── Receipt ────────────────────────────────────────────────────────────────────
 export class Receipt {
@@ -349,6 +482,7 @@ export class Harness extends EventEmitter {
     this.permissions = permissions;
     this.audit = audit;
     this.config = config;
+    this.allowlist = globalAllowlist;
     // Sandbox config per-tool: "preview" | "diff" | null
     this._sandboxModes = {
@@ -402,6 +536,56 @@ export class Harness extends EventEmitter {
       receipt.approved = permResult.approved;
     }
+    // ── 1b. Approval gate (security mode) ────────────────────────────────────
+    const securityMode = this.config.securityLevel ?? context.securityLevel ?? "balanced";
+    if (_needsApproval(toolName, args, securityMode) && permResult.allowed) {
+      // Check allowlist first
+      const allowlisted = await this.allowlist.matches(toolName, args);
+      if (!allowlisted) {
+        // Non-interactive (no TTY): auto-deny in careful, auto-allow in balanced/yolo
+        const isTTY = process.stdin.isTTY && process.stdout.isTTY;
+        if (!isTTY) {
+          if (securityMode === "careful") {
+            receipt.approved = false;
+            receipt.success = false;
+            receipt.error = `Auto-denied (careful mode, non-interactive): ${toolName}`;
+            receipt.duration = Date.now() - callStart;
+            this.emit("tool:denied", { toolName, args, receipt, context, reason: "non-interactive-careful" });
+            return new HarnessResult({ result: { success: false, error: receipt.error, denied: true }, receipt, denied: true });
+          }
+          // balanced/yolo non-interactive → auto-allow
+          receipt.approved = true;
+        } else {
+          // Emit approval_required event and wait for response
+          const approved = await this._requestApproval(toolName, args, receipt, context, securityMode);
+          receipt.approved = approved;
+          if (!approved) {
+            receipt.success = false;
+            receipt.error = `Approval denied for: ${toolName}`;
+            receipt.duration = Date.now() - callStart;
+            this.audit.log({
+              type: EVENT_TYPES.APPROVAL_DENIED,
+              sessionId: context.sessionId,
+              tool: toolName,
+              args,
+            }).catch(() => {});
+            this.emit("tool:denied", { toolName, args, receipt, context, reason: "approval-denied" });
+            return new HarnessResult({ result: { success: false, error: receipt.error, denied: true }, receipt, denied: true });
+          }
+          // User approved — add to allowlist if they want to remember
+          // (The auto-approve-and-remember logic is handled by the approval handler)
+          this.audit.log({
+            type: EVENT_TYPES.APPROVAL_GRANTED ?? "approval_granted",
+            sessionId: context.sessionId,
+            tool: toolName,
+            args,
+          }).catch(() => {});
+        }
+      } else {
+        receipt.approved = true; // allowlisted
+      }
+    }
     // ── 2. Dry-run mode ──────────────────────────────────────────────────────
     if (receipt.dryRun) {
       const preview = simulateDryRun(toolName, args);
@@ -516,6 +700,43 @@ export class Harness extends EventEmitter {
     return new HarnessResult({ result, receipt });
   }
+  /**
+   * Emit 'approval_required' and wait for user response.
+   * Resolves to true (approved) or false (denied).
+   */
+  async _requestApproval(toolName, args, receipt, context, mode) {
+    return new Promise((resolve) => {
+      // Timeout after 60s → auto-deny in careful, auto-allow otherwise
+      const timer = setTimeout(() => {
+        if (mode === "careful") {
+          resolve(false);
+        } else {
+          resolve(true);
+        }
+      }, 60_000);
+      const respond = (approved, remember = false) => {
+        clearTimeout(timer);
+        if (remember && approved) {
+          const pattern = _getArgString(toolName, args);
+          if (pattern) {
+            this.allowlist.add(toolName, pattern).catch(() => {});
+          }
+        }
+        resolve(approved);
+      };
+      this.emit("approval_required", {
+        tool: toolName,
+        args,
+        receipt,
+        context,
+        mode,
+        respond,
+      });
+    });
+  }
   /**
    * Set sandbox mode for a tool.
    * @param {string} toolName

package/core/index.mjs CHANGED Viewed

@@ -9,7 +9,8 @@ export { SessionManager, Session, sessionManager } from "./session.mjs";
 export { ProviderRegistry } from "./providers.mjs";
 export { ToolRegistry } from "./tools.mjs";
 export { MCPClient, MCPManager, ensureDefaultMcpConfig } from "./mcp.mjs";
-export { loadConfig, saveConfig, detectProvider, isFirstRun, PROVIDERS, WISPY_DIR, CONFIG_PATH, MCP_CONFIG_PATH, SESSIONS_DIR, CONVERSATIONS_DIR, MEMORY_DIR } from "./config.mjs";
+export { loadConfig, saveConfig, loadConfigWithProfile, listProfiles, detectProvider, isFirstRun, PROVIDERS, WISPY_DIR, CONFIG_PATH, MCP_CONFIG_PATH, SESSIONS_DIR, CONVERSATIONS_DIR, MEMORY_DIR } from "./config.mjs";
+export { FeatureManager, getFeatureManager, FEATURE_REGISTRY } from "./features.mjs";
 export { OnboardingWizard, isFirstRun as checkFirstRun, printStatus } from "./onboarding.mjs";
 export { MemoryManager } from "./memory.mjs";
 export { CronManager } from "./cron.mjs";

package/core/providers.mjs CHANGED Viewed

@@ -169,6 +169,16 @@ export class ProviderRegistry {
             functionCall: { name: tc.name, args: tc.args },
           })),
         });
+      } else if (m.images && m.images.length > 0) {
+        // Multimodal message with images (Google format)
+        const parts = m.images.map(img => ({
+          inlineData: { mimeType: img.mimeType, data: img.data },
+        }));
+        if (m.content) parts.push({ text: m.content });
+        contents.push({
+          role: m.role === "assistant" ? "model" : "user",
+          parts,
+        });
       } else {
         contents.push({
           role: m.role === "assistant" ? "model" : "user",
@@ -280,6 +290,17 @@ export class ProviderRegistry {
             type: "tool_use", id: tc.id ?? tc.name, name: tc.name, input: tc.args,
           })),
         });
+      } else if (m.images && m.images.length > 0) {
+        // Multimodal message with images (Anthropic format)
+        const contentParts = m.images.map(img => ({
+          type: "image",
+          source: { type: "base64", media_type: img.mimeType, data: img.data },
+        }));
+        if (m.content) contentParts.push({ type: "text", text: m.content });
+        anthropicMessages.push({
+          role: m.role === "assistant" ? "assistant" : "user",
+          content: contentParts,
+        });
       } else {
         anthropicMessages.push({
           role: m.role === "assistant" ? "assistant" : "user",
@@ -390,6 +411,15 @@ export class ProviderRegistry {
           })),
         };
       }
+      // Multimodal message with images (OpenAI format)
+      if (m.images && m.images.length > 0) {
+        const contentParts = m.images.map(img => ({
+          type: "image_url",
+          image_url: { url: `data:${img.mimeType};base64,${img.data}` },
+        }));
+        if (m.content) contentParts.push({ type: "text", text: m.content });
+        return { role: m.role === "assistant" ? "assistant" : "user", content: contentParts };
+      }
       return { role: m.role, content: m.content };
     });

package/core/session.mjs CHANGED Viewed

@@ -93,6 +93,109 @@ export class SessionManager {
     });
   }
+  /**
+   * List all sessions from disk with metadata (for CLI listing / picking).
+   * Returns sorted by updatedAt descending (most recent first).
+   *
+   * @param {object} options
+   * @param {string} [options.workstream] - Filter by workstream (default: current dir sessions only via all=false)
+   * @param {boolean} [options.all] - Include sessions from all workstreams
+   * @param {number} [options.limit] - Max sessions to return (default: 50)
+   * @returns {Array<{id, workstream, channel, chatId, createdAt, updatedAt, model, messageCount, firstMessage, cwd}>}
+   */
+  async listSessions(options = {}) {
+    const { workstream = null, all: showAll = false, limit = 50 } = options;
+    let files;
+    try {
+      files = await readdir(SESSIONS_DIR);
+    } catch {
+      return [];
+    }
+    const sessionFiles = files.filter(f => f.endsWith(".json"));
+    const results = [];
+    for (const file of sessionFiles) {
+      const id = file.replace(".json", "");
+      const filePath = path.join(SESSIONS_DIR, file);
+      try {
+        const [raw, fileStat] = await Promise.all([
+          readFile(filePath, "utf8"),
+          stat(filePath),
+        ]);
+        let data;
+        try { data = JSON.parse(raw); } catch { continue; }
+        if (!data || !data.id) continue;
+        // Apply workstream filter
+        if (!showAll && workstream && data.workstream !== workstream) continue;
+        const messages = Array.isArray(data.messages) ? data.messages : [];
+        const userMessages = messages.filter(m => m.role === "user");
+        const firstMessage = userMessages[0]?.content ?? messages[0]?.content ?? "";
+        results.push({
+          id: data.id,
+          workstream: data.workstream ?? "default",
+          channel: data.channel ?? null,
+          chatId: data.chatId ?? null,
+          createdAt: data.createdAt ?? fileStat.birthtime.toISOString(),
+          updatedAt: data.updatedAt ?? fileStat.mtime.toISOString(),
+          model: data.model ?? null,
+          messageCount: messages.length,
+          firstMessage: firstMessage.slice(0, 120),
+          cwd: data.cwd ?? null,
+        });
+      } catch {
+        continue;
+      }
+    }
+    // Sort by updatedAt descending
+    results.sort((a, b) => new Date(b.updatedAt) - new Date(a.updatedAt));
+    return results.slice(0, limit);
+  }
+  /**
+   * Load a session by ID and return the full session (alias for load with better name).
+   * Returns null if not found.
+   */
+  async loadSession(id) {
+    return this.getOrLoad(id);
+  }
+  /**
+   * Fork a session: copy its message history into a new session.
+   * The new session starts from the same history but diverges from here.
+   *
+   * @param {string} id - Source session ID
+   * @param {object} opts - Additional options for the new session (workstream, etc.)
+   * @returns {Session} - The new forked session
+   */
+  async forkSession(id, opts = {}) {
+    // Load source session
+    const source = await this.getOrLoad(id);
+    if (!source) {
+      throw new Error(`Session not found: ${id}`);
+    }
+    // Create a new session with same metadata
+    const forked = this.create({
+      workstream: opts.workstream ?? source.workstream,
+      channel: opts.channel ?? null,
+      chatId: opts.chatId ?? null,
+    });
+    // Copy message history (deep copy)
+    forked.messages = source.messages.map(m => ({ ...m }));
+    forked.updatedAt = new Date().toISOString();
+    // Save the forked session
+    await this.save(forked.id);
+    return forked;
+  }
   /**
    * Add a message to a session.
    */

package/core/tools.mjs CHANGED Viewed

@@ -326,6 +326,21 @@ export class ToolRegistry {
           },
         },
       },
+      // ── apply_patch (Part 3) ─────────────────────────────────────────────────
+      {
+        name: "apply_patch",
+        description: "Apply multi-file patches. Supports creating, editing, and deleting files in one atomic operation. All operations succeed or all rollback.",
+        parameters: {
+          type: "object",
+          properties: {
+            patch: {
+              type: "string",
+              description: "Patch in structured format:\n*** Begin Patch\n*** Add File: path\n+line1\n+line2\n*** Edit File: path\n@@@ context line @@@\n-old line\n+new line\n*** Delete File: path\n*** End Patch",
+            },
+          },
+          required: ["patch"],
+        },
+      },
     ];
     for (const def of builtins) {
@@ -631,6 +646,9 @@ export class ToolRegistry {
           return { success: false, error: "action must be 'copy' or 'paste'" };
         }
+        case "apply_patch":
+          return this._executeApplyPatch(args.patch);
         // Agent tools — these are handled by the engine level
         case "spawn_agent":
         case "list_agents":
@@ -656,10 +674,195 @@ export class ToolRegistry {
           return { success: false, error: `Tool "${name}" requires engine context. Call via WispyEngine.processMessage().` };
         default:
-          return { success: false, error: `Unknown tool: ${name}. Available built-in tools: read_file, write_file, file_edit, file_search, run_command, list_directory, git, web_search, web_fetch, keychain, clipboard` };
+          return { success: false, error: `Unknown tool: ${name}. Available built-in tools: read_file, write_file, file_edit, file_search, run_command, list_directory, git, web_search, web_fetch, keychain, clipboard, apply_patch` };
       }
     } catch (err) {
       return { success: false, error: err.message };
     }
   }
+  /**
+   * Execute an apply_patch operation atomically.
+   * Supports: Add File, Edit File, Delete File
+   *
+   * Format:
+   *   *** Begin Patch
+   *   *** Add File: path/to/file.txt
+   *   +line content
+   *   *** Edit File: path/to/file.txt
+   *   @@@ context @@@
+   *   -old line
+   *   +new line
+   *   *** Delete File: path/to/file.txt
+   *   *** End Patch
+   */
+  async _executeApplyPatch(patchText) {
+    if (!patchText || typeof patchText !== "string") {
+      return { success: false, error: "patch parameter is required and must be a string" };
+    }
+    const { readFile: rf, writeFile: wf, unlink, mkdir: mkdirFs } = await import("node:fs/promises");
+    const lines = patchText.split("\n");
+    const operations = [];
+    // ── Parse operations ──────────────────────────────────────────────────────
+    let i = 0;
+    // Skip to Begin Patch
+    while (i < lines.length && !lines[i].startsWith("*** Begin Patch")) i++;
+    if (i >= lines.length) {
+      return { success: false, error: 'Patch must start with "*** Begin Patch"' };
+    }
+    i++;
+    while (i < lines.length) {
+      const line = lines[i];
+      if (line.startsWith("*** End Patch")) break;
+      if (line.startsWith("*** Add File:")) {
+        const filePath = line.slice("*** Add File:".length).trim();
+        const addLines = [];
+        i++;
+        while (i < lines.length && !lines[i].startsWith("***")) {
+          const l = lines[i];
+          if (l.startsWith("+")) addLines.push(l.slice(1));
+          else if (l.startsWith(" ")) addLines.push(l.slice(1));
+          // Lines starting with - are ignored for Add File
+          i++;
+        }
+        operations.push({ type: "add", path: filePath, content: addLines.join("\n") });
+        continue;
+      }
+      if (line.startsWith("*** Edit File:")) {
+        const filePath = line.slice("*** Edit File:".length).trim();
+        const hunks = [];
+        i++;
+        // Parse edit hunks
+        while (i < lines.length && !lines[i].startsWith("*** ")) {
+          const hunkLine = lines[i];
+          if (hunkLine.startsWith("@@@")) {
+            // Start of a hunk: @@@ context @@@
+            const contextText = hunkLine.replace(/^@@@\s*/, "").replace(/\s*@@@$/, "").trim();
+            const removals = [];
+            const additions = [];
+            i++;
+            while (i < lines.length && !lines[i].startsWith("@@@") && !lines[i].startsWith("***")) {
+              const hl = lines[i];
+              if (hl.startsWith("-")) removals.push(hl.slice(1));
+              else if (hl.startsWith("+")) additions.push(hl.slice(1));
+              i++;
+            }
+            hunks.push({ context: contextText, removals, additions });
+            continue;
+          }
+          i++;
+        }
+        operations.push({ type: "edit", path: filePath, hunks });
+        continue;
+      }
+      if (line.startsWith("*** Delete File:")) {
+        const filePath = line.slice("*** Delete File:".length).trim();
+        operations.push({ type: "delete", path: filePath });
+        i++;
+        continue;
+      }
+      i++;
+    }
+    if (operations.length === 0) {
+      return { success: false, error: "No valid operations found in patch" };
+    }
+    // ── Resolve paths ─────────────────────────────────────────────────────────
+    const resolvePatchPath = (p) => {
+      let resolved = p.replace(/^~/, os.homedir());
+      if (!path.isAbsolute(resolved)) resolved = path.resolve(process.cwd(), resolved);
+      return resolved;
+    };
+    // ── Pre-flight: load original file contents for rollback ──────────────────
+    const originalContents = new Map(); // path → string | null (null = didn't exist)
+    for (const op of operations) {
+      const resolved = resolvePatchPath(op.path);
+      try {
+        originalContents.set(resolved, await rf(resolved, "utf8"));
+      } catch {
+        originalContents.set(resolved, null);
+      }
+    }
+    // ── Apply operations ──────────────────────────────────────────────────────
+    const applied = [];
+    const results = [];
+    try {
+      for (const op of operations) {
+        const resolved = resolvePatchPath(op.path);
+        if (op.type === "add") {
+          await mkdirFs(path.dirname(resolved), { recursive: true });
+          await wf(resolved, op.content, "utf8");
+          applied.push({ op, resolved });
+          results.push(`✅ Added: ${op.path}`);
+        } else if (op.type === "edit") {
+          const original = originalContents.get(resolved);
+          if (original === null) {
+            throw new Error(`Cannot edit non-existent file: ${op.path}`);
+          }
+          let current = original;
+          for (const hunk of op.hunks) {
+            const oldText = hunk.removals.join("\n");
+            const newText = hunk.additions.join("\n");
+            if (oldText && !current.includes(oldText)) {
+              throw new Error(`Edit hunk not found in ${op.path}: "${oldText.slice(0, 60)}"`);
+            }
+            current = oldText ? current.replace(oldText, newText) : current + "\n" + newText;
+          }
+          await wf(resolved, current, "utf8");
+          applied.push({ op, resolved });
+          results.push(`✅ Edited: ${op.path}`);
+        } else if (op.type === "delete") {
+          await unlink(resolved);
+          applied.push({ op, resolved });
+          results.push(`✅ Deleted: ${op.path}`);
+        }
+      }
+    } catch (err) {
+      // ── Rollback all applied operations ──────────────────────────────────────
+      for (const { op, resolved } of applied.reverse()) {
+        try {
+          const original = originalContents.get(resolved);
+          if (op.type === "delete" && original !== null) {
+            // Restore deleted file
+            await wf(resolved, original, "utf8");
+          } else if ((op.type === "add") && original === null) {
+            // Remove newly created file
+            await unlink(resolved).catch(() => {});
+          } else if (op.type === "edit" && original !== null) {
+            // Restore original content
+            await wf(resolved, original, "utf8");
+          }
+        } catch { /* best-effort rollback */ }
+      }
+      return {
+        success: false,
+        error: `Patch failed (rolled back): ${err.message}`,
+        applied: applied.length,
+        total: operations.length,
+      };
+    }
+    return {
+      success: true,
+      message: `Applied ${operations.length} operation(s)`,
+      results,
+    };
+  }
 }