wispy-cli 2.7.12 → 2.7.13

package/core/engine.mjs

@@ -12,7 +12,7 @@
 
 import os from "node:os";
 import path from "node:path";
-import { readFile, writeFile, mkdir, appendFile } from "node:fs/promises";
+import { readFile, writeFile, mkdir, appendFile, stat as fsStat } from "node:fs/promises";
 
 import { WISPY_DIR, CONVERSATIONS_DIR, MEMORY_DIR, MCP_CONFIG_PATH, detectProvider, PROVIDERS } from "./config.mjs";
 import { NullEmitter } from "../lib/jsonl-emitter.mjs";
@@ -43,6 +43,7 @@ import { UserModel } from "./user-model.mjs";
 import { routeTask, classifyTask, filterAvailableModels } from "./task-router.mjs";
 import { decomposeTask, executeDecomposedPlan } from "./task-decomposer.mjs";
 import { BrowserBridge } from "./browser.mjs";
+import { LoopDetector } from "./loop-detector.mjs";
 
 const MAX_TOOL_ROUNDS = 10;
 const MAX_CONTEXT_CHARS = 40_000;
@@ -333,7 +334,38 @@ export class WispyEngine {
     // Optimize context
     messages = this._optimizeContext(messages);
 
+    // Create a fresh loop detector per agent turn
+    const loopDetector = new LoopDetector();
+    let loopWarned = false;
+
     for (let round = 0; round < MAX_TOOL_ROUNDS; round++) {
+      // ── Loop detection check before LLM call ─────────────────────────────
+      if (loopDetector.size >= 2) {
+        const loopCheck = loopDetector.check();
+        if (loopCheck.looping) {
+          if (opts.onLoopDetected) opts.onLoopDetected(loopCheck);
+
+          if (!loopWarned) {
+            // First warning: inject a system message and continue
+            loopWarned = true;
+            const warningMsg = loopCheck.suggestion ?? `Loop detected: agent called ${loopCheck.tool} multiple times without progress. Try a different approach.`;
+            messages.push({
+              role: "user",
+              content: `[SYSTEM WARNING] ${warningMsg}`,
+            });
+            if (process.env.WISPY_DEBUG) {
+              console.error(`[wispy] Loop detected: ${loopCheck.reason} — warning injected`);
+            }
+          } else {
+            // Second time loop detected after warning: force-break the agent turn
+            if (process.env.WISPY_DEBUG) {
+              console.error(`[wispy] Loop force-break: ${loopCheck.reason}`);
+            }
+            return `⚠️ Agent loop detected and stopped: ${loopCheck.suggestion ?? loopCheck.reason}. Please try rephrasing your request.`;
+          }
+        }
+      }
+
       const result = await this.providers.chat(messages, this.tools.getDefinitions(), {
         onChunk: opts.onChunk,
         model: opts.model,
@@ -371,6 +403,9 @@ export class WispyEngine {
           }
         }
 
+        // Record into loop detector
+        loopDetector.record(call.name, call.args, toolResult);
+
         const _toolDuration = Date.now() - _toolStartMs;
         if (opts.onToolResult) opts.onToolResult(call.name, toolResult);
         loopEmitter.toolResult(call.name, toolResult, _toolDuration);

package/core/harness.mjs

@@ -536,6 +536,56 @@ export class Harness extends EventEmitter {
       receipt.approved = permResult.approved;
     }
 
+    // ── 1b. Approval gate (security mode) ────────────────────────────────────
+    const securityMode = this.config.securityLevel ?? context.securityLevel ?? "balanced";
+    if (_needsApproval(toolName, args, securityMode) && permResult.allowed) {
+      // Check allowlist first
+      const allowlisted = await this.allowlist.matches(toolName, args);
+      if (!allowlisted) {
+        // Non-interactive (no TTY): auto-deny in careful, auto-allow in balanced/yolo
+        const isTTY = process.stdin.isTTY && process.stdout.isTTY;
+        if (!isTTY) {
+          if (securityMode === "careful") {
+            receipt.approved = false;
+            receipt.success = false;
+            receipt.error = `Auto-denied (careful mode, non-interactive): ${toolName}`;
+            receipt.duration = Date.now() - callStart;
+            this.emit("tool:denied", { toolName, args, receipt, context, reason: "non-interactive-careful" });
+            return new HarnessResult({ result: { success: false, error: receipt.error, denied: true }, receipt, denied: true });
+          }
+          // balanced/yolo non-interactive → auto-allow
+          receipt.approved = true;
+        } else {
+          // Emit approval_required event and wait for response
+          const approved = await this._requestApproval(toolName, args, receipt, context, securityMode);
+          receipt.approved = approved;
+          if (!approved) {
+            receipt.success = false;
+            receipt.error = `Approval denied for: ${toolName}`;
+            receipt.duration = Date.now() - callStart;
+            this.audit.log({
+              type: EVENT_TYPES.APPROVAL_DENIED,
+              sessionId: context.sessionId,
+              tool: toolName,
+              args,
+            }).catch(() => {});
+            this.emit("tool:denied", { toolName, args, receipt, context, reason: "approval-denied" });
+            return new HarnessResult({ result: { success: false, error: receipt.error, denied: true }, receipt, denied: true });
+          }
+          // User approved — add to allowlist if they want to remember
+          // (The auto-approve-and-remember logic is handled by the approval handler)
+          this.audit.log({
+            type: EVENT_TYPES.APPROVAL_GRANTED ?? "approval_granted",
+            sessionId: context.sessionId,
+            tool: toolName,
+            args,
+          }).catch(() => {});
+        }
+      } else {
+        receipt.approved = true; // allowlisted
+      }
+    }
+
     // ── 2. Dry-run mode ──────────────────────────────────────────────────────
     if (receipt.dryRun) {
       const preview = simulateDryRun(toolName, args);
@@ -650,6 +700,43 @@ export class Harness extends EventEmitter {
     return new HarnessResult({ result, receipt });
   }
 
+  /**
+   * Emit 'approval_required' and wait for user response.
+   * Resolves to true (approved) or false (denied).
+   */
+  async _requestApproval(toolName, args, receipt, context, mode) {
+    return new Promise((resolve) => {
+      // Timeout after 60s → auto-deny in careful, auto-allow otherwise
+      const timer = setTimeout(() => {
+        if (mode === "careful") {
+          resolve(false);
+        } else {
+          resolve(true);
+        }
+      }, 60_000);
+
+      const respond = (approved, remember = false) => {
+        clearTimeout(timer);
+        if (remember && approved) {
+          const pattern = _getArgString(toolName, args);
+          if (pattern) {
+            this.allowlist.add(toolName, pattern).catch(() => {});
+          }
+        }
+        resolve(approved);
+      };
+
+      this.emit("approval_required", {
+        tool: toolName,
+        args,
+        receipt,
+        context,
+        mode,
+        respond,
+      });
+    });
+  }
+
   /**
    * Set sandbox mode for a tool.
    * @param {string} toolName

package/core/providers.mjs

@@ -290,6 +290,17 @@ export class ProviderRegistry {
             type: "tool_use", id: tc.id ?? tc.name, name: tc.name, input: tc.args,
           })),
         });
+      } else if (m.images && m.images.length > 0) {
+        // Multimodal message with images (Anthropic format)
+        const contentParts = m.images.map(img => ({
+          type: "image",
+          source: { type: "base64", media_type: img.mimeType, data: img.data },
+        }));
+        if (m.content) contentParts.push({ type: "text", text: m.content });
+        anthropicMessages.push({
+          role: m.role === "assistant" ? "assistant" : "user",
+          content: contentParts,
+        });
       } else {
         anthropicMessages.push({
           role: m.role === "assistant" ? "assistant" : "user",
@@ -400,6 +411,15 @@ export class ProviderRegistry {
           })),
         };
       }
+      // Multimodal message with images (OpenAI format)
+      if (m.images && m.images.length > 0) {
+        const contentParts = m.images.map(img => ({
+          type: "image_url",
+          image_url: { url: `data:${img.mimeType};base64,${img.data}` },
+        }));
+        if (m.content) contentParts.push({ type: "text", text: m.content });
+        return { role: m.role === "assistant" ? "assistant" : "user", content: contentParts };
+      }
       return { role: m.role, content: m.content };
     });
 

package/core/tools.mjs

@@ -326,6 +326,21 @@ export class ToolRegistry {
           },
         },
       },
+      // ── apply_patch (Part 3) ─────────────────────────────────────────────────
+      {
+        name: "apply_patch",
+        description: "Apply multi-file patches. Supports creating, editing, and deleting files in one atomic operation. All operations succeed or all rollback.",
+        parameters: {
+          type: "object",
+          properties: {
+            patch: {
+              type: "string",
+              description: "Patch in structured format:\n*** Begin Patch\n*** Add File: path\n+line1\n+line2\n*** Edit File: path\n@@@ context line @@@\n-old line\n+new line\n*** Delete File: path\n*** End Patch",
+            },
+          },
+          required: ["patch"],
+        },
+      },
     ];
 
     for (const def of builtins) {
@@ -631,6 +646,9 @@ export class ToolRegistry {
           return { success: false, error: "action must be 'copy' or 'paste'" };
         }
 
+        case "apply_patch":
+          return this._executeApplyPatch(args.patch);
+
         // Agent tools — these are handled by the engine level
         case "spawn_agent":
         case "list_agents":
@@ -656,10 +674,195 @@ export class ToolRegistry {
           return { success: false, error: `Tool "${name}" requires engine context. Call via WispyEngine.processMessage().` };
 
         default:
-          return { success: false, error: `Unknown tool: ${name}. Available built-in tools: read_file, write_file, file_edit, file_search, run_command, list_directory, git, web_search, web_fetch, keychain, clipboard` };
+          return { success: false, error: `Unknown tool: ${name}. Available built-in tools: read_file, write_file, file_edit, file_search, run_command, list_directory, git, web_search, web_fetch, keychain, clipboard, apply_patch` };
       }
     } catch (err) {
       return { success: false, error: err.message };
     }
   }
+
+  /**
+   * Execute an apply_patch operation atomically.
+   * Supports: Add File, Edit File, Delete File
+   *
+   * Format:
+   *   *** Begin Patch
+   *   *** Add File: path/to/file.txt
+   *   +line content
+   *   *** Edit File: path/to/file.txt
+   *   @@@ context @@@
+   *   -old line
+   *   +new line
+   *   *** Delete File: path/to/file.txt
+   *   *** End Patch
+   */
+  async _executeApplyPatch(patchText) {
+    if (!patchText || typeof patchText !== "string") {
+      return { success: false, error: "patch parameter is required and must be a string" };
+    }
+
+    const { readFile: rf, writeFile: wf, unlink, mkdir: mkdirFs } = await import("node:fs/promises");
+
+    const lines = patchText.split("\n");
+    const operations = [];
+
+    // ── Parse operations ──────────────────────────────────────────────────────
+    let i = 0;
+    // Skip to Begin Patch
+    while (i < lines.length && !lines[i].startsWith("*** Begin Patch")) i++;
+    if (i >= lines.length) {
+      return { success: false, error: 'Patch must start with "*** Begin Patch"' };
+    }
+    i++;
+
+    while (i < lines.length) {
+      const line = lines[i];
+
+      if (line.startsWith("*** End Patch")) break;
+
+      if (line.startsWith("*** Add File:")) {
+        const filePath = line.slice("*** Add File:".length).trim();
+        const addLines = [];
+        i++;
+        while (i < lines.length && !lines[i].startsWith("***")) {
+          const l = lines[i];
+          if (l.startsWith("+")) addLines.push(l.slice(1));
+          else if (l.startsWith(" ")) addLines.push(l.slice(1));
+          // Lines starting with - are ignored for Add File
+          i++;
+        }
+        operations.push({ type: "add", path: filePath, content: addLines.join("\n") });
+        continue;
+      }
+
+      if (line.startsWith("*** Edit File:")) {
+        const filePath = line.slice("*** Edit File:".length).trim();
+        const hunks = [];
+        i++;
+        // Parse edit hunks
+        while (i < lines.length && !lines[i].startsWith("*** ")) {
+          const hunkLine = lines[i];
+          if (hunkLine.startsWith("@@@")) {
+            // Start of a hunk: @@@ context @@@
+            const contextText = hunkLine.replace(/^@@@\s*/, "").replace(/\s*@@@$/, "").trim();
+            const removals = [];
+            const additions = [];
+            i++;
+            while (i < lines.length && !lines[i].startsWith("@@@") && !lines[i].startsWith("***")) {
+              const hl = lines[i];
+              if (hl.startsWith("-")) removals.push(hl.slice(1));
+              else if (hl.startsWith("+")) additions.push(hl.slice(1));
+              i++;
+            }
+            hunks.push({ context: contextText, removals, additions });
+            continue;
+          }
+          i++;
+        }
+        operations.push({ type: "edit", path: filePath, hunks });
+        continue;
+      }
+
+      if (line.startsWith("*** Delete File:")) {
+        const filePath = line.slice("*** Delete File:".length).trim();
+        operations.push({ type: "delete", path: filePath });
+        i++;
+        continue;
+      }
+
+      i++;
+    }
+
+    if (operations.length === 0) {
+      return { success: false, error: "No valid operations found in patch" };
+    }
+
+    // ── Resolve paths ─────────────────────────────────────────────────────────
+    const resolvePatchPath = (p) => {
+      let resolved = p.replace(/^~/, os.homedir());
+      if (!path.isAbsolute(resolved)) resolved = path.resolve(process.cwd(), resolved);
+      return resolved;
+    };
+
+    // ── Pre-flight: load original file contents for rollback ──────────────────
+    const originalContents = new Map(); // path → string | null (null = didn't exist)
+    for (const op of operations) {
+      const resolved = resolvePatchPath(op.path);
+      try {
+        originalContents.set(resolved, await rf(resolved, "utf8"));
+      } catch {
+        originalContents.set(resolved, null);
+      }
+    }
+
+    // ── Apply operations ──────────────────────────────────────────────────────
+    const applied = [];
+    const results = [];
+
+    try {
+      for (const op of operations) {
+        const resolved = resolvePatchPath(op.path);
+
+        if (op.type === "add") {
+          await mkdirFs(path.dirname(resolved), { recursive: true });
+          await wf(resolved, op.content, "utf8");
+          applied.push({ op, resolved });
+          results.push(`✅ Added: ${op.path}`);
+
+        } else if (op.type === "edit") {
+          const original = originalContents.get(resolved);
+          if (original === null) {
+            throw new Error(`Cannot edit non-existent file: ${op.path}`);
+          }
+          let current = original;
+          for (const hunk of op.hunks) {
+            const oldText = hunk.removals.join("\n");
+            const newText = hunk.additions.join("\n");
+            if (oldText && !current.includes(oldText)) {
+              throw new Error(`Edit hunk not found in ${op.path}: "${oldText.slice(0, 60)}"`);
+            }
+            current = oldText ? current.replace(oldText, newText) : current + "\n" + newText;
+          }
+          await wf(resolved, current, "utf8");
+          applied.push({ op, resolved });
+          results.push(`✅ Edited: ${op.path}`);
+
+        } else if (op.type === "delete") {
+          await unlink(resolved);
+          applied.push({ op, resolved });
+          results.push(`✅ Deleted: ${op.path}`);
+        }
+      }
+    } catch (err) {
+      // ── Rollback all applied operations ──────────────────────────────────────
+      for (const { op, resolved } of applied.reverse()) {
+        try {
+          const original = originalContents.get(resolved);
+          if (op.type === "delete" && original !== null) {
+            // Restore deleted file
+            await wf(resolved, original, "utf8");
+          } else if ((op.type === "add") && original === null) {
+            // Remove newly created file
+            await unlink(resolved).catch(() => {});
+          } else if (op.type === "edit" && original !== null) {
+            // Restore original content
+            await wf(resolved, original, "utf8");
+          }
+        } catch { /* best-effort rollback */ }
+      }
+
+      return {
+        success: false,
+        error: `Patch failed (rolled back): ${err.message}`,
+        applied: applied.length,
+        total: operations.length,
+      };
+    }
+
+    return {
+      success: true,
+      message: `Applied ${operations.length} operation(s)`,
+      results,
+    };
+  }
 }

package/lib/commands/trust.mjs

@@ -319,6 +319,58 @@ export async function cmdTrustReceipt(id) {
   console.log("");
 }
 
+export async function cmdTrustApprovals(subArgs = []) {
+  const { globalAllowlist } = await import("../../core/harness.mjs");
+  const action = subArgs[0];
+
+  if (!action || action === "list") {
+    const list = await globalAllowlist.getAll();
+    console.log(`\n${bold("🔐 Approval Allowlist")} ${dim("(auto-approved patterns)")}\n`);
+    let empty = true;
+    for (const [tool, patterns] of Object.entries(list)) {
+      if (patterns.length === 0) continue;
+      empty = false;
+      console.log(`  ${cyan(tool)}:`);
+      for (const p of patterns) {
+        console.log(`    ${dim("•")} ${p}`);
+      }
+    }
+    if (empty) {
+      console.log(dim("  No patterns configured."));
+    }
+    console.log(dim("\n  Manage: wispy trust approvals add <tool> <pattern>"));
+    console.log(dim("           wispy trust approvals clear"));
+    console.log(dim("           wispy trust approvals reset\n"));
+    return;
+  }
+
+  if (action === "add") {
+    const tool = subArgs[1];
+    const pattern = subArgs[2];
+    if (!tool || !pattern) {
+      console.log(yellow("Usage: wispy trust approvals add <tool> <pattern>"));
+      return;
+    }
+    await globalAllowlist.add(tool, pattern);
+    console.log(`${green("✅")} Added pattern for ${cyan(tool)}: ${pattern}`);
+    return;
+  }
+
+  if (action === "clear") {
+    await globalAllowlist.clear();
+    console.log(green("✅ Allowlist cleared."));
+    return;
+  }
+
+  if (action === "reset") {
+    await globalAllowlist.reset();
+    console.log(green("✅ Allowlist reset to defaults."));
+    return;
+  }
+
+  console.log(yellow(`Unknown approvals action: ${action}. Use: list, add, clear, reset`));
+}
+
 export async function handleTrustCommand(args) {
   const sub = args[1];
 
@@ -405,6 +457,7 @@ export async function handleTrustCommand(args) {
   if (sub === "log") return cmdTrustLog(args.slice(2));
   if (sub === "replay") return cmdTrustReplay(args[2]);
   if (sub === "receipt") return cmdTrustReceipt(args[2]);
+  if (sub === "approvals") return cmdTrustApprovals(args.slice(2));
 
   console.log(`
 ${bold("🔐 Trust Commands")}
@@ -414,5 +467,9 @@ ${bold("🔐 Trust Commands")}
   wispy trust log                          ${dim("show audit log")}
   wispy trust replay <session-id>          ${dim("replay session step by step")}
   wispy trust receipt <session-id>         ${dim("show execution receipt")}
+  wispy trust approvals                    ${dim("list approval allowlist")}
+  wispy trust approvals add <tool> <pat>   ${dim("add an allowlist pattern")}
+  wispy trust approvals clear              ${dim("clear all allowlist patterns")}
+  wispy trust approvals reset              ${dim("reset allowlist to defaults")}
 `);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wispy-cli",
-  "version": "2.7.12",
+  "version": "2.7.13",
   "description": "🌿 Wispy — AI workspace assistant with trustworthy execution (harness, receipts, approvals, diffs)",
   "license": "MIT",
   "author": "Minseo & Poropo",