npm - wu-framework - Versions diffs - 1.1.6 → 1.1.8 - Mend

wu-framework 1.1.6 → 1.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/README.md +511 -977
package/dist/wu-framework.cjs.js +3 -1
package/dist/wu-framework.cjs.js.map +1 -0
package/dist/wu-framework.dev.js +7533 -2761
package/dist/wu-framework.dev.js.map +1 -1
package/dist/wu-framework.esm.js +3 -0
package/dist/wu-framework.esm.js.map +1 -0
package/dist/wu-framework.umd.js +3 -1
package/dist/wu-framework.umd.js.map +1 -0
package/integrations/astro/README.md +127 -0
package/integrations/astro/WuApp.astro +63 -0
package/integrations/astro/WuShell.astro +39 -0
package/integrations/astro/index.js +68 -0
package/integrations/astro/package.json +38 -0
package/integrations/astro/types.d.ts +53 -0
package/package.json +94 -74
package/src/adapters/angular/ai.js +30 -0
package/src/adapters/angular/index.d.ts +154 -0
package/src/adapters/angular/index.js +932 -0
package/src/adapters/angular.d.ts +3 -154
package/src/adapters/angular.js +3 -813
package/src/adapters/index.js +35 -24
package/src/adapters/lit/ai.js +20 -0
package/src/adapters/lit/index.d.ts +120 -0
package/src/adapters/lit/index.js +721 -0
package/src/adapters/lit.d.ts +3 -120
package/src/adapters/lit.js +3 -726
package/src/adapters/preact/ai.js +33 -0
package/src/adapters/preact/index.d.ts +108 -0
package/src/adapters/preact/index.js +661 -0
package/src/adapters/preact.d.ts +3 -108
package/src/adapters/preact.js +3 -665
package/src/adapters/react/ai.js +135 -0
package/src/adapters/react/index.d.ts +246 -0
package/src/adapters/react/index.js +689 -0
package/src/adapters/react.d.ts +3 -212
package/src/adapters/react.js +3 -513
package/src/adapters/shared.js +64 -0
package/src/adapters/solid/ai.js +32 -0
package/src/adapters/solid/index.d.ts +101 -0
package/src/adapters/solid/index.js +586 -0
package/src/adapters/solid.d.ts +3 -101
package/src/adapters/solid.js +3 -591
package/src/adapters/svelte/ai.js +31 -0
package/src/adapters/svelte/index.d.ts +166 -0
package/src/adapters/svelte/index.js +798 -0
package/src/adapters/svelte.d.ts +3 -166
package/src/adapters/svelte.js +3 -803
package/src/adapters/vanilla/ai.js +30 -0
package/src/adapters/vanilla/index.d.ts +179 -0
package/src/adapters/vanilla/index.js +785 -0
package/src/adapters/vanilla.d.ts +3 -179
package/src/adapters/vanilla.js +3 -791
package/src/adapters/vue/ai.js +52 -0
package/src/adapters/vue/index.d.ts +299 -0
package/src/adapters/vue/index.js +608 -0
package/src/adapters/vue.d.ts +3 -299
package/src/adapters/vue.js +3 -611
package/src/ai/wu-ai-actions.js +261 -0
package/src/ai/wu-ai-browser.js +663 -0
package/src/ai/wu-ai-context.js +332 -0
package/src/ai/wu-ai-conversation.js +554 -0
package/src/ai/wu-ai-permissions.js +381 -0
package/src/ai/wu-ai-provider.js +605 -0
package/src/ai/wu-ai-schema.js +225 -0
package/src/ai/wu-ai-triggers.js +396 -0
package/src/ai/wu-ai.js +474 -0
package/src/core/wu-app.js +50 -8
package/src/core/wu-cache.js +1 -1
package/src/core/wu-core.js +645 -677
package/src/core/wu-html-parser.js +121 -211
package/src/core/wu-iframe-sandbox.js +328 -0
package/src/core/wu-mcp-bridge.js +647 -0
package/src/core/wu-overrides.js +510 -0
package/src/core/wu-prefetch.js +414 -0
package/src/core/wu-proxy-sandbox.js +398 -75
package/src/core/wu-sandbox.js +86 -268
package/src/core/wu-script-executor.js +79 -182
package/src/core/wu-snapshot-sandbox.js +149 -106
package/src/core/wu-strategies.js +13 -0
package/src/core/wu-style-bridge.js +0 -2
package/src/index.js +139 -665
package/dist/wu-framework.hex.js +0 -23
package/dist/wu-framework.min.js +0 -1
package/dist/wu-framework.obf.js +0 -1
package/scripts/build-protected.js +0 -366
package/scripts/build.js +0 -212
package/scripts/rollup-plugin-hex.js +0 -143
package/src/core/wu-registry.js +0 -60
package/src/core/wu-sandbox-pool.js +0 -390

package/src/ai/wu-ai-actions.js ADDED Viewed

@@ -0,0 +1,261 @@
+/**
+ * WU-AI-ACTIONS: Action registry and executor
+ *
+ * Actions are capabilities that the LLM can invoke via tool_use / function_call.
+ * Each action has:
+ * - A handler function (sandboxed API, not raw wu access)
+ * - JSON Schema parameters
+ * - Permission requirements
+ * - Optional confirmation flow
+ *
+ * Security: Actions receive a sandboxed API, not the full wu object.
+ * The LLM cannot do anything the developer didn't explicitly expose.
+ */
+import { logger } from '../core/wu-logger.js';
+import { validateParams, normalizeParameters, buildToolSchemas } from './wu-ai-schema.js';
+export class WuAIActions {
+  constructor({ eventBus, store, permissions }) {
+    this._eventBus = eventBus;
+    this._store = store;
+    this._permissions = permissions;
+    this._actions = new Map();
+    this._executionLog = [];
+    this._maxLogSize = 100;
+    this._pendingConfirms = new Map(); // callId → { resolve, reject, timeout }
+  }
+  /**
+   * Register an action that the LLM can invoke.
+   *
+   * @param {string} name - Action name (used in tool_call)
+   * @param {object} config
+   * @param {string} config.description - Human-readable description (sent to LLM)
+   * @param {object} [config.parameters] - JSON Schema or shorthand for params
+   * @param {Function} config.handler - async (params, sandboxedApi) => result
+   * @param {boolean} [config.confirm=false] - Require user confirmation before executing
+   * @param {string[]} [config.permissions=[]] - Required permission flags
+   * @param {boolean} [config.dangerous=false] - Mark as dangerous in logs
+   */
+  register(name, config) {
+    if (!config.handler || typeof config.handler !== 'function') {
+      throw new Error(`[wu-ai] Action '${name}' must have a handler function`);
+    }
+    this._actions.set(name, {
+      description: config.description || `Execute: ${name}`,
+      parameters: normalizeParameters(config.parameters),
+      handler: config.handler,
+      confirm: config.confirm || false,
+      permissions: config.permissions || [],
+      dangerous: config.dangerous || false,
+    });
+    logger.wuDebug(`[wu-ai] Action registered: '${name}'${config.dangerous ? ' [DANGEROUS]' : ''}`);
+  }
+  /**
+   * Unregister an action.
+   */
+  unregister(name) {
+    this._actions.delete(name);
+  }
+  /**
+   * Execute an action (called when LLM returns tool_call).
+   *
+   * @param {string} name - Action name
+   * @param {object} params - Parameters from LLM
+   * @param {object} [meta] - { traceId, depth, callId }
+   * @returns {Promise<{ success: boolean, result?: any, reason?: string }>}
+   */
+  async execute(name, params, meta = {}) {
+    const action = this._actions.get(name);
+    if (!action) {
+      return { success: false, reason: `Action '${name}' not registered` };
+    }
+    // 1. Check permissions
+    for (const perm of action.permissions) {
+      if (!this._permissions.check(perm)) {
+        this._emitDenied(name, params, `Missing permission: ${perm}`);
+        return { success: false, reason: `Permission denied: ${perm}` };
+      }
+    }
+    // 2. Validate params
+    const validation = validateParams(params || {}, action.parameters);
+    if (!validation.valid) {
+      return { success: false, reason: `Invalid params: ${validation.errors.join(', ')}` };
+    }
+    // 3. Confirmation (if required)
+    if (action.confirm) {
+      const confirmed = await this._requestConfirmation(name, params, meta.callId);
+      if (!confirmed) {
+        return { success: false, reason: 'User denied action' };
+      }
+    }
+    // 4. Execute with sandboxed API
+    try {
+      if (action.dangerous) {
+        logger.wuWarn(`[wu-ai] Executing DANGEROUS action: '${name}' with params: ${JSON.stringify(params)}`);
+      }
+      const api = this._createSandboxedApi(action.permissions);
+      const result = await action.handler(params, api);
+      // Audit log
+      this._log(name, params, result, meta);
+      // Emit success event
+      this._eventBus.emit('ai:action:executed', {
+        action: name,
+        params,
+        result,
+        traceId: meta.traceId,
+      }, { appName: 'wu-ai' });
+      return { success: true, result };
+    } catch (err) {
+      this._eventBus.emit('ai:action:error', {
+        action: name,
+        params,
+        error: err.message,
+        traceId: meta.traceId,
+      }, { appName: 'wu-ai' });
+      return { success: false, reason: err.message };
+    }
+  }
+  /**
+   * Get tool schemas for the LLM (function calling format).
+   */
+  getToolSchemas() {
+    return buildToolSchemas(this._actions);
+  }
+  /**
+   * Check if an action is registered.
+   */
+  has(name) {
+    return this._actions.has(name);
+  }
+  /**
+   * Get registered action names.
+   */
+  getNames() {
+    return [...this._actions.keys()];
+  }
+  /**
+   * Get execution log.
+   */
+  getLog() {
+    return [...this._executionLog];
+  }
+  /**
+   * Confirm a pending tool call (called by developer/UI).
+   */
+  confirmTool(callId) {
+    const pending = this._pendingConfirms.get(callId);
+    if (pending) {
+      clearTimeout(pending.timeout);
+      this._pendingConfirms.delete(callId);
+      pending.resolve(true);
+    }
+  }
+  /**
+   * Reject a pending tool call.
+   */
+  rejectTool(callId) {
+    const pending = this._pendingConfirms.get(callId);
+    if (pending) {
+      clearTimeout(pending.timeout);
+      this._pendingConfirms.delete(callId);
+      pending.resolve(false);
+    }
+  }
+  // ── Private: Sandboxed API ──
+  _createSandboxedApi(requiredPermissions) {
+    const api = {};
+    const perms = new Set(requiredPermissions);
+    // Store access (read)
+    if (this._permissions.check('readStore')) {
+      api.getState = (path) => this._store.get(path);
+    }
+    // Store access (write) — only if explicitly permitted
+    if (this._permissions.check('writeStore') && perms.has('writeStore')) {
+      api.setState = (path, value) => this._store.set(path, value);
+    }
+    // Event emission
+    if (this._permissions.check('emitEvents')) {
+      api.emit = (event, data) => this._eventBus.emit(event, data, { appName: 'wu-ai' });
+    }
+    return api;
+  }
+  // ── Private: Confirmation Flow ──
+  _requestConfirmation(actionName, params, callId) {
+    const id = callId || `confirm_${Date.now()}_${Math.random().toString(36).slice(2, 6)}`;
+    return new Promise((resolve) => {
+      const timeoutHandle = setTimeout(() => {
+        this._pendingConfirms.delete(id);
+        resolve(false); // Timeout = deny
+        logger.wuDebug(`[wu-ai] Confirmation timeout for action '${actionName}'`);
+      }, 30000);
+      this._pendingConfirms.set(id, { resolve, timeout: timeoutHandle });
+      this._eventBus.emit('ai:tool:confirm', {
+        callId: id,
+        action: actionName,
+        params,
+        message: `AI wants to execute: ${actionName}`,
+      }, { appName: 'wu-ai' });
+    });
+  }
+  // ── Private: Logging ──
+  _log(action, params, result, meta) {
+    this._executionLog.push({
+      action,
+      params,
+      result: typeof result === 'object' ? { ...result } : result,
+      timestamp: Date.now(),
+      traceId: meta.traceId,
+    });
+    if (this._executionLog.length > this._maxLogSize) {
+      this._executionLog.shift();
+    }
+  }
+  _emitDenied(action, params, reason) {
+    this._eventBus.emit('ai:action:denied', { action, params, reason }, { appName: 'wu-ai' });
+    logger.wuWarn(`[wu-ai] Action denied: '${action}' — ${reason}`);
+  }
+  getStats() {
+    return {
+      registeredActions: [...this._actions.keys()],
+      executionLogSize: this._executionLog.length,
+      pendingConfirmations: this._pendingConfirms.size,
+    };
+  }
+}