aicodinggym-cli 0.3.0__tar.gz → 0.4.0__tar.gz

{aicodinggym_cli-0.3.0 → aicodinggym_cli-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aicodinggym-cli
-Version: 0.3.0
+Version: 0.4.0
 Summary: CLI tool for AI Coding Gym platform
 Author-email: AICodingGym Team <datasmithlab@gmail.com>
 License-Expression: MIT

{aicodinggym_cli-0.3.0 → aicodinggym_cli-0.4.0}/aicodinggym_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aicodinggym-cli
-Version: 0.3.0
+Version: 0.4.0
 Summary: CLI tool for AI Coding Gym platform
 Author-email: AICodingGym Team <datasmithlab@gmail.com>
 License-Expression: MIT

{aicodinggym_cli-0.3.0 → aicodinggym_cli-0.4.0}/cli.py

@@ -944,7 +944,7 @@ def cr_fetch(problem_id: str, user_id: str | None, workspace_dir: str | None):
 
     # Generate diff.patch
     diff_result = run_git_command(
-        f"git diff {base_branch}..{head_branch}", str(problem_dir)
+        ["git", "diff", f"{base_branch}..{head_branch}"], str(problem_dir)
     )
     diff_path = problem_dir / "diff.patch"
     diff_path.write_text(diff_result.stdout)
@@ -964,6 +964,7 @@ def cr_fetch(problem_id: str, user_id: str | None, workspace_dir: str | None):
             "<!-- Approve / Request Changes / Comment -->\n"
         )
 
+    cat_cmd = "type" if sys.platform == "win32" else "cat"
     click.echo(
         f"\nSuccessfully fetched: {problem_id}\n"
         f"\n"
@@ -971,7 +972,7 @@ def cr_fetch(problem_id: str, user_id: str | None, workspace_dir: str | None):
         f"  Review template:   {review_path}\n"
         f"\n"
         f"Next steps:\n"
-        f"  1. Review the diff:  cat {diff_path}\n"
+        f"  1. Review the diff:  {cat_cmd} {diff_path}\n"
         f"  2. Write your review in {review_path}\n"
         f"  3. Submit:  aicodinggym cr submit {problem_id} -f review.md\n"
     )

{aicodinggym_cli-0.3.0 → aicodinggym_cli-0.4.0}/config.py

@@ -6,6 +6,9 @@ SSH keys are stored in ~/.aicodinggym/{user_id}_id_rsa.
 """
 
 import json
+import os
+import subprocess
+import sys
 from pathlib import Path
 from typing import Any
 
@@ -19,8 +22,22 @@ _CONFIG_FIELDS = ("user_id", "repo_name", "private_key_path", "workspace_dir")
 
 
 def ensure_config_dir() -> Path:
-    """Create the config directory with secure permissions if it doesn't exist."""
-    CONFIG_DIR.mkdir(mode=0o700, exist_ok=True)
+    """Create the config directory with secure permissions if it doesn't exist.
+
+    On Unix/macOS: mode 0o700 (owner-only access).
+    On Windows: removes inherited ACLs and grants full control only to the
+    current user via icacls.
+    """
+    created = not CONFIG_DIR.exists()
+    CONFIG_DIR.mkdir(mode=0o700, parents=True, exist_ok=True)
+    if created and sys.platform == "win32":
+        username = os.environ.get("USERNAME", "")
+        if username:
+            subprocess.run(
+                ["icacls", str(CONFIG_DIR), "/inheritance:r",
+                 "/grant:r", f"{username}:(OI)(CI)(F)"],
+                capture_output=True,
+            )
     return CONFIG_DIR
 
 

{aicodinggym_cli-0.3.0 → aicodinggym_cli-0.4.0}/git_ops.py

@@ -4,18 +4,69 @@ import os
 import re
 import shutil
 import subprocess
+import sys
 from pathlib import Path
 from typing import Optional
 
 from .config import ensure_config_dir
 
 
+def _find_git_ssh() -> str | None:
+    """On Windows, find Git for Windows' bundled ssh.exe.
+
+    Windows may have two SSH binaries on PATH: the built-in OpenSSH
+    (C:\\Windows\\System32\\OpenSSH\\ssh.exe) and Git for Windows' MSYS2
+    ssh (C:\\Program Files\\Git\\usr\\bin\\ssh.exe).  System32 is usually
+    first on PATH, so an unqualified 'ssh' resolves to Windows OpenSSH,
+    which can trigger GUI credential dialogs or deadlock when stdout is
+    captured.  This function returns the full path to Git's bundled ssh
+    so we can reference it explicitly in GIT_SSH_COMMAND.
+    """
+    if sys.platform != "win32":
+        return None
+    git_path = shutil.which("git")
+    if not git_path:
+        return None
+    # Walk up from git.exe to find the Git root containing usr/bin/ssh.exe.
+    # Handles cmd/, bin/, and mingw64/bin/ layouts.
+    candidate = Path(git_path).resolve().parent
+    for _ in range(4):
+        ssh = candidate / "usr" / "bin" / "ssh.exe"
+        if ssh.exists():
+            return str(ssh).replace("\\", "/")
+        candidate = candidate.parent
+    return None
+
+
 def _validate_git_ref(name: str, label: str) -> None:
     """Raise ValueError if name contains suspicious shell metacharacters."""
     if re.search(r'[;&|`$(){}]', name):
         raise ValueError(f"Invalid {label}: {name!r}")
 
 
+def _restrict_key_permissions(key_path: Path) -> None:
+    """Restrict an SSH private key file to owner-only access.
+
+    On Unix/macOS: chmod 600 (read/write owner only).
+    On Windows: uses icacls to remove inherited permissions and grant
+    full control only to the current user.  SSH clients on both platforms
+    refuse to use a key whose permissions are too open.
+    """
+    if sys.platform == "win32":
+        # Remove inherited ACLs, then grant only the current user full control.
+        # (F) = Full control, matching chmod 0o600 (owner read+write).
+        key_str = str(key_path)
+        username = os.environ.get("USERNAME", "")
+        if username:
+            subprocess.run(
+                ["icacls", key_str, "/inheritance:r",
+                 "/grant:r", f"{username}:(F)"],
+                capture_output=True,
+            )
+    else:
+        key_path.chmod(0o600)
+
+
 def generate_ssh_key_pair(user_id: str) -> tuple[Path, str]:
     """Generate an SSH key pair for the user.
 
@@ -36,8 +87,14 @@ def generate_ssh_key_pair(user_id: str) -> tuple[Path, str]:
         if mcp_private.exists() and mcp_public.exists():
             shutil.copy2(mcp_private, key_path)
             shutil.copy2(mcp_public, Path(f"{key_path}.pub"))
-            key_path.chmod(0o600)
+            _restrict_key_permissions(key_path)
         else:
+            if not shutil.which("ssh-keygen"):
+                raise RuntimeError(
+                    "ssh-keygen is not installed or not on PATH.\n"
+                    "On Windows, install Git for Windows (https://git-scm.com) "
+                    "which includes ssh-keygen, or use the OpenSSH optional feature."
+                )
             result = subprocess.run(
                 ["ssh-keygen", "-t", "rsa", "-b", "4096", "-f", str(key_path),
                  "-N", "", "-C", f"aicodinggym-{user_id}"],
@@ -51,13 +108,34 @@ def generate_ssh_key_pair(user_id: str) -> tuple[Path, str]:
     return key_path, public_key
 
 
-def run_git_command(cmd: str, cwd: str, key_path: Optional[Path] = None) -> subprocess.CompletedProcess:
-    """Execute a git command with optional SSH key configuration."""
+def run_git_command(cmd: list[str], cwd: str, key_path: Optional[Path] = None) -> subprocess.CompletedProcess:
+    """Execute a git command with optional SSH key configuration.
+
+    cmd must be a list of arguments (e.g. ["git", "status"]).
+    """
     env = os.environ.copy()
     if key_path:
-        env["GIT_SSH_COMMAND"] = f"ssh -i {key_path} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+        # Quote the key path in case it contains spaces (common on Windows).
+        # Use forward slashes — works on all platforms and avoids backslash escaping.
+        quoted_key = str(key_path).replace("\\", "/")
+        # On Windows, use Git for Windows' bundled ssh to avoid Windows native
+        # OpenSSH which can trigger GUI credential dialogs or deadlock when
+        # stdout is captured.  Falls back to bare "ssh" if not found.
+        ssh_bin = _find_git_ssh() or "ssh"
+        # Always use /dev/null for UserKnownHostsFile.  On macOS/Linux this is
+        # the native null device.  On Windows, Git for Windows bundles MSYS2's
+        # ssh which translates /dev/null correctly.  Using os.devnull ("nul")
+        # would break MSYS2's ssh which treats "nul" as a literal filename.
+        # BatchMode=yes prevents any interactive prompts (password, passphrase)
+        # that would cause a hang when stdout/stderr are captured.
+        env["GIT_SSH_COMMAND"] = (
+            f'"{ssh_bin}" -i "{quoted_key}" '
+            f"-o StrictHostKeyChecking=no "
+            f"-o UserKnownHostsFile=/dev/null "
+            f"-o BatchMode=yes"
+        )
 
-    return subprocess.run(cmd, shell=True, cwd=cwd, capture_output=True, text=True, env=env)
+    return subprocess.run(cmd, cwd=cwd, capture_output=True, text=True, env=env)
 
 
 def clone_repo(repo_url: str, branch: str, dest_name: str,
@@ -70,9 +148,9 @@ def clone_repo(repo_url: str, branch: str, dest_name: str,
 
     if problem_dir.exists():
         # Check if already on the correct branch
-        result = run_git_command("git rev-parse --abbrev-ref HEAD", str(problem_dir))
+        result = run_git_command(["git", "rev-parse", "--abbrev-ref", "HEAD"], str(problem_dir))
         if result.returncode == 0 and result.stdout.strip() == branch:
-            pull = run_git_command(f"git pull origin {branch}", str(problem_dir), key_path)
+            pull = run_git_command(["git", "pull", "origin", branch], str(problem_dir), key_path)
             if pull.returncode != 0:
                 return False, f"Git pull failed:\n{pull.stderr}"
             return True, f"Already exists. Updated to latest version.\nRepository: {problem_dir}\nBranch: {branch}"
@@ -81,7 +159,7 @@ def clone_repo(repo_url: str, branch: str, dest_name: str,
             "Remove it first or use --workspace-dir to specify a different location."
         )
 
-    cmd = f"git clone --single-branch --branch {branch} --depth 1 {repo_url} {dest_name}"
+    cmd = ["git", "clone", "--single-branch", "--branch", branch, "--depth", "1", repo_url, dest_name]
     result = run_git_command(cmd, workspace, key_path)
 
     if result.returncode != 0:
@@ -108,13 +186,13 @@ def clone_repo_cr(repo_url: str, base_branch: str, head_branch: str,
     if problem_dir.exists():
         # Already cloned — fetch latest for both branches
         for branch in (base_branch, head_branch):
-            result = run_git_command(f"git fetch origin {branch}", str(problem_dir), key_path)
+            result = run_git_command(["git", "fetch", "origin", branch], str(problem_dir), key_path)
             if result.returncode != 0:
                 return False, f"Git fetch failed for {branch}:\n{result.stderr}"
-            result = run_git_command(f"git branch -f {branch} FETCH_HEAD", str(problem_dir))
+            result = run_git_command(["git", "branch", "-f", branch, "FETCH_HEAD"], str(problem_dir))
             if result.returncode != 0:
                 return False, f"Failed to update branch {branch}:\n{result.stderr}"
-        result = run_git_command(f"git checkout {head_branch}", str(problem_dir))
+        result = run_git_command(["git", "checkout", head_branch], str(problem_dir))
         if result.returncode != 0:
             return False, f"Failed to checkout head branch '{head_branch}':\n{result.stderr}"
         return True, (
@@ -124,24 +202,23 @@ def clone_repo_cr(repo_url: str, base_branch: str, head_branch: str,
         )
 
     # Clone base branch (shallow); depth 50 needed for diffing between branches
-    cmd = f"git clone --single-branch --branch {base_branch} --depth 50 {repo_url} {dest_name}"
+    cmd = ["git", "clone", "--single-branch", "--branch", base_branch, "--depth", "50", repo_url, dest_name]
     result = run_git_command(cmd, workspace, key_path)
     if result.returncode != 0:
         return False, f"Git clone failed:\n{result.stderr}"
 
     # Fetch head branch
-    fetch_cmd = f"git fetch origin {head_branch}"
-    result = run_git_command(fetch_cmd, str(problem_dir), key_path)
+    result = run_git_command(["git", "fetch", "origin", head_branch], str(problem_dir), key_path)
     if result.returncode != 0:
         return False, f"Failed to fetch head branch '{head_branch}':\n{result.stderr}"
 
     # Create local head branch tracking the fetched ref
-    result = run_git_command(f"git branch -f {head_branch} FETCH_HEAD", str(problem_dir))
+    result = run_git_command(["git", "branch", "-f", head_branch, "FETCH_HEAD"], str(problem_dir))
     if result.returncode != 0:
         return False, f"Failed to create branch {head_branch}:\n{result.stderr}"
 
     # Check out head branch so the user starts on the code being reviewed
-    result = run_git_command(f"git checkout {head_branch}", str(problem_dir))
+    result = run_git_command(["git", "checkout", head_branch], str(problem_dir))
     if result.returncode != 0:
         return False, f"Failed to checkout head branch '{head_branch}':\n{result.stderr}"
 
@@ -160,28 +237,30 @@ def add_commit_push(problem_dir: str, branch: str, key_path: Path,
     pdir = Path(problem_dir)
 
     # Stage all changes except .github
-    result = run_git_command("git add -A -- . ':(exclude).github'", str(pdir))
+    result = run_git_command(["git", "add", "-A", "--", ".", ":(exclude).github"], str(pdir))
     if result.returncode != 0:
         return False, f"Git add failed:\n{result.stderr}", ""
 
     # Check for staged changes
-    status = run_git_command("git diff --cached --name-only", str(pdir))
+    status = run_git_command(["git", "diff", "--cached", "--name-only"], str(pdir))
     if not status.stdout.strip():
         return False, "No changes to commit. Your working directory is clean.", ""
 
-    # Commit
-    safe_msg = message.replace('"', '\\"')
-    result = run_git_command(f'git commit -m "{safe_msg}"', str(pdir))
+    # Commit — pass message directly as a list arg; no shell escaping needed
+    result = run_git_command(["git", "commit", "-m", message], str(pdir))
     if result.returncode != 0:
         return False, f"Git commit failed:\n{result.stderr}", ""
 
     # Get commit hash
-    hash_result = run_git_command("git rev-parse HEAD", str(pdir))
+    hash_result = run_git_command(["git", "rev-parse", "HEAD"], str(pdir))
     commit_hash = hash_result.stdout.strip()
 
     # Push
-    push_flag = "--force-with-lease " if force else ""
-    result = run_git_command(f"git push {push_flag}origin {branch}", str(pdir), key_path)
+    push_cmd = ["git", "push"]
+    if force:
+        push_cmd.append("--force-with-lease")
+    push_cmd += ["origin", branch]
+    result = run_git_command(push_cmd, str(pdir), key_path)
     if result.returncode != 0:
         return False, f"Git push failed:\n{result.stderr}", commit_hash
 
@@ -193,7 +272,7 @@ def reset_to_setup_commit(problem_dir: str) -> tuple[bool, str]:
 
     Returns (success, message).
     """
-    log_result = run_git_command("git log --format=%H:%s --reverse", problem_dir)
+    log_result = run_git_command(["git", "log", "--format=%H:%s", "--reverse"], problem_dir)
     if log_result.returncode != 0:
         return False, f"Git log failed:\n{log_result.stderr}"
 
@@ -214,11 +293,11 @@ def reset_to_setup_commit(problem_dir: str) -> tuple[bool, str]:
             f"Expected a commit message starting with '{setup_prefix}'."
         )
 
-    reset = run_git_command(f"git reset --hard {setup_commit}", problem_dir)
+    reset = run_git_command(["git", "reset", "--hard", setup_commit], problem_dir)
     if reset.returncode != 0:
         return False, f"Git reset failed:\n{reset.stderr}"
 
-    clean = run_git_command("git clean -fd", problem_dir)
+    clean = run_git_command(["git", "clean", "-fd"], problem_dir)
     if clean.returncode != 0:
         return False, f"Git clean failed:\n{clean.stderr}"
 

{aicodinggym_cli-0.3.0 → aicodinggym_cli-0.4.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "aicodinggym-cli"
-version = "0.3.0"
+version = "0.4.0"
 description = "CLI tool for AI Coding Gym platform"
 readme = "README.md"
 requires-python = ">=3.10"