pdd-cli 0.0.45__py3-none-any.whl → 0.0.118__py3-none-any.whl

pdd/server/security.py

@@ -0,0 +1,243 @@
+from __future__ import annotations
+
+import fnmatch
+import time
+from pathlib import Path
+from typing import Callable, List, Optional, Union
+
+from fastapi import FastAPI, HTTPException, Request, status, Depends
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from starlette.middleware.base import BaseHTTPMiddleware
+from rich.console import Console
+
+# Initialize Rich console for logging
+console = Console()
+
+# Default blacklist patterns
+DEFAULT_BLACKLIST = [
+    ".git", ".git/**",
+    ".env", ".env.*",
+    "node_modules", "node_modules/**",
+    "__pycache__", "*.pyc",
+    ".DS_Store",
+    "credentials*", "*secret*", "*.key", "*.pem",
+    "id_rsa*",
+]
+
+class SecurityError(Exception):
+    """
+    Custom exception for security violations.
+    """
+    def __init__(self, code: str, message: str):
+        self.code = code
+        self.message = message
+        super().__init__(message)
+
+
+class PathValidator:
+    """
+    Validates filesystem paths to prevent directory traversal and access to sensitive files.
+    """
+
+    def __init__(self, project_root: Path, blacklist_patterns: Optional[List[str]] = None):
+        """
+        Initialize the validator.
+
+        Args:
+            project_root: The absolute root directory of the project.
+            blacklist_patterns: Optional list of glob patterns to block.
+                                If None, uses DEFAULT_BLACKLIST.
+        """
+        self.project_root = project_root.resolve()
+        self.blacklist = blacklist_patterns if blacklist_patterns is not None else DEFAULT_BLACKLIST
+
+    def validate(self, path: Union[str, Path]) -> Path:
+        """
+        Resolve and validate that a path is safe to access.
+
+        Args:
+            path: The relative or absolute path to validate.
+
+        Returns:
+            Path: The resolved, absolute path.
+
+        Raises:
+            SecurityError: If the path is invalid, blocked, or traverses outside root.
+        """
+        try:
+            # 1. Construct the full candidate path
+            path_obj = Path(path)
+            
+            if path_obj.is_absolute():
+                # If absolute, we must ensure it starts with project_root before resolving
+                # to catch simple string mismatches, but the real check is relative_to below.
+                candidate_path = path_obj
+            else:
+                # If relative, join with project root
+                candidate_path = self.project_root / path_obj
+
+            # 2. Resolve symlinks and '..' components
+            # strict=False allows validating paths for files that don't exist yet (e.g. for writing)
+            resolved_path = candidate_path.resolve()
+
+            # 3. Check for Directory Traversal
+            # This raises ValueError if resolved_path is not inside project_root
+            try:
+                relative_path = resolved_path.relative_to(self.project_root)
+            except ValueError:
+                console.print(f"[bold red]Security Alert:[/bold red] Path traversal attempt: {path}")
+                raise SecurityError(
+                    code="PATH_TRAVERSAL",
+                    message="Access denied: Path is outside the project root."
+                )
+
+            # 4. Check Blacklist
+            # We check the relative path parts against patterns
+            path_str = str(relative_path)
+            parts = relative_path.parts
+
+            for pattern in self.blacklist:
+                # Check the full relative path string
+                if fnmatch.fnmatch(path_str, pattern):
+                    self._raise_blacklist_error(path_str, pattern)
+                
+                # Check individual path components (e.g., blocking 'node_modules' anywhere in tree)
+                # This handles cases like 'src/node_modules/foo' matching 'node_modules'
+                for part in parts:
+                    if fnmatch.fnmatch(part, pattern):
+                        self._raise_blacklist_error(path_str, pattern)
+
+            return resolved_path
+
+        except SecurityError:
+            raise
+        except Exception as e:
+            console.print(f"[bold red]Error:[/bold red] Invalid path processing: {e}")
+            raise SecurityError(code="INVALID_PATH", message=f"Invalid path: {str(e)}")
+
+    def _raise_blacklist_error(self, path: str, pattern: str):
+        console.print(f"[bold red]Security Alert:[/bold red] Blocked access to blacklisted resource: {path} (matched {pattern})")
+        raise SecurityError(
+            code="BLACKLISTED_PATH",
+            message="Access denied: Resource is blacklisted."
+        )
+
+
+def configure_cors(app: FastAPI, allowed_origins: Optional[List[str]] = None) -> None:
+    """
+    Configure CORS middleware for the FastAPI application.
+
+    Args:
+        app: The FastAPI application instance.
+        allowed_origins: List of allowed origins. Defaults to standard local dev ports.
+    """
+    origins = allowed_origins or [
+        "http://localhost:3000",
+        "http://127.0.0.1:3000",
+        "http://localhost:5173",
+        "http://127.0.0.1:5173",
+    ]
+
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=origins,
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+        expose_headers=["X-Job-Id", "X-Total-Chunks"],
+    )
+    console.print(f"[green]CORS configured for origins:[/green] {origins}")
+
+
+def create_token_dependency(token: Optional[str]) -> Callable:
+    """
+    Creates a FastAPI dependency for Bearer token authentication.
+
+    Args:
+        token: The expected secret token. If None, authentication is disabled.
+
+    Returns:
+        A dependency function to be used with Depends().
+    """
+    security = HTTPBearer(auto_error=False)
+
+    async def verify_token(credentials: Optional[HTTPAuthorizationCredentials] = Depends(security)):
+        if token is None:
+            return None
+        
+        if not credentials:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Missing authentication credentials",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        
+        if credentials.credentials != token:
+            console.print("[bold red]Auth Failed:[/bold red] Invalid token provided.")
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid authentication token",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        
+        return credentials
+
+    return verify_token
+
+
+class SecurityLoggingMiddleware(BaseHTTPMiddleware):
+    """
+    Middleware to log requests and provide basic request validation/monitoring.
+    """
+
+    # Endpoints that are polled frequently and should be quiet
+    QUIET_ENDPOINTS = [
+        "/api/v1/commands/jobs/",  # Job status polling
+        "/api/v1/commands/spawned-jobs/",  # Spawned job status polling
+        "/api/v1/prompts",  # Prompt listing
+        "/api/v1/status",  # Health checks
+        "/api/v1/auth/jwt-token",  # JWT token polling
+        "/api/v1/auth/status",  # Auth status
+        "/api/v1/files/",  # File operations
+        "/api/v1/config/",  # Config endpoints
+        "/assets/",  # Static assets
+    ]
+
+    # Also skip root and static files
+    QUIET_EXACT = ["/", "/index.html", "/favicon.ico"]
+
+    def _should_log(self, path: str) -> bool:
+        """Check if we should log this request (skip noisy polling endpoints)."""
+        # Check exact matches first
+        if path in self.QUIET_EXACT:
+            return False
+        # Check prefix/substring matches
+        for quiet_path in self.QUIET_ENDPOINTS:
+            if quiet_path in path:
+                return False
+        return True
+
+    async def dispatch(self, request: Request, call_next):
+        start_time = time.time()
+        client_host = request.client.host if request.client else "unknown"
+        path = request.url.path
+        should_log = self._should_log(path)
+
+        # Log incoming request (skip noisy polling endpoints)
+        if should_log:
+            console.print(f"[dim]Request:[/dim] {request.method} {path} [dim]from {client_host}[/dim]")
+
+        response = await call_next(request)
+
+        process_time = (time.time() - start_time) * 1000
+
+        # Log response (skip noisy endpoints, but always log errors)
+        if should_log or response.status_code >= 400:
+            status_color = "green" if response.status_code < 400 else "red"
+            console.print(
+                f"[dim]Response:[/dim] [{status_color}]{response.status_code}[/{status_color}] "
+                f"took {process_time:.2f}ms"
+            )
+
+        return response

pdd/server/terminal_spawner.py

@@ -0,0 +1,209 @@
+"""
+Cross-platform terminal spawning utilities.
+
+Allows spawning new terminal windows to run commands in isolation,
+rather than running them in the same process as the server.
+
+Each spawned terminal calls back to the server when the command completes,
+enabling automatic progress tracking in the frontend dashboard.
+"""
+
+import os
+import shutil
+import subprocess
+import sys
+from pathlib import Path
+from typing import Optional
+
+
+# Default server port for callback (must match PDD server port)
+DEFAULT_SERVER_PORT = 9876
+
+
+class TerminalSpawner:
+    """Spawn terminal windows on macOS, Linux, and Windows."""
+
+    @staticmethod
+    def spawn(
+        command: str,
+        working_dir: Optional[str] = None,
+        job_id: Optional[str] = None,
+        server_port: int = DEFAULT_SERVER_PORT,
+    ) -> bool:
+        """
+        Spawn a new terminal window and execute command.
+
+        Args:
+            command: Shell command to execute
+            working_dir: Optional working directory for the command
+            job_id: Optional job ID for tracking - enables completion callback
+            server_port: Server port for completion callback (default: 5000)
+
+        Returns:
+            True if terminal was spawned successfully
+        """
+        if working_dir:
+            # Quote the path to handle spaces and special characters
+            command = f'cd "{working_dir}" && {command}'
+
+        platform = sys.platform
+
+        if platform == "darwin":
+            return TerminalSpawner._darwin(command, job_id, server_port)
+        elif platform == "linux":
+            return TerminalSpawner._linux(command, job_id, server_port)
+        elif platform == "win32":
+            return TerminalSpawner._windows(command, job_id, server_port)
+        return False
+
+    @staticmethod
+    def _darwin(
+        command: str,
+        job_id: Optional[str] = None,
+        server_port: int = DEFAULT_SERVER_PORT,
+    ) -> bool:
+        """
+        macOS: Open Terminal.app with command.
+
+        Creates a temporary shell script and opens it with Terminal.app.
+        The script keeps the terminal open after command completes.
+        If job_id is provided, calls back to server with completion status.
+        """
+        try:
+            # Create unique script path to avoid conflicts
+            script_path = Path(f"/tmp/pdd_terminal_{os.getpid()}_{id(command)}.sh")
+
+            # Build callback section if job_id provided
+            if job_id:
+                callback_section = f'''
+# Report completion to server (must complete before exec bash)
+echo "[DEBUG] Sending callback to http://localhost:{server_port}/api/v1/commands/spawned-jobs/{job_id}/complete"
+echo "[DEBUG] Payload: {{\\"success\\": '$((EXIT_CODE == 0))', \\"exit_code\\": '$EXIT_CODE'}}"
+CURL_RESPONSE=$(curl -s -w "\\n[HTTP_STATUS:%{{http_code}}]" -X POST "http://localhost:{server_port}/api/v1/commands/spawned-jobs/{job_id}/complete" \\
+  -H "Content-Type: application/json" \\
+  -d '{{"success": '$((EXIT_CODE == 0))', "exit_code": '$EXIT_CODE'}}' 2>&1)
+echo "[DEBUG] Curl response: $CURL_RESPONSE"
+
+# Show result to user
+echo ""
+if [ $EXIT_CODE -eq 0 ]; then
+    echo -e "\\033[32m✓ Command completed successfully\\033[0m"
+else
+    echo -e "\\033[31m✗ Command failed (exit code: $EXIT_CODE)\\033[0m"
+fi
+echo ""
+'''
+            else:
+                callback_section = ""
+
+            # Script that runs command and optionally reports status
+            script_content = f"""#!/bin/bash
+{command}
+EXIT_CODE=$?
+{callback_section}
+exec bash
+"""
+            script_path.write_text(script_content)
+            script_path.chmod(0o755)
+
+            # Open with Terminal.app
+            subprocess.Popen(["open", "-a", "Terminal", str(script_path)])
+            return True
+
+        except Exception as e:
+            print(f"Failed to spawn terminal on macOS: {e}")
+            return False
+
+    @staticmethod
+    def _linux(
+        command: str,
+        job_id: Optional[str] = None,
+        server_port: int = DEFAULT_SERVER_PORT,
+    ) -> bool:
+        """
+        Linux: Use gnome-terminal, xfce4-terminal, or konsole.
+
+        Tries each terminal emulator in order until one works.
+        If job_id is provided, calls back to server with completion status.
+        """
+        try:
+            # Build callback section if job_id provided
+            if job_id:
+                callback_cmd = f'''
+EXIT_CODE=$?
+echo "[DEBUG] Sending callback to http://localhost:{server_port}/api/v1/commands/spawned-jobs/{job_id}/complete"
+CURL_RESPONSE=$(curl -s -w "\\n[HTTP_STATUS:%{{http_code}}]" -X POST "http://localhost:{server_port}/api/v1/commands/spawned-jobs/{job_id}/complete" \
+  -H "Content-Type: application/json" \
+  -d '{{"success": '$((EXIT_CODE == 0))', "exit_code": '$EXIT_CODE'}}' 2>&1)
+echo "[DEBUG] Curl response: $CURL_RESPONSE"
+echo ""
+if [ $EXIT_CODE -eq 0 ]; then echo -e "\\033[32m✓ Command completed successfully\\033[0m"; else echo -e "\\033[31m✗ Command failed (exit code: $EXIT_CODE)\\033[0m"; fi
+'''
+                full_cmd = f"{command}; {callback_cmd}; exec bash"
+            else:
+                full_cmd = f"{command}; exec bash"
+
+            terminals = [
+                ("gnome-terminal", ["gnome-terminal", "--", "bash", "-c", full_cmd]),
+                ("xfce4-terminal", ["xfce4-terminal", "-e", f"bash -c '{full_cmd}'"]),
+                ("konsole", ["konsole", "-e", "bash", "-c", full_cmd]),
+                ("xterm", ["xterm", "-e", "bash", "-c", full_cmd]),
+            ]
+
+            for term_name, args in terminals:
+                if shutil.which(term_name):
+                    subprocess.Popen(args)
+                    return True
+
+            print("No supported terminal emulator found on Linux")
+            return False
+
+        except Exception as e:
+            print(f"Failed to spawn terminal on Linux: {e}")
+            return False
+
+    @staticmethod
+    def _windows(
+        command: str,
+        job_id: Optional[str] = None,
+        server_port: int = DEFAULT_SERVER_PORT,
+    ) -> bool:
+        """
+        Windows: Use Windows Terminal or PowerShell.
+
+        Tries Windows Terminal first, falls back to PowerShell.
+        If job_id is provided, calls back to server with completion status.
+        """
+        try:
+            # Build callback section if job_id provided
+            if job_id:
+                callback_cmd = f'''
+$exitCode = $LASTEXITCODE
+$success = if ($exitCode -eq 0) {{ "true" }} else {{ "false" }}
+Invoke-RestMethod -Uri "http://localhost:{server_port}/api/v1/commands/spawned-jobs/{job_id}/complete" -Method Post -ContentType "application/json" -Body ('{{"success": ' + $success + ', "exit_code": ' + $exitCode + '}}') -ErrorAction SilentlyContinue
+Write-Host ""
+if ($exitCode -eq 0) {{ Write-Host "✓ Command completed successfully" -ForegroundColor Green }} else {{ Write-Host "✗ Command failed (exit code: $exitCode)" -ForegroundColor Red }}
+'''
+                full_cmd = f"{command}; {callback_cmd}"
+            else:
+                full_cmd = command
+
+            # Try Windows Terminal first (modern)
+            try:
+                subprocess.Popen([
+                    "wt.exe", "new-tab",
+                    "powershell", "-NoExit", "-Command", full_cmd
+                ])
+                return True
+            except FileNotFoundError:
+                pass
+
+            # Fallback to PowerShell directly
+            subprocess.Popen([
+                "powershell.exe", "-NoExit", "-Command", full_cmd
+            ])
+            return True
+
+        except Exception as e:
+            print(f"Failed to spawn terminal on Windows: {e}")
+            return False

pdd/server/token_counter.py

@@ -0,0 +1,222 @@
+"""
+Token counting and cost estimation utilities.
+
+Uses tiktoken for local token estimation without API calls.
+Loads model pricing from .pdd/llm_model.csv.
+"""
+
+from __future__ import annotations
+
+import csv
+from dataclasses import dataclass
+from functools import lru_cache
+from pathlib import Path
+from typing import Optional, Dict
+
+import tiktoken
+
+# Default context limits by model family (tokens)
+MODEL_CONTEXT_LIMITS = {
+    "gpt-4": 128000,
+    "gpt-5": 200000,
+    "claude-3": 200000,
+    "claude-sonnet-4": 200000,
+    "claude-opus-4": 200000,
+    "claude-haiku-4": 200000,
+    "gemini-2": 1000000,
+    "gemini-3": 1000000,
+    "default": 128000,
+}
+
+# Tiktoken encodings - use cl100k_base for most modern models
+ENCODING_NAME = "cl100k_base"
+
+
+@dataclass
+class CostEstimate:
+    """Cost estimation result."""
+    input_cost: float
+    model: str
+    tokens: int
+    cost_per_million: float
+    currency: str = "USD"
+
+    def to_dict(self) -> Dict:
+        return {
+            "input_cost": round(self.input_cost, 6),
+            "model": self.model,
+            "tokens": self.tokens,
+            "cost_per_million": self.cost_per_million,
+            "currency": self.currency,
+        }
+
+
+@dataclass
+class TokenMetrics:
+    """Combined token metrics result."""
+    token_count: int
+    context_limit: int
+    context_usage_percent: float
+    cost_estimate: Optional[CostEstimate]
+
+    def to_dict(self) -> Dict:
+        return {
+            "token_count": self.token_count,
+            "context_limit": self.context_limit,
+            "context_usage_percent": round(self.context_usage_percent, 2),
+            "cost_estimate": self.cost_estimate.to_dict() if self.cost_estimate else None,
+        }
+
+
+@lru_cache(maxsize=1)
+def _get_encoding() -> tiktoken.Encoding:
+    """Get tiktoken encoding (cached)."""
+    return tiktoken.get_encoding(ENCODING_NAME)
+
+
+def count_tokens(text: str) -> int:
+    """
+    Count tokens in text using tiktoken.
+
+    Args:
+        text: The text to count tokens for
+
+    Returns:
+        Token count
+    """
+    if not text:
+        return 0
+
+    encoding = _get_encoding()
+    return len(encoding.encode(text))
+
+
+def get_context_limit(model: str) -> int:
+    """
+    Get the context limit for a model.
+
+    Args:
+        model: Model name
+
+    Returns:
+        Context limit in tokens
+    """
+    model_lower = model.lower()
+
+    for prefix, limit in MODEL_CONTEXT_LIMITS.items():
+        if prefix in model_lower:
+            return limit
+
+    return MODEL_CONTEXT_LIMITS["default"]
+
+
+@lru_cache(maxsize=1)
+def _load_model_pricing(csv_path: str) -> Dict[str, float]:
+    """Load model pricing from CSV (cached)."""
+    pricing = {}
+
+    try:
+        with open(csv_path, 'r') as f:
+            reader = csv.DictReader(f)
+            for row in reader:
+                model = row.get('model', '')
+                input_cost = row.get('input', '0')
+                try:
+                    pricing[model] = float(input_cost)
+                except ValueError:
+                    continue
+    except (FileNotFoundError, PermissionError):
+        pass
+
+    return pricing
+
+
+def estimate_cost(
+    token_count: int,
+    model: str,
+    pricing_csv: Optional[Path] = None
+) -> Optional[CostEstimate]:
+    """
+    Estimate the input cost for a given token count.
+
+    Args:
+        token_count: Number of input tokens
+        model: Model name
+        pricing_csv: Path to llm_model.csv (optional)
+
+    Returns:
+        CostEstimate or None if pricing not found
+    """
+    if pricing_csv is None or not pricing_csv.exists():
+        return None
+
+    pricing = _load_model_pricing(str(pricing_csv))
+
+    if not pricing:
+        return None
+
+    # Find matching model
+    cost_per_million = None
+    matched_model = model
+
+    # Try exact match first
+    if model in pricing:
+        cost_per_million = pricing[model]
+    else:
+        # Try partial match
+        model_lower = model.lower()
+        for csv_model, cost in pricing.items():
+            if model_lower in csv_model.lower() or csv_model.lower() in model_lower:
+                cost_per_million = cost
+                matched_model = csv_model
+                break
+
+    if cost_per_million is None:
+        # Use a default model for estimation
+        for default_model in ['claude-sonnet-4-20250514', 'gpt-4o', 'claude-3-5-sonnet-latest']:
+            if default_model in pricing:
+                cost_per_million = pricing[default_model]
+                matched_model = default_model
+                break
+
+    if cost_per_million is None:
+        return None
+
+    # Calculate cost (pricing is per million tokens)
+    input_cost = (token_count / 1_000_000) * cost_per_million
+
+    return CostEstimate(
+        input_cost=input_cost,
+        model=matched_model,
+        tokens=token_count,
+        cost_per_million=cost_per_million,
+    )
+
+
+def get_token_metrics(
+    text: str,
+    model: str = "claude-sonnet-4-20250514",
+    pricing_csv: Optional[Path] = None
+) -> TokenMetrics:
+    """
+    Get comprehensive token metrics for text.
+
+    Args:
+        text: The text to analyze
+        model: Model name
+        pricing_csv: Path to pricing CSV
+
+    Returns:
+        TokenMetrics with count, context usage, and cost
+    """
+    token_count = count_tokens(text)
+    context_limit = get_context_limit(model)
+    context_usage = (token_count / context_limit) * 100 if context_limit > 0 else 0
+    cost = estimate_cost(token_count, model, pricing_csv)
+
+    return TokenMetrics(
+        token_count=token_count,
+        context_limit=context_limit,
+        context_usage_percent=context_usage,
+        cost_estimate=cost,
+    )