tunacode-cli 0.0.34__py3-none-any.whl → 0.0.36__py3-none-any.whl

tunacode/cli/commands/implementations/system.py

@@ -0,0 +1,177 @@
+"""System-level commands for TunaCode CLI."""
+
+import shutil
+import subprocess
+import sys
+from typing import List
+
+from ....types import CommandContext
+from ....ui import console as ui
+from ..base import CommandCategory, CommandSpec, SimpleCommand
+
+
+class HelpCommand(SimpleCommand):
+    """Show help information."""
+
+    spec = CommandSpec(
+        name="help",
+        aliases=["/help"],
+        description="Show help information",
+        category=CommandCategory.SYSTEM,
+    )
+
+    def __init__(self, command_registry=None):
+        self._command_registry = command_registry
+
+    async def execute(self, args: List[str], context: CommandContext) -> None:
+        await ui.help(self._command_registry)
+
+
+class ClearCommand(SimpleCommand):
+    """Clear screen and message history."""
+
+    spec = CommandSpec(
+        name="clear",
+        aliases=["/clear"],
+        description="Clear the screen and message history",
+        category=CommandCategory.NAVIGATION,
+    )
+
+    async def execute(self, args: List[str], context: CommandContext) -> None:
+        # Patch any orphaned tool calls before clearing
+        from tunacode.core.agents.main import patch_tool_messages
+
+        patch_tool_messages("Conversation cleared", context.state_manager)
+
+        await ui.clear()
+        context.state_manager.session.messages = []
+        context.state_manager.session.files_in_context.clear()
+        await ui.success("Message history and file context cleared")
+
+
+class RefreshConfigCommand(SimpleCommand):
+    """Refresh configuration from defaults."""
+
+    spec = CommandSpec(
+        name="refresh",
+        aliases=["/refresh"],
+        description="Refresh configuration from defaults (useful after updates)",
+        category=CommandCategory.SYSTEM,
+    )
+
+    async def execute(self, args: List[str], context: CommandContext) -> None:
+        from tunacode.configuration.defaults import DEFAULT_USER_CONFIG
+
+        # Update current session config with latest defaults
+        for key, value in DEFAULT_USER_CONFIG.items():
+            if key not in context.state_manager.session.user_config:
+                context.state_manager.session.user_config[key] = value
+            elif isinstance(value, dict):
+                # Merge dict values, preserving user overrides
+                for subkey, subvalue in value.items():
+                    if subkey not in context.state_manager.session.user_config[key]:
+                        context.state_manager.session.user_config[key][subkey] = subvalue
+
+        # Show updated max_iterations
+        max_iterations = context.state_manager.session.user_config.get("settings", {}).get(
+            "max_iterations", 20
+        )
+        await ui.success(f"Configuration refreshed - max iterations: {max_iterations}")
+
+
+class UpdateCommand(SimpleCommand):
+    """Update TunaCode to the latest version."""
+
+    spec = CommandSpec(
+        name="update",
+        aliases=["/update"],
+        description="Update TunaCode to the latest version",
+        category=CommandCategory.SYSTEM,
+    )
+
+    async def execute(self, args: List[str], context: CommandContext) -> None:
+        await ui.info("Checking for TunaCode updates...")
+
+        # Detect installation method
+        installation_method = None
+
+        # Check if installed via pipx
+        if shutil.which("pipx"):
+            try:
+                result = subprocess.run(
+                    ["pipx", "list"], capture_output=True, text=True, timeout=10
+                )
+                pipx_installed = "tunacode" in result.stdout.lower()
+                if pipx_installed:
+                    installation_method = "pipx"
+            except (subprocess.TimeoutExpired, subprocess.CalledProcessError):
+                pass
+
+        # Check if installed via pip
+        if not installation_method:
+            try:
+                result = subprocess.run(
+                    [sys.executable, "-m", "pip", "show", "tunacode-cli"],
+                    capture_output=True,
+                    text=True,
+                    timeout=10,
+                )
+                if result.returncode == 0:
+                    installation_method = "pip"
+            except (subprocess.TimeoutExpired, subprocess.CalledProcessError):
+                pass
+
+        if not installation_method:
+            await ui.error("Could not detect TunaCode installation method")
+            await ui.muted("Manual update options:")
+            await ui.muted("  pipx: pipx upgrade tunacode")
+            await ui.muted("  pip:  pip install --upgrade tunacode-cli")
+            return
+
+        # Perform update based on detected method
+        try:
+            if installation_method == "pipx":
+                await ui.info("Updating via pipx...")
+                result = subprocess.run(
+                    ["pipx", "upgrade", "tunacode"],
+                    capture_output=True,
+                    text=True,
+                    timeout=60,
+                )
+            else:  # pip
+                await ui.info("Updating via pip...")
+                result = subprocess.run(
+                    [
+                        sys.executable,
+                        "-m",
+                        "pip",
+                        "install",
+                        "--upgrade",
+                        "tunacode-cli",
+                    ],
+                    capture_output=True,
+                    text=True,
+                    timeout=60,
+                )
+
+            if result.returncode == 0:
+                await ui.success("TunaCode updated successfully!")
+                await ui.muted("Restart TunaCode to use the new version")
+
+                # Show update output if available
+                if result.stdout.strip():
+                    output_lines = result.stdout.strip().split("\n")
+                    for line in output_lines[-5:]:  # Show last 5 lines
+                        if line.strip():
+                            await ui.muted(f"  {line}")
+            else:
+                await ui.error("Update failed")
+                if result.stderr:
+                    await ui.muted(f"Error: {result.stderr.strip()}")
+
+        except subprocess.TimeoutExpired:
+            await ui.error("Update timed out")
+        except subprocess.CalledProcessError as e:
+            await ui.error(f"Update failed: {e}")
+        except FileNotFoundError:
+            await ui.error(f"Could not find {installation_method} executable")

tunacode/cli/commands/registry.py

@@ -0,0 +1,229 @@
+"""Command registry and factory for TunaCode CLI commands."""
+
+from dataclasses import dataclass
+from typing import Any, Dict, List, Optional, Type
+
+from ...exceptions import ValidationError
+from ...types import CommandArgs, CommandContext, ProcessRequestCallback
+from .base import Command, CommandCategory
+
+# Import all command implementations
+from .implementations.conversation import CompactCommand
+from .implementations.debug import (
+    DumpCommand,
+    FixCommand,
+    IterationsCommand,
+    ParseToolsCommand,
+    ThoughtsCommand,
+    YoloCommand,
+)
+from .implementations.development import BranchCommand, InitCommand
+from .implementations.model import ModelCommand
+from .implementations.system import ClearCommand, HelpCommand, RefreshConfigCommand, UpdateCommand
+
+
+@dataclass
+class CommandDependencies:
+    """Container for command dependencies."""
+
+    process_request_callback: Optional[ProcessRequestCallback] = None
+    command_registry: Optional[Any] = None  # Reference to the registry itself
+
+
+class CommandFactory:
+    """Factory for creating commands with proper dependency injection."""
+
+    def __init__(self, dependencies: Optional[CommandDependencies] = None):
+        self.dependencies = dependencies or CommandDependencies()
+
+    def create_command(self, command_class: Type[Command]) -> Command:
+        """Create a command instance with proper dependencies."""
+        # Special handling for commands that need dependencies
+        if command_class == CompactCommand:
+            return CompactCommand(self.dependencies.process_request_callback)
+        elif command_class == HelpCommand:
+            return HelpCommand(self.dependencies.command_registry)
+
+        # Default creation for commands without dependencies
+        return command_class()
+
+    def update_dependencies(self, **kwargs) -> None:
+        """Update factory dependencies."""
+        for key, value in kwargs.items():
+            if hasattr(self.dependencies, key):
+                setattr(self.dependencies, key, value)
+
+
+class CommandRegistry:
+    """Registry for managing commands with auto-discovery and categories."""
+
+    def __init__(self, factory: Optional[CommandFactory] = None):
+        self._commands: Dict[str, Command] = {}
+        self._categories: Dict[CommandCategory, List[Command]] = {
+            category: [] for category in CommandCategory
+        }
+        self._factory = factory or CommandFactory()
+        self._discovered = False
+
+        # Set registry reference in factory dependencies
+        self._factory.update_dependencies(command_registry=self)
+
+    def register(self, command: Command) -> None:
+        """Register a command and its aliases."""
+        # Register by primary name
+        self._commands[command.name] = command
+
+        # Register all aliases
+        for alias in command.aliases:
+            self._commands[alias.lower()] = command
+
+        # Add to category (remove existing instance first to prevent duplicates)
+        category_commands = self._categories[command.category]
+        # Remove any existing instance of this command class
+        self._categories[command.category] = [
+            cmd for cmd in category_commands if cmd.__class__ != command.__class__
+        ]
+        # Add the new instance
+        self._categories[command.category].append(command)
+
+    def register_command_class(self, command_class: Type[Command]) -> None:
+        """Register a command class using the factory."""
+        command = self._factory.create_command(command_class)
+        self.register(command)
+
+    def discover_commands(self) -> None:
+        """Auto-discover and register all command classes."""
+        if self._discovered:
+            return
+
+        # List of all command classes to register
+        command_classes = [
+            YoloCommand,
+            DumpCommand,
+            ThoughtsCommand,
+            IterationsCommand,
+            ClearCommand,
+            FixCommand,
+            ParseToolsCommand,
+            RefreshConfigCommand,
+            UpdateCommand,
+            HelpCommand,
+            BranchCommand,
+            CompactCommand,
+            ModelCommand,
+            InitCommand,
+        ]
+
+        # Register all discovered commands
+        for command_class in command_classes:
+            self.register_command_class(command_class)
+
+        self._discovered = True
+
+    def register_all_default_commands(self) -> None:
+        """Register all default commands (backward compatibility)."""
+        self.discover_commands()
+
+    def set_process_request_callback(self, callback: ProcessRequestCallback) -> None:
+        """Set the process_request callback for commands that need it."""
+        # Only update if callback has changed
+        if self._factory.dependencies.process_request_callback == callback:
+            return
+
+        self._factory.update_dependencies(process_request_callback=callback)
+
+        # Re-register CompactCommand with new dependency if already registered
+        if "compact" in self._commands:
+            self.register_command_class(CompactCommand)
+
+    async def execute(self, command_text: str, context: CommandContext) -> Any:
+        """
+        Execute a command.
+
+        Args:
+            command_text: The full command text
+            context: Execution context
+
+        Returns:
+            Command-specific return value, or None if command not found
+
+        Raises:
+            ValidationError: If command is not found or empty
+        """
+        # Ensure commands are discovered
+        self.discover_commands()
+
+        parts = command_text.split()
+        if not parts:
+            raise ValidationError("Empty command")
+
+        command_name = parts[0].lower()
+        args = parts[1:]
+
+        # First try exact match
+        if command_name in self._commands:
+            command = self._commands[command_name]
+            return await command.execute(args, context)
+
+        # Try partial matching
+        matches = self.find_matching_commands(command_name)
+
+        if not matches:
+            raise ValidationError(f"Unknown command: {command_name}")
+        elif len(matches) == 1:
+            # Unambiguous match
+            command = self._commands[matches[0]]
+            return await command.execute(args, context)
+        else:
+            # Ambiguous - show possibilities
+            matches_str = ", ".join(sorted(set(matches)))
+            raise ValidationError(
+                f"Ambiguous command '{command_name}'. Did you mean: {matches_str}?"
+            )
+
+    def find_matching_commands(self, partial_command: str) -> List[str]:
+        """
+        Find all commands that start with the given partial command.
+
+        Args:
+            partial_command: The partial command to match
+
+        Returns:
+            List of matching command names
+        """
+        self.discover_commands()
+        partial = partial_command.lower()
+        return [cmd for cmd in self._commands.keys() if cmd.startswith(partial)]
+
+    def is_command(self, text: str) -> bool:
+        """Check if text starts with a registered command (supports partial matching)."""
+        if not text:
+            return False
+
+        parts = text.split()
+        if not parts:
+            return False
+
+        command_name = parts[0].lower()
+
+        # Check exact match first
+        if command_name in self._commands:
+            return True
+
+        # Check partial match
+        return len(self.find_matching_commands(command_name)) > 0
+
+    def get_command_names(self) -> CommandArgs:
+        """Get all registered command names (including aliases)."""
+        self.discover_commands()
+        return sorted(self._commands.keys())
+
+    def get_commands_by_category(self, category: CommandCategory) -> List[Command]:
+        """Get all commands in a specific category."""
+        self.discover_commands()
+        return self._categories.get(category, [])
+
+    def get_all_categories(self) -> Dict[CommandCategory, List[Command]]:
+        """Get all commands organized by category."""
+        self.discover_commands()
+        return self._categories.copy()

tunacode/cli/repl.py

@@ -22,6 +22,7 @@ from tunacode.core.tool_handler import ToolHandler
 from tunacode.exceptions import AgentError, UserAbortError, ValidationError
 from tunacode.ui import console as ui
 from tunacode.ui.tool_ui import ToolUI
+from tunacode.utils.security import CommandSecurityError, safe_subprocess_run
 
 from ..types import CommandContext, CommandResult, StateManager, ToolArgs
 from .commands import CommandRegistry
@@ -320,13 +321,24 @@ async def repl(state_manager: StateManager):
                 def run_shell():
                     try:
                         if command:
-                            result = subprocess.run(command, shell=True, capture_output=False)
-                            if result.returncode != 0:
-                                # Use print directly since we're in a terminal context
-                                print(f"\nCommand exited with code {result.returncode}")
+                            # Use secure subprocess execution for shell commands
+                            # Note: User shell commands are inherently risky but this is by design
+                            # We validate but allow shell features since it's explicit user intent
+                            try:
+                                result = safe_subprocess_run(
+                                    command,
+                                    shell=True,
+                                    validate=True,  # Still validate for basic safety
+                                    capture_output=False,
+                                )
+                                if result.returncode != 0:
+                                    print(f"\nCommand exited with code {result.returncode}")
+                            except CommandSecurityError as e:
+                                print(f"\nSecurity validation failed: {str(e)}")
+                                print("If you need to run this command, please ensure it's safe.")
                         else:
                             shell = os.environ.get("SHELL", "bash")
-                            subprocess.run(shell)
+                            subprocess.run(shell)  # Interactive shell is safe
                     except Exception as e:
                         print(f"\nShell command failed: {str(e)}")
 

tunacode/configuration/settings.py

@@ -7,8 +7,15 @@ Handles configuration paths, model registries, and application metadata.
 
 from pathlib import Path
 
-from tunacode.constants import (APP_NAME, APP_VERSION, CONFIG_FILE_NAME, TOOL_READ_FILE,
-                                TOOL_RUN_COMMAND, TOOL_UPDATE_FILE, TOOL_WRITE_FILE)
+from tunacode.constants import (
+    APP_NAME,
+    APP_VERSION,
+    CONFIG_FILE_NAME,
+    TOOL_READ_FILE,
+    TOOL_RUN_COMMAND,
+    TOOL_UPDATE_FILE,
+    TOOL_WRITE_FILE,
+)
 from tunacode.types import ConfigFile, ConfigPath, ToolName
 
 

tunacode/constants.py

@@ -7,7 +7,7 @@ Centralizes all magic strings, UI text, error messages, and application constant
 
 # Application info
 APP_NAME = "TunaCode"
-APP_VERSION = "0.0.34"
+APP_VERSION = "0.0.36"
 
 # File patterns
 GUIDE_FILE_PATTERN = "{name}.md"

tunacode/core/agents/main.py

@@ -23,8 +23,18 @@ from tunacode.tools.read_file import read_file
 from tunacode.tools.run_command import run_command
 from tunacode.tools.update_file import update_file
 from tunacode.tools.write_file import write_file
-from tunacode.types import (AgentRun, ErrorMessage, FallbackResponse, ModelName, PydanticAgent,
-                            ResponseState, SimpleResult, ToolCallback, ToolCallId, ToolName)
+from tunacode.types import (
+    AgentRun,
+    ErrorMessage,
+    FallbackResponse,
+    ModelName,
+    PydanticAgent,
+    ResponseState,
+    SimpleResult,
+    ToolCallback,
+    ToolCallId,
+    ToolName,
+)
 
 
 class ToolBuffer:

tunacode/core/state.py

@@ -8,8 +8,15 @@ import uuid
 from dataclasses import dataclass, field
 from typing import Any, Optional
 
-from tunacode.types import (DeviceId, InputSessions, MessageHistory, ModelName, SessionId, ToolName,
-                            UserConfig)
+from tunacode.types import (
+    DeviceId,
+    InputSessions,
+    MessageHistory,
+    ModelName,
+    SessionId,
+    ToolName,
+    UserConfig,
+)
 
 
 @dataclass

tunacode/setup.py

@@ -7,8 +7,13 @@ Provides high-level setup functions for initializing the application and its age
 
 from typing import Any, Optional
 
-from tunacode.core.setup import (AgentSetup, ConfigSetup, EnvironmentSetup, GitSafetySetup,
-                                 SetupCoordinator)
+from tunacode.core.setup import (
+    AgentSetup,
+    ConfigSetup,
+    EnvironmentSetup,
+    GitSafetySetup,
+    SetupCoordinator,
+)
 from tunacode.core.state import StateManager
 
 

tunacode/tools/read_file.py

@@ -8,8 +8,14 @@ Provides safe file reading with size limits and proper error handling.
 import asyncio
 import os
 
-from tunacode.constants import (ERROR_FILE_DECODE, ERROR_FILE_DECODE_DETAILS, ERROR_FILE_NOT_FOUND,
-                                ERROR_FILE_TOO_LARGE, MAX_FILE_SIZE, MSG_FILE_SIZE_LIMIT)
+from tunacode.constants import (
+    ERROR_FILE_DECODE,
+    ERROR_FILE_DECODE_DETAILS,
+    ERROR_FILE_NOT_FOUND,
+    ERROR_FILE_TOO_LARGE,
+    MAX_FILE_SIZE,
+    MSG_FILE_SIZE_LIMIT,
+)
 from tunacode.exceptions import ToolExecutionError
 from tunacode.tools.base import FileBasedTool
 from tunacode.types import ToolResult

tunacode/tools/read_file_async_poc.py

@@ -11,8 +11,14 @@ import sys
 from concurrent.futures import ThreadPoolExecutor
 from typing import Optional
 
-from tunacode.constants import (ERROR_FILE_DECODE, ERROR_FILE_DECODE_DETAILS, ERROR_FILE_NOT_FOUND,
-                                ERROR_FILE_TOO_LARGE, MAX_FILE_SIZE, MSG_FILE_SIZE_LIMIT)
+from tunacode.constants import (
+    ERROR_FILE_DECODE,
+    ERROR_FILE_DECODE_DETAILS,
+    ERROR_FILE_NOT_FOUND,
+    ERROR_FILE_TOO_LARGE,
+    MAX_FILE_SIZE,
+    MSG_FILE_SIZE_LIMIT,
+)
 from tunacode.exceptions import ToolExecutionError
 from tunacode.tools.base import FileBasedTool
 from tunacode.types import ToolResult
@@ -150,17 +156,18 @@ async def read_file_async(filepath: str) -> str:
 # Benchmarking utilities for testing
 async def benchmark_read_performance():
     """Benchmark the performance difference between sync and async reads."""
+    import contextlib
+    import tempfile
     import time
 
     from tunacode.tools.read_file import read_file as read_file_sync
 
-    # Create some test files
+    # Create some test files using tempfile for secure temporary file creation
     test_files = []
-    for i in range(10):
-        filepath = f"/tmp/test_file_{i}.txt"
-        with open(filepath, "w") as f:
-            f.write("x" * 10000)  # 10KB file
-        test_files.append(filepath)
+    for _ in range(10):
+        with tempfile.NamedTemporaryFile(mode="w", delete=False, suffix=".txt") as temp_file:
+            temp_file.write("x" * 10000)  # 10KB file
+            test_files.append(temp_file.name)
 
     # Test synchronous reads (sequential)
     start_time = time.time()
@@ -174,9 +181,10 @@ async def benchmark_read_performance():
     await asyncio.gather(*tasks)
     async_time = time.time() - start_time
 
-    # Cleanup
+    # Cleanup using safe file removal
     for filepath in test_files:
-        os.unlink(filepath)
+        with contextlib.suppress(OSError):
+            os.unlink(filepath)
 
     print(f"Synchronous reads: {sync_time:.3f}s")
     print(f"Async reads: {async_time:.3f}s")

tunacode/tools/run_command.py

@@ -7,13 +7,21 @@ Provides controlled shell command execution with output capture and truncation.
 
 import subprocess
 
-from tunacode.constants import (CMD_OUTPUT_FORMAT, CMD_OUTPUT_NO_ERRORS, CMD_OUTPUT_NO_OUTPUT,
-                                CMD_OUTPUT_TRUNCATED, COMMAND_OUTPUT_END_SIZE,
-                                COMMAND_OUTPUT_START_INDEX, COMMAND_OUTPUT_THRESHOLD,
-                                ERROR_COMMAND_EXECUTION, MAX_COMMAND_OUTPUT)
+from tunacode.constants import (
+    CMD_OUTPUT_FORMAT,
+    CMD_OUTPUT_NO_ERRORS,
+    CMD_OUTPUT_NO_OUTPUT,
+    CMD_OUTPUT_TRUNCATED,
+    COMMAND_OUTPUT_END_SIZE,
+    COMMAND_OUTPUT_START_INDEX,
+    COMMAND_OUTPUT_THRESHOLD,
+    ERROR_COMMAND_EXECUTION,
+    MAX_COMMAND_OUTPUT,
+)
 from tunacode.exceptions import ToolExecutionError
 from tunacode.tools.base import BaseTool
 from tunacode.types import ToolResult
+from tunacode.utils.security import CommandSecurityError, safe_subprocess_popen
 
 
 class RunCommandTool(BaseTool):
@@ -34,16 +42,23 @@ class RunCommandTool(BaseTool):
 
         Raises:
             FileNotFoundError: If command not found
+            CommandSecurityError: If command fails security validation
             Exception: Any command execution errors
         """
-        process = subprocess.Popen(
-            command,
-            shell=True,
-            stdout=subprocess.PIPE,
-            stderr=subprocess.PIPE,
-            text=True,
-        )
-        stdout, stderr = process.communicate()
+        try:
+            # Use secure subprocess execution with validation
+            process = safe_subprocess_popen(
+                command,
+                shell=True,  # CLI tool requires shell features
+                validate=True,  # Enable security validation
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                text=True,
+            )
+            stdout, stderr = process.communicate()
+        except CommandSecurityError as e:
+            # Security validation failed - return error without execution
+            return f"Security validation failed: {str(e)}"
         output = stdout.strip() or CMD_OUTPUT_NO_OUTPUT
         error = stderr.strip() or CMD_OUTPUT_NO_ERRORS
         resp = CMD_OUTPUT_FORMAT.format(output=output, error=error).strip()
@@ -70,6 +85,8 @@ class RunCommandTool(BaseTool):
         """
         if isinstance(error, FileNotFoundError):
             err_msg = ERROR_COMMAND_EXECUTION.format(command=command, error=error)
+        elif isinstance(error, CommandSecurityError):
+            err_msg = f"Command blocked for security: {str(error)}"
         else:
             # Use parent class handling for other errors
             await super()._handle_error(error, command)