"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || (function () { var ownKeys = function(o) { ownKeys = Object.getOwnPropertyNames || function (o) { var ar = []; for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; return ar; }; return ownKeys(o); }; return function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); __setModuleDefault(result, mod); return result; }; })(); Object.defineProperty(exports, "__esModule", { value: true }); const cp = __importStar(require("child_process")); const util = __importStar(require("util")); const registry_1 = require("./registry"); const security_1 = require("./security"); const execAsync = util.promisify(cp.exec); (0, registry_1.registerTool)({ name: 'git_commit_and_push', description: 'Stage all changes, commit with a message, and push to the remote. Call this when work is complete.', parameters: { type: 'object', properties: { message: { type: 'string', description: 'Commit message describing the changes made' } }, required: ['message'] }, async handler(args, ctx) { const cwd = ctx.workspaceRoot; const { apiUrl, apiToken, username } = ctx.gitea; const message = String(args.message); try { // Check remote URL before committing — block pushes to protected repos let remoteCheck = ''; try { remoteCheck = (await execAsync('git remote get-url origin', { cwd })).stdout.trim(); } catch { /* no remote yet */ } for (const protectedRepo of security_1.PROTECTED_GITEA_REPOS) { const repoPath = protectedRepo.replace('mark/', ''); if (remoteCheck.includes(`/${repoPath}`) || remoteCheck.includes(`/${repoPath}.git`)) { return { error: `SECURITY: This workspace is linked to a protected Vibn platform repo (${protectedRepo}). ` + `Agents cannot push to platform repos. Only user project repos are writable.` }; } } await execAsync('git add -A', { cwd }); await execAsync(`git commit -m "${message.replace(/"/g, '\\"')}"`, { cwd }); // Strip any existing credentials from remote URL and re-inject cleanly let remoteUrl = ''; try { remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim(); } catch { /* no remote */ } const cleanUrl = remoteUrl.replace(/https:\/\/[^@]+@/, 'https://'); const baseUrl = cleanUrl || apiUrl; const authedUrl = baseUrl.replace('https://', `https://${username}:${apiToken}@`); await execAsync(`git remote set-url origin "${authedUrl}"`, { cwd }).catch(async () => { await execAsync(`git remote add origin "${authedUrl}"`, { cwd }); }); const branch = (await execAsync('git rev-parse --abbrev-ref HEAD', { cwd })).stdout.trim(); await execAsync(`git push -u origin "${branch}"`, { cwd, timeout: 60000 }); return { success: true, message, branch }; } catch (err) { const cleaned = (err.message || '').replace(new RegExp(apiToken, 'g'), '***'); return { error: `Git operation failed: ${cleaned}` }; } } });