vibn-agent-runner/dist/tools/git.js

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
    var ownKeys = function(o) {
        ownKeys = Object.getOwnPropertyNames || function (o) {
            var ar = [];
            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
            return ar;
        };
        return ownKeys(o);
    };
    return function (mod) {
        if (mod && mod.__esModule) return mod;
        var result = {};
        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
        __setModuleDefault(result, mod);
        return result;
    };
})();
Object.defineProperty(exports, "__esModule", { value: true });
const cp = __importStar(require("child_process"));
const util = __importStar(require("util"));
const registry_1 = require("./registry");
const security_1 = require("./security");
const execAsync = util.promisify(cp.exec);
(0, registry_1.registerTool)({
    name: 'git_commit_and_push',
    description: 'Stage all changes, commit with a message, and push to the remote. Call this when work is complete.',
    parameters: {
        type: 'object',
        properties: {
            message: { type: 'string', description: 'Commit message describing the changes made' }
        },
        required: ['message']
    },
    async handler(args, ctx) {
        const cwd = ctx.workspaceRoot;
        const { apiUrl, apiToken, username } = ctx.gitea;
        const message = String(args.message);
        try {
            // Check remote URL before committing — block pushes to protected repos
            let remoteCheck = '';
            try {
                remoteCheck = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
            }
            catch { /* no remote yet */ }
            for (const protectedRepo of security_1.PROTECTED_GITEA_REPOS) {
                const repoPath = protectedRepo.replace('mark/', '');
                if (remoteCheck.includes(`/${repoPath}`) || remoteCheck.includes(`/${repoPath}.git`)) {
                    return {
                        error: `SECURITY: This workspace is linked to a protected Vibn platform repo (${protectedRepo}). ` +
                            `Agents cannot push to platform repos. Only user project repos are writable.`
                    };
                }
            }
            await execAsync('git add -A', { cwd });
            await execAsync(`git commit -m "${message.replace(/"/g, '\\"')}"`, { cwd });
            // Strip any existing credentials from remote URL and re-inject cleanly
            let remoteUrl = '';
            try {
                remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
            }
            catch { /* no remote */ }
            const cleanUrl = remoteUrl.replace(/https:\/\/[^@]+@/, 'https://');
            const baseUrl = cleanUrl || apiUrl;
            const authedUrl = baseUrl.replace('https://', `https://${username}:${apiToken}@`);
            await execAsync(`git remote set-url origin "${authedUrl}"`, { cwd }).catch(async () => {
                await execAsync(`git remote add origin "${authedUrl}"`, { cwd });
            });
            const branch = (await execAsync('git rev-parse --abbrev-ref HEAD', { cwd })).stdout.trim();
            await execAsync(`git push -u origin "${branch}"`, { cwd, timeout: 60000 });
            return { success: true, message, branch };
        }
        catch (err) {
            const cleaned = (err.message || '').replace(new RegExp(apiToken, 'g'), '***');
            return { error: `Git operation failed: ${cleaned}` };
        }
    }
});