localgpt 0.1.3

A local device focused AI assistant with persistent markdown memory, autonomous heartbeat tasks, and semantic search. Single binary, no runtime dependencies.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294

//! CLI subcommand: `localgpt md`
//!
//! Manages the workspace security policy (LocalGPT.md): signing, verification,
//! audit log inspection, and security posture reporting.

use anyhow::Result;
use clap::{Args, Subcommand};

use localgpt::config::Config;
use localgpt::security;

#[derive(Args)]
pub struct MdArgs {
    #[command(subcommand)]
    pub command: MdCommands,
}

#[derive(Subcommand)]
pub enum MdCommands {
    /// Sign LocalGPT.md with device key
    Sign,

    /// Verify LocalGPT.md signature
    Verify,

    /// Show security audit log
    Audit {
        /// Output as JSON
        #[arg(long)]
        json: bool,

        /// Filter by action type (e.g., write_blocked, tamper_detected)
        #[arg(long)]
        filter: Option<String>,
    },

    /// Show current security posture
    Status,
}

pub async fn run(args: MdArgs) -> Result<()> {
    match args.command {
        MdCommands::Sign => sign_policy().await,
        MdCommands::Verify => verify_policy().await,
        MdCommands::Audit { json, filter } => show_audit(json, filter).await,
        MdCommands::Status => show_status().await,
    }
}

async fn sign_policy() -> Result<()> {
    let config = Config::load()?;
    let workspace = config.workspace_path();
    let state_dir = workspace
        .parent()
        .ok_or_else(|| anyhow::anyhow!("Workspace has no parent directory"))?;

    // Ensure device key exists
    security::ensure_device_key(state_dir)?;

    // Check policy file exists
    let policy_path = workspace.join(security::POLICY_FILENAME);
    if !policy_path.exists() {
        anyhow::bail!(
            "No {} found at {}. Create it first.",
            security::POLICY_FILENAME,
            policy_path.display()
        );
    }

    // Sign
    let manifest = security::sign_policy(state_dir, &workspace, "cli")?;

    // Write audit entry
    security::append_audit_entry(
        state_dir,
        security::AuditAction::Signed,
        &manifest.content_sha256,
        "cli",
    )?;

    println!(
        "Signed {} (sha256: {} | hmac: {})",
        security::POLICY_FILENAME,
        &manifest.content_sha256[..16],
        &manifest.hmac_sha256[..16]
    );

    Ok(())
}

async fn verify_policy() -> Result<()> {
    let config = Config::load()?;
    let workspace = config.workspace_path();
    let state_dir = workspace
        .parent()
        .ok_or_else(|| anyhow::anyhow!("Workspace has no parent directory"))?;

    let result = security::load_and_verify_policy(&workspace, state_dir);

    match result {
        security::PolicyVerification::Valid(content) => {
            let char_count = content.len();
            println!("Policy: VALID ({} chars)", char_count);

            // Write audit entry
            let sha = security::content_sha256(&content);
            security::append_audit_entry(state_dir, security::AuditAction::Verified, &sha, "cli")?;
        }
        security::PolicyVerification::Unsigned => {
            println!("Policy: UNSIGNED");
            println!("  Run `localgpt md sign` to activate.");
        }
        security::PolicyVerification::TamperDetected => {
            println!("Policy: TAMPER DETECTED");
            println!("  The file was modified after signing. Re-sign with `localgpt md sign`.");

            security::append_audit_entry(
                state_dir,
                security::AuditAction::TamperDetected,
                "",
                "cli",
            )?;
        }
        security::PolicyVerification::Missing => {
            println!("Policy: MISSING");
            println!(
                "  No {} found. Using hardcoded security only.",
                security::POLICY_FILENAME
            );
        }
        security::PolicyVerification::ManifestCorrupted => {
            println!("Policy: MANIFEST CORRUPTED");
            println!("  Re-sign with `localgpt md sign`.");
        }
        security::PolicyVerification::SuspiciousContent(warnings) => {
            println!("Policy: REJECTED (suspicious content)");
            for w in &warnings {
                println!("  - {}", w);
            }
        }
    }

    Ok(())
}

async fn show_audit(json_output: bool, filter: Option<String>) -> Result<()> {
    let config = Config::load()?;
    let workspace = config.workspace_path();
    let state_dir = workspace
        .parent()
        .ok_or_else(|| anyhow::anyhow!("Workspace has no parent directory"))?;

    let mut entries = security::read_audit_log(state_dir)?;

    // Apply filter if specified
    if let Some(ref filter_action) = filter {
        entries.retain(|e| {
            let action_str = serde_json::to_string(&e.action).unwrap_or_default();
            // action_str is like "\"write_blocked\"", strip quotes
            let action_str = action_str.trim_matches('"');
            action_str == filter_action
        });
    }

    if entries.is_empty() {
        if filter.is_some() {
            println!("No audit log entries matching filter.");
        } else {
            println!("No audit log entries.");
        }
        return Ok(());
    }

    // Verify chain integrity (on full log, not filtered)
    let broken = security::verify_audit_chain(state_dir)?;

    if json_output {
        let output = serde_json::to_string_pretty(&entries)?;
        println!("{}", output);
    } else {
        let label = if let Some(ref f) = filter {
            format!(
                "Security Audit Log ({} entries, filter: {}):",
                entries.len(),
                f
            )
        } else {
            format!("Security Audit Log ({} entries):", entries.len())
        };
        println!("{}", label);
        println!();

        for (i, entry) in entries.iter().enumerate() {
            let chain_status = if broken.contains(&i) {
                " [CHAIN BROKEN]"
            } else {
                ""
            };
            let detail_str = entry
                .detail
                .as_deref()
                .map(|d| format!("{}", d))
                .unwrap_or_default();
            println!(
                "  {} {:?} (source: {}, sha256: {}){}{}",
                entry.ts,
                entry.action,
                entry.source,
                if entry.content_sha256.len() >= 16 {
                    &entry.content_sha256[..16]
                } else {
                    &entry.content_sha256
                },
                chain_status,
                detail_str,
            );
        }

        println!();
        if broken.is_empty() {
            println!("Chain integrity: INTACT");
        } else {
            println!("Chain integrity: BROKEN at {} position(s)", broken.len());
        }
    }

    Ok(())
}

async fn show_status() -> Result<()> {
    let config = Config::load()?;
    let workspace = config.workspace_path();
    let state_dir = workspace
        .parent()
        .ok_or_else(|| anyhow::anyhow!("Workspace has no parent directory"))?;

    println!("Security Status:");

    // Policy file
    let policy_path = workspace.join(security::POLICY_FILENAME);
    if policy_path.exists() {
        let result = security::load_and_verify_policy(&workspace, state_dir);
        let status = match result {
            security::PolicyVerification::Valid(_) => "Valid (signed and verified)",
            security::PolicyVerification::Unsigned => "Unsigned (run `localgpt md sign`)",
            security::PolicyVerification::TamperDetected => "TAMPER DETECTED",
            security::PolicyVerification::Missing => "Missing",
            security::PolicyVerification::ManifestCorrupted => "Manifest corrupted",
            security::PolicyVerification::SuspiciousContent(_) => "Rejected (suspicious content)",
        };

        // Get signed_at from manifest if available
        let signed_at = security::read_manifest(&workspace)
            .ok()
            .map(|m| m.signed_at)
            .unwrap_or_else(|| "N/A".to_string());

        println!("  Policy:     {} (exists)", policy_path.display());
        println!("  Signature:  {} (signed: {})", status, signed_at);
    } else {
        println!("  Policy:     Not created");
    }

    // Device key
    let key_path = state_dir.join(".device_key");
    if key_path.exists() {
        println!("  Device Key: Present");
    } else {
        println!("  Device Key: Missing (run `localgpt init`)");
    }

    // Audit log
    let entries = security::read_audit_log(state_dir)?;
    if entries.is_empty() {
        println!("  Audit Log:  Empty");
    } else {
        let broken = security::verify_audit_chain(state_dir)?;
        let chain_status = if broken.is_empty() {
            "chain intact"
        } else {
            "CHAIN BROKEN"
        };
        println!("  Audit Log:  {} entries, {}", entries.len(), chain_status);
    }

    // Protected files
    println!(
        "  Protected:  {} workspace files, {} external paths",
        security::PROTECTED_FILES.len(),
        security::PROTECTED_EXTERNAL_PATHS.len()
    );

    Ok(())
}