Update version to v1.4.120 and commit

Add --input-has-vars flag to control variable substitution in input

cli/flags.go

@@ -55,6 +55,7 @@ type Flags struct {
 	PrintContext       string            `long:"printcontext" description:"Print context"`
 	PrintSession       string            `long:"printsession" description:"Print session"`
 	HtmlReadability    bool              `long:"readability" description:"Convert HTML input into a clean, readable view"`
+	InputHasVars       bool              `long:"input-has-vars" description:"Apply variables to user input"`
 	DryRun             bool              `long:"dry-run" description:"Show what would be sent to the model without actually sending it"`
 	Serve              bool              `long:"serve" description:"Serve the Fabric Rest API"`
 	ServeAddress       string            `long:"address" description:"The address to bind the REST API" default:":8080"`
@@ -126,6 +127,7 @@ func (o *Flags) BuildChatRequest(Meta string) (ret *common.ChatRequest, err erro
 		SessionName:      o.Session,
 		PatternName:      o.Pattern,
 		PatternVariables: o.PatternVariables,
+		InputHasVars:     o.InputHasVars,
 		Meta:             Meta,
 	}
 

common/domain.go

@@ -12,6 +12,7 @@ type ChatRequest struct {
 	Message          *goopenai.ChatCompletionMessage
 	Language         string
 	Meta             string
+	InputHasVars     bool
 }
 
 type ChatOptions struct {

common/utils.go

@@ -0,0 +1,73 @@
+package common
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+)
+
+// GetAbsolutePath resolves a given path to its absolute form, handling ~, ./, ../, UNC paths, and symlinks.
+func GetAbsolutePath(path string) (string, error) {
+	if path == "" {
+		return "", errors.New("path is empty")
+	}
+
+	// Handle UNC paths on Windows
+	if runtime.GOOS == "windows" && strings.HasPrefix(path, `\\`) {
+		return path, nil
+	}
+
+	// Handle ~ for home directory expansion
+	if strings.HasPrefix(path, "~") {
+		home, err := os.UserHomeDir()
+		if err != nil {
+			return "", errors.New("could not resolve home directory")
+		}
+		path = filepath.Join(home, path[1:])
+	}
+
+	// Convert to absolute path
+	absPath, err := filepath.Abs(path)
+	if err != nil {
+		return "", errors.New("could not get absolute path")
+	}
+
+	// Resolve symlinks, but allow non-existent paths
+	resolvedPath, err := filepath.EvalSymlinks(absPath)
+	if err == nil {
+		return resolvedPath, nil
+	}
+	if os.IsNotExist(err) {
+		// Return the absolute path for non-existent paths
+		return absPath, nil
+	}
+
+	return "", fmt.Errorf("could not resolve symlinks: %w", err)
+}
+
+// Helper function to check if a symlink points to a directory
+func IsSymlinkToDir(path string) bool {
+	fileInfo, err := os.Lstat(path)
+	if err != nil {
+		return false
+	}
+
+	if fileInfo.Mode()&os.ModeSymlink != 0 {
+		resolvedPath, err := filepath.EvalSymlinks(path)
+		if err != nil {
+			return false
+		}
+
+		fileInfo, err = os.Stat(resolvedPath)
+		if err != nil {
+			return false
+		}
+
+		return fileInfo.IsDir()
+	}
+
+	return false // Regular directories should not be treated as symlinks
+}

core/chatter.go

@@ -31,6 +31,15 @@ func (o *Chatter) Send(request *common.ChatRequest, opts *common.ChatOptions) (s
 		return
 	}
 
+	vendorMessages := session.GetVendorMessages()
+	if len(vendorMessages) == 0 {
+		if session.Name != "" {
+			err = o.db.Sessions.SaveSession(session)
+		}
+		err = fmt.Errorf("no messages provided")
+		return
+	}
+
 	if opts.Model == "" {
 		opts.Model = o.model
 	}
@@ -101,24 +110,30 @@ func (o *Chatter) BuildSession(request *common.ChatRequest, raw bool) (session *
 		contextContent = ctx.Content
 	}
 
-	var messageContent string
 	// Process any template variables in the message content (user input)
 	// Double curly braces {{variable}} indicate template substitution
-	// should occur, whether in patterns or direct input
-	if request.Message != nil {
-		if request.Message.Content, err =
-			template.ApplyTemplate(request.Message.Content, request.PatternVariables, ""); err != nil {
-			return
+	// Ensure we have a message before processing, other wise we'll get an error when we pass to pattern.go
+	if request.Message == nil {
+		request.Message = &goopenai.ChatCompletionMessage{
+			Role:    goopenai.ChatMessageRoleUser,
+			Content: " ",
+		}
+	}
+
+	// Now we know request.Message is not nil, process template variables
+	if request.InputHasVars {
+		request.Message.Content, err = template.ApplyTemplate(request.Message.Content, request.PatternVariables, "")
+		if err != nil {
+			return nil, err
 		}
-		messageContent = request.Message.Content
 	}
 
 	var patternContent string
 	if request.PatternName != "" {
-		var pattern *fsdb.Pattern
-		if pattern, err = o.db.Patterns.GetApplyVariables(
-			request.PatternName, request.PatternVariables, messageContent); err != nil {
+		pattern, err := o.db.Patterns.GetApplyVariables(request.PatternName, request.PatternVariables, request.Message.Content)
+		// pattrn will now contain user input, and all variables will be resolved, or errored
 
+		if err != nil {
 			return nil, fmt.Errorf("could not get pattern %s: %v", request.PatternName, err)
 		}
 		patternContent = pattern.Pattern

patterns/analyze_risk/system.md

@@ -0,0 +1,81 @@
+# IDENTITY and PURPOSE
+
+You are tasked with conducting a risk assessment of a third-party vendor, which involves analyzing their compliance with security and privacy standards. Your primary goal is to assign a risk score (Low, Medium, or High) based on your findings from analyzing provided documents, such as the UW IT Security Terms Rider and the Data Processing Agreement (DPA), along with the vendor's website. You will create a detailed document explaining the reasoning behind the assigned risk score and suggest necessary security controls for users or implementers of the vendor's software. Additionally, you will need to evaluate the vendor's adherence to various regulations and standards, including state laws, federal laws, and university policies.
+
+Take a step back and think step-by-step about how to achieve the best possible results by following the steps below.
+
+# STEPS
+
+- Conduct a risk assessment of the third-party vendor.
+
+- Assign a risk score of Low, Medium, or High.
+
+- Create a document explaining the reasoning behind the risk score.
+
+- Provide the document to the implementor of the vendor or the user of the vendor's software.
+
+- Perform analysis against the vendor's website for privacy, security, and terms of service.
+
+- Upload necessary PDFs for analysis, including the UW IT Security Terms Rider and Security standards document.
+
+# OUTPUT INSTRUCTIONS
+
+- The only output format is Markdown.
+
+- Ensure you follow ALL these instructions when creating your output.
+
+# EXAMPLE
+
+- Risk Analysis
+The following assumptions:
+
+* This is a procurement request, REQ00001
+
+* The School staff member is requesting audio software for buildings Tesira hardware.
+
+* The vendor will not engage UW Security Terms.
+
+* The data used is for audio layouts locally on specialized computer.
+
+* The data is considered public data aka Category 1, however very specialized in audio.
+
+
+
+
+
+Given this, IT Security has recommended the below mitigations for use of the tool for users or implementor of software.
+
+
+
+See Appendix for links for further details for the list below:
+
+
+
+1) Password Management: Users should create unique passwords and manage securely. People are encouraged to undergo UW OIS password training and consider using a password manager to enhance security. It’s crucial not to reuse their NETID password for the vendor account.
+
+2) Incident Response Contact: The owner/user will be the primary point of contact in case of a data breach. A person must know how to reach UW OIS via email for compliance with UW APS. For incidents involving privacy information, then required to fill out the incident report form on privacy.uw.edu.
+
+3) Data Backup: It’s recommended to regularly back up. Ensure data is backed-up (mitigation from Ransomware, compromises, etc) in a way if an issue arises you may roll back to known good state.
+
+ Data local to your laptop or PC, preferably backup to cloud storage such as UW OneDrive, to mitigate risks such as data loss, ransomware, or issues with vendor software. Details on storage options are available on itconnect.uw.edu and specific link in below Appendix.
+
+4) Records Retention: Adhere to Records Retention periods as required by RCW 40.14.050. Further guidance can be found on finance.uw.edu/recmgt/retentionschedules.
+
+5) Device Security: If any data will reside on a laptop, Follow the UW-IT OIS guidelines provided on itconnect.uw.edu for securing laptops.
+
+6) Software Patching: Routinely patch the vendor application. If it's on-premises software the expectation is to maintain security and compliance utilizing UW Office of Information Security Minimum standards.
+
+7) Review Terms of Use (of Vendor)  and vendors Privacy Policy with all the security/privacy implications it poses. Additionally utilize the resources within to ensure a request to delete data and account at the conclusion of service.
+
+- IN CONCLUSION
+
+This is not a comprehensive list of Risks.
+
+
+The is Low risk due to specialized data being category 1 (Public data) and being specialized audio layout data.
+
+
+
+This is for internal communication only and is not to be shared with the supplier or any outside parties.
+
+# INPUT

patterns/create_newsletter_entry/system.md

@@ -0,0 +1,20 @@
+# Identity and Purpose
+You are a custom GPT designed to create newsletter sections in the style of Frontend Weekly.
+
+# Step-by-Step Process:
+1. The user will provide article text.
+2. Condense the article into one summarizing newsletter entry less than 70 words in the style of Frontend Weekly.
+3. Generate a concise title for the entry, focus on the main idea or most important fact of the article
+
+# Tone and Style Guidelines:
+* Third-Party Narration: The newsletter should sound like it’s being narrated by an outside observer, someone who is both knowledgeable, unbiased and calm. Focus on the facts or main opinions in the original article.  Creates a sense of objectivity and adds a layer of professionalism.
+
+* Concise: Maintain brevity and clarity. The third-party narrator should deliver information efficiently, focusing on key facts and insights.
+
+# Output Instructions:
+Your final output should be a polished, newsletter-ready paragraph with a title line in bold followed by the summary paragraph.
+
+# INPUT:
+
+INPUT:
+

pkgs/fabric/version.nix

@@ -1 +1 @@
-"1.4.116"
+"1.4.120"

plugins/db/fsdb/patterns.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/danielmiessler/fabric/common"
 	"github.com/danielmiessler/fabric/plugins/template"
 )
 
@@ -33,8 +34,16 @@ func (o *PatternsEntity) GetApplyVariables(
 		strings.HasPrefix(source, ".")
 
 	if isFilePath {
-		pattern, err = o.getFromFile(source)
+		// Resolve the file path using GetAbsolutePath
+		absPath, err := common.GetAbsolutePath(source)
+		if err != nil {
+			return nil, fmt.Errorf("could not resolve file path: %v", err)
+		}
+
+		// Use the resolved absolute path to get the pattern
+		pattern, err = o.getFromFile(absPath)
 	} else {
+		// Otherwise, get the pattern from the database
 		pattern, err = o.getFromDB(source)
 	}
 
@@ -42,6 +51,7 @@ func (o *PatternsEntity) GetApplyVariables(
 		return
 	}
 
+	// Apply variables to the pattern
 	err = o.applyVariables(pattern, variables, input)
 	return
 }

plugins/db/fsdb/sessions.go

@@ -58,8 +58,7 @@ func (o *Session) Append(messages ...*goopenai.ChatCompletionMessage) {
 }
 
 func (o *Session) GetVendorMessages() (ret []*goopenai.ChatCompletionMessage) {
-	if o.vendorMessages == nil {
-		o.vendorMessages = []*goopenai.ChatCompletionMessage{}
+	if len(o.vendorMessages) == 0 {
 		for _, message := range o.Messages {
 			o.appendVendorMessage(message)
 		}

plugins/db/fsdb/storage.go

@@ -7,7 +7,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/samber/lo"
+	"github.com/danielmiessler/fabric/common"
 )
 
 type StorageEntity struct {
@@ -26,37 +26,44 @@ func (o *StorageEntity) Configure() (err error) {
 
 // GetNames finds all patterns in the patterns directory and enters the id, name, and pattern into a slice of Entry structs. it returns these entries or an error
 func (o *StorageEntity) GetNames() (ret []string, err error) {
-	var entries []os.DirEntry
-	if entries, err = os.ReadDir(o.Dir); err != nil {
-		err = fmt.Errorf("could not read items from directory: %v", err)
-		return
+	// Resolve the directory path to an absolute path
+	absDir, err := common.GetAbsolutePath(o.Dir)
+	if err != nil {
+		return nil, fmt.Errorf("could not resolve directory path: %v", err)
 	}
 
-	if o.ItemIsDir {
-		ret = lo.FilterMap(entries, func(item os.DirEntry, index int) (ret string, ok bool) {
-			if ok = item.IsDir(); ok {
-				ret = item.Name()
+	// Read the directory entries
+	var entries []os.DirEntry
+	if entries, err = os.ReadDir(absDir); err != nil {
+		return nil, fmt.Errorf("could not read items from directory: %v", err)
+	}
+
+	for _, entry := range entries {
+		entryPath := filepath.Join(absDir, entry.Name())
+
+		// Get metadata for the entry, including symlink info
+		fileInfo, err := os.Lstat(entryPath)
+		if err != nil {
+			return nil, fmt.Errorf("could not stat entry %s: %v", entryPath, err)
+		}
+
+		// Determine if the entry should be included
+		if o.ItemIsDir {
+			// Include directories or symlinks to directories
+			if fileInfo.IsDir() || (fileInfo.Mode()&os.ModeSymlink != 0 && common.IsSymlinkToDir(entryPath)) {
+				ret = append(ret, entry.Name())
 			}
-			return
-		})
-	} else {
-		if o.FileExtension == "" {
-			ret = lo.FilterMap(entries, func(item os.DirEntry, index int) (ret string, ok bool) {
-				if ok = !item.IsDir(); ok {
-					ret = item.Name()
-				}
-				return
-			})
 		} else {
-			ret = lo.FilterMap(entries, func(item os.DirEntry, index int) (ret string, ok bool) {
-				if ok = !item.IsDir() && filepath.Ext(item.Name()) == o.FileExtension; ok {
-					ret = strings.TrimSuffix(item.Name(), o.FileExtension)
+			// Include files, optionally filtering by extension
+			if !fileInfo.IsDir() {
+				if o.FileExtension == "" || filepath.Ext(entry.Name()) == o.FileExtension {
+					ret = append(ret, strings.TrimSuffix(entry.Name(), o.FileExtension))
 				}
-				return
-			})
+			}
 		}
 	}
-	return
+
+	return ret, nil
 }
 
 func (o *StorageEntity) Delete(name string) (err error) {

version.go

@@ -1,3 +1,3 @@
 package main
 
-var version = "v1.4.116"
+var version = "v1.4.120"