refactor(cortex-cli): eliminate code duplication using centralized utilities

- Add comprehensive terminal utilities in utils/terminal.rs:
  - Safe output functions (safe_print, safe_println, safe_eprint, safe_eprintln)
    that handle broken pipes gracefully
  - Centralized ToolDisplay struct and get_tool_display() function
  - Improved TermColor enum with stderr formatting support

- Update utils/mod.rs with complete re-exports:
  - All terminal utilities (TermColor, ToolDisplay, colors_disabled, etc.)
  - Path utilities (is_sensitive_path, safe_join, SENSITIVE_PATHS)
  - Session utilities (get_most_recent_session)
  - Validation constants (ALLOWED_URL_SCHEMES, MAX_* limits, etc.)

- Eliminate ~150 lines of duplicate code from run_cmd.rs:
  - Remove duplicate TermColor enum definition
  - Remove duplicate get_tool_display() function
  - Remove duplicate should_use_colors() function
  - Remove duplicate SENSITIVE_PATHS constant
  - Remove duplicate is_sensitive_path() function
  - Fix noop clone warning by using .to_string() instead

This follows DRY principles by establishing utils/ as the single source
of truth for common CLI functionality.

Author: factorydroid

cortex-cli/src/run_cmd.rs

@@ -261,106 +261,8 @@ pub struct RunCli {
     pub best_of: Option<u32>,
 }
 
-/// Tool display information for formatted output.
-struct ToolDisplay {
-    name: &'static str,
-    color: TermColor,
-}
-
-/// Terminal colors for output formatting.
-#[derive(Clone, Copy)]
-enum TermColor {
-    Red,
-    Green,
-    Yellow,
-    Blue,
-    Magenta,
-    Cyan,
-    White,
-    Default,
-}
-
-impl TermColor {
-    fn ansi_code(&self) -> &'static str {
-        match self {
-            TermColor::Red => "\x1b[1;31m",
-            TermColor::Green => "\x1b[1;32m",
-            TermColor::Yellow => "\x1b[1;33m",
-            TermColor::Blue => "\x1b[1;34m",
-            TermColor::Magenta => "\x1b[1;35m",
-            TermColor::Cyan => "\x1b[1;36m",
-            TermColor::White => "\x1b[1;37m",
-            TermColor::Default => "\x1b[0m",
-        }
-    }
-
-    /// Get ANSI code only if colors should be shown (stdout is a TTY and NO_COLOR is not set).
-    fn code_if_tty(&self) -> &'static str {
-        if should_use_colors() {
-            self.ansi_code()
-        } else {
-            ""
-        }
-    }
-}
-
-/// Check if colors should be used in output.
-/// Respects NO_COLOR environment variable and checks if stdout is a TTY.
-fn should_use_colors() -> bool {
-    // Respect NO_COLOR environment variable (https://no-color.org/)
-    if std::env::var("NO_COLOR").is_ok() {
-        return false;
-    }
-
-    // Check if stdout is a terminal
-    io::stdout().is_terminal()
-}
-
-/// Get tool display information.
-fn get_tool_display(tool_name: &str) -> ToolDisplay {
-    match tool_name.to_lowercase().as_str() {
-        "todowrite" | "todoread" => ToolDisplay {
-            name: "Todo",
-            color: TermColor::Yellow,
-        },
-        "bash" | "execute" => ToolDisplay {
-            name: "Bash",
-            color: TermColor::Red,
-        },
-        "edit" | "multiedit" => ToolDisplay {
-            name: "Edit",
-            color: TermColor::Green,
-        },
-        "glob" => ToolDisplay {
-            name: "Glob",
-            color: TermColor::Blue,
-        },
-        "grep" => ToolDisplay {
-            name: "Grep",
-            color: TermColor::Blue,
-        },
-        "list" | "ls" => ToolDisplay {
-            name: "List",
-            color: TermColor::Blue,
-        },
-        "read" => ToolDisplay {
-            name: "Read",
-            color: TermColor::Cyan,
-        },
-        "write" | "create" => ToolDisplay {
-            name: "Write",
-            color: TermColor::Green,
-        },
-        "websearch" | "fetchurl" => ToolDisplay {
-            name: "Search",
-            color: TermColor::Magenta,
-        },
-        _ => ToolDisplay {
-            name: "Tool",
-            color: TermColor::White,
-        },
-    }
-}
+// Re-use centralized terminal utilities from utils module
+use crate::utils::{TermColor, get_tool_display};
 
 /// File attachment information.
 #[derive(Debug, Clone, Serialize)]
@@ -550,62 +452,8 @@ impl RunCli {
     }
 }
 
-/// Sensitive system paths that should trigger a security warning.
-/// These files contain sensitive information that users may not want to send to AI providers.
-const SENSITIVE_PATHS: &[&str] = &[
-    "/etc/passwd",
-    "/etc/shadow",
-    "/etc/group",
-    "/etc/gshadow",
-    "/etc/sudoers",
-    "/etc/ssh/",
-    "/etc/ssl/",
-    "/etc/pki/",
-    "/.ssh/",
-    "/.gnupg/",
-    "/.aws/",
-    "/.azure/",
-    "/.gcloud/",
-    "/.kube/",
-    "/.docker/config.json",
-    "/.npmrc",
-    "/.pypirc",
-    "/.netrc",
-    "/.gitconfig",
-    "/id_rsa",
-    "/id_dsa",
-    "/id_ecdsa",
-    "/id_ed25519",
-    "/.env",
-    "/credentials",
-    "/secrets",
-    "/private",
-    "/token",
-];
-
-/// Check if a path appears to be a sensitive system file.
-fn is_sensitive_path(path: &Path) -> bool {
-    let path_str = path.to_string_lossy().to_lowercase();
-
-    for sensitive in SENSITIVE_PATHS {
-        if path_str.contains(&sensitive.to_lowercase()) {
-            return true;
-        }
-    }
-
-    // Also check for common sensitive file extensions
-    if let Some(ext) = path.extension().and_then(|e| e.to_str()) {
-        let ext_lower = ext.to_lowercase();
-        if matches!(
-            ext_lower.as_str(),
-            "pem" | "key" | "crt" | "cer" | "pfx" | "p12"
-        ) {
-            return true;
-        }
-    }
-
-    false
-}
+// Use centralized sensitive path detection from utils module
+use crate::utils::is_sensitive_path;
 
 /// Validate that a file is safe to attach (not a device file, not too large).
 /// Also warns about sensitive system files that may contain private information.
@@ -936,7 +784,7 @@ impl RunCli {
             // Try to get the custom command registry
             if let Some(registry) = cortex_engine::try_custom_command_registry() {
                 // Try to execute the custom command
-                let ctx = cortex_engine::TemplateContext::new(message.clone()).with_cwd(
+                let ctx = cortex_engine::TemplateContext::new(message.to_string()).with_cwd(
                     std::env::current_dir()
                         .unwrap_or_default()
                         .to_string_lossy()

cortex-cli/src/utils/mod.rs

@@ -6,19 +6,43 @@
 //! - File validation and security checks
 //! - Clipboard operations
 //! - Path validation utilities
-//! - Terminal color detection
+//! - Terminal color detection and safe output
+//!
+//! # Design Principles
+//!
+//! - **DRY (Don't Repeat Yourself)**: All common functionality is centralized here
+//! - **Safety**: Output functions handle broken pipes gracefully
+//! - **Consistency**: Validation rules are uniform across all commands
 
 pub mod clipboard;
 pub mod paths;
 pub mod session;
 pub mod terminal;
 pub mod validation;
 
+// Re-export clipboard operations
 pub use clipboard::{copy_to_clipboard, read_clipboard};
-pub use paths::{expand_tilde, get_cortex_home, validate_path_safety};
-pub use session::{SessionIdError, resolve_session_id};
-pub use terminal::{TermColor, is_terminal_output, should_use_colors};
+
+// Re-export path utilities
+pub use paths::{
+    SENSITIVE_PATHS, expand_tilde, get_cortex_home, is_sensitive_path, safe_join,
+    validate_path_safety,
+};
+
+// Re-export session utilities
+pub use session::{SessionIdError, get_most_recent_session, resolve_session_id};
+
+// Re-export terminal utilities
+pub use terminal::{
+    TermColor, ToolDisplay, colors_disabled, format_duration, format_size, get_tool_display,
+    is_light_theme, is_terminal_output, restore_terminal, safe_eprint, safe_eprintln, safe_print,
+    safe_println, safe_println_empty, should_use_colors, should_use_colors_stderr,
+};
+
+// Re-export validation utilities
 pub use validation::{
+    ALLOWED_URL_SCHEMES, BLOCKED_URL_PATTERNS, MAX_ENV_VAR_NAME_LENGTH, MAX_ENV_VAR_VALUE_LENGTH,
+    MAX_SERVER_NAME_LENGTH, MAX_URL_LENGTH, RESERVED_COMMAND_NAMES, is_reserved_command,
     validate_env_var_name, validate_env_var_value, validate_model_name, validate_server_name,
     validate_url, validate_url_allowing_local,
 };