Use DSPy Code in CWD only move dspy_cache to CWD

Author: Shashikant86

.gitignore

@@ -154,6 +154,10 @@ cython_debug/
 dspy_config.yaml
 *.log
 
+# dspy-code internal directories (all data in CWD)
+.dspy_code/
+.dspy_cache/
+
 # Environment variables and secrets
 .env
 .env.*
@@ -190,3 +194,7 @@ $RECYCLE.BIN/
 
 # Linux
 .directory
+
+# Docs
+# docs/
+# mkdocs.yml

README.md

@@ -12,15 +12,15 @@
 
 *An interactive CLI tool for building, optimizing, and deploying DSPy applications*
 
-[📖 Documentation](https://superagenticai.github.io/dspy-code/) • [🚀 Quick Start](#-quick-start) • [💬 GitHub Discussions](https://github.com/SuperagenticAI/dspy-code/discussions)
+[📖 Documentation](https://superagenticai.github.io/dspy-code/)
 
 </div>
 
 ---
 
 ## ✨ What is DSPy Code?
 
-DSPy Code is an **interactive development environment** that transforms how you learn and build with DSPy. Built as an intelligent CLI tool, it provides natural language interactions, code generation, optimization workflows, and comprehensive validation—all designed specifically for DSPy development.
+DSPy Code is an **interactive development environment** that transforms how you learn and build with DSPy. Built as an intelligent CLI tool, it provides natural language interactions, code generation, optimization workflows, and comprehensive validation, all designed specifically for DSPy development.
 
 **Learn as you build.** Whether you're a complete beginner or a DSPy expert, the CLI adapts to your level and guides you through every step.
 
@@ -77,21 +77,77 @@ DSPy Code is a **purpose-built development environment** that embeds DSPy expert
 
 ### Installation
 
+**⚠️ CRITICAL: Always create your virtual environment INSIDE your project directory!**
+
 ```bash
-# Install from PyPI
+# 1. Create a project directory
+mkdir my-dspy-project
+cd my-dspy-project
+
+# 2. Create virtual environment IN this directory (not elsewhere!)
+python -m venv .venv
+
+# 3. Activate it
+source .venv/bin/activate  # On Windows: .venv\Scripts\activate
+
+# 4. Install dspy-code (installs into .venv/ in your project)
 pip install dspy-code
 
-# DSPy is installed as a dependency
-# You can also install it separately: pip install dspy
+# 5. Run dspy-code (everything stays in this directory!)
+dspy-code
+```
+
+**Why virtual environment IN your project directory?**
+- 🔒 **Security**: All file scanning stays within your project directory
+- 📦 **Isolation**: Your project dependencies are self-contained
+- 🚀 **Portability**: Share your project by zipping the entire directory
+- 🎯 **Simplicity**: Everything in one place - no scattered files
+- 🧹 **Clean**: Delete the project folder to remove everything
+
+### Project Structure
+
+When you follow this setup, your project will be fully self-contained:
+
+```
+my-dspy-project/          # Your CWD
+├── .venv/                # Virtual environment (packages installed here)
+├── .dspy_cache/          # DSPy's LLM response cache
+├── .dspy_code/           # dspy-code's internal data
+│   ├── cache/            # RAG index cache
+│   ├── sessions/         # Session state
+│   ├── optimization/     # GEPA workflow data
+│   └── history.txt       # Command history
+├── generated/            # Your generated code
+├── modules/              # Your modules
+├── signatures/           # Your signatures
+└── dspy_config.yaml      # Your config
+```
+
+**Everything in one directory!** Delete the folder, and it's all gone. Zip it, and share with others.
+
+**Never run dspy-code from:**
+- ❌ Your home directory (`~/`)
+- ❌ Desktop, Documents, Downloads, or Pictures folders
+- ❌ System directories
+- ❌ With a virtual environment outside your project
+
+**Never do this:**
+```bash
+# ❌ DON'T: Virtual env outside project
+cd ~/
+python -m venv my_global_venv
+
+# ❌ DON'T: System-wide installation
+pip install dspy-code
 ```
 
-### Your First Program (3 minutes)
+### Your First Program (5 minutes)
 
 ```bash
-# Start the interactive CLI
+# From your project directory with activated venv:
 dspy-code
 
-# Initialize your project
+# Initialize your project (creates config and scans your environment)
 /init
 
 # Connect to a model (example with Ollama)
@@ -366,7 +422,7 @@ Special thanks to the DSPy community and all contributors!
 
 <div align="center">
 
-**[📖 Full Documentation](https://superagenticai.github.io/dspy-code/)** • **[🚀 Get Started](#-quick-start)** • **[💬 GitHub Discussions](https://github.com/SuperagenticAI/dspy-code/discussions)**
+**[📖 Full Documentation](https://superagenticai.github.io/dspy-code/)**
 
 Made for the DSPy community
 

dspy_code/core/config.py

@@ -44,7 +44,7 @@ class CodebaseRAGConfig:
 
     enabled: bool = True
     codebases: list[str] = field(default_factory=lambda: ["dspy-cli", "dspy", "gepa"])
-    cache_dir: str | None = None  # Defaults to ~/.dspy_cli/cache/codebase_index
+    cache_dir: str | None = None  # Defaults to .dspy_code/cache/codebase_index in CWD
     max_cache_size_mb: int = 100
     index_refresh_days: int = 7
     use_tfidf: bool = True

dspy_code/export/handler.py

@@ -28,7 +28,8 @@ def __init__(self, config_manager=None):
             config_manager: Optional configuration manager
         """
         self.config_manager = config_manager
-        self.export_dir = Path.home() / ".dspy_cli" / "exports"
+        # Export directory in CWD for isolation and portability
+        self.export_dir = Path.cwd() / ".dspy_code" / "exports"
         self.export_dir.mkdir(parents=True, exist_ok=True)
 
     def export_code(self, code: str, format: str, output_path: Path) -> None:

dspy_code/main.py

@@ -7,10 +7,13 @@
 All commands are now SLASH COMMANDS in interactive mode!
 """
 
+import os
 import sys
+from pathlib import Path
 
 import click
 from rich.console import Console
+from rich.panel import Panel
 from rich.traceback import install
 
 from .commands import interactive_command
@@ -23,10 +26,157 @@
 console = Console()
 
 
+def check_safe_working_directory() -> None:
+    """Check if current working directory is safe for dspy-code operations.
+
+    SECURITY: This prevents accidental scanning of user home directories,
+    system directories, and other sensitive locations.
+    """
+    cwd = Path.cwd().resolve()
+    home = Path.home().resolve()
+
+    # Check if running from home directory itself
+    if cwd == home:
+        console.print()
+        console.print(
+            Panel.fit(
+                "[bold red]🚨 SECURITY WARNING[/bold red]\n\n"
+                "[yellow]You are running dspy-code from your home directory![/yellow]\n\n"
+                "This is dangerous as it may attempt to scan ALL files in your home directory,\n"
+                "including personal documents, photos, and sensitive data.\n\n"
+                "[bold green]Recommended actions:[/bold green]\n"
+                "1. Create a dedicated project directory: [cyan]mkdir ~/my-dspy-project[/cyan]\n"
+                "2. Navigate to it: [cyan]cd ~/my-dspy-project[/cyan]\n"
+                "3. Create a virtual environment: [cyan]python -m venv .venv[/cyan]\n"
+                "4. Activate it: [cyan]source .venv/bin/activate[/cyan]\n"
+                "5. Install dspy-code: [cyan]pip install dspy-code[/cyan]\n"
+                "6. Then run: [cyan]dspy-code[/cyan]\n\n"
+                "[dim]Press Ctrl+C to exit, or Enter to continue at your own risk...[/dim]",
+                title="⚠️  Safety Check",
+                border_style="red",
+            )
+        )
+        try:
+            input()
+        except KeyboardInterrupt:
+            console.print("\n[green]Good choice! Please run from a project directory.[/green]")
+            sys.exit(0)
+        console.print(
+            "[yellow]⚠️  Proceeding with limited functionality to protect your files...[/yellow]\n"
+        )
+        return
+
+    # Check if running from immediate subdirectory of home (e.g., ~/Desktop, ~/Documents)
+    try:
+        relative = cwd.relative_to(home)
+        parts = relative.parts
+
+        if len(parts) <= 1:
+            dangerous_dirs = [
+                "desktop",
+                "documents",
+                "downloads",
+                "pictures",
+                "photos",
+                "movies",
+                "music",
+                "library",
+                "icloud",
+                "public",
+            ]
+
+            if parts and parts[0].lower() in dangerous_dirs:
+                console.print()
+                console.print(
+                    Panel.fit(
+                        f"[bold yellow]⚠️  WARNING[/bold yellow]\n\n"
+                        f"You are running dspy-code from: [cyan]{cwd}[/cyan]\n\n"
+                        "This directory may contain personal files. For safety,\n"
+                        "dspy-code will not scan files here.\n\n"
+                        "[bold green]Recommendation:[/bold green]\n"
+                        "Create a dedicated project directory for your DSPy work:\n"
+                        "[cyan]mkdir ~/projects/my-dspy-project && cd ~/projects/my-dspy-project[/cyan]",
+                        title="💡 Location Notice",
+                        border_style="yellow",
+                    )
+                )
+    except ValueError:
+        # Not relative to home, which is fine
+        pass
+
+    # FIRST: Check if we're in an allowed temp directory (exception to system dir rules)
+    allowed_temp_paths = [
+        Path("/tmp"),
+        Path("/var/folders"),
+        Path("/private/tmp"),
+        Path("/private/var/folders"),
+    ]
+
+    is_in_temp = any(
+        cwd.is_relative_to(temp_path) if temp_path.exists() else False
+        for temp_path in allowed_temp_paths
+    )
+
+    # If we're in a temp directory, skip system directory checks
+    if is_in_temp:
+        return
+
+    # Check if running from system directories
+    system_dirs = [Path("/"), Path("/System"), Path("/Library"), Path("/usr")]
+    for sys_dir in system_dirs:
+        if cwd == sys_dir or cwd.is_relative_to(sys_dir):
+            console.print()
+            console.print(
+                Panel.fit(
+                    "[bold red]🚨 CRITICAL ERROR[/bold red]\n\n"
+                    f"You cannot run dspy-code from system directory: [cyan]{cwd}[/cyan]\n\n"
+                    "This could damage your system. Please run from a user project directory.",
+                    title="❌ System Directory",
+                    border_style="red",
+                )
+            )
+            sys.exit(1)
+
+    # Check /var and /private (temp dirs already handled above)
+    var_path = Path("/var")
+    private_path = Path("/private")
+
+    if cwd == var_path or cwd == private_path:
+        console.print()
+        console.print(
+            Panel.fit(
+                "[bold red]🚨 CRITICAL ERROR[/bold red]\n\n"
+                f"You cannot run dspy-code from: [cyan]{cwd}[/cyan]\n\n"
+                "Please run from a user project directory.",
+                title="❌ System Directory",
+                border_style="red",
+            )
+        )
+        sys.exit(1)
+    elif cwd.is_relative_to(private_path):
+        console.print()
+        console.print(
+            Panel.fit(
+                "[bold red]🚨 CRITICAL ERROR[/bold red]\n\n"
+                f"You cannot run dspy-code from system directory: [cyan]{cwd}[/cyan]\n\n"
+                "Please run from a user project directory.",
+                title="❌ System Directory",
+                border_style="red",
+            )
+        )
+        sys.exit(1)
+
+
 @click.command()
 @click.option("--verbose", "-v", is_flag=True, help="Enable verbose output")
 @click.option("--debug", is_flag=True, help="Enable debug mode")
-def cli(verbose: bool, debug: bool):
+@click.option(
+    "--skip-safety-check",
+    is_flag=True,
+    hidden=True,
+    help="Skip directory safety check (not recommended)",
+)
+def cli(verbose: bool, debug: bool, skip_safety_check: bool):
     """
     DSPy Code - Interactive DSPy Development Environment
 
@@ -43,6 +193,10 @@ def cli(verbose: bool, debug: bool):
     DSPy Code adapts to YOUR installed DSPy version and gives you access
     to all DSPy features through natural language.
     """
+    # SECURITY: Check if running from safe directory
+    if not skip_safety_check:
+        check_safe_working_directory()
+
     # Setup logging
     setup_logging(verbose=verbose, debug=debug)
 

dspy_code/optimization/workflow_manager.py

@@ -92,8 +92,8 @@ def __init__(self, code_generator=None, config_manager=None):
         self.current_workflow: OptimizationWorkflow | None = None
         self.data_collector = DataCollector()
 
-        # Workflow storage
-        self.workflow_dir = Path.home() / ".dspy_cli" / "optimization"
+        # Workflow storage in CWD for isolation and portability
+        self.workflow_dir = Path.cwd() / ".dspy_code" / "optimization"
         self.workflow_dir.mkdir(parents=True, exist_ok=True)
 
     def start_optimization(self, module_code: str, budget: str = "medium") -> OptimizationWorkflow:

dspy_code/project/scanner.py

@@ -110,7 +110,10 @@ def scan_directory(self, path: str = ".") -> ProjectState:
         )
 
     def _get_all_files(self, path: Path) -> list[str]:
-        """Get all files in directory (excluding hidden and common ignore patterns)."""
+        """Get all files in directory (excluding hidden and common ignore patterns).
+
+        SECURITY: Only scans within the specified path with depth limit.
+        """
         files = []
         ignore_patterns = {
             "__pycache__",
@@ -125,12 +128,33 @@ def _get_all_files(self, path: Path) -> list[str]:
             "*.pyc",
         }
 
+        # SECURITY: Resolve path and enforce depth limit
+        path = path.resolve()
+        max_depth = 10  # Prevent deep recursion
+        base_depth = len(path.parts)
+
         try:
             for item in path.rglob("*"):
+                # SECURITY: Check depth limit
+                if len(item.parts) - base_depth > max_depth:
+                    continue
+
+                # SECURITY: Ensure item is actually within base path (prevent symlink attacks)
+                try:
+                    item.resolve().relative_to(path)
+                except ValueError:
+                    # Item is outside base path (e.g., symlink to another location)
+                    continue
+
                 if item.is_file():
                     # Skip ignored patterns
                     if any(pattern in str(item) for pattern in ignore_patterns):
                         continue
+
+                    # Check read permission
+                    if not os.access(item, os.R_OK):
+                        continue
+
                     files.append(str(item.relative_to(path)))
         except PermissionError:
             pass

dspy_code/rag/codebase_rag.py

@@ -30,7 +30,7 @@ def __init__(self, config_manager: ConfigManager | None = None, cache_dir: Path
 
         Args:
             config_manager: Configuration manager
-            cache_dir: Cache directory (defaults to ~/.dspy_cli/cache/codebase_index)
+            cache_dir: Cache directory (defaults to .dspy_code/cache/codebase_index in CWD)
         """
         self.config_manager = config_manager
         self.enabled = self._is_enabled()