@0dai-dev/cli 4.1.0 → 4.3.4

package/lib/shared.js

@@ -11,6 +11,7 @@ const http = require("http");
 const fs = require("fs");
 const path = require("path");
 const os = require("os");
+const crypto = require("crypto");
 const { spawnSync } = require("child_process");
 
 const VERSION = require("../package.json").version;
@@ -48,13 +49,18 @@ const CONFIG_DIR = path.join(os.homedir(), ".0dai");
 const AUTH_FILE = path.join(CONFIG_DIR, "auth.json");
 const VERSION_CHECK_FILE = path.join(CONFIG_DIR, ".version_check");
 const PROJECTS_FILE = path.join(CONFIG_DIR, "projects.json");
-const MANAGED_BEGIN = "<!-- 0dai:managed:begin -->";
-const MANAGED_END = "<!-- 0dai:managed:end -->";
-const LEGACY_MANAGED_BEGIN = "<!-- zerodayai:managed:begin -->";
-const LEGACY_MANAGED_END = "<!-- zerodayai:managed:end -->";
+const DRIFT_TRACKED_CONFIGS = [
+  "CLAUDE.md",
+  "AGENTS.md",
+  "GEMINI.md",
+  "opencode.json",
+  ".cursorrules",
+  ".windsurfrules",
+  ".aider.conf.yml",
+];
 
 // --- API ---
-function apiCall(endpoint, data) {
+function apiCall(endpoint, data, options = {}) {
   return new Promise((resolve) => {
     const url = new URL(endpoint, API_URL);
     const mod = url.protocol === "https:" ? https : http;
@@ -65,11 +71,16 @@ function apiCall(endpoint, data) {
       "X-CLI-Version": VERSION,
       "X-Client-Channel": "npm",
     };
-    try {
-      const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf8"));
-      const token = auth.api_key || auth.access_token || auth.token;
-      if (token) headers["Authorization"] = `Bearer ${token}`;
-    } catch {}
+    const accessToken = options && options.accessToken ? String(options.accessToken).trim() : "";
+    if (accessToken) {
+      headers["Authorization"] = `Bearer ${accessToken}`;
+    } else {
+      try {
+        const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf8"));
+        const token = auth.api_key || auth.access_token || auth.token;
+        if (token) headers["Authorization"] = `Bearer ${token}`;
+      } catch {}
+    }
     const opts = {
       hostname: url.hostname,
       port: url.port || (url.protocol === "https:" ? 443 : 80),
@@ -88,7 +99,7 @@ function apiCall(endpoint, data) {
       });
     });
     req.on("error", (e) => resolve({ error: `${e.message}. Is ${API_URL} reachable?` }));
-    req.on("timeout", () => { req.destroy(); resolve({ error: "timeout" }); });
+    req.on("timeout", () => { req.destroy(); resolve({ error: "request timed out after 60s. Check your internet connection or try again." }); });
     if (body) req.write(body);
     req.end();
   });
@@ -110,12 +121,14 @@ function updateAuthState(patch) {
   saveAuthState({ ...current, ...patch });
 }
 
-async function fetchAuthStatus() {
-  const status = await apiCall("/v1/auth/status");
-  if (status && !status.error && status.email) {
+async function fetchAuthStatus(accessToken = "") {
+  const token = String(accessToken || "").trim();
+  const status = await apiCall("/v1/auth/status", null, token ? { accessToken: token } : undefined);
+  if (status && !status.error && status.email && !token) {
     updateAuthState({
       email: status.email, plan: status.plan || "free",
       name: status.name || "", license: status.license || {},
+      plan_expires_at: status.plan_expires_at || "",
     });
   }
   return status;
@@ -164,14 +177,123 @@ async function ensureLicenseActivation() {
 }
 
 // --- Project Heartbeat ---
-async function sendProjectHeartbeat(identity, result, extra = {}) {
+function _hashFileSha256(filePath) {
+  const buf = fs.readFileSync(filePath);
+  return crypto.createHash("sha256").update(buf).digest("hex");
+}
+
+function computeProjectDriftSummary(target) {
+  const hashesPath = path.join(target, "ai", "manifest", "config_hashes.json");
+  if (!fs.existsSync(hashesPath)) return null;
+  let hashes;
+  try {
+    hashes = JSON.parse(fs.readFileSync(hashesPath, "utf8"));
+  } catch {
+    return null;
+  }
+  const findings = [];
+  let totalConfigs = 0;
+  for (const name of DRIFT_TRACKED_CONFIGS) {
+    const filePath = path.join(target, name);
+    const exists = fs.existsSync(filePath) && fs.statSync(filePath).isFile();
+    const recorded = hashes[name];
+    if (exists) totalConfigs += 1;
+    if (recorded && !exists) {
+      findings.push({ config: name, type: "missing", severity: "warning" });
+      continue;
+    }
+    if (!recorded && exists) {
+      findings.push({ config: name, type: "extra", severity: "info" });
+      continue;
+    }
+    if (recorded && exists) {
+      try {
+        const currentHash = _hashFileSha256(filePath);
+        if (currentHash !== String(recorded.hash || "")) {
+          findings.push({ config: name, type: "modified", severity: "warning" });
+        }
+      } catch {
+        findings.push({ config: name, type: "unreadable", severity: "warning" });
+      }
+    }
+  }
+  const driftedCount = findings.filter((f) => f.type === "modified" || f.type === "missing").length;
+  return {
+    available: true,
+    clean: findings.length === 0,
+    drifted_count: driftedCount,
+    total_configs: totalConfigs,
+    findings,
+    updated_at: new Date().toISOString(),
+  };
+}
+
+async function sendProjectHeartbeat(target, identity, result, extra = {}) {
+  const drift = computeProjectDriftSummary(target);
   return apiCall("/v1/projects/heartbeat", {
     project_id: identity.project_id, stack: result.stack || identity.stack || "unknown",
     cli_version: VERSION, activation_status: "active", binding_status: "bound",
-    runtime_sessions: 0, swarm_active: 0, swarm_done: 0, channel: "npm", ...extra,
+    runtime_sessions: 0, swarm_active: 0, swarm_done: 0, channel: "npm",
+    ...(drift ? { drift } : {}),
+    ...extra,
   });
 }
 
+// --- First-run proof gate (issue #342) ---
+//
+// Idempotently appends a `first_run.success` event to ai/manifest/audit.jsonl
+// when all 4 activation gates have passed. Matches scripts/audit.py shape.
+// Returns { fired: boolean, elapsedS: number|null }.
+function logFirstRunSuccess(target, gates) {
+  try {
+    const auditPath = path.join(target, "ai", "manifest", "audit.jsonl");
+    if (!fs.existsSync(path.dirname(auditPath))) {
+      fs.mkdirSync(path.dirname(auditPath), { recursive: true });
+    }
+
+    // Idempotency: skip if a first_run.success event already exists for this project.
+    if (fs.existsSync(auditPath)) {
+      const existing = fs.readFileSync(auditPath, "utf8");
+      if (existing.includes('"action":"first_run.success"') ||
+          existing.includes('"action": "first_run.success"')) {
+        return { fired: false, elapsedS: null };
+      }
+    }
+
+    // Compute elapsed_s from the local first-run marker.
+    let elapsedS = null;
+    try {
+      const ob = require("./onboarding");
+      ob.trackFirstInit(target);
+      elapsedS = ob.getTimeToInit(target);
+    } catch {}
+
+    // Read current ai/VERSION for the entry's ai_version field.
+    let aiVersion = null;
+    try {
+      const vf = path.join(target, "ai", "VERSION");
+      if (fs.existsSync(vf)) aiVersion = fs.readFileSync(vf, "utf8").trim();
+    } catch {}
+
+    const entry = {
+      timestamp: new Date().toISOString(),
+      action: "first_run.success",
+      actor: "cli",
+      user: process.env.USER || process.env.USERNAME || "unknown",
+      ai_version: aiVersion,
+      details: JSON.stringify({
+        elapsed_s: elapsedS,
+        gates: gates || {},
+      }),
+    };
+
+    fs.appendFileSync(auditPath, JSON.stringify(entry) + "\n", "utf8");
+    return { fired: true, elapsedS };
+  } catch {
+    return { fired: false, elapsedS: null };
+  }
+}
+
 // --- File Writing ---
 function mergeSettingsJson(existing, incoming) {
   try {
@@ -184,34 +306,11 @@ function mergeSettingsJson(existing, incoming) {
   } catch { return incoming; }
 }
 
-function mergeManagedMarkdown(existing, incoming) {
-  let src = incoming;
-  if (src.startsWith("# managed: true")) {
-    src = src.split("\n").slice(1).join("\n").trimStart();
-  }
-  const managedBody = `${MANAGED_BEGIN}\n${src.trim()}\n${MANAGED_END}\n`;
-  if (existing.includes(MANAGED_BEGIN) && existing.includes(MANAGED_END)) {
-    const start = existing.indexOf(MANAGED_BEGIN);
-    const finish = existing.indexOf(MANAGED_END) + MANAGED_END.length;
-    return existing.slice(0, start) + managedBody + existing.slice(finish);
-  }
-  if (existing.includes(LEGACY_MANAGED_BEGIN) && existing.includes(LEGACY_MANAGED_END)) {
-    const finish = existing.indexOf(LEGACY_MANAGED_END) + LEGACY_MANAGED_END.length;
-    const rest = existing.slice(finish).trimStart();
-    return rest ? `${managedBody}\n${rest}` : managedBody;
-  }
-  return `${managedBody}\n${existing}`;
-}
-
-function contentLooksManaged(existing) {
-  return existing.includes("managed: true") || existing.includes('"managed": true') ||
-    (existing.includes(MANAGED_BEGIN) && existing.includes(MANAGED_END)) ||
-    (existing.includes(LEGACY_MANAGED_BEGIN) && existing.includes(LEGACY_MANAGED_END));
-}
-
 function writeFiles(target, files) {
   let created = 0, updated = 0, unchanged = 0, merged = 0, skipped = 0;
   const targetResolved = path.resolve(target);
+  let backupDir = null;
+  const backupConfigs = new Set(["CLAUDE.md", "AGENTS.md"]);
   for (const [rel, content] of Object.entries(files)) {
     if (typeof rel !== "string" || !rel || path.isAbsolute(rel) || rel.split(/[/\\]/).includes("..")) {
       skipped++; continue;
@@ -224,11 +323,16 @@ function writeFiles(target, files) {
       const existing = fs.readFileSync(p, "utf8");
       if (existing === content) { unchanged++; continue; }
       if (rel.endsWith("settings.json")) { finalContent = mergeSettingsJson(existing, content); merged++; }
-      else if (rel === "AGENTS.md") {
-        if (existing.includes("managed: false")) { unchanged++; continue; }
-        const backupDir = path.join(target, "ai", ".backups");
-        fs.mkdirSync(backupDir, { recursive: true });
-        fs.writeFileSync(path.join(backupDir, "AGENTS.md.bak"), existing, "utf8");
+      else if (backupConfigs.has(rel)) {
+        if (rel === "AGENTS.md" && existing.includes("managed: false")) { unchanged++; continue; }
+        if (!backupDir) {
+          const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
+          backupDir = path.join(targetResolved, "ai", ".backups", timestamp);
+          fs.mkdirSync(backupDir, { recursive: true });
+        }
+        const backupPath = path.join(backupDir, rel);
+        fs.writeFileSync(backupPath, existing, "utf8");
+        log(`backed up existing ${rel} to ${backupPath}`);
         updated++;
       } else { updated++; }
     } else { created++; }
@@ -241,60 +345,13 @@ function writeFiles(target, files) {
   return created + updated;
 }
 
-function writeManagedFiles(target, files) {
-  let created = 0, updated = 0, unchanged = 0, merged = 0, staged = 0, skipped = 0;
-  const targetResolved = path.resolve(target);
-  for (const [rel, content] of Object.entries(files)) {
-    if (typeof rel !== "string" || !rel || path.isAbsolute(rel) || rel.split(/[/\\]/).includes("..")) {
-      skipped++; continue;
-    }
-    const p = path.resolve(targetResolved, rel);
-    if (!p.startsWith(targetResolved + path.sep) && p !== targetResolved) { skipped++; continue; }
-    fs.mkdirSync(path.dirname(p), { recursive: true });
-    if (!fs.existsSync(p)) {
-      fs.writeFileSync(p, content, "utf8");
-      created++;
-      continue;
-    }
-    const existing = fs.readFileSync(p, "utf8");
-    if (existing === content) {
-      unchanged++;
-      continue;
-    }
-
-    if (rel.endsWith("settings.json")) {
-      fs.writeFileSync(p, mergeSettingsJson(existing, content), "utf8");
-      merged++;
-      continue;
-    }
-    if (rel === "AGENTS.md" || rel.endsWith("/CLAUDE.md")) {
-      fs.writeFileSync(p, mergeManagedMarkdown(existing, content), "utf8");
-      merged++;
-      continue;
-    }
-    if (!contentLooksManaged(existing)) {
-      fs.writeFileSync(`${p}.generated`, content, "utf8");
-      staged++;
-      continue;
-    }
-
-    fs.writeFileSync(p, content, "utf8");
-    updated++;
-  }
-  const parts = [`${created} created`, `${updated} updated`, `${unchanged} unchanged`];
-  if (merged) parts.push(`${merged} merged`);
-  if (staged) parts.push(`${staged} staged`);
-  if (skipped) parts.push(`${skipped} skipped (unsafe path)`);
-  log(parts.join(", "));
-  return created + updated + merged;
-}
-
 // --- Repo Script Lookup ---
 function findRepoScript(target, scriptName) {
   const candidates = [
     path.join(target, "scripts", scriptName),
     path.join(process.cwd(), "scripts", scriptName),
     path.join(__dirname, "..", "..", "..", "scripts", scriptName),
+    path.join(__dirname, "..", "..", "..", "..", "scripts", scriptName),
   ];
   for (const c of candidates) { if (fs.existsSync(c)) return c; }
   return null;
@@ -350,9 +407,9 @@ module.exports = {
   // Plan / Tier
   _detectPlanLocal, requirePlan, getSwarmQuotaLocal,
   // Project
-  sendProjectHeartbeat, recordExperienceEvent,
+  sendProjectHeartbeat, recordExperienceEvent, logFirstRunSuccess,
   // Files
-  mergeSettingsJson, mergeManagedMarkdown, writeFiles, writeManagedFiles, findRepoScript,
+  mergeSettingsJson, writeFiles, findRepoScript,
   // Version
   checkVersion,
   // Re-exports for convenience