@0dai-dev/cli 4.3.5 → 4.3.7

package/lib/python/project_manager.py

@@ -0,0 +1,621 @@
+#!/usr/bin/env python3
+"""0dai Project Manager — account binding and pilot analytics for local repos."""
+from __future__ import annotations
+
+import argparse
+import hashlib
+import json
+import os
+import pathlib
+import re
+import socket
+import subprocess
+import sys
+import time
+import urllib.error
+import urllib.request
+
+import auth as auth_mod
+
+API_BASE = os.environ.get("ODAI_API_URL", "https://api.0dai.dev")
+INSIGHTS_INGEST_ENDPOINT = os.environ.get("ODAI_INSIGHTS_INGEST_ENDPOINT", "/v1/insights/ingest")
+_BINDING_IDENTITY_KEYS = {
+    "managed",
+    "schema",
+    "target",
+    "current_target",
+    "target_aliases",
+    "project_id",
+    "project_name",
+    "display_name",
+    "stack",
+    "origin",
+    "remote_origin",
+    "path_hash",
+    "device",
+}
+_REMOTE_CREDENTIAL_RE = re.compile(r"^(https?://)[^@/\s]+@")
+_PROJECT_ID_RE = re.compile(r"^prj_[A-Za-z0-9_-]{8,}$")
+
+
+def _binding_path(target: pathlib.Path) -> pathlib.Path:
+    return target / ".0dai" / "project-binding.json"
+
+
+def _load_json(path: pathlib.Path) -> dict | None:
+    if not path.is_file():
+        return None
+    try:
+        return json.loads(path.read_text(encoding="utf-8"))
+    except (json.JSONDecodeError, OSError):
+        return None
+
+
+def _save_json(path: pathlib.Path, data: dict) -> None:
+    path.parent.mkdir(parents=True, exist_ok=True)
+    path.write_text(json.dumps(data, indent=2, ensure_ascii=False) + "\n", encoding="utf-8")
+
+
+def _scrub_remote_url(url: str) -> str:
+    """Remove embedded credentials from HTTP(S) git remote URLs."""
+    return _REMOTE_CREDENTIAL_RE.sub(r"\1", url)
+
+
+def _read_project_manifest(target: pathlib.Path) -> dict:
+    path = target / "ai" / "manifest" / "project.yaml"
+    result: dict[str, str] = {}
+    if not path.is_file():
+        return result
+    try:
+        in_project = False
+        for raw in path.read_text(encoding="utf-8").splitlines():
+            line = raw.strip()
+            if not line or line.startswith("#"):
+                continue
+            top_level = len(raw) == len(raw.lstrip())
+            if top_level:
+                in_project = False
+            if top_level and line == "project:":
+                in_project = True
+                continue
+            if top_level and line.startswith("name:"):
+                result["name"] = line.split(":", 1)[1].strip().strip('"').strip("'")
+            elif top_level and line.startswith("stack:"):
+                result["stack"] = line.split(":", 1)[1].strip().strip('"').strip("'")
+            elif top_level and line.startswith("repo:"):
+                result["repo"] = line.split(":", 1)[1].strip().strip('"').strip("'")
+            elif in_project and line.startswith("name:") and "name" not in result:
+                result["name"] = line.split(":", 1)[1].strip().strip('"').strip("'")
+            elif in_project and line.startswith("stack:") and "stack" not in result:
+                result["stack"] = line.split(":", 1)[1].strip().strip('"').strip("'")
+            elif in_project and line.startswith("type:") and "stack" not in result:
+                result["stack"] = line.split(":", 1)[1].strip().strip('"').strip("'")
+            elif in_project and line.startswith("repo:") and "repo" not in result:
+                result["repo"] = line.split(":", 1)[1].strip().strip('"').strip("'")
+    except OSError:
+        return {}
+    return result
+
+
+def _git_remote_origin(target: pathlib.Path) -> str:
+    try:
+        result = subprocess.run(
+            ["git", "config", "--get", "remote.origin.url"],
+            cwd=target,
+            check=False,
+            capture_output=True,
+            text=True,
+        )
+    except OSError:
+        return ""
+    if result.returncode != 0:
+        return ""
+    return _scrub_remote_url(result.stdout.strip())
+
+
+def _discover_project_name(target: pathlib.Path, manifest: dict[str, str]) -> str:
+    if manifest.get("name"):
+        return manifest["name"]
+    package_json = target / "package.json"
+    if package_json.is_file():
+        try:
+            data = json.loads(package_json.read_text(encoding="utf-8"))
+            if data.get("name"):
+                return str(data["name"])
+        except (json.JSONDecodeError, OSError):
+            pass
+    go_mod = target / "go.mod"
+    if go_mod.is_file():
+        try:
+            for line in go_mod.read_text(encoding="utf-8").splitlines():
+                if line.startswith("module "):
+                    return line.split()[-1].split("/")[-1]
+        except OSError:
+            pass
+    pyproject = target / "pyproject.toml"
+    if pyproject.is_file():
+        try:
+            for line in pyproject.read_text(encoding="utf-8").splitlines():
+                if line.strip().startswith("name"):
+                    return line.split("=", 1)[1].strip().strip('"').strip("'")
+        except OSError:
+            pass
+    return target.resolve().name
+
+
+def _discover_stack(target: pathlib.Path, manifest: dict[str, str]) -> str:
+    if manifest.get("stack"):
+        return manifest["stack"]
+    discovery = _load_json(target / "ai" / "manifest" / "discovery.json") or {}
+    if discovery.get("stack"):
+        return str(discovery["stack"])
+    return "unknown"
+
+
+def _canonical_origin(target: pathlib.Path, manifest: dict[str, str]) -> tuple[str, str]:
+    remote = _git_remote_origin(target)
+    if remote:
+        return remote, "git"
+    if manifest.get("repo"):
+        return _scrub_remote_url(manifest["repo"]), "manifest"
+    return str(target.resolve()), "local"
+
+
+def _project_id(project_name: str, origin: str) -> str:
+    seed = json.dumps({"name": project_name, "origin": origin}, sort_keys=True, ensure_ascii=False)
+    return "prj_" + hashlib.sha256(seed.encode()).hexdigest()[:16]
+
+
+def _identity(target: pathlib.Path) -> dict:
+    manifest = _read_project_manifest(target)
+    project_name = _discover_project_name(target, manifest)
+    stack = _discover_stack(target, manifest)
+    origin_value, origin_kind = _canonical_origin(target, manifest)
+    return {
+        "project_id": _project_id(project_name, origin_value),
+        "project_name": project_name,
+        "stack": stack,
+        "origin": origin_kind,
+        "remote_origin": origin_value if origin_kind != "local" else "",
+        "path_hash": hashlib.sha256(str(target.resolve()).encode()).hexdigest()[:16],
+        "device": socket.gethostname()[:32],
+    }
+
+
+def _valid_project_id(value: object) -> bool:
+    return isinstance(value, str) and bool(_PROJECT_ID_RE.match(value.strip()))
+
+
+def _binding_path_candidates(binding: dict) -> list[str]:
+    candidates: list[str] = []
+    for key in ("target", "current_target"):
+        value = binding.get(key)
+        if isinstance(value, str) and value.strip():
+            candidates.append(value.strip())
+    aliases = binding.get("target_aliases")
+    if isinstance(aliases, list):
+        for alias in aliases:
+            if isinstance(alias, str) and alias.strip():
+                candidates.append(alias.strip())
+    return candidates
+
+
+def _binding_target_matches(target: pathlib.Path, binding: dict) -> bool:
+    current = pathlib.Path(target).resolve()
+    for candidate in _binding_path_candidates(binding):
+        try:
+            if pathlib.Path(candidate).resolve() == current:
+                return True
+        except OSError:
+            if pathlib.Path(candidate).absolute() == current:
+                return True
+    return False
+
+
+def _target_info(target: pathlib.Path, binding: dict | None = None) -> dict:
+    current = pathlib.Path(target).absolute()
+    canonical = pathlib.Path(target).resolve()
+    seen: set[str] = set()
+    aliases: list[str] = []
+
+    def add_alias(value: object) -> None:
+        if not isinstance(value, str) or not value.strip():
+            return
+        resolved = str(pathlib.Path(value).absolute())
+        if resolved == str(canonical) or resolved in seen:
+            return
+        seen.add(resolved)
+        aliases.append(resolved)
+
+    if str(current) != str(canonical):
+        add_alias(str(current))
+    if binding:
+        for candidate in _binding_path_candidates(binding):
+            add_alias(candidate)
+    return {
+        "target": str(canonical),
+        "current_target": str(current),
+        "target_aliases": aliases,
+    }
+
+
+def _trusted_binding_identity(target: pathlib.Path, binding: dict) -> dict:
+    if binding.get("binding_status") != "bound":
+        return {}
+    if not _binding_target_matches(target, binding):
+        return {}
+    trusted: dict[str, str] = {}
+    if _valid_project_id(binding.get("project_id")):
+        trusted["project_id"] = str(binding["project_id"]).strip()
+    display_name = str(binding.get("display_name") or binding.get("project_name") or "").strip()
+    if display_name:
+        trusted["project_name"] = display_name
+    return trusted
+
+
+def _binding_snapshot(target: pathlib.Path) -> dict:
+    binding = _load_json(_binding_path(target)) or {}
+    identity = _identity(target)
+    metadata = {
+        key: value
+        for key, value in binding.items()
+        if key not in _BINDING_IDENTITY_KEYS
+    }
+    target_info = _target_info(target, binding if _binding_target_matches(target, binding) else None)
+    trusted = _trusted_binding_identity(target, binding)
+    if trusted.get("project_id"):
+        identity["project_id"] = trusted["project_id"]
+    if trusted.get("project_name"):
+        identity["project_name"] = trusted["project_name"]
+    merged = {
+        "managed": True,
+        "schema": 1,
+        **target_info,
+        **identity,
+        "display_name": identity["project_name"],
+        **metadata,
+    }
+    # A binding whose stored target no longer matches this path (the project was
+    # moved/copied) must not report "bound" — the identity already falls back to
+    # the path-derived one, so the status must say "moved" and prompt a re-bind,
+    # not silently surface a stale project_id/name (#4363).
+    if (
+        merged.get("binding_status") == "bound"
+        and _binding_path_candidates(binding)
+        and not _binding_target_matches(target, binding)
+    ):
+        merged["binding_status"] = "moved"
+        merged["binding_reason"] = (
+            "binding target does not match this path — project moved or copied; "
+            "re-bind to refresh identity"
+        )
+        merged["binding_next_action"] = "run 0dai project bind"
+    if not merged.get("binding_status"):
+        merged["binding_status"] = "local-only"
+        merged["binding_reason"] = "no .0dai/project-binding.json"
+        merged["binding_next_action"] = "run 0dai project bind"
+    return merged
+
+
+def _write_binding(target: pathlib.Path, **overrides: object) -> dict:
+    if "remote_origin" in overrides:
+        overrides["remote_origin"] = _scrub_remote_url(str(overrides["remote_origin"]))
+    current = _binding_snapshot(target)
+    current.update(overrides)
+    current["updated_at"] = time.strftime("%Y-%m-%dT%H:%M:%S+00:00", time.gmtime())
+    _save_json(_binding_path(target), current)
+    return current
+
+
+def _load_access_token() -> tuple[str, dict | None]:
+    token = auth_mod.load_token()
+    if not token:
+        return "", None
+    return str(token.get("access_token", "")), token
+
+
+def _insights_ingest_path(target: pathlib.Path) -> pathlib.Path:
+    return target / "ai" / "manifest" / "insights_ingest.json"
+
+
+def _insights_outbox_path(target: pathlib.Path) -> pathlib.Path:
+    return target / "ai" / "manifest" / "insights_outbox.jsonl"
+
+
+def _append_jsonl(path: pathlib.Path, payload: dict) -> None:
+    path.parent.mkdir(parents=True, exist_ok=True)
+    with path.open("a", encoding="utf-8") as handle:
+        handle.write(json.dumps(payload, ensure_ascii=False) + "\n")
+
+
+def _load_insights_ingest(target: pathlib.Path) -> dict:
+    return _load_json(_insights_ingest_path(target)) or {
+        "updated_at": "",
+        "total_push_attempts": 0,
+        "total_push_success": 0,
+        "total_push_failed": 0,
+        "last_push": {},
+        "recent": [],
+    }
+
+
+def _save_insights_ingest(target: pathlib.Path, data: dict) -> None:
+    _save_json(_insights_ingest_path(target), data)
+
+
+def _api_request(method: str, endpoint: str, token: str, payload: dict | None = None) -> dict:
+    url = f"{API_BASE}{endpoint}"
+    body = None if payload is None else json.dumps(payload, ensure_ascii=False).encode("utf-8")
+    headers = {
+        "Accept": "application/json",
+        "Authorization": f"Bearer {token}",
+        "User-Agent": "0dai-cli/project-manager",
+    }
+    if body is not None:
+        headers["Content-Type"] = "application/json"
+    req = urllib.request.Request(url, data=body, headers=headers, method=method)
+    with urllib.request.urlopen(req, timeout=20) as resp:
+        return json.loads(resp.read().decode("utf-8"))
+
+
+def _push_insight_cloud_first(target: pathlib.Path, payload: dict) -> dict:
+    result = {
+        "attempted": True,
+        "ok": False,
+        "mode": "local-outbox",
+        "reason": "",
+    }
+    access_token, token = _load_access_token()
+    ingest_state = _load_insights_ingest(target)
+    ingest_state["total_push_attempts"] = int(ingest_state.get("total_push_attempts", 0) or 0) + 1
+
+    if not token or not auth_mod.is_authenticated() or not access_token:
+        result["reason"] = "not_authenticated"
+    else:
+        try:
+            _api_request("POST", INSIGHTS_INGEST_ENDPOINT, access_token, payload)
+            result["ok"] = True
+            result["mode"] = "cloud"
+        except urllib.error.HTTPError as exc:
+            result["reason"] = f"http_error:{exc.code}"
+        except (urllib.error.URLError, json.JSONDecodeError, OSError) as exc:
+            result["reason"] = str(exc)
+
+    if result["ok"]:
+        ingest_state["total_push_success"] = int(ingest_state.get("total_push_success", 0) or 0) + 1
+    else:
+        ingest_state["total_push_failed"] = int(ingest_state.get("total_push_failed", 0) or 0) + 1
+        _append_jsonl(_insights_outbox_path(target), payload)
+
+    now = time.strftime("%Y-%m-%dT%H:%M:%S+00:00", time.gmtime())
+    event = {
+        "at": now,
+        "mode": result["mode"],
+        "ok": bool(result["ok"]),
+        "reason": result.get("reason", ""),
+        "project_id": str((payload.get("source") or {}).get("project_id") or ""),
+    }
+    recent = list(ingest_state.get("recent") or [])
+    recent.insert(0, event)
+    ingest_state["recent"] = recent[:20]
+    ingest_state["last_push"] = event
+    ingest_state["updated_at"] = now
+    _save_insights_ingest(target, ingest_state)
+    return result
+
+
+def _validate_project_name(value: str | None) -> tuple[bool, str]:
+    name = str(value or "").strip()
+    if not name:
+        return False, "project name must not be empty"
+    if len(name) > 120:
+        return False, "project name must be 120 characters or fewer"
+    if any(ord(ch) < 32 or ord(ch) == 127 for ch in name):
+        return False, "project name must not contain control characters"
+    return True, name
+
+
+def _bind_remote(target: pathlib.Path, source: str, project_name: str | None = None) -> tuple[bool, str, dict | None]:
+    access_token, token = _load_access_token()
+    if not token or not auth_mod.is_authenticated() or not access_token:
+        _write_binding(
+            target,
+            binding_status="local-only",
+            binding_source=source,
+            last_error="CLI is not authenticated with a cloud access token",
+            account_email=token.get("user", "") if token else "",
+        )
+        return False, "local-only", None
+
+    payload = _identity(target)
+    existing = _load_json(_binding_path(target)) or {}
+    trusted = _trusted_binding_identity(target, existing)
+    if trusted.get("project_id"):
+        payload["project_id"] = trusted["project_id"]
+    if project_name:
+        ok, normalized_name = _validate_project_name(project_name)
+        if not ok:
+            return False, normalized_name, None
+        payload["project_name"] = normalized_name
+        if not trusted.get("project_id"):
+            payload["project_id"] = _project_id(normalized_name, payload.get("remote_origin") or str(target.resolve()))
+    payload["binding_source"] = source
+    try:
+        data = _api_request("POST", "/v1/projects/bind", access_token, payload)
+    except urllib.error.HTTPError as exc:
+        try:
+            details = json.loads(exc.read().decode("utf-8"))
+            message = details.get("error", str(exc))
+        except json.JSONDecodeError:
+            message = str(exc)
+        _write_binding(
+            target,
+            binding_status="binding-failed",
+            binding_source=source,
+            last_error=message,
+            account_email=token.get("user", ""),
+        )
+        return False, message, None
+    except (urllib.error.URLError, json.JSONDecodeError, OSError) as exc:
+        _write_binding(
+            target,
+            binding_status="binding-failed",
+            binding_source=source,
+            last_error=str(exc),
+            account_email=token.get("user", ""),
+        )
+        return False, str(exc), None
+
+    project = data.get("project", {}) if isinstance(data, dict) else {}
+    project_id = project.get("project_id") or payload["project_id"]
+    resolved_project_name = project_name or project.get("name") or payload["project_name"]
+    saved = _write_binding(
+        target,
+        project_id=project_id,
+        project_name=resolved_project_name,
+        display_name=resolved_project_name,
+        binding_status="bound",
+        binding_source=source,
+        bound_at=project.get("bound_at") or time.strftime("%Y-%m-%dT%H:%M:%S+00:00", time.gmtime()),
+        last_sync=project.get("last_sync"),
+        activation_id=project.get("activation_id", ""),
+        activation_status=project.get("activation_status", ""),
+        account_email=data.get("email", token.get("user", "")),
+        server_project=project,
+        last_error="",
+    )
+    return True, "bound", saved
+
+
+def _analytics_snapshot(target: pathlib.Path) -> dict:
+    binding = _binding_snapshot(target)
+    analytics = _load_json(target / "ai" / "manifest" / "agent-analytics.json") or {}
+    runtime = _load_json(target / "ai" / "sessions" / "runtime.json") or {}
+    summary = {
+        "project": {
+            "project_id": binding.get("project_id", ""),
+            "name": binding.get("project_name", target.resolve().name),
+            "stack": binding.get("stack", "unknown"),
+            "binding_status": binding.get("binding_status", "unknown"),
+            "account_email": binding.get("account_email", ""),
+        },
+        "swarm": {
+            "active": sum(1 for _ in (target / "ai" / "swarm" / "active").glob("*.json")) if (target / "ai" / "swarm" / "active").is_dir() else 0,
+            "done": sum(1 for _ in (target / "ai" / "swarm" / "done").glob("*.json")) if (target / "ai" / "swarm" / "done").is_dir() else 0,
+            "queue": sum(1 for _ in (target / "ai" / "swarm" / "queue").glob("*.json")) if (target / "ai" / "swarm" / "queue").is_dir() else 0,
+        },
+        "runtime": {
+            "total_sessions": len((runtime.get("sessions") or {})),
+            "updated_at": runtime.get("updated_at", ""),
+        },
+        "agent_analytics": analytics,
+    }
+    return summary
+
+
+def cmd_status(args: argparse.Namespace) -> int:
+    target = pathlib.Path(args.target).resolve()
+    data = _binding_snapshot(target)
+    if args.json:
+        print(json.dumps(data, ensure_ascii=False, indent=2))
+    else:
+        print(f"[0dai] project: {data.get('project_name', target.name)} ({data.get('project_id', '?')})")
+        print(f"[0dai] binding: {data.get('binding_status', 'unknown')}")
+        if data.get("activation_status"):
+            print(f"[0dai] activation: {data.get('activation_status')} ({data.get('activation_id', '')})")
+        if data.get("account_email"):
+            print(f"[0dai] account: {data['account_email']}")
+        print(f"[0dai] stack:   {data.get('stack', 'unknown')}")
+        if data.get("remote_origin"):
+            print(f"[0dai] origin:  {data['remote_origin']}")
+        if data.get("last_error"):
+            print(f"[0dai] error:   {data['last_error']}")
+    return 0
+
+
+def cmd_bind(args: argparse.Namespace) -> int:
+    target = pathlib.Path(args.target).resolve()
+    ok, message, data = _bind_remote(target, args.source, getattr(args, "name", None))
+    if args.json:
+        print(json.dumps(data or _binding_snapshot(target), ensure_ascii=False, indent=2))
+        return 0 if ok else 1
+    if ok:
+        print(f"[0dai] bound project '{(data or {}).get('project_name', target.name)}' to {(data or {}).get('account_email', '?')}")
+        print(f"[0dai] project id: {(data or {}).get('project_id', '?')}")
+        return 0
+    print(f"[0dai] project binding skipped/failed: {message}", file=sys.stderr)
+    return 1
+
+
+def cmd_auto_bind(args: argparse.Namespace) -> int:
+    target = pathlib.Path(args.target).resolve()
+    ok, message, _ = _bind_remote(target, args.source)
+    if ok:
+        print(f"[0dai] project bound ({args.source})")
+    else:
+        print(f"[0dai] project binding state: {message}")
+    return 0
+
+
+def cmd_analytics(args: argparse.Namespace) -> int:
+    target = pathlib.Path(args.target).resolve()
+    snapshot = _analytics_snapshot(target)
+    if args.push:
+        payload = {
+            "type": "project_analytics",
+            "emitted_at": time.strftime("%Y-%m-%dT%H:%M:%S+00:00", time.gmtime()),
+            "source": {
+                "project_id": str((snapshot.get("project") or {}).get("project_id") or ""),
+                "project_name": str((snapshot.get("project") or {}).get("name") or target.name),
+                "stack": str((snapshot.get("project") or {}).get("stack") or "unknown"),
+                "binding_status": str((snapshot.get("project") or {}).get("binding_status") or "unknown"),
+            },
+            "snapshot": snapshot,
+        }
+        snapshot["push_result"] = _push_insight_cloud_first(target, payload)
+    print(json.dumps(snapshot, ensure_ascii=False, indent=2))
+    return 0
+
+
+def _build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(prog="0dai project")
+    sub = parser.add_subparsers(dest="command", required=True)
+
+    shared = argparse.ArgumentParser(add_help=False)
+    shared.add_argument("--target", default=".")
+    shared.add_argument("--json", action="store_true")
+
+    p_status = sub.add_parser("status", parents=[shared], help="Show local project/account binding status")
+    p_status.set_defaults(func=cmd_status)
+
+    p_bind = sub.add_parser("bind", parents=[shared], help="Bind the current project to the authenticated account")
+    p_bind.add_argument("--source", default="manual")
+    p_bind.add_argument("--name", default=None, help="Update the bound project's human-readable display name")
+    p_bind.set_defaults(func=cmd_bind)
+
+    p_sync = sub.add_parser("sync", parents=[shared], help="Rebind or refresh the current project against the account registry")
+    p_sync.add_argument("--source", default="sync")
+    p_sync.add_argument("--name", default=None, help="Update the bound project's human-readable display name")
+    p_sync.set_defaults(func=cmd_bind)
+
+    p_auto = sub.add_parser("auto-bind", help=argparse.SUPPRESS)
+    p_auto.add_argument("--target", default=".")
+    p_auto.add_argument("--source", default="auto")
+    p_auto.set_defaults(func=cmd_auto_bind)
+
+    p_analytics = sub.add_parser("analytics", help="Emit a local pilot analytics snapshot for this project")
+    p_analytics.add_argument("--target", default=".")
+    p_analytics.add_argument("--push", action="store_true", help="Cloud-first push with local outbox fallback")
+    p_analytics.set_defaults(func=cmd_analytics)
+
+    return parser
+
+
+def main(argv: list[str] | None = None) -> int:
+    parser = _build_parser()
+    args = parser.parse_args(argv)
+    return int(args.func(args))
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())