@agentbridge1/cli 0.0.1

package/dist/errors.js

@@ -0,0 +1,276 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SafeCliError = void 0;
+exports.catalogCliError = catalogCliError;
+exports.formatCliError = formatCliError;
+exports.renderCliErrorView = renderCliErrorView;
+exports.exitCodeForCategory = exitCodeForCategory;
+exports.renderCliError = renderCliError;
+const http_1 = require("./http");
+const error_catalog_1 = require("./error-catalog");
+const redact_secrets_1 = require("./redact-secrets");
+class SafeCliError extends Error {
+    isSafeCliError = true;
+    code;
+    category;
+    why;
+    next;
+    suggestedPrompt;
+    constructor(input) {
+        if (typeof input === "string") {
+            super(input);
+            return;
+        }
+        super(input.what);
+        this.code = input.code;
+        this.category = input.category;
+        this.why = input.why;
+        this.next = input.next;
+        this.suggestedPrompt = input.suggestedPrompt;
+    }
+}
+exports.SafeCliError = SafeCliError;
+function defaultErrorView(message) {
+    const debugMode = process.env.AGENTBRIDGE_DEBUG_HTTP === "1" || process.env.AGENTBRIDGE_DEBUG === "1";
+    const catalog = (0, error_catalog_1.catalogEntryForCode)("UNKNOWN_RUNTIME_ERROR");
+    const sanitizedMessage = debugMode
+        ? message
+        : (catalog?.what ??
+            "The command could not be completed due to an unexpected local/runtime error.");
+    return {
+        title: catalog?.title ?? "Command failed.",
+        what: sanitizedMessage,
+        why: catalog?.why ??
+            "AgentBridge could not complete the request because the failure was not classified.",
+        next: catalog?.next ?? "Run `agentbridge doctor` and retry.",
+        code: catalog?.code ?? "UNKNOWN_RUNTIME_ERROR",
+        category: catalog?.category ?? "UNKNOWN_ERROR",
+    };
+}
+function parseErrorCode(body) {
+    if (!body)
+        return null;
+    try {
+        const parsed = JSON.parse(body);
+        if (typeof parsed.code === "string" && parsed.code.trim().length > 0) {
+            return (0, error_catalog_1.mapServerCodeToCatalog)(parsed.code);
+        }
+        if (typeof parsed.error === "string" && parsed.error.trim().length > 0) {
+            return (0, error_catalog_1.mapServerCodeToCatalog)(parsed.error);
+        }
+        if (parsed.error && typeof parsed.error === "object" && parsed.error !== null) {
+            const nested = parsed.error;
+            if (typeof nested.code === "string" && nested.code.trim().length > 0) {
+                return (0, error_catalog_1.mapServerCodeToCatalog)(nested.code);
+            }
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+function catalogCliError(code, overrides) {
+    const entry = (0, error_catalog_1.catalogEntryForCode)(code);
+    if (entry) {
+        return new SafeCliError({
+            code: entry.code,
+            category: entry.category,
+            what: overrides?.what ?? entry.what,
+            why: overrides?.why ?? entry.why,
+            next: overrides?.next ?? entry.next,
+        });
+    }
+    return new SafeCliError({
+        code,
+        what: overrides?.what ?? code,
+        why: overrides?.why ?? "AgentBridge could not complete the request.",
+        next: overrides?.next ?? "Run `agentbridge doctor` and retry.",
+    });
+}
+function viewFromCatalogOrFallback(code, fallback) {
+    const mapped = code ? (0, error_catalog_1.mapServerCodeToCatalog)(code) : null;
+    const entry = (0, error_catalog_1.catalogEntryForCode)(mapped ?? undefined);
+    if (!entry)
+        return fallback;
+    return {
+        title: entry.title,
+        what: entry.what,
+        why: entry.why,
+        next: entry.next,
+        code: entry.code,
+        category: entry.category,
+    };
+}
+function formatCliError(error) {
+    if (error instanceof SafeCliError) {
+        const entry = error.code ? (0, error_catalog_1.catalogEntryForCode)(error.code) : null;
+        return {
+            title: entry?.title ?? "Command failed.",
+            what: error.message,
+            why: error.why ??
+                entry?.why ??
+                "AgentBridge could not complete the request.",
+            next: error.next ??
+                entry?.next ??
+                "Follow the next actions listed above.",
+            code: error.code ?? entry?.code,
+            category: error.category ?? entry?.category,
+            suggestedPrompt: error.suggestedPrompt,
+        };
+    }
+    if (error instanceof http_1.CliMissingConfigError) {
+        const entry = (0, error_catalog_1.catalogEntryForCode)(error.code);
+        return {
+            title: entry?.title ?? "Command failed.",
+            what: entry?.what ?? error.message,
+            why: entry?.why ??
+                "AgentBridge cannot call the server without project credentials.",
+            next: entry?.next ?? "Run `agentbridge init` or set AGENTBRIDGE_API_KEY.",
+            code: error.code,
+            category: entry?.category ?? "CONFIG_ERROR",
+        };
+    }
+    if (error instanceof http_1.CliHttpError) {
+        const code = parseErrorCode(error.body);
+        if (error.status === 404) {
+            return viewFromCatalogOrFallback(code, {
+                title: "No active current session.",
+                what: "AgentBridge could not find the requested or current work session.",
+                why: "The local session pointer and server state are out of sync.",
+                next: "Run `agentbridge session list --active`.",
+                code: code ?? "WORK_CONTEXT_NO_CURRENT_SESSION",
+                category: "WORK_CONTEXT_ERROR",
+            });
+        }
+        if (error.status === 409) {
+            return viewFromCatalogOrFallback(code, {
+                title: "Request conflicted with current state.",
+                what: "AgentBridge rejected this action because the resource state changed or conflicts with policy.",
+                why: "Some state transitions are only allowed from specific lifecycle states.",
+                next: "Refresh context with `agentbridge status` and retry the appropriate command.",
+                code: code ?? "ACCEPTANCE_BLOCKED",
+                category: "ACCEPTANCE_ERROR",
+            });
+        }
+        if (error.status === 401 || error.status === 403) {
+            return viewFromCatalogOrFallback(code, {
+                title: "Authentication failed.",
+                what: "The API key was missing, invalid, or lacks project access.",
+                why: "AgentBridge cannot read or mutate project work state without valid credentials.",
+                next: "Confirm `.agentbridge/config.json` and rerun `agentbridge init` if needed.",
+                code: code ?? "PROJECT_ACCESS_UNAUTHORIZED",
+                category: "AUTH_ERROR",
+            });
+        }
+        if (error.status === 422) {
+            return viewFromCatalogOrFallback(code, {
+                title: "Request validation failed.",
+                what: "The command payload failed server-side validation.",
+                why: "Required fields or lifecycle preconditions were not satisfied.",
+                next: "Review command flags and rerun, or run `agentbridge doctor` for config checks.",
+                code: code ?? "CONFIG_INCOMPLETE",
+                category: "CONFIG_ERROR",
+            });
+        }
+        if (error.status >= 500) {
+            return viewFromCatalogOrFallback(code, {
+                title: "Server error.",
+                what: "The AgentBridge server failed while handling the request.",
+                why: "The action could not complete until the server recovers.",
+                next: "Retry shortly. If it persists, run `agentbridge doctor`.",
+                code: code ?? "SERVER_ERROR",
+                category: "SERVER_ERROR",
+            });
+        }
+        return viewFromCatalogOrFallback(code, {
+            title: `HTTP ${error.status} from AgentBridge.`,
+            what: "The server rejected or failed the request.",
+            why: "The server rejected or failed the request.",
+            next: "Run `agentbridge doctor` and retry.",
+            code: code ?? `HTTP_${error.status}`,
+            category: "SERVER_ERROR",
+        });
+    }
+    // Network errors: ECONNREFUSED, ETIMEDOUT, ENOTFOUND, ECONNRESET
+    if (error instanceof Error) {
+        const nodeCode = error.code;
+        if (nodeCode === "ECONNREFUSED" ||
+            nodeCode === "ETIMEDOUT" ||
+            nodeCode === "ENOTFOUND" ||
+            nodeCode === "ECONNRESET") {
+            return {
+                title: "Network error.",
+                what: "Cannot reach AgentBridge server. Is it running on the configured host?",
+                why: "The CLI could not establish a TCP connection to the server.",
+                next: "Check that the server is running and AGENTBRIDGE_BASE_URL is correct. Run `agentbridge doctor`.",
+                code: "NETWORK_UNREACHABLE",
+                category: "NETWORK_ERROR",
+            };
+        }
+        return defaultErrorView(error.message);
+    }
+    return defaultErrorView(String(error));
+}
+function renderCliErrorView(view) {
+    const whatHappened = (0, redact_secrets_1.redactSecrets)(`${view.title} ${view.what}`.trim());
+    const lines = [
+        `What happened: ${whatHappened}`,
+        `Why it matters: ${(0, redact_secrets_1.redactSecrets)(view.why)}`,
+        `Next action: ${(0, redact_secrets_1.redactSecrets)(view.next)}`,
+    ];
+    if (view.suggestedPrompt) {
+        lines.push("Suggested prompt to send back to agent:");
+        lines.push("```text");
+        lines.push((0, redact_secrets_1.redactSecrets)(view.suggestedPrompt));
+        lines.push("```");
+    }
+    if (view.code) {
+        lines.push(`Error code: ${view.code}`);
+    }
+    return lines.join("\n");
+}
+/**
+ * Standard consolidated exit codes:
+ *   0 — success
+ *   1 — blocking issue (proof, scope drift, work-context, acceptance, handoff)
+ *   2 — infrastructure error (network, server 5xx, unknown runtime)
+ *   3 — user input error (bad args, config, auth, identity, project access, memory)
+ */
+function exitCodeForCategory(category) {
+    switch (category) {
+        case "WORK_CONTEXT_ERROR":
+        case "PROOF_ERROR":
+        case "PROOF_STALE_ERROR":
+        case "SCOPE_DRIFT_ERROR":
+        case "ACCEPTANCE_ERROR":
+        case "HANDOFF_ERROR":
+            return 1;
+        case "CONFIG_ERROR":
+        case "AUTH_ERROR":
+        case "PROJECT_ACCESS_ERROR":
+        case "IDENTITY_ERROR":
+        case "MEMORY_ERROR":
+            return 3;
+        case "NETWORK_ERROR":
+        case "SERVER_ERROR":
+        case "START_ERROR":
+        case "WATCH_ERROR":
+        case "UNKNOWN_ERROR":
+        default:
+            return 2;
+    }
+}
+function renderCliError(error) {
+    if (error instanceof SafeCliError) {
+        const view = formatCliError(error);
+        if (error.message.includes("What happened:")) {
+            if (view.code && !error.message.includes("Error code:")) {
+                return `${error.message}\nError code: ${view.code}`;
+            }
+            return error.message;
+        }
+        return renderCliErrorView(view);
+    }
+    return renderCliErrorView(formatCliError(error));
+}

package/dist/file-fingerprints.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeFileFingerprints = computeFileFingerprints;
+const node_crypto_1 = require("node:crypto");
+const node_fs_1 = require("node:fs");
+const MAX_HASH_BYTES = 5 * 1024 * 1024;
+function normalizePath(path) {
+    return path.trim().replaceAll("\\", "/");
+}
+function sha256File(path) {
+    const stat = (0, node_fs_1.statSync)(path);
+    if (!stat.isFile())
+        return undefined;
+    if (stat.size > MAX_HASH_BYTES)
+        return undefined;
+    const content = (0, node_fs_1.readFileSync)(path);
+    return (0, node_crypto_1.createHash)("sha256").update(content).digest("hex");
+}
+function computeFileFingerprints(paths) {
+    const uniquePaths = [...new Set(paths.map(normalizePath).filter((path) => path.length > 0))].sort();
+    return uniquePaths.map((path) => {
+        try {
+            const stat = (0, node_fs_1.statSync)(path);
+            const fileType = stat.isFile()
+                ? "file"
+                : stat.isDirectory()
+                    ? "directory"
+                    : "other";
+            return {
+                path,
+                exists: true,
+                fileType,
+                size: stat.size,
+                mtimeMs: stat.mtimeMs,
+                sha256: fileType === "file" ? sha256File(path) : undefined,
+            };
+        }
+        catch {
+            return {
+                path,
+                exists: false,
+            };
+        }
+    });
+}

package/dist/gates.js

@@ -0,0 +1,200 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GITIGNORE_SESSION_LINE = exports.STATS_HISTORY_CAP = exports.DEFAULT_GATES = void 0;
+exports.computeFpRate = computeFpRate;
+exports.checkAdvancementEligibility = checkAdvancementEligibility;
+exports.applyRolloutGate = applyRolloutGate;
+exports.parseGatesFile = parseGatesFile;
+exports.readGatesFile = readGatesFile;
+exports.updateGateStats = updateGateStats;
+exports.appendStatsHistory = appendStatsHistory;
+exports.atomicWriteGatesJson = atomicWriteGatesJson;
+exports.mergeWriteGatesJson = mergeWriteGatesJson;
+exports.cleanupStaleTempFiles = cleanupStaleTempFiles;
+exports.ensureGitignoreSessionEntry = ensureGitignoreSessionEntry;
+exports.ensureGatesFile = ensureGatesFile;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+exports.DEFAULT_GATES = {
+    rollout_proof_too_weak: "warn_only",
+    rollout_proof_not_relevant: "warn_only",
+    rollout_impact_coverage_gap: "warn_only",
+};
+exports.STATS_HISTORY_CAP = 20;
+exports.GITIGNORE_SESSION_LINE = ".agentbridge/session.json";
+function computeFpRate(stats) {
+    if (stats.firings === 0)
+        return 0;
+    if (stats.fp_rate >= 0 && Number.isFinite(stats.fp_rate))
+        return stats.fp_rate;
+    return stats.likely_fp / stats.firings;
+}
+function checkAdvancementEligibility(stats, opts) {
+    const minFirings = opts?.minFirings ?? 10;
+    const maxFpRate = opts?.maxFpRate ?? 0.1;
+    if (stats.firings < minFirings) {
+        return { eligible: false, reason: `firings ${stats.firings} < ${minFirings}` };
+    }
+    const fpRate = computeFpRate(stats);
+    if (fpRate > maxFpRate) {
+        return { eligible: false, reason: `fp rate ${fpRate.toFixed(3)} > ${maxFpRate}` };
+    }
+    return { eligible: true };
+}
+function applyRolloutGate(input) {
+    const hasBlockers = input.blockingCodes.length > 0;
+    if (!hasBlockers) {
+        return { effectiveDecision: "accepted", warnings: [], blocked: false };
+    }
+    if (input.stage === "warn_only") {
+        return {
+            effectiveDecision: "accepted",
+            warnings: input.blockingCodes.map((c) => `[warn_only] ${c}`),
+            blocked: false,
+        };
+    }
+    if (input.stage === "soft_fail") {
+        if (input.overrideUsed) {
+            return {
+                effectiveDecision: "needs_proof",
+                warnings: input.blockingCodes.map((c) => `[soft_fail override] ${c}`),
+                blocked: false,
+            };
+        }
+        return {
+            effectiveDecision: "blocked",
+            warnings: input.blockingCodes.map((c) => `[soft_fail] ${c}`),
+            blocked: true,
+        };
+    }
+    return {
+        effectiveDecision: "blocked",
+        warnings: input.blockingCodes.map((c) => `[hard_fail] ${c}`),
+        blocked: true,
+    };
+}
+function parseGatesFile(raw) {
+    try {
+        const parsed = JSON.parse(raw);
+        return {
+            gates: {
+                ...exports.DEFAULT_GATES,
+                ...parsed,
+                rollout_impact_coverage_gap: parsed.rollout_impact_coverage_gap ?? parsed.impact_coverage ?? exports.DEFAULT_GATES.rollout_impact_coverage_gap,
+                rollout_proof_too_weak: parsed.rollout_proof_too_weak ?? parsed.obligation_set ?? exports.DEFAULT_GATES.rollout_proof_too_weak,
+                rollout_proof_not_relevant: parsed.rollout_proof_not_relevant ?? parsed.obligation_set ?? exports.DEFAULT_GATES.rollout_proof_not_relevant,
+            },
+        };
+    }
+    catch (err) {
+        return {
+            gates: { ...exports.DEFAULT_GATES },
+            parseError: err instanceof Error ? err.message : String(err),
+        };
+    }
+}
+function readGatesFile(filePath) {
+    if (!node_fs_1.default.existsSync(filePath)) {
+        return { gates: { ...exports.DEFAULT_GATES }, malformed: false };
+    }
+    const raw = node_fs_1.default.readFileSync(filePath, "utf8");
+    const { gates, parseError } = parseGatesFile(raw);
+    return { gates, parseError, malformed: Boolean(parseError) };
+}
+function updateGateStats(stats, event, nowIso) {
+    const base = stats ?? {
+        firings: 0,
+        overrides: 0,
+        likely_fp: 0,
+        likely_tp: 0,
+        fp_rate: 0,
+        window_started_at: nowIso,
+    };
+    const nextFirings = base.firings + (event.fired ? 1 : 0);
+    const nextFp = base.likely_fp + (event.falsePositive ? 1 : 0);
+    const nextTp = base.likely_tp + (event.fired && !event.falsePositive ? 1 : 0);
+    return {
+        ...base,
+        firings: nextFirings,
+        overrides: base.overrides + (event.override ? 1 : 0),
+        likely_fp: nextFp,
+        likely_tp: nextTp,
+        fp_rate: nextFirings === 0 ? 0 : nextFp / nextFirings,
+    };
+}
+function appendStatsHistory(history, outgoing, archivedAt) {
+    const next = [...(history ?? []), { ...outgoing, archived_at: archivedAt }];
+    if (next.length <= exports.STATS_HISTORY_CAP)
+        return next;
+    return next.slice(next.length - exports.STATS_HISTORY_CAP);
+}
+function atomicWriteGatesJson(filePath, gates) {
+    const dir = node_path_1.default.dirname(filePath);
+    node_fs_1.default.mkdirSync(dir, { recursive: true });
+    const tmp = node_path_1.default.join(dir, `gates.json.tmp.${process.pid}.${Date.now()}`);
+    node_fs_1.default.writeFileSync(tmp, `${JSON.stringify(gates, null, 2)}\n`, "utf8");
+    node_fs_1.default.renameSync(tmp, filePath);
+}
+function mergeWriteGatesJson(filePath, patch) {
+    const { gates: current } = readGatesFile(filePath);
+    const merged = { ...current, ...patch };
+    atomicWriteGatesJson(filePath, merged);
+    return merged;
+}
+function cleanupStaleTempFiles(dir, staleThresholdMs = 60_000) {
+    if (!node_fs_1.default.existsSync(dir))
+        return [];
+    const removed = [];
+    const now = Date.now();
+    for (const name of node_fs_1.default.readdirSync(dir)) {
+        if (!name.startsWith("gates.json.tmp."))
+            continue;
+        const full = node_path_1.default.join(dir, name);
+        const age = now - node_fs_1.default.statSync(full).mtimeMs;
+        if (age > staleThresholdMs) {
+            node_fs_1.default.unlinkSync(full);
+            removed.push(full);
+        }
+    }
+    return removed;
+}
+function ensureGitignoreSessionEntry(repoRoot) {
+    const gitignorePath = node_path_1.default.join(repoRoot, ".gitignore");
+    const existing = node_fs_1.default.existsSync(gitignorePath)
+        ? node_fs_1.default.readFileSync(gitignorePath, "utf8")
+        : "";
+    const lines = existing.split("\n");
+    const hasLine = lines.some((line) => line.trim() === exports.GITIGNORE_SESSION_LINE);
+    if (hasLine) {
+        return { changed: false, content: existing };
+    }
+    const suffix = existing.endsWith("\n") || existing.length === 0 ? "" : "\n";
+    const next = `${existing}${suffix}${exports.GITIGNORE_SESSION_LINE}\n`;
+    node_fs_1.default.writeFileSync(gitignorePath, next, "utf8");
+    return { changed: true, content: next };
+}
+function ensureGatesFile(repoRoot) {
+    const gatesPath = node_path_1.default.join(repoRoot, ".agentbridge", "gates.json");
+    const dir = node_path_1.default.dirname(gatesPath);
+    node_fs_1.default.mkdirSync(dir, { recursive: true });
+    if (!node_fs_1.default.existsSync(gatesPath)) {
+        atomicWriteGatesJson(gatesPath, { ...exports.DEFAULT_GATES });
+        return {
+            path: gatesPath,
+            created: true,
+            gates: { ...exports.DEFAULT_GATES },
+            malformed: false,
+        };
+    }
+    const parsed = readGatesFile(gatesPath);
+    return {
+        path: gatesPath,
+        created: false,
+        gates: parsed.gates,
+        malformed: parsed.malformed,
+        parseError: parsed.parseError,
+    };
+}