@ait-co/console-cli 0.1.28 → 0.1.29

package/dist/cli.mjs

@@ -8,7 +8,8 @@ import { unzipSync } from "fflate";
 import { checkbox, confirm, editor, input, password, select } from "@inquirer/prompts";
 import { imageSize } from "image-size";
 import { execFile, spawn } from "node:child_process";
-import { constants, createReadStream } from "node:fs";
+import { constants, createReadStream, existsSync } from "node:fs";
+import { createInterface } from "node:readline/promises";
 import { promisify } from "node:util";
 import { createHash } from "node:crypto";
 //#region src/api/http.ts
@@ -3601,7 +3602,7 @@ function serviceStatusFor(entry) {
 }
 const POLL_MIN_INTERVAL_SEC = 30;
 const POLL_MAX_INTERVAL_SEC = 3600;
-const statusCommand$1 = defineCommand({
+const statusCommand$2 = defineCommand({
 	meta: {
 		name: "status",
 		description: "Show the derived review state of a mini-app (under-review / rejected / approved)."
@@ -5702,7 +5703,7 @@ const appCommand = defineCommand({
 		}),
 		ls: lsCommand$4,
 		show: showCommand$2,
-		status: statusCommand$1,
+		status: statusCommand$2,
 		ratings: ratingsCommand,
 		reports: reportsCommand,
 		bundles: bundlesCommand,
@@ -9191,6 +9192,393 @@ const noticesCommand = defineCommand({
 	}
 });
 //#endregion
+//#region src/version.ts
+function resolveVersion() {
+	try {
+		const injected = globalThis.AITCC_VERSION;
+		if (typeof injected === "string" && injected.length > 0) return injected;
+	} catch {}
+	try {
+		return "0.1.29";
+	} catch {}
+	return "0.0.0-dev";
+}
+const VERSION = resolveVersion();
+//#endregion
+//#region src/telemetry/state.ts
+/**
+* Telemetry consent state + anon_id I/O for console-cli.
+*
+* Storage: ~/.config/aitcc/telemetry.json  (0600, XDG-aware via configDir())
+* Consistent with devtools' localStorage schema names where applicable.
+*/
+/** Current policy version. Bump whenever the privacy policy changes. */
+const CURRENT_POLICY_VERSION = "2026-05-12";
+function telemetryFilePath() {
+	return join(configDir(), "telemetry.json");
+}
+async function readStateFile() {
+	let raw;
+	try {
+		raw = await readFile(telemetryFilePath(), "utf8");
+	} catch {
+		return null;
+	}
+	let parsed;
+	try {
+		parsed = JSON.parse(raw);
+	} catch {
+		return null;
+	}
+	if (!parsed || typeof parsed !== "object") return null;
+	const obj = parsed;
+	if (obj.schemaVersion !== 1) return null;
+	if (obj.consent !== "granted" && obj.consent !== "denied" && obj.consent !== "undecided") return null;
+	if (typeof obj.policyVersion !== "string") return null;
+	return {
+		schemaVersion: 1,
+		consent: obj.consent,
+		policyVersion: obj.policyVersion,
+		...typeof obj.anonId === "string" ? { anonId: obj.anonId } : {}
+	};
+}
+async function writeStateFile(state) {
+	const path = telemetryFilePath();
+	await mkdir(dirname(path), {
+		recursive: true,
+		mode: 448
+	});
+	const tmp = `${path}.${process.pid}.${Date.now()}.tmp`;
+	try {
+		await writeFile(tmp, JSON.stringify(state, null, 2), { mode: 384 });
+		await rename(tmp, path);
+	} catch (err) {
+		await unlink(tmp).catch(() => {});
+		throw err;
+	}
+}
+/** Read the raw consent from disk. Returns 'undecided' if no file. */
+async function readConsentState() {
+	const s = await readStateFile();
+	if (!s) return "undecided";
+	return s.consent;
+}
+/**
+* Resolve effective consent with policy-version bump rule:
+*   - Previously 'granted' but on an old policy version → revert to 'undecided'
+*   - Previously 'denied' on any version → stay 'denied'
+*/
+async function resolveEffectiveConsent() {
+	const s = await readStateFile();
+	if (!s) return "undecided";
+	if (s.consent === "granted") {
+		if (s.policyVersion !== "2026-05-12") return "undecided";
+		return "granted";
+	}
+	return s.consent;
+}
+/**
+* Returns the stored anon_id, or generates + persists a new UUID v4.
+* Once generated it is never overwritten except after a successful deleteMyData call.
+*/
+async function getOrCreateAnonId() {
+	const s = await readStateFile();
+	if (s?.anonId) return s.anonId;
+	const id = crypto.randomUUID();
+	await writeStateFile({
+		...s ?? {
+			schemaVersion: 1,
+			consent: "undecided",
+			policyVersion: "2026-05-12"
+		},
+		anonId: id
+	});
+	return id;
+}
+async function acceptConsent() {
+	await writeStateFile({
+		schemaVersion: 1,
+		consent: "granted",
+		policyVersion: CURRENT_POLICY_VERSION,
+		anonId: (await readStateFile())?.anonId ?? crypto.randomUUID()
+	});
+}
+async function denyConsent() {
+	const s = await readStateFile();
+	await writeStateFile({
+		schemaVersion: 1,
+		consent: "denied",
+		policyVersion: CURRENT_POLICY_VERSION,
+		...s?.anonId ? { anonId: s.anonId } : {}
+	});
+}
+/**
+* Delete data: send DELETE /e?anon_id=... to the server (if we have an id),
+* then rotate local anon_id so subsequent events are unlinkable.
+*/
+async function deleteMyData(endpoint) {
+	const s = await readStateFile();
+	if (!s?.anonId) return false;
+	try {
+		if (!(await fetch(`${endpoint}/e?anon_id=${encodeURIComponent(s.anonId)}`, { method: "DELETE" })).ok) return false;
+		await writeStateFile({
+			...s,
+			anonId: crypto.randomUUID()
+		});
+		return true;
+	} catch {
+		return false;
+	}
+}
+//#endregion
+//#region src/telemetry/send.ts
+/**
+* Telemetry send — fire-and-forget with one retry.
+*
+* Rules:
+*   1. If consent ≠ "granted" — drop silently.
+*   2. POST event as JSON with 5 s timeout.
+*   3. On network error or non-2xx: retry ONCE after 2 s. On second failure: drop.
+*   4. Meta is capped at 256 bytes (JSON-serialized); oversized meta is dropped.
+*   5. All calls are non-blocking — caller never awaits send().
+*/
+/** Meta size cap per server contract (JSON bytes). */
+const META_BYTE_CAP = 256;
+function sanitizeMeta(meta) {
+	if (meta === void 0) return void 0;
+	const serialized = JSON.stringify(meta);
+	if (new TextEncoder().encode(serialized).byteLength > META_BYTE_CAP) return void 0;
+	return meta;
+}
+async function doFetch(endpoint, payload) {
+	const controller = new AbortController();
+	const timeoutId = setTimeout(() => controller.abort(), 5e3);
+	try {
+		return (await fetch(`${endpoint}/e`, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(payload),
+			signal: controller.signal
+		})).ok;
+	} catch {
+		return false;
+	} finally {
+		clearTimeout(timeoutId);
+	}
+}
+function delay(ms) {
+	return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/** Retry delay in ms — injectable for tests. */
+let RETRY_DELAY_MS = 2e3;
+/**
+* Send a telemetry event. Drops silently if consent is not 'granted'.
+* Returns a Promise but callers should NOT await it — fire-and-forget only.
+*/
+async function send(endpoint, event, version, meta) {
+	if (await readConsentState() !== "granted") return;
+	const sanitized = sanitizeMeta(meta);
+	const payload = {
+		source: "console-cli",
+		event,
+		anon_id: await getOrCreateAnonId(),
+		version,
+		ts: Date.now(),
+		...sanitized !== void 0 ? { meta: sanitized } : {}
+	};
+	if (await doFetch(endpoint, payload)) return;
+	await delay(RETRY_DELAY_MS);
+	await doFetch(endpoint, payload);
+}
+//#endregion
+//#region src/telemetry/index.ts
+/**
+* Telemetry client — internal to @ait-co/console-cli.
+*
+* Usage: import { trackInvocation, trackInstall } from './telemetry/index.js'
+*
+* Events are fire-and-forget (non-blocking). Consent is opt-in only.
+* First invocation on a TTY prompts the user; non-TTY (CI) defaults to deny.
+*
+* Endpoint override for staging: AITCC_TELEMETRY_ENV=staging
+* (or automatically when VERSION contains '-dev').
+*/
+function resolveEndpoint() {
+	if (process.env.AITCC_TELEMETRY_ENV === "staging") return "https://t-staging.aitc.dev";
+	if (VERSION.includes("-dev")) return "https://t-staging.aitc.dev";
+	return "https://t.aitc.dev";
+}
+const TELEMETRY_ENDPOINT = resolveEndpoint();
+/** Returns true if this is the very first run (telemetry.json does not exist). */
+function isFirstRun() {
+	return !existsSync(telemetryFilePath());
+}
+/**
+* Prompt for consent on TTY. Defaults to deny on any non-TTY or error.
+* Called once per install (no file yet) when stdin/stdout are both TTYs.
+*/
+async function promptConsent() {
+	if (!process.stdin.isTTY || !process.stdout.isTTY) {
+		await denyConsent();
+		return;
+	}
+	const rl = createInterface({
+		input: process.stdin,
+		output: process.stdout
+	});
+	try {
+		process.stderr.write([
+			"",
+			"aitcc 사용 개선을 위해 익명 사용 통계를 수집해도 될까요?",
+			"  · 개인 식별 정보 없음  · 랜덤 익명 ID만 사용  · 언제든 off 가능",
+			"  자세한 내용: https://docs.aitc.dev/privacy",
+			""
+		].join("\n"));
+		if ((await rl.question("보내도 될까요? [y/N] ")).trim().toLowerCase() === "y") await acceptConsent();
+		else await denyConsent();
+	} catch {
+		await denyConsent();
+	} finally {
+		rl.close();
+	}
+}
+/** True only on the first invocation after a fresh install. */
+async function isNewInstall() {
+	const markerPath = `${telemetryFilePath()}.install`;
+	if (existsSync(markerPath)) return false;
+	try {
+		await writeFile(markerPath, "1", { mode: 384 });
+		return true;
+	} catch {
+		return false;
+	}
+}
+/**
+* Called at CLI entry point with the resolved top-level command name.
+* Handles first-run consent prompt, install detection, and event send.
+* Fire-and-forget: do NOT await this.
+*/
+async function trackInvocation(command) {
+	try {
+		if (isFirstRun()) await promptConsent();
+		if (await resolveEffectiveConsent() !== "granted") return;
+		if (await isNewInstall()) send(TELEMETRY_ENDPOINT, "cli_install", VERSION, {
+			platform: process.platform,
+			arch: process.arch
+		});
+		send(TELEMETRY_ENDPOINT, "cli_invoked", VERSION, { command });
+	} catch {}
+}
+const telemetryCommand = defineCommand({
+	meta: {
+		name: "telemetry",
+		description: "Manage anonymous usage telemetry (opt-in)."
+	},
+	subCommands: {
+		status: defineCommand({
+			meta: {
+				name: "status",
+				description: "Show current telemetry consent state and anon_id."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				const consent = await resolveEffectiveConsent();
+				const anonId = consent === "granted" ? await getOrCreateAnonId() : null;
+				const filePath = telemetryFilePath();
+				if (args.json) {
+					process.stdout.write(`${JSON.stringify({
+						ok: true,
+						consent,
+						policyVersion: CURRENT_POLICY_VERSION,
+						endpoint: TELEMETRY_ENDPOINT,
+						...anonId ? { anonId } : {},
+						filePath
+					})}\n`);
+					return exitAfterFlush(ExitCode.Ok);
+				}
+				process.stdout.write(`Telemetry: ${consent}\n`);
+				process.stdout.write(`Policy version: ${CURRENT_POLICY_VERSION}\n`);
+				process.stdout.write(`Endpoint: ${TELEMETRY_ENDPOINT}\n`);
+				if (anonId) process.stdout.write(`Anon ID: ${anonId}\n`);
+				process.stdout.write(`State file: ${filePath}\n`);
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		enable: defineCommand({
+			meta: {
+				name: "enable",
+				description: "Enable anonymous usage telemetry (opt-in)."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				await acceptConsent();
+				const anonId = await getOrCreateAnonId();
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok: true,
+					consent: "granted",
+					anonId
+				})}\n`);
+				else {
+					process.stdout.write("Telemetry enabled. Thank you!\n");
+					process.stdout.write(`Anon ID: ${anonId}\n`);
+				}
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		disable: defineCommand({
+			meta: {
+				name: "disable",
+				description: "Disable anonymous usage telemetry."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				await denyConsent();
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok: true,
+					consent: "denied"
+				})}\n`);
+				else process.stdout.write("Telemetry disabled.\n");
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		delete: defineCommand({
+			meta: {
+				name: "delete",
+				description: "Delete your telemetry data from the server and rotate the local anon_id."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				const beforeConsent = await readConsentState();
+				const ok = await deleteMyData(TELEMETRY_ENDPOINT);
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok,
+					...ok ? {} : { reason: beforeConsent === "undecided" ? "no-data" : "server-error" }
+				})}\n`);
+				else if (ok) process.stdout.write("Deletion request sent. Your data has been removed and a new anon ID assigned.\n");
+				else if (beforeConsent === "undecided") process.stdout.write("No telemetry data to delete (telemetry was never enabled).\n");
+				else process.stderr.write("Deletion request failed. Please try again or contact the maintainers.\n");
+				return exitAfterFlush(ok || beforeConsent === "undecided" ? ExitCode.Ok : ExitCode.NetworkError);
+			}
+		})
+	}
+});
+//#endregion
 //#region src/github.ts
 const REPO_OWNER = "apps-in-toss-community";
 const REPO_NAME = "console-cli";
@@ -9324,19 +9712,6 @@ function sha256OfFile(path) {
 	});
 }
 //#endregion
-//#region src/version.ts
-function resolveVersion() {
-	try {
-		const injected = globalThis.AITCC_VERSION;
-		if (typeof injected === "string" && injected.length > 0) return injected;
-	} catch {}
-	try {
-		return "0.1.28";
-	} catch {}
-	return "0.0.0-dev";
-}
-const VERSION = resolveVersion();
-//#endregion
 //#region src/commands/upgrade.ts
 const execFileP = promisify(execFile);
 function isStandaloneBinary() {
@@ -10484,10 +10859,12 @@ const main = defineCommand({
 		keys: keysCommand,
 		notices: noticesCommand,
 		me: meCommand,
+		telemetry: telemetryCommand,
 		completion: completionCommand
 	}
 });
 cleanupStaleUpgradeArtifacts().catch(() => {});
+trackInvocation(process.argv.slice(2).find((a) => !a.startsWith("-")) ?? "(none)");
 runMain(main);
 //#endregion
 export {};