@ait-co/console-cli 0.1.28 → 0.1.30

package/dist/cli.mjs

@@ -8,7 +8,8 @@ import { unzipSync } from "fflate";
 import { checkbox, confirm, editor, input, password, select } from "@inquirer/prompts";
 import { imageSize } from "image-size";
 import { execFile, spawn } from "node:child_process";
-import { constants, createReadStream } from "node:fs";
+import { constants, createReadStream, existsSync } from "node:fs";
+import { createInterface } from "node:readline/promises";
 import { promisify } from "node:util";
 import { createHash } from "node:crypto";
 //#region src/api/http.ts
@@ -3601,7 +3602,7 @@ function serviceStatusFor(entry) {
 }
 const POLL_MIN_INTERVAL_SEC = 30;
 const POLL_MAX_INTERVAL_SEC = 3600;
-const statusCommand$1 = defineCommand({
+const statusCommand$2 = defineCommand({
 	meta: {
 		name: "status",
 		description: "Show the derived review state of a mini-app (under-review / rejected / approved)."
@@ -5702,7 +5703,7 @@ const appCommand = defineCommand({
 		}),
 		ls: lsCommand$4,
 		show: showCommand$2,
-		status: statusCommand$1,
+		status: statusCommand$2,
 		ratings: ratingsCommand,
 		reports: reportsCommand,
 		bundles: bundlesCommand,
@@ -9191,6 +9192,557 @@ const noticesCommand = defineCommand({
 	}
 });
 //#endregion
+//#region src/version.ts
+function resolveVersion() {
+	try {
+		const injected = globalThis.AITCC_VERSION;
+		if (typeof injected === "string" && injected.length > 0) return injected;
+	} catch {}
+	try {
+		return "0.1.30";
+	} catch {}
+	return "0.0.0-dev";
+}
+const VERSION = resolveVersion();
+//#endregion
+//#region src/telemetry/state.ts
+/**
+* Telemetry consent state + anon_id I/O for console-cli.
+*
+* Storage: ~/.config/aitcc/telemetry.json  (0600, XDG-aware via configDir())
+* Consistent with devtools' localStorage schema names where applicable.
+*/
+/** Current policy version. Bump whenever the privacy policy changes. */
+const CURRENT_POLICY_VERSION = "2026-05-18";
+function telemetryFilePath() {
+	return join(configDir(), "telemetry.json");
+}
+async function readStateFile() {
+	let raw;
+	try {
+		raw = await readFile(telemetryFilePath(), "utf8");
+	} catch {
+		return null;
+	}
+	let parsed;
+	try {
+		parsed = JSON.parse(raw);
+	} catch {
+		return null;
+	}
+	if (!parsed || typeof parsed !== "object") return null;
+	const obj = parsed;
+	if (obj.schemaVersion !== 1) return null;
+	if (obj.consent !== "granted" && obj.consent !== "denied" && obj.consent !== "undecided") return null;
+	if (typeof obj.policyVersion !== "string") return null;
+	return {
+		schemaVersion: 1,
+		consent: obj.consent,
+		policyVersion: obj.policyVersion,
+		...typeof obj.anonId === "string" ? { anonId: obj.anonId } : {},
+		...typeof obj.tier0LastSent === "string" ? { tier0LastSent: obj.tier0LastSent } : {},
+		...obj.tier0OptOut === true ? { tier0OptOut: true } : {}
+	};
+}
+async function writeStateFile(state) {
+	const path = telemetryFilePath();
+	await mkdir(dirname(path), {
+		recursive: true,
+		mode: 448
+	});
+	const tmp = `${path}.${process.pid}.${Date.now()}.tmp`;
+	try {
+		await writeFile(tmp, JSON.stringify(state, null, 2), { mode: 384 });
+		await rename(tmp, path);
+	} catch (err) {
+		await unlink(tmp).catch(() => {});
+		throw err;
+	}
+}
+/** Read the raw consent from disk. Returns 'undecided' if no file. */
+async function readConsentState() {
+	const s = await readStateFile();
+	if (!s) return "undecided";
+	return s.consent;
+}
+/**
+* Resolve effective consent with policy-version bump rule:
+*   - Previously 'granted' but on an old policy version → revert to 'undecided'
+*   - Previously 'denied' on any version → stay 'denied'
+*/
+async function resolveEffectiveConsent() {
+	const s = await readStateFile();
+	if (!s) return "undecided";
+	if (s.consent === "granted") {
+		if (s.policyVersion !== "2026-05-18") return "undecided";
+		return "granted";
+	}
+	return s.consent;
+}
+/**
+* Returns the stored anon_id, or generates + persists a new UUID v4.
+* Once generated it is never overwritten except after a successful deleteMyData call.
+*/
+async function getOrCreateAnonId() {
+	const s = await readStateFile();
+	if (s?.anonId) return s.anonId;
+	const id = crypto.randomUUID();
+	await writeStateFile({
+		...s ?? {
+			schemaVersion: 1,
+			consent: "undecided",
+			policyVersion: "2026-05-18"
+		},
+		anonId: id
+	});
+	return id;
+}
+async function acceptConsent() {
+	await writeStateFile({
+		schemaVersion: 1,
+		consent: "granted",
+		policyVersion: CURRENT_POLICY_VERSION,
+		anonId: (await readStateFile())?.anonId ?? crypto.randomUUID()
+	});
+}
+async function denyConsent() {
+	const s = await readStateFile();
+	await writeStateFile({
+		schemaVersion: 1,
+		consent: "denied",
+		policyVersion: CURRENT_POLICY_VERSION,
+		...s?.anonId ? { anonId: s.anonId } : {}
+	});
+}
+/** Returns true if Tier 0 pings are permanently opted out. */
+async function isTier0OptedOut() {
+	return (await readStateFile())?.tier0OptOut === true;
+}
+/** Permanently opt out of Tier 0 pings (sets tier0OptOut: true). */
+async function setTier0OptOut(optOut) {
+	const current = await readStateFile() ?? {
+		schemaVersion: 1,
+		consent: "undecided",
+		policyVersion: "2026-05-18"
+	};
+	if (optOut) await writeStateFile({
+		...current,
+		tier0OptOut: true
+	});
+	else {
+		const { tier0OptOut: _removed, ...rest } = current;
+		await writeStateFile(rest);
+	}
+}
+/**
+* Returns the ISO date (YYYY-MM-DD) of the last sent Tier 0 ping, or null.
+*/
+async function getTier0LastSent() {
+	return (await readStateFile())?.tier0LastSent ?? null;
+}
+/**
+* Record that a Tier 0 ping was sent today (ISO date marker).
+*/
+async function markTier0Sent(date) {
+	await writeStateFile({
+		...await readStateFile() ?? {
+			schemaVersion: 1,
+			consent: "undecided",
+			policyVersion: "2026-05-18"
+		},
+		tier0LastSent: date
+	});
+}
+/**
+* Delete data: send DELETE /e?anon_id=... to the server (if we have an id),
+* then rotate local anon_id so subsequent events are unlinkable.
+*/
+async function deleteMyData(endpoint) {
+	const s = await readStateFile();
+	if (!s?.anonId) return false;
+	try {
+		if (!(await fetch(`${endpoint}/e?anon_id=${encodeURIComponent(s.anonId)}`, { method: "DELETE" })).ok) return false;
+		await writeStateFile({
+			...s,
+			anonId: crypto.randomUUID()
+		});
+		return true;
+	} catch {
+		return false;
+	}
+}
+//#endregion
+//#region src/telemetry/send.ts
+/**
+* Telemetry send — fire-and-forget with one retry.
+*
+* Tier 0 rules:
+*   1. No consent check — fires regardless of opt-in state (unless opted out via tier0OptOut).
+*   2. No anon_id — server generates a daily hash.
+*   3. 5 s timeout, no retry. Drops silently on any failure.
+*
+* Tier 1 rules:
+*   1. If consent ≠ "granted" — drop silently.
+*   2. POST event as JSON with 5 s timeout.
+*   3. On network error or non-2xx: retry ONCE after 2 s. On second failure: drop.
+*   4. Meta is capped at 256 bytes (JSON-serialized); oversized meta is dropped.
+*   5. All calls are non-blocking — caller never awaits send().
+*/
+/** Meta size cap per server contract (JSON bytes). */
+const META_BYTE_CAP = 256;
+function sanitizeMeta(meta) {
+	if (meta === void 0) return void 0;
+	const serialized = JSON.stringify(meta);
+	if (new TextEncoder().encode(serialized).byteLength > META_BYTE_CAP) return void 0;
+	return meta;
+}
+async function doFetch(endpoint, payload) {
+	const controller = new AbortController();
+	const timeoutId = setTimeout(() => controller.abort(), 5e3);
+	try {
+		return (await fetch(`${endpoint}/e`, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(payload),
+			signal: controller.signal
+		})).ok;
+	} catch {
+		return false;
+	} finally {
+		clearTimeout(timeoutId);
+	}
+}
+function delay(ms) {
+	return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/** Retry delay in ms — injectable for tests. */
+let RETRY_DELAY_MS = 2e3;
+/**
+* Send a Tier 1 telemetry event. Drops silently if consent is not 'granted'.
+* Returns a Promise but callers should NOT await it — fire-and-forget only.
+*/
+async function send(endpoint, event, version, meta) {
+	if (await readConsentState() !== "granted") return;
+	const sanitized = sanitizeMeta(meta);
+	const payload = {
+		tier: 1,
+		source: "console-cli",
+		event,
+		anon_id: await getOrCreateAnonId(),
+		version,
+		ts: Date.now(),
+		...sanitized !== void 0 ? { meta: sanitized } : {}
+	};
+	if (await doFetch(endpoint, payload)) return;
+	await delay(RETRY_DELAY_MS);
+	await doFetch(endpoint, payload);
+}
+/**
+* Send a Tier 0 anonymous daily ping.
+* - No anon_id (server generates a daily hash from IP+UA).
+* - No retry. 5 s timeout. Fire-and-forget.
+* - Callers should NOT await this.
+*/
+async function sendTier0Ping(endpoint, version) {
+	const payload = {
+		tier: 0,
+		source: "console-cli",
+		version,
+		platform: process.platform
+	};
+	const controller = new AbortController();
+	const timeoutId = setTimeout(() => controller.abort(), 5e3);
+	try {
+		await fetch(`${endpoint}/e`, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(payload),
+			signal: controller.signal
+		});
+	} catch {} finally {
+		clearTimeout(timeoutId);
+	}
+}
+//#endregion
+//#region src/telemetry/index.ts
+/**
+* Telemetry client — internal to @ait-co/console-cli.
+*
+* Usage: import { trackInvocation, trackTier0Ping } from './telemetry/index.js'
+*
+* Tier 0 (opt-out): anonymous daily ping. Fires on every invocation; client-side
+*   daily dedupe via tier0LastSent. Respects AITC_TELEMETRY=off, --no-telemetry,
+*   and permanent tier0OptOut flag.
+*
+* Tier 1 (opt-in): detailed events. First invocation on a TTY prompts the user;
+*   non-TTY (CI) defaults to deny.
+*
+* Endpoint override for staging: AITCC_TELEMETRY_ENV=staging
+* (or automatically when VERSION contains '-dev').
+*/
+function resolveEndpoint() {
+	if (process.env.AITCC_TELEMETRY_ENV === "staging") return "https://t-staging.aitc.dev";
+	if (VERSION.includes("-dev")) return "https://t-staging.aitc.dev";
+	return "https://t.aitc.dev";
+}
+const TELEMETRY_ENDPOINT = resolveEndpoint();
+/** Returns true if this is the very first run (telemetry.json does not exist). */
+function isFirstRun() {
+	return !existsSync(telemetryFilePath());
+}
+/**
+* Prompt for consent on TTY. Defaults to deny on any non-TTY or error.
+* Called once per install (no file yet) when stdin/stdout are both TTYs.
+*/
+async function promptConsent() {
+	if (!process.stdin.isTTY || !process.stdout.isTTY) {
+		await denyConsent();
+		return;
+	}
+	const rl = createInterface({
+		input: process.stdin,
+		output: process.stdout
+	});
+	try {
+		process.stderr.write([
+			"",
+			"aitcc 사용 개선을 위해 익명 사용 통계를 수집해도 될까요?",
+			"  · 개인 식별 정보 없음  · 랜덤 익명 ID만 사용  · 언제든 off 가능",
+			"  자세한 내용: https://docs.aitc.dev/privacy",
+			""
+		].join("\n"));
+		if ((await rl.question("보내도 될까요? [y/N] ")).trim().toLowerCase() === "y") await acceptConsent();
+		else await denyConsent();
+	} catch {
+		await denyConsent();
+	} finally {
+		rl.close();
+	}
+}
+/**
+* Check whether telemetry is globally disabled via environment or CLI flag.
+* Accepts the parsed --no-telemetry flag value from argv.
+*/
+function isTelemetryGloballyDisabled(noTelemetryFlag) {
+	if (noTelemetryFlag) return true;
+	const env = process.env.AITC_TELEMETRY;
+	if (env !== void 0 && env.toLowerCase() === "off") return true;
+	return false;
+}
+/**
+* Send a Tier 0 anonymous daily ping (fire-and-forget).
+*
+* Skips if:
+*   - AITC_TELEMETRY=off or --no-telemetry flag
+*   - tier0OptOut === true in the state file
+*   - already sent today (tier0LastSent === today's ISO date)
+*
+* On success, records today's date in tier0LastSent for client-side daily dedupe.
+* The server also deduplicates server-side via KV, so this is an extra client guard.
+*/
+async function trackTier0Ping(noTelemetryFlag = false) {
+	try {
+		if (isTelemetryGloballyDisabled(noTelemetryFlag)) return;
+		if (await isTier0OptedOut()) return;
+		const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+		if (await getTier0LastSent() === today) return;
+		sendTier0Ping(TELEMETRY_ENDPOINT, VERSION);
+		await markTier0Sent(today);
+	} catch {}
+}
+/** True only on the first invocation after a fresh install. */
+async function isNewInstall() {
+	const markerPath = `${telemetryFilePath()}.install`;
+	if (existsSync(markerPath)) return false;
+	try {
+		await writeFile(markerPath, "1", { mode: 384 });
+		return true;
+	} catch {
+		return false;
+	}
+}
+/**
+* Called at CLI entry point with the resolved top-level command name.
+* Handles first-run Tier 1 consent prompt, install detection, and Tier 1 event send.
+* Fire-and-forget: do NOT await this.
+*
+* Note: Tier 0 ping is sent separately via trackTier0Ping() before this call.
+*/
+async function trackInvocation(command, noTelemetryFlag = false) {
+	try {
+		if (isTelemetryGloballyDisabled(noTelemetryFlag)) return;
+		if (isFirstRun()) await promptConsent();
+		if (await resolveEffectiveConsent() !== "granted") return;
+		if (await isNewInstall()) send(TELEMETRY_ENDPOINT, "cli_install", VERSION, {
+			platform: process.platform,
+			arch: process.arch
+		});
+		send(TELEMETRY_ENDPOINT, "cli_invoked", VERSION, { command });
+	} catch {}
+}
+const telemetryCommand = defineCommand({
+	meta: {
+		name: "telemetry",
+		description: "Manage anonymous usage telemetry."
+	},
+	subCommands: {
+		status: defineCommand({
+			meta: {
+				name: "status",
+				description: "Show current telemetry status for both Tier 0 and Tier 1."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				const [tier1Consent, tier0OptOut, tier0LastSent, anonId] = await Promise.all([
+					resolveEffectiveConsent(),
+					isTier0OptedOut(),
+					getTier0LastSent(),
+					resolveEffectiveConsent().then((c) => c === "granted" ? getOrCreateAnonId() : null)
+				]);
+				const filePath = telemetryFilePath();
+				const tier0Status = tier0OptOut ? "off (opted out)" : "on";
+				const tier0Display = tier0LastSent ? `${tier0Status}  (last sent: ${tier0LastSent})` : tier0Status;
+				if (args.json) {
+					process.stdout.write(`${JSON.stringify({
+						ok: true,
+						tier0: {
+							status: tier0OptOut ? "opted-out" : "on",
+							lastSent: tier0LastSent ?? null
+						},
+						tier1: {
+							consent: tier1Consent,
+							policyVersion: CURRENT_POLICY_VERSION,
+							...anonId ? { anonId } : {}
+						},
+						endpoint: TELEMETRY_ENDPOINT,
+						filePath
+					})}\n`);
+					return exitAfterFlush(ExitCode.Ok);
+				}
+				process.stdout.write("Telemetry status\n");
+				process.stdout.write(`  Tier 0 (anonymous daily ping): ${tier0Display}\n`);
+				process.stdout.write(`  Tier 1 (opt-in events):        ${tier1Consent}  (policyVersion: ${CURRENT_POLICY_VERSION})\n`);
+				process.stdout.write(`\nEndpoint:   ${TELEMETRY_ENDPOINT}\n`);
+				if (anonId) process.stdout.write(`Anon ID:    ${anonId}\n`);
+				process.stdout.write(`State file: ${filePath}\n`);
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		enable: defineCommand({
+			meta: {
+				name: "enable",
+				description: "Enable anonymous usage telemetry (opt-in)."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				await acceptConsent();
+				const anonId = await getOrCreateAnonId();
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok: true,
+					consent: "granted",
+					anonId
+				})}\n`);
+				else {
+					process.stdout.write("Telemetry enabled. Thank you!\n");
+					process.stdout.write(`Anon ID: ${anonId}\n`);
+				}
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		disable: defineCommand({
+			meta: {
+				name: "disable",
+				description: "Disable anonymous usage telemetry."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				await denyConsent();
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok: true,
+					consent: "denied"
+				})}\n`);
+				else process.stdout.write("Telemetry disabled.\n");
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		delete: defineCommand({
+			meta: {
+				name: "delete",
+				description: "Delete your telemetry data from the server and rotate the local anon_id."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				const beforeConsent = await readConsentState();
+				const ok = await deleteMyData(TELEMETRY_ENDPOINT);
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok,
+					...ok ? {} : { reason: beforeConsent === "undecided" ? "no-data" : "server-error" }
+				})}\n`);
+				else if (ok) process.stdout.write("Deletion request sent. Your data has been removed and a new anon ID assigned.\n");
+				else if (beforeConsent === "undecided") process.stdout.write("No telemetry data to delete (telemetry was never enabled).\n");
+				else process.stderr.write("Deletion request failed. Please try again or contact the maintainers.\n");
+				return exitAfterFlush(ok || beforeConsent === "undecided" ? ExitCode.Ok : ExitCode.NetworkError);
+			}
+		}),
+		"tier0-off": defineCommand({
+			meta: {
+				name: "tier0-off",
+				description: "Permanently opt out of the Tier 0 anonymous daily ping."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				await setTier0OptOut(true);
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok: true,
+					tier0: { status: "opted-out" }
+				})}\n`);
+				else process.stdout.write("Tier 0 anonymous ping disabled. No daily pings will be sent.\n");
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		"tier0-on": defineCommand({
+			meta: {
+				name: "tier0-on",
+				description: "Re-enable the Tier 0 anonymous daily ping after a previous tier0-off."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				await setTier0OptOut(false);
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok: true,
+					tier0: { status: "on" }
+				})}\n`);
+				else process.stdout.write("Tier 0 anonymous ping re-enabled.\n");
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		})
+	}
+});
+//#endregion
 //#region src/github.ts
 const REPO_OWNER = "apps-in-toss-community";
 const REPO_NAME = "console-cli";
@@ -9324,19 +9876,6 @@ function sha256OfFile(path) {
 	});
 }
 //#endregion
-//#region src/version.ts
-function resolveVersion() {
-	try {
-		const injected = globalThis.AITCC_VERSION;
-		if (typeof injected === "string" && injected.length > 0) return injected;
-	} catch {}
-	try {
-		return "0.1.28";
-	} catch {}
-	return "0.0.0-dev";
-}
-const VERSION = resolveVersion();
-//#endregion
 //#region src/commands/upgrade.ts
 const execFileP = promisify(execFile);
 function isStandaloneBinary() {
@@ -10484,10 +11023,15 @@ const main = defineCommand({
 		keys: keysCommand,
 		notices: noticesCommand,
 		me: meCommand,
+		telemetry: telemetryCommand,
 		completion: completionCommand
 	}
 });
 cleanupStaleUpgradeArtifacts().catch(() => {});
+const _telemetryCmd = process.argv.slice(2).find((a) => !a.startsWith("-")) ?? "(none)";
+const _noTelemetry = process.argv.includes("--no-telemetry");
+trackTier0Ping(_noTelemetry);
+trackInvocation(_telemetryCmd, _noTelemetry);
 runMain(main);
 //#endregion
 export {};