@askexenow/exe-os 0.8.1 → 0.8.3

package/dist/lib/cloud-sync.js

@@ -1,500 +0,0 @@
-// src/lib/database.ts
-import { createClient } from "@libsql/client";
-var _client = null;
-function getClient() {
-  if (!_client) {
-    throw new Error("Database client not initialized. Call initDatabase() first.");
-  }
-  return _client;
-}
-
-// src/lib/crypto.ts
-import crypto from "crypto";
-var ALGORITHM = "aes-256-gcm";
-var IV_LENGTH = 12;
-var TAG_LENGTH = 16;
-var _syncKey = null;
-function requireSyncKey() {
-  if (!_syncKey) {
-    throw new Error("Sync crypto not initialized. Call initSyncCrypto(masterKey) first.");
-  }
-  return _syncKey;
-}
-function encryptSyncBlob(data) {
-  const key = requireSyncKey();
-  const iv = crypto.randomBytes(IV_LENGTH);
-  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
-  const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
-  const tag = cipher.getAuthTag();
-  return Buffer.concat([iv, encrypted, tag]).toString("base64");
-}
-function decryptSyncBlob(ciphertext) {
-  const key = requireSyncKey();
-  const combined = Buffer.from(ciphertext, "base64");
-  if (combined.length < IV_LENGTH + TAG_LENGTH) {
-    throw new Error("Sync blob too short to contain IV + tag");
-  }
-  const iv = combined.subarray(0, IV_LENGTH);
-  const tag = combined.subarray(combined.length - TAG_LENGTH);
-  const encrypted = combined.subarray(IV_LENGTH, combined.length - TAG_LENGTH);
-  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
-  decipher.setAuthTag(tag);
-  return Buffer.concat([decipher.update(encrypted), decipher.final()]);
-}
-
-// src/lib/compress.ts
-import { brotliCompressSync, brotliDecompressSync, constants } from "zlib";
-function compress(input) {
-  if (input.length === 0) return Buffer.alloc(0);
-  return brotliCompressSync(input, {
-    params: {
-      [constants.BROTLI_PARAM_QUALITY]: 4
-    }
-  });
-}
-function decompress(input) {
-  if (input.length === 0) return Buffer.alloc(0);
-  return brotliDecompressSync(input);
-}
-
-// src/lib/plan-limits.ts
-import { readFileSync as readFileSync3, existsSync as existsSync4 } from "fs";
-import path4 from "path";
-
-// src/lib/employees.ts
-import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
-import { existsSync as existsSync2, symlinkSync, readlinkSync } from "fs";
-import { execSync } from "child_process";
-import path2 from "path";
-
-// src/lib/config.ts
-import { readFile, writeFile, mkdir } from "fs/promises";
-import { readFileSync, existsSync, renameSync } from "fs";
-import path from "path";
-import os from "os";
-function resolveDataDir() {
-  if (process.env.EXE_OS_DIR) return process.env.EXE_OS_DIR;
-  if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
-  const newDir = path.join(os.homedir(), ".exe-os");
-  const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync(newDir) && existsSync(legacyDir)) {
-    try {
-      renameSync(legacyDir, newDir);
-      process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
-`);
-    } catch {
-      return legacyDir;
-    }
-  }
-  return newDir;
-}
-var EXE_AI_DIR = resolveDataDir();
-var DB_PATH = path.join(EXE_AI_DIR, "memories.db");
-var MODELS_DIR = path.join(EXE_AI_DIR, "models");
-var CONFIG_PATH = path.join(EXE_AI_DIR, "config.json");
-var LEGACY_LANCE_PATH = path.join(EXE_AI_DIR, "local.lance");
-var CURRENT_CONFIG_VERSION = 1;
-var DEFAULT_CONFIG = {
-  config_version: CURRENT_CONFIG_VERSION,
-  dbPath: DB_PATH,
-  modelFile: "jina-embeddings-v5-small-q4_k_m.gguf",
-  embeddingDim: 1024,
-  batchSize: 20,
-  flushIntervalMs: 1e4,
-  autoIngestion: true,
-  autoRetrieval: true,
-  searchMode: "hybrid",
-  hookSearchMode: "hybrid",
-  fileGrepEnabled: true,
-  splashEffect: true,
-  consolidationEnabled: true,
-  consolidationIntervalMs: 6 * 60 * 60 * 1e3,
-  consolidationModel: "claude-haiku-4-5-20251001",
-  consolidationMaxCallsPerRun: 20,
-  selfQueryRouter: true,
-  selfQueryModel: "claude-haiku-4-5-20251001",
-  rerankerEnabled: true,
-  scalingRoadmap: {
-    rerankerAutoTrigger: {
-      enabled: true,
-      broadQueryMinCardinality: 5e4,
-      fetchTopK: 150,
-      returnTopK: 5
-    }
-  },
-  graphRagEnabled: true,
-  wikiEnabled: false,
-  wikiUrl: "",
-  wikiApiKey: "",
-  wikiSyncIntervalMs: 30 * 60 * 1e3,
-  wikiWorkspaceMapping: {
-    exe: "Executive",
-    yoshi: "Engineering",
-    mari: "Marketing",
-    tom: "Engineering",
-    sasha: "Production"
-  },
-  wikiAutoUpdate: true,
-  wikiAutoUpdateThreshold: 0.5,
-  wikiAutoUpdateCreateNew: true,
-  skillLearning: true,
-  skillThreshold: 3,
-  skillModel: "claude-haiku-4-5-20251001",
-  exeHeartbeat: {
-    enabled: true,
-    intervalSeconds: 60,
-    staleInProgressThresholdHours: 2
-  },
-  sessionLifecycle: {
-    idleKillEnabled: true,
-    idleKillTicksRequired: 3,
-    idleKillIntercomAckWindowMs: 1e4,
-    maxAutoInstances: 10
-  },
-  autoUpdate: {
-    checkOnBoot: true,
-    autoInstall: false,
-    checkIntervalMs: 24 * 60 * 60 * 1e3
-  }
-};
-
-// src/lib/employees.ts
-var EMPLOYEES_PATH = path2.join(EXE_AI_DIR, "exe-employees.json");
-
-// src/lib/license.ts
-import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync3, mkdirSync } from "fs";
-import { randomUUID } from "crypto";
-import path3 from "path";
-import { jwtVerify, importSPKI } from "jose";
-var LICENSE_PATH = path3.join(EXE_AI_DIR, "license.key");
-var CACHE_PATH = path3.join(EXE_AI_DIR, "license-cache.json");
-var DEVICE_ID_PATH = path3.join(EXE_AI_DIR, "device-id");
-var API_BASE = "https://askexe.com/cloud";
-var LICENSE_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeHztAMOpR/ZMh+rWuOASjEZ54CGY
-4uj+UqeKCcvtgNHKmOK278HJaJcANe9xAeji8AFYu27q3WtzCi04pHudow==
------END PUBLIC KEY-----`;
-var LICENSE_JWT_ALG = "ES256";
-var PLAN_LIMITS = {
-  free: { devices: 1, employees: 1, memories: 5e3 },
-  pro: { devices: 2, employees: 5, memories: 1e5 },
-  team: { devices: 10, employees: 20, memories: 1e6 },
-  agency: { devices: 50, employees: 100, memories: 1e7 },
-  enterprise: { devices: -1, employees: -1, memories: -1 }
-};
-var FREE_LICENSE = {
-  valid: true,
-  plan: "free",
-  email: "",
-  expiresAt: null,
-  deviceLimit: 1,
-  employeeLimit: 1,
-  memoryLimit: 5e3
-};
-function loadDeviceId() {
-  const deviceJsonPath = path3.join(EXE_AI_DIR, "device.json");
-  try {
-    if (existsSync3(deviceJsonPath)) {
-      const data = JSON.parse(readFileSync2(deviceJsonPath, "utf8"));
-      if (data.deviceId) return data.deviceId;
-    }
-  } catch {
-  }
-  try {
-    if (existsSync3(DEVICE_ID_PATH)) {
-      const id2 = readFileSync2(DEVICE_ID_PATH, "utf8").trim();
-      if (id2) return id2;
-    }
-  } catch {
-  }
-  const id = randomUUID();
-  mkdirSync(EXE_AI_DIR, { recursive: true });
-  writeFileSync(DEVICE_ID_PATH, id, "utf8");
-  return id;
-}
-function loadLicense() {
-  try {
-    if (!existsSync3(LICENSE_PATH)) return null;
-    return readFileSync2(LICENSE_PATH, "utf8").trim();
-  } catch {
-    return null;
-  }
-}
-async function verifyLicenseJwt(token) {
-  try {
-    const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-    const { payload } = await jwtVerify(token, key, {
-      algorithms: [LICENSE_JWT_ALG]
-    });
-    const plan = payload.plan ?? "free";
-    const email = payload.sub ?? "";
-    const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan,
-      email,
-      expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  } catch {
-    return null;
-  }
-}
-async function getCachedLicense() {
-  try {
-    if (!existsSync3(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync2(CACHE_PATH, "utf8"));
-    if (!raw.token || typeof raw.token !== "string") return null;
-    return await verifyLicenseJwt(raw.token);
-  } catch {
-    return null;
-  }
-}
-function cacheResponse(token) {
-  try {
-    writeFileSync(CACHE_PATH, JSON.stringify({ token }), "utf8");
-  } catch {
-  }
-}
-async function validateLicense(apiKey, deviceId) {
-  const did = deviceId ?? loadDeviceId();
-  try {
-    const res = await fetch(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId: did }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      const data = await res.json();
-      if (data.error === "device_limit_exceeded") {
-        const cached2 = await getCachedLicense();
-        if (cached2) return cached2;
-        return { ...FREE_LICENSE, valid: false, plan: "free" };
-      }
-      if (data.token) {
-        cacheResponse(data.token);
-        const verified = await verifyLicenseJwt(data.token);
-        if (verified) return verified;
-      }
-      const limits = PLAN_LIMITS[data.plan] ?? PLAN_LIMITS.free;
-      return {
-        valid: data.valid,
-        plan: data.plan,
-        email: data.email,
-        expiresAt: data.expiresAt,
-        deviceLimit: limits.devices,
-        employeeLimit: limits.employees,
-        memoryLimit: limits.memories
-      };
-    }
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    return { ...FREE_LICENSE, valid: false, plan: "free" };
-  } catch {
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    return FREE_LICENSE;
-  }
-}
-async function checkLicense() {
-  const key = loadLicense();
-  if (!key) return FREE_LICENSE;
-  const cached = await getCachedLicense();
-  if (cached) return cached;
-  const deviceId = loadDeviceId();
-  return validateLicense(key, deviceId);
-}
-function isFeatureAllowed(license, feature) {
-  switch (feature) {
-    case "cloud_sync":
-    case "external_agents":
-    case "wiki":
-      return license.plan !== "free";
-    case "unlimited_employees":
-      return license.plan === "team" || license.plan === "agency" || license.plan === "enterprise";
-  }
-}
-
-// src/lib/plan-limits.ts
-var PlanLimitError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "PlanLimitError";
-  }
-};
-var CACHE_PATH2 = path4.join(EXE_AI_DIR, "license-cache.json");
-async function assertFeature(feature) {
-  const license = await checkLicense();
-  if (!isFeatureAllowed(license, feature)) {
-    throw new PlanLimitError(
-      `Feature "${feature}" requires a paid plan. Current plan: ${license.plan}. Upgrade at https://askexe.com.`
-    );
-  }
-}
-
-// src/lib/cloud-sync.ts
-var LOCALHOST_PATTERNS = /^(localhost|127\.0\.0\.1|\[::1\])$/i;
-function assertSecureEndpoint(endpoint) {
-  if (endpoint.startsWith("https://")) return;
-  if (endpoint.startsWith("http://")) {
-    try {
-      const parsed = new URL(endpoint);
-      if (LOCALHOST_PATTERNS.test(parsed.hostname)) return;
-    } catch {
-      return;
-    }
-    throw new Error(
-      `Insecure cloud endpoint rejected: "${endpoint}". Use https:// for remote hosts. Plain http:// is only allowed for localhost.`
-    );
-  }
-}
-async function cloudPush(records, maxVersion, config) {
-  if (records.length === 0) return true;
-  assertSecureEndpoint(config.endpoint);
-  try {
-    const json = JSON.stringify(records);
-    const compressed = compress(Buffer.from(json, "utf8"));
-    const blob = encryptSyncBlob(compressed);
-    const resp = await fetch(`${config.endpoint}/sync/push`, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${config.apiKey}`,
-        "Content-Type": "application/json",
-        "X-Device-Id": loadDeviceId()
-      },
-      body: JSON.stringify({ version: maxVersion, blob })
-    });
-    return resp.ok;
-  } catch (err) {
-    process.stderr.write(`[cloud-sync] PUSH FAILED: ${err instanceof Error ? err.message : String(err)}
-`);
-    return false;
-  }
-}
-async function cloudPull(sinceVersion, config) {
-  assertSecureEndpoint(config.endpoint);
-  try {
-    const response = await fetch(`${config.endpoint}/sync/pull`, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${config.apiKey}`,
-        "Content-Type": "application/json",
-        "X-Device-Id": loadDeviceId()
-      },
-      body: JSON.stringify({ since_version: sinceVersion })
-    });
-    if (!response.ok) return { records: [], maxVersion: sinceVersion };
-    const data = await response.json();
-    const allRecords = [];
-    for (const { blob } of data.blobs ?? []) {
-      try {
-        const compressed = decryptSyncBlob(blob);
-        const json = decompress(compressed).toString("utf8");
-        const records = JSON.parse(json);
-        allRecords.push(...records);
-      } catch {
-        continue;
-      }
-    }
-    return { records: allRecords, maxVersion: data.max_version ?? sinceVersion };
-  } catch (err) {
-    process.stderr.write(`[cloud-sync] PULL FAILED: ${err instanceof Error ? err.message : String(err)}
-`);
-    return { records: [], maxVersion: sinceVersion };
-  }
-}
-async function cloudSync(config) {
-  await assertFeature("cloud_sync");
-  let client;
-  try {
-    client = getClient();
-  } catch {
-    throw new Error("[cloud-sync] Database not initialized. Call initStore() before cloudSync().");
-  }
-  const pullMeta = await client.execute(
-    "SELECT value FROM sync_meta WHERE key = 'last_cloud_pull_version'"
-  );
-  const lastPullVersion = pullMeta.rows.length > 0 ? Number(pullMeta.rows[0].value) : 0;
-  const pullResult = await cloudPull(lastPullVersion, config);
-  let pulled = 0;
-  if (pullResult.records.length > 0) {
-    const stmts = pullResult.records.map((rec) => ({
-      sql: `INSERT OR REPLACE INTO memories
-            (id, agent_id, agent_role, session_id, timestamp,
-             tool_name, project_name, has_error, raw_text, version,
-             author_device_id, scope)
-            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
-      args: [
-        rec.id,
-        rec.agent_id,
-        rec.agent_role,
-        rec.session_id,
-        rec.timestamp,
-        rec.tool_name,
-        rec.project_name,
-        rec.has_error,
-        rec.raw_text,
-        rec.version,
-        rec.author_device_id ?? null,
-        rec.scope ?? "business"
-      ]
-    }));
-    await client.batch(stmts, "write");
-    pulled = pullResult.records.length;
-  }
-  if (pullResult.maxVersion > lastPullVersion) {
-    await client.execute({
-      sql: "INSERT OR REPLACE INTO sync_meta (key, value) VALUES ('last_cloud_pull_version', ?)",
-      args: [String(pullResult.maxVersion)]
-    });
-  }
-  const pushMeta = await client.execute(
-    "SELECT value FROM sync_meta WHERE key = 'last_cloud_push_version'"
-  );
-  const lastPushVersion = pushMeta.rows.length > 0 ? Number(pushMeta.rows[0].value) : 0;
-  const recordsResult = await client.execute({
-    sql: `SELECT id, agent_id, agent_role, session_id, timestamp,
-                 tool_name, project_name, has_error, raw_text, version,
-                 author_device_id, scope
-          FROM memories
-          WHERE version > ?
-            AND (scope IS NULL OR scope != 'personal')
-          ORDER BY version ASC`,
-    args: [lastPushVersion]
-  });
-  let pushed = 0;
-  if (recordsResult.rows.length > 0) {
-    const records = recordsResult.rows.map((row) => ({
-      id: row.id,
-      agent_id: row.agent_id,
-      agent_role: row.agent_role,
-      session_id: row.session_id,
-      timestamp: row.timestamp,
-      tool_name: row.tool_name,
-      project_name: row.project_name,
-      has_error: row.has_error,
-      raw_text: row.raw_text,
-      version: row.version,
-      author_device_id: row.author_device_id,
-      scope: row.scope
-    }));
-    const maxVersion = Number(records[records.length - 1].version);
-    const pushOk = await cloudPush(records, maxVersion, config);
-    if (pushOk) {
-      await client.execute({
-        sql: "INSERT OR REPLACE INTO sync_meta (key, value) VALUES ('last_cloud_push_version', ?)",
-        args: [String(maxVersion)]
-      });
-      pushed = records.length;
-    }
-  }
-  return { pushed, pulled };
-}
-export {
-  cloudPull,
-  cloudPush,
-  cloudSync
-};