@bitpub/cli 2.1.0 → 2.1.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bitpub/cli",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "BitPub CLI — local-first shared memory for AI agents. Six daily verbs (save/load/list/find/sync/delete), zero-config private namespace, encrypted client-side.",
   "bin": {
     "bitpub": "./bin/bitpub.js"

package/src/commands/browser.js

@@ -210,6 +210,158 @@ const FUNCTIONS = {
       return { cmd: 'bash', args: ['-lc', `open -R "${p}"`] };
     },
   },
+
+  // ── GitHub Pack ────────────────────────────────────────────
+  // The orchestrator slice lives at a GROUP address so every teammate
+  // in the group can load the same logic — they don't fork it. Each
+  // entry point injects BITPUB_OWNER from local config so the script
+  // writes to *the running user's* private namespace, not the author's.
+  //
+  // Auth model: orchestrator probes (1) macOS keychain entry from
+  // GitHub Desktop, (2) gh CLI, (3) BitPub-managed token. Tokens are
+  // never passed through args/URLs — child reads them itself so
+  // secrets never traverse the bridge.
+
+  'github.check_auth': {
+    description: 'Detect available GitHub credentials (Desktop keychain, gh CLI, BitPub-managed token).',
+    build() {
+      return {
+        cmd: 'bash',
+        args: ['-lc',
+          'set -e; ' +
+          'bitpub load bitpub://group:tollbit.com/Apps/github/orchestrator > "$T" && ' +
+          'python3 "$T"',
+        ],
+        env: {
+          T: path.join(os.tmpdir(), '.bitpub-fn-github-authcheck.py'),
+          BITPUB_GH_ACTION: 'auth_check',
+          BITPUB_OWNER: (readConfig() || {}).owner || '',
+        },
+      };
+    },
+  },
+
+  'github.ingest': {
+    description: 'Mirror your GitHub PRs, issues, and recent activity into your namespace.',
+    build(args) {
+      const a = args || {};
+      const recipes = Array.isArray(a.recipes) && a.recipes.length
+        ? a.recipes.filter(r => typeof r === 'string' && /^[a-z_]+$/.test(r)).slice(0, 8)
+        : ['prs_review_requested', 'prs_mine', 'prs_org_recent', 'issues_assigned', 'activity_recent'];
+      return {
+        cmd: 'bash',
+        args: ['-lc',
+          'set -e; ' +
+          'bitpub load bitpub://group:tollbit.com/Apps/github/orchestrator > "$T" && ' +
+          'python3 "$T"',
+        ],
+        env: {
+          T: path.join(os.tmpdir(), '.bitpub-fn-github-ingest.py'),
+          BITPUB_GH_RECIPES: recipes.join(','),
+          BITPUB_OWNER: (readConfig() || {}).owner || '',
+        },
+      };
+    },
+  },
+
+  'github.open': {
+    description: 'Open a GitHub URL in the default browser.',
+    build(args) {
+      const url = String((args && args.url) || '');
+      if (!/^https:\/\/github\.com\//.test(url) || url.includes('"')) {
+        throw new Error('invalid github url');
+      }
+      return { cmd: 'bash', args: ['-lc', `open "${url}"`] };
+    },
+  },
+
+  'github.open_clone': {
+    description: 'Open a repo\'s local clone in Finder (or VS Code if "in" === "vscode").',
+    build(args) {
+      const repo = String((args && args.repo) || '');
+      const where = String((args && args.in) || 'finder');
+      if (!/^[A-Za-z0-9._-]+\/[A-Za-z0-9._-]+$/.test(repo)) {
+        throw new Error('invalid repo "owner/name"');
+      }
+      const opener = where === 'vscode' ? 'code' :
+                     where === 'iterm'  ? `open -a iTerm` :
+                                          'open';
+      // Search common project roots for a directory whose `git remote -v`
+      // points at this repo. Local-first move: we surface the user's
+      // clone if they have one, instead of dumping them at github.com.
+      const script = `
+set -e
+REPO='${repo}'
+ROOTS=(~/projects ~/code ~/dev ~/src ~/Documents/projects ~/work)
+for root in "\${ROOTS[@]}"; do
+  [ -d "$root" ] || continue
+  while IFS= read -r dir; do
+    if (cd "$dir" && git remote -v 2>/dev/null) | grep -qiE "[:/]\${REPO}(\\.git)?( |\\\$)"; then
+      echo "found clone: $dir"
+      ${opener} "$dir"
+      exit 0
+    fi
+  done < <(find "$root" -mindepth 1 -maxdepth 3 -type d -name .git -prune -exec dirname {} \\; 2>/dev/null)
+done
+echo "no local clone of $REPO found in common roots — opening on github.com instead"
+open "https://github.com/$REPO"
+`;
+      return { cmd: 'bash', args: ['-lc', script] };
+    },
+  },
+
+  'github.summarize_pr': {
+    description: 'Summarize a PR with claude (the only LLM-in-the-loop step).',
+    build(args) {
+      const hcu = String((args && args.hcu) || '');
+      // Any private namespace, as long as it's pointed at GitHub/PRs/.
+      // We constrain the shape so an app can't trick the bridge into
+      // pulling arbitrary slices through claude.
+      if (!/^bitpub:\/\/private:[a-z0-9_-]+\/GitHub\/PRs\//i.test(hcu) || hcu.includes('"')) {
+        throw new Error('invalid PR hcu');
+      }
+      // Deterministic read (bitpub load) -> single LLM call (claude -p) ->
+      // structured text back to the UI. No MCP, no network round-trip for
+      // the data — only for the synthesis.
+      const script =
+        'set -e; ' +
+        `bitpub load "${hcu}" > "$T" && ` +
+        'claude -p "$(printf \'%s\\n\\nSummarize this GitHub PR in 3 short bullets: what it does, who it affects, anything risky. Be concrete.\' "$(cat "$T")")" ' +
+        '--output-format text --permission-mode bypassPermissions';
+      return {
+        cmd: 'bash',
+        args: ['-lc', script],
+        env: { T: path.join(os.tmpdir(), `.bitpub-fn-github-summarize.md`) },
+      };
+    },
+  },
+
+  'github.action.approve': {
+    description: 'Approve a pull request via the GitHub API (uses inherited credentials).',
+    build(args) {
+      const repo   = String((args && args.repo) || '');
+      const number = parseInt((args && args.number), 10);
+      const body   = String((args && args.body) || '');
+      if (!/^[A-Za-z0-9._-]+\/[A-Za-z0-9._-]+$/.test(repo)) throw new Error('invalid repo');
+      if (!Number.isFinite(number) || number <= 0) throw new Error('invalid PR number');
+      return {
+        cmd: 'bash',
+        args: ['-lc',
+          'set -e; ' +
+          'bitpub load bitpub://group:tollbit.com/Apps/github/orchestrator > "$T" && ' +
+          'python3 "$T"',
+        ],
+        env: {
+          T: path.join(os.tmpdir(), '.bitpub-fn-github-action.py'),
+          BITPUB_GH_ACTION: 'approve',
+          BITPUB_GH_REPO: repo,
+          BITPUB_GH_PR: String(number),
+          BITPUB_GH_BODY: body,
+          BITPUB_OWNER: (readConfig() || {}).owner || '',
+        },
+      };
+    },
+  },
 };
 
 function clampInt(value, lo, hi, dflt) {
@@ -415,6 +567,24 @@ function startBrowserServer(opts = {}) {
         return;
       }
 
+      // Bridge: who is this BitPub installation? Apps that ship via a
+      // group/public namespace can't hardcode an owner ID — they need to
+      // know "what is the current user's private prefix" at runtime so
+      // their namespace.list() / save() calls hit the right cache.
+      // Returns the minimum info needed: owner id, the domain (for
+      // display), and the canonical private namespace prefix.
+      if (url.pathname === '/bridge/identity') {
+        res.setHeader('Content-Type', 'application/json');
+        const owner = (cfg && cfg.owner) || null;
+        const domain = (cfg && cfg.domain) || null;
+        res.end(JSON.stringify({
+          owner,
+          domain,
+          private_prefix: owner ? `bitpub://private:${owner}` : null,
+        }));
+        return;
+      }
+
       // Bridge: list registered functions (for the permission UI to
       // describe what an app is about to run).
       if (url.pathname === '/bridge/functions') {

package/static/console.html

@@ -1613,8 +1613,18 @@ function renderBranch(scope, children, path) {
 
   let html = '';
 
-  // Aggregated direct-leaf entry for this level
-  if (directLeaves.length > 0) {
+  // Direct leaves: render by name when small enough to be useful as a
+  // package contents listing (e.g. an Apps/github folder showing its
+  // `orchestrator` child by name). Aggregate into a single "N context
+  // slices" summary above a threshold so very large folders (282
+  // transcripts, hundreds of PRs) don't blow up the tree.
+  const LEAF_NAME_THRESHOLD = 8;
+  if (directLeaves.length > 0 && directLeaves.length <= LEAF_NAME_THRESHOLD) {
+    const sorted = [...directLeaves].sort((a, b) => a.name.localeCompare(b.name));
+    for (const { name, slice } of sorted) {
+      html += renderLeaf(slice, name);
+    }
+  } else if (directLeaves.length > LEAF_NAME_THRESHOLD) {
     const mostRecent = directLeaves.reduce(
       (a, b) => ((a.slice.last_synced || '') > (b.slice.last_synced || '') ? a : b)
     );
@@ -1623,7 +1633,11 @@ function renderBranch(scope, children, path) {
     const pathArg = JSON.stringify(path).replace(/"/g, '&quot;');
     const isActiveSummary = S.view === 'namespace' && S.currentScope === scope && arrayEq(S.currentPath, path);
     const when = mostRecent.slice.last_synced ? timeAgo(mostRecent.slice.last_synced) : '';
-    html += `<div class="tree-leaf tree-summary${isActiveSummary ? ' active' : ''}" onclick="navigateTo('${escAttr(scope)}', ${pathArg})" title="View ${directLeaves.length} slice${directLeaves.length !== 1 ? 's' : ''} at this level">
+    // Aggregated summary goes to the namespace listing (not the self-slice).
+    // Calls navigateToNamespace to bypass the directory-index resolution in
+    // navigateTo() — clicking "47 PRs" should show the listing, not whatever
+    // happens to live at the parent address.
+    html += `<div class="tree-leaf tree-summary${isActiveSummary ? ' active' : ''}" onclick="navigateToNamespace('${escAttr(scope)}', ${pathArg})" title="View ${directLeaves.length} slice${directLeaves.length !== 1 ? 's' : ''} at this level">
       <span class="fresh-dot ${freshClass}"></span>
       <span class="tree-label">${directLeaves.length} context slice${directLeaves.length !== 1 ? 's' : ''}</span>
       <span class="tree-badge">${esc(when)}</span>
@@ -1934,6 +1948,24 @@ function goRoot() {
 }
 
 function navigateTo(scope, path) {
+  const segs = Array.isArray(path) ? path : [];
+  // Directory-index semantics: if a slice exists AT this folder address
+  // (e.g. an HTML app at `Apps/github` that also has `Apps/github/orchestrator`
+  // as a child), render the slice as the primary view — same as a
+  // browser serving /foo/index.html when you visit /foo/. Children stay
+  // reachable via the tree chevron and named-leaf entries underneath.
+  const selfHcu = `bitpub://${scope}` + (segs.length ? '/' + segs.join('/') : '');
+  const self = S.slices.find(s => s.hcu === selfHcu);
+  if (self) { selectSlice(selfHcu); return; }
+
+  navigateToNamespace(scope, segs);
+}
+
+// Explicit "show me the folder listing" navigation. Used by the
+// aggregated "N context slices" summary in the tree, and anywhere
+// else we want to skip the directory-index check (e.g. "see all in
+// this namespace" links).
+function navigateToNamespace(scope, path) {
   S.view = 'namespace';
   S.currentScope = scope;
   S.currentPath = Array.isArray(path) ? path : [];
@@ -2595,6 +2627,16 @@ const BRIDGE_SHIM_SOURCE = String.raw`
       readHandlers.delete(d.requestId);
       if (d.ok) rh.resolve({ slices: d.slices || [], count: d.count || 0, pattern: d.pattern || '' });
       else rh.reject(new Error(d.error || 'namespace read failed'));
+    } else if (d.type === 'bitpub.identity.result') {
+      var ih = readHandlers.get(d.requestId);
+      if (!ih) return;
+      readHandlers.delete(d.requestId);
+      if (d.ok) ih.resolve({
+        owner: d.owner,
+        domain: d.domain,
+        private_prefix: d.private_prefix,
+      });
+      else ih.reject(new Error(d.error || 'identity lookup failed'));
     }
   });
   window.bitpub = {
@@ -2638,6 +2680,43 @@ const BRIDGE_SHIM_SOURCE = String.raw`
           }, 10000);
         });
       }
+    },
+    navigate: function (hcu) {
+      // Hand off to another slice in the parent BitPub Browser
+      // (e.g. discovery page → installed app). HCU must be a
+      // bitpub:// address; everything else is dropped silently.
+      window.parent.postMessage({
+        __bitpub: true,
+        type: 'bitpub.navigate',
+        hcu: String(hcu || ''),
+      }, '*');
+    },
+    identity: {
+      // me() -> Promise<{ owner, domain, private_prefix }>
+      //   owner          e.g. "agent_ewim9gf01nq3"
+      //   domain         e.g. "tollbit.com"
+      //   private_prefix e.g. "bitpub://private:agent_ewim9gf01nq3"
+      //
+      // Lets apps that are distributed via a group/public namespace
+      // construct addresses that point at the *running user's* private
+      // data without hardcoding an owner ID. Use this if your app ships
+      // to other people.
+      me: function () {
+        return new Promise(function (resolve, reject) {
+          var requestId = ++nextId;
+          readHandlers.set(requestId, { resolve: resolve, reject: reject });
+          window.parent.postMessage({
+            __bitpub: true,
+            type: 'bitpub.identity.me',
+            requestId: requestId,
+          }, '*');
+          setTimeout(function () {
+            if (!readHandlers.has(requestId)) return;
+            readHandlers.delete(requestId);
+            reject(new Error('identity.me timed out'));
+          }, 5000);
+        });
+      }
     }
   };
 })();
@@ -2794,11 +2873,46 @@ async function handleBridgeNamespaceListMessage(source, msg) {
   }
 }
 
+async function handleBridgeIdentityMessage(source, msg) {
+  const { requestId } = msg;
+  if (typeof requestId !== 'number') return;
+  const reply = (extra) => {
+    try {
+      source.postMessage({
+        __bitpub: true,
+        type: 'bitpub.identity.result',
+        requestId,
+        ...extra,
+      }, '*');
+    } catch (_) { /* iframe gone */ }
+  };
+  try {
+    const r = await fetch('/bridge/identity');
+    const body = await r.json();
+    if (!r.ok) { reply({ ok: false, error: `http ${r.status}` }); return; }
+    reply({ ok: true, owner: body.owner, domain: body.domain, private_prefix: body.private_prefix });
+  } catch (err) {
+    reply({ ok: false, error: err && err.message || 'fetch failed' });
+  }
+}
+
+function handleBridgeNavigateMessage(_source, msg) {
+  // Apps can hand off to another slice in the running user's Browser.
+  // We only allow bitpub:// addresses (no http:, no javascript:), and
+  // we route through submitAddress() which already does all the
+  // existing scope/path parsing.
+  const hcu = String((msg && msg.hcu) || '').trim();
+  if (!/^bitpub:\/\/[^\s]+$/.test(hcu)) return;
+  try { submitAddress(hcu); } catch (_) { /* ignore */ }
+}
+
 window.addEventListener('message', (e) => {
   const d = e.data;
   if (!d || typeof d !== 'object' || d.__bitpub !== true) return;
   if (d.type === 'bitpub.run') handleBridgeRunMessage(e.source, d);
   else if (d.type === 'bitpub.namespace.list') handleBridgeNamespaceListMessage(e.source, d);
+  else if (d.type === 'bitpub.identity.me') handleBridgeIdentityMessage(e.source, d);
+  else if (d.type === 'bitpub.navigate' || d.type === 'navigate') handleBridgeNavigateMessage(e.source, d);
 });
 
 function renderWriteGuide(sl) {