npm - @bli-cockpit/cli - Versions diffs - 0.1.0 - Mend

@bli-cockpit/cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +26 -0
package/dist/adapters/car-state.js +103 -0
package/dist/adapters/common.js +35 -0
package/dist/adapters/git-state.js +133 -0
package/dist/adapters/local-sources.js +59 -0
package/dist/adapters/risk-flags.js +67 -0
package/dist/adapters/ticket-binding.js +65 -0
package/dist/cli.js +5 -0
package/dist/commands/local.js +699 -0
package/dist/commands/public-root.js +32 -0
package/dist/local-state.js +471 -0
package/dist/server.js +99 -0
package/dist/spool/local-spool.js +145 -0
package/dist/upload.js +321 -0
package/package.json +30 -0

package/dist/spool/local-spool.js ADDED Viewed

@@ -0,0 +1,145 @@
+import crypto from "node:crypto";
+import fs from "node:fs/promises";
+import path from "node:path";
+const SPOOL_STATE_FILENAME = "upload-state.json";
+const MAX_PENDING_UPLOADS = 20;
+export function emptyUploadSpoolState() {
+    return {
+        schema_version: "cockpit-upload-spool.v1",
+        updated_at: null,
+        last_upload_attempt_at: null,
+        last_upload_success_at: null,
+        last_upload_failure_reason: null,
+        pending_uploads: [],
+    };
+}
+export async function readLocalUploadSpoolState(paths) {
+    try {
+        const raw = JSON.parse(await fs.readFile(uploadSpoolStatePath(paths), "utf8"));
+        return parseUploadSpoolState(raw);
+    }
+    catch {
+        return emptyUploadSpoolState();
+    }
+}
+export async function summarizeLocalUploadSpool(paths) {
+    const state = await readLocalUploadSpoolState(paths);
+    return {
+        last_upload_attempt_at: state.last_upload_attempt_at,
+        last_upload_success_at: state.last_upload_success_at,
+        last_upload_failure_reason: state.last_upload_failure_reason,
+        pending_upload_count: state.pending_uploads.length,
+        retry_command: state.pending_uploads[0]?.retry_command ?? null,
+    };
+}
+export async function recordUploadBlocked(paths, options) {
+    const state = await readLocalUploadSpoolState(paths);
+    const next = {
+        ...state,
+        updated_at: options.attemptedAt,
+        last_upload_attempt_at: options.attemptedAt,
+        last_upload_failure_reason: options.reason,
+    };
+    await writeUploadSpoolState(paths, next);
+    return next;
+}
+export async function recordUploadSuccess(paths, options) {
+    const state = await readLocalUploadSpoolState(paths);
+    const next = {
+        ...state,
+        updated_at: options.attemptedAt,
+        last_upload_attempt_at: options.attemptedAt,
+        last_upload_success_at: options.attemptedAt,
+        last_upload_failure_reason: null,
+        pending_uploads: [],
+    };
+    await writeUploadSpoolState(paths, next);
+    return next;
+}
+export async function recordUploadFailure(paths, entry) {
+    const state = await readLocalUploadSpoolState(paths);
+    const createdAt = entry.created_at ?? entry.last_attempt_at;
+    const spoolEntry = {
+        spool_id: `upload-${crypto.randomUUID()}`,
+        created_at: createdAt,
+        ...entry,
+    };
+    const pending = [
+        spoolEntry,
+        ...state.pending_uploads.filter((candidate) => candidate.work_context_id !== spoolEntry.work_context_id ||
+            candidate.ticket_id !== spoolEntry.ticket_id),
+    ].slice(0, MAX_PENDING_UPLOADS);
+    await writeUploadSpoolState(paths, {
+        ...state,
+        updated_at: entry.last_attempt_at,
+        last_upload_attempt_at: entry.last_attempt_at,
+        last_upload_failure_reason: entry.failure_reason,
+        pending_uploads: pending,
+    });
+    return spoolEntry;
+}
+function parseUploadSpoolState(value) {
+    if (!value || typeof value !== "object")
+        return emptyUploadSpoolState();
+    const record = value;
+    return {
+        schema_version: "cockpit-upload-spool.v1",
+        updated_at: optionalString(record["updated_at"]),
+        last_upload_attempt_at: optionalString(record["last_upload_attempt_at"]),
+        last_upload_success_at: optionalString(record["last_upload_success_at"]),
+        last_upload_failure_reason: optionalString(record["last_upload_failure_reason"]),
+        pending_uploads: Array.isArray(record["pending_uploads"])
+            ? record["pending_uploads"]
+                .map(parseUploadSpoolEntry)
+                .filter((entry) => Boolean(entry))
+            : [],
+    };
+}
+function parseUploadSpoolEntry(value) {
+    if (!value || typeof value !== "object")
+        return null;
+    const record = value;
+    const spoolId = optionalString(record["spool_id"]);
+    const createdAt = optionalString(record["created_at"]);
+    const lastAttemptAt = optionalString(record["last_attempt_at"]);
+    const dashboardUrl = optionalString(record["dashboard_url"]);
+    const failureReason = optionalString(record["failure_reason"]);
+    const retryCommand = optionalString(record["retry_command"]);
+    if (!spoolId || !createdAt || !lastAttemptAt || !dashboardUrl || !failureReason) {
+        return null;
+    }
+    return {
+        spool_id: spoolId,
+        created_at: createdAt,
+        last_attempt_at: lastAttemptAt,
+        dashboard_url: dashboardUrl,
+        work_context_id: optionalString(record["work_context_id"]),
+        ticket_id: optionalString(record["ticket_id"]),
+        repo_label: optionalString(record["repo_label"]),
+        branch: optionalString(record["branch"]),
+        event_count: optionalNumber(record["event_count"]),
+        source_scan_count: optionalNumber(record["source_scan_count"]),
+        risk_flag_count: optionalNumber(record["risk_flag_count"]),
+        failure_reason: failureReason,
+        retry_command: retryCommand ?? "cockpit sync",
+    };
+}
+async function writeUploadSpoolState(paths, state) {
+    const filePath = uploadSpoolStatePath(paths);
+    await fs.mkdir(path.dirname(filePath), { recursive: true, mode: 0o700 });
+    await fs.writeFile(filePath, `${JSON.stringify(state, null, 2)}\n`, {
+        mode: 0o600,
+    });
+    if (process.platform !== "win32") {
+        await fs.chmod(filePath, 0o600).catch(() => undefined);
+    }
+}
+function uploadSpoolStatePath(paths) {
+    return path.join(paths.spool_dir, SPOOL_STATE_FILENAME);
+}
+function optionalString(value) {
+    return typeof value === "string" && value.trim() ? value : null;
+}
+function optionalNumber(value) {
+    return typeof value === "number" && Number.isFinite(value) ? value : 0;
+}

package/dist/upload.js ADDED Viewed

@@ -0,0 +1,321 @@
+import { TelemetryIngestEnvelopeSchema, TelemetryIngestEventDtoSchema, } from "@bli-cockpit/telemetry-core";
+import path from "node:path";
+import { getCollectorRuntimePaths, LOCAL_COLLECTOR_VERSION, readLocalCollectorConfig, readLocalCollectorSessionFile, readLocalSessionReference, readLocalWorkContext, } from "./local-state.js";
+import { runLocalSourceCollectors } from "./adapters/local-sources.js";
+import { recordUploadBlocked, recordUploadFailure, recordUploadSuccess, } from "./spool/local-spool.js";
+export class LocalUploadBlockedError extends Error {
+    blocker;
+    retry_hint;
+    constructor(blocker, message, retryHint) {
+        super(message);
+        this.name = "LocalUploadBlockedError";
+        this.blocker = blocker;
+        this.retry_hint = retryHint;
+    }
+}
+export async function buildLocalAmbientEnvelope(options = {}) {
+    const now = options.now ?? new Date();
+    const paths = getCollectorRuntimePaths(options.homeDir);
+    const config = await readLocalCollectorConfig(paths).catch(() => {
+        throw new LocalUploadBlockedError("not_installed", "Local collector config missing. Run `cockpit install` before `cockpit sync`.", "cockpit install --dashboard-url <dashboard-url>");
+    });
+    const sessionFile = await readLocalCollectorSessionFile(paths).catch(() => {
+        throw new LocalUploadBlockedError("unpaired", "No paired collector session found. Run `cockpit login` or `cockpit pair` before `cockpit sync`.", "cockpit login");
+    });
+    const session = await readLocalSessionReference(paths);
+    if (session.session_state !== "valid") {
+        throw new LocalUploadBlockedError("unpaired", session.session_state === "expired"
+            ? "Collector session expired. Run `cockpit login` or `cockpit pair` again before `cockpit sync`."
+            : "Collector is not paired. Run `cockpit login` or `cockpit pair` before `cockpit sync`.", "cockpit login");
+    }
+    const activeContext = await readLocalWorkContext(paths).catch(() => {
+        throw new LocalUploadBlockedError("missing_context", "Active work context missing. Run `cockpit start --repo \"$PWD\"` before `cockpit sync`.", "cockpit start --repo \"$PWD\"");
+    });
+    const repoRoot = path.resolve(options.repoRoot ?? activeContext.repo);
+    const repoLabel = safeRepoLabel(repoRoot);
+    const uploadContext = makeUploadWorkContext({
+        activeContext,
+        session,
+        repoLabel,
+        now,
+    });
+    const sourceCollection = await runLocalSourceCollectors({
+        repoRoot,
+        branch: uploadContext.branch,
+        operatorId: session.operator_id,
+        sessionId: session.session_id,
+        workContextId: uploadContext.work_context_id,
+        activeWorkContext: activeContext,
+        now,
+    });
+    const binding = sourceCollection.binding;
+    const ticketBinding = selectedTicketBindingCandidate(binding);
+    const uploadWorkContext = {
+        ...uploadContext,
+        active_ticket_id: binding.selected_ticket_id ?? undefined,
+        ticket_binding_candidates: ticketBinding ? [ticketBinding] : binding.candidates,
+    };
+    const safeRiskFlags = sourceCollection.risk_flags.map((flag) => sanitizeRiskFlag(flag, repoLabel));
+    const events = [
+        makeSourceScanCompletedEvent({
+            context: uploadWorkContext,
+            generatedAt: now.toISOString(),
+            binding,
+            ticketBinding,
+            scans: sourceCollection.scans,
+            gitChangedFileCount: sourceCollection.facts.git?.changed_file_count ?? 0,
+            gitAddedLines: sourceCollection.facts.git?.added_lines ?? 0,
+            gitDeletedLines: sourceCollection.facts.git?.deleted_lines ?? 0,
+            carOpenTicketCount: sourceCollection.facts.car?.open_ticket_count ?? 0,
+            riskFlags: safeRiskFlags,
+        }),
+    ];
+    const envelope = TelemetryIngestEnvelopeSchema.parse({
+        envelope_version: "telemetry-ingest.v1",
+        generated_at: now.toISOString(),
+        collector_version: config.collector_version ?? LOCAL_COLLECTOR_VERSION,
+        session_reference: sanitizeSessionReference(session),
+        work_context: uploadWorkContext,
+        source_scan_results: sanitizeSourceScanResults(sourceCollection.scans, repoLabel),
+        events,
+    });
+    return {
+        envelope,
+        dashboard_url: normalizeDashboardUrl(options.dashboardUrl ?? sessionFile.dashboard_url ?? config.dashboard_url),
+        device_token: sessionFile.device_token,
+        ticket_id: binding.selected_ticket_id ?? null,
+        binding,
+        event_count: envelope.events.length,
+        source_scan_count: envelope.source_scan_results.length,
+        risk_flag_count: safeRiskFlags.length,
+        repo_label: repoLabel,
+    };
+}
+export async function syncLocalAmbientEnvelope(options = {}) {
+    const attemptedAt = (options.now ?? new Date()).toISOString();
+    const paths = getCollectorRuntimePaths(options.homeDir);
+    let built;
+    try {
+        built = await buildLocalAmbientEnvelope(options);
+    }
+    catch (error) {
+        if (error instanceof LocalUploadBlockedError) {
+            await recordUploadBlocked(paths, {
+                attemptedAt,
+                reason: error.message,
+            });
+        }
+        throw error;
+    }
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    if (!fetchImpl) {
+        throw new Error("global fetch is unavailable; use Node.js 20 or newer.");
+    }
+    try {
+        const response = await fetchImpl(`${built.dashboard_url}/api/ambient/ingest`, {
+            method: "POST",
+            headers: {
+                "Authorization": `Bearer ${built.device_token}`,
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify(built.envelope),
+        });
+        const responseBody = await readResponseJson(response);
+        if (!response.ok) {
+            throw new Error(responseErrorMessage(responseBody, `Ambient ingest failed with HTTP ${response.status}`));
+        }
+        await recordUploadSuccess(paths, { attemptedAt });
+        return {
+            status: "uploaded",
+            dashboard_url: built.dashboard_url,
+            ticket_id: built.ticket_id,
+            work_context_id: built.envelope.work_context.work_context_id,
+            event_count: built.event_count,
+            source_scan_count: built.source_scan_count,
+            risk_flag_count: built.risk_flag_count,
+            http_status: response.status,
+        };
+    }
+    catch (error) {
+        const failureReason = error instanceof Error ? error.message : String(error);
+        const entry = await recordUploadFailure(paths, {
+            last_attempt_at: attemptedAt,
+            dashboard_url: built.dashboard_url,
+            work_context_id: built.envelope.work_context.work_context_id,
+            ticket_id: built.ticket_id,
+            repo_label: built.repo_label,
+            branch: built.envelope.work_context.branch,
+            event_count: built.event_count,
+            source_scan_count: built.source_scan_count,
+            risk_flag_count: built.risk_flag_count,
+            failure_reason: failureReason,
+            retry_command: "cockpit sync",
+        });
+        return {
+            status: "spooled",
+            dashboard_url: built.dashboard_url,
+            ticket_id: built.ticket_id,
+            work_context_id: built.envelope.work_context.work_context_id,
+            event_count: built.event_count,
+            source_scan_count: built.source_scan_count,
+            risk_flag_count: built.risk_flag_count,
+            failure_reason: failureReason,
+            spool_entry_id: entry.spool_id,
+            retry_command: entry.retry_command,
+        };
+    }
+}
+function makeUploadWorkContext(options) {
+    const provenance = makeCollectorProvenance({
+        context: options.activeContext,
+        session: options.session,
+        repoLabel: options.repoLabel,
+    });
+    return {
+        ...options.activeContext,
+        repo: options.repoLabel,
+        operator_id: options.session.operator_id,
+        session_id: options.session.session_id,
+        updated_at: options.now.toISOString(),
+        provenance,
+    };
+}
+function makeSourceScanCompletedEvent(options) {
+    if (!options.context.provenance) {
+        throw new Error("Upload work context is missing provenance.");
+    }
+    return TelemetryIngestEventDtoSchema.parse({
+        event_id: `ambient-sync:${options.context.work_context_id}:${options.generatedAt}`,
+        event_type: "source_scan_completed",
+        occurred_at: options.generatedAt,
+        provenance: options.context.provenance,
+        privacy_classification: "metadata",
+        redaction: {
+            privacy_classification: "metadata",
+            redaction_status: "metadata_only",
+            redacted_fields: [
+                "prompt_body",
+                "response_body",
+                "diff_body",
+                "transcript_body",
+                "git.changed_paths",
+                "local_file_paths",
+            ],
+            raw_evidence_pointer_ids: [],
+            redacted_summary: "Collector uploaded metadata-only local work, source scan, binding, and risk summaries.",
+        },
+        redacted_summary: "Collector uploaded metadata-only source scan, ticket binding, and risk summaries.",
+        metrics: {
+            git_changed_file_count: options.gitChangedFileCount,
+            git_added_lines: options.gitAddedLines,
+            git_deleted_lines: options.gitDeletedLines,
+            car_open_ticket_count: options.carOpenTicketCount,
+            source_scan_count: options.scans.length,
+            risk_flag_count: options.riskFlags.length,
+        },
+        attributes: {
+            repo_label: options.context.repo,
+            branch: options.context.branch,
+            ticket_binding_state: options.binding.state,
+            ticket_binding_source: options.binding.selected_source ?? "none",
+            ticket_id: options.binding.selected_ticket_id ?? "unbound",
+            source_adapters: options.scans.map((scan) => scan.adapter.adapter_name),
+            source_statuses: options.scans.map((scan) => `${scan.adapter.adapter_name}:${scan.status}`),
+            redaction_mode: "metadata_only",
+            raw_payload_included: false,
+        },
+        ticket_binding: options.ticketBinding ?? undefined,
+        risk_flags: options.riskFlags,
+        raw_evidence_pointers: [],
+    });
+}
+function makeCollectorProvenance(options) {
+    return {
+        capture_source: "collector_runtime",
+        capture_adapter_version: LOCAL_COLLECTOR_VERSION,
+        collector_version: LOCAL_COLLECTOR_VERSION,
+        repo: options.repoLabel,
+        branch: options.context.branch,
+        operator_id: options.session.operator_id,
+        session_id: options.session.session_id,
+        work_context_id: options.context.work_context_id,
+    };
+}
+function sanitizeSessionReference(session) {
+    return {
+        ...session,
+        session_file_path: "local-session-file",
+    };
+}
+function sanitizeSourceScanResults(scans, repoLabel) {
+    return scans.map((scan) => ({
+        ...scan,
+        diagnostic_labels: scan.diagnostic_labels.map(sanitizeDiagnosticLabel),
+        events: scan.events.map((event) => ({
+            ...event,
+            raw_evidence_pointers: [],
+            redaction: {
+                ...event.redaction,
+                raw_evidence_pointer_ids: [],
+            },
+        })),
+        risk_flags: scan.risk_flags.map((flag) => sanitizeRiskFlag(flag, repoLabel)),
+    }));
+}
+function sanitizeDiagnosticLabel(label) {
+    if (label.includes("\n") || label.includes("/") || label.includes("\\")) {
+        const prefix = label.split(":", 1)[0]?.trim();
+        return prefix ? `${prefix}:redacted` : "diagnostic_redacted";
+    }
+    return label.length > 160 ? `${label.slice(0, 157)}...` : label;
+}
+function sanitizeRiskFlag(flag, repoLabel) {
+    return {
+        ...flag,
+        provenance: {
+            ...flag.provenance,
+            repo: repoLabel,
+        },
+    };
+}
+function selectedTicketBindingCandidate(binding) {
+    if (!binding.selected_ticket_id || !binding.selected_source)
+        return null;
+    return (binding.candidates.find((candidate) => candidate.ticket_id === binding.selected_ticket_id &&
+        candidate.binding_source === binding.selected_source) ?? {
+        ticket_id: binding.selected_ticket_id,
+        binding_source: binding.selected_source,
+        confidence: 1,
+        evidence_labels: [`bound_by:${binding.selected_source}`],
+    });
+}
+async function readResponseJson(response) {
+    const text = await response.text();
+    if (!text)
+        return {};
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return { message: text };
+    }
+}
+function responseErrorMessage(value, fallback) {
+    if (value && typeof value === "object") {
+        const record = value;
+        const message = record["message"] ?? record["error"];
+        if (typeof message === "string" && message.trim())
+            return message;
+    }
+    return fallback;
+}
+function normalizeDashboardUrl(value) {
+    const normalized = value.trim().replace(/\/+$/, "");
+    if (!normalized)
+        throw new Error("Dashboard URL cannot be empty.");
+    return normalized;
+}
+function safeRepoLabel(repoRoot) {
+    const basename = path.basename(repoRoot.replace(/[\\/]+$/, ""));
+    return basename || "repo";
+}

package/package.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "name": "@bli-cockpit/cli",
+  "version": "0.1.0",
+  "private": false,
+  "type": "module",
+  "bin": {
+    "cockpit": "dist/cli.js"
+  },
+  "files": [
+    "dist/",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "prebuild": "npm run build --workspace=@bli-cockpit/local-collector",
+    "build": "node ../../scripts/build-public-cli.mjs",
+    "pretypecheck": "npm run build",
+    "typecheck": "node -e \"await import('./dist/commands/public-root.js')\"",
+    "pretest": "npm run build",
+    "test": "node dist/cli.js --help && node ../../scripts/assert-public-package-pack.mjs --workspace=@bli-cockpit/cli"
+  },
+  "dependencies": {
+    "@bli-cockpit/telemetry-core": "0.1.0"
+  }
+}