@brianli/kimaki 0.4.72-brianli.1

package/dist/db.js

@@ -0,0 +1,159 @@
+// Prisma client initialization with libsql adapter.
+// Uses KIMAKI_DB_URL env var when set (plugin process → Hrana HTTP),
+// otherwise falls back to direct file: access (bot process, CLI subcommands).
+import fs from 'node:fs';
+import path from 'node:path';
+import { PrismaLibSql } from '@prisma/adapter-libsql';
+import { PrismaClient, Prisma } from './generated/client.js';
+import { getDataDir } from './config.js';
+import { createLogger, formatErrorWithStack, LogPrefix } from './logger.js';
+import { fileURLToPath } from 'node:url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+export { PrismaClient };
+// Under vitest, clear any inherited KIMAKI_DB_URL from the parent bot process
+// so tests default to file-based access using the auto-isolated temp data dir.
+// Tests that need Hrana (like the e2e test) can set KIMAKI_DB_URL explicitly
+// after import — getDbUrl() reads process.env dynamically on each call.
+if (process.env.KIMAKI_VITEST) {
+    delete process.env['KIMAKI_DB_URL'];
+}
+const dbLogger = createLogger(LogPrefix.DB);
+let prismaInstance = null;
+let initPromise = null;
+/**
+ * Get the singleton Prisma client instance.
+ * Initializes the database on first call, running schema setup if needed.
+ */
+export function getPrisma() {
+    if (prismaInstance) {
+        return Promise.resolve(prismaInstance);
+    }
+    if (initPromise) {
+        return initPromise;
+    }
+    initPromise = initializePrisma();
+    return initPromise;
+}
+/**
+ * Build the libsql connection URL.
+ * KIMAKI_DB_URL is set by the bot when spawning opencode plugin processes,
+ * pointing them at the in-process Hrana HTTP server. Future-proof for remote
+ * opencode processes on different machines.
+ * Without the env var (bot process, CLI subcommands), uses direct file: access.
+ */
+function getDbUrl() {
+    if (process.env.KIMAKI_DB_URL) {
+        return process.env.KIMAKI_DB_URL;
+    }
+    const dataDir = getDataDir();
+    const dbPath = path.join(dataDir, 'discord-sessions.db');
+    return `file:${dbPath}`;
+}
+async function initializePrisma() {
+    const dbUrl = getDbUrl();
+    const isFileMode = dbUrl.startsWith('file:');
+    if (isFileMode) {
+        const dataDir = getDataDir();
+        try {
+            fs.mkdirSync(dataDir, { recursive: true });
+        }
+        catch (e) {
+            dbLogger.error(`Failed to create data directory ${dataDir}:`, e.message);
+        }
+    }
+    dbLogger.log(`Opening database via: ${dbUrl}`);
+    const adapter = new PrismaLibSql({ url: dbUrl });
+    const prisma = new PrismaClient({ adapter });
+    try {
+        if (isFileMode) {
+            // WAL mode allows concurrent reads while writing instead of blocking.
+            // busy_timeout makes SQLite retry for 5s instead of immediately failing with SQLITE_BUSY.
+            // The Hrana server (serving the plugin process) sets the same pragmas on its own connection.
+            // PRAGMAs are skipped for HTTP connections — they're connection-scoped and the Hrana
+            // server already configures them on its own libsql Database handle.
+            await prisma.$executeRawUnsafe('PRAGMA journal_mode = WAL');
+            await prisma.$executeRawUnsafe('PRAGMA busy_timeout = 5000');
+        }
+        // Always run migrations - schema.sql uses IF NOT EXISTS so it's idempotent
+        dbLogger.log('Running schema migrations...');
+        await migrateSchema(prisma);
+        dbLogger.log('Schema migration complete');
+    }
+    catch (error) {
+        dbLogger.error('Prisma init failed:', formatErrorWithStack(error));
+        throw error;
+    }
+    prismaInstance = prisma;
+    return prisma;
+}
+async function migrateSchema(prisma) {
+    const schemaPath = path.join(__dirname, '../src/schema.sql');
+    const sql = fs.readFileSync(schemaPath, 'utf-8');
+    const statements = sql
+        .split(';')
+        .map((s) => s
+        .split('\n')
+        .filter((line) => !line.trimStart().startsWith('--'))
+        .join('\n')
+        .trim())
+        .filter((s) => s.length > 0 &&
+        !/^CREATE\s+TABLE\s+["']?sqlite_sequence["']?\s*\(/i.test(s))
+        // Make CREATE INDEX idempotent
+        .map((s) => s
+        .replace(/^CREATE\s+UNIQUE\s+INDEX\b(?!\s+IF)/i, 'CREATE UNIQUE INDEX IF NOT EXISTS')
+        .replace(/^CREATE\s+INDEX\b(?!\s+IF)/i, 'CREATE INDEX IF NOT EXISTS'));
+    for (const statement of statements) {
+        await prisma.$executeRawUnsafe(statement);
+    }
+    // Migration: add variant column to model tables (for thinking/reasoning level).
+    // ALTERs throw if column already exists, so each is wrapped in try/catch.
+    const alterStatements = [
+        'ALTER TABLE channel_models ADD COLUMN variant TEXT',
+        'ALTER TABLE session_models ADD COLUMN variant TEXT',
+        'ALTER TABLE global_models ADD COLUMN variant TEXT',
+    ];
+    for (const stmt of alterStatements) {
+        try {
+            await prisma.$executeRawUnsafe(stmt);
+        }
+        catch {
+            // Column already exists – expected on subsequent runs
+        }
+    }
+    // Migration: add openai_api_key column to bot_api_keys.
+    try {
+        await prisma.$executeRawUnsafe('ALTER TABLE bot_api_keys ADD COLUMN openai_api_key TEXT');
+    }
+    catch {
+        // Column already exists
+    }
+    // Migration: move session_thinking data into session_models.variant.
+    // session_thinking table is left in place (not dropped) so older kimaki versions
+    // that still reference it won't crash on the same database.
+    try {
+        // For sessions that already have a model row, copy the thinking value
+        await prisma.$executeRawUnsafe(`
+      UPDATE session_models SET variant = (
+        SELECT thinking_value FROM session_thinking
+        WHERE session_thinking.session_id = session_models.session_id
+      ) WHERE variant IS NULL AND EXISTS (
+        SELECT 1 FROM session_thinking WHERE session_thinking.session_id = session_models.session_id
+      )
+    `);
+    }
+    catch {
+        // session_thinking table may not exist in fresh installs
+    }
+}
+/**
+ * Close the Prisma connection.
+ */
+export async function closePrisma() {
+    if (prismaInstance) {
+        await prismaInstance.$disconnect();
+        prismaInstance = null;
+        initPromise = null;
+        dbLogger.log('Prisma connection closed');
+    }
+}

package/dist/db.test.js

@@ -0,0 +1,49 @@
+// Tests for Prisma client initialization and schema migration.
+// Auto-isolated via VITEST guards in config.ts (temp data dir) and db.ts (clears KIMAKI_DB_URL).
+import { afterAll, describe, expect, test } from 'vitest';
+import { getPrisma, closePrisma } from './db.js';
+import { createPendingWorktree } from './database.js';
+afterAll(async () => {
+    await closePrisma();
+});
+describe('getPrisma', () => {
+    test('creates sqlite file and migrates schema automatically', async () => {
+        const prisma = await getPrisma();
+        const session = await prisma.thread_sessions.create({
+            data: { thread_id: 'test-thread-123', session_id: 'test-session-456' },
+        });
+        expect(session.thread_id).toBe('test-thread-123');
+        expect(session.created_at).toBeInstanceOf(Date);
+        const found = await prisma.thread_sessions.findUnique({
+            where: { thread_id: session.thread_id },
+        });
+        expect(found?.session_id).toBe('test-session-456');
+        // Cleanup test data
+        await prisma.thread_sessions.delete({
+            where: { thread_id: 'test-thread-123' },
+        });
+    });
+    test('createPendingWorktree creates parent and child rows', async () => {
+        const prisma = await getPrisma();
+        const threadId = `test-worktree-${Date.now()}`;
+        await createPendingWorktree({
+            threadId,
+            worktreeName: 'regression-worktree',
+            projectDirectory: '/tmp/regression-project',
+        });
+        const session = await prisma.thread_sessions.findUnique({
+            where: { thread_id: threadId },
+        });
+        expect(session).toBeTruthy();
+        expect(session?.session_id).toBe('');
+        const worktree = await prisma.thread_worktrees.findUnique({
+            where: { thread_id: threadId },
+        });
+        expect(worktree).toBeTruthy();
+        expect(worktree?.worktree_name).toBe('regression-worktree');
+        expect(worktree?.project_directory).toBe('/tmp/regression-project');
+        expect(worktree?.status).toBe('pending');
+        await prisma.thread_worktrees.delete({ where: { thread_id: threadId } });
+        await prisma.thread_sessions.delete({ where: { thread_id: threadId } });
+    });
+});

package/dist/discord-api.js

@@ -0,0 +1,28 @@
+import { REST } from 'discord.js';
+const DISCORD_API_BASE_URL = 'https://discord.com/api';
+function normalizeApiBaseUrl(rawValue) {
+    const trimmed = rawValue?.trim();
+    if (!trimmed) {
+        return DISCORD_API_BASE_URL;
+    }
+    const withoutTrailingSlash = trimmed.replace(/\/+$/, '');
+    if (withoutTrailingSlash.endsWith('/api')) {
+        return withoutTrailingSlash;
+    }
+    return `${withoutTrailingSlash}/api`;
+}
+export function getDiscordApiBaseUrl() {
+    return normalizeApiBaseUrl(process.env.KIMAKI_DISCORD_HTTP_URL);
+}
+export function getDiscordApiV10BaseUrl() {
+    return `${getDiscordApiBaseUrl()}/v10`;
+}
+export function createDiscordRest(token) {
+    const rest = new REST({
+        api: getDiscordApiBaseUrl(),
+    });
+    if (token) {
+        rest.setToken(token);
+    }
+    return rest;
+}

package/dist/discord-auth.js

@@ -0,0 +1,231 @@
+// Shared Discord auth + endpoint helpers used by bot + CLI + plugin.
+// Supports:
+// - Proxy auth via KIMAKI_PRIVATE_KEY + KIMAKI_GUILD_ID
+// - Shared authorization header format: Ed25519 <guild_id>.<timestamp>.<signature>
+//   where the signature input is `${guild_id}\n${timestamp}`.
+// - Distinct configurable endpoints:
+//   - KIMAKI_DISCORD_WS_URL (default wss://gateway.discord.gg)
+//   - KIMAKI_DISCORD_HTTP_URL (default https://discord.com/api)
+import crypto from 'node:crypto';
+import { REST } from 'discord.js';
+const DEFAULT_DISCORD_WS_URL = 'wss://gateway.discord.gg';
+const DEFAULT_DISCORD_HTTP_URL = 'https://discord.com/api';
+export function getDiscordAuthConfig() {
+    const httpBaseUrl = normalizeDiscordHttpBaseUrl(process.env.KIMAKI_DISCORD_HTTP_URL);
+    const wsUrl = normalizeDiscordWsUrl(process.env.KIMAKI_DISCORD_WS_URL);
+    const privateKey = trimEnv(process.env.KIMAKI_PRIVATE_KEY);
+    const guildId = trimEnv(process.env.KIMAKI_GUILD_ID) || trimEnv(process.env.KIMAKI_GUILD);
+    return {
+        httpBaseUrl,
+        wsUrl,
+        privateKey,
+        guildId,
+        proxyAuthEnabled: Boolean(privateKey && guildId),
+    };
+}
+export function getDiscordWsUrl() {
+    return getDiscordAuthConfig().wsUrl;
+}
+export function getDiscordHttpBaseUrl() {
+    return getDiscordAuthConfig().httpBaseUrl;
+}
+export function isProxyDiscordAuthEnabled() {
+    return getDiscordAuthConfig().proxyAuthEnabled;
+}
+export function buildDiscordApiRoute(pathname) {
+    const normalizedPath = pathname.startsWith('/') ? pathname : `/${pathname}`;
+    return `${getDiscordHttpBaseUrl()}/v10${normalizedPath}`;
+}
+export function createDiscordRest(botToken) {
+    const { proxyAuthEnabled, privateKey, guildId } = getDiscordAuthConfig();
+    const effectiveBotToken = proxyAuthEnabled ? undefined : botToken;
+    if (!effectiveBotToken && proxyAuthEnabled) {
+        ensureProxyAuthReady({ privateKey, guildId });
+    }
+    const options = createDiscordRestOptions({
+        botToken: effectiveBotToken,
+        privateKey,
+        guildId,
+        proxyAuthEnabled,
+    });
+    const rest = new REST(options);
+    if (effectiveBotToken) {
+        rest.setToken(effectiveBotToken);
+    }
+    return rest;
+}
+export function createDiscordRestOptions({ botToken, privateKey, guildId, proxyAuthEnabled, }) {
+    const options = {
+        api: getDiscordHttpBaseUrl(),
+        makeRequest: createDiscordMakeRequest({
+            botToken,
+            privateKey,
+            guildId,
+            proxyAuthEnabled,
+        }),
+    };
+    if (botToken) {
+        options.authPrefix = 'Bot';
+    }
+    return options;
+}
+export function resolveDiscordAuthHeader(botToken) {
+    const { privateKey, guildId, proxyAuthEnabled } = getDiscordAuthConfig();
+    const effectiveBotToken = proxyAuthEnabled ? undefined : botToken;
+    if (effectiveBotToken) {
+        return { value: `Bot ${effectiveBotToken}` };
+    }
+    if (!proxyAuthEnabled) {
+        return undefined;
+    }
+    const authHeader = buildProxyAuthHeader({ privateKey, guildId });
+    if (!authHeader) {
+        return undefined;
+    }
+    return { value: authHeader };
+}
+export function createDiscordHeaders(botToken) {
+    const headers = new Headers();
+    const authorization = resolveDiscordAuthHeader(botToken);
+    if (authorization) {
+        headers.set('Authorization', authorization.value);
+    }
+    return headers;
+}
+export function createDiscordFetchHeaders({ botToken, existingHeaders, }) {
+    const headers = new Headers(existingHeaders);
+    const auth = resolveDiscordAuthHeader(botToken);
+    if (!auth) {
+        return headers;
+    }
+    headers.set('Authorization', auth.value);
+    return headers;
+}
+function createDiscordMakeRequest({ botToken, privateKey, guildId, proxyAuthEnabled, }) {
+    const wsUrl = getDiscordWsUrl();
+    const makeRequest = async (request, init) => {
+        const headers = new Headers(init.headers);
+        const authorization = botToken
+            ? `Bot ${botToken}`
+            : buildProxyAuthHeader({ privateKey, guildId });
+        if (authorization) {
+            headers.set('Authorization', authorization);
+        }
+        const response = await fetch(request, {
+            ...init,
+            headers,
+        });
+        if (!isGatewayBotEndpoint(request)) {
+            return response;
+        }
+        if (!proxyAuthEnabled) {
+            return response;
+        }
+        const body = await response.text();
+        const updatedBody = overrideGatewayUrl({ body, wsUrl });
+        if (!updatedBody) {
+            return new Response(body, {
+                status: response.status,
+                statusText: response.statusText,
+                headers: response.headers,
+            });
+        }
+        return new Response(updatedBody, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
+        });
+    };
+    return makeRequest;
+}
+function overrideGatewayUrl({ body, wsUrl, }) {
+    try {
+        const payload = JSON.parse(body);
+        if (!payload || typeof payload !== 'object' || !('url' in payload)) {
+            return undefined;
+        }
+        if (typeof payload.url !== 'string') {
+            return undefined;
+        }
+        return JSON.stringify({ ...payload, url: wsUrl });
+    }
+    catch {
+        return undefined;
+    }
+}
+function isGatewayBotEndpoint(url) {
+    try {
+        return new URL(url).pathname.endsWith('/gateway/bot');
+    }
+    catch {
+        return false;
+    }
+}
+function buildProxyAuthHeader({ privateKey, guildId, }) {
+    if (!privateKey || !guildId) {
+        return undefined;
+    }
+    const privateSigningKey = parsePrivateKey(privateKey);
+    if (!privateSigningKey) {
+        return undefined;
+    }
+    const timestamp = Date.now().toString();
+    const message = `${guildId}\n${timestamp}`;
+    const signature = crypto
+        .sign(null, Buffer.from(message, 'utf8'), privateSigningKey)
+        .toString('base64url');
+    return `Ed25519 ${guildId}.${timestamp}.${signature}`;
+}
+function ensureProxyAuthReady({ privateKey, guildId, }) {
+    if (!guildId) {
+        throw new Error('Discord proxy auth requires KIMAKI_GUILD_ID');
+    }
+    if (!privateKey) {
+        throw new Error('Discord proxy auth requires KIMAKI_PRIVATE_KEY');
+    }
+    const parsedKey = parsePrivateKey(privateKey);
+    if (!parsedKey) {
+        throw new Error('Discord proxy auth key is not a valid Ed25519 private key');
+    }
+    void parsedKey;
+}
+function parsePrivateKey(privateKey) {
+    const normalized = privateKey.trim();
+    if (!normalized) {
+        return undefined;
+    }
+    if (normalized.includes('BEGIN PRIVATE KEY')) {
+        return normalized;
+    }
+    const candidates = [
+        { key: Buffer.from(normalized, 'base64'), format: 'der', type: 'pkcs8' },
+        { key: Buffer.from(normalized, 'hex'), format: 'der', type: 'pkcs8' },
+    ];
+    for (const candidate of candidates) {
+        try {
+            return crypto.createPrivateKey(candidate);
+        }
+        catch {
+            continue;
+        }
+    }
+    return undefined;
+}
+function normalizeDiscordWsUrl(rawWsUrl) {
+    const raw = trimEnv(rawWsUrl) || DEFAULT_DISCORD_WS_URL;
+    return new URL(raw).toString().replace(/\/$/, '');
+}
+function normalizeDiscordHttpBaseUrl(rawHttpUrl) {
+    const base = new URL(trimEnv(rawHttpUrl) || DEFAULT_DISCORD_HTTP_URL);
+    const sanitizedPath = base.pathname === '/'
+        ? '/api'
+        : base.pathname.replace(/\/$/, '').replace(/\/v10\/?$/, '');
+    base.pathname = sanitizedPath.endsWith('/api')
+        ? sanitizedPath
+        : `${sanitizedPath}/api`;
+    return base.toString().replace(/\/$/, '');
+}
+function trimEnv(value) {
+    const trimmed = value?.trim();
+    return trimmed || undefined;
+}

package/dist/discord-auth.test.js

@@ -0,0 +1,80 @@
+import crypto from 'node:crypto';
+import { describe, expect, test } from 'vitest';
+import { createDiscordFetchHeaders, resolveDiscordAuthHeader, } from './discord-auth.js';
+describe('Discord proxy auth header', () => {
+    const originalPrivateKey = process.env.KIMAKI_PRIVATE_KEY;
+    const originalGuildId = process.env.KIMAKI_GUILD_ID;
+    test('writes valid Ed25519 Authorization header from proxy env vars', () => {
+        const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');
+        const pemPrivateKey = privateKey.export({
+            type: 'pkcs8',
+            format: 'pem',
+        });
+        const pemPublicKey = publicKey.export({
+            type: 'spki',
+            format: 'pem',
+        });
+        const guildId = '987654321098765432';
+        process.env.KIMAKI_PRIVATE_KEY = pemPrivateKey;
+        process.env.KIMAKI_GUILD_ID = guildId;
+        const headers = createDiscordFetchHeaders({ botToken: undefined });
+        const authHeader = headers.get('Authorization');
+        process.env.KIMAKI_PRIVATE_KEY = originalPrivateKey;
+        process.env.KIMAKI_GUILD_ID = originalGuildId;
+        expect(authHeader).toBeTruthy();
+        if (!authHeader) {
+            return;
+        }
+        const [prefix, value] = authHeader.split(' ', 2);
+        expect(prefix).toBe('Ed25519');
+        expect(value).toBeDefined();
+        const parts = value ? value.split('.') : null;
+        expect(parts).toHaveLength(3);
+        if (!parts) {
+            return;
+        }
+        const [tokenGuildId, timestamp, signatureBase64url] = parts;
+        expect(tokenGuildId).toBe(guildId);
+        expect(Number(timestamp)).not.toBeNaN();
+        const signature = Buffer.from(signatureBase64url, 'base64url');
+        const message = `${guildId}\n${timestamp}`;
+        const isValidSignature = crypto.verify(null, Buffer.from(message, 'utf8'), pemPublicKey, signature);
+        expect(isValidSignature).toBe(true);
+    });
+    test('uses bot token header format when token is present', () => {
+        process.env.KIMAKI_PRIVATE_KEY = '';
+        process.env.KIMAKI_GUILD_ID = '';
+        const headers = resolveDiscordAuthHeader('bot-token-123');
+        process.env.KIMAKI_PRIVATE_KEY = originalPrivateKey;
+        process.env.KIMAKI_GUILD_ID = originalGuildId;
+        expect(headers).toEqual({ value: 'Bot bot-token-123' });
+    });
+    test('prefers proxy auth over bot token when private key env vars are set', () => {
+        const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');
+        const pemPrivateKey = privateKey.export({
+            type: 'pkcs8',
+            format: 'pem',
+        });
+        const pemPublicKey = publicKey.export({
+            type: 'spki',
+            format: 'pem',
+        });
+        const guildId = '111111111111111111';
+        process.env.KIMAKI_PRIVATE_KEY = pemPrivateKey;
+        process.env.KIMAKI_GUILD_ID = guildId;
+        const headers = createDiscordFetchHeaders({ botToken: 'db-bot-token' });
+        const authHeader = headers.get('Authorization');
+        process.env.KIMAKI_PRIVATE_KEY = originalPrivateKey;
+        process.env.KIMAKI_GUILD_ID = originalGuildId;
+        expect(authHeader).toBeTruthy();
+        if (!authHeader) {
+            return;
+        }
+        const [prefix, value] = authHeader.split(' ', 2);
+        expect(prefix).toBe('Ed25519');
+        const [tokenGuildId, timestamp, signatureBase64url] = value?.split('.');
+        expect(tokenGuildId).toBe(guildId);
+        const isValidSignature = crypto.verify(null, Buffer.from(`${guildId}\n${timestamp}`, 'utf8'), pemPublicKey, Buffer.from(signatureBase64url, 'base64url'));
+        expect(isValidSignature).toBe(true);
+    });
+});