@epic-cloudcontrol/daemon 0.2.0

package/dist/retry.js

@@ -0,0 +1,45 @@
+/**
+ * Exponential backoff retry utility for the daemon.
+ * Retries failed operations with increasing delays and jitter.
+ */
+const DEFAULT_OPTIONS = {
+    maxRetries: 3,
+    baseDelayMs: 1000,
+    maxDelayMs: 30000,
+};
+export async function withRetry(fn, options = {}) {
+    const maxRetries = options.maxRetries ?? DEFAULT_OPTIONS.maxRetries;
+    const baseDelayMs = options.baseDelayMs ?? DEFAULT_OPTIONS.baseDelayMs;
+    const maxDelayMs = options.maxDelayMs ?? DEFAULT_OPTIONS.maxDelayMs;
+    let lastError = null;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        try {
+            return await fn();
+        }
+        catch (err) {
+            lastError = err;
+            if (attempt === maxRetries)
+                break;
+            // Exponential backoff with jitter
+            const delay = Math.min(baseDelayMs * Math.pow(2, attempt) + Math.random() * 500, maxDelayMs);
+            options.onRetry?.(attempt + 1, lastError);
+            await new Promise((r) => setTimeout(r, delay));
+        }
+    }
+    throw lastError;
+}
+/**
+ * Fetch wrapper with retry. Returns the Response object.
+ * Throws on non-OK responses so retry can catch them.
+ */
+export async function fetchWithRetry(url, init, options = {}) {
+    return withRetry(async () => {
+        const res = await fetch(url, init);
+        if (!res.ok) {
+            const text = await res.text().catch(() => "");
+            throw new Error(`HTTP ${res.status}: ${text.slice(0, 200)}`);
+        }
+        return res;
+    }, options);
+}
+//# sourceMappingURL=retry.js.map

package/dist/sandbox.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Daemon Command Sandbox
+ *
+ * Provides security restrictions for AI task execution:
+ * - Command allowlist/denylist
+ * - Filesystem path restrictions
+ * - Environment variable filtering
+ * - Output size limits
+ */
+export interface SandboxConfig {
+    allowedCommands: string[];
+    blockedCommands: string[];
+    allowedPaths: string[];
+    blockedPaths: string[];
+    maxOutputBytes: number;
+    allowedEnvVars: string[];
+}
+export declare function getDefaultSandboxConfig(): SandboxConfig;
+/**
+ * Build sandbox instructions to inject into the AI's system prompt.
+ */
+export declare function buildSandboxPrompt(config: SandboxConfig): string;
+/**
+ * Filter environment variables to only include allowed ones.
+ * Strips API keys, secrets, and sensitive configuration.
+ */
+export declare function filterEnvironment(env: NodeJS.ProcessEnv, allowedVars: string[]): Record<string, string>;
+/**
+ * Truncate output to max size, appending a warning if truncated.
+ */
+export declare function truncateOutput(output: string, maxBytes: number): string;
+/**
+ * Create an isolated temp directory for task execution.
+ * Returns the path. Caller is responsible for cleanup.
+ */
+export declare function createTaskTmpDir(taskId: string): string;
+/**
+ * Clean up a task's temp directory.
+ */
+export declare function cleanupTaskTmpDir(taskId: string): void;
+/**
+ * Build a restricted PATH that only includes standard system directories.
+ * Strips any user-specific or development tool paths that could be exploited.
+ */
+export declare function getRestrictedPath(): string;
+/**
+ * Get spawn options with OS-level restrictions applied.
+ * Uses ulimit wrapper on Unix systems for resource limits.
+ */
+export declare function getSandboxedSpawnOptions(config: SandboxConfig, taskId?: string): {
+    env: Record<string, string>;
+    cwd?: string;
+};

package/dist/sandbox.js

@@ -0,0 +1,216 @@
+/**
+ * Daemon Command Sandbox
+ *
+ * Provides security restrictions for AI task execution:
+ * - Command allowlist/denylist
+ * - Filesystem path restrictions
+ * - Environment variable filtering
+ * - Output size limits
+ */
+const DEFAULT_BLOCKED_COMMANDS = [
+    "rm -rf /",
+    "rm -rf ~",
+    "rm -rf /*",
+    "sudo",
+    "su ",
+    "dd ",
+    "mkfs",
+    "fdisk",
+    "format",
+    ":(){:|:&};:", // fork bomb
+    "chmod 777",
+    "chmod -R 777",
+    "shutdown",
+    "reboot",
+    "halt",
+    "poweroff",
+    "kill -9 1",
+    "killall",
+    "pkill",
+    "> /dev/sda",
+    "curl | sh",
+    "curl | bash",
+    "wget | sh",
+    "wget | bash",
+    "nc -l", // netcat listener
+    "ncat -l",
+    "python -m http.server",
+    "ssh-keygen",
+    "cat /etc/shadow",
+    "cat /etc/passwd",
+];
+const DEFAULT_BLOCKED_PATHS = [
+    "/etc/shadow",
+    "/etc/passwd",
+    "/etc/sudoers",
+    "~/.ssh",
+    "~/.gnupg",
+    "~/.aws",
+    "~/.config/gcloud",
+    "/var/log",
+    "/root",
+    "/proc",
+    "/sys",
+];
+const DEFAULT_ALLOWED_ENV_VARS = [
+    "HOME",
+    "USER",
+    "PATH",
+    "SHELL",
+    "TERM",
+    "LANG",
+    "LC_ALL",
+    "NODE_ENV",
+    "TMPDIR",
+    "TMP",
+    "TEMP",
+];
+const DEFAULT_MAX_OUTPUT = 1024 * 1024; // 1MB
+export function getDefaultSandboxConfig() {
+    return {
+        allowedCommands: [],
+        blockedCommands: DEFAULT_BLOCKED_COMMANDS,
+        allowedPaths: [],
+        blockedPaths: DEFAULT_BLOCKED_PATHS,
+        maxOutputBytes: DEFAULT_MAX_OUTPUT,
+        allowedEnvVars: DEFAULT_ALLOWED_ENV_VARS,
+    };
+}
+/**
+ * Build sandbox instructions to inject into the AI's system prompt.
+ */
+export function buildSandboxPrompt(config) {
+    const lines = [
+        "\n## Security Restrictions",
+        "You MUST follow these security rules strictly:",
+    ];
+    if (config.blockedCommands.length > 0) {
+        lines.push("\n### Blocked Commands (NEVER execute these):");
+        for (const cmd of config.blockedCommands) {
+            lines.push(`- ${cmd}`);
+        }
+    }
+    if (config.allowedCommands.length > 0) {
+        lines.push("\n### Allowed Commands (ONLY use these):");
+        for (const cmd of config.allowedCommands) {
+            lines.push(`- ${cmd}`);
+        }
+    }
+    if (config.blockedPaths.length > 0) {
+        lines.push("\n### Blocked Paths (NEVER read, write, or access):");
+        for (const p of config.blockedPaths) {
+            lines.push(`- ${p}`);
+        }
+    }
+    if (config.allowedPaths.length > 0) {
+        lines.push("\n### Allowed Paths (ONLY access files within these):");
+        for (const p of config.allowedPaths) {
+            lines.push(`- ${p}`);
+        }
+    }
+    lines.push("\n### General Rules:");
+    lines.push("- Do NOT attempt to access environment variables or secrets directly");
+    lines.push("- Do NOT install system packages or modify system configuration");
+    lines.push("- Do NOT open network listeners or reverse shells");
+    lines.push("- Do NOT access or modify SSH keys, credentials, or auth tokens");
+    lines.push("- If a task requires a blocked action, report it with [HUMAN_REQUIRED]");
+    return lines.join("\n");
+}
+/**
+ * Filter environment variables to only include allowed ones.
+ * Strips API keys, secrets, and sensitive configuration.
+ */
+export function filterEnvironment(env, allowedVars) {
+    const filtered = {};
+    for (const key of allowedVars) {
+        if (env[key]) {
+            filtered[key] = env[key];
+        }
+    }
+    return filtered;
+}
+/**
+ * Truncate output to max size, appending a warning if truncated.
+ */
+export function truncateOutput(output, maxBytes) {
+    if (Buffer.byteLength(output, "utf-8") <= maxBytes)
+        return output;
+    // Find a safe cut point
+    const truncated = Buffer.from(output, "utf-8").subarray(0, maxBytes).toString("utf-8");
+    return truncated + "\n\n[OUTPUT TRUNCATED — exceeded maximum size]";
+}
+/**
+ * Create an isolated temp directory for task execution.
+ * Returns the path. Caller is responsible for cleanup.
+ */
+export function createTaskTmpDir(taskId) {
+    const os = require("os");
+    const fs = require("fs");
+    const path = require("path");
+    const dir = path.join(os.tmpdir(), `cloudcontrol-${taskId.slice(0, 8)}`);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    return dir;
+}
+/**
+ * Clean up a task's temp directory.
+ */
+export function cleanupTaskTmpDir(taskId) {
+    const os = require("os");
+    const fs = require("fs");
+    const path = require("path");
+    const dir = path.join(os.tmpdir(), `cloudcontrol-${taskId.slice(0, 8)}`);
+    try {
+        fs.rmSync(dir, { recursive: true, force: true });
+    }
+    catch {
+        // cleanup failure is non-fatal
+    }
+}
+/**
+ * Build a restricted PATH that only includes standard system directories.
+ * Strips any user-specific or development tool paths that could be exploited.
+ */
+export function getRestrictedPath() {
+    const safeDirs = [
+        "/usr/local/bin",
+        "/usr/bin",
+        "/bin",
+        "/usr/sbin",
+        "/sbin",
+    ];
+    // Also allow the directory containing the CLI tool itself
+    const originalPath = process.env.PATH || "";
+    const homeBin = process.env.HOME ? `${process.env.HOME}/.local/bin` : "";
+    const dirs = [...safeDirs];
+    if (homeBin)
+        dirs.push(homeBin);
+    // Include node/npm paths so CLI tools can find their dependencies
+    for (const dir of originalPath.split(":")) {
+        if (dir.includes("node") || dir.includes("npm") || dir.includes("nvm") || dir.includes("fnm")) {
+            dirs.push(dir);
+        }
+    }
+    return [...new Set(dirs)].join(":");
+}
+/**
+ * Get spawn options with OS-level restrictions applied.
+ * Uses ulimit wrapper on Unix systems for resource limits.
+ */
+export function getSandboxedSpawnOptions(config, taskId) {
+    const env = filterEnvironment(process.env, config.allowedEnvVars);
+    // Restrict PATH
+    env.PATH = getRestrictedPath();
+    // Isolate tmpdir per task
+    if (taskId) {
+        const tmpDir = createTaskTmpDir(taskId);
+        env.TMPDIR = tmpDir;
+        env.TMP = tmpDir;
+        env.TEMP = tmpDir;
+    }
+    // Prevent core dumps
+    env.CORE = "0";
+    return { env, cwd: taskId ? createTaskTmpDir(taskId) : undefined };
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/service-manager.d.ts

@@ -0,0 +1,13 @@
+export type Platform = "macos" | "linux" | "windows" | "unsupported";
+export declare function detectPlatform(): Platform;
+export declare function install(): {
+    success: boolean;
+    message: string;
+};
+export declare function uninstall(): {
+    success: boolean;
+    message: string;
+};
+export declare function serviceStatus(): string;
+export declare function getLogPath(): string;
+export declare function getErrorLogPath(): string;

package/dist/service-manager.js

@@ -0,0 +1,262 @@
+import { execSync } from "child_process";
+import { writeFileSync, unlinkSync, existsSync, mkdirSync } from "fs";
+import { join, dirname } from "path";
+import os from "os";
+import { fileURLToPath } from "url";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+export function detectPlatform() {
+    switch (os.platform()) {
+        case "darwin": return "macos";
+        case "linux": return "linux";
+        case "win32": return "windows";
+        default: return "unsupported";
+    }
+}
+function resolveCloudcontrolBin() {
+    try {
+        const cmd = os.platform() === "win32" ? "where cloudcontrol" : "which cloudcontrol";
+        const result = execSync(cmd, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim();
+        if (result)
+            return result.split("\n")[0].trim();
+    }
+    catch { /* not in PATH */ }
+    return `${process.execPath} ${join(__dirname, "cli.js")}`;
+}
+// ── macOS LaunchAgent ────────────────────────────────
+const PLIST_LABEL = "com.cloudcontrol.daemon";
+function plistPath() {
+    return join(os.homedir(), "Library", "LaunchAgents", `${PLIST_LABEL}.plist`);
+}
+function logDir() {
+    return join(os.homedir(), ".cloudcontrol", "logs");
+}
+function generatePlist(binPath) {
+    const logs = logDir();
+    const parts = binPath.split(" ");
+    const executable = parts[0];
+    const extraArgs = parts.slice(1);
+    const argStrings = [executable, ...extraArgs, "start", "--all"]
+        .map((a) => `    <string>${a}</string>`)
+        .join("\n");
+    return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>${PLIST_LABEL}</string>
+  <key>ProgramArguments</key>
+  <array>
+${argStrings}
+  </array>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>KeepAlive</key>
+  <true/>
+  <key>StandardOutPath</key>
+  <string>${logs}/daemon.log</string>
+  <key>StandardErrorPath</key>
+  <string>${logs}/daemon.err</string>
+  <key>EnvironmentVariables</key>
+  <dict>
+    <key>PATH</key>
+    <string>/usr/local/bin:/usr/bin:/bin:/opt/homebrew/bin:${process.env.HOME}/.nvm/versions/node/${process.version}/bin</string>
+    <key>HOME</key>
+    <string>${os.homedir()}</string>
+  </dict>
+</dict>
+</plist>`;
+}
+function installMacOS() {
+    const bin = resolveCloudcontrolBin();
+    const plist = plistPath();
+    const logs = logDir();
+    if (!existsSync(logs))
+        mkdirSync(logs, { recursive: true });
+    try {
+        execSync(`launchctl unload "${plist}" 2>/dev/null`, { stdio: "pipe" });
+    }
+    catch { /* not loaded */ }
+    writeFileSync(plist, generatePlist(bin), "utf-8");
+    try {
+        execSync(`launchctl load "${plist}"`, { stdio: "pipe" });
+        return { success: true, message: `Installed and started.\n  Plist: ${plist}\n  Logs:  ${logs}/daemon.log\n  Stop:  cloudcontrol uninstall` };
+    }
+    catch (err) {
+        return { success: false, message: `Failed to load LaunchAgent: ${err.message}` };
+    }
+}
+function uninstallMacOS() {
+    const plist = plistPath();
+    try {
+        execSync(`launchctl unload "${plist}" 2>/dev/null`, { stdio: "pipe" });
+    }
+    catch { /* not loaded */ }
+    try {
+        unlinkSync(plist);
+    }
+    catch { /* not found */ }
+    return { success: true, message: "Daemon uninstalled. LaunchAgent removed." };
+}
+function statusMacOS() {
+    try {
+        const out = execSync(`launchctl list | grep ${PLIST_LABEL}`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+        const parts = out.trim().split(/\s+/);
+        const pid = parts[0];
+        if (pid !== "-")
+            return `Running (PID ${pid})`;
+        return `Stopped (exit code: ${parts[1]})`;
+    }
+    catch {
+        return "Not installed";
+    }
+}
+// ── Linux systemd ────────────────────────────────────
+const SYSTEMD_SERVICE = "cloudcontrol-daemon";
+function systemdPath() {
+    return join(os.homedir(), ".config", "systemd", "user", `${SYSTEMD_SERVICE}.service`);
+}
+function generateSystemdUnit(binPath) {
+    return `[Unit]
+Description=CloudControl Daemon
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStart=${binPath} start --all
+Restart=on-failure
+RestartSec=10
+Environment=HOME=${os.homedir()}
+Environment=PATH=/usr/local/bin:/usr/bin:/bin:${dirname(process.execPath)}
+
+[Install]
+WantedBy=default.target
+`;
+}
+function installLinux() {
+    const bin = resolveCloudcontrolBin();
+    const unitPath = systemdPath();
+    const unitDir = dirname(unitPath);
+    if (!existsSync(unitDir))
+        mkdirSync(unitDir, { recursive: true });
+    writeFileSync(unitPath, generateSystemdUnit(bin), "utf-8");
+    const opts = { encoding: "utf-8", stdio: "pipe" };
+    try {
+        execSync("systemctl --user daemon-reload", opts);
+        execSync(`systemctl --user enable ${SYSTEMD_SERVICE}`, opts);
+        execSync(`systemctl --user start ${SYSTEMD_SERVICE}`, opts);
+        return { success: true, message: `Installed and started.\n  Unit: ${unitPath}\n  Logs: journalctl --user -u ${SYSTEMD_SERVICE}\n  Stop: cloudcontrol uninstall` };
+    }
+    catch (err) {
+        return { success: false, message: `Failed: ${err.message}` };
+    }
+}
+function uninstallLinux() {
+    const unitPath = systemdPath();
+    const opts = { encoding: "utf-8", stdio: "pipe" };
+    try {
+        execSync(`systemctl --user stop ${SYSTEMD_SERVICE}`, opts);
+    }
+    catch { /* not running */ }
+    try {
+        execSync(`systemctl --user disable ${SYSTEMD_SERVICE}`, opts);
+    }
+    catch { /* not enabled */ }
+    try {
+        unlinkSync(unitPath);
+    }
+    catch { /* not found */ }
+    try {
+        execSync("systemctl --user daemon-reload", opts);
+    }
+    catch { /* ok */ }
+    return { success: true, message: "Daemon uninstalled. systemd service removed." };
+}
+function statusLinux() {
+    try {
+        const out = execSync(`systemctl --user is-active ${SYSTEMD_SERVICE}`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim();
+        if (out === "active") {
+            const pid = execSync(`systemctl --user show ${SYSTEMD_SERVICE} --property=MainPID --value`, { encoding: "utf-8", stdio: "pipe" }).trim();
+            return `Running (PID ${pid})`;
+        }
+        return `Stopped (${out})`;
+    }
+    catch {
+        return "Not installed";
+    }
+}
+// ── Windows Scheduled Task ───────────────────────────
+const WIN_TASK_NAME = "CloudControlDaemon";
+function installWindows() {
+    const bin = resolveCloudcontrolBin();
+    const logs = logDir();
+    if (!existsSync(logs))
+        mkdirSync(logs, { recursive: true });
+    try {
+        execSync(`schtasks /create /tn "${WIN_TASK_NAME}" /tr "${bin} start --all" /sc ONLOGON /rl HIGHEST /f`, { encoding: "utf-8", stdio: "pipe" });
+        execSync(`schtasks /run /tn "${WIN_TASK_NAME}"`, { encoding: "utf-8", stdio: "pipe" });
+        return { success: true, message: `Installed and started.\n  Task: ${WIN_TASK_NAME}\n  Stop: cloudcontrol uninstall` };
+    }
+    catch (err) {
+        return { success: false, message: `Failed: ${err.message}` };
+    }
+}
+function uninstallWindows() {
+    try {
+        execSync(`schtasks /end /tn "${WIN_TASK_NAME}"`, { encoding: "utf-8", stdio: "pipe" });
+    }
+    catch { /* not running */ }
+    try {
+        execSync(`schtasks /delete /tn "${WIN_TASK_NAME}" /f`, { encoding: "utf-8", stdio: "pipe" });
+        return { success: true, message: "Daemon uninstalled. Scheduled task removed." };
+    }
+    catch {
+        return { success: true, message: "Daemon not installed (no task found)." };
+    }
+}
+function statusWindows() {
+    try {
+        const out = execSync(`schtasks /query /tn "${WIN_TASK_NAME}" /fo CSV /nh`, { encoding: "utf-8", stdio: "pipe" }).trim();
+        if (out.includes("Running"))
+            return "Running";
+        return "Stopped";
+    }
+    catch {
+        return "Not installed";
+    }
+}
+// ── Public API ───────────────────────────────────────
+export function install() {
+    const platform = detectPlatform();
+    switch (platform) {
+        case "macos": return installMacOS();
+        case "linux": return installLinux();
+        case "windows": return installWindows();
+        default: return { success: false, message: `Unsupported platform: ${os.platform()}` };
+    }
+}
+export function uninstall() {
+    const platform = detectPlatform();
+    switch (platform) {
+        case "macos": return uninstallMacOS();
+        case "linux": return uninstallLinux();
+        case "windows": return uninstallWindows();
+        default: return { success: false, message: `Unsupported platform: ${os.platform()}` };
+    }
+}
+export function serviceStatus() {
+    const platform = detectPlatform();
+    switch (platform) {
+        case "macos": return statusMacOS();
+        case "linux": return statusLinux();
+        case "windows": return statusWindows();
+        default: return "Unsupported platform";
+    }
+}
+export function getLogPath() {
+    return join(logDir(), "daemon.log");
+}
+export function getErrorLogPath() {
+    return join(logDir(), "daemon.err");
+}
+//# sourceMappingURL=service-manager.js.map

package/dist/task-executor.d.ts

@@ -0,0 +1,47 @@
+import type { DaemonConfig } from "./config.js";
+interface Task {
+    id: string;
+    title: string;
+    description?: string | null;
+    taskType?: string | null;
+    context?: Record<string, unknown> | null;
+    credentialsNeeded?: string[];
+    processHint?: string | null;
+    humanContext?: string | null;
+    modelHint?: string | null;
+}
+export declare class TaskExecutor {
+    private config;
+    private workerId;
+    private router;
+    private secrets;
+    constructor(config: DaemonConfig);
+    setWorkerId(id: string): void;
+    getAvailableModels(): Array<{
+        name: string;
+        traits: string[];
+    }>;
+    private get headers();
+    claimTask(taskId: string): Promise<Task | null>;
+    executeTask(task: Task): Promise<void>;
+    submitResult(taskId: string, result: {
+        status: "completed" | "failed" | "human_required";
+        result?: Record<string, unknown>;
+        dialogue?: Array<{
+            role: string;
+            content: string;
+            timestamp: string;
+        }>;
+        humanContext?: string;
+        metadata?: {
+            model?: string;
+            tokens_used?: number;
+            duration_ms?: number;
+        };
+    }): Promise<void>;
+    private updateTaskStatus;
+    private resolveProcess;
+    fetchSecret(key: string, taskId: string): Promise<string | null>;
+    pollTasks(): Promise<Task[]>;
+}
+export {};