@evomap/evolver 1.87.1 → 1.87.3

package/src/atp/cli.js

@@ -118,6 +118,27 @@ function parseVerifyArgs(args) {
   return { ok: true, opts: { orderId, action } };
 }
 
+// `evolver atp <enable|disable|status>` — manage autoBuyer consent ack file.
+// Non-TTY users (daemon, CI, hooks) opt in here instead of the interactive
+// first-run prompt. Returns { ok, opts: { sub } } or { ok: false, error }.
+function parseAtpArgs(args) {
+  if (!Array.isArray(args) || args.length === 0) {
+    return { ok: false, error: 'atp requires <enable|disable|status>' };
+  }
+  let sub = null;
+  for (let i = 0; i < args.length; i++) {
+    const a = args[i];
+    if (typeof a === 'string' && !a.startsWith('--')) {
+      sub = a.toLowerCase();
+      break;
+    }
+  }
+  if (!sub || !['enable', 'disable', 'status'].includes(sub)) {
+    return { ok: false, error: 'atp subcommand must be enable|disable|status (got: ' + sub + ')' };
+  }
+  return { ok: true, opts: { sub } };
+}
+
 async function runBuy(opts, deps) {
   const atp = (deps && deps.atp) || require('./index');
   const consumerAgent = atp.consumerAgent;
@@ -226,6 +247,80 @@ async function runVerify(opts, deps) {
   }
 }
 
+// Subcommand runner for `evolver atp enable|disable|status`. Writes the ack
+// file via autoBuyer.setConsent so subsequent daemon starts pick it up. Does
+// NOT mutate process.env — env override wins over the ack file by design,
+// and we don't want a transient CLI invocation to silently shadow operator
+// shell config.
+// Detect whether an EVOLVER_ATP_AUTOBUY env override is currently set AND
+// would supersede the ack we are about to write. Returns the effective env
+// boolean (true=on, false=off) or null if env is unset / whitespace-only.
+// Mirrors the trim-before-length-check rule from autoBuyer.getConsent so
+// the CLI and the runtime agree on what "set" means (Bugbot PR #141).
+function _envOverride() {
+  const raw = process.env.EVOLVER_ATP_AUTOBUY;
+  if (typeof raw !== 'string') return null;
+  const s = raw.trim().toLowerCase();
+  if (s.length === 0) return null;
+  return !(s === 'off' || s === '0' || s === 'false');
+}
+
+async function runAtp(opts, deps) {
+  const autoBuyer = (deps && deps.autoBuyer) || require('./autoBuyer');
+  const log = (deps && deps.log) || console.log;
+  const err = (deps && deps.err) || console.error;
+
+  try {
+    if (opts.sub === 'enable') {
+      const body = autoBuyer.setConsent(true);
+      log('[ATP] auto-spend ENABLED (consent recorded ' + body.acknowledged_at + ').');
+      log('      Caps: daily=' + (process.env.ATP_AUTOBUY_DAILY_CAP_CREDITS || '50') +
+          ', per-order=' + (process.env.ATP_AUTOBUY_PER_ORDER_CAP_CREDITS || '10') + ' credits.');
+      log('      Disable: evolver atp disable  (or  EVOLVER_ATP_AUTOBUY=off)');
+      // Loud warning if an env override will silently undo the ack at
+      // runtime. Bugbot PR #141 Medium: without this the user gets a
+      // false confirmation and real credits keep flowing the wrong way.
+      const envEnabled = _envOverride();
+      if (envEnabled === false) {
+        log('');
+        log('[ATP] WARNING: EVOLVER_ATP_AUTOBUY=' + process.env.EVOLVER_ATP_AUTOBUY +
+            ' is set in your environment and will OVERRIDE the ack file at runtime.');
+        log('      Auto-spend will stay OFF until you unset it (env wins over the ack file).');
+        return { exitCode: 0, data: body, envOverride: 'off' };
+      }
+      return { exitCode: 0, data: body };
+    }
+    if (opts.sub === 'disable') {
+      const body = autoBuyer.setConsent(false);
+      log('[ATP] auto-spend DISABLED (consent recorded ' + body.acknowledged_at + ').');
+      log('      Re-enable: evolver atp enable');
+      const envEnabled = _envOverride();
+      if (envEnabled === true) {
+        log('');
+        log('[ATP] WARNING: EVOLVER_ATP_AUTOBUY=' + process.env.EVOLVER_ATP_AUTOBUY +
+            ' is set in your environment and will OVERRIDE the ack file at runtime.');
+        log('      Auto-spend will stay ON (and continue charging credits) until you unset it.');
+        return { exitCode: 0, data: body, envOverride: 'on' };
+      }
+      return { exitCode: 0, data: body };
+    }
+    // status
+    const consent = autoBuyer.getConsent();
+    const ackPath = autoBuyer.getAckPath();
+    log('[ATP] auto-spend: ' + (consent.enabled ? 'ENABLED' : 'DISABLED') +
+        '  (source: ' + consent.source + ')');
+    log('      ack file: ' + ackPath);
+    if (consent.source === 'default') {
+      log('      Default policy (no ack file, no env override). Run `evolver atp disable`');
+      log('      to opt out, or `evolver atp enable` to record explicit opt-in.');
+    }
+    return { exitCode: 0, data: consent };
+  } catch (e) {
+    err('[ATP] atp command error: ' + (e && e.message || e));
+    return { exitCode: 1, error: String(e) };
+  }
+}
+
 function printUsage() {
   return [
     'ATP subcommands:',
@@ -234,6 +329,7 @@ function printUsage() {
     '  evolver orders [--role=consumer|merchant] [--status=pending|verified|disputed|settled]',
     '                 [--limit=N] [--json]',
     '  evolver verify <orderId> [--action=confirm|ai_judge]',
+    '  evolver atp <enable|disable|status>   -- manage auto-spend consent',
   ].join('\n');
 }
 
@@ -241,8 +337,10 @@ module.exports = {
   parseBuyArgs,
   parseOrdersArgs,
   parseVerifyArgs,
+  parseAtpArgs,
   runBuy,
   runOrders,
   runVerify,
+  runAtp,
   printUsage,
 };

package/src/atp/cliAutobuyPrompt.js

@@ -9,56 +9,26 @@
  *   - ack file memory/atp-autobuy-ack.json does not exist (already decided)
  *
  * Outcomes:
- *   - user answers y         -> enabled=true written, session opts in immediately
- *   - user answers n         -> enabled=false written, prompt never shown again
- *   - user answers later     -> no file written, prompt shown next time
+ *   - user answers y         -> autoBuyer.setConsent(true) — opts in for future sessions
+ *   - user answers n         -> autoBuyer.setConsent(false) — prompt never shown again
+ *   - user answers later     -> no ack written, prompt shown next session
  *   - any non-TTY/ack branch -> silent no-op
+ *
+ * setConsent failures (FS permission, disk full) are surfaced to the user
+ * via the output stream and returned as `reason: 'ack_write_failed'`; the
+ * decision field still reflects what the user typed.
  */
 
-const fs = require("fs");
-const path = require("path");
 const readline = require("readline");
+const autoBuyer = require("./autoBuyer");
 
-const ACK_FILE_NAME = "atp-autobuy-ack.json";
-
-function _getMemoryDir() {
-  try {
-    return require("../gep/paths").getMemoryDir();
-  } catch (_) {
-    return process.env.MEMORY_DIR || path.join(process.cwd(), "memory");
-  }
-}
-
-function _getAckPath() {
-  return path.join(_getMemoryDir(), ACK_FILE_NAME);
-}
-
-function _readAck() {
-  try {
-    const raw = fs.readFileSync(_getAckPath(), "utf8");
-    const parsed = JSON.parse(raw);
-    if (!parsed || typeof parsed !== "object") return null;
-    return parsed;
-  } catch (_) {
-    return null;
-  }
-}
-
-function _writeAck(enabled) {
-  const p = _getAckPath();
-  try {
-    fs.mkdirSync(path.dirname(p), { recursive: true });
-    const body = {
-      enabled: !!enabled,
-      acknowledged_at: new Date().toISOString(),
-      version: 1,
-    };
-    fs.writeFileSync(p, JSON.stringify(body, null, 2) + "\n", "utf8");
-    return true;
-  } catch (_) {
-    return false;
-  }
-}
+// All ack file plumbing lives on autoBuyer (filename constant, path
+// resolution, read with strict validation, atomic write via tmp+rename).
+// cliAutobuyPrompt always reaches it through the public surface so the
+// two modules cannot diverge on schema or validation — pre-consolidation
+// drift bit us twice (Bugbot PR #141: duplicate writers + lenient-vs-
+// strict reader). No __internals re-export here either: tests import
+// autoBuyer directly so a future rename trips a single set of asserts.
 
 /**
  * @returns {"ack_present"|"env_set"|"non_tty"|"eligible"}
@@ -71,7 +41,7 @@ function classify(env, stdin) {
   if (!stdin || !stdin.isTTY) {
     return "non_tty";
   }
-  if (_readAck()) {
+  if (autoBuyer.readAck()) {
     return "ack_present";
   }
   return "eligible";
@@ -116,11 +86,12 @@ async function runPrompt(opts) {
 
   try {
     output.write("\n");
-    output.write("[ATP-AutoBuyer] Your evolver can automatically place small-priced\n");
-    output.write("ATP orders when it detects a capability gap (default ON).\n");
-    output.write("  - daily hard cap:   ATP_AUTOBUY_DAILY_CAP_CREDITS (default applies)\n");
-    output.write("  - per-order cap:    ATP_AUTOBUY_PER_ORDER_CAP_CREDITS\n");
-    output.write("  - set EVOLVER_ATP_AUTOBUY=off and restart to disable at any time.\n");
+    output.write("[ATP-AutoBuyer] Your evolver will automatically place small-priced\n");
+    output.write("ATP orders when it detects a capability gap. This spends real\n");
+    output.write("credits on the EvoMap hub and is ON by default for new installs.\n");
+    output.write("  - daily hard cap:   ATP_AUTOBUY_DAILY_CAP_CREDITS (default 50)\n");
+    output.write("  - per-order cap:    ATP_AUTOBUY_PER_ORDER_CAP_CREDITS (default 10)\n");
+    output.write("  - change later:     evolver atp enable | evolver atp disable\n");
     output.write("\n");
   } catch (_) {
     return { prompted: false, decision: null, reason: "io_error" };
@@ -128,7 +99,7 @@ async function runPrompt(opts) {
 
   let answer;
   try {
-    answer = await ask("Keep autoBuyer enabled for this session? [y/n/later] ", {
+    answer = await ask("Keep ATP auto-spend ON for future sessions? [y=keep enabled / n=disable / later=ask again next session] ", {
       input,
       output,
     });
@@ -136,26 +107,48 @@ async function runPrompt(opts) {
     return { prompted: true, decision: null, reason: "ask_error" };
   }
 
+  // For y/n we persist via autoBuyer.setConsent (atomic tmp+rename, throws
+  // on FS failure). If the write fails we MUST tell the user — for the 'n'
+  // path especially, since auto-spend is default-ON and a failed disable
+  // means the user typed "off" but the runtime keeps charging credits
+  // (Bugbot PR #141 Medium: unchecked ack write). Do NOT mutate process.env
+  // on success: that would double-signal and shadow any explicit operator
+  // preference set later.
+  function _persistConsent(enabled, decision) {
+    try {
+      autoBuyer.setConsent(enabled);
+      return { prompted: true, decision, reason: enabled ? "user_accepted" : "user_declined" };
+    } catch (err) {
+      try {
+        output.write("[ATP-AutoBuyer] WARN: failed to persist consent: " + (err && err.message || err) + "\n");
+        if (enabled) {
+          output.write("                Auto-spend will keep using the default-on policy until\n");
+          output.write("                the ack is saved (capped at the configured caps).\n");
+        } else {
+          output.write("                Auto-spend will STAY ON (default policy) until your opt-out\n");
+          output.write("                can be saved — your decline was not persisted.\n");
+        }
+        output.write("                Check disk space and write permissions on the memory dir, then run\n");
+        output.write("                `evolver atp " + (enabled ? "enable" : "disable") + "` to retry.\n");
+      } catch (_) { /* output stream is broken too — nothing more we can do */ }
+      return { prompted: true, decision, reason: "ack_write_failed" };
+    }
+  }
+
   if (answer === "y" || answer === "yes") {
-    _writeAck(true);
-    env.EVOLVER_ATP_AUTOBUY = "on";
-    return { prompted: true, decision: "yes", reason: "user_accepted" };
+    return _persistConsent(true, "yes");
   }
   if (answer === "n" || answer === "no") {
-    _writeAck(false);
-    env.EVOLVER_ATP_AUTOBUY = "off";
-    return { prompted: true, decision: "no", reason: "user_declined" };
+    return _persistConsent(false, "no");
   }
+  // Postpone: no ack written, so autoBuyer.getConsent() returns
+  // {enabled: true, source: 'default'} this session. Auto-spend keeps
+  // running under the default policy with caps; the prompt will fire again
+  // next interactive session so the user can confirm or opt out.
   return { prompted: true, decision: "later", reason: "user_postponed" };
 }
 
 module.exports = {
   runPrompt,
   classify,
-  __internals: {
-    ACK_FILE_NAME,
-    _readAck,
-    _writeAck,
-    _getAckPath,
-  },
 };

package/src/atp/hubClient.js

@@ -16,6 +16,7 @@
 
 const http = require('http');
 const { getHubUrl, buildHubHeaders, getNodeId } = require('../gep/a2aProtocol');
+const { hubFetch } = require('../gep/hubFetch');
 const { getProxyUrl, getProxyToken } = require('../proxy/server/settings');
 
 function _isProxyMode() {
@@ -68,12 +69,33 @@ function _proxyRequest(method, path, body, timeoutMs) {
   });
 }
 
+// Route through hubFetch() rather than the global `fetch()` for two
+// reasons (both flagged by Cursor reviewers on PR #160):
+//
+//   1. Dispatcher mixing (Bugbot HIGH): `strictUndiciAgent` is an Agent
+//      from the *installed* `undici` package, but `global.fetch` is
+//      backed by Node's *internal* undici. Passing one to the other
+//      throws `UND_ERR_INVALID_ARG: invalid onRequestStart method` at
+//      request time — exactly the failure mode the comment at the top
+//      of hubFetch.js calls out. hubFetch already routes through
+//      `undici.fetch` from the same package as its Agent, so all calls
+//      that go through hubFetch are immune.
+//
+//   2. Case-sensitive scheme check (Security Reviewer MEDIUM): a hand-
+//      rolled `endpoint.startsWith('https:')` would skip the strict
+//      dispatcher for `HTTPS://...`. hubFetch's `_validateHubUrl` uses
+//      `new URL(url).protocol`, which normalises to lowercase, so
+//      routing through it eliminates the bug class.
+//
+// Routing through hubFetch also inherits the URL-scheme enforcement and
+// the EVOMAP_HUB_ALLOW_INSECURE escape hatch automatically; we no
+// longer need the explicit `enforceHubScheme` guard here.
 function _hubPost(pathSuffix, body, timeoutMs) {
   const hubUrl = getHubUrl();
   if (!hubUrl) return Promise.resolve({ ok: false, error: 'no_hub_url' });
   const endpoint = hubUrl.replace(/\/+$/, '') + pathSuffix;
   const timeout = timeoutMs || require('../config').HTTP_TRANSPORT_TIMEOUT_MS;
-  return fetch(endpoint, {
+  return hubFetch(endpoint, {
     method: 'POST',
     headers: buildHubHeaders(),
     body: JSON.stringify(body),
@@ -83,7 +105,17 @@ function _hubPost(pathSuffix, body, timeoutMs) {
       if (!res.ok) return res.text().then(function (t) { return { ok: false, status: res.status, error: t.slice(0, 400) }; });
       return res.json().then(function (data) { return { ok: true, data: data }; });
     })
-    .catch(function (err) { return { ok: false, error: err.message }; });
+    .catch(function (err) {
+      // hubFetch throws synchronously (rejected Promise) when the URL
+      // fails scheme validation in secure mode. Translate to the same
+      // structured envelope the previous in-line guard produced so the
+      // caller contract is unchanged.
+      const msg = (err && err.message) || String(err);
+      if (msg.indexOf('[hubFetch]') !== -1) {
+        return { ok: false, error: 'tls_refused: ' + msg };
+      }
+      return { ok: false, error: msg };
+    });
 }
 
 function _hubGet(pathSuffix, timeoutMs) {
@@ -91,7 +123,7 @@ function _hubGet(pathSuffix, timeoutMs) {
   if (!hubUrl) return Promise.resolve({ ok: false, error: 'no_hub_url' });
   const endpoint = hubUrl.replace(/\/+$/, '') + pathSuffix;
   const timeout = timeoutMs || require('../config').HTTP_TRANSPORT_TIMEOUT_MS;
-  return fetch(endpoint, {
+  return hubFetch(endpoint, {
     method: 'GET',
     headers: buildHubHeaders(),
     signal: AbortSignal.timeout(timeout),
@@ -100,7 +132,13 @@ function _hubGet(pathSuffix, timeoutMs) {
       if (!res.ok) return res.text().then(function (t) { return { ok: false, status: res.status, error: t.slice(0, 400) }; });
       return res.json().then(function (data) { return { ok: true, data: data }; });
     })
-    .catch(function (err) { return { ok: false, error: err.message }; });
+    .catch(function (err) {
+      const msg = (err && err.message) || String(err);
+      if (msg.indexOf('[hubFetch]') !== -1) {
+        return { ok: false, error: 'tls_refused: ' + msg };
+      }
+      return { ok: false, error: msg };
+    });
 }
 
 // Dispatcher: choose proxy or direct hub based on env + proxy availability.