@fiale-plus/pi-rogue-bundle 0.1.14 → 0.1.15

package/node_modules/@fiale-plus/pi-core/README.md

@@ -0,0 +1,12 @@
+# Pi-Rogue Core
+
+Shared helpers for the Pi-Rogue workspace.
+
+Includes the first bounded context broker contract and in-memory implementation:
+
+- `createInMemoryContextBroker()` stores artifacts behind stable `ctx://...` handles.
+- Lookups support handle, session, kind, tag, path, command prefix, branch, and text filters.
+- Omitted summaries become metadata-only placeholders, keeping raw payloads out of prompt briefs by default.
+- Pruning enforces per-session record/byte caps, TTL expiry on reads, and pinned-artifact retention.
+
+Install locally from this repo root: `npm install`

package/node_modules/@fiale-plus/pi-core/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@fiale-plus/pi-core",
+  "version": "0.1.0",
+  "description": "Shared helpers for the Pi-Rogue workspace.",
+  "type": "module",
+  "license": "MIT",
+  "keywords": [
+    "pi-package"
+  ],
+  "scripts": {
+    "test": "cd ../.. && vitest run packages/core/src/*.test.ts"
+  },
+  "private": true,
+  "main": "./src/index.ts",
+  "exports": {
+    ".": "./src/index.ts"
+  },
+  "files": [
+    "src",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/node_modules/@fiale-plus/pi-core/src/context-broker.test.ts

@@ -0,0 +1,216 @@
+import { createHash } from "node:crypto";
+import { describe, expect, it } from "vitest";
+import { createInMemoryContextBroker } from "./context-broker.js";
+
+describe("createInMemoryContextBroker", () => {
+  it("publishes stable, unique handles and looks up artifacts by handle", () => {
+    const broker = createInMemoryContextBroker();
+    const first = broker.publish({
+      sessionId: "session-a",
+      kind: "tool_output",
+      payload: "same payload",
+      summary: "tests passed",
+      tags: ["test"],
+      paths: ["packages/core"],
+    });
+    const second = broker.publish({
+      sessionId: "session-a",
+      kind: "tool_output",
+      payload: "same payload",
+      summary: "same payload repeat",
+      tags: ["test"],
+      paths: ["packages/core"],
+    });
+
+    expect(first.handle).not.toEqual(second.handle);
+    expect(first.handle).toMatch(/^ctx:\/\/session\/session-a\/tool_output\//);
+    expect(broker.lookup({ handle: first.handle })).toEqual([first]);
+    expect(broker.lookup({ handle: second.handle })).toEqual([second]);
+  });
+
+  it("filters by session, kind, tag, path, and text", () => {
+    const broker = createInMemoryContextBroker();
+    const core = broker.publish({
+      sessionId: "s1",
+      kind: "tool_output",
+      payload: "vitest packages/core passed",
+      tags: ["test", "core"],
+      paths: ["packages/core/src/context-broker.ts"],
+    });
+    broker.publish({
+      sessionId: "s2",
+      kind: "advisor_brief",
+      payload: "different payload",
+      tags: ["advisor"],
+      paths: ["packages/advisor/src/router.ts"],
+    });
+
+    expect(broker.lookup({ sessionId: "s1", kind: "tool_output", tag: "core" })).toEqual([core]);
+    expect(broker.lookup({ path: "packages/core" })).toEqual([core]);
+    expect(broker.lookup({ text: "vitest" })).toEqual([core]);
+    expect(broker.lookup({ sessionId: "s2", kind: "tool_output" })).toEqual([]);
+  });
+
+  it("uses a metadata-only summary when callers omit summaries", () => {
+    const broker = createInMemoryContextBroker({ briefBytes: 500 });
+    const artifact = broker.publish({
+      sessionId: "s",
+      kind: "tool_output",
+      payload: "SECRET_TOKEN=abc123\n".repeat(20),
+      paths: ["logs/secret-output.txt"],
+    });
+
+    const brief = broker.renderBrief({ sessionId: "s" });
+
+    expect(artifact.summary).toContain("payload stored externally");
+    expect(artifact.summary).not.toContain("SECRET_TOKEN");
+    expect(brief).not.toContain("SECRET_TOKEN");
+    expect(brief).toContain(artifact.handle);
+  });
+
+  it("enforces record caps by pruning oldest unpinned artifacts", () => {
+    const broker = createInMemoryContextBroker({ maxRecords: 2, defaultTtlMs: 0 });
+    const first = broker.publish({ sessionId: "s", kind: "memory_note", payload: "one", createdAt: 1 });
+    const second = broker.publish({ sessionId: "s", kind: "memory_note", payload: "two", createdAt: 2 });
+    const third = broker.publish({ sessionId: "s", kind: "memory_note", payload: "three", createdAt: 3 });
+
+    expect(broker.lookup({ id: first.id })).toEqual([]);
+    expect(broker.lookup({ id: second.id })).toEqual([second]);
+    expect(broker.lookup({ id: third.id })).toEqual([third]);
+    expect(broker.status().records).toBe(2);
+  });
+
+  it("applies caps independently per session", () => {
+    const broker = createInMemoryContextBroker({ maxRecords: 1, defaultTtlMs: 0 });
+    const sessionOne = broker.publish({ sessionId: "s1", kind: "tool_output", payload: "one", createdAt: 1 });
+    const sessionTwo = broker.publish({ sessionId: "s2", kind: "tool_output", payload: "two", createdAt: 2 });
+
+    expect(broker.lookup({ sessionId: "s1" })).toEqual([sessionOne]);
+    expect(broker.lookup({ sessionId: "s2" })).toEqual([sessionTwo]);
+    expect(broker.status().records).toBe(2);
+  });
+
+  it("uses sequence tie-breakers when createdAt timestamps tie", () => {
+    const broker = createInMemoryContextBroker({ maxRecords: 2, defaultTtlMs: 0 });
+    const first = broker.publish({ sessionId: "s", kind: "tool_output", payload: "alpha", createdAt: 1000 });
+    const second = broker.publish({ sessionId: "s", kind: "tool_output", payload: "bravo", createdAt: 1000 });
+    const third = broker.publish({ sessionId: "s", kind: "tool_output", payload: "charlie", createdAt: 1000 });
+
+    expect(broker.lookup({ id: first.id })).toEqual([]);
+    expect(broker.lookup({ id: second.id })).toEqual([second]);
+    expect(broker.lookup({ id: third.id })).toEqual([third]);
+  });
+
+  it("enforces byte caps by pruning oldest unpinned artifacts", () => {
+    const broker = createInMemoryContextBroker({ maxBytes: 6, defaultTtlMs: 0 });
+    const first = broker.publish({ sessionId: "s", kind: "tool_output", payload: "12345", createdAt: 1 });
+    const second = broker.publish({ sessionId: "s", kind: "tool_output", payload: "abcde", createdAt: 2 });
+
+    expect(broker.lookup({ id: first.id })).toEqual([]);
+    expect(broker.lookup({ id: second.id })).toEqual([second]);
+    expect(broker.status().bytes).toBe(5);
+  });
+
+  it("preserves the returned handle when a new artifact exceeds maxBytes", () => {
+    const broker = createInMemoryContextBroker({ maxBytes: 4, defaultTtlMs: 0 });
+    const artifact = broker.publish({ sessionId: "s", kind: "tool_output", payload: "oversized", createdAt: 1 });
+
+    expect(broker.lookup({ id: artifact.id })).toEqual([artifact]);
+    expect(broker.lookup({ handle: artifact.handle })).toEqual([artifact]);
+    expect(broker.status().bytes).toBe(Buffer.byteLength("oversized", "utf8"));
+  });
+
+  it("computes bytes and SHA-256 on raw Buffer payload bytes", () => {
+    const broker = createInMemoryContextBroker({ maxBytes: 1024, defaultTtlMs: 0 });
+    const payload = Buffer.from([0x66, 0xff, 0x61, 0x62, 0x80, 0x00]);
+    const artifact = broker.publish({ sessionId: "s", kind: "tool_output", payload, createdAt: 1 });
+    const expectedSha = createHash("sha256").update(payload).digest("hex");
+
+    expect(artifact.bytes).toBe(payload.length);
+    expect(artifact.sha256).toBe(expectedSha);
+    expect(Buffer.byteLength(artifact.payload, "utf8")).toBeGreaterThan(artifact.bytes);
+  });
+
+  it("keeps pinned artifacts visible while pruning unpinned records", () => {
+    const broker = createInMemoryContextBroker({ maxRecords: 2, defaultTtlMs: 0 });
+    const pinned = broker.publish({ sessionId: "s", kind: "diff", payload: "important", pinned: true, createdAt: 1 });
+    const older = broker.publish({ sessionId: "s", kind: "diff", payload: "temporary", createdAt: 2 });
+    const newer = broker.publish({ sessionId: "s", kind: "diff", payload: "latest", createdAt: 3 });
+
+    expect(broker.lookup({ id: pinned.id })).toEqual([pinned]);
+    expect(broker.lookup({ id: older.id })).toEqual([]);
+    expect(broker.lookup({ id: newer.id })).toEqual([newer]);
+    expect(broker.status().pinnedRecords).toBe(1);
+  });
+
+  it("expires unpinned artifacts by ttl", () => {
+    const broker = createInMemoryContextBroker({ defaultTtlMs: 10 });
+    const artifact = broker.publish({ sessionId: "s", kind: "tool_output", payload: "old", createdAt: 100 });
+
+    broker.prune(111);
+
+    expect(broker.lookup({ id: artifact.id })).toEqual([]);
+  });
+
+  it("prunes expired artifacts before lookup without an explicit prune call", () => {
+    const broker = createInMemoryContextBroker({ defaultTtlMs: 1 });
+    const artifact = broker.publish({ sessionId: "s", kind: "tool_output", payload: "expired", createdAt: 1 });
+
+    expect(broker.lookup({ id: artifact.id })).toEqual([]);
+    expect(broker.status().records).toBe(0);
+  });
+
+  it("omits expired artifacts from rendered prompt briefs", () => {
+    const broker = createInMemoryContextBroker({ defaultTtlMs: 1, briefBytes: 500 });
+    const artifact = broker.publish({ sessionId: "s", kind: "tool_output", payload: "expired secret", summary: "expired summary", createdAt: 1 });
+
+    const brief = broker.renderBrief({ sessionId: "s" });
+
+    expect(brief).not.toContain(artifact.handle);
+    expect(brief).not.toContain("expired summary");
+  });
+
+  it("keeps pinned expired artifacts visible until unpinned", () => {
+    const broker = createInMemoryContextBroker({ defaultTtlMs: 1 });
+    const artifact = broker.publish({ sessionId: "s", kind: "tool_output", payload: "pinned", pinned: true, createdAt: 1 });
+
+    expect(broker.lookup({ id: artifact.id })).toEqual([artifact]);
+    expect(broker.pin(artifact.id, false)).toBeNull();
+    expect(broker.lookup({ id: artifact.id })).toEqual([]);
+  });
+
+  it("renders a bounded prompt brief with lookup instructions", () => {
+    const broker = createInMemoryContextBroker({ briefBytes: 180 });
+    broker.publish({
+      sessionId: "s",
+      kind: "tool_output",
+      payload: "x".repeat(500),
+      summary: "large command output passed with no failures",
+      tags: ["test"],
+      paths: ["packages/core"],
+    });
+
+    const brief = broker.renderBrief();
+
+    expect(Buffer.byteLength(brief, "utf8")).toBeLessThanOrEqual(180);
+    expect(brief).toContain("Context Broker");
+    expect(brief).toContain("ctx://session/s/tool_output/");
+  });
+
+  it("enforces prompt brief budgets by UTF-8 byte length", () => {
+    const broker = createInMemoryContextBroker({ briefBytes: 170 });
+    broker.publish({
+      sessionId: "emoji-session",
+      kind: "tool_output",
+      payload: "✅".repeat(200),
+      summary: "✅ 測試 passed ".repeat(20),
+      tags: ["測試", "✅"],
+      paths: ["packages/核心/✅.ts"],
+    });
+
+    const brief = broker.renderBrief({ budgetBytes: 170 });
+
+    expect(Buffer.byteLength(brief, "utf8")).toBeLessThanOrEqual(170);
+    expect(brief).toContain("Context Broker");
+  });
+});

package/node_modules/@fiale-plus/pi-core/src/context-broker.ts

@@ -0,0 +1,308 @@
+import { createHash } from "node:crypto";
+import { safeName } from "./text.js";
+
+export type ContextArtifactKind =
+  | "tool_output"
+  | "diff"
+  | "file_snapshot"
+  | "subagent_result"
+  | "advisor_brief"
+  | "memory_note";
+
+export interface ContextArtifactInput {
+  sessionId: string;
+  kind: ContextArtifactKind;
+  payload: string | Buffer;
+  summary?: string;
+  tags?: string[];
+  paths?: string[];
+  command?: string;
+  branch?: string;
+  ttlMs?: number;
+  pinned?: boolean;
+  parentIds?: string[];
+  createdAt?: number;
+}
+
+export interface ContextArtifact {
+  id: string;
+  handle: string;
+  sessionId: string;
+  kind: ContextArtifactKind;
+  createdAt: number;
+  updatedAt: number;
+  bytes: number;
+  sha256: string;
+  payload: string;
+  summary: string;
+  tags: string[];
+  paths: string[];
+  command?: string;
+  branch?: string;
+  expiresAt?: number;
+  pinned: boolean;
+  parentIds: string[];
+}
+
+export interface ContextLookupQuery {
+  id?: string;
+  handle?: string;
+  sessionId?: string;
+  kind?: ContextArtifactKind;
+  tag?: string;
+  path?: string;
+  commandPrefix?: string;
+  branch?: string;
+  text?: string;
+  limit?: number;
+}
+
+export interface ContextBrokerStatus {
+  records: number;
+  bytes: number;
+  pinnedRecords: number;
+  pinnedBytes: number;
+  maxRecords: number;
+  maxBytes: number;
+}
+
+export interface ContextBrokerOptions {
+  maxRecords?: number;
+  maxBytes?: number;
+  defaultTtlMs?: number;
+  summaryBytes?: number;
+  briefBytes?: number;
+}
+
+export interface BoundedContextBroker {
+  publish(input: ContextArtifactInput): ContextArtifact;
+  lookup(query?: ContextLookupQuery): ContextArtifact[];
+  pin(idOrHandle: string, pinned?: boolean): ContextArtifact | null;
+  prune(now?: number): ContextBrokerStatus;
+  status(): ContextBrokerStatus;
+  renderBrief(query?: ContextLookupQuery & { budgetBytes?: number }): string;
+}
+
+const DEFAULT_MAX_RECORDS = 256;
+const DEFAULT_MAX_BYTES = 128 * 1024 * 1024;
+const DEFAULT_TTL_MS = 7 * 24 * 60 * 60 * 1000;
+const DEFAULT_SUMMARY_BYTES = 320;
+const DEFAULT_BRIEF_BYTES = 2_000;
+
+function normalizeList(values: string[] | undefined): string[] {
+  return [...new Set((values ?? []).map((value) => String(value || "").trim()).filter(Boolean))];
+}
+
+function payloadText(payload: string | Buffer): string {
+  return Buffer.isBuffer(payload) ? payload.toString("utf8") : String(payload ?? "");
+}
+
+function payloadBytes(payload: string | Buffer): number {
+  return Buffer.isBuffer(payload) ? payload.length : Buffer.byteLength(String(payload ?? ""), "utf8");
+}
+
+function hashPayload(payload: string | Buffer): string {
+  return createHash("sha256").update(Buffer.isBuffer(payload) ? payload : String(payload)).digest("hex");
+}
+
+function normalizeNeedle(value: string | undefined): string {
+  return String(value ?? "").trim().toLowerCase();
+}
+
+function truncateUtf8(text: string, maxBytes: number): string {
+  const limit = Math.max(0, Math.floor(maxBytes));
+  if (Buffer.byteLength(text, "utf8") <= limit) return text;
+  if (limit === 0) return "";
+
+  const ellipsis = "…";
+  const ellipsisBytes = Buffer.byteLength(ellipsis, "utf8");
+  const contentLimit = Math.max(0, limit - ellipsisBytes);
+  let used = 0;
+  let result = "";
+
+  for (const char of text) {
+    const bytes = Buffer.byteLength(char, "utf8");
+    if (used + bytes > contentLimit) break;
+    result += char;
+    used += bytes;
+  }
+
+  if (Buffer.byteLength(result + ellipsis, "utf8") <= limit) return result + ellipsis;
+  return result;
+}
+
+function summarizeArtifact(summary: string | undefined, kind: ContextArtifactKind, bytes: number, sha256: string, maxBytes: number): string {
+  const cleaned = String(summary ?? "").replace(/\s+/g, " ").trim();
+  if (cleaned) return truncateUtf8(cleaned, maxBytes);
+  return truncateUtf8(`[${kind} payload stored externally; ${bytes} bytes; sha256=${sha256.slice(0, 16)}]`, maxBytes);
+}
+
+function artifactMatches(artifact: ContextArtifact, query: ContextLookupQuery): boolean {
+  if (query.id && artifact.id !== query.id) return false;
+  if (query.handle && artifact.handle !== query.handle) return false;
+  if (query.sessionId && artifact.sessionId !== query.sessionId) return false;
+  if (query.kind && artifact.kind !== query.kind) return false;
+  if (query.branch && artifact.branch !== query.branch) return false;
+  if (query.tag && !artifact.tags.includes(query.tag)) return false;
+  if (query.path) {
+    const queryPath = query.path.replace(/\/$/, "");
+    if (!artifact.paths.some((path) => path === query.path || path.startsWith(`${queryPath}/`))) return false;
+  }
+  if (query.commandPrefix && !artifact.command?.startsWith(query.commandPrefix)) return false;
+
+  const text = normalizeNeedle(query.text);
+  if (text) {
+    const haystack = [artifact.summary, artifact.payload, artifact.command, artifact.tags.join(" "), artifact.paths.join(" ")]
+      .join("\n")
+      .toLowerCase();
+    if (!haystack.includes(text)) return false;
+  }
+
+  return true;
+}
+
+export function createInMemoryContextBroker(options: ContextBrokerOptions = {}): BoundedContextBroker {
+  const maxRecords = Math.max(1, Math.floor(options.maxRecords ?? DEFAULT_MAX_RECORDS));
+  const maxBytes = Math.max(1, Math.floor(options.maxBytes ?? DEFAULT_MAX_BYTES));
+  const defaultTtlMs = Math.max(0, Math.floor(options.defaultTtlMs ?? DEFAULT_TTL_MS));
+  const summaryBytes = Math.max(16, Math.floor(options.summaryBytes ?? DEFAULT_SUMMARY_BYTES));
+  const defaultBriefBytes = Math.max(64, Math.floor(options.briefBytes ?? DEFAULT_BRIEF_BYTES));
+  let artifacts: Array<ContextArtifact & { sequence: number }> = [];
+  let sequence = 0;
+
+  function currentStatus(): ContextBrokerStatus {
+    const bytes = artifacts.reduce((sum, artifact) => sum + artifact.bytes, 0);
+    const pinned = artifacts.filter((artifact) => artifact.pinned);
+    return {
+      records: artifacts.length,
+      bytes,
+      pinnedRecords: pinned.length,
+      pinnedBytes: pinned.reduce((sum, artifact) => sum + artifact.bytes, 0),
+      maxRecords,
+      maxBytes,
+    };
+  }
+
+  function dropExpired(now = Date.now(), protectedIds = new Set<string>()): void {
+    artifacts = artifacts.filter(
+      (artifact) => artifact.pinned || protectedIds.has(artifact.id) || !artifact.expiresAt || artifact.expiresAt > now,
+    );
+  }
+
+  function oldestRemovable(sessionId: string, protectedIds: Set<string>): { artifact: ContextArtifact & { sequence: number }; index: number } | undefined {
+    return artifacts
+      .map((artifact, index) => ({ artifact, index }))
+      .filter(({ artifact }) => artifact.sessionId === sessionId && !artifact.pinned && !protectedIds.has(artifact.id))
+      .sort((a, b) => {
+        if (a.artifact.createdAt !== b.artifact.createdAt) return a.artifact.createdAt - b.artifact.createdAt;
+        return a.artifact.sequence - b.artifact.sequence;
+      })[0];
+  }
+
+  function sessionWithinCaps(sessionId: string): boolean {
+    const sessionArtifacts = artifacts.filter((artifact) => artifact.sessionId === sessionId);
+    return sessionArtifacts.length <= maxRecords && sessionArtifacts.reduce((sum, artifact) => sum + artifact.bytes, 0) <= maxBytes;
+  }
+
+  function prune(now = Date.now(), protectedIds = new Set<string>()): ContextBrokerStatus {
+    dropExpired(now, protectedIds);
+
+    for (const sessionId of new Set(artifacts.map((artifact) => artifact.sessionId))) {
+      while (!sessionWithinCaps(sessionId)) {
+        const candidate = oldestRemovable(sessionId, protectedIds);
+        if (!candidate) break;
+        artifacts.splice(candidate.index, 1);
+      }
+    }
+
+    return currentStatus();
+  }
+
+  function status(): ContextBrokerStatus {
+    dropExpired();
+    return currentStatus();
+  }
+
+  function publish(input: ContextArtifactInput): ContextArtifact {
+    const now = input.createdAt ?? Date.now();
+    const payload = payloadText(input.payload);
+    const sha256 = hashPayload(input.payload);
+    const bytes = payloadBytes(input.payload);
+    const artifactSequence = ++sequence;
+    const id = `ctx-${now.toString(36)}-${String(artifactSequence).padStart(4, "0")}-${sha256.slice(0, 12)}`;
+    const session = safeName(input.sessionId || "session");
+    const kind = input.kind;
+    const handle = `ctx://session/${session}/${kind}/${sha256.slice(0, 16)}/${id}`;
+    const ttlMs = input.ttlMs ?? defaultTtlMs;
+
+    const artifact: ContextArtifact & { sequence: number } = {
+      id,
+      handle,
+      sessionId: input.sessionId,
+      kind,
+      createdAt: now,
+      updatedAt: now,
+      bytes,
+      sha256,
+      payload,
+      summary: summarizeArtifact(input.summary, kind, bytes, sha256, summaryBytes),
+      tags: normalizeList(input.tags),
+      paths: normalizeList(input.paths),
+      command: input.command?.trim() || undefined,
+      branch: input.branch?.trim() || undefined,
+      expiresAt: ttlMs > 0 ? now + ttlMs : undefined,
+      pinned: Boolean(input.pinned),
+      parentIds: normalizeList(input.parentIds),
+      sequence: artifactSequence,
+    };
+
+    artifacts = [artifact, ...artifacts];
+    prune(now, new Set([artifact.id]));
+    return artifact;
+  }
+
+  function lookup(query: ContextLookupQuery = {}): ContextArtifact[] {
+    dropExpired();
+    const limit = Math.max(1, Math.floor(query.limit ?? (artifacts.length || 1)));
+    return artifacts
+      .filter((artifact) => artifactMatches(artifact, query))
+      .sort((a, b) => Number(b.pinned) - Number(a.pinned) || b.createdAt - a.createdAt || b.sequence - a.sequence)
+      .slice(0, limit);
+  }
+
+  function pin(idOrHandle: string, pinned = true): ContextArtifact | null {
+    dropExpired();
+    const artifact = artifacts.find((candidate) => candidate.id === idOrHandle || candidate.handle === idOrHandle) ?? null;
+    if (!artifact) return null;
+    artifact.pinned = pinned;
+    artifact.updatedAt = Date.now();
+    prune();
+    return artifacts.find((candidate) => candidate.id === artifact.id) ?? null;
+  }
+
+  function renderBrief(query: ContextLookupQuery & { budgetBytes?: number } = {}): string {
+    const budget = Math.max(64, Math.floor(query.budgetBytes ?? defaultBriefBytes));
+    const lines = [
+      "## Context Broker",
+      `Budget: ${budget} bytes`,
+      ...lookup({ ...query, limit: query.limit ?? 8 }).map((artifact) => {
+        const pin = artifact.pinned ? " pinned" : "";
+        const path = artifact.paths.length ? ` paths=${artifact.paths.slice(0, 3).join(",")}` : "";
+        const tags = artifact.tags.length ? ` tags=${artifact.tags.slice(0, 3).join(",")}` : "";
+        return `- ${artifact.handle} kind=${artifact.kind}${pin}${path}${tags} summary="${artifact.summary}"`;
+      }),
+      "Lookup: use broker lookup by handle/path/tag/kind/session before replaying raw payloads.",
+    ];
+
+    return truncateUtf8(lines.join("\n"), budget);
+  }
+
+  return {
+    publish,
+    lookup,
+    pin,
+    prune,
+    status,
+    renderBrief,
+  };
+}

package/node_modules/@fiale-plus/pi-core/src/index.ts

@@ -0,0 +1,5 @@
+export * from "./context-broker.js";
+export * from "./paths.js";
+export * from "./risk.js";
+export * from "./storage.js";
+export * from "./text.js";

package/node_modules/@fiale-plus/pi-core/src/paths.ts

@@ -0,0 +1,36 @@
+import { mkdirSync } from "node:fs";
+import { homedir } from "node:os";
+import { basename, join } from "node:path";
+
+const ROOT_DIR = join(homedir(), ".pi", "agent", "fiale-plus");
+
+export function appDir(): string {
+  mkdirSync(ROOT_DIR, { recursive: true });
+  return ROOT_DIR;
+}
+
+export function featureDir(feature: string): string {
+  const dir = join(appDir(), feature);
+  mkdirSync(dir, { recursive: true });
+  return dir;
+}
+
+export function sessionKey(ctx: any): string {
+  const sessionFile = ctx?.sessionManager?.getSessionFile?.();
+  if (!sessionFile) return "session";
+  return basename(String(sessionFile)).replace(/\.[^.]+$/, "");
+}
+
+export function sessionDir(feature: string, ctx: any): string {
+  const dir = join(featureDir(feature), sessionKey(ctx));
+  mkdirSync(dir, { recursive: true });
+  return dir;
+}
+
+export function featureFile(feature: string, filename: string): string {
+  return join(featureDir(feature), filename);
+}
+
+export function sessionFile(feature: string, ctx: any, filename: string): string {
+  return join(sessionDir(feature, ctx), filename);
+}

package/node_modules/@fiale-plus/pi-core/src/risk.test.ts

@@ -0,0 +1,129 @@
+import { describe, it, expect } from "vitest";
+import { scanShellCommand, type RiskScan } from "./risk.js";
+
+describe("scanShellCommand", () => {
+  it("returns safe for empty command", () => {
+    const result = scanShellCommand("");
+    expect(result.safe).toBe(true);
+    expect(result.severity).toBe("safe");
+  });
+
+  it("returns safe for a benign command", () => {
+    const result = scanShellCommand("echo hello world");
+    expect(result.safe).toBe(true);
+    expect(result.severity).toBe("safe");
+  });
+
+  it("detects rm as dangerous", () => {
+    const result = scanShellCommand("rm -rf /tmp/foo");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+    expect(result.findings.some((f) => f.id === "rm")).toBe(true);
+  });
+
+  it("detects rm only as a word boundary (not inside other words)", () => {
+    const result = scanShellCommand("program --remove-all");
+    expect(result.safe).toBe(true);
+  });
+
+  it("detects sudo as warning", () => {
+    const result = scanShellCommand("sudo apt update");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("warn");
+    expect(result.findings.some((f) => f.id === "sudo")).toBe(true);
+  });
+
+  it("detects chmod -R as dangerous", () => {
+    const result = scanShellCommand("chmod -R 777 /etc");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+    expect(result.findings.some((f) => f.id === "chmod-r")).toBe(true);
+  });
+
+  it("detects chown as dangerous", () => {
+    const result = scanShellCommand("chown root:root /var");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+  });
+
+  it("detects git push --force as dangerous", () => {
+    const result = scanShellCommand("git push --force origin main");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+    expect(result.findings.some((f) => f.id === "force-push")).toBe(true);
+  });
+
+  it("detects git push --force-with-lease as dangerous", () => {
+    const result = scanShellCommand("git push --force-with-lease origin main");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+    expect(result.findings.some((f) => f.id === "force-push")).toBe(true);
+  });
+
+  it("detects curl | sh as dangerous", () => {
+    const result = scanShellCommand("curl https://example.com/install.sh | sh");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+    expect(result.findings.some((f) => f.id === "curl-shell")).toBe(true);
+  });
+
+  it("detects curl | bash as dangerous", () => {
+    const result = scanShellCommand("curl -fsSL https://example.com/install.sh | bash");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+    expect(result.findings.some((f) => f.id === "curl-shell")).toBe(true);
+  });
+
+  it("detects mkfs as dangerous", () => {
+    const result = scanShellCommand("mkfs.ext4 /dev/sda1");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+  });
+
+  it("detects dd if= as dangerous", () => {
+    const result = scanShellCommand("dd if=/dev/zero of=/tmp/out bs=1M count=10");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+  });
+
+  it("detects shutdown as dangerous", () => {
+    const result = scanShellCommand("shutdown -h now");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+  });
+
+  it("detects reboot as dangerous", () => {
+    const result = scanShellCommand("reboot");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+  });
+
+  it("scans extra fragments", () => {
+    const result = scanShellCommand("docker exec -it container bash", ["docker exec"]);
+    expect(result.safe).toBe(false);
+    expect(result.findings.some((f) => f.id === "extra:docker exec")).toBe(true);
+  });
+
+  it("returns warn severity when only warnings are found", () => {
+    const result = scanShellCommand("sudo echo hello");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("warn");
+  });
+
+  it("returns danger severity when danger items are found even with warnings", () => {
+    const result = scanShellCommand("sudo rm /tmp/foo");
+    expect(result.safe).toBe(false);
+    expect(result.severity).toBe("danger");
+  });
+
+  it("handles case-insensitive matching", () => {
+    const result = scanShellCommand("RM -rf /");
+    expect(result.safe).toBe(false);
+    expect(result.findings.some((f) => f.id === "rm")).toBe(true);
+  });
+
+  it("ignores empty extra fragments", () => {
+    const result = scanShellCommand("echo foo", ["", "  "]);
+    expect(result.safe).toBe(true);
+  });
+});

package/node_modules/@fiale-plus/pi-core/src/risk.ts

@@ -0,0 +1,97 @@
+export interface RiskFinding {
+  id: string;
+  label: string;
+  severity: "warn" | "danger";
+}
+
+export interface RiskScan {
+  safe: boolean;
+  severity: "safe" | "warn" | "danger";
+  findings: RiskFinding[];
+  reason: string;
+}
+
+const DEFAULT_PATTERNS: RiskFinding[] = [
+  { id: "rm", label: "rm", severity: "danger" },
+  { id: "sudo", label: "sudo", severity: "warn" },
+  { id: "chmod-r", label: "chmod -R", severity: "danger" },
+  { id: "chown", label: "chown", severity: "danger" },
+  { id: "mkfs", label: "mkfs", severity: "danger" },
+  { id: "dd", label: "dd if=", severity: "danger" },
+  { id: "shutdown", label: "shutdown", severity: "danger" },
+  { id: "reboot", label: "reboot", severity: "danger" },
+  { id: "force-push", label: "git push --force", severity: "danger" },
+  { id: "curl-shell", label: "curl | sh", severity: "danger" },
+  { id: "wget-shell", label: "wget | sh", severity: "danger" },
+];
+
+function contains(command: string, fragment: string): boolean {
+  return command.toLowerCase().includes(fragment.toLowerCase());
+}
+
+export function scanShellCommand(command: string, extraFragments: string[] = []): RiskScan {
+  const findings: RiskFinding[] = [];
+  const text = command.trim();
+
+  if (!text) {
+    return { safe: true, severity: "safe", findings, reason: "Empty command." };
+  }
+
+  for (const pattern of DEFAULT_PATTERNS) {
+    switch (pattern.id) {
+      case "rm":
+        if (/\brm\b/i.test(text)) findings.push(pattern);
+        break;
+      case "sudo":
+        if (/\bsudo\b/i.test(text)) findings.push(pattern);
+        break;
+      case "chmod-r":
+        if (/\bchmod\s+-R\b/i.test(text)) findings.push(pattern);
+        break;
+      case "chown":
+        if (/\bchown\b/i.test(text)) findings.push(pattern);
+        break;
+      case "mkfs":
+        if (/\bmkfs(?:\.[\w-]+)?\b/i.test(text)) findings.push(pattern);
+        break;
+      case "dd":
+        if (/\bdd\s+if=/i.test(text)) findings.push(pattern);
+        break;
+      case "shutdown":
+        if (/\bshutdown\b/i.test(text)) findings.push(pattern);
+        break;
+      case "reboot":
+        if (/\breboot\b/i.test(text)) findings.push(pattern);
+        break;
+      case "force-push":
+        if (/\bgit\s+push\b[\s\S]*--force(?:-with-lease)?/i.test(text)) findings.push(pattern);
+        break;
+      case "curl-shell":
+        if (/\bcurl\b[\s\S]*\|\s*(sh|bash)\b/i.test(text)) findings.push(pattern);
+        break;
+      case "wget-shell":
+        if (/\bwget\b[\s\S]*\|\s*(sh|bash)\b/i.test(text)) findings.push(pattern);
+        break;
+    }
+  }
+
+  for (const fragment of extraFragments) {
+    if (!fragment.trim()) continue;
+    if (contains(text, fragment)) {
+      findings.push({ id: `extra:${fragment}`, label: fragment, severity: "danger" });
+    }
+  }
+
+  if (findings.length === 0) {
+    return { safe: true, severity: "safe", findings, reason: "No risky shell fragments found." };
+  }
+
+  const severity = findings.some((finding) => finding.severity === "danger") ? "danger" : "warn";
+  const labels = findings.map((finding) => finding.label).join(", ");
+  return {
+    safe: false,
+    severity,
+    findings,
+    reason: `Detected risky shell fragment(s): ${labels}`,
+  };
+}

package/node_modules/@fiale-plus/pi-core/src/storage.ts

@@ -0,0 +1,39 @@
+import { appendFileSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname } from "node:path";
+
+export function ensureParent(filePath: string): string {
+  mkdirSync(dirname(filePath), { recursive: true });
+  return filePath;
+}
+
+export function readText(filePath: string, fallback = ""): string {
+  try {
+    return readFileSync(filePath, "utf8");
+  } catch {
+    return fallback;
+  }
+}
+
+export function writeText(filePath: string, text: string): void {
+  ensureParent(filePath);
+  writeFileSync(filePath, text, "utf8");
+}
+
+export function appendText(filePath: string, text: string): void {
+  ensureParent(filePath);
+  appendFileSync(filePath, text, "utf8");
+}
+
+export function readJson<T>(filePath: string, fallback: T): T {
+  try {
+    const raw = readText(filePath).trim();
+    if (!raw) return fallback;
+    return JSON.parse(raw) as T;
+  } catch {
+    return fallback;
+  }
+}
+
+export function writeJson(filePath: string, value: unknown): void {
+  writeText(filePath, `${JSON.stringify(value, null, 2)}\n`);
+}

package/node_modules/@fiale-plus/pi-core/src/text.test.ts

@@ -0,0 +1,36 @@
+import { describe, it, expect } from "vitest";
+import { truncate, safeName } from "./text.js";
+
+describe("truncate", () => {
+  it("returns full text when within limit", () => {
+    expect(truncate("hello", 10)).toBe("hello");
+  });
+
+  it("truncates and appends ellipsis when over limit", () => {
+    const result = truncate("hello world this is long", 12);
+    expect(result).toHaveLength(12);
+    expect(result.endsWith("…")).toBe(true);
+  });
+
+  it("handles empty string", () => {
+    expect(truncate("", 10)).toBe("");
+  });
+});
+
+describe("safeName", () => {
+  it("lowercases and replaces spaces with hyphens", () => {
+    expect(safeName("My Feature Branch")).toBe("my-feature-branch");
+  });
+
+  it("replaces special characters with hyphens", () => {
+    expect(safeName("feature/auth!!@#")).toBe("feature-auth");
+  });
+
+  it("strips leading/trailing hyphens", () => {
+    expect(safeName("--main--")).toBe("main");
+  });
+
+  it("falls back to 'main' for empty input", () => {
+    expect(safeName("")).toBe("main");
+  });
+});

package/node_modules/@fiale-plus/pi-core/src/text.ts

@@ -0,0 +1,14 @@
+export function truncate(text: string, max: number): string {
+  if (text.length <= max) return text;
+  return `${text.slice(0, Math.max(0, max - 1))}…`;
+}
+
+export function safeName(text: string): string {
+  return (
+    text
+      .trim()
+      .toLowerCase()
+      .replace(/[^a-z0-9._-]+/g, "-")
+      .replace(/^-+|-+$/g, "") || "main"
+  );
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@fiale-plus/pi-rogue-bundle",
-  "version": "0.1.14",
-  "description": "Public Pi-Rogue bundle for advisor and orchestration. Single consolidated artefact (advisor and orchestration releases paused; their packages are private and bundled here).",
+  "version": "0.1.15",
+  "description": "Public Pi-Rogue bundle for advisor, orchestration, and shared context-broker core. Single consolidated artefact (leaf releases paused; private packages are bundled here).",
   "type": "module",
   "license": "MIT",
   "repository": {
@@ -28,10 +28,12 @@
     "@earendil-works/pi-coding-agent": "^0.74.0"
   },
   "dependencies": {
+    "@fiale-plus/pi-core": "^0.1.0",
     "@fiale-plus/pi-rogue-advisor": "^0.1.0",
     "@fiale-plus/pi-rogue-orchestration": "^0.1.0"
   },
   "bundledDependencies": [
+    "@fiale-plus/pi-core",
     "@fiale-plus/pi-rogue-advisor",
     "@fiale-plus/pi-rogue-orchestration"
   ],