@geminixiang/mama 0.2.0-beta.0 → 0.2.0-beta.1

package/dist/main.js

@@ -1,18 +1,28 @@
 #!/usr/bin/env node
 import "./instrument.js";
 import { join, resolve } from "path";
-import { readFileSync } from "fs";
+import { homedir } from "os";
+import { mkdirSync, readFileSync, statSync } from "fs";
 import { fileURLToPath } from "url";
 import { dirname, join as pathJoin } from "path";
 import { DiscordBot } from "./adapters/discord/index.js";
 import { TelegramBot } from "./adapters/telegram/index.js";
 import { SlackBot as SlackBotClass } from "./adapters/slack/index.js";
 import { createRunner } from "./agent.js";
-import { createManagedSessionFile, createManagedSessionFileAtPath, getSessionDir, getThreadSessionFile, } from "./session-store.js";
+import { createManagedSessionFile, createManagedSessionFileAtPath, getChannelSessionDir, getThreadSessionFile, } from "./session-store.js";
 import { downloadChannel } from "./download.js";
 import { createEventsWatcher } from "./events.js";
 import * as log from "./log.js";
-import { parseSandboxArg, validateSandbox } from "./sandbox.js";
+import { FileUserBindingStore } from "./bindings.js";
+import { startLinkServer } from "./link-server.js";
+import { parseLoginCommand } from "./login.js";
+import { InMemoryLinkTokenStore } from "./link-token.js";
+import { DockerContainerManager } from "./provisioner.js";
+import { SandboxError, parseSandboxArg, validateSandbox } from "./sandbox.js";
+import { formatNothingRunning, formatStopping } from "./ui-copy.js";
+import { FileVaultManager } from "./vault.js";
+import { ensureSettingsFile } from "./config.js";
+import { createManagedVaultEntry, ensureSandboxVaultEntry, resolveActorVaultKey, } from "./vault-routing.js";
 import { addLifecycleBreadcrumb, applyRunScope } from "./sentry.js";
 import { ChannelStore } from "./store.js";
 import * as Sentry from "@sentry/node";
@@ -43,10 +53,23 @@ const MOM_SLACK_APP_TOKEN = process.env.MOM_SLACK_APP_TOKEN;
 const MOM_SLACK_BOT_TOKEN = process.env.MOM_SLACK_BOT_TOKEN;
 const MOM_TELEGRAM_BOT_TOKEN = process.env.MOM_TELEGRAM_BOT_TOKEN;
 const MOM_DISCORD_BOT_TOKEN = process.env.MOM_DISCORD_BOT_TOKEN;
+/** Base URL of the web login portal, e.g. https://platform.trygemini.xyz */
+const MOM_LINK_URL = process.env.MOM_LINK_URL;
+/**
+ * Port for the link callback HTTP server.
+ * Defaults to 8181 when MOM_LINK_URL is set (behind a reverse proxy).
+ * If neither is set, the server is not started.
+ */
+const MOM_LINK_PORT = process.env.MOM_LINK_PORT
+    ? parseInt(process.env.MOM_LINK_PORT, 10)
+    : MOM_LINK_URL
+        ? 8181
+        : undefined;
 function parseArgs() {
     const args = process.argv.slice(2);
     let sandbox = { type: "host" };
     let workingDir;
+    let stateDirArg;
     let downloadChannelId;
     let showVersion = false;
     for (let i = 0; i < args.length; i++) {
@@ -60,6 +83,12 @@ function parseArgs() {
         else if (arg === "--sandbox") {
             sandbox = parseSandboxArg(args[++i] || "");
         }
+        else if (arg.startsWith("--state-dir=")) {
+            stateDirArg = arg.slice("--state-dir=".length);
+        }
+        else if (arg === "--state-dir") {
+            stateDirArg = args[++i];
+        }
         else if (arg.startsWith("--download=")) {
             downloadChannelId = arg.slice("--download=".length);
         }
@@ -72,12 +101,66 @@ function parseArgs() {
     }
     return {
         workingDir: workingDir ? resolve(workingDir) : undefined,
+        stateDir: stateDirArg ? resolve(stateDirArg) : undefined,
         sandbox,
         downloadChannel: downloadChannelId,
         showVersion,
     };
 }
-const parsedArgs = parseArgs();
+const WORLD_WRITABLE_MODE = 0o002;
+/**
+ * Create stateDir if missing and refuse to use it if another local user could
+ * tamper with its contents. stateDir holds vaults, bindings, and settings —
+ * a world-writable or foreign-owned directory there would let a local attacker
+ * swap in credentials or change routing.
+ */
+function ensureSecureStateDir(path) {
+    let stat;
+    try {
+        stat = statSync(path);
+    }
+    catch (err) {
+        const code = err.code;
+        if (code === "ENOENT") {
+            mkdirSync(path, { recursive: true, mode: 0o700 });
+            return;
+        }
+        console.error(`Error: cannot access --state-dir ${path}: ${err.message}`);
+        process.exit(1);
+    }
+    if (!stat.isDirectory()) {
+        console.error(`Error: --state-dir ${path} exists but is not a directory`);
+        process.exit(1);
+    }
+    if (stat.mode & WORLD_WRITABLE_MODE) {
+        console.error(`Error: --state-dir ${path} is world-writable (mode ${(stat.mode & 0o777).toString(8)}). ` +
+            `Credentials stored there would be exposed to other local users. ` +
+            `Fix with: chmod 0700 ${path}`);
+        process.exit(1);
+    }
+    const euid = typeof process.geteuid === "function" ? process.geteuid() : undefined;
+    if (euid !== undefined && stat.uid !== euid) {
+        console.error(`Error: --state-dir ${path} is owned by uid ${stat.uid} but mama is running as uid ${euid}. ` +
+            `Run mama as the directory owner or point --state-dir at a directory you own.`);
+        process.exit(1);
+    }
+}
+function handleStartupError(error) {
+    if (error instanceof SandboxError) {
+        for (const line of error.formatForCli()) {
+            console.error(line);
+        }
+        process.exit(1);
+    }
+    throw error;
+}
+let parsedArgs;
+try {
+    parsedArgs = parseArgs();
+}
+catch (error) {
+    handleStartupError(error);
+}
 // Handle --version
 if (parsedArgs.showVersion) {
     console.log(getVersion());
@@ -94,11 +177,27 @@ if (parsedArgs.downloadChannel) {
 }
 // Normal bot mode - require working dir
 if (!parsedArgs.workingDir) {
-    console.error("Usage: mama [--sandbox=host|docker:<name>|firecracker:<vm-id>:<host-path>] <working-directory>");
+    console.error("Usage: mama [--sandbox=host|container:<name>|image:<image>|firecracker:<vm-id>:<host-path>] [--state-dir=<path>] <working-directory>");
     console.error("       mama --download <channel-id>");
     process.exit(1);
 }
 const { workingDir, sandbox } = { workingDir: parsedArgs.workingDir, sandbox: parsedArgs.sandbox };
+// stateDir holds operator-managed files (vaults, settings, bindings).
+// Defaults to ~/.mama to keep secrets outside the project workspace mounted into sandboxes.
+const stateDir = parsedArgs.stateDir ?? join(homedir(), ".mama");
+ensureSecureStateDir(stateDir);
+// Share stateDir with instrument.ts (for Sentry config loading)
+process.env.MAMA_STATE_DIR = stateDir;
+// Ensure settings.json exists; create a template if first run.
+const { created: settingsCreated, config: agentSettings } = ensureSettingsFile(stateDir);
+if (settingsCreated) {
+    console.log(`Created default settings: ${join(stateDir, "settings.json")}`);
+    console.log("Review and update provider/model before starting.");
+}
+if (!agentSettings.provider || !agentSettings.model) {
+    console.error(`Error: 'provider' and 'model' must be set in ${join(stateDir, "settings.json")}`);
+    process.exit(1);
+}
 // Validate platform tokens
 const hasSlack = !!(MOM_SLACK_APP_TOKEN && MOM_SLACK_BOT_TOKEN);
 const hasTelegram = !!MOM_TELEGRAM_BOT_TOKEN;
@@ -110,28 +209,74 @@ if (!hasSlack && !hasTelegram && !hasDiscord) {
         "  Discord:  MOM_DISCORD_BOT_TOKEN");
     process.exit(1);
 }
-await validateSandbox(sandbox);
-const channelStates = new Map();
+try {
+    await validateSandbox(sandbox);
+}
+catch (error) {
+    handleStartupError(error);
+}
+const vaultManager = new FileVaultManager(stateDir);
+if (vaultManager.isEnabled()) {
+    console.log(sandbox.type === "container"
+        ? "  Vault system enabled. Shared container vault active."
+        : "  Vault system enabled. Per-user credential routing active.");
+}
+const bindingStore = new FileUserBindingStore(stateDir);
+if (bindingStore.isEnabled()) {
+    console.log(sandbox.type === "container"
+        ? "  Binding store enabled. Shared container mode ignores per-user vault bindings."
+        : "  Binding store enabled. Platform user → vault routing active.");
+}
+const provisioner = sandbox.type === "image" ? new DockerContainerManager(sandbox.image, workingDir) : undefined;
+const linkTokenStore = new InMemoryLinkTokenStore();
+// Purge expired link tokens every 5 minutes
+setInterval(() => linkTokenStore.purge(), 5 * 60 * 1000).unref();
+const conversationStates = new Map();
 /** Track in-flight runs for graceful shutdown */
 const inFlightRuns = new Set();
 /** Flag to stop accepting new events during shutdown */
 let isShuttingDown = false;
 /** Maximum number of cached sessions */
 const MAX_SESSIONS = 500;
-/** Idle timeout before a non-running session can be evicted (1 hour) */
-const IDLE_TIMEOUT_MS = 3600000;
-async function getState(channelId, sessionKey) {
-    const key = sessionKey ?? channelId;
-    let state = channelStates.get(key);
+/** Idle timeout before a non-running session can be evicted (10 minutes) */
+const IDLE_TIMEOUT_MS = 600000;
+if (provisioner) {
+    await provisioner.reconcile();
+    await provisioner.stopIdle(IDLE_TIMEOUT_MS);
+}
+// Stop idle containers every hour (same cadence as session eviction)
+if (provisioner) {
+    setInterval(() => provisioner.stopIdle(IDLE_TIMEOUT_MS), IDLE_TIMEOUT_MS).unref();
+}
+function normalizeLoginBaseUrl() {
+    if (MOM_LINK_URL) {
+        return MOM_LINK_URL.replace(/\/+$/, "");
+    }
+    if (MOM_LINK_PORT) {
+        return `http://localhost:${MOM_LINK_PORT}`;
+    }
+    return undefined;
+}
+function ensureLoginVault(platform, platformUserId) {
+    const vaultId = resolveActorVaultKey(sandbox, vaultManager, bindingStore, platform, platformUserId);
+    ensureSandboxVaultEntry(sandbox, vaultManager, platform, platformUserId, vaultId);
+    if (sandbox.type !== "image" && sandbox.type !== "container") {
+        vaultManager.addEntry(vaultId, createManagedVaultEntry(platform, platformUserId, vaultId, false));
+    }
+    return vaultId;
+}
+async function getState(conversationId, sessionKey) {
+    const key = sessionKey ?? conversationId;
+    let state = conversationStates.get(key);
     if (!state) {
-        const channelDir = join(workingDir, channelId);
+        const conversationDir = join(workingDir, conversationId);
         state = {
             running: false,
-            runner: await createRunner(sandbox, key, channelId, channelDir, workingDir),
+            runner: await createRunner(sandbox, key, conversationId, conversationDir, workingDir, vaultManager, bindingStore, provisioner, stateDir),
             stopRequested: false,
             lastAccessedAt: Date.now(),
         };
-        channelStates.set(key, state);
+        conversationStates.set(key, state);
     }
     else {
         state.lastAccessedAt = Date.now();
@@ -139,27 +284,27 @@ async function getState(channelId, sessionKey) {
     return state;
 }
 /**
- * Evict idle sessions from channelStates to bound memory usage.
+ * Evict idle sessions from conversationStates to bound memory usage.
  * Called after each handleEvent completes.
  */
 function evictIdleSessions() {
     const now = Date.now();
-    for (const [key, state] of channelStates) {
+    for (const [key, state] of conversationStates) {
         if (!state.running && now - state.lastAccessedAt > IDLE_TIMEOUT_MS) {
-            channelStates.delete(key);
+            conversationStates.delete(key);
         }
     }
-    if (channelStates.size > MAX_SESSIONS) {
+    if (conversationStates.size > MAX_SESSIONS) {
         const idleSessions = [];
-        for (const [key, state] of channelStates) {
+        for (const [key, state] of conversationStates) {
             if (!state.running) {
                 idleSessions.push({ key, lastAccessedAt: state.lastAccessedAt });
             }
         }
         idleSessions.sort((a, b) => a.lastAccessedAt - b.lastAccessedAt);
-        const toEvict = channelStates.size - MAX_SESSIONS;
+        const toEvict = conversationStates.size - MAX_SESSIONS;
         for (let i = 0; i < toEvict && i < idleSessions.length; i++) {
-            channelStates.delete(idleSessions[i].key);
+            conversationStates.delete(idleSessions[i].key);
         }
     }
 }
@@ -168,12 +313,12 @@ function evictIdleSessions() {
 // ============================================================================
 const handler = {
     isRunning(sessionKey) {
-        const state = channelStates.get(sessionKey);
+        const state = conversationStates.get(sessionKey);
         return !!state?.running;
     },
     getRunningSessions() {
         const sessions = [];
-        for (const [sessionKey, state] of channelStates) {
+        for (const [sessionKey, state] of conversationStates) {
             if (state.running && state.startedAt) {
                 // Get current step from runner
                 const currentStep = state.runner.getCurrentStep();
@@ -187,20 +332,20 @@ const handler = {
         }
         return sessions;
     },
-    async handleStop(sessionKey, channelId, bot) {
-        const state = channelStates.get(sessionKey);
+    async handleStop(sessionKey, conversationId, bot) {
+        const state = conversationStates.get(sessionKey);
         if (state?.running) {
             state.stopRequested = true;
             state.runner.abort();
-            const ts = await bot.postMessage(channelId, "_Stopping..._");
+            const ts = await bot.postMessage(conversationId, formatStopping(bot));
             state.stopMessageTs = ts;
         }
         else {
-            await bot.postMessage(channelId, "_Nothing running_");
+            await bot.postMessage(conversationId, formatNothingRunning(bot));
         }
     },
     forceStop(sessionKey) {
-        const state = channelStates.get(sessionKey);
+        const state = conversationStates.get(sessionKey);
         if (state?.running) {
             log.logInfo(`[Force Stop] Force stopping session: ${sessionKey}`);
             state.stopRequested = true;
@@ -208,49 +353,81 @@ const handler = {
             state.running = false;
         }
     },
-    async handleNew(sessionKey, channelId, bot) {
-        const state = channelStates.get(sessionKey);
+    async handleNew(sessionKey, conversationId, bot) {
+        const state = conversationStates.get(sessionKey);
         if (state?.running) {
             state.stopRequested = true;
             state.runner.abort();
         }
         // Channel sessions rotate via current pointer. Thread sessions reset in place.
-        const channelDir = join(workingDir, channelId);
+        const conversationDir = join(workingDir, conversationId);
         if (sessionKey.includes(":")) {
-            createManagedSessionFileAtPath(getThreadSessionFile(channelDir, sessionKey), channelDir);
+            createManagedSessionFileAtPath(getThreadSessionFile(conversationDir, sessionKey), conversationDir);
         }
         else {
-            createManagedSessionFile(getSessionDir(channelDir, sessionKey), channelDir);
+            createManagedSessionFile(getChannelSessionDir(conversationDir), conversationDir);
         }
         // Remove from in-memory cache
-        channelStates.delete(sessionKey);
-        log.logInfo(`[${channelId}] Session reset: ${sessionKey}`);
-        await bot.postMessage(channelId, "Conversation reset. Send a new message to start fresh.");
+        conversationStates.delete(sessionKey);
+        log.logInfo(`[${conversationId}] Session reset: ${sessionKey}`);
+        await bot.postMessage(conversationId, "Conversation reset. Send a new message to start fresh.");
+    },
+    async handleLogin(platform, platformUserId, conversationId, bot, commandText, isPrivateConversation) {
+        const parsed = parseLoginCommand(commandText);
+        if (!parsed) {
+            return;
+        }
+        if (!isPrivateConversation) {
+            await bot.postMessage(conversationId, "为了保护你的凭证，`/login` 只能在与机器人的私聊中使用。请先私信机器人，再重新执行 `/login`。");
+            return;
+        }
+        const baseUrl = normalizeLoginBaseUrl();
+        if (!baseUrl) {
+            await bot.postMessage(conversationId, "Login is not configured. Set `MOM_LINK_URL` or `MOM_LINK_PORT` on the server.");
+            return;
+        }
+        let vaultId;
+        try {
+            vaultId = ensureLoginVault(platform, platformUserId);
+        }
+        catch (error) {
+            log.logWarning(`[${conversationId}] Failed to prepare login vault for ${platform}/${platformUserId}`, error instanceof Error ? error.message : String(error));
+            await bot.postMessage(conversationId, "Login setup failed on the server. 请稍后重试，或联系管理员检查 vault 存储权限。");
+            return;
+        }
+        const loginLabel = "credential";
+        const vaultLabel = sandbox.type === "container" ? "the shared container vault" : "your vault";
+        await bot.postMessage(conversationId, `Open this link to store ${loginLabel} in ${vaultLabel} ` +
+            `(expires in 15 minutes):\n${baseUrl}/link?token=${linkTokenStore.create(platform, platformUserId, conversationId, vaultId, "").token}`);
     },
     async handleEvent(event, bot, adapters, _isEvent) {
         // Don't accept new events during shutdown
         if (isShuttingDown) {
-            log.logInfo(`[${event.channel}] Rejected event during shutdown: ${event.text.substring(0, 50)}`);
+            log.logInfo(`[${event.conversationId}] Rejected event during shutdown: ${event.text.substring(0, 50)}`);
             return;
         }
-        const sessionKey = event.sessionKey ?? `${event.channel}:${event.thread_ts ?? event.ts}`;
-        const state = await getState(event.channel, sessionKey);
+        const sessionKey = event.sessionKey ?? `${event.conversationId}:${event.thread_ts ?? event.ts}`;
+        const state = await getState(event.conversationId, sessionKey);
         // Start run
         state.running = true;
         state.stopRequested = false;
         state.startedAt = Date.now();
         state.lastActivityAt = Date.now();
-        log.logInfo(`[${event.channel}] Starting run: ${event.text.substring(0, 50)}`);
+        log.logInfo(`[${event.conversationId}] Starting run: ${event.text.substring(0, 50)}`);
         // Wrap in-flight run tracking
         Sentry.metrics.count("agent.run.started", 1, {
-            attributes: { channel: event.channel },
+            attributes: { channel: event.conversationId },
         });
         Sentry.metrics.gauge("agent.sessions.active", inFlightRuns.size + 1);
-        const runPromise = Sentry.startSpan({ name: "agent.run", op: "agent", attributes: { channelId: event.channel, sessionKey } }, async () => {
+        const runPromise = Sentry.startSpan({
+            name: "agent.run",
+            op: "agent",
+            attributes: { channelId: event.conversationId, sessionKey },
+        }, async () => {
             return Sentry.withScope(async (scope) => {
                 const { message, responseCtx, platform } = adapters;
                 applyRunScope(scope, {
-                    channelId: event.channel,
+                    conversationId: event.conversationId,
                     sessionKey,
                     messageId: message.id,
                     platform: platform.name,
@@ -260,7 +437,7 @@ const handler = {
                     isEvent: _isEvent,
                 });
                 addLifecycleBreadcrumb("agent.run.started", {
-                    channel_id: event.channel,
+                    channel_id: event.conversationId,
                     platform: platform.name,
                     has_attachments: (message.attachments?.length ?? 0) > 0,
                 });
@@ -273,37 +450,37 @@ const handler = {
                     Sentry.metrics.distribution("agent.run.duration", durationMs, {
                         unit: "millisecond",
                         attributes: {
-                            channel: event.channel,
+                            channel: event.conversationId,
                             platform: platform.name,
                             stop_reason: result.stopReason,
                         },
                     });
                     Sentry.metrics.count("agent.run.completed", 1, {
                         attributes: {
-                            channel: event.channel,
+                            channel: event.conversationId,
                             platform: platform.name,
                             stop_reason: result.stopReason,
                         },
                     });
                     addLifecycleBreadcrumb("agent.run.completed", {
-                        channel_id: event.channel,
+                        channel_id: event.conversationId,
                         platform: platform.name,
                         stop_reason: result.stopReason,
                         duration_ms: durationMs,
                     });
                     if (result.stopReason === "aborted" && state.stopRequested) {
                         if (state.stopMessageTs) {
-                            await bot.updateMessage(event.channel, state.stopMessageTs, "_Stopped_");
+                            await bot.updateMessage(event.conversationId, state.stopMessageTs, "_Stopped_");
                             state.stopMessageTs = undefined;
                         }
                         else {
-                            await bot.postMessage(event.channel, "_Stopped_");
+                            await bot.postMessage(event.conversationId, "_Stopped_");
                         }
                     }
                 }
                 catch (err) {
                     scope.setContext("agent_run_error", {
-                        channelId: event.channel,
+                        conversationId: event.conversationId,
                         sessionKey,
                         platform: adapters.platform.name,
                         messageId: adapters.message.id,
@@ -311,9 +488,9 @@ const handler = {
                     });
                     Sentry.captureException(err);
                     Sentry.metrics.count("agent.run.errors", 1, {
-                        attributes: { channel: event.channel, platform: adapters.platform.name },
+                        attributes: { channel: event.conversationId, platform: adapters.platform.name },
                     });
-                    log.logWarning(`[${event.channel}] Run error`, err instanceof Error ? err.message : String(err));
+                    log.logWarning(`[${event.conversationId}] Run error`, err instanceof Error ? err.message : String(err));
                 }
                 finally {
                     state.running = false;
@@ -337,10 +514,20 @@ const handler = {
 // ============================================================================
 const sandboxDesc = sandbox.type === "host"
     ? "host"
-    : sandbox.type === "docker"
-        ? `docker:${sandbox.container}`
-        : `firecracker:${sandbox.vmId}`;
+    : sandbox.type === "container"
+        ? `container:${sandbox.container}`
+        : sandbox.type === "image"
+            ? `image:${sandbox.image}`
+            : `firecracker:${sandbox.vmId}`;
 log.logStartup(workingDir, sandboxDesc);
+// Start link callback server if port is configured
+if (MOM_LINK_PORT) {
+    startLinkServer(MOM_LINK_PORT, linkTokenStore, vaultManager, async (platform, conversationId, msg) => {
+        const bot = botsByPlatform[platform];
+        if (bot)
+            await bot.postMessage(conversationId, msg);
+    });
+}
 // Create platform bots
 const bots = [];
 const botsByPlatform = {};