@hackersbaby/plugin 0.4.3 → 0.5.1

package/dist/hooks/session-start.js

@@ -6,6 +6,12 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
     for (let key of __getOwnPropNames(from))
@@ -23,16 +29,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
-// src/collector.ts
-var import_uuid = require("uuid");
-
 // src/config.ts
-var import_fs = __toESM(require("fs"));
-var import_path = __toESM(require("path"));
-var import_os = __toESM(require("os"));
-var CONFIG_DIR = import_path.default.join(import_os.default.homedir(), ".hackersbaby");
-var CONFIG_FILE = import_path.default.join(CONFIG_DIR, "config.json");
-var QUEUE_FILE = import_path.default.join(CONFIG_DIR, "queue.jsonl");
 function sessionStateFile(source) {
   return import_path.default.join(CONFIG_DIR, `active-session-${source}.json`);
 }
@@ -54,122 +51,326 @@ function saveConfig(config) {
   ensureConfigDir();
   import_fs.default.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), "utf-8");
 }
+var import_fs, import_path, import_os, CONFIG_DIR, CONFIG_FILE, QUEUE_FILE;
+var init_config = __esm({
+  "src/config.ts"() {
+    "use strict";
+    import_fs = __toESM(require("fs"));
+    import_path = __toESM(require("path"));
+    import_os = __toESM(require("os"));
+    CONFIG_DIR = import_path.default.join(import_os.default.homedir(), ".hackersbaby");
+    CONFIG_FILE = import_path.default.join(CONFIG_DIR, "config.json");
+    QUEUE_FILE = import_path.default.join(CONFIG_DIR, "queue.jsonl");
+  }
+});
 
-// src/api-client.ts
-var APIClient = class {
-  config = loadConfig();
-  get headers() {
-    return {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${this.config?.token || ""}`
-    };
+// ../shared/dist/types.js
+var require_types = __commonJS({
+  "../shared/dist/types.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
   }
-  async sendBatch(batch) {
-    try {
-      const server = this.config?.server || "https://hackers.baby";
-      const res = await fetch(`${server}/api/scores/batch`, {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify(batch)
-      });
-      return res.ok;
-    } catch {
-      return false;
+});
+
+// ../shared/dist/scoring.js
+var require_scoring = __commonJS({
+  "../shared/dist/scoring.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.DEPLOY_PATTERNS = exports2.BASE_POINTS = exports2.MIN_SESSION_TOKENS = exports2.TOOL_CALLS_PER_HOUR_CAP = exports2.SESSION_BASE_POINT_CAP = void 0;
+    exports2.getBasePoints = getBasePoints;
+    exports2.calculateMultiplier = calculateMultiplier;
+    exports2.calculateSessionScore = calculateSessionScore;
+    exports2.isDeployCommand = isDeployCommand;
+    exports2.SESSION_BASE_POINT_CAP = 2e4;
+    exports2.TOOL_CALLS_PER_HOUR_CAP = 4e3;
+    exports2.MIN_SESSION_TOKENS = 2e3;
+    exports2.BASE_POINTS = {
+      token_input: { perUnit: 1, unitSize: 1e3 },
+      token_output: { perUnit: 2, unitSize: 1e3 },
+      tool_call: { perUnit: 5, unitSize: 1 },
+      file_created: { perUnit: 15, unitSize: 1 },
+      file_edited: { perUnit: 10, unitSize: 1 },
+      commit: { perUnit: 50, unitSize: 1 },
+      session_completed: { perUnit: 100, unitSize: 1 },
+      deployment: { perUnit: 200, unitSize: 1 },
+      prompt_submitted: { perUnit: 15, unitSize: 1 },
+      subagent_spawned: { perUnit: 40, unitSize: 1 },
+      context_compacted: { perUnit: 30, unitSize: 1 },
+      stop_response: { perUnit: 10, unitSize: 1 }
+    };
+    exports2.DEPLOY_PATTERNS = [
+      /^vercel\s+(--prod|deploy)/,
+      /^netlify\s+deploy/,
+      /^fly\s+deploy/,
+      /^railway\s+up/,
+      /^git\s+push\s+\S+\s+(main|master|production)/,
+      /^(npm|yarn|pnpm)\s+run\s+deploy/,
+      /^(yarn|pnpm)\s+deploy/
+    ];
+    function getBasePoints(actionType, value) {
+      const config = exports2.BASE_POINTS[actionType];
+      return Math.floor(value / config.unitSize) * config.perUnit;
+    }
+    function calculateMultiplier(input) {
+      let streak = 1;
+      if (input.streak_days >= 30)
+        streak = 3;
+      else if (input.streak_days >= 7)
+        streak = 2;
+      else if (input.streak_days >= 3)
+        streak = 1.5;
+      const quality = input.commit_quality ? 1.5 : 1;
+      const diversity = input.language_count >= 3 ? 1.2 : 1;
+      return streak * quality * diversity;
+    }
+    function calculateSessionScore(events, multiplier) {
+      let totalBase = 0;
+      for (const e of events)
+        totalBase += getBasePoints(e.action_type, e.value);
+      return Math.floor(Math.min(totalBase, exports2.SESSION_BASE_POINT_CAP) * multiplier);
+    }
+    function isDeployCommand(command) {
+      return exports2.DEPLOY_PATTERNS.some((p) => p.test(command.trim()));
     }
   }
-  async refreshTokenIfNeeded() {
-    if (!this.config) return;
-    try {
-      const parts = this.config.token.split(".");
-      if (parts.length !== 3) return;
-      const payload = JSON.parse(Buffer.from(parts[1], "base64").toString("utf-8"));
-      const expMs = payload.exp * 1e3;
-      const oneDayMs = 24 * 60 * 60 * 1e3;
-      if (Date.now() + oneDayMs < expMs) return;
-      const res = await fetch(`${this.config.server}/api/auth/cli-token/refresh`, {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify({ refresh_token: this.config.refresh_token })
-      });
-      if (res.ok) {
-        const data = await res.json();
-        if (data.token) {
-          this.config.token = data.token;
-          if (data.refresh_token) this.config.refresh_token = data.refresh_token;
-          saveConfig(this.config);
-        }
+});
+
+// ../shared/dist/anticheat.js
+var require_anticheat = __commonJS({
+  "../shared/dist/anticheat.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.hashEvent = hashEvent;
+    exports2.computeChainHash = computeChainHash2;
+    exports2.signBatch = signBatch2;
+    exports2.verifyBatchSignature = verifyBatchSignature;
+    var crypto_1 = require("crypto");
+    function hashEvent(event, prevHash) {
+      const payload = `${prevHash}|${event.action_type}|${event.value}|${event.timestamp}`;
+      return (0, crypto_1.createHash)("sha256").update(payload).digest("hex").slice(0, 16);
+    }
+    function computeChainHash2(events, initialHash = "0000000000000000") {
+      let hash = initialHash;
+      for (const event of events) {
+        hash = hashEvent(event, hash);
       }
-    } catch {
+      return hash;
     }
-  }
-  async getStatus() {
-    const server = this.config?.server || "https://hackers.baby";
-    const res = await fetch(`${server}/api/users/me`, { headers: this.headers });
-    if (!res.ok) throw new Error(`getStatus failed: ${res.status}`);
-    return res.json();
-  }
-  async getRank() {
-    const server = this.config?.server || "https://hackers.baby";
-    const res = await fetch(`${server}/api/users/me/rank`, { headers: this.headers });
-    if (!res.ok) throw new Error(`getRank failed: ${res.status}`);
-    return res.json();
-  }
-  async getLeaderboard() {
-    const server = this.config?.server || "https://hackers.baby";
-    const res = await fetch(`${server}/api/leaderboard/global?limit=10`, { headers: this.headers });
-    if (!res.ok) throw new Error(`getLeaderboard failed: ${res.status}`);
-    return res.json();
-  }
-  async getPublicStats() {
-    try {
-      const server = this.config?.server || "https://hackers.baby";
-      const res = await fetch(`${server}/api/stats/public`);
-      if (!res.ok) return null;
-      return res.json();
-    } catch {
-      return null;
+    function signBatch2(sessionId, events, chainHash, secret) {
+      const valueSum = events.reduce((s, e) => s + e.value, 0);
+      const message = `${sessionId}|${chainHash}|${events.length}|${valueSum}`;
+      return (0, crypto_1.createHmac)("sha256", secret).update(message).digest("hex");
     }
-  }
-  async getNotifications() {
-    try {
-      const server = this.config?.server || "https://hackers.baby";
-      const res = await fetch(`${server}/api/users/me/notifications`, { headers: this.headers });
-      if (!res.ok) return null;
-      return res.json();
-    } catch {
-      return null;
+    function verifyBatchSignature(sessionId, events, chainHash, signature, secret) {
+      const expected = signBatch2(sessionId, events, chainHash, secret);
+      if (expected.length !== signature.length)
+        return false;
+      let mismatch = 0;
+      for (let i = 0; i < expected.length; i++) {
+        mismatch |= expected.charCodeAt(i) ^ signature.charCodeAt(i);
+      }
+      return mismatch === 0;
     }
   }
-  async claimReferral(code) {
-    try {
-      const server = this.config?.server || "https://hackers.baby";
-      const res = await fetch(`${server}/api/referral/claim`, {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify({ referral_code: code })
-      });
-      if (!res.ok) return null;
-      return res.json();
-    } catch {
-      return null;
-    }
+});
+
+// ../shared/dist/index.js
+var require_dist = __commonJS({
+  "../shared/dist/index.js"(exports2) {
+    "use strict";
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    __exportStar(require_types(), exports2);
+    __exportStar(require_scoring(), exports2);
+    __exportStar(require_anticheat(), exports2);
   }
-  async getReferralStats() {
-    try {
-      const server = this.config?.server || "https://hackers.baby";
-      const res = await fetch(`${server}/api/referral/stats`, { headers: this.headers });
-      if (!res.ok) return null;
-      return res.json();
-    } catch {
-      return null;
-    }
+});
+
+// src/api-client.ts
+var import_shared, APIClient;
+var init_api_client = __esm({
+  "src/api-client.ts"() {
+    "use strict";
+    init_config();
+    import_shared = __toESM(require_dist());
+    APIClient = class {
+      config = loadConfig();
+      sessionSecret = null;
+      chainHash = "0000000000000000";
+      onChainUpdate = null;
+      /** Set callback to persist chain state between hook processes */
+      setChainUpdateCallback(cb) {
+        this.onChainUpdate = cb;
+      }
+      /** Restore crypto state from a previous session */
+      restoreCryptoState(secret, chainHash) {
+        this.sessionSecret = secret;
+        this.chainHash = chainHash;
+      }
+      get headers() {
+        return {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.config?.token || ""}`
+        };
+      }
+      /** Get current crypto state for persistence */
+      getCryptoState() {
+        if (!this.sessionSecret) return null;
+        return { secret: this.sessionSecret, chainHash: this.chainHash };
+      }
+      /** Register session with server and get cryptographic secret */
+      async startSession(sessionId) {
+        try {
+          const server = this.config?.server || "https://hackers.baby";
+          const res = await fetch(`${server}/api/sessions/start`, {
+            method: "POST",
+            headers: this.headers,
+            body: JSON.stringify({ session_id: sessionId })
+          });
+          if (res.ok) {
+            const data = await res.json();
+            this.sessionSecret = data.session_secret;
+            this.chainHash = data.initial_chain_hash;
+            return true;
+          }
+          return false;
+        } catch {
+          return false;
+        }
+      }
+      async sendBatch(batch) {
+        try {
+          const server = this.config?.server || "https://hackers.baby";
+          if (this.sessionSecret) {
+            const prevChainHash = this.chainHash;
+            const newChainHash = (0, import_shared.computeChainHash)(batch.events, prevChainHash);
+            const signature = (0, import_shared.signBatch)(batch.session_id, batch.events, newChainHash, this.sessionSecret);
+            batch.signature = signature;
+            batch.chain_hash = newChainHash;
+            batch.prev_chain_hash = prevChainHash;
+            this.chainHash = newChainHash;
+            if (this.onChainUpdate) {
+              this.onChainUpdate(this.chainHash, this.sessionSecret);
+            }
+          }
+          const res = await fetch(`${server}/api/scores/batch`, {
+            method: "POST",
+            headers: this.headers,
+            body: JSON.stringify(batch)
+          });
+          return res.ok;
+        } catch {
+          return false;
+        }
+      }
+      async refreshTokenIfNeeded() {
+        if (!this.config) return;
+        try {
+          const parts = this.config.token.split(".");
+          if (parts.length !== 3) return;
+          const payload = JSON.parse(Buffer.from(parts[1], "base64").toString("utf-8"));
+          const expMs = payload.exp * 1e3;
+          const oneDayMs = 24 * 60 * 60 * 1e3;
+          if (Date.now() + oneDayMs < expMs) return;
+          const res = await fetch(`${this.config.server}/api/auth/cli-token/refresh`, {
+            method: "POST",
+            headers: this.headers,
+            body: JSON.stringify({ refresh_token: this.config.refresh_token })
+          });
+          if (res.ok) {
+            const data = await res.json();
+            if (data.token) {
+              this.config.token = data.token;
+              if (data.refresh_token) this.config.refresh_token = data.refresh_token;
+              saveConfig(this.config);
+            }
+          }
+        } catch {
+        }
+      }
+      async getStatus() {
+        const server = this.config?.server || "https://hackers.baby";
+        const res = await fetch(`${server}/api/users/me`, { headers: this.headers });
+        if (!res.ok) throw new Error(`getStatus failed: ${res.status}`);
+        return res.json();
+      }
+      async getRank() {
+        const server = this.config?.server || "https://hackers.baby";
+        const res = await fetch(`${server}/api/users/me/rank`, { headers: this.headers });
+        if (!res.ok) throw new Error(`getRank failed: ${res.status}`);
+        return res.json();
+      }
+      async getLeaderboard() {
+        const server = this.config?.server || "https://hackers.baby";
+        const res = await fetch(`${server}/api/leaderboard/global?limit=10`, { headers: this.headers });
+        if (!res.ok) throw new Error(`getLeaderboard failed: ${res.status}`);
+        return res.json();
+      }
+      async getPublicStats() {
+        try {
+          const server = this.config?.server || "https://hackers.baby";
+          const res = await fetch(`${server}/api/stats/public`);
+          if (!res.ok) return null;
+          return res.json();
+        } catch {
+          return null;
+        }
+      }
+      async getNotifications() {
+        try {
+          const server = this.config?.server || "https://hackers.baby";
+          const res = await fetch(`${server}/api/users/me/notifications`, { headers: this.headers });
+          if (!res.ok) return null;
+          return res.json();
+        } catch {
+          return null;
+        }
+      }
+      async claimReferral(code) {
+        try {
+          const server = this.config?.server || "https://hackers.baby";
+          const res = await fetch(`${server}/api/referral/claim`, {
+            method: "POST",
+            headers: this.headers,
+            body: JSON.stringify({ referral_code: code })
+          });
+          if (!res.ok) return null;
+          return res.json();
+        } catch {
+          return null;
+        }
+      }
+      async getReferralStats() {
+        try {
+          const server = this.config?.server || "https://hackers.baby";
+          const res = await fetch(`${server}/api/referral/stats`, { headers: this.headers });
+          if (!res.ok) return null;
+          return res.json();
+        } catch {
+          return null;
+        }
+      }
+    };
   }
-};
+});
 
 // src/queue.ts
-var import_fs2 = __toESM(require("fs"));
-var MAX_QUEUE_SIZE = 1e4;
-var MAX_AGE_MS = 24 * 60 * 60 * 1e3;
 function enqueueEvents(events) {
   ensureConfigDir();
   const lines = events.map((e) => JSON.stringify(e)).join("\n");
@@ -207,65 +408,100 @@ function drainQueue() {
     return [];
   }
 }
+var import_fs2, MAX_QUEUE_SIZE, MAX_AGE_MS;
+var init_queue = __esm({
+  "src/queue.ts"() {
+    "use strict";
+    import_fs2 = __toESM(require("fs"));
+    init_config();
+    MAX_QUEUE_SIZE = 1e4;
+    MAX_AGE_MS = 24 * 60 * 60 * 1e3;
+  }
+});
 
 // src/collector.ts
-var EventCollector = class {
-  sessionId;
-  buffer = [];
-  flushInterval = null;
-  client;
-  source;
-  constructor(sessionId, source) {
-    this.sessionId = sessionId ?? (0, import_uuid.v4)();
-    this.client = new APIClient();
-    this.source = source;
-  }
-  addEvent(event) {
-    const metadata = this.source ? { ...event.metadata, source: this.source } : event.metadata;
-    this.buffer.push({
-      ...event,
-      metadata,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    });
-  }
-  async start() {
-    await this.client.refreshTokenIfNeeded();
-    const queued = drainQueue();
-    if (queued.length > 0) {
-      const batch = { session_id: this.sessionId, events: queued };
-      const ok = await this.client.sendBatch(batch);
-      if (!ok) {
-        enqueueEvents(queued);
+var import_uuid, EventCollector;
+var init_collector = __esm({
+  "src/collector.ts"() {
+    "use strict";
+    import_uuid = require("uuid");
+    init_api_client();
+    init_queue();
+    init_config();
+    EventCollector = class {
+      sessionId;
+      buffer = [];
+      flushInterval = null;
+      client;
+      source;
+      constructor(sessionId, source) {
+        this.sessionId = sessionId ?? (0, import_uuid.v4)();
+        this.client = new APIClient();
+        this.source = source;
       }
-    }
-    const config = loadConfig();
-    const intervalMs = config?.preferences?.batch_interval_ms ?? 1e4;
-    this.flushInterval = setInterval(() => {
-      this.flush().catch(() => {
-      });
-    }, intervalMs);
-  }
-  async flush() {
-    if (this.buffer.length === 0) return;
-    const events = this.buffer.splice(0);
-    const batch = { session_id: this.sessionId, events };
-    const ok = await this.client.sendBatch(batch);
-    if (!ok) {
-      enqueueEvents(events);
-    }
-  }
-  async stop() {
-    if (this.flushInterval !== null) {
-      clearInterval(this.flushInterval);
-      this.flushInterval = null;
-    }
-    this.addEvent({ action_type: "session_completed", value: 1, metadata: {} });
-    await this.flush();
+      /** Restore crypto state from persisted session data */
+      restoreCrypto(secret, chainHash) {
+        this.client.restoreCryptoState(secret, chainHash);
+      }
+      /** Set callback to persist crypto state after each batch */
+      setCryptoUpdateCallback(cb) {
+        this.client.setChainUpdateCallback(cb);
+      }
+      addEvent(event) {
+        const metadata = this.source ? { ...event.metadata, source: this.source } : event.metadata;
+        this.buffer.push({
+          ...event,
+          metadata,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      }
+      async start() {
+        await this.client.refreshTokenIfNeeded();
+        await this.client.startSession(this.sessionId);
+        const queued = drainQueue();
+        if (queued.length > 0) {
+          const batch = { session_id: this.sessionId, events: queued };
+          const ok = await this.client.sendBatch(batch);
+          if (!ok) {
+            enqueueEvents(queued);
+          }
+        }
+        const config = loadConfig();
+        const intervalMs = config?.preferences?.batch_interval_ms ?? 1e4;
+        this.flushInterval = setInterval(() => {
+          this.flush().catch(() => {
+          });
+        }, intervalMs);
+      }
+      async flush() {
+        if (this.buffer.length === 0) return;
+        const events = this.buffer.splice(0);
+        const batch = { session_id: this.sessionId, events };
+        const ok = await this.client.sendBatch(batch);
+        if (!ok) {
+          enqueueEvents(events);
+        }
+      }
+      async stop() {
+        if (this.flushInterval !== null) {
+          clearInterval(this.flushInterval);
+          this.flushInterval = null;
+        }
+        this.addEvent({ action_type: "session_completed", value: 1, metadata: {} });
+        await this.flush();
+      }
+    };
   }
-};
+});
+
+// src/hooks/shared/session-start.ts
+init_collector();
+init_api_client();
+init_config();
 
 // src/hooks/shared/utils.ts
 var import_fs3 = __toESM(require("fs"));
+init_config();
 function saveSessionState(state) {
   const file = sessionStateFile(state.source);
   import_fs3.default.writeFileSync(file, JSON.stringify(state));
@@ -280,8 +516,24 @@ function detectSource(payload) {
 async function handleSessionStart(source) {
   const detected = detectSource();
   const collector = new EventCollector(void 0, detected);
+  collector.setCryptoUpdateCallback((chainHash, secret) => {
+    saveSessionState({
+      sessionId: collector.sessionId,
+      pid: process.pid,
+      source: detected,
+      sessionSecret: secret,
+      chainHash
+    });
+  });
   await collector.start();
-  saveSessionState({ sessionId: collector.sessionId, pid: process.pid, source: detected });
+  const crypto = collector.client.getCryptoState();
+  saveSessionState({
+    sessionId: collector.sessionId,
+    pid: process.pid,
+    source: detected,
+    sessionSecret: crypto?.secret,
+    chainHash: crypto?.chainHash
+  });
   try {
     const config = loadConfig();
     if (config?.token) {