@inceptionstack/roundhouse 0.5.2 → 0.5.4

package/src/cli/shell.ts

@@ -0,0 +1,49 @@
+/**
+ * cli/shell.ts — Shared shell utility functions
+ *
+ * Platform-agnostic helpers for process execution and binary discovery.
+ * Used by systemd.ts, launchd.ts, and cli.ts.
+ */
+
+import { execFileSync, spawnSync } from "node:child_process";
+
+/**
+ * Synchronously locate a binary on PATH.
+ * Returns the absolute path or null if not found.
+ */
+export function whichSync(cmd: string): string | null {
+  try {
+    return execFileSync("which", [cmd], { encoding: "utf8", stdio: "pipe" }).trim() || null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Execute a command silently, returning stdout or empty string on failure.
+ * Never throws.
+ */
+export function execSilent(cmd: string, args: string[]): string {
+  try {
+    return execFileSync(cmd, args, { encoding: "utf8", stdio: "pipe" }).trim();
+  } catch {
+    return "";
+  }
+}
+
+/**
+ * Check if passwordless sudo is available.
+ */
+export function hasSudoAccess(): boolean {
+  return spawnSync("sudo", ["-n", "true"], { stdio: "pipe" }).status === 0;
+}
+
+/**
+ * Run a command with sudo. Falls back to interactive sudo if -n fails.
+ */
+export function runSudo(...args: string[]): void {
+  const result = spawnSync("sudo", ["-n", ...args], { stdio: "inherit" });
+  if (result.status !== 0) {
+    execFileSync("sudo", args, { stdio: "inherit" });
+  }
+}

package/src/cli/systemd.ts

@@ -8,7 +8,7 @@
 import { homedir } from "node:os";
 import { resolve, dirname } from "node:path";
 import { writeFile, unlink } from "node:fs/promises";
-import { execFileSync, spawnSync } from "node:child_process";
+import { execFileSync } from "node:child_process";
 import { randomBytes } from "node:crypto";
 import { fileURLToPath } from "node:url";
 
@@ -18,45 +18,22 @@ import {
   ENV_FILE_PATH,
   SERVICE_NAME,
 } from "../config";
+import { whichSync, execSilent, hasSudoAccess, runSudo } from "./shell";
+
+// Re-export shell utilities for backward compatibility with existing callers
+export { whichSync, hasSudoAccess, runSudo };
 
 const __systemdDir = dirname(fileURLToPath(import.meta.url));
 
 export const SERVICE_PATH = `/etc/systemd/system/${SERVICE_NAME}.service`;
 
-// ── Shell helpers ───────────────────────────────────
-
-export function whichSync(cmd: string): string | null {
-  try {
-    return execFileSync("which", [cmd], { encoding: "utf8", stdio: "pipe" }).trim() || null;
-  } catch {
-    return null;
-  }
-}
-
-function execSilent(cmd: string, args: string[]): string {
-  try {
-    return execFileSync(cmd, args, { encoding: "utf8", stdio: "pipe" }).trim();
-  } catch {
-    return "";
-  }
-}
-
-export function runSudo(...args: string[]): void {
-  const result = spawnSync("sudo", ["-n", ...args], { stdio: "inherit" });
-  if (result.status !== 0) {
-    execFileSync("sudo", args, { stdio: "inherit" });
-  }
-}
+// ── Systemd helpers ─────────────────────────────────
 
 export function systemctl(verb: string, message?: string): void {
   runSudo("systemctl", verb, SERVICE_NAME);
   if (message) console.log(`  ✅ ${message}`);
 }
 
-export function hasSudoAccess(): boolean {
-  return spawnSync("sudo", ["-n", "true"], { stdio: "pipe" }).status === 0;
-}
-
 export function isServiceInstalled(): boolean {
   return execSilent("systemctl", ["list-unit-files", `${SERVICE_NAME}.service`]).includes(SERVICE_NAME);
 }
@@ -93,7 +70,6 @@ export function resolveExecStart(opts: ExecStartOptions = {}): { execStart: stri
     const base = `${nodeBin} ${roundhouseBin} run`;
     execStart = opts.psstBin ? `${opts.psstBin} run ${base}` : base;
   } else {
-    // No global install — run CLI via tsx with 'run' subcommand
     const tsxBin = whichSync("tsx") || resolve(__systemdDir, "..", "..", "node_modules", ".bin", "tsx");
     const cliPath = resolve(__systemdDir, "cli.ts");
     const base = `${tsxBin} ${cliPath} run`;
@@ -114,7 +90,6 @@ export interface UnitOptions {
 
 /**
  * Guard against newline injection in values interpolated into the unit template.
- * A crafted $USER or path containing \n/\r could inject arbitrary systemd directives.
  */
 function assertSafeForUnit(label: string, value: unknown): void {
   if (typeof value !== "string") {
@@ -134,7 +109,6 @@ export function generateUnit(opts: UnitOptions): string {
   const home = homedir();
   const pathValue = `${opts.nodeBinDir}:${home}/.local/bin:/usr/local/bin:/usr/bin:/bin`;
 
-  // Validate all interpolated values before generating the unit
   for (const [label, value] of Object.entries({
     user, execStart: opts.execStart, nodeBinDir: opts.nodeBinDir,
     envFilePath, home, configPath: CONFIG_PATH, pathValue,
@@ -168,7 +142,6 @@ WantedBy=multi-user.target
 
 /**
  * Write a systemd unit file via sudo and reload the daemon.
- * Uses atomic write-to-tmp + sudo cp pattern.
  */
 export async function writeServiceUnit(unitContent: string): Promise<void> {
   const tmpPath = resolve(ROUNDHOUSE_DIR, `roundhouse.service.tmp.${randomBytes(4).toString("hex")}`);

package/src/config.ts

@@ -151,66 +151,80 @@ export async function resolveEnvFilePath(): Promise<string> {
 }
 
 export async function loadConfig(): Promise<GatewayConfig> {
-  let config: GatewayConfig | undefined;
+  // Resolver chain: first successful resolution wins (Fowler: Replace Nested Conditional with Guard Clauses)
+  const resolvers: Array<() => Promise<GatewayConfig | null>> = [
+    resolveFromEnvVar,
+    resolveFromFlag,
+    resolveFromCanonicalOrLegacy,
+    resolveFromCwd,
+  ];
+
+  for (const resolver of resolvers) {
+    const config = await resolver();
+    if (config) return applyEnvOverrides(config);
+  }
+
+  console.log("[roundhouse] using default config + env vars");
+  return applyEnvOverrides(DEFAULT_CONFIG);
+}
 
-  // Check for ROUNDHOUSE_CONFIG env var (set by CLI/daemon — must be valid)
+// ── Config Resolvers (each returns null if not applicable) ─────
+
+async function resolveFromEnvVar(): Promise<GatewayConfig | null> {
   const envConfig = process.env.ROUNDHOUSE_CONFIG;
-  if (envConfig) {
-    try {
-      const raw = await readFile(resolve(envConfig), "utf8");
-      console.log(`[roundhouse] loaded config from ${envConfig}`);
-      config = JSON.parse(raw) as GatewayConfig;
-    } catch (err: any) {
-      console.error(`[roundhouse] failed to load config from ROUNDHOUSE_CONFIG=${envConfig}: ${err.message}`);
-      process.exit(1);
-    }
+  if (!envConfig) return null;
+
+  try {
+    const raw = await readFile(resolve(envConfig), "utf8");
+    console.log(`[roundhouse] loaded config from ${envConfig}`);
+    return JSON.parse(raw) as GatewayConfig;
+  } catch (err: any) {
+    console.error(`[roundhouse] failed to load config from ROUNDHOUSE_CONFIG=${envConfig}: ${err.message}`);
+    process.exit(1);
   }
+}
 
-  // Check for --config flag
-  if (!config) {
-    const configIdx = process.argv.indexOf("--config");
-    if (configIdx !== -1 && process.argv[configIdx + 1]) {
-      const configPath = resolve(process.argv[configIdx + 1]);
-      try {
-        const raw = await readFile(configPath, "utf8");
-        console.log(`[roundhouse] loaded config from ${configPath}`);
-        config = JSON.parse(raw) as GatewayConfig;
-      } catch (err: any) {
-        console.error(`[roundhouse] failed to load config from ${configPath}: ${err.message}`);
-        process.exit(1);
-      }
-    }
+async function resolveFromFlag(): Promise<GatewayConfig | null> {
+  const configIdx = process.argv.indexOf("--config");
+  if (configIdx === -1 || !process.argv[configIdx + 1]) return null;
+
+  const configPath = resolve(process.argv[configIdx + 1]);
+  try {
+    const raw = await readFile(configPath, "utf8");
+    console.log(`[roundhouse] loaded config from ${configPath}`);
+    return JSON.parse(raw) as GatewayConfig;
+  } catch (err: any) {
+    console.error(`[roundhouse] failed to load config from ${configPath}: ${err.message}`);
+    process.exit(1);
   }
+}
 
-  // Try canonical path, then legacy, then cwd
-  if (!config) {
-    const resolved = await resolveConfigPath();
-    try {
-      const raw = await readFile(resolved.path, "utf8");
-      console.log(`[roundhouse] loaded config from ${resolved.path}`);
-      config = JSON.parse(raw) as GatewayConfig;
-    } catch (err: any) {
-      // File not found → try cwd. Parse error on existing file → fail fast.
-      if (err.code !== "ENOENT") {
-        console.error(`[roundhouse] failed to parse config at ${resolved.path}: ${err.message}`);
-        process.exit(1);
-      }
-      // Try cwd (with security warning)
-      try {
-        const cwdPath = resolve(process.cwd(), "gateway.config.json");
-        const raw = await readFile(cwdPath, "utf8");
-        console.warn(`[roundhouse] ⚠️  loaded gateway.config.json from cwd (${cwdPath}) — consider using ~/.roundhouse/gateway.config.json instead`);
-        config = JSON.parse(raw) as GatewayConfig;
-      } catch (cwdErr: any) {
-        if (cwdErr.code !== "ENOENT") {
-          console.error(`[roundhouse] failed to parse config at ./gateway.config.json: ${cwdErr.message}`);
-          process.exit(1);
-        }
-        console.log("[roundhouse] using default config + env vars");
-        config = DEFAULT_CONFIG;
-      }
+async function resolveFromCanonicalOrLegacy(): Promise<GatewayConfig | null> {
+  const resolved = await resolveConfigPath();
+  try {
+    const raw = await readFile(resolved.path, "utf8");
+    console.log(`[roundhouse] loaded config from ${resolved.path}`);
+    return JSON.parse(raw) as GatewayConfig;
+  } catch (err: any) {
+    if (err.code !== "ENOENT") {
+      console.error(`[roundhouse] failed to parse config at ${resolved.path}: ${err.message}`);
+      process.exit(1);
     }
+    return null;
   }
+}
 
-  return applyEnvOverrides(config);
+async function resolveFromCwd(): Promise<GatewayConfig | null> {
+  const cwdPath = resolve(process.cwd(), "gateway.config.json");
+  try {
+    const raw = await readFile(cwdPath, "utf8");
+    console.warn(`[roundhouse] ⚠️  loaded gateway.config.json from cwd (${cwdPath}) — consider using ~/.roundhouse/gateway.config.json instead`);
+    return JSON.parse(raw) as GatewayConfig;
+  } catch (err: any) {
+    if (err.code !== "ENOENT") {
+      console.error(`[roundhouse] failed to parse config at ./gateway.config.json: ${err.message}`);
+      process.exit(1);
+    }
+    return null;
+  }
 }

package/src/gateway/attachments.ts

@@ -0,0 +1,147 @@
+/**
+ * gateway/attachments.ts — Incoming file storage for chat attachments
+ *
+ * Saves voice messages, images, files, and videos to disk.
+ * Each message gets its own directory under ~/.roundhouse/incoming/.
+ */
+
+import { join, basename } from "node:path";
+import { mkdirSync } from "node:fs";
+import { writeFile } from "node:fs/promises";
+import { ROUNDHOUSE_DIR } from "../config";
+import { threadIdToDir, generateAttachmentId } from "../util";
+import type { MessageAttachment } from "../types";
+
+// ── Constants ────────────────────────────────────────
+
+const INCOMING_DIR = process.env.ROUNDHOUSE_INCOMING_DIR
+  ?? join(ROUNDHOUSE_DIR, "incoming");
+
+export const MAX_FILE_SIZE = 20 * 1024 * 1024; // 20 MB per file
+export const MAX_ATTACHMENTS = 5;
+
+const MIME_EXTENSIONS: Record<string, string> = {
+  "audio/ogg": ".ogg",
+  "audio/mpeg": ".mp3",
+  "audio/mp4": ".m4a",
+  "audio/wav": ".wav",
+  "audio/webm": ".webm",
+  "image/jpeg": ".jpg",
+  "image/png": ".png",
+  "image/webp": ".webp",
+  "image/gif": ".gif",
+  "video/mp4": ".mp4",
+  "application/pdf": ".pdf",
+};
+
+const VALID_MEDIA_TYPES = new Set(["audio", "image", "file", "video"]);
+
+// ── Types ────────────────────────────────────────────
+
+export interface AttachmentResult {
+  saved: MessageAttachment[];
+  skipped: string[];
+}
+
+// ── Helpers ──────────────────────────────────────────
+
+/** Sanitize a filename to safe ASCII characters, capped length */
+function safeName(raw: string): string {
+  let name = basename(raw);
+  name = name.replace(/[^a-zA-Z0-9._-]/g, "_");
+  if (name.length > 100) name = name.slice(-100);
+  name = name.replace(/^[-_.]+/, "");
+  return name || "attachment";
+}
+
+// ── Main Function ────────────────────────────────────
+
+/**
+ * Save incoming attachments to disk.
+ * Returns saved file metadata and user-facing skip reasons.
+ */
+export async function saveAttachments(threadId: string, attachments: any[]): Promise<AttachmentResult> {
+  if (!attachments?.length) return { saved: [], skipped: [] };
+
+  const skipped: string[] = [];
+  const toProcess = attachments.slice(0, MAX_ATTACHMENTS);
+  if (attachments.length > MAX_ATTACHMENTS) {
+    skipped.push(`${attachments.length - MAX_ATTACHMENTS} attachment(s) skipped (max ${MAX_ATTACHMENTS} per message)`);
+    console.warn(`[roundhouse] too many attachments (${attachments.length}), processing first ${MAX_ATTACHMENTS}`);
+  }
+
+  const msgDir = join(INCOMING_DIR, threadIdToDir(threadId), `${Date.now()}_${generateAttachmentId()}`);
+  try {
+    mkdirSync(msgDir, { recursive: true, mode: 0o700 });
+  } catch (err) {
+    console.error(`[roundhouse] failed to create incoming dir ${msgDir}:`, (err as Error).message);
+    return { saved: [], skipped: ["Failed to create storage directory"] };
+  }
+
+  const saved: MessageAttachment[] = [];
+  for (let i = 0; i < toProcess.length; i++) {
+    const att = toProcess[i];
+    try {
+      if (att.size && att.size > MAX_FILE_SIZE) {
+        const sizeMB = (att.size / 1024 / 1024).toFixed(1);
+        skipped.push(`${att.name ?? att.type} (${sizeMB} MB) exceeds ${MAX_FILE_SIZE / 1024 / 1024} MB limit`);
+        continue;
+      }
+
+      const data = att.data ?? (att.fetchData ? await att.fetchData() : null);
+      if (!data) {
+        console.warn(`[roundhouse] attachment has no data: ${att.name ?? att.type}`);
+        continue;
+      }
+
+      let buf: Buffer;
+      if (Buffer.isBuffer(data)) {
+        buf = data;
+      } else if (data instanceof Blob) {
+        if (data.size > MAX_FILE_SIZE) {
+          skipped.push(`${att.name ?? att.type} (${(data.size / 1024 / 1024).toFixed(1)} MB) exceeds size limit`);
+          continue;
+        }
+        buf = Buffer.from(await data.arrayBuffer());
+      } else if (ArrayBuffer.isView(data)) {
+        buf = Buffer.from(data.buffer, data.byteOffset, data.byteLength);
+      } else if (data instanceof ArrayBuffer) {
+        buf = Buffer.from(data);
+      } else {
+        console.warn(`[roundhouse] unknown attachment data type, skipping: ${att.name ?? att.type}`);
+        continue;
+      }
+
+      if (buf.length > MAX_FILE_SIZE) {
+        skipped.push(`${att.name ?? att.type} (${(buf.length / 1024 / 1024).toFixed(1)} MB) exceeds size limit`);
+        continue;
+      }
+
+      const mime = att.mimeType ?? "application/octet-stream";
+      const ext = att.name
+        ? (att.name.includes(".") ? "" : (MIME_EXTENSIONS[mime] ?? ""))
+        : (MIME_EXTENSIONS[mime] ?? ".bin");
+      const rawName = att.name ? safeName(att.name) + ext : `${att.type ?? "file"}${ext}`;
+      const fileName = `${i}-${rawName}`;
+      const filePath = join(msgDir, fileName);
+
+      await writeFile(filePath, buf, { mode: 0o600 });
+
+      const mediaType = VALID_MEDIA_TYPES.has(att.type) ? att.type : "file";
+      const id = generateAttachmentId();
+      saved.push({
+        id,
+        mediaType,
+        name: rawName,
+        localPath: filePath,
+        mime,
+        sizeBytes: buf.length,
+        untrusted: true,
+      });
+      console.log(`[roundhouse] saved ${att.type} [${id}]: ${filePath} (${buf.length} bytes)`);
+    } catch (err) {
+      console.error(`[roundhouse] failed to save attachment:`, (err as Error).message);
+    }
+  }
+  return { saved, skipped };
+}