@leviyuan/lodestar 0.2.8 → 0.3.0

package/src/feishu.ts

@@ -1,531 +0,0 @@
-/**
- * Feishu (Lark) primitives: Lark client, tenant token cache, chat
- * directory, sendText/sendCard, reactions, attachment download, project
- * provisioning, and Anthropic-auth check.
- *
- * Higher layers (cardkit / session / daemon) build on this.
- */
-
-import * as lark from '@larksuiteoapi/node-sdk'
-import { execSync } from 'node:child_process'
-import { randomUUID } from 'node:crypto'
-import { existsSync, mkdirSync, readFileSync, realpathSync, statSync, unlinkSync, writeFileSync } from 'node:fs'
-import { homedir } from 'node:os'
-import { basename, extname, join } from 'node:path'
-import { config } from './config'
-import { ALIVE_MARKER_FILE, DATA_DIR, INBOX_DIR, SESSION_CHAT_MAP_FILE, SESSION_RESUME_MAP_FILE } from './paths'
-import { log } from './log'
-
-const APP_ID = config.feishu.app_id
-const APP_SECRET = config.feishu.app_secret
-export const PROJECTS_ROOT = config.runtime.projects_root
-
-export const client = new lark.Client({
-  appId: APP_ID, appSecret: APP_SECRET, disableTokenCache: false,
-})
-
-// ── Tenant token (cached, used by raw fetch wrappers) ──────────────────
-let cachedToken = ''
-let tokenExpiry = 0
-export async function getTenantToken(): Promise<string> {
-  if (cachedToken && Date.now() < tokenExpiry) return cachedToken
-  const res = await fetch('https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal', {
-    method: 'POST', headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ app_id: APP_ID, app_secret: APP_SECRET }),
-  })
-  const data = await res.json() as { tenant_access_token?: string; expire?: number }
-  if (!data.tenant_access_token) throw new Error('feishu: failed to obtain tenant token')
-  cachedToken = data.tenant_access_token
-  tokenExpiry = Date.now() + ((data.expire ?? 7200) - 60) * 1000
-  return cachedToken
-}
-
-// ── Chat directory ─────────────────────────────────────────────────────
-export const chatNameCache = new Map<string, string>()
-export const preferredChatForSession = new Map<string, string>()
-
-export function loadSessionChatMap(): void {
-  try {
-    const obj = JSON.parse(readFileSync(SESSION_CHAT_MAP_FILE, 'utf8'))
-    for (const [name, id] of Object.entries(obj)) {
-      if (typeof id === 'string') preferredChatForSession.set(name, id)
-    }
-    log(`feishu: loaded ${preferredChatForSession.size} session→chat bindings`)
-  } catch {}
-}
-
-function saveSessionChatMap(): void {
-  try {
-    const obj: Record<string, string> = {}
-    for (const [k, v] of preferredChatForSession) obj[k] = v
-    mkdirSync(DATA_DIR, { recursive: true })
-    writeFileSync(SESSION_CHAT_MAP_FILE, JSON.stringify(obj, null, 2))
-  } catch (e) { log(`feishu: save session-chat-map failed: ${e}`) }
-}
-
-export function bindSessionToChat(sessionName: string, chatId: string): void {
-  if (preferredChatForSession.get(sessionName) === chatId) return
-  const prev = preferredChatForSession.get(sessionName)
-  preferredChatForSession.set(sessionName, chatId)
-  saveSessionChatMap()
-  log(`feishu: bound session "${sessionName}" → ${chatId}${prev ? ` (was ${prev})` : ''}`)
-}
-
-// ── Session resume map ────────────────────────────────────────────────
-// `sessionName → last-known claude session_id`. Persisted so a daemon
-// restart (systemctl, crash, watchdog) doesn't strand the user with a
-// fresh conversation when they next type `restart`. Updated on every
-// `system/init` from a claude subprocess.
-const lastSessionIdByName = new Map<string, string>()
-
-export function loadSessionResumeMap(): void {
-  try {
-    const obj = JSON.parse(readFileSync(SESSION_RESUME_MAP_FILE, 'utf8'))
-    for (const [name, id] of Object.entries(obj)) {
-      if (typeof id === 'string') lastSessionIdByName.set(name, id)
-    }
-    log(`feishu: loaded ${lastSessionIdByName.size} session→resume bindings`)
-  } catch {}
-}
-
-function saveSessionResumeMap(): void {
-  try {
-    const obj: Record<string, string> = {}
-    for (const [k, v] of lastSessionIdByName) obj[k] = v
-    mkdirSync(DATA_DIR, { recursive: true })
-    writeFileSync(SESSION_RESUME_MAP_FILE, JSON.stringify(obj, null, 2))
-  } catch (e) { log(`feishu: save session-resume-map failed: ${e}`) }
-}
-
-export function bindSessionResume(sessionName: string, sessionId: string): void {
-  if (lastSessionIdByName.get(sessionName) === sessionId) return
-  lastSessionIdByName.set(sessionName, sessionId)
-  saveSessionResumeMap()
-}
-
-export function getSessionResume(sessionName: string): string | null {
-  return lastSessionIdByName.get(sessionName) ?? null
-}
-
-// ── Alive-on-shutdown marker ──────────────────────────────────────────
-// Persists the list of session names that were still running when the
-// daemon went down. Next boot reads + unlinks the file and auto-spawns
-// (via session.restart(true)) only those — sessions that were already
-// `stop`ped before shutdown are deliberately NOT in this list, so they
-// stay stopped after restart.
-
-export function writeAliveMarker(sessionNames: string[]): void {
-  try {
-    writeFileSync(ALIVE_MARKER_FILE, JSON.stringify(sessionNames, null, 2))
-  } catch (e) { log(`feishu: write alive marker failed: ${e}`) }
-}
-
-/** Read + unlink in one shot — marker is single-use: revival should
- * happen exactly once per boot, not re-run on every subsequent crash
- * loop where systemd might keep re-launching us. */
-export function readAndConsumeAliveMarker(): string[] {
-  if (!existsSync(ALIVE_MARKER_FILE)) return []
-  try {
-    const raw = readFileSync(ALIVE_MARKER_FILE, 'utf8')
-    try { unlinkSync(ALIVE_MARKER_FILE) } catch {}
-    const data = JSON.parse(raw)
-    return Array.isArray(data) ? data.filter((x: unknown): x is string => typeof x === 'string') : []
-  } catch (e) {
-    log(`feishu: read alive marker failed: ${e}`)
-    try { unlinkSync(ALIVE_MARKER_FILE) } catch {}
-    return []
-  }
-}
-
-export function chatIdForSession(sessionName: string): string | null {
-  const preferred = preferredChatForSession.get(sessionName)
-  if (preferred && chatNameCache.get(preferred) === sessionName) return preferred
-  const matches: string[] = []
-  for (const [id, name] of chatNameCache) if (name === sessionName) matches.push(id)
-  if (matches.length === 1) return matches[0]
-  if (matches.length > 1) {
-    log(`feishu: chatIdForSession("${sessionName}"): ${matches.length} candidates with no binding — [${matches.join(', ')}]`)
-  }
-  return null
-}
-
-export async function refreshChatList(): Promise<void> {
-  try {
-    let pageToken: string | undefined
-    do {
-      const res = await client.im.chat.list({
-        params: { page_size: 100, ...(pageToken ? { page_token: pageToken } : {}) },
-      })
-      for (const chat of res.data?.items ?? []) {
-        if (chat.chat_id && chat.name) chatNameCache.set(chat.chat_id, chat.name)
-      }
-      pageToken = res.data?.page_token
-    } while (pageToken)
-    log(`feishu: refreshed chat list — ${chatNameCache.size} groups`)
-  } catch (e) { log(`feishu: refresh chat list failed: ${e}`) }
-}
-
-// ── Outbound: text + card ──────────────────────────────────────────────
-/** Delay schedule for sendText/sendCard SDK retries. Three attempts total
- * (the leading 0 is the eager first try). Tuned for the bun+axios+lark-SDK
- * ECONNREFUSED transient we've been seeing — by ~5s the socket pool
- * usually recovers. Business errors (Feishu code != 0) are NOT retried;
- * only thrown network errors are. */
-const SEND_RETRY_DELAYS_MS = [0, 1000, 4000]
-
-async function sendViaSdkWithRetry(
-  what: 'text' | 'card',
-  chatId: string,
-  msgType: 'text' | 'interactive',
-  content: string,
-): Promise<string | null> {
-  // Same uuid across retries → Feishu dedupes on its side so a successful-
-  // but-response-lost first attempt doesn't produce a duplicate message.
-  const uuid = randomUUID()
-  let lastErr: unknown = null
-  for (let i = 0; i < SEND_RETRY_DELAYS_MS.length; i++) {
-    if (SEND_RETRY_DELAYS_MS[i] > 0) {
-      await new Promise(r => setTimeout(r, SEND_RETRY_DELAYS_MS[i]))
-    }
-    try {
-      const res: any = await client.im.message.create({
-        params: { receive_id_type: 'chat_id' },
-        data: { receive_id: chatId, msg_type: msgType, content, uuid },
-      })
-      if (res?.code && res.code !== 0) {
-        log(`feishu: send${what === 'text' ? 'Text' : 'Card'} rejected chat=${chatId} code=${res.code} msg=${res.msg}`)
-        return null
-      }
-      return res?.data?.message_id ?? null
-    } catch (e) {
-      lastErr = e
-      log(`feishu: send${what === 'text' ? 'Text' : 'Card'} attempt ${i + 1}/${SEND_RETRY_DELAYS_MS.length} chat=${chatId} failed: ${e}`)
-    }
-  }
-  log(`feishu: send${what === 'text' ? 'Text' : 'Card'} chat=${chatId} EXHAUSTED ${SEND_RETRY_DELAYS_MS.length} retries: ${lastErr}`)
-  return null
-}
-
-export async function sendText(chatId: string, text: string): Promise<string | null> {
-  return sendViaSdkWithRetry('text', chatId, 'text', JSON.stringify({ text }))
-}
-
-export async function sendCard(chatId: string, card: object): Promise<string | null> {
-  return sendViaSdkWithRetry('card', chatId, 'interactive', JSON.stringify(card))
-}
-
-/** Last-resort text send that bypasses the lark SDK and uses raw fetch
- * (which is what cardkit.ts uses and has never had stability issues on
- * this runtime). Used by callers that need to *surface a failure when
- * the SDK send path itself is the broken thing* — e.g. `openTurnCard`'s
- * `sendCard` exhausted retries on ECONNREFUSED and we still owe the
- * user a visible "your message was lost, please retry" notice. Do not
- * use this as a general-purpose send; it's the failure-surfacing
- * channel, not a silent fallback. */
-export async function sendTextRaw(chatId: string, text: string): Promise<string | null> {
-  try {
-    const token = await getTenantToken()
-    const res = await fetch('https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id', {
-      method: 'POST',
-      headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        receive_id: chatId,
-        msg_type: 'text',
-        content: JSON.stringify({ text }),
-      }),
-    })
-    const json = await res.json() as any
-    if (json?.code !== 0) {
-      log(`feishu: sendTextRaw rejected chat=${chatId} code=${json?.code} msg=${json?.msg}`)
-      return null
-    }
-    return json.data?.message_id ?? null
-  } catch (e) {
-    log(`feishu: sendTextRaw chat=${chatId} failed: ${e}`)
-    return null
-  }
-}
-
-// ── Reactions ──────────────────────────────────────────────────────────
-/** Add an emoji reaction. Returns the new reaction_id on success (needed
- * to delete the reaction later via {@link deleteReaction}) or null on
- * failure. Failures are logged and swallowed — reactions are non-load-
- * bearing UX, not worth bubbling errors. */
-export async function addReaction(messageId: string, emojiType: string): Promise<string | null> {
-  if (!messageId) return null
-  try {
-    const res: any = await client.im.messageReaction.create({
-      path: { message_id: messageId },
-      data: { reaction_type: { emoji_type: emojiType } },
-    })
-    return res?.data?.reaction_id ?? null
-  } catch (e) { log(`feishu: addReaction ${emojiType} on ${messageId} failed: ${e}`); return null }
-}
-
-/** Remove a previously-added reaction by its reaction_id (returned from
- * {@link addReaction}). Used for the "queued → released" lifecycle: the
- * OneSecond placed on arrival is *removed* when the daemon hands the
- * message off to the SDK's batch / system-reminder pipeline, instead of
- * stacking a second CheckMark on top — keeps the message's reaction row
- * uncluttered. Quiet on failure. */
-export async function deleteReaction(messageId: string, reactionId: string): Promise<void> {
-  if (!messageId || !reactionId) return
-  try {
-    await client.im.messageReaction.delete({
-      path: { message_id: messageId, reaction_id: reactionId },
-    })
-  } catch (e) { log(`feishu: deleteReaction ${reactionId} on ${messageId} failed: ${e}`) }
-}
-
-// ── Urgent push ───────────────────────────────────────────────────────
-/** Fire Feishu's "加急 — 应用内" push for an already-sent message.
- * Bypasses chat-level mute and pops a full-screen prompt on the
- * recipient's phone. Bot must be the original sender of the message
- * AND must still be a member of the chat.
- *
- * Endpoint:
- *   PATCH /open-apis/im/v1/messages/{message_id}/urgent_app
- *   ?user_id_type=open_id
- *   body: { user_id_list: ["ou_..."] }
- *
- * Required app scope (either one):
- *   - `im:message.urgent`            (「发送应用内加急消息」)
- *   - `im:message.urgent:app_send`   (「…（历史版本）」)
- *
- * Limits: 50 QPS app-wide; per-recipient cap is 200 unread urgent
- * messages (230023). No daily quota.
- *
- * Common error codes:
- *   230012 — message not sent by this bot
- *   230023 — recipient has 200 unread urgent already
- *   230052 — missing scope / chat restricts urgent */
-export async function urgentApp(messageId: string, openIds: string[]): Promise<void> {
-  if (!messageId) { log(`feishu: urgentApp skip — missing messageId`); return }
-  if (openIds.length === 0) { log(`feishu: urgentApp skip — empty openIds (msg=${messageId})`); return }
-  const token = await getTenantToken()
-  const url = `https://open.feishu.cn/open-apis/im/v1/messages/${messageId}/urgent_app?user_id_type=open_id`
-  try {
-    const res = await fetch(url, {
-      method: 'PATCH',
-      headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
-      body: JSON.stringify({ user_id_list: openIds }),
-    })
-    const json = await res.json() as any
-    if (json?.code !== 0) {
-      log(`feishu: urgentApp ${messageId} code=${json?.code} msg=${json?.msg}`)
-      return
-    }
-    const invalid = json.data?.invalid_user_id_list ?? []
-    const delivered = openIds.length - invalid.length
-    log(`feishu: urgentApp ${messageId} ok — delivered=${delivered}${invalid.length ? ` invalid=${invalid.length}` : ''}`)
-  } catch (e) { log(`feishu: urgentApp ${messageId} failed: ${e}`) }
-}
-
-// ── Attachment download (image/file) ───────────────────────────────────
-export async function downloadAttachment(
-  messageId: string, key: string, type: 'image' | 'file', name?: string,
-): Promise<string | undefined> {
-  try {
-    const token = await getTenantToken()
-    const url = `https://open.feishu.cn/open-apis/im/v1/messages/${messageId}/resources/${key}?type=${type}`
-    const res = await fetch(url, { headers: { Authorization: `Bearer ${token}` } })
-    if (!res.ok) {
-      log(`feishu: download ${type} HTTP ${res.status}: ${(await res.text()).slice(0, 200)}`)
-      return undefined
-    }
-    const buf = Buffer.from(await res.arrayBuffer())
-    mkdirSync(INBOX_DIR, { recursive: true })
-    const safeName = name
-      ? name.replace(/[^a-zA-Z0-9._-]/g, '_')
-      : `${key.replace(/[^a-zA-Z0-9_-]/g, '_')}.png`
-    const path = join(INBOX_DIR, `${Date.now()}-${safeName}`)
-    writeFileSync(path, buf)
-    log(`feishu: downloaded ${type} ${path} (${buf.length}B)`)
-    return path
-  } catch (e) {
-    log(`feishu: download ${type} failed: ${e instanceof Error ? e.message : e}`)
-    return undefined
-  }
-}
-
-// ── Outbound: upload + send file/image ────────────────────────────────
-// Lark caps message images at ~30 MB; files vary by tenant (default 30 MB).
-// We refuse anything above 30 MB up front rather than chasing per-tenant
-// limits and surfacing opaque API errors mid-upload.
-const MAX_UPLOAD_BYTES = 30 * 1024 * 1024
-const IMAGE_EXTS = new Set(['.png', '.jpg', '.jpeg', '.gif', '.bmp', '.webp'])
-
-function looksLikeImage(filePath: string): boolean {
-  return IMAGE_EXTS.has(extname(filePath).toLowerCase())
-}
-
-/** Defense against prompt-injection-driven exfiltration via the
- * [[send: /path]] marker.  The resolved (symlink-followed) real path
- * must sit inside one of the explicitly-trusted roots.  Anything
- * outside — `/etc/*`, `~/.ssh`, `~/.config/lodestar/config.toml`,
- * `~/.claude.json`, the user's home dotfiles — is rejected, even if a
- * symlink in an allowed root points to it.
- *
- * Returns [realPath, ''] on accept, [null, reason] on reject. */
-function gateOutboundPath(rawPath: string, allowedRoots: string[]): [string | null, string] {
-  let real: string
-  try { real = realpathSync(rawPath) }
-  catch (e) { return [null, `realpath failed: ${e instanceof Error ? e.message : e}`] }
-  for (const root of allowedRoots) {
-    if (!root) continue
-    if (real === root) return [real, '']
-    const prefix = root.endsWith('/') ? root : root + '/'
-    if (real.startsWith(prefix)) return [real, '']
-    // Special-case the `/tmp/lodestar-` namespace: caller can pass
-    // the bare prefix without a trailing slash to mean "any tmp file
-    // whose basename starts with lodestar-".
-    if (root.endsWith('-') && real.startsWith(root)) return [real, '']
-  }
-  return [null, `not inside any allowed root (real=${real})`]
-}
-
-async function uploadImageMultipart(filePath: string): Promise<string | null> {
-  const token = await getTenantToken()
-  const file = Bun.file(filePath)
-  const form = new FormData()
-  form.append('image_type', 'message')
-  form.append('image', file, basename(filePath))
-  const res = await fetch('https://open.feishu.cn/open-apis/im/v1/images', {
-    method: 'POST',
-    headers: { Authorization: `Bearer ${token}` },
-    body: form,
-  })
-  const data = await res.json() as any
-  if (data?.code !== 0) {
-    log(`feishu: uploadImage ${filePath} code=${data.code} msg=${data.msg}`)
-    return null
-  }
-  return data.data?.image_key ?? null
-}
-
-async function uploadFileMultipart(filePath: string): Promise<string | null> {
-  const token = await getTenantToken()
-  const file = Bun.file(filePath)
-  const form = new FormData()
-  // 'stream' is the catch-all type and works for arbitrary binaries.
-  form.append('file_type', 'stream')
-  form.append('file_name', basename(filePath))
-  form.append('file', file, basename(filePath))
-  const res = await fetch('https://open.feishu.cn/open-apis/im/v1/files', {
-    method: 'POST',
-    headers: { Authorization: `Bearer ${token}` },
-    body: form,
-  })
-  const data = await res.json() as any
-  if (data?.code !== 0) {
-    log(`feishu: uploadFile ${filePath} code=${data.code} msg=${data.msg}`)
-    return null
-  }
-  return data.data?.file_key ?? null
-}
-
-export async function sendImage(chatId: string, imageKey: string): Promise<string | null> {
-  try {
-    const res: any = await client.im.message.create({
-      params: { receive_id_type: 'chat_id' },
-      data: { receive_id: chatId, msg_type: 'image', content: JSON.stringify({ image_key: imageKey }) },
-    })
-    if (res?.code && res.code !== 0) {
-      log(`feishu: sendImage rejected chat=${chatId} code=${res.code} msg=${res.msg}`)
-      return null
-    }
-    return res?.data?.message_id ?? null
-  } catch (e) { log(`feishu: sendImage failed chat=${chatId}: ${e}`); return null }
-}
-
-export async function sendFile(chatId: string, fileKey: string): Promise<string | null> {
-  try {
-    const res: any = await client.im.message.create({
-      params: { receive_id_type: 'chat_id' },
-      data: { receive_id: chatId, msg_type: 'file', content: JSON.stringify({ file_key: fileKey }) },
-    })
-    if (res?.code && res.code !== 0) {
-      log(`feishu: sendFile rejected chat=${chatId} code=${res.code} msg=${res.msg}`)
-      return null
-    }
-    return res?.data?.message_id ?? null
-  } catch (e) { log(`feishu: sendFile failed chat=${chatId}: ${e}`); return null }
-}
-
-/** Upload a local file and post it as an image or file message in the
- * chat.  Type is inferred from extension.  The path MUST resolve inside
- * one of `allowedRoots` (defense against prompt-injection-driven
- * exfiltration via the `[[send: /path]]` marker — see isPathAllowed).
- * Returns true on success.  All failures (missing file, oversize,
- * outside allowed roots, upload reject, send reject) log and surface
- * an inline error message in the chat so the user knows. */
-export async function uploadAndSend(chatId: string, filePath: string, allowedRoots: string[]): Promise<boolean> {
-  const [realPath, reason] = gateOutboundPath(filePath, allowedRoots)
-  if (!realPath) {
-    log(`feishu: uploadAndSend REJECTED ${filePath}: ${reason}`)
-    await sendText(chatId, `❌ 出站文件被拒绝（路径不在允许范围）: ${filePath}`)
-    return false
-  }
-  try {
-    const stats = statSync(realPath)
-    if (!stats.isFile()) {
-      await sendText(chatId, `❌ 出站文件: 路径不是文件 — ${filePath}`)
-      return false
-    }
-    if (stats.size > MAX_UPLOAD_BYTES) {
-      await sendText(chatId, `❌ 出站文件: ${basename(realPath)} 超过 30 MB (${(stats.size / 1024 / 1024).toFixed(1)} MB)`)
-      return false
-    }
-  } catch (e) {
-    await sendText(chatId, `❌ 出站文件: 无法读取 ${filePath} (${e})`)
-    return false
-  }
-  const isImage = looksLikeImage(realPath)
-  try {
-    if (isImage) {
-      const key = await uploadImageMultipart(realPath)
-      if (!key) { await sendText(chatId, `❌ 出站图片上传失败: ${basename(realPath)}`); return false }
-      const msgId = await sendImage(chatId, key)
-      return msgId != null
-    } else {
-      const key = await uploadFileMultipart(realPath)
-      if (!key) { await sendText(chatId, `❌ 出站文件上传失败: ${basename(realPath)}`); return false }
-      const msgId = await sendFile(chatId, key)
-      return msgId != null
-    }
-  } catch (e) {
-    log(`feishu: uploadAndSend ${filePath} failed: ${e}`)
-    await sendText(chatId, `❌ 出站文件异常: ${basename(realPath)} — ${e}`)
-    return false
-  }
-}
-
-// ── Project provisioning ──────────────────────────────────────────────
-// Bootstrap ~/{name}: create dir, mark as trusted in ~/.claude.json so
-// Claude skips the trust dialog, and `git init` so the project starts as
-// a real repo.
-export function provisionProject(workDir: string): void {
-  mkdirSync(workDir, { recursive: true })
-  log(`feishu: provisioned ${workDir}`)
-  const claudeJsonPath = join(homedir(), '.claude.json')
-  try {
-    let config: any = {}
-    try { config = JSON.parse(readFileSync(claudeJsonPath, 'utf8')) } catch { config = {} }
-    if (!config.projects || typeof config.projects !== 'object') config.projects = {}
-    config.projects[workDir] = { ...(config.projects[workDir] ?? {}), hasTrustDialogAccepted: true }
-    writeFileSync(claudeJsonPath, JSON.stringify(config, null, 2))
-  } catch (e) { log(`feishu: trust write failed for ${workDir}: ${e}`) }
-  try { execSync('git init -q', { cwd: workDir, stdio: 'ignore' }) } catch {}
-}
-
-export function isAnthropicAuthenticated(): boolean {
-  try {
-    const out = execSync(`${join(homedir(), '.local', 'bin', 'claude')} auth status 2>&1`, { timeout: 10_000 }).toString()
-    const status = JSON.parse(out)
-    return status.loggedIn === true && status.apiProvider === 'firstParty'
-  } catch { return false }
-}
-
-export function sanitizeSessionName(raw: string): string {
-  return raw.replace(/[^\w一-鿿\-]/g, '_').slice(0, 64)
-}

package/src/instructions.ts

@@ -1,13 +0,0 @@
-/**
- * Daemon ↔ model I/O contracts. Appended to claude's system prompt on
- * every headless launch via `--append-system-prompt`. Three rules:
- * inbound file marker, multi-content boundary marker, outbound file
- * marker. Anything beyond pure I/O semantics (environment description,
- * UX conventions, identity binding) was stripped 2026-05-16 — the
- * model handles conversational flow natively, doesn't need to be told.
- */
-export const CHANNEL_INSTRUCTIONS = [
-  '- Text prefixed with `[file: /abs/path]` means a file is attached at that path; read it when relevant.',
-  '- A content block wrapped in `<u>...</u>` is an independent message — treat each `<u>` element in a multi-content turn as a separate input, even when their texts concatenate visually (e.g. `<u>1</u><u>45</u>` is two messages, not the number `145`).',
-  '- Write `[[send: /abs/path]]` anywhere in your reply (preferably on its own line) to deliver that file as a separate message. The marker is stripped from the displayed text. Emit only when the user asked for a file or you are delivering a generated artifact.',
-].join('\n')

package/src/log.ts

@@ -1,11 +0,0 @@
-import { appendFileSync, mkdirSync } from 'node:fs'
-import { dirname } from 'node:path'
-import { LOG_FILE } from './paths'
-
-try { mkdirSync(dirname(LOG_FILE), { recursive: true }) } catch {}
-
-export function log(msg: string): void {
-  const line = `[${new Date().toISOString()}] ${msg}\n`
-  process.stderr.write(line)
-  try { appendFileSync(LOG_FILE, line) } catch {}
-}

package/src/paths.ts

@@ -1,57 +0,0 @@
-/**
- * Filesystem layout — XDG Base Directory spec, with env-var overrides.
- *
- *   Config:   $LODESTAR_CONFIG_DIR | $XDG_CONFIG_HOME/lodestar | ~/.config/lodestar
- *   Data:     $LODESTAR_DATA_DIR   | $XDG_DATA_HOME/lodestar   | ~/.local/share/lodestar
- *
- *   config.toml             — credentials + preferences (in CONFIG_DIR)
- *   daemon.pid              — single-instance lock          (in DATA_DIR)
- *   daemon.log              — append-only run log           (in DATA_DIR)
- *   session-chat-map.json   — duplicate-name routing        (in DATA_DIR)
- *   session-resume-map.json — last-known claude session_id  (in DATA_DIR)
- *   inbox/                  — downloaded attachments        (in DATA_DIR)
- */
-
-import { homedir } from 'node:os'
-import { join } from 'node:path'
-
-const HOME = homedir()
-
-function pickDir(envOverride: string | undefined, xdgVar: string | undefined, fallback: string): string {
-  if (envOverride) return envOverride
-  if (xdgVar) return join(xdgVar, 'lodestar')
-  return fallback
-}
-
-export const CONFIG_DIR = pickDir(
-  process.env.LODESTAR_CONFIG_DIR,
-  process.env.XDG_CONFIG_HOME,
-  join(HOME, '.config', 'lodestar'),
-)
-
-export const DATA_DIR = pickDir(
-  process.env.LODESTAR_DATA_DIR,
-  process.env.XDG_DATA_HOME,
-  join(HOME, '.local', 'share', 'lodestar'),
-)
-
-export const CONFIG_FILE = process.env.LODESTAR_CONFIG ?? join(CONFIG_DIR, 'config.toml')
-export const PID_FILE = join(DATA_DIR, 'daemon.pid')
-export const LOG_FILE = join(DATA_DIR, 'daemon.log')
-export const SESSION_CHAT_MAP_FILE = join(DATA_DIR, 'session-chat-map.json')
-export const SESSION_RESUME_MAP_FILE = join(DATA_DIR, 'session-resume-map.json')
-/** Marker file written at shutdown listing the session names that
- * were still alive. The next daemon boot reads it (and unlinks it)
- * to auto-revive those sessions via `restart(true)` — bridges the
- * gap between systemctl-restart killing every child Claude and
- * Lodestar's "you have to send a message to re-spawn it" default. */
-export const ALIVE_MARKER_FILE = join(DATA_DIR, 'alive-on-shutdown.json')
-export const INBOX_DIR = join(DATA_DIR, 'inbox')
-/** Unix-socket endpoint the daemon listens on for debug message
- * injection (see scripts/test-inject.ts). A real Feishu user sends
- * a `[DEBUG]…` text once to seed `DEBUG_CTX_FILE` with chat_id +
- * sender_open_id; the injector then POSTs `{text}` here and the
- * daemon replays it through `handleMessage` as if WS had delivered
- * it. File mode 0600 — daemon-private, never network-exposed. */
-export const DEBUG_SOCK_FILE = join(DATA_DIR, 'debug.sock')
-export const DEBUG_CTX_FILE = join(DATA_DIR, 'debug-context.json')