@lightupai/polaris 0.0.5 → 0.0.7

package/docker-compose.prod.yml

@@ -0,0 +1,85 @@
+services:
+  postgres:
+    image: postgres:17
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: polaris
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: polaris
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U polaris"]
+      interval: 5s
+      timeout: 3s
+      retries: 5
+
+  api:
+    build:
+      context: .
+      dockerfile: docker/Dockerfile
+    restart: unless-stopped
+    command: ["bun", "run", "src/service/server.ts"]
+    environment:
+      DATABASE_URL: postgres://polaris:${POSTGRES_PASSWORD}@postgres:5432/polaris
+      POLARIS_JWT_SECRET: ${POLARIS_JWT_SECRET}
+      WEB_HOST: web
+      WEB_PORT: 3000
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+  web:
+    build:
+      context: .
+      dockerfile: docker/Dockerfile
+    restart: unless-stopped
+    command: ["bun", "run", "src/web/serve.ts"]
+    environment:
+      DATABASE_URL: postgres://polaris:${POSTGRES_PASSWORD}@postgres:5432/polaris
+      POLARIS_JWT_SECRET: ${POLARIS_JWT_SECRET}
+      WEB_PORT: 3000
+      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
+      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
+      GOOGLE_REDIRECT_URI: https://app.polaris.lightup.ai/auth/google/callback
+      SLACK_CLIENT_ID: ${SLACK_CLIENT_ID}
+      SLACK_CLIENT_SECRET: ${SLACK_CLIENT_SECRET}
+      SLACK_REDIRECT_URI: https://app.polaris.lightup.ai/slack/callback
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+  bridge:
+    build:
+      context: .
+      dockerfile: docker/Dockerfile
+    restart: unless-stopped
+    entrypoint: ["/bin/sh", "/app/docker/bridge-entrypoint.sh"]
+    environment:
+      DATABASE_URL: postgres://polaris:${POSTGRES_PASSWORD}@postgres:5432/polaris
+      SLACK_APP_TOKEN: ${SLACK_APP_TOKEN}
+      POLARIS_API_URL: http://api:4321
+      POLARIS_LONG_MSG: ${POLARIS_LONG_MSG:-snippet}
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+  caddy:
+    image: caddy:2-alpine
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+    volumes:
+      - ./docker/Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    depends_on:
+      - api
+      - web
+
+volumes:
+  pgdata:
+  caddy_data:
+  caddy_config:

package/docs/deploy-hetzner.md

@@ -0,0 +1,99 @@
+# Deploy Polaris to Hetzner Cloud VPS
+
+## Context
+
+Polaris runs entirely on localhost. We need a production deployment so the API, web dashboard, Slack bridge, and Postgres all run on a Hetzner Cloud VPS with proper HTTPS. The daemon and MCP client stay local on each developer's machine — they talk to the cloud API.
+
+Domain: `polaris.lightup.ai` (subdomains: `api.polaris.lightup.ai`, `app.polaris.lightup.ai`)
+
+## Architecture
+
+**On Hetzner VPS (Docker Compose):**
+- **Caddy** — reverse proxy, automatic Let's Encrypt HTTPS (ports 80/443)
+- **API** — `src/service/server.ts` (port 4321 internal)
+- **Web** — `src/web/serve.ts` (port 3000 internal)
+- **Bridge** — `src/slack/bridge.ts` (no port, outbound only)
+- **Postgres 17** — persistent volume
+
+**Stays local (each dev machine):**
+- Daemon (port 4322)
+- MCP client
+- Hooks
+
+## Files to Create
+
+| File | Purpose |
+|------|---------|
+| `docker/Dockerfile` | Single Bun image, each service overrides CMD |
+| `docker/Caddyfile` | Reverse proxy: app.polaris.lightup.ai → web:3000, api.polaris.lightup.ai → api:4321 |
+| `docker/bridge-entrypoint.sh` | Wait for Postgres, discover org ID, start bridge |
+| `src/bridge-discover-org.ts` | Tiny script: query DB for Slack-connected org ID |
+| `docker-compose.prod.yml` | Full production orchestration |
+| `.env.example` | Template of required env vars (no secrets) |
+| `deploy.sh` | SSH deploy script: git pull + docker compose up |
+
+## Code Change
+
+**`src/service/server.ts`** — The API calls `http://localhost:${WEB_PORT}/api/notify-dashboard` to push SSE updates to the web app. In Docker, `localhost` doesn't reach other containers. Change to:
+```
+http://${process.env.WEB_HOST ?? "localhost"}:${WEB_PORT}/api/notify-dashboard
+```
+Set `WEB_HOST=web` in the production compose. Backward compatible for local dev.
+
+## Docker Strategy
+
+**Single Dockerfile**, multi-service via different `command:` overrides in compose:
+```dockerfile
+FROM oven/bun:1
+WORKDIR /app
+COPY package.json bun.lock* ./
+RUN bun install --frozen-lockfile
+COPY src/ ./src/
+COPY docker/bridge-entrypoint.sh ./docker/
+CMD ["bun", "run", "src/service/server.ts"]
+```
+
+**Bridge entrypoint** waits for Postgres, queries `orgs` table for first Slack-connected org, starts bridge with that ID. Retries every 30s if no org found.
+
+## Caddy Config
+
+```
+app.polaris.lightup.ai {
+    reverse_proxy web:3000
+}
+
+api.polaris.lightup.ai {
+    reverse_proxy api:4321
+}
+```
+
+Caddy auto-provisions Let's Encrypt certs. WebSocket upgrades pass through transparently.
+
+## Production Compose (key decisions)
+
+- Only Caddy exposes ports (80, 443). All other services are internal.
+- Postgres has healthcheck; API and web depend on it.
+- Bridge depends on API being healthy.
+- Secrets via `.env` file on server (Docker Compose reads it automatically).
+- Persistent volumes: `pgdata` (Postgres), `caddy_data` (TLS certs).
+
+## Server Setup (one-time)
+
+1. Provision Hetzner CX22 (2 vCPU, 4 GB RAM)
+2. Install Docker + Docker Compose
+3. Create deploy user, add SSH key
+4. Clone repo to `/opt/polaris`
+5. Create `.env` with production secrets
+6. DNS: A records for `api.polaris.lightup.ai` and `app.polaris.lightup.ai` → VPS IP
+7. Update Google OAuth + Slack redirect URIs to `https://app.polaris.lightup.ai/...`
+8. Firewall: allow 80, 443, 22 only
+9. `docker compose -f docker-compose.prod.yml up -d`
+
+## Verification
+
+1. `docker compose -f docker-compose.prod.yml up --build` locally — all services start
+2. `curl https://api.polaris.lightup.ai/status` returns `{"ok":true}`
+3. `https://app.polaris.lightup.ai` loads login page
+4. Google SSO login works end-to-end
+5. Slack bridge connects and posts to channels
+6. Local daemon connects to `https://api.polaris.lightup.ai` and events flow

package/hooks/capture-stop.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+# hooks/capture-stop.sh — Wrapper for capture-stop.ts
+# Always exits 0 to avoid blocking the coding agent.
+DIR="$(cd "$(dirname "$0")" && pwd)"
+cat | npx bun "$DIR/capture-stop.ts" 2>/tmp/polaris-capture-stop.log || true
+exit 0

package/hooks/capture-stop.ts

@@ -0,0 +1,122 @@
+#!/usr/bin/env bun
+// hooks/capture-stop.ts — Extract the full assistant turn from the transcript
+// and POST it to the daemon as a Stop event with the complete response.
+//
+// A single Claude turn can span multiple assistant entries in the transcript
+// (text → tool_use → tool_result → text → tool_use → ...). We collect ALL
+// assistant text parts since the last user message.
+
+const POLARIS_PORT = process.env.POLARIS_PORT ?? "4322";
+const POLARIS_URL = `http://127.0.0.1:${POLARIS_PORT}/events`;
+
+try {
+  const input = JSON.parse(await Bun.stdin.text());
+
+  if (input.hook_event_name !== "Stop") {
+    // Not a Stop event — forward as-is
+    await fetch(POLARIS_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(input),
+    }).catch(() => {});
+    process.exit(0);
+  }
+
+  // Read the transcript to get the full assistant turn
+  const transcriptPath = input.transcript_path;
+  let fullResponse = input.last_assistant_message ?? "";
+
+  if (transcriptPath) {
+    try {
+      const file = Bun.file(transcriptPath);
+      const text = await file.text();
+      const lines = text.trim().split("\n");
+
+      // Walk backwards to find the last user message, then collect all
+      // assistant text parts between that user message and the end.
+      let userIdx = -1;
+      for (let i = lines.length - 1; i >= 0; i--) {
+        try {
+          const entry = JSON.parse(lines[i]);
+          if ((entry.type === "user" || entry.type === "human") && typeof entry.message?.content === "string") {
+            userIdx = i;
+            break;
+          }
+        } catch {}
+      }
+
+      // Collect everything since the last user message:
+      // 1. rawTurn: full structured data for zero-loss DB logging
+      // 2. displayResponse: formatted text for Slack display
+      const rawTurn: unknown[] = [];
+      const displayParts: string[] = [];
+      const startIdx = userIdx >= 0 ? userIdx + 1 : 0;
+
+      for (let i = startIdx; i < lines.length; i++) {
+        try {
+          const entry = JSON.parse(lines[i]);
+          // Capture raw entries for full fidelity
+          if (entry.type === "assistant" || (entry.type === "user" && Array.isArray(entry.message?.content))) {
+            rawTurn.push(entry);
+          }
+          // Build display text
+          if (entry.type === "assistant" && entry.message?.content) {
+            for (const c of entry.message.content) {
+              if (c.type === "text" && c.text) {
+                displayParts.push(c.text);
+              } else if (c.type === "tool_use" && c.name) {
+                const inputSummary = c.input?.command?.slice(0, 80)
+                  ?? c.input?.file_path?.slice(0, 80)
+                  ?? c.input?.pattern?.slice(0, 80)
+                  ?? "";
+                displayParts.push(`> _\`${c.name}\`${inputSummary ? ": " + inputSummary : ""}_`);
+              }
+            }
+          }
+        } catch {}
+      }
+
+      if (displayParts.length > 0) {
+        fullResponse = displayParts.join("\n\n");
+      }
+
+      // Attach raw turn data to the payload for zero-loss storage
+      if (rawTurn.length > 0) {
+        // Sanitize: strip null bytes and invalid Unicode surrogates
+        const sanitized = JSON.parse(
+          JSON.stringify(rawTurn).replace(/\\u0000/g, "").replace(/[\x00-\x08\x0B\x0C\x0E-\x1F]/g, "")
+        );
+        (input as Record<string, unknown>).raw_turn = sanitized;
+      }
+    } catch {
+      // Fall back to last_assistant_message
+    }
+  }
+
+  // POST the Stop event with the full response
+  const payload = {
+    ...input,
+    stop_response: fullResponse,
+    last_assistant_message: fullResponse,
+  };
+
+  const res = await fetch(POLARIS_URL, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(payload),
+  }).catch(() => null);
+
+  // If the POST failed (e.g., Unicode issue in raw_turn), retry without it
+  if (!res || !res.ok) {
+    delete (payload as Record<string, unknown>).raw_turn;
+    await fetch(POLARIS_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload),
+    }).catch(() => {});
+  }
+} catch {
+  // Always exit 0 to avoid blocking the coding agent
+}
+
+process.exit(0);

package/hooks/capture.sh

@@ -3,7 +3,7 @@
 # Reads hook JSON from stdin, POSTs to the local polaris client.
 # Always exits 0 to avoid blocking the coding agent.
 
-POLARIS_PORT="${POLARIS_PORT:-4321}"
+POLARIS_PORT="${POLARIS_PORT:-4322}"
 POLARIS_URL="http://127.0.0.1:${POLARIS_PORT}/events"
 
 # Read all of stdin

package/hooks/statusline.sh

@@ -2,29 +2,40 @@
 # hooks/statusline.sh — Polaris status line for coding agent CLI
 # Reads session JSON from stdin, queries daemon for connection state.
 
-POLARIS_DAEMON_PORT="${POLARIS_DAEMON_PORT:-4321}"
+POLARIS_DAEMON_PORT="${POLARIS_DAEMON_PORT:-4322}"
 
 # Read stdin (session JSON from the coding agent)
 INPUT=$(cat)
 
-# Extract the CC session ID if available (jq optional, fallback to "unknown")
-CC_SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // "unknown"' 2>/dev/null || echo "unknown")
+# Extract the CC session ID if available
+CC_SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // ""' 2>/dev/null || echo "")
 
-# Query daemon for polaris connection status
-STATUS=$(curl -s "http://127.0.0.1:${POLARIS_DAEMON_PORT}/status/${CC_SESSION_ID}" 2>/dev/null)
-
-if [ -z "$STATUS" ]; then
-  echo "polaris: daemon offline"
-  exit 0
+# Query daemon — try specific session first, fall back to any connected session
+if [ -n "$CC_SESSION_ID" ]; then
+  STATUS=$(curl -s "http://127.0.0.1:${POLARIS_DAEMON_PORT}/status/${CC_SESSION_ID}" 2>/dev/null)
+  CONNECTED=$(echo "$STATUS" | jq -r '.connected' 2>/dev/null || echo "false")
 fi
 
-CONNECTED=$(echo "$STATUS" | jq -r '.connected' 2>/dev/null || echo "false")
+# If no match, check if there's any active session
+if [ "$CONNECTED" != "true" ]; then
+  STATUS=$(curl -s "http://127.0.0.1:${POLARIS_DAEMON_PORT}/status" 2>/dev/null)
+  FIRST_SESSION=$(echo "$STATUS" | jq -r '.sessions[0] // empty' 2>/dev/null)
+  if [ -n "$FIRST_SESSION" ]; then
+    STATUS="{\"connected\":true,\"project\":$(echo "$STATUS" | jq '.sessions[0].project'),\"session\":$(echo "$STATUS" | jq '.sessions[0].session'),\"user\":$(echo "$STATUS" | jq '.sessions[0].user')}"
+    CONNECTED="true"
+  fi
+fi
 
 if [ "$CONNECTED" = "true" ]; then
   PROJECT=$(echo "$STATUS" | jq -r '.project' 2>/dev/null)
   SESSION=$(echo "$STATUS" | jq -r '.session' 2>/dev/null)
   USER=$(echo "$STATUS" | jq -r '.user' 2>/dev/null)
-  echo "polaris: ${PROJECT}/${SESSION} (${USER})"
+  SLACK=$(echo "$STATUS" | jq -r '.slackChannel // empty' 2>/dev/null)
+  if [ -n "$SLACK" ]; then
+    echo "polaris: ${PROJECT}/${SESSION} (${USER}) #${SLACK}"
+  else
+    echo "polaris: ${PROJECT}/${SESSION} (${USER})"
+  fi
 else
   echo "polaris: not connected"
 fi

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lightupai/polaris",
-  "version": "0.0.5",
+  "version": "0.0.7",
   "type": "module",
   "bin": {
     "polaris": "bin/polaris"
@@ -10,6 +10,8 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.0",
+    "@slack/socket-mode": "^2.0.0",
+    "@slack/web-api": "^7.0.0",
     "arctic": "^3.5.0",
     "hono": "^4.7.0",
     "jose": "^6.0.0",

package/skills/polaris/SKILL.md

@@ -1,8 +1,8 @@
 ---
 name: polaris
 description: Connect to a Polaris multiplayer collaboration session
-allowed-tools: polaris_connect polaris_disconnect polaris_status polaris_reply polaris_context
-argument-hint: [join <project> <session> | disconnect | (no args for status)]
+allowed-tools: polaris_connect polaris_disconnect polaris_status polaris_reply polaris_context polaris_rename
+argument-hint: [join <project> <session> | rename <new-name> | disconnect | (no args for status)]
 ---
 
 ## Polaris — Multiplayer Collaboration
@@ -18,6 +18,10 @@ Based on the arguments provided, do ONE of the following:
 2. If `.polaris.json` exists in the repo root, read the `user` field from it. Otherwise ask the user for their participant ID (e.g., `user:manu`).
 3. Report the connection status
 
+**`/polaris rename <new-name>`** — Rename the current project:
+1. Call `polaris_rename` with the new name
+2. Report the result
+
 **`/polaris disconnect`** — Disconnect:
 1. Call `polaris_disconnect`
 2. Confirm disconnection

package/src/bridge-discover-org.ts

@@ -0,0 +1,5 @@
+import postgres from "postgres";
+const sql = postgres(process.env.DATABASE_URL ?? "");
+const rows = await sql`SELECT id FROM orgs WHERE slack_team_id IS NOT NULL LIMIT 1`;
+if (rows.length > 0) console.log(rows[0].id);
+await sql.end();