@moneysiren/app 0.1.0-alpha.9

package/dist/packages/report/src/slack.js

@@ -0,0 +1,134 @@
+export class SlackReportDeliveryError extends Error {
+    statusCode;
+    constructor(message, options = {}) {
+        super(message);
+        this.name = "SlackReportDeliveryError";
+        if (options.statusCode !== undefined) {
+            this.statusCode = options.statusCode;
+        }
+    }
+}
+const DEFAULT_SLACK_REPORT_TIMEOUT_MS = 5_000;
+const MAX_SLACK_ERROR_MESSAGE_LENGTH = 500;
+const MAX_SLACK_RESPONSE_BODY_LENGTH = 300;
+const TRUNCATED_SUFFIX = "... [truncated]";
+export function buildSlackReportPayload(text) {
+    const trimmedText = text.trim();
+    if (trimmedText.length === 0) {
+        throw new SlackReportDeliveryError("Slack report text must not be blank.");
+    }
+    return {
+        text: trimmedText,
+        mrkdwn: true,
+    };
+}
+export async function sendSlackReport(options) {
+    const webhookUrl = normalizeWebhookUrl(options.webhookUrl);
+    const payload = buildSlackReportPayload(options.text);
+    const transport = options.transport ?? fetchSlackReportTransport;
+    const timeoutMs = resolveSlackReportTimeoutMs(options.timeoutMs);
+    const controller = new AbortController();
+    let timeout;
+    let response;
+    try {
+        const transportPromise = transport({
+            webhookUrl,
+            payload,
+            signal: controller.signal,
+        });
+        transportPromise.catch(() => undefined);
+        const timeoutPromise = new Promise((_resolve, reject) => {
+            timeout = setTimeout(() => {
+                controller.abort();
+                reject(new SlackReportDeliveryError(`Slack report delivery timed out after ${timeoutMs}ms.`));
+            }, timeoutMs);
+        });
+        response = await Promise.race([transportPromise, timeoutPromise]);
+    }
+    catch (error) {
+        const message = error instanceof SlackReportDeliveryError
+            ? error.message
+            : `Slack report delivery failed: ${errorMessage(error)}`;
+        const errorOptions = error instanceof SlackReportDeliveryError && error.statusCode !== undefined
+            ? { statusCode: error.statusCode }
+            : {};
+        throw new SlackReportDeliveryError(sanitizeWebhookMessage(message, webhookUrl), errorOptions);
+    }
+    finally {
+        if (timeout !== undefined) {
+            clearTimeout(timeout);
+        }
+    }
+    if (!response.ok) {
+        const responseBody = formatResponseBodyDetail(response.body, webhookUrl);
+        const responseDetail = responseBody === undefined
+            ? ""
+            : ` Response: ${responseBody}`;
+        throw new SlackReportDeliveryError(sanitizeWebhookMessage(`Slack report delivery failed with HTTP ${response.status}.${responseDetail}`, webhookUrl), {
+            statusCode: response.status,
+        });
+    }
+    return {
+        status: "sent",
+        statusCode: response.status,
+    };
+}
+async function fetchSlackReportTransport(request) {
+    const response = await fetch(request.webhookUrl, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify(request.payload),
+        signal: request.signal,
+    });
+    const body = await response.text();
+    return {
+        ok: response.ok,
+        status: response.status,
+        ...(body.length === 0 ? {} : { body }),
+    };
+}
+function normalizeWebhookUrl(webhookUrl) {
+    const trimmed = webhookUrl.trim();
+    if (trimmed.length === 0) {
+        throw new SlackReportDeliveryError("SLACK_WEBHOOK_URL is required for Slack delivery.");
+    }
+    return trimmed;
+}
+function resolveSlackReportTimeoutMs(timeoutMs) {
+    if (timeoutMs === undefined) {
+        return DEFAULT_SLACK_REPORT_TIMEOUT_MS;
+    }
+    if (!Number.isSafeInteger(timeoutMs) || timeoutMs <= 0) {
+        throw new SlackReportDeliveryError("Slack report timeout must be a positive safe integer.");
+    }
+    return timeoutMs;
+}
+function formatResponseBodyDetail(body, webhookUrl) {
+    const trimmedBody = body?.trim();
+    if (trimmedBody === undefined || trimmedBody.length === 0) {
+        return undefined;
+    }
+    return limitText(redactSensitiveText(trimmedBody, webhookUrl), MAX_SLACK_RESPONSE_BODY_LENGTH);
+}
+function sanitizeWebhookMessage(message, webhookUrl) {
+    return limitText(redactSensitiveText(message, webhookUrl), MAX_SLACK_ERROR_MESSAGE_LENGTH);
+}
+function redactSensitiveText(message, webhookUrl) {
+    return message
+        .replaceAll(webhookUrl, "[REDACTED:webhook_url]")
+        .replace(/https:\/\/hooks\.slack\.com\/services\/[^\s"')]+/gi, "[REDACTED:webhook_url]")
+        .replace(/\bsk-[A-Za-z0-9_-]+/g, "[REDACTED:token]")
+        .replace(/\bxox[baprs]-[A-Za-z0-9-]+/gi, "[REDACTED:token]");
+}
+function limitText(message, maxLength) {
+    if (message.length <= maxLength) {
+        return message;
+    }
+    return `${message.slice(0, maxLength - TRUNCATED_SUFFIX.length)}${TRUNCATED_SUFFIX}`;
+}
+function errorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+//# sourceMappingURL=slack.js.map

package/dist/packages/runtime/src/index.d.ts

@@ -0,0 +1,2 @@
+export { assertLoopbackHost, assertRuntimeHealthy, findRuntime, isLoopbackHost, readRuntimeLock, removeRuntimeLock, resolveRuntimeLockPath, writeRuntimeLock, type LocalRuntime, type RuntimeHealthCheckOptions, type RuntimeLockOptions, } from "./runtime.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/packages/runtime/src/index.js

@@ -0,0 +1,2 @@
+export { assertLoopbackHost, assertRuntimeHealthy, findRuntime, isLoopbackHost, readRuntimeLock, removeRuntimeLock, resolveRuntimeLockPath, writeRuntimeLock, } from "./runtime.js";
+//# sourceMappingURL=index.js.map

package/dist/packages/runtime/src/runtime.d.ts

@@ -0,0 +1,26 @@
+export interface LocalRuntime {
+    pid: number;
+    port: number;
+    baseUrl: string;
+    startedAt: string;
+    version: string;
+}
+export interface RuntimeLockOptions {
+    cwd?: string;
+    env?: Record<string, string | undefined>;
+    lockPath?: string;
+    platform?: NodeJS.Platform;
+}
+export interface RuntimeHealthCheckOptions {
+    fetchImpl?: typeof fetch;
+    timeoutMs?: number;
+}
+export declare function isLoopbackHost(host: string): boolean;
+export declare function assertLoopbackHost(host: string): void;
+export declare function resolveRuntimeLockPath(options?: RuntimeLockOptions): string;
+export declare function readRuntimeLock(options?: RuntimeLockOptions): Promise<LocalRuntime | null>;
+export declare function writeRuntimeLock(runtime: LocalRuntime, options?: RuntimeLockOptions): Promise<string>;
+export declare function removeRuntimeLock(options?: RuntimeLockOptions): Promise<void>;
+export declare function findRuntime(options?: RuntimeLockOptions): Promise<LocalRuntime | null>;
+export declare function assertRuntimeHealthy(runtime: LocalRuntime, options?: RuntimeHealthCheckOptions): Promise<boolean>;
+//# sourceMappingURL=runtime.d.ts.map

package/dist/packages/runtime/src/runtime.js

@@ -0,0 +1,182 @@
+import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { dirname, isAbsolute, join, posix, win32 } from "node:path";
+const RUNTIME_LOCK_ENV_KEY = "MONEYSIREN_RUNTIME_LOCK_PATH";
+const DEFAULT_HEALTH_TIMEOUT_MS = 2_000;
+export function isLoopbackHost(host) {
+    const normalized = host.trim().toLowerCase().replace(/^\[/, "").replace(/\]$/, "");
+    return (normalized === "localhost" ||
+        normalized === "::1" ||
+        normalized === "0:0:0:0:0:0:0:1" ||
+        normalized.startsWith("127."));
+}
+export function assertLoopbackHost(host) {
+    if (!isLoopbackHost(host)) {
+        throw new Error("MoneySiren local runtime must bind to a loopback host.");
+    }
+}
+export function resolveRuntimeLockPath(options = {}) {
+    if (options.lockPath !== undefined && options.lockPath.trim().length > 0) {
+        return resolveRuntimePath(options.lockPath, options.cwd);
+    }
+    const configuredPath = options.env?.[RUNTIME_LOCK_ENV_KEY]?.trim();
+    if (configuredPath !== undefined && configuredPath.length > 0) {
+        return resolveRuntimePath(configuredPath, options.cwd);
+    }
+    return defaultRuntimeLockPath(options.env ?? process.env, options.platform ?? process.platform);
+}
+export async function readRuntimeLock(options = {}) {
+    const lockPath = resolveRuntimeLockPath(options);
+    try {
+        const parsed = JSON.parse(await readFile(lockPath, "utf8"));
+        return parseRuntime(parsed);
+    }
+    catch {
+        return null;
+    }
+}
+export async function writeRuntimeLock(runtime, options = {}) {
+    const parsedUrl = parseLoopbackUrl(runtime.baseUrl);
+    if (parsedUrl.port !== String(runtime.port)) {
+        throw new Error("Runtime lock baseUrl port must match the runtime port.");
+    }
+    const lockPath = resolveRuntimeLockPath(options);
+    await mkdir(dirname(lockPath), { recursive: true });
+    await writeFile(lockPath, `${JSON.stringify(runtime, null, 2)}\n`, "utf8");
+    return lockPath;
+}
+export async function removeRuntimeLock(options = {}) {
+    await rm(resolveRuntimeLockPath(options), {
+        force: true,
+    });
+}
+export async function findRuntime(options = {}) {
+    const runtime = await readRuntimeLock(options);
+    if (runtime === null) {
+        return null;
+    }
+    if (!isProcessAlive(runtime.pid)) {
+        await removeStaleRuntimeLock(options);
+        return null;
+    }
+    return runtime;
+}
+export async function assertRuntimeHealthy(runtime, options = {}) {
+    parseLoopbackUrl(runtime.baseUrl);
+    const fetchImpl = options.fetchImpl ?? fetch;
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), options.timeoutMs ?? DEFAULT_HEALTH_TIMEOUT_MS);
+    try {
+        const response = await fetchImpl(`${runtime.baseUrl}/api/local/health`, {
+            method: "GET",
+            signal: controller.signal,
+        });
+        if (!response.ok) {
+            return false;
+        }
+        const payload = await response.json();
+        return payload.secretsReturned === false;
+    }
+    catch {
+        return false;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+async function removeStaleRuntimeLock(options) {
+    try {
+        await removeRuntimeLock(options);
+    }
+    catch {
+        // A stale lock must not make status commands fail, especially after npm/global installs.
+    }
+}
+function parseRuntime(value) {
+    if (!isRecord(value)) {
+        return null;
+    }
+    const pid = value.pid;
+    const port = value.port;
+    const baseUrl = value.baseUrl;
+    const startedAt = value.startedAt;
+    const version = value.version;
+    if (typeof pid !== "number" ||
+        typeof port !== "number" ||
+        typeof baseUrl !== "string" ||
+        typeof startedAt !== "string" ||
+        typeof version !== "string" ||
+        !Number.isSafeInteger(pid) ||
+        !Number.isSafeInteger(port)) {
+        return null;
+    }
+    try {
+        parseLoopbackUrl(baseUrl);
+    }
+    catch {
+        return null;
+    }
+    return {
+        pid,
+        port,
+        baseUrl,
+        startedAt,
+        version,
+    };
+}
+function parseLoopbackUrl(value) {
+    const parsedUrl = new URL(value);
+    if (parsedUrl.protocol !== "http:") {
+        throw new Error("MoneySiren local runtime must use http on loopback.");
+    }
+    assertLoopbackHost(parsedUrl.hostname);
+    return parsedUrl;
+}
+function resolveRuntimePath(path, cwd = process.cwd()) {
+    return isAbsolute(path) ? path : join(cwd, path);
+}
+function defaultRuntimeLockPath(env, platform) {
+    if (platform === "darwin") {
+        return joinForPlatform(platform, resolveHomeDirectory(env), "Library", "Application Support", "MoneySiren", "runtime.json");
+    }
+    if (platform === "win32") {
+        return joinForPlatform(platform, resolveWindowsAppDataDirectory(env), "MoneySiren", "runtime.json");
+    }
+    const configHome = trimToNull(env.XDG_CONFIG_HOME) ?? joinForPlatform(platform, resolveHomeDirectory(env), ".config");
+    return joinForPlatform(platform, configHome, "moneysiren", "runtime.json");
+}
+function resolveWindowsAppDataDirectory(env) {
+    return trimToNull(env.APPDATA) ?? win32.join(resolveHomeDirectory(env), "AppData", "Roaming");
+}
+function resolveHomeDirectory(env) {
+    return trimToNull(env.HOME) ?? trimToNull(env.USERPROFILE) ?? homedir();
+}
+function trimToNull(value) {
+    const trimmed = value?.trim();
+    return trimmed === undefined || trimmed.length === 0 ? null : trimmed;
+}
+function joinForPlatform(platform, ...segments) {
+    return platform === "win32" ? win32.join(...segments) : posix.join(...segments);
+}
+function isProcessAlive(pid) {
+    if (pid <= 0) {
+        return false;
+    }
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch (error) {
+        if (isNodeError(error) && error.code === "EPERM") {
+            return true;
+        }
+        return false;
+    }
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null;
+}
+function isNodeError(value) {
+    return value instanceof Error && "code" in value;
+}
+//# sourceMappingURL=runtime.js.map

package/dist/packages/view-model/src/hud-model.d.ts

@@ -0,0 +1,74 @@
+import { type AggregateSyncStatus, type ItemSyncView, type RiskSeverity } from "./sync-state.js";
+import { type UsageProgressView } from "./usage-progress.js";
+import type { TodayLiveProviderView, TodayLiveView } from "./view-model.js";
+import type { NotificationWidgetKey } from "./notification-preferences-model.js";
+export type CreditAccuracy = "exact" | "estimated" | "bounded" | "unknown";
+export interface CreditItemView {
+    itemKey: string;
+    expiresAt: string | null;
+    estimatedEarliestAt: string | null;
+    estimatedLatestAt: string | null;
+    accuracy: CreditAccuracy;
+    status: "active" | "expiring_soon" | "expired" | "unknown";
+}
+export interface CreditPoolView {
+    kind: "credit_pool";
+    id: string;
+    providerKey: "codex-app" | "codex-cli";
+    variant: "count" | "expiry";
+    availableCount: number | null;
+    totalEarnedCount: number | null;
+    credits: readonly CreditItemView[];
+    unresolvedCount: number;
+    nearestExpiryAt: string | null;
+    accuracy: CreditAccuracy;
+    sync: ItemSyncView;
+    riskSeverity: RiskSeverity;
+    target: {
+        type: "service";
+        providerKey: "codex-app" | "codex-cli";
+    };
+}
+export interface QuotaItemView {
+    kind: "quota";
+    id: string;
+    providerKey: string;
+    window: "five_hour" | "weekly" | "context" | "budget";
+    progress: UsageProgressView;
+    resetAt: string | null;
+    sync: ItemSyncView;
+    riskSeverity: RiskSeverity;
+    target: {
+        type: "service" | "dashboard";
+        providerKey?: string;
+        routeKey?: string;
+    };
+}
+export type HudItemView = QuotaItemView | CreditPoolView;
+export interface HudViewModel {
+    generatedAt: string;
+    localOnly: true;
+    secretsReturned: false;
+    dataRevision: string;
+    sync: {
+        status: AggregateSyncStatus;
+        freshCount: number;
+        staleCount: number;
+        errorCount: number;
+        neutralCount: number;
+        lastSuccessAt: string | null;
+    };
+    risk: {
+        severity: RiskSeverity;
+        warningCount: number;
+        criticalCount: number;
+    };
+    items: readonly HudItemView[];
+}
+export declare const CODEX_APP_PROVIDER_KEY = "codex-app";
+export declare const CODEX_CLI_PROVIDER_KEY = "codex-cli";
+export declare function buildHudViewModel(todayLive: TodayLiveView): HudViewModel;
+export declare function filterHudViewModelByWidgets(model: HudViewModel, selectedWidgets: readonly NotificationWidgetKey[]): HudViewModel;
+export declare function buildCreditPoolFromProvider(provider: TodayLiveProviderView, generatedAt: string): CreditPoolView | null;
+export declare function buildCreditPoolsFromProvider(provider: TodayLiveProviderView, generatedAt: string): CreditPoolView[];
+//# sourceMappingURL=hud-model.d.ts.map