@onmars/lunar-agent-claude 0.1.0

package/src/adapter.ts

@@ -0,0 +1,514 @@
+import type { Agent, AgentEvent, AgentInput, AgentUsage } from '@onmars/lunar-core'
+import { log } from '@onmars/lunar-core'
+import type { SecurityConfig } from '@onmars/lunar-core/lib/config-loader'
+import { buildSafeEnv } from '@onmars/lunar-core/lib/security'
+
+export interface ClaudeAgentOptions {
+  /** Agent ID for routing — defaults to 'claude' */
+  id?: string
+  /** Display name — defaults to 'Claude Code (CLI)' */
+  name?: string
+  /** Working directory for Claude Code */
+  cwd: string
+  /** Path to claude binary (default: 'claude') */
+  binaryPath?: string
+  /** Model override (e.g., 'opus', 'sonnet') */
+  model?: string
+  /** Max turns for agentic loop */
+  maxTurns?: number
+  /** System prompt to prepend */
+  systemPrompt?: string
+  /**
+   * Auth mode:
+   * - 'stored' (default): use credentials from ~/.claude/ (claude login)
+   * - 'api-key': use ANTHROPIC_API_KEY env var
+   * - 'oauth-token': use ANTHROPIC_AUTH_TOKEN env var
+   */
+  authMode?: 'stored' | 'api-key' | 'oauth-token'
+  /** Environment variables to pass to the Claude process */
+  env?: Record<string, string>
+  /** Security config from workspace config.yaml */
+  security?: SecurityConfig
+  /**
+   * Enable 1M context window (extended context).
+   * Appends [1m] suffix to the model flag, which tells Claude Code CLI
+   * to send the anthropic-beta: context-1m-2025-08-07 header.
+   * Pricing: same up to 200K tokens, 2x input / 1.5x output above 200K.
+   */
+  context1m?: boolean
+}
+
+/**
+ * Model alias → full ID mapping for Claude Code CLI.
+ *
+ * When appending [1m] for extended context, the CLI requires the full
+ * model ID (e.g., "claude-opus-4-6[1m]"), not just the alias ("opus[1m]").
+ * This map resolves common aliases before appending the suffix.
+ */
+export const CLAUDE_MODEL_ALIASES: Record<string, string> = {
+  opus: 'claude-opus-4-6',
+  sonnet: 'claude-sonnet-4-6',
+  'sonnet-4.5': 'claude-sonnet-4-5',
+  haiku: 'claude-haiku-4-5',
+}
+
+/** Resolve a model alias to its full ID. Returns the input if not an alias. */
+export function resolveModelAlias(model: string): string {
+  return CLAUDE_MODEL_ALIASES[model] ?? model
+}
+
+interface ClaudeJsonMessage {
+  type: string
+  subtype?: string
+  session_id?: string
+  message?: {
+    role: string
+    content: Array<{
+      type: string
+      text?: string
+      thinking?: string
+      name?: string
+      input?: unknown
+      content?: unknown
+    }>
+    usage?: {
+      input_tokens?: number
+      output_tokens?: number
+      cache_read_input_tokens?: number
+      cache_creation_input_tokens?: number
+    }
+    model?: string
+  }
+  tool_use_id?: string
+  duration_ms?: number
+  duration_api_ms?: number
+  num_turns?: number
+  result?: string
+}
+
+/**
+ * Claude Agent — CLI spawn adapter.
+ *
+ * Spawns the official Claude Code CLI binary via Bun.spawn.
+ * Uses --output-format stream-json for real-time streaming.
+ * Auth: by default uses stored credentials from `claude login` (~/.claude/).
+ */
+export class ClaudeAgent implements Agent {
+  readonly id: string
+  readonly name: string
+
+  private activeProcess: ReturnType<typeof Bun.spawn> | null = null
+
+  constructor(private options: ClaudeAgentOptions) {
+    this.id = options.id ?? 'claude'
+    this.name = options.name ?? 'Claude Code (CLI)'
+  }
+
+  async init(): Promise<void> {
+    const binary = this.options.binaryPath ?? 'claude'
+
+    // Check binary exists
+    const which = Bun.spawn(['which', binary], { stdout: 'pipe', stderr: 'pipe' })
+    const exitCode = await which.exited
+    if (exitCode !== 0) {
+      throw new Error(
+        `Claude CLI not found at '${binary}'. Install with: npm install -g @anthropic-ai/claude-code`,
+      )
+    }
+
+    // Verify auth works with a minimal test query
+    const env = this.buildEnv()
+    const testProc = Bun.spawn(
+      [
+        binary,
+        '-p',
+        'Reply with OK',
+        '--output-format',
+        'json',
+        '--max-turns',
+        '1',
+        '--permission-mode',
+        'bypassPermissions',
+      ],
+      { cwd: this.options.cwd, env, stdout: 'pipe', stderr: 'pipe' },
+    )
+    const testExit = await testProc.exited
+    if (testExit !== 0) {
+      const stderr = await new Response(testProc.stderr).text()
+      throw new Error(
+        `Claude CLI auth check failed (exit ${testExit}). Run 'claude login' first.\nDetails: ${stderr.slice(0, 200)}`,
+      )
+    }
+
+    // Check response for auth errors
+    const testOutput = await new Response(testProc.stdout).text()
+    try {
+      const result = JSON.parse(testOutput)
+      if (result.is_error || result.result?.includes('Invalid API key')) {
+        throw new Error(
+          'Claude CLI auth failed: Invalid API key detected. If you have ANTHROPIC_API_KEY set in your environment, remove it — Claude Code uses stored credentials from "claude login".',
+        )
+      }
+    } catch (err) {
+      if (err instanceof SyntaxError) {
+        log.warn('Could not parse auth check response, proceeding anyway')
+      } else {
+        throw err
+      }
+    }
+
+    log.info(
+      { cwd: this.options.cwd, binary, auth: this.options.authMode ?? 'stored' },
+      'Claude CLI agent initialized (auth verified)',
+    )
+  }
+
+  async destroy(): Promise<void> {
+    if (this.activeProcess) {
+      this.activeProcess.kill()
+      this.activeProcess = null
+    }
+  }
+
+  abort(): void {
+    if (this.activeProcess) {
+      log.info('Aborting active Claude CLI process')
+      this.activeProcess.kill()
+      // Don't null activeProcess — the query() generator's finally block handles that
+    }
+  }
+
+  async *query(input: AgentInput): AsyncGenerator<AgentEvent> {
+    const startTime = Date.now()
+    const args = this.buildArgs(input)
+    const env = this.buildEnv()
+
+    log.debug(
+      { args: args.join(' ').slice(0, 200), sessionId: input.sessionId },
+      'Spawning claude CLI',
+    )
+    log.debug(
+      {
+        hasApiKey: 'ANTHROPIC_API_KEY' in env,
+        hasAuthToken: 'ANTHROPIC_AUTH_TOKEN' in env,
+        authMode: this.options.authMode ?? 'stored',
+      },
+      'Claude env check',
+    )
+
+    const proc = Bun.spawn(args, {
+      cwd: this.options.cwd,
+      env,
+      stdout: 'pipe',
+      stderr: 'pipe',
+    })
+
+    this.activeProcess = proc
+
+    try {
+      yield* this.processStream(proc, startTime, input)
+    } finally {
+      this.activeProcess = null
+    }
+  }
+
+  async health(): Promise<{ ok: boolean; latencyMs?: number; error?: string }> {
+    const start = Date.now()
+    try {
+      const proc = Bun.spawn([this.options.binaryPath ?? 'claude', '--version'], {
+        stdout: 'pipe',
+        stderr: 'pipe',
+      })
+      const exitCode = await proc.exited
+      return {
+        ok: exitCode === 0,
+        latencyMs: Date.now() - start,
+        error: exitCode !== 0 ? `Exit code ${exitCode}` : undefined,
+      }
+    } catch (err) {
+      return {
+        ok: false,
+        latencyMs: Date.now() - start,
+        error: err instanceof Error ? err.message : String(err),
+      }
+    }
+  }
+
+  // --- Private ---
+
+  private buildArgs(input: AgentInput): string[] {
+    const binary = this.options.binaryPath ?? 'claude'
+    const args: string[] = [binary]
+
+    // Print mode with prompt
+    args.push('-p', input.prompt)
+
+    // Streaming JSON output + verbose (required by CLI)
+    args.push('--output-format', 'stream-json', '--verbose')
+
+    // Session resumption
+    if (input.sessionId) {
+      args.push('--resume', input.sessionId)
+    }
+
+    // System prompt
+    const systemPrompt = input.systemPrompt ?? this.options.systemPrompt
+    if (systemPrompt) {
+      args.push('--append-system-prompt', systemPrompt)
+    }
+
+    // Model override — per-query (moon) takes priority over agent-level (global)
+    const effectiveModel = input.model ?? this.options.model
+    const effectiveContext1m = input.context1m ?? this.options.context1m
+
+    if (effectiveModel) {
+      let model = effectiveModel
+      if (effectiveContext1m) {
+        // Resolve alias to full ID before appending [1m].
+        // CLI requires full ID format: "claude-opus-4-6[1m]", not "opus[1m]"
+        model = resolveModelAlias(model)
+        if (!model.includes('[1m]')) {
+          model = `${model}[1m]`
+        }
+      }
+      args.push('--model', model)
+    }
+
+    // Max turns
+    if (this.options.maxTurns) {
+      args.push('--max-turns', String(this.options.maxTurns))
+    }
+
+    // Permission mode
+    args.push('--permission-mode', 'bypassPermissions')
+
+    return args
+  }
+
+  private buildEnv(): Record<string, string> {
+    const authMode = this.options.authMode ?? 'stored'
+
+    // Auth-specific env overrides
+    const authEnv: Record<string, string> = {}
+
+    if (authMode === 'stored') {
+      // Explicitly clear auth env vars so CLI uses stored credentials (~/.claude/)
+      // These are set to empty string to override any inherited values
+    } else if (authMode === 'api-key') {
+      const apiKey = process.env.ANTHROPIC_API_KEY
+      if (apiKey) authEnv.ANTHROPIC_API_KEY = apiKey
+    } else if (authMode === 'oauth-token') {
+      const authToken = process.env.ANTHROPIC_AUTH_TOKEN
+      if (authToken) authEnv.ANTHROPIC_AUTH_TOKEN = authToken
+    }
+
+    // 1M context control via CLAUDE_CODE_DISABLE_1M_CONTEXT env var.
+    // Since Claude Code v2.1.50+, 1M context is enabled by default for Opus 4.6.
+    // We only set the disable var when context1m is explicitly false.
+    const context1mEnv: Record<string, string> = {}
+    if (this.options.context1m === false) {
+      context1mEnv.CLAUDE_CODE_DISABLE_1M_CONTEXT = '1'
+    }
+
+    // If security config is provided, use allowlist filtering
+    if (this.options.security) {
+      const env = buildSafeEnv(
+        process.env as Record<string, string | undefined>,
+        this.options.security,
+        { ...authEnv, ...context1mEnv, ...(this.options.env ?? {}) },
+      )
+
+      // For stored auth, ensure auth env vars are NOT present
+      if (authMode === 'stored') {
+        delete env.ANTHROPIC_API_KEY
+        delete env.ANTHROPIC_AUTH_TOKEN
+      }
+
+      return env
+    }
+
+    // Fallback: legacy behavior (blocklist approach) when no security config
+    log.warn('No security config provided — using legacy blocklist env filtering')
+    const keysToRemove = new Set<string>()
+    if (authMode === 'stored') {
+      keysToRemove.add('ANTHROPIC_API_KEY')
+      keysToRemove.add('ANTHROPIC_AUTH_TOKEN')
+    } else if (authMode === 'api-key') {
+      keysToRemove.add('ANTHROPIC_AUTH_TOKEN')
+    } else if (authMode === 'oauth-token') {
+      keysToRemove.add('ANTHROPIC_API_KEY')
+    }
+
+    const env: Record<string, string> = {}
+    for (const [key, value] of Object.entries(process.env)) {
+      if (value !== undefined && !keysToRemove.has(key)) {
+        env[key] = value
+      }
+    }
+    Object.assign(env, context1mEnv)
+    if (this.options.env) Object.assign(env, this.options.env)
+    return env
+  }
+
+  private async *processStream(
+    proc: ReturnType<typeof Bun.spawn>,
+    startTime: number,
+    input: AgentInput,
+  ): AsyncGenerator<AgentEvent> {
+    const reader = (proc.stdout as ReadableStream<Uint8Array>).getReader()
+    const decoder = new TextDecoder()
+
+    let buffer = ''
+    let sessionId = ''
+    let totalInputTokens = 0
+    let totalOutputTokens = 0
+    let totalCacheReadTokens = 0
+    let totalCacheWriteTokens = 0
+    // Last API call values — for accurate context window calculation
+    let lastCallInputTokens = 0
+    let lastCallCacheReadTokens = 0
+    let lastCallCacheWriteTokens = 0
+    let model: string | undefined
+    let hasAssistantText = false
+
+    try {
+      while (true) {
+        const { done, value } = await reader.read()
+        if (done) break
+
+        buffer += decoder.decode(value, { stream: true })
+
+        // Process complete JSON lines
+        const lines = buffer.split('\n')
+        buffer = lines.pop() ?? ''
+
+        for (const line of lines) {
+          const trimmed = line.trim()
+          if (!trimmed) continue
+
+          try {
+            const msg: ClaudeJsonMessage = JSON.parse(trimmed)
+            for (const evt of this.processMessage(msg)) {
+              if (evt.type === 'text') hasAssistantText = true
+              yield evt
+            }
+
+            // Fallback: if result type has text and no assistant blocks emitted text
+            if (msg.type === 'result' && msg.result && !hasAssistantText) {
+              yield { type: 'text', content: msg.result }
+            }
+
+            if (msg.session_id) sessionId = msg.session_id
+            if (msg.message?.usage) {
+              totalInputTokens += msg.message.usage.input_tokens ?? 0
+              totalOutputTokens += msg.message.usage.output_tokens ?? 0
+              totalCacheReadTokens += msg.message.usage.cache_read_input_tokens ?? 0
+              totalCacheWriteTokens += msg.message.usage.cache_creation_input_tokens ?? 0
+              // Overwrite (not accumulate) — last API call = current context state
+              lastCallInputTokens = msg.message.usage.input_tokens ?? 0
+              lastCallCacheReadTokens = msg.message.usage.cache_read_input_tokens ?? 0
+              lastCallCacheWriteTokens = msg.message.usage.cache_creation_input_tokens ?? 0
+            }
+            if (msg.message?.model) model = msg.message.model
+          } catch {
+            log.debug({ line: trimmed.slice(0, 100) }, 'Skipping non-JSON line')
+          }
+        }
+      }
+    } finally {
+      reader.releaseLock()
+    }
+
+    const exitCode = await proc.exited
+
+    if (exitCode !== 0) {
+      const stderr = await new Response(proc.stderr as ReadableStream).text()
+      if (stderr.trim()) {
+        log.error({ exitCode, stderr: stderr.slice(0, 500) }, 'Claude CLI error')
+        if (stderr.includes('rate limit') || stderr.includes("you've hit your limit")) {
+          yield { type: 'error', error: 'Rate limited. Please wait a moment.', recoverable: true }
+        } else {
+          yield { type: 'error', error: stderr.trim(), recoverable: false }
+        }
+      }
+    }
+
+    // Only return sessionId if the query actually produced content
+    // This prevents saving corrupted sessions from failed auth/errors
+    const validSession = hasAssistantText || totalOutputTokens > 0
+
+    // Tag model with [1m] for internal catalog lookup when 1M context is active.
+    // Since Claude Code v2.1.50+, 1M is the default for Opus 4.6, so the CLI
+    // model name is unchanged. We tag internally for correct pricing/window size.
+    // Only tag real Claude models — skip synthetic/error responses.
+    const isContext1m = input.context1m ?? this.options.context1m
+    let reportedModel = model
+    if (
+      isContext1m &&
+      reportedModel &&
+      reportedModel.startsWith('claude-') &&
+      !reportedModel.includes('[1m]')
+    ) {
+      reportedModel = `${reportedModel}[1m]`
+    }
+
+    yield {
+      type: 'done',
+      sessionId: validSession ? sessionId : '',
+      usage: {
+        inputTokens: totalInputTokens,
+        outputTokens: totalOutputTokens,
+        cacheReadTokens: totalCacheReadTokens,
+        cacheWriteTokens: totalCacheWriteTokens,
+        // Context from last API call only (not accumulated across turns)
+        contextTokens: lastCallInputTokens + lastCallCacheReadTokens + lastCallCacheWriteTokens,
+        model: reportedModel,
+        durationMs: Date.now() - startTime,
+      },
+    }
+  }
+
+  private *processMessage(msg: ClaudeJsonMessage): Generator<AgentEvent> {
+    switch (msg.type) {
+      case 'assistant': {
+        if (!msg.message?.content) break
+        for (const block of msg.message.content) {
+          if (block.type === 'text' && block.text) {
+            yield { type: 'text', content: block.text }
+          } else if (block.type === 'thinking' && block.thinking) {
+            yield { type: 'thinking', content: block.thinking }
+          }
+        }
+        break
+      }
+
+      case 'tool_use': {
+        if (!msg.message?.content) break
+        for (const block of msg.message.content) {
+          if (block.type === 'tool_use' && block.name) {
+            yield { type: 'tool_use', tool: block.name, input: block.input }
+          }
+        }
+        break
+      }
+
+      case 'tool_result': {
+        if (!msg.message?.content) break
+        for (const block of msg.message.content) {
+          if (block.type === 'tool_result') {
+            yield { type: 'tool_result', tool: '', output: block.content }
+          }
+        }
+        break
+      }
+
+      case 'error': {
+        yield { type: 'error', error: msg.result ?? 'Unknown CLI error', recoverable: false }
+        break
+      }
+
+      case 'result':
+        break // Final result — already captured from assistant messages
+    }
+  }
+}

package/src/index.ts

@@ -0,0 +1,2 @@
+export type { ClaudeAgentOptions } from './adapter'
+export { CLAUDE_MODEL_ALIASES, ClaudeAgent, resolveModelAlias } from './adapter'