@openparachute/agent 0.1.0

package/src/db/agent-groups.ts

@@ -0,0 +1,77 @@
+import type { AgentGroup, SecretMode } from '../types.js';
+import { getDb } from './connection.js';
+
+export function createAgentGroup(group: Omit<AgentGroup, 'secret_mode'> & { secret_mode?: SecretMode }): void {
+  getDb()
+    .prepare(
+      `INSERT INTO agent_groups (id, name, folder, agent_provider, secret_mode, created_at)
+       VALUES (@id, @name, @folder, @agent_provider, @secret_mode, @created_at)`,
+    )
+    .run({ ...group, secret_mode: group.secret_mode ?? 'selective' });
+}
+
+export function getAgentGroupSecretMode(agentGroupId: string): SecretMode | undefined {
+  const row = getDb()
+    .prepare<{ secret_mode: SecretMode }>('SELECT secret_mode FROM agent_groups WHERE id = ?')
+    .get(agentGroupId);
+  return row?.secret_mode;
+}
+
+/**
+ * Batched read for callers building list views — avoids the per-row SELECT
+ * that `toView` would otherwise fan out into. Returns a Map keyed by group
+ * id; missing ids simply aren't in the map (callers fall back to the
+ * `'selective'` default the same way the single-row helper does).
+ */
+export function getAgentGroupSecretModes(agentGroupIds: readonly string[]): Map<string, SecretMode> {
+  const result = new Map<string, SecretMode>();
+  if (agentGroupIds.length === 0) return result;
+  const placeholders = agentGroupIds.map(() => '?').join(',');
+  const rows = getDb()
+    .prepare<{ id: string; secret_mode: SecretMode }>(
+      `SELECT id, secret_mode FROM agent_groups WHERE id IN (${placeholders})`,
+    )
+    .all(...agentGroupIds);
+  for (const r of rows) result.set(r.id, r.secret_mode);
+  return result;
+}
+
+export function setAgentGroupSecretMode(agentGroupId: string, mode: SecretMode): void {
+  getDb().prepare('UPDATE agent_groups SET secret_mode = @mode WHERE id = @id').run({ id: agentGroupId, mode });
+}
+
+export function getAgentGroup(id: string): AgentGroup | undefined {
+  return getDb().prepare('SELECT * FROM agent_groups WHERE id = ?').get(id) as AgentGroup | undefined;
+}
+
+export function getAgentGroupByFolder(folder: string): AgentGroup | undefined {
+  return getDb().prepare('SELECT * FROM agent_groups WHERE folder = ?').get(folder) as AgentGroup | undefined;
+}
+
+export function getAllAgentGroups(): AgentGroup[] {
+  return getDb().prepare('SELECT * FROM agent_groups ORDER BY name').all() as AgentGroup[];
+}
+
+export function updateAgentGroup(
+  id: string,
+  updates: Partial<Pick<AgentGroup, 'name' | 'agent_provider' | 'secret_mode'>>,
+): void {
+  const fields: string[] = [];
+  const values: Record<string, unknown> = { id };
+
+  for (const [key, value] of Object.entries(updates)) {
+    if (value !== undefined) {
+      fields.push(`${key} = @${key}`);
+      values[key] = value;
+    }
+  }
+  if (fields.length === 0) return;
+
+  getDb()
+    .prepare(`UPDATE agent_groups SET ${fields.join(', ')} WHERE id = @id`)
+    .run(values);
+}
+
+export function deleteAgentGroup(id: string): void {
+  getDb().prepare('DELETE FROM agent_groups WHERE id = ?').run(id);
+}

package/src/db/connection.migrate.test.ts

@@ -0,0 +1,143 @@
+/**
+ * Coverage for migrateCentralDbLocation + migrateMasterKeyLocation —
+ * operator-data-loss-prevention helpers that copy state from the legacy
+ * paths to their parachute-agent homes (`<PARACHUTE_DIR>/agent/agent.db`
+ * + `<PARACHUTE_DIR>/agent/master.key`). Cases pinned: fresh install,
+ * pre-0.0.6 in-tree legacy, pre-0.1.0 paraclaw-era legacy, both legacies
+ * present (paraclaw wins), current already on disk (no clobber).
+ */
+import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync, statSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+
+import { migrateCentralDbLocation, migrateMasterKeyLocation } from './connection.js';
+
+let tmp: string;
+let legacy: string;
+let paraclawLegacy: string;
+let current: string;
+
+beforeEach(() => {
+  tmp = mkdtempSync(join(tmpdir(), 'parachute-agent-central-db-migrate-'));
+  legacy = join(tmp, 'legacy', 'v2.db');
+  paraclawLegacy = join(tmp, 'home', '.parachute', 'claw', 'paraclaw.db');
+  // Nested under a not-yet-created directory so we exercise the mkdir path.
+  current = join(tmp, 'home', '.parachute', 'agent', 'agent.db');
+  mkdirSync(join(tmp, 'legacy'), { recursive: true });
+});
+
+afterEach(() => {
+  rmSync(tmp, { recursive: true, force: true });
+});
+
+describe('migrateCentralDbLocation', () => {
+  it('fresh install — no legacy, no current — is a noop', () => {
+    migrateCentralDbLocation(legacy, current, paraclawLegacy);
+    expect(existsSync(legacy)).toBe(false);
+    expect(existsSync(paraclawLegacy)).toBe(false);
+    expect(existsSync(current)).toBe(false);
+  });
+
+  it('pre-0.0.6 legacy only — copies to current with chmod 0600, legacy stays as backup', () => {
+    writeFileSync(legacy, 'in-tree-db-bytes');
+
+    migrateCentralDbLocation(legacy, current, paraclawLegacy);
+
+    expect(existsSync(legacy)).toBe(true);
+    expect(existsSync(current)).toBe(true);
+    expect(readFileSync(current, 'utf8')).toBe('in-tree-db-bytes');
+    expect(readFileSync(legacy, 'utf8')).toBe('in-tree-db-bytes');
+    if (process.platform !== 'win32') {
+      expect(statSync(current).mode & 0o777).toBe(0o600);
+    }
+  });
+
+  it('pre-0.1.0 paraclaw-era legacy only — copies to current with chmod 0600, legacy stays as backup', () => {
+    mkdirSync(join(tmp, 'home', '.parachute', 'claw'), { recursive: true });
+    writeFileSync(paraclawLegacy, 'paraclaw-era-bytes');
+
+    migrateCentralDbLocation(legacy, current, paraclawLegacy);
+
+    expect(existsSync(paraclawLegacy)).toBe(true);
+    expect(existsSync(current)).toBe(true);
+    expect(readFileSync(current, 'utf8')).toBe('paraclaw-era-bytes');
+    expect(readFileSync(paraclawLegacy, 'utf8')).toBe('paraclaw-era-bytes');
+    if (process.platform !== 'win32') {
+      expect(statSync(current).mode & 0o777).toBe(0o600);
+    }
+  });
+
+  it('both legacies present — paraclaw-era wins (more recent state)', () => {
+    writeFileSync(legacy, 'in-tree');
+    mkdirSync(join(tmp, 'home', '.parachute', 'claw'), { recursive: true });
+    writeFileSync(paraclawLegacy, 'paraclaw');
+
+    migrateCentralDbLocation(legacy, current, paraclawLegacy);
+
+    expect(readFileSync(current, 'utf8')).toBe('paraclaw');
+    expect(readFileSync(legacy, 'utf8')).toBe('in-tree');
+    expect(readFileSync(paraclawLegacy, 'utf8')).toBe('paraclaw');
+  });
+
+  it('current already exists — every legacy left untouched (no clobber)', () => {
+    writeFileSync(legacy, 'old');
+    mkdirSync(join(tmp, 'home', '.parachute', 'claw'), { recursive: true });
+    writeFileSync(paraclawLegacy, 'older');
+    mkdirSync(join(tmp, 'home', '.parachute', 'agent'), { recursive: true });
+    writeFileSync(current, 'new');
+
+    migrateCentralDbLocation(legacy, current, paraclawLegacy);
+
+    expect(readFileSync(current, 'utf8')).toBe('new');
+    expect(readFileSync(legacy, 'utf8')).toBe('old');
+    expect(readFileSync(paraclawLegacy, 'utf8')).toBe('older');
+  });
+});
+
+describe('migrateMasterKeyLocation', () => {
+  let legacyDir: string;
+  let currentDir: string;
+  let legacyKey: string;
+  let currentKey: string;
+
+  beforeEach(() => {
+    legacyDir = join(tmp, 'home', '.parachute', 'claw');
+    currentDir = join(tmp, 'home', '.parachute', 'agent');
+    legacyKey = join(legacyDir, 'master.key');
+    currentKey = join(currentDir, 'master.key');
+  });
+
+  it('fresh install — no legacy, no current — is a noop', () => {
+    migrateMasterKeyLocation(legacyDir, currentDir);
+    expect(existsSync(legacyKey)).toBe(false);
+    expect(existsSync(currentKey)).toBe(false);
+  });
+
+  it('legacy key only — copies to current with chmod 0600, legacy stays as backup', () => {
+    mkdirSync(legacyDir, { recursive: true });
+    writeFileSync(legacyKey, 'k'.repeat(32));
+
+    migrateMasterKeyLocation(legacyDir, currentDir);
+
+    expect(existsSync(legacyKey)).toBe(true);
+    expect(existsSync(currentKey)).toBe(true);
+    expect(readFileSync(currentKey, 'utf8')).toBe('k'.repeat(32));
+    if (process.platform !== 'win32') {
+      expect(statSync(currentKey).mode & 0o777).toBe(0o600);
+    }
+  });
+
+  it('current key already exists — legacy left untouched (no clobber)', () => {
+    mkdirSync(legacyDir, { recursive: true });
+    writeFileSync(legacyKey, 'old-key-bytes-padding-to-32-aaaa');
+    mkdirSync(currentDir, { recursive: true });
+    writeFileSync(currentKey, 'new-key-bytes-padding-to-32-aaaa');
+
+    migrateMasterKeyLocation(legacyDir, currentDir);
+
+    expect(readFileSync(currentKey, 'utf8')).toBe('new-key-bytes-padding-to-32-aaaa');
+    expect(readFileSync(legacyKey, 'utf8')).toBe('old-key-bytes-padding-to-32-aaaa');
+  });
+});

package/src/db/connection.ts

@@ -0,0 +1,224 @@
+import { Database as RawDatabase } from 'bun:sqlite';
+import fs from 'fs';
+import path from 'path';
+
+import { CENTRAL_DB_PATH, LEGACY_CENTRAL_DB_PATH, LEGACY_PARACLAW_DB_DIR, LEGACY_PARACLAW_DB_PATH } from '../config.js';
+import { log } from '../log.js';
+
+let _db: WrappedDatabase | null = null;
+
+export function getDb(): WrappedDatabase {
+  if (!_db) throw new Error('Database not initialized. Call initDb() first.');
+  return _db;
+}
+
+export function initDb(dbPath: string): WrappedDatabase {
+  fs.mkdirSync(path.dirname(dbPath), { recursive: true });
+  _db = new WrappedDatabase(new RawDatabase(dbPath));
+  _db.exec('PRAGMA journal_mode = WAL');
+  _db.exec('PRAGMA foreign_keys = ON');
+  log.info('Central DB initialized', { path: dbPath });
+  return _db;
+}
+
+/**
+ * One-shot migration: relocate the central DB from a legacy location to the
+ * operator-owned `<PARACHUTE_DIR>/agent/agent.db`. Two legacy locations are
+ * checked in priority order:
+ *   1. `<PARACHUTE_DIR>/claw/paraclaw.db` — pre-0.1.0, before the
+ *      paraclaw → parachute-agent rename.
+ *   2. `<PROJECT_ROOT>/data/v2.db` — pre-0.0.6, before central state moved
+ *      out of the project tree.
+ * Idempotent — noop if the new path already exists OR no legacy path does.
+ *
+ * The legacy file is left in place as a backup. Operators can rm it after they
+ * verify the new location works; we don't delete on their behalf because the
+ * data is irreplaceable (per-session message state, agent group config, etc).
+ *
+ * Called from src/index.ts before initDb. Safe to call multiple times.
+ *
+ * Path overrides exist for tests; production callers pass no args.
+ */
+export function migrateCentralDbLocation(
+  legacy: string = LEGACY_CENTRAL_DB_PATH,
+  current: string = CENTRAL_DB_PATH,
+  paraclawLegacy: string = LEGACY_PARACLAW_DB_PATH,
+): void {
+  if (fs.existsSync(current)) return; // already on the new location
+
+  // Prefer the paraclaw-era legacy path: it's the more recent state for
+  // anyone upgrading through 0.0.x → 0.1.0.
+  const source = fs.existsSync(paraclawLegacy) ? paraclawLegacy : fs.existsSync(legacy) ? legacy : null;
+  if (!source) return; // fresh install, nothing to migrate
+
+  fs.mkdirSync(path.dirname(current), { recursive: true, mode: 0o700 });
+  // Use copyFile (not rename) so a partial migration doesn't strand the user
+  // between locations. After successful copy the legacy file stays as backup.
+  fs.copyFileSync(source, current);
+  fs.chmodSync(current, 0o600);
+  log.info('Central DB migrated from legacy location', {
+    from: source,
+    to: current,
+    note: 'legacy file kept as backup; rm manually after verifying',
+  });
+}
+
+/**
+ * One-shot migration: copy `<PARACHUTE_DIR>/claw/master.key` to
+ * `<PARACHUTE_DIR>/agent/master.key` so encrypted-secret rows decrypted under
+ * the old key continue to decrypt after the paraclaw → parachute-agent
+ * rename. Idempotent — noop if the new key already exists OR the legacy
+ * key doesn't.
+ *
+ * The legacy file is left in place — same rationale as the DB migration.
+ *
+ * Path overrides exist for tests; production callers pass no args.
+ */
+export function migrateMasterKeyLocation(
+  legacyDir: string = LEGACY_PARACLAW_DB_DIR,
+  currentDir: string = path.dirname(CENTRAL_DB_PATH),
+): void {
+  const legacyKey = path.join(legacyDir, 'master.key');
+  const currentKey = path.join(currentDir, 'master.key');
+  if (fs.existsSync(currentKey)) return;
+  if (!fs.existsSync(legacyKey)) return;
+
+  fs.mkdirSync(currentDir, { recursive: true, mode: 0o700 });
+  fs.copyFileSync(legacyKey, currentKey);
+  fs.chmodSync(currentKey, 0o600);
+  log.info('Master key migrated from legacy location', {
+    from: legacyKey,
+    to: currentKey,
+    note: 'legacy file kept as backup; rm manually after verifying',
+  });
+}
+
+/** For tests only — creates an in-memory DB and runs migrations. */
+export function initTestDb(): WrappedDatabase {
+  _db = new WrappedDatabase(new RawDatabase(':memory:'));
+  _db.exec('PRAGMA foreign_keys = ON');
+  return _db;
+}
+
+export function closeDb(): void {
+  _db?.close();
+  _db = null;
+}
+
+/**
+ * Check whether a table exists. Used by core code that touches
+ * module-owned tables so that an uninstalled module degrades silently
+ * instead of raising SQLite errors. Cheap: a single indexed lookup on
+ * sqlite_master. Results are not cached — a module install adds the
+ * table at runtime (next service start), and callers may run before
+ * or after that boundary.
+ */
+export function hasTable(db: WrappedDatabase, name: string): boolean {
+  const row = db.prepare(`SELECT 1 AS one FROM sqlite_master WHERE type='table' AND name = ? LIMIT 1`).get(name) as
+    | { one: number }
+    | undefined
+    | null;
+  return row != null;
+}
+
+// ---------------------------------------------------------------------------
+// bun:sqlite wrapper — papers over the named-param prefix gotcha.
+//
+// better-sqlite3 lets you write SQL `@name` and pass `{ name: ... }`. bun:sqlite
+// does NOT auto-strip the prefix: it silently binds null. We wrap prepare() so
+// that plain-object args get keys auto-prefixed with `@`. Callers can keep
+// writing their existing patterns; positional `?` + primitive args are
+// unaffected.
+// ---------------------------------------------------------------------------
+
+type Bindable = unknown;
+
+function prefixObjectKeys(obj: Record<string, unknown>): Record<string, unknown> {
+  const out: Record<string, unknown> = {};
+  for (const [k, v] of Object.entries(obj)) {
+    if (k.startsWith('@') || k.startsWith('$') || k.startsWith(':')) {
+      out[k] = v;
+    } else {
+      out[`@${k}`] = v;
+    }
+  }
+  return out;
+}
+
+function adaptArg(arg: Bindable): Bindable {
+  if (arg == null) return arg;
+  if (Array.isArray(arg)) return arg;
+  if (typeof arg !== 'object') return arg;
+  return prefixObjectKeys(arg as Record<string, unknown>);
+}
+
+function adaptArgs(args: Bindable[]): Bindable[] {
+  return args.map(adaptArg);
+}
+
+export class WrappedStatement<T = unknown> {
+  // bun:sqlite's Statement type is exported but constructor isn't, so use unknown
+  constructor(public readonly stmt: ReturnType<RawDatabase['prepare']>) {}
+
+  run(...args: Bindable[]): { changes: number; lastInsertRowid: number | bigint } {
+    return this.stmt.run(...(adaptArgs(args) as never[]));
+  }
+  get(...args: Bindable[]): T | undefined {
+    const r = this.stmt.get(...(adaptArgs(args) as never[]));
+    return (r ?? undefined) as T | undefined;
+  }
+  all(...args: Bindable[]): T[] {
+    return this.stmt.all(...(adaptArgs(args) as never[])) as T[];
+  }
+  values(...args: Bindable[]): unknown[][] {
+    return this.stmt.values(...(adaptArgs(args) as never[]));
+  }
+  iterate(...args: Bindable[]): IterableIterator<T> {
+    return this.stmt.iterate(...(adaptArgs(args) as never[])) as IterableIterator<T>;
+  }
+  finalize(): void {
+    this.stmt.finalize();
+  }
+  toString(): string {
+    return this.stmt.toString();
+  }
+}
+
+export class WrappedDatabase {
+  constructor(public readonly raw: RawDatabase) {}
+
+  prepare<T = unknown>(sql: string): WrappedStatement<T> {
+    return new WrappedStatement<T>(this.raw.prepare(sql));
+  }
+  exec(sql: string): void {
+    this.raw.exec(sql);
+  }
+  /**
+   * better-sqlite3 had `.pragma('foo = bar')`; bun:sqlite uses exec.
+   * Kept for compatibility across the host code.
+   */
+  pragma(setting: string): void {
+    this.raw.exec(`PRAGMA ${setting}`);
+  }
+  transaction<F extends (...a: never[]) => unknown>(fn: F): F {
+    return this.raw.transaction(fn) as unknown as F;
+  }
+  close(): void {
+    this.raw.close();
+  }
+  get name(): string {
+    return this.raw.filename;
+  }
+}
+
+/** Re-export under the legacy alias so call sites that imported `Database` keep working. */
+export type Database = WrappedDatabase;
+
+/**
+ * Open a SQLite file at an arbitrary path (not the central DB).
+ * Used by session-DB helpers and other ad-hoc readers.
+ */
+export function openDb(dbPath: string, opts?: { readonly?: boolean }): WrappedDatabase {
+  const raw = new RawDatabase(dbPath, opts);
+  return new WrappedDatabase(raw);
+}