@owloops/browserbird 1.0.1 → 1.0.3

package/src/provider/spawn.ts

@@ -1,173 +0,0 @@
-/** @fileoverview Spawn a CLI provider as a subprocess. */
-
-import { spawn, type ChildProcess } from 'node:child_process';
-import type { ProviderName, ProviderModule, SpawnOptions } from './types.ts';
-import type { StreamEvent } from './stream.ts';
-import { splitLines } from './stream.ts';
-import { logger } from '../core/logger.ts';
-import { claude } from './claude.ts';
-import { opencode } from './opencode.ts';
-
-const SIGKILL_GRACE_MS = 5_000;
-
-const PROVIDERS: Record<ProviderName, ProviderModule> = {
-  claude,
-  opencode,
-};
-
-/** Sends SIGTERM, then SIGKILL after a grace period if the process is still alive. */
-function gracefulKill(proc: ChildProcess): void {
-  if (!proc.pid || proc.killed) return;
-  proc.kill('SIGTERM');
-  const escalation = setTimeout(() => {
-    if (!proc.killed) {
-      logger.warn(`process ${proc.pid} did not exit after SIGTERM, sending SIGKILL`);
-      proc.kill('SIGKILL');
-    }
-  }, SIGKILL_GRACE_MS);
-  escalation.unref();
-  proc.on('exit', () => clearTimeout(escalation));
-}
-
-/** Env vars that prevent nested Claude Code sessions. */
-const STRIPPED_ENV_VARS = ['CLAUDECODE', 'CLAUDE_CODE_ENTRYPOINT'];
-
-/** Strips env vars whose names suggest they hold credentials. */
-const SENSITIVE_NAME_RE = /KEY|SECRET|TOKEN|PASSWORD/i;
-
-function cleanEnv(): Record<string, string> {
-  const env: Record<string, string> = {};
-  for (const [key, value] of Object.entries(process.env)) {
-    if (value == null) continue;
-    if (STRIPPED_ENV_VARS.includes(key)) continue;
-    if (SENSITIVE_NAME_RE.test(key)) continue;
-    env[key] = value;
-  }
-  return env;
-}
-
-interface SpawnResult {
-  events: AsyncIterable<StreamEvent>;
-  kill: () => void;
-}
-
-/**
- * Spawns a provider CLI with streaming output.
- * Returns an async iterable of parsed stream events and a kill handle.
- */
-export function spawnProvider(
-  provider: ProviderName,
-  options: SpawnOptions,
-  signal: AbortSignal,
-): SpawnResult {
-  const mod = PROVIDERS[provider];
-  const cmd = mod.buildCommand(options);
-  const timeoutMs = options.agent.processTimeoutMs ?? 300_000;
-
-  logger.debug(`spawning: ${cmd.binary} ${cmd.args.join(' ')} (timeout: ${timeoutMs}ms)`);
-
-  const baseEnv = cleanEnv();
-  if (cmd.env) {
-    for (const [k, v] of Object.entries(cmd.env)) {
-      if (v === '') delete baseEnv[k];
-      else baseEnv[k] = v;
-    }
-  }
-  const proc = spawn(cmd.binary, cmd.args, {
-    cwd: cmd.cwd ?? process.cwd(),
-    stdio: ['ignore', 'pipe', 'pipe'],
-    env: baseEnv,
-  });
-
-  let stderrBuf = '';
-  proc.stderr!.on('data', (chunk: Buffer) => {
-    stderrBuf += chunk.toString('utf-8');
-  });
-
-  const timeout = setTimeout(() => {
-    logger.warn(`${cmd.binary} timed out after ${timeoutMs}ms, killing`);
-    gracefulKill(proc);
-  }, timeoutMs);
-
-  const onAbort = () => gracefulKill(proc);
-  signal.addEventListener('abort', onAbort, { once: true });
-
-  async function* iterate(): AsyncIterable<StreamEvent> {
-    let buffer = '';
-
-    try {
-      yield* parseStdout(proc, mod, buffer, (b) => {
-        buffer = b;
-      });
-
-      if (buffer.trim()) {
-        yield* mod.parseStreamLine(buffer);
-      }
-    } finally {
-      clearTimeout(timeout);
-      signal.removeEventListener('abort', onAbort);
-      if (stderrBuf.trim()) {
-        logger.debug(`${cmd.binary} stderr: ${stderrBuf.trim()}`);
-      }
-    }
-  }
-
-  return {
-    events: iterate(),
-    kill: () => gracefulKill(proc),
-  };
-}
-
-async function* parseStdout(
-  proc: ChildProcess,
-  mod: ProviderModule,
-  buffer: string,
-  setBuffer: (b: string) => void,
-): AsyncIterable<StreamEvent> {
-  const pending: Buffer[] = [];
-  let done = false;
-  let error: string | null = null;
-  let resolve: (() => void) | null = null;
-
-  proc.stdout!.on('data', (chunk: Buffer) => {
-    pending.push(chunk);
-    resolve?.();
-  });
-
-  proc.on('error', (err: Error) => {
-    error = err.message;
-    done = true;
-    resolve?.();
-  });
-
-  proc.on('close', () => {
-    done = true;
-    resolve?.();
-  });
-
-  while (true) {
-    while (pending.length === 0 && !done) {
-      await new Promise<void>((r) => {
-        resolve = r;
-      });
-    }
-
-    if (pending.length === 0 && done) break;
-
-    while (pending.length > 0) {
-      const data = pending.shift()!.toString('utf-8');
-      logger.debug(`stdout chunk (${data.length} chars)`);
-      const [lines, remaining] = splitLines(buffer, data);
-      buffer = remaining;
-      setBuffer(buffer);
-
-      for (const line of lines) {
-        yield* mod.parseStreamLine(line);
-      }
-    }
-  }
-
-  if (error) {
-    yield { type: 'error', error };
-  }
-}

package/src/provider/stream.ts

@@ -1,67 +0,0 @@
-/** @fileoverview Shared stream event types and line-splitting utility. */
-
-interface StreamEventInit {
-  type: 'init';
-  sessionId: string;
-  model: string;
-}
-
-interface StreamEventTextDelta {
-  type: 'text_delta';
-  delta: string;
-}
-
-export interface ToolImage {
-  mediaType: string;
-  data: string;
-}
-
-interface StreamEventToolImages {
-  type: 'tool_images';
-  images: ToolImage[];
-}
-
-export interface StreamEventCompletion {
-  type: 'completion';
-  subtype: string;
-  result: string;
-  sessionId: string;
-  isError: boolean;
-  tokensIn: number;
-  tokensOut: number;
-  cacheCreationTokens: number;
-  cacheReadTokens: number;
-  costUsd: number;
-  durationMs: number;
-  numTurns: number;
-}
-
-interface StreamEventRateLimit {
-  type: 'rate_limit';
-  resetsAt: number;
-  status: string;
-}
-
-interface StreamEventError {
-  type: 'error';
-  error: string;
-}
-
-export type StreamEvent =
-  | StreamEventInit
-  | StreamEventTextDelta
-  | StreamEventToolImages
-  | StreamEventCompletion
-  | StreamEventRateLimit
-  | StreamEventError;
-
-/**
- * Splits a raw data chunk into lines, handling partial lines across chunks.
- * Returns [completeLines, remainingPartial].
- */
-export function splitLines(buffer: string, chunk: string): [string[], string] {
-  const combined = buffer + chunk;
-  const lines = combined.split('\n');
-  const partial = lines.pop() ?? '';
-  return [lines, partial];
-}

package/src/provider/types.ts

@@ -1,24 +0,0 @@
-/** @fileoverview Provider abstraction types for CLI-agnostic subprocess spawning. */
-
-import type { StreamEvent } from './stream.ts';
-
-export type ProviderName = 'claude' | 'opencode';
-
-export interface ProviderCommand {
-  binary: string;
-  args: string[];
-  cwd?: string;
-  env?: Record<string, string>;
-}
-
-export interface SpawnOptions {
-  message: string;
-  sessionId?: string;
-  agent: import('../core/types.ts').AgentConfig;
-  mcpConfigPath?: string;
-}
-
-export interface ProviderModule {
-  buildCommand: (options: SpawnOptions) => ProviderCommand;
-  parseStreamLine: (line: string) => StreamEvent[];
-}

package/src/server/auth.ts

@@ -1,135 +0,0 @@
-/** @fileoverview Password hashing, token signing, and verification using node:crypto. */
-
-import { scrypt, randomBytes, timingSafeEqual, createHmac } from 'node:crypto';
-import { getUserById, getSetting, setSetting } from '../db/auth.ts';
-
-const SCRYPT_N = 16384;
-const SCRYPT_R = 8;
-const SCRYPT_P = 1;
-const SCRYPT_KEYLEN = 64;
-const SALT_BYTES = 16;
-
-const TOKEN_EXPIRY_MS = 7 * 24 * 60 * 60 * 1000;
-
-export function hashPassword(password: string): Promise<string> {
-  return new Promise((resolve, reject) => {
-    const salt = randomBytes(SALT_BYTES);
-    scrypt(password, salt, SCRYPT_KEYLEN, { N: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P }, (err, key) => {
-      if (err) {
-        reject(err);
-        return;
-      }
-      resolve(
-        `scrypt$${SCRYPT_N}$${SCRYPT_R}$${SCRYPT_P}$${salt.toString('hex')}$${key.toString('hex')}`,
-      );
-    });
-  });
-}
-
-export function verifyPassword(password: string, stored: string): Promise<boolean> {
-  return new Promise((resolve, reject) => {
-    const parts = stored.split('$');
-    if (parts.length !== 6 || parts[0] !== 'scrypt') {
-      resolve(false);
-      return;
-    }
-    const n = Number(parts[1]);
-    const r = Number(parts[2]);
-    const p = Number(parts[3]);
-    const salt = Buffer.from(parts[4]!, 'hex');
-    const expected = Buffer.from(parts[5]!, 'hex');
-
-    scrypt(password, salt, expected.length, { N: n, r, p }, (err, key) => {
-      if (err) {
-        reject(err);
-        return;
-      }
-      resolve(timingSafeEqual(key, expected));
-    });
-  });
-}
-
-export function generateTokenKey(): string {
-  return randomBytes(32).toString('hex');
-}
-
-export function getOrCreateSecret(): string {
-  const existing = getSetting('auth_secret');
-  if (existing) return existing;
-  const secret = randomBytes(32).toString('hex');
-  setSetting('auth_secret', secret);
-  return secret;
-}
-
-function base64UrlEncode(data: string): string {
-  return Buffer.from(data).toString('base64url');
-}
-
-function base64UrlDecode(encoded: string): string {
-  return Buffer.from(encoded, 'base64url').toString();
-}
-
-function hmacSign(data: string, key: string): string {
-  return createHmac('sha256', key).update(data).digest('base64url');
-}
-
-export interface TokenPayload {
-  sub: number;
-  exp: number;
-  iat: number;
-  jti: string;
-}
-
-export function signToken(userId: number, tokenKey: string, secret: string): string {
-  const now = Date.now();
-  const header = base64UrlEncode(JSON.stringify({ alg: 'HS256', typ: 'JWT' }));
-  const payload = base64UrlEncode(
-    JSON.stringify({
-      sub: userId,
-      exp: now + TOKEN_EXPIRY_MS,
-      iat: now,
-      jti: randomBytes(16).toString('hex'),
-    }),
-  );
-  const signingKey = tokenKey + secret;
-  const signature = hmacSign(`${header}.${payload}`, signingKey);
-  return `${header}.${payload}.${signature}`;
-}
-
-/**
- * Verifies a raw token string: structure, signature, expiry, and that the
- * user still exists in the DB. Returns true if valid, false otherwise.
- */
-export function verifyToken(token: string): boolean {
-  const parts = token.split('.');
-  if (parts.length !== 3) return false;
-
-  let sub: number;
-  try {
-    const decoded = JSON.parse(base64UrlDecode(parts[1]!)) as { sub?: number };
-    if (typeof decoded.sub !== 'number') return false;
-    sub = decoded.sub;
-  } catch {
-    return false;
-  }
-
-  const user = getUserById(sub);
-  if (!user) return false;
-
-  const secret = getOrCreateSecret();
-  const [header, payload, signature] = parts as [string, string, string];
-  const signingKey = user.token_key + secret;
-  const expected = hmacSign(`${header}.${payload}`, signingKey);
-
-  const sigBuf = Buffer.from(signature, 'base64url');
-  const expBuf = Buffer.from(expected, 'base64url');
-  if (sigBuf.length !== expBuf.length || !timingSafeEqual(sigBuf, expBuf)) return false;
-
-  try {
-    const decoded = JSON.parse(base64UrlDecode(payload)) as TokenPayload;
-    if (typeof decoded.exp !== 'number' || decoded.exp < Date.now()) return false;
-    return true;
-  } catch {
-    return false;
-  }
-}

package/src/server/health.ts

@@ -1,87 +0,0 @@
-/** @fileoverview Cached service health checks for agent CLI and browser connectivity. */
-
-import { connect } from 'node:net';
-import type { Config } from '../core/types.ts';
-import { logger } from '../core/logger.ts';
-import { checkDoctor } from '../cli/doctor.ts';
-
-export interface ServiceHealth {
-  agent: { available: boolean };
-  browser: { connected: boolean };
-}
-
-const AGENT_CHECK_INTERVAL_MS = 60_000;
-const BROWSER_CHECK_INTERVAL_MS = 5_000;
-const BROWSER_PROBE_TIMEOUT_MS = 2_000;
-
-let agentAvailable = false;
-let agentCheckedAt = 0;
-
-let browserConnected = false;
-let browserCheckPending = false;
-
-function refreshAgent(config: Config): void {
-  const now = Date.now();
-  if (now - agentCheckedAt < AGENT_CHECK_INTERVAL_MS) return;
-
-  const result = checkDoctor();
-  const usedProviders = new Set(config.agents.map((a) => a.provider));
-  agentAvailable = [...usedProviders].some((p) => result[p]?.available === true);
-  agentCheckedAt = now;
-}
-
-export function probeBrowser(host: string, port: number): Promise<boolean> {
-  return new Promise((resolve) => {
-    const socket = connect(port, host, () => {
-      socket.destroy();
-      resolve(true);
-    });
-    socket.setTimeout(BROWSER_PROBE_TIMEOUT_MS);
-    socket.on('timeout', () => {
-      socket.destroy();
-      resolve(false);
-    });
-    socket.on('error', () => {
-      socket.destroy();
-      resolve(false);
-    });
-  });
-}
-
-function refreshBrowser(config: Config): void {
-  if (!config.browser.enabled || browserCheckPending) return;
-  browserCheckPending = true;
-  probeBrowser(config.browser.novncHost, config.browser.novncPort)
-    .then((ok) => {
-      browserConnected = ok;
-    })
-    .catch(() => {
-      browserConnected = false;
-    })
-    .finally(() => {
-      browserCheckPending = false;
-    });
-}
-
-export function getServiceHealth(config: Config): ServiceHealth {
-  refreshAgent(config);
-  return {
-    agent: { available: agentAvailable },
-    browser: { connected: config.browser.enabled ? browserConnected : false },
-  };
-}
-
-export function startHealthChecks(config: Config, signal: AbortSignal): void {
-  refreshAgent(config);
-  refreshBrowser(config);
-
-  const timer = setInterval(() => {
-    refreshBrowser(config);
-  }, BROWSER_CHECK_INTERVAL_MS);
-
-  signal.addEventListener('abort', () => {
-    clearInterval(timer);
-  });
-
-  logger.debug('health checks started');
-}

package/src/server/http.ts

@@ -1,132 +0,0 @@
-/** @fileoverview HTTP utilities: response helpers, auth, body parsing, and shared types. */
-
-import type { IncomingMessage, ServerResponse } from 'node:http';
-import { getUserCount } from '../db/auth.ts';
-import { verifyToken } from './auth.ts';
-
-export const MIME_TYPES: Record<string, string> = {
-  '.html': 'text/html; charset=utf-8',
-  '.css': 'text/css; charset=utf-8',
-  '.js': 'application/javascript; charset=utf-8',
-  '.json': 'application/json; charset=utf-8',
-  '.svg': 'image/svg+xml',
-  '.png': 'image/png',
-  '.ico': 'image/x-icon',
-  '.woff2': 'font/woff2',
-};
-
-export interface RouteParams {
-  [key: string]: string;
-}
-
-export interface Route {
-  method: string;
-  pattern: RegExp;
-  handler: (req: IncomingMessage, res: ServerResponse, params: RouteParams) => void | Promise<void>;
-  skipAuth?: boolean;
-}
-
-export interface WebServerHandle {
-  start(): Promise<void>;
-  stop(): Promise<void>;
-}
-
-export interface WebServerDeps {
-  slackConnected: () => boolean;
-  activeProcessCount: () => number;
-  serviceHealth: () => { agent: { available: boolean }; browser: { connected: boolean } };
-}
-
-export function pathToRegex(path: string): RegExp {
-  const pattern = path.replace(/:(\w+)/g, '(?<$1>[^/]+)');
-  return new RegExp(`^${pattern}$`);
-}
-
-export function json(res: ServerResponse, data: unknown, status = 200): void {
-  const body = JSON.stringify(data);
-  res.writeHead(status, {
-    'Content-Type': 'application/json; charset=utf-8',
-    'Content-Length': Buffer.byteLength(body),
-  });
-  res.end(body);
-}
-
-export function jsonError(res: ServerResponse, message: string, status: number): void {
-  json(res, { error: message }, status);
-}
-
-export function parsePagination(url: URL): { page: number; perPage: number } {
-  const page = Math.max(Number(url.searchParams.get('page')) || 1, 1);
-  const perPage = Math.max(Number(url.searchParams.get('perPage')) || 20, 1);
-  return { page, perPage };
-}
-
-export function parseSystemFlag(url: URL): boolean {
-  return url.searchParams.get('system') === 'true';
-}
-
-export function parseSortParam(url: URL): string | undefined {
-  return url.searchParams.get('sort') ?? undefined;
-}
-
-export function parseSearchParam(url: URL): string | undefined {
-  return url.searchParams.get('search') ?? undefined;
-}
-
-const MAX_BODY_BYTES = 1024 * 1024;
-
-export async function readJsonBody<T>(req: IncomingMessage): Promise<T> {
-  return new Promise((resolve, reject) => {
-    const chunks: Buffer[] = [];
-    let totalBytes = 0;
-    req.on('data', (chunk: Buffer) => {
-      totalBytes += chunk.length;
-      if (totalBytes > MAX_BODY_BYTES) {
-        req.destroy();
-        reject(new Error('Request body too large'));
-        return;
-      }
-      chunks.push(chunk);
-    });
-    req.on('end', () => {
-      try {
-        resolve(JSON.parse(Buffer.concat(chunks).toString()) as T);
-      } catch {
-        reject(new Error('Invalid JSON body'));
-      }
-    });
-    req.on('error', reject);
-  });
-}
-
-function extractToken(req: IncomingMessage, allowQueryToken: boolean): string | null {
-  const authHeader = req.headers['authorization'] ?? '';
-  if (authHeader.startsWith('Bearer ')) return authHeader.slice(7);
-
-  if (allowQueryToken) {
-    const url = new URL(req.url ?? '/', `http://${req.headers.host}`);
-    return url.searchParams.get('token');
-  }
-
-  return null;
-}
-
-/**
- * Verifies the request is authenticated. In setup mode (no users in DB),
- * all requests are allowed. Otherwise, a valid signed token is required.
- */
-export function checkAuth(
-  req: IncomingMessage,
-  res: ServerResponse,
-  allowQueryToken = false,
-): boolean {
-  if (getUserCount() === 0) return true;
-
-  const token = extractToken(req, allowQueryToken);
-  if (!token || !verifyToken(token)) {
-    jsonError(res, 'Unauthorized', 401);
-    return false;
-  }
-
-  return true;
-}

package/src/server/index.ts

@@ -1,6 +0,0 @@
-/** @fileoverview Server barrel: public API for the server module. */
-
-export { broadcastSSE } from './sse.ts';
-export { createWebServer } from './lifecycle.ts';
-export type { WebServerHandle, WebServerDeps } from './http.ts';
-export type { RouteOptions } from './routes.ts';