@posthog/wizard 1.21.0 → 1.22.0

package/dist/src/lib/agent-interface.js

@@ -1,7 +1,7 @@
 "use strict";
 /**
  * Shared agent interface for PostHog wizards
- * Provides common agent initialization and event handling
+ * Uses Claude Agent SDK directly with PostHog LLM gateway
  */
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
@@ -11,33 +11,28 @@ exports.AgentErrorType = exports.AgentSignals = void 0;
 exports.wizardCanUseTool = wizardCanUseTool;
 exports.initializeAgent = initializeAgent;
 exports.runAgent = runAgent;
+const path_1 = __importDefault(require("path"));
 const clack_1 = __importDefault(require("../utils/clack"));
 const debug_1 = require("../utils/debug");
 const analytics_1 = require("../utils/analytics");
 const constants_1 = require("./constants");
-let _agentModule = null;
-async function getAgentModule() {
-    if (!_agentModule) {
-        _agentModule = await import('@posthog/agent');
+// Dynamic import cache for ESM module
+let _sdkModule = null;
+async function getSDKModule() {
+    if (!_sdkModule) {
+        _sdkModule = await import('@anthropic-ai/claude-agent-sdk');
     }
-    return _agentModule;
+    return _sdkModule;
 }
-// TODO: Remove these if/when posthog/agent exports an enum for events
-const EventType = {
-    RAW_SDK_EVENT: 'raw_sdk_event',
-    TOKEN: 'token',
-    TOOL_CALL: 'tool_call',
-    TOOL_RESULT: 'tool_result',
-    ERROR: 'error',
-    DONE: 'done',
-};
 /**
- * Content types for agent messages and blocks
+ * Get the path to the bundled Claude Code CLI from the SDK package.
+ * This ensures we use the SDK's bundled version rather than the user's installed Claude Code.
  */
-const ContentType = {
-    TEXT: 'text',
-    ASSISTANT: 'assistant',
-};
+function getClaudeCodeExecutablePath() {
+    // require.resolve finds the package's main entry, then we get cli.js from same dir
+    const sdkPackagePath = require.resolve('@anthropic-ai/claude-agent-sdk');
+    return path_1.default.join(path_1.default.dirname(sdkPackagePath), 'cli.js');
+}
 exports.AgentSignals = {
     /** Signal emitted when the agent reports progress to the user */
     STATUS: '[STATUS]',
@@ -58,226 +53,361 @@ var AgentErrorType;
     AgentErrorType["RESOURCE_MISSING"] = "WIZARD_RESOURCE_MISSING";
 })(AgentErrorType || (exports.AgentErrorType = AgentErrorType = {}));
 /**
- * Allowed bash command prefixes for the wizard agent.
- * These are package manager commands needed for PostHog installation.
+ * Package managers that can be used to run commands.
+ */
+const PACKAGE_MANAGERS = ['npm', 'pnpm', 'yarn', 'bun', 'npx'];
+/**
+ * Safe scripts/commands that can be run with any package manager.
+ * Uses startsWith matching, so 'build' matches 'build', 'build:prod', etc.
  */
-const ALLOWED_BASH_PREFIXES = [
+const SAFE_SCRIPTS = [
     // Package installation
-    'npm install',
-    'npm ci',
-    'pnpm install',
-    'pnpm add',
-    'bun install',
-    'bun add',
-    'yarn add',
-    'yarn install',
+    'install',
+    'add',
+    'ci',
+    // Build
+    'build',
+    // Type checking (various naming conventions)
+    'tsc',
+    'typecheck',
+    'type-check',
+    'check-types',
+    'types',
+    // Linting
+    'lint',
+    'eslint',
+    'next lint',
+    // Formatting
+    'format',
+    'prettier',
 ];
 /**
- * Permission hook that allows only safe package manager commands.
- * This prevents the agent from running arbitrary shell commands.
+ * Dangerous shell operators that could allow command injection.
+ * Note: We handle `2>&1` and `| tail/head` separately as safe patterns.
+ */
+const DANGEROUS_OPERATORS = /[;`$()]/;
+/**
+ * Check if command is an allowed package manager command.
+ * Matches: <pkg-manager> [run|exec] <safe-script> [args...]
+ */
+function matchesAllowedPrefix(command) {
+    const parts = command.split(/\s+/);
+    if (parts.length === 0 || !PACKAGE_MANAGERS.includes(parts[0])) {
+        return false;
+    }
+    // Skip 'run' or 'exec' if present
+    let scriptIndex = 1;
+    if (parts[scriptIndex] === 'run' || parts[scriptIndex] === 'exec') {
+        scriptIndex++;
+    }
+    // Get the script/command portion (may include args)
+    const scriptPart = parts.slice(scriptIndex).join(' ');
+    // Check if script starts with any safe script name
+    return SAFE_SCRIPTS.some((safe) => scriptPart.startsWith(safe));
+}
+/**
+ * Permission hook that allows only safe commands.
+ * - Package manager install commands
+ * - Build/typecheck/lint commands for verification
+ * - Piping to tail/head for output limiting is allowed
+ * - Stderr redirection (2>&1) is allowed
  */
 function wizardCanUseTool(toolName, input) {
     // Allow all non-Bash tools
     if (toolName !== 'Bash') {
-        return { behavior: 'allow' };
+        return { behavior: 'allow', updatedInput: input };
     }
-    const command = (input.command ?? '').trim();
-    // Block commands with shell operators (chaining, subshells, etc.)
-    if (/[;&|`$()]/.test(command)) {
-        (0, debug_1.debug)(`Denying bash command with shell operators: ${command}`);
+    const command = (typeof input.command === 'string' ? input.command : '').trim();
+    // Block definitely dangerous operators: ; ` $ ( )
+    if (DANGEROUS_OPERATORS.test(command)) {
+        (0, debug_1.logToFile)(`Denying bash command with dangerous operators: ${command}`);
+        (0, debug_1.debug)(`Denying bash command with dangerous operators: ${command}`);
+        analytics_1.analytics.capture(constants_1.WIZARD_INTERACTION_EVENT_NAME, {
+            action: 'bash command denied',
+            reason: 'dangerous operators',
+            command,
+        });
         return {
             behavior: 'deny',
-            message: `Bash command not allowed. Chained commands are not permitted.`,
+            message: `Bash command not allowed. Shell operators like ; \` $ ( ) are not permitted.`,
+        };
+    }
+    // Normalize: remove safe stderr redirection (2>&1, 2>&2, etc.)
+    const normalized = command.replace(/\s*\d*>&\d+\s*/g, ' ').trim();
+    // Check for pipe to tail/head (safe output limiting)
+    const pipeMatch = normalized.match(/^(.+?)\s*\|\s*(tail|head)(\s+\S+)*\s*$/);
+    if (pipeMatch) {
+        const baseCommand = pipeMatch[1].trim();
+        // Block if base command has pipes or & (multiple chaining)
+        if (/[|&]/.test(baseCommand)) {
+            (0, debug_1.logToFile)(`Denying bash command with multiple pipes: ${command}`);
+            (0, debug_1.debug)(`Denying bash command with multiple pipes: ${command}`);
+            analytics_1.analytics.capture(constants_1.WIZARD_INTERACTION_EVENT_NAME, {
+                action: 'bash command denied',
+                reason: 'multiple pipes',
+                command,
+            });
+            return {
+                behavior: 'deny',
+                message: `Bash command not allowed. Only single pipe to tail/head is permitted.`,
+            };
+        }
+        if (matchesAllowedPrefix(baseCommand)) {
+            (0, debug_1.logToFile)(`Allowing bash command with output limiter: ${command}`);
+            (0, debug_1.debug)(`Allowing bash command with output limiter: ${command}`);
+            return { behavior: 'allow', updatedInput: input };
+        }
+    }
+    // Block remaining pipes and & (not covered by tail/head case above)
+    if (/[|&]/.test(normalized)) {
+        (0, debug_1.logToFile)(`Denying bash command with pipe/&: ${command}`);
+        (0, debug_1.debug)(`Denying bash command with pipe/&: ${command}`);
+        analytics_1.analytics.capture(constants_1.WIZARD_INTERACTION_EVENT_NAME, {
+            action: 'bash command denied',
+            reason: 'disallowed pipe',
+            command,
+        });
+        return {
+            behavior: 'deny',
+            message: `Bash command not allowed. Pipes are only permitted with tail/head for output limiting.`,
         };
     }
     // Check if command starts with any allowed prefix
-    const isAllowed = ALLOWED_BASH_PREFIXES.some((prefix) => command.startsWith(prefix));
-    if (isAllowed) {
+    if (matchesAllowedPrefix(normalized)) {
+        (0, debug_1.logToFile)(`Allowing bash command: ${command}`);
         (0, debug_1.debug)(`Allowing bash command: ${command}`);
-        return { behavior: 'allow' };
+        return { behavior: 'allow', updatedInput: input };
     }
+    (0, debug_1.logToFile)(`Denying bash command: ${command}`);
     (0, debug_1.debug)(`Denying bash command: ${command}`);
+    analytics_1.analytics.capture(constants_1.WIZARD_INTERACTION_EVENT_NAME, {
+        action: 'bash command denied',
+        reason: 'not in allowlist',
+        command,
+    });
     return {
         behavior: 'deny',
-        message: `Bash command not allowed. Only package manager commands (npm/pnpm/bun/yarn install) are permitted.`,
+        message: `Bash command not allowed. Only install, build, typecheck, and lint commands are permitted.`,
     };
 }
 /**
- * Initialize a PostHog Agent instance with the provided configuration
+ * Initialize agent configuration for the LLM gateway
  */
-async function initializeAgent(config, options, spinner) {
-    clack_1.default.log.step('Initializing PostHog agent...');
+function initializeAgent(config, options) {
+    // Initialize log file for this run
+    (0, debug_1.initLogFile)();
+    (0, debug_1.logToFile)('Agent initialization starting');
+    (0, debug_1.logToFile)('Install directory:', options.installDir);
+    clack_1.default.log.step('Initializing Claude agent...');
     try {
-        const { Agent } = await getAgentModule();
-        const agentConfig = {
-            workingDirectory: config.workingDirectory,
-            posthogMcpUrl: config.posthogMcpUrl,
-            posthogApiKey: config.posthogApiKey,
-            onEvent: (event) => {
-                handleAgentEvent(event, options, spinner);
+        // Configure LLM gateway environment variables (inherited by SDK subprocess)
+        const gatewayUrl = `${config.posthogApiHost}/api/projects/${config.posthogProjectId}/llm_gateway`;
+        process.env.ANTHROPIC_BASE_URL = gatewayUrl;
+        process.env.ANTHROPIC_AUTH_TOKEN = config.posthogApiKey;
+        // Disable experimental betas (like input_examples) that the LLM gateway doesn't support
+        process.env.CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS = 'true';
+        (0, debug_1.logToFile)('Configured LLM gateway:', gatewayUrl);
+        // Configure MCP server with PostHog authentication
+        const mcpServers = {
+            posthog: {
+                type: 'http',
+                url: config.posthogMcpUrl,
+                headers: {
+                    Authorization: `Bearer ${config.posthogApiKey}`,
+                },
             },
-            debug: config.debug ?? false,
         };
+        const agentRunConfig = {
+            workingDirectory: config.workingDirectory,
+            mcpServers,
+            model: 'claude-opus-4-5-20251101',
+        };
+        (0, debug_1.logToFile)('Agent config:', {
+            workingDirectory: agentRunConfig.workingDirectory,
+            posthogMcpUrl: config.posthogMcpUrl,
+            gatewayUrl,
+            apiKeyPresent: !!config.posthogApiKey,
+        });
         if (options.debug) {
             (0, debug_1.debug)('Agent config:', {
-                workingDirectory: agentConfig.workingDirectory,
-                posthogMcpUrl: agentConfig.posthogMcpUrl,
-                posthogApiKeyPresent: !!agentConfig.posthogApiKey,
+                workingDirectory: agentRunConfig.workingDirectory,
+                posthogMcpUrl: config.posthogMcpUrl,
+                gatewayUrl,
+                apiKeyPresent: !!config.posthogApiKey,
             });
         }
-        const agent = new Agent(agentConfig);
+        clack_1.default.log.step(`Verbose logs: ${debug_1.LOG_FILE_PATH}`);
         clack_1.default.log.success("Agent initialized. Let's get cooking!");
-        return agent;
+        return agentRunConfig;
     }
     catch (error) {
         clack_1.default.log.error(`Failed to initialize agent: ${error.message}`);
+        (0, debug_1.logToFile)('Agent initialization error:', error);
         (0, debug_1.debug)('Agent initialization error:', error);
         throw error;
     }
 }
-/**
- * Handle agent events and provide user feedback
- * This function processes events from the agent SDK and provides appropriate
- * user feedback through the CLI spinner and logging
- */
-function handleAgentEvent(event, options, spinner) {
-    if (options.debug) {
-        (0, debug_1.debug)(`Event type: ${event.type}`, JSON.stringify(event, null, 2));
-    }
-    // Only show [STATUS] events to the user - everything else goes to debug log
-    switch (event.type) {
-        case EventType.RAW_SDK_EVENT:
-            if (event.sdkMessage?.type === ContentType.ASSISTANT) {
-                const message = event.sdkMessage.message;
-                if (message?.content && Array.isArray(message.content)) {
-                    const textContent = message.content
-                        .filter((block) => block.type === ContentType.TEXT)
-                        .map((block) => block.text)
-                        .join('\n');
-                    // Check if the text contains a [STATUS] marker
-                    const statusRegex = new RegExp(`^.*${exports.AgentSignals.STATUS.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\s*(.+?)$`, 'm');
-                    const statusMatch = textContent.match(statusRegex);
-                    if (statusMatch) {
-                        // Stop spinner, log the status step, restart spinner
-                        // This creates the progress list as the agent proceeds
-                        spinner.stop(statusMatch[1].trim());
-                        spinner.start('Integrating PostHog...');
-                    }
-                }
-            }
-            break;
-        case EventType.TOKEN:
-            if (options.debug) {
-                (0, debug_1.debug)(event.content);
-            }
-            break;
-        case EventType.TOOL_CALL:
-            if (options.debug) {
-                (0, debug_1.debug)(`Tool: ${event.toolName}`);
-                (0, debug_1.debug)('  Args:', JSON.stringify(event.args, null, 2));
-            }
-            break;
-        case EventType.TOOL_RESULT:
-            if (options.debug) {
-                (0, debug_1.debug)(`✅ ${event.toolName} completed`);
-                const resultStr = typeof event.result === 'string'
-                    ? event.result
-                    : JSON.stringify(event.result, null, 2);
-                const truncated = resultStr.length > 500
-                    ? `${resultStr.substring(0, 500)}...`
-                    : resultStr;
-                (0, debug_1.debug)('  Result:', truncated);
-            }
-            break;
-        case EventType.ERROR:
-            // Always show errors to user
-            clack_1.default.log.error(`Error: ${event.message}`);
-            if (options.debug && event.error) {
-                (0, debug_1.debug)('Error details:', event.error);
-            }
-            if (event.error instanceof Error) {
-                analytics_1.analytics.captureException(event.error, {
-                    event_type: event.type,
-                    message: event.message,
-                });
-            }
-            break;
-        case EventType.DONE:
-            if (event.durationMs) {
-                if (options.debug) {
-                    (0, debug_1.debug)(`Completed in ${Math.round(event.durationMs / 1000)}s`);
-                }
-                analytics_1.analytics.capture(constants_1.WIZARD_INTERACTION_EVENT_NAME, {
-                    action: 'agent integration completed',
-                    duration_ms: event.durationMs,
-                    duration_seconds: Math.round(event.durationMs / 1000),
-                });
-            }
-            break;
-    }
-}
 /**
  * Execute an agent with the provided prompt and options
  * Handles the full lifecycle: spinner, execution, error handling
  *
  * @returns An object containing any error detected in the agent's output
  */
-async function runAgent(agent, prompt, options, spinner, config) {
+async function runAgent(agentConfig, prompt, options, spinner, config) {
     const { estimatedDurationMinutes = 8, spinnerMessage = 'Customizing your PostHog setup...', successMessage = 'PostHog integration complete', errorMessage = 'Integration failed', } = config ?? {};
-    const { PermissionMode } = await getAgentModule();
+    const { query } = await getSDKModule();
     clack_1.default.log.step(`This whole process should take about ${estimatedDurationMinutes} minutes including error checking and fixes.\n\nGrab some coffee!`);
     spinner.start(spinnerMessage);
+    const cliPath = getClaudeCodeExecutablePath();
+    (0, debug_1.logToFile)('Starting agent run');
+    (0, debug_1.logToFile)('Claude Code executable:', cliPath);
+    (0, debug_1.logToFile)('Prompt:', prompt);
+    const startTime = Date.now();
+    const collectedText = [];
     try {
-        const result = await agent.run(prompt, {
-            repositoryPath: options.installDir,
-            permissionMode: PermissionMode.ACCEPT_EDITS,
-            queryOverrides: {
-                model: 'claude-opus-4-5-20251101',
-                canUseTool: wizardCanUseTool,
+        // Workaround for SDK bug: stdin closes before canUseTool responses can be sent.
+        // The fix is to use an async generator for the prompt that stays open until
+        // the result is received, keeping the stdin stream alive for permission responses.
+        // See: https://github.com/anthropics/claude-code/issues/4775
+        // See: https://github.com/anthropics/claude-agent-sdk-typescript/issues/41
+        let signalDone;
+        const resultReceived = new Promise((resolve) => {
+            signalDone = resolve;
+        });
+        const createPromptStream = async function* () {
+            yield {
+                type: 'user',
+                session_id: '',
+                message: { role: 'user', content: prompt },
+                parent_tool_use_id: null,
+            };
+            await resultReceived;
+        };
+        const response = query({
+            prompt: createPromptStream(),
+            options: {
+                model: agentConfig.model,
+                cwd: agentConfig.workingDirectory,
+                permissionMode: 'acceptEdits',
+                mcpServers: agentConfig.mcpServers,
+                env: { ...process.env },
+                canUseTool: (toolName, input) => {
+                    (0, debug_1.logToFile)('canUseTool called:', { toolName, input });
+                    const result = wizardCanUseTool(toolName, input);
+                    (0, debug_1.logToFile)('canUseTool result:', result);
+                    return Promise.resolve(result);
+                },
+                tools: { type: 'preset', preset: 'claude_code' },
+                // Capture stderr from CLI subprocess for debugging
+                stderr: (data) => {
+                    (0, debug_1.logToFile)('CLI stderr:', data);
+                    if (options.debug) {
+                        (0, debug_1.debug)('CLI stderr:', data);
+                    }
+                },
             },
         });
+        // Process the async generator
+        for await (const message of response) {
+            handleSDKMessage(message, options, spinner, collectedText);
+            // Signal completion when result received
+            if (message.type === 'result') {
+                signalDone();
+            }
+        }
+        const durationMs = Date.now() - startTime;
+        const outputText = collectedText.join('\n');
         // Check for error markers in the agent's output
-        const outputText = extractTextFromResults(result.results);
         if (outputText.includes(exports.AgentSignals.ERROR_MCP_MISSING)) {
+            (0, debug_1.logToFile)('Agent error: MCP_MISSING');
             spinner.stop('Agent could not access PostHog MCP');
             return { error: AgentErrorType.MCP_MISSING };
         }
         if (outputText.includes(exports.AgentSignals.ERROR_RESOURCE_MISSING)) {
+            (0, debug_1.logToFile)('Agent error: RESOURCE_MISSING');
             spinner.stop('Agent could not access setup resource');
             return { error: AgentErrorType.RESOURCE_MISSING };
         }
+        (0, debug_1.logToFile)(`Agent run completed in ${Math.round(durationMs / 1000)}s`);
+        analytics_1.analytics.capture(constants_1.WIZARD_INTERACTION_EVENT_NAME, {
+            action: 'agent integration completed',
+            duration_ms: durationMs,
+            duration_seconds: Math.round(durationMs / 1000),
+        });
         spinner.stop(successMessage);
         return {};
     }
     catch (error) {
         spinner.stop(errorMessage);
         clack_1.default.log.error(`Error: ${error.message}`);
+        (0, debug_1.logToFile)('Agent run failed:', error);
         (0, debug_1.debug)('Full error:', error);
         throw error;
     }
 }
 /**
- * Extract text content from agent execution results
+ * Handle SDK messages and provide user feedback
  */
-function extractTextFromResults(results) {
-    const textParts = [];
-    for (const result of results) {
-        // Handle assistant messages with content blocks
-        if (result?.type === ContentType.ASSISTANT && result.message?.content) {
-            const content = result.message.content;
+function handleSDKMessage(message, options, spinner, collectedText) {
+    (0, debug_1.logToFile)(`SDK Message: ${message.type}`, JSON.stringify(message, null, 2));
+    if (options.debug) {
+        (0, debug_1.debug)(`SDK Message type: ${message.type}`);
+    }
+    switch (message.type) {
+        case 'assistant': {
+            // Extract text content from assistant messages
+            const content = message.message?.content;
             if (Array.isArray(content)) {
                 for (const block of content) {
-                    if (block.type === ContentType.TEXT && block.text) {
-                        textParts.push(block.text);
+                    if (block.type === 'text' && typeof block.text === 'string') {
+                        collectedText.push(block.text);
+                        // Check for [STATUS] markers
+                        const statusRegex = new RegExp(`^.*${exports.AgentSignals.STATUS.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\s*(.+?)$`, 'm');
+                        const statusMatch = block.text.match(statusRegex);
+                        if (statusMatch) {
+                            spinner.stop(statusMatch[1].trim());
+                            spinner.start('Integrating PostHog...');
+                        }
                     }
                 }
             }
+            break;
         }
-        // Handle direct text content
-        if (typeof result === 'string') {
-            textParts.push(result);
+        case 'result': {
+            if (message.subtype === 'success') {
+                (0, debug_1.logToFile)('Agent completed successfully');
+                if (typeof message.result === 'string') {
+                    collectedText.push(message.result);
+                }
+            }
+            else {
+                // Error result
+                (0, debug_1.logToFile)('Agent error result:', message.subtype);
+                if (message.errors) {
+                    for (const err of message.errors) {
+                        clack_1.default.log.error(`Error: ${err}`);
+                        (0, debug_1.logToFile)('ERROR:', err);
+                    }
+                }
+            }
+            break;
         }
+        case 'system': {
+            if (message.subtype === 'init') {
+                (0, debug_1.logToFile)('Agent session initialized', {
+                    model: message.model,
+                    tools: message.tools?.length,
+                    mcpServers: message.mcp_servers,
+                });
+            }
+            break;
+        }
+        default:
+            // Log other message types for debugging
+            if (options.debug) {
+                (0, debug_1.debug)(`Unhandled message type: ${message.type}`);
+            }
+            break;
     }
-    return textParts.join('\n');
 }
 //# sourceMappingURL=agent-interface.js.map