@ps-neko/nekowork 0.1.0-alpha.0

package/scripts/core/auth-guard.js

@@ -0,0 +1,22 @@
+const BLOCKED_ENV = {
+  claude: ['ANTHROPIC_API_KEY'],
+  codex: ['OPENAI_API_KEY'],
+  gemini: ['GEMINI_API_KEY', 'GOOGLE_API_KEY'],
+};
+
+export function assertDelegatedCliAuth(provider, env = process.env) {
+  if (env.HARNESS_AUTH_ALLOW_ENV_OVERRIDE === '1') return;
+
+  const keys = BLOCKED_ENV[provider] || [];
+  const found = keys.filter((key) => env[key]);
+  if (!found.length) return;
+
+  throw new Error([
+    `구독/OAuth 보호: ${provider} CLI 호출 직전 API key 환경변수가 감지되었습니다.`,
+    `감지: ${found.join(', ')}`,
+    '로컬 CLI auth를 쓰려면 해당 환경변수를 unset 하세요.',
+    '종량제 사용을 의도했다면 HARNESS_AUTH_ALLOW_ENV_OVERRIDE=1 을 명시하세요.',
+  ].join('\n'));
+}
+
+export { BLOCKED_ENV };

package/scripts/core/build-roots.js

@@ -0,0 +1,11 @@
+import path from 'node:path';
+
+export function buildRoots(defaultRoot) {
+  const sourceRoot = path.resolve(process.env.HARNESS_SOURCE_ROOT || defaultRoot);
+  const targetRoot = path.resolve(
+    process.env.HARNESS_TARGET_ROOT
+    || process.env.HARNESS_PROJECT_ROOT
+    || sourceRoot,
+  );
+  return { sourceRoot, targetRoot };
+}

package/scripts/core/cli-resolver.js

@@ -0,0 +1,64 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+export function resolveCli(bin, env = process.env, options = {}) {
+  const platform = options.platform || process.platform;
+  const sep = platform === 'win32' ? ';' : ':';
+  const pathDirs = (env.PATH || '').split(sep).filter(Boolean);
+
+  const exts = platform === 'win32'
+    ? preferredWindowsExtensions(env)
+    : [''];
+
+  for (const dir of pathDirs) {
+    for (const ext of exts) {
+      const full = path.join(dir, bin + ext);
+      if (fs.existsSync(full)) return full;
+    }
+  }
+  return null;
+}
+
+export function resolveProviderCli(provider, options = {}) {
+  const bin = options.bin || provider;
+  const env = options.env || process.env;
+  const root = options.root || process.cwd();
+  const roots = options.roots || [root];
+  const resolved = resolveCli(bin, env, options);
+  if (!resolved) return null;
+  for (const trustRoot of roots) {
+    assertProviderCliTrust(provider, resolved, trustRoot, env);
+  }
+  return resolved;
+}
+
+export function assertProviderCliTrust(provider, binPath, root = process.cwd(), env = process.env) {
+  const providerKey = provider.toUpperCase().replace(/[^A-Z0-9]/g, '_');
+  const allowWorkspaceBin =
+    env.HARNESS_CLI_ALLOW_WORKSPACE_BIN === '1'
+    || env[`HARNESS_${providerKey}_ALLOW_WORKSPACE_BIN`] === '1';
+
+  if (!allowWorkspaceBin && isPathInside(root, binPath)) {
+    throw new Error([
+      `${provider} CLI resolved inside the current workspace: ${binPath}`,
+      'Provider CLIs should come from a user/global install so local project files cannot hijack delegated auth.',
+      `Move the CLI earlier on PATH outside this repo, or set HARNESS_${providerKey}_ALLOW_WORKSPACE_BIN=1 if this is intentional.`,
+    ].join('\n'));
+  }
+
+  return binPath;
+}
+
+export function isPathInside(root, target) {
+  const rel = path.relative(path.resolve(root), path.resolve(target));
+  return rel === '' || (!!rel && !rel.startsWith('..') && !path.isAbsolute(rel));
+}
+
+function preferredWindowsExtensions(env) {
+  const fromPathExt = (env.PATHEXT || '.COM;.EXE;.BAT;.CMD')
+    .split(';')
+    .map((ext) => ext.trim().toLowerCase())
+    .filter(Boolean);
+  const preferred = ['.exe', '.cmd', '.bat', '.ps1', ''];
+  return [...new Set([...preferred, ...fromPathExt])];
+}

package/scripts/core/execution-workspace.js

@@ -0,0 +1,84 @@
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { spawnSync } from 'node:child_process';
+
+export async function withExecutionWorkspace(root, sessionDir, fn, options = {}) {
+  const worktreeRoot = fs.mkdtempSync(path.join(os.tmpdir(), `harness-exec-${options.sessionId || 'session'}-`));
+  const keep = process.env.HARNESS_KEEP_EXECUTION_WORKTREE === '1';
+
+  runGit(root, ['worktree', 'add', '--detach', worktreeRoot, 'HEAD']);
+
+  try {
+    if (options.baseDiff) applyExecutionDiff(worktreeRoot, options.baseDiff);
+    const result = await fn(worktreeRoot);
+    const diff = captureExecutionDiff(worktreeRoot);
+    const files = changedFiles(worktreeRoot);
+    const diffPath = persistDiff(sessionDir, options.stage || 'implement', options.round || 1, diff);
+
+    return {
+      result,
+      worktreeRoot: keep ? worktreeRoot : null,
+      diff,
+      diffPath,
+      files,
+    };
+  } finally {
+    if (!keep) {
+      removeWorktree(root, worktreeRoot);
+      removeDir(worktreeRoot);
+    }
+  }
+}
+
+export function applyExecutionDiff(root, diff) {
+  if (!String(diff || '').trim()) return false;
+  const r = spawnSync('git', ['-C', root, 'apply', '--3way', '--whitespace=nowarn'], {
+    input: diff,
+    encoding: 'utf8',
+    windowsHide: true,
+  });
+  if (r.status !== 0) {
+    throw new Error(`git apply failed in ${root}\n${r.stderr || r.stdout}`);
+  }
+  return true;
+}
+
+export function captureExecutionDiff(worktreeRoot) {
+  // Intent-to-add makes untracked files visible in the captured patch.
+  runGit(worktreeRoot, ['add', '-N', '.'], { allowFailure: true });
+  return runGit(worktreeRoot, ['diff', '--binary', 'HEAD']).stdout;
+}
+
+export function changedFiles(worktreeRoot) {
+  const out = runGit(worktreeRoot, ['diff', '--name-only', 'HEAD']).stdout.trim();
+  return out ? out.split(/\r?\n/).filter(Boolean) : [];
+}
+
+function persistDiff(sessionDir, stage, round, diff) {
+  if (!sessionDir || !diff) return null;
+  const dir = path.join(sessionDir, 'diffs');
+  fs.mkdirSync(dir, { recursive: true });
+  const f = path.join(dir, `${String(round).padStart(2, '0')}-${stage}.diff`);
+  fs.writeFileSync(f, diff);
+  return f;
+}
+
+function removeWorktree(root, worktreeRoot) {
+  runGit(root, ['worktree', 'remove', '--force', worktreeRoot], { allowFailure: true });
+}
+
+function removeDir(dir) {
+  try { fs.rmSync(dir, { recursive: true, force: true }); } catch {}
+}
+
+function runGit(cwd, args, options = {}) {
+  const r = spawnSync('git', ['-C', cwd, ...args], {
+    encoding: 'utf8',
+    windowsHide: true,
+  });
+  if (r.status !== 0 && !options.allowFailure) {
+    throw new Error(`git ${args.join(' ')} failed in ${cwd}\n${r.stderr || r.stdout}`);
+  }
+  return { stdout: r.stdout || '', stderr: r.stderr || '', status: r.status ?? 1 };
+}

package/scripts/core/git-mutation-guard.js

@@ -0,0 +1,79 @@
+import { spawnSync } from 'node:child_process';
+
+export async function withGitMutationGuard(root, fn, options = {}) {
+  const label = options.label || 'process';
+  const allowEnvKey = options.allowEnvKey || 'HARNESS_ALLOW_WORKSPACE_MUTATION';
+  const env = options.env || process.env;
+
+  if (!root || env[allowEnvKey] === '1') {
+    return await fn();
+  }
+
+  const before = readGitStatus(root);
+  if (!before) {
+    return await fn();
+  }
+
+  let result;
+  let originalError;
+  try {
+    result = await fn();
+  } catch (e) {
+    originalError = e;
+  }
+
+  const after = readGitStatus(root);
+  if (after && before.raw !== after.raw) {
+    const msg = [
+      `${label} changed the git workspace during guarded execution.`,
+      'This usually means a read-only review runner wrote files despite sandbox settings.',
+      `Set ${allowEnvKey}=1 only when this mutation is intentional.`,
+      '',
+      'Before:',
+      before.text || '(clean)',
+      '',
+      'After:',
+      after.text || '(clean)',
+    ];
+    if (originalError) {
+      msg.push('', 'Original error:', originalError.message || String(originalError));
+    }
+    const mutationError = new Error(msg.join('\n'));
+    if (originalError) mutationError.cause = originalError;
+    throw mutationError;
+  }
+
+  if (originalError) throw originalError;
+  return result;
+}
+
+export function readGitStatus(root) {
+  if (!isGitWorkTree(root)) return null;
+
+  const raw = runGit(root, ['status', '--porcelain=v1', '-z']);
+  const text = runGit(root, ['status', '--short']);
+  return { raw, text };
+}
+
+function isGitWorkTree(root) {
+  try {
+    const r = spawnSync('git', ['-C', root, 'rev-parse', '--is-inside-work-tree'], {
+      encoding: 'utf8',
+      windowsHide: true,
+    });
+    return r.status === 0 && r.stdout.trim() === 'true';
+  } catch {
+    return false;
+  }
+}
+
+function runGit(root, args) {
+  const r = spawnSync('git', ['-C', root, ...args], {
+    encoding: 'utf8',
+    windowsHide: true,
+  });
+  if (r.status !== 0) {
+    throw new Error(`git ${args.join(' ')} failed: ${r.stderr || r.stdout}`);
+  }
+  return r.stdout;
+}

package/scripts/core/install-state.js

@@ -0,0 +1,125 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+
+export const ZERO_SHA = '0'.repeat(64);
+
+const CATALOG_INPUTS = ['agent.yaml', 'agents', 'skills', 'commands', 'hooks', 'manifests'];
+
+export function installStatePath(root) {
+  return path.join(root, '.harness', 'install-state.json');
+}
+
+export function sha256(filePath) {
+  return crypto.createHash('sha256').update(fs.readFileSync(filePath)).digest('hex');
+}
+
+export function sha256OfDir(dir) {
+  if (!fs.existsSync(dir)) return null;
+  const entries = [];
+
+  function walk(d) {
+    for (const e of fs.readdirSync(d, { withFileTypes: true }).sort((a, b) => a.name.localeCompare(b.name))) {
+      const p = path.join(d, e.name);
+      if (e.isDirectory()) walk(p);
+      else if (e.isFile()) {
+        const rel = path.relative(dir, p).replace(/\\/g, '/');
+        const h = crypto.createHash('sha256').update(fs.readFileSync(p)).digest('hex');
+        entries.push(`${rel} ${h}`);
+      }
+    }
+  }
+
+  walk(dir);
+  if (entries.length === 0) return null;
+  return crypto.createHash('sha256').update(entries.join('\n')).digest('hex');
+}
+
+export function sha256OfCatalog(root, inputs = CATALOG_INPUTS) {
+  const parts = [];
+  for (const inp of inputs) {
+    const p = path.join(root, inp);
+    if (!fs.existsSync(p)) continue;
+    const stat = fs.statSync(p);
+    if (stat.isFile()) parts.push(`${inp}\t${sha256(p)}`);
+    else parts.push(`${inp}/\t${sha256OfDir(p) || ''}`);
+  }
+  return crypto.createHash('sha256').update(parts.join('\n')).digest('hex');
+}
+
+export function loadInstallState(root) {
+  const file = installStatePath(root);
+  if (!fs.existsSync(file)) return null;
+  return JSON.parse(fs.readFileSync(file, 'utf8'));
+}
+
+export function buildInstallState(root, {
+  targetRoot = root,
+  profile,
+  harnessDefs,
+  harnessNames,
+  previousState = null,
+  now = new Date().toISOString(),
+} = {}) {
+  const sourceSha = sha256OfCatalog(root);
+  const selected = new Set(harnessNames || harnessDefs.map(h => h.name));
+  const state = {
+    $schema: 'schemas/install-state.schema.json',
+    version: previousState?.version || '0.0.1',
+    harness_version: packageVersion(root),
+    profile: profile || previousState?.profile || 'developer',
+    installed_at: previousState?.installed_at || now,
+    last_updated: now,
+    components: { ...(previousState?.components || {}) },
+  };
+
+  for (const h of harnessDefs) {
+    if (!selected.has(h.name)) continue;
+    const component = buildStateComponent(root, targetRoot, h, sourceSha, now, previousState?.components?.[h.name]);
+    if (component) state.components[h.name] = component;
+  }
+
+  assertInstallState(root, state);
+  return { state, sourceSha };
+}
+
+export function buildStateComponent(root, targetRoot, harnessDef, sourceSha, now = new Date().toISOString(), previous = null) {
+  const outDir = path.join(targetRoot, harnessDef.output_dir);
+  if (!fs.existsSync(outDir)) return null;
+  return {
+    installed_at: previous?.installed_at || now,
+    source_sha256: sourceSha,
+    targets: [{
+      harness: harnessDef.name,
+      path: harnessDef.output_dir,
+      sha256: sha256OfDir(outDir) || ZERO_SHA,
+    }],
+  };
+}
+
+export function writeInstallState(root, state, { schemaRoot = root } = {}) {
+  assertInstallState(schemaRoot, state);
+  const file = installStatePath(root);
+  fs.mkdirSync(path.dirname(file), { recursive: true });
+  fs.writeFileSync(file, JSON.stringify(state, null, 2));
+  return file;
+}
+
+export function assertInstallState(root, state) {
+  const schema = JSON.parse(fs.readFileSync(path.join(root, 'schemas', 'install-state.schema.json'), 'utf8'));
+  const ajv = new Ajv2020({ allErrors: true, strict: false });
+  addFormats(ajv);
+  const validate = ajv.compile(schema);
+  if (!validate(state)) {
+    const detail = (validate.errors || [])
+      .map(e => `${e.instancePath || '/'} ${e.message}`)
+      .join('; ');
+    throw new Error(`install-state schema validation failed: ${detail}`);
+  }
+}
+
+function packageVersion(root) {
+  return JSON.parse(fs.readFileSync(path.join(root, 'package.json'), 'utf8')).version;
+}

package/scripts/core/json-extractor.js

@@ -0,0 +1,32 @@
+export function extractJson(text) {
+  if (typeof text !== 'string') return null;
+  const m = text.match(/```json\s*([\s\S]*?)```/i);
+  if (m) return m[1].trim();
+  const start = text.indexOf('{');
+  if (start < 0) return null;
+
+  let depth = 0;
+  let inStr = false;
+  let esc = false;
+  for (let i = start; i < text.length; i++) {
+    const c = text[i];
+    if (inStr) {
+      if (esc) esc = false;
+      else if (c === '\\') esc = true;
+      else if (c === '"') inStr = false;
+      continue;
+    }
+    if (c === '"') { inStr = true; continue; }
+    if (c === '{') depth++;
+    else if (c === '}') {
+      depth--;
+      if (depth === 0) return text.slice(start, i + 1);
+    }
+  }
+  return null;
+}
+
+export function parseJsonObject(text) {
+  const json = extractJson(text);
+  return json ? JSON.parse(json) : null;
+}

package/scripts/core/subprocess.js

@@ -0,0 +1,74 @@
+import { spawn, spawnSync } from 'node:child_process';
+
+export function spawnAndCollect(bin, args, stdin, options = {}) {
+  const label = options.label || bin;
+  const timeoutMs = Number(options.timeoutMs || 180000);
+
+  return new Promise((resolve, reject) => {
+    const child = spawnProcess(bin, args, options);
+    let out = '';
+    let err = '';
+    let done = false;
+
+    const settle = (fn, value) => {
+      if (done) return;
+      done = true;
+      clearTimeout(timeout);
+      fn(value);
+    };
+
+    const timeout = setTimeout(() => {
+      killProcessTree(child);
+      settle(reject, new Error(`${label} timeout`));
+    }, timeoutMs);
+
+    child.stdout.on('data', (d) => (out += d.toString()));
+    child.stderr.on('data', (d) => (err += d.toString()));
+    child.on('error', (e) => settle(reject, e));
+    child.on('close', (code) => {
+      if (code !== 0) settle(reject, new Error(`${label} exit ${code}\nstderr:\n${err}`));
+      else settle(resolve, out);
+    });
+    child.stdin.end(stdin);
+  });
+}
+
+function killProcessTree(child) {
+  try {
+    if (process.platform === 'win32' && child.pid) {
+      spawnSync('taskkill.exe', ['/pid', String(child.pid), '/t', '/f'], {
+        stdio: 'ignore',
+        windowsHide: true,
+      });
+      return;
+    }
+    child.kill();
+  } catch {
+    try { child.kill(); } catch {}
+  }
+}
+
+function spawnProcess(bin, args, options = {}) {
+  const spawnOptions = {
+    stdio: ['pipe', 'pipe', 'pipe'],
+    cwd: options.cwd,
+    env: options.env,
+  };
+
+  if (process.platform !== 'win32') {
+    return spawn(bin, args, spawnOptions);
+  }
+
+  if (/\.(cmd|bat)$/i.test(bin)) {
+    const comspec = process.env.ComSpec || 'cmd.exe';
+    return spawn(comspec, ['/d', '/c', bin, ...args], spawnOptions);
+  }
+
+  if (/\.ps1$/i.test(bin)) {
+    return spawn('powershell.exe', ['-NoProfile', '-ExecutionPolicy', 'Bypass', '-File', bin, ...args], {
+      ...spawnOptions,
+    });
+  }
+
+  return spawn(bin, args, spawnOptions);
+}