@rectify-so/bridge 0.1.1 → 0.1.3

package/dist/index.js

@@ -11,6 +11,7 @@ function parseArgs(argv) {
     let command;
     let token;
     let apiBase = DEFAULT_API_BASE;
+    let local = false;
     const positionals = [];
     for (let i = 0; i < args.length; i++) {
         const a = args[i];
@@ -20,6 +21,9 @@ function parseArgs(argv) {
         else if (a.startsWith('--api=')) {
             apiBase = a.slice('--api='.length);
         }
+        else if (a === '--local') {
+            local = true;
+        }
         else if (a === '--help' || a === '-h') {
             command = 'help';
         }
@@ -30,7 +34,7 @@ function parseArgs(argv) {
     if (!command)
         command = positionals[0];
     token = positionals[1];
-    return { command, token, apiBase };
+    return { command, token, apiBase, local };
 }
 function printHelp() {
     console.log(`
@@ -44,13 +48,15 @@ Commands:
 
 Options:
   --api <url>        Override the Rectify API base URL (default: ${DEFAULT_API_BASE}).
+  --local            Dev mode: bind the local server on the connection's port and
+                     skip the SSH tunnel (for testing against a backend on this machine).
   -h, --help         Show this help.
 
 Keep this window open while connected. Press Ctrl+C to disconnect.
 `);
 }
 async function main() {
-    const { command, token, apiBase } = parseArgs(process.argv);
+    const { command, token, apiBase, local } = parseArgs(process.argv);
     if (command === 'help' || !command) {
         printHelp();
         process.exit(command ? 0 : 1);
@@ -68,6 +74,32 @@ async function main() {
     log('Fetching connection config from Rectify…');
     const config = await api.fetchConfig();
     log(`Connection type: ${config.mode}`);
+    // Local dev mode: bind the server on the connection's port and skip the tunnel.
+    // A backend on this same machine reaches the bridge directly at 127.0.0.1:<remotePort>.
+    if (local) {
+        if (config.mode === 'openclaw') {
+            warn('--local is only supported for Claude Code / Codex connections.');
+            process.exit(1);
+        }
+        const reader = config.mode === 'codex_local' ? codex : claude;
+        const health = await reader.checkHealth();
+        if (!health.ok)
+            warn(`Warning: ${health.error}`);
+        else
+            log(`${health.cli} detected${health.version ? ` (${health.version})` : ''}.`);
+        const server = await startLocalServer(config.mode, config.bridgeToken, config.remotePort);
+        void api.reportConnected({
+            os: process.platform,
+            cliInstalled: health.installed,
+            cliVersion: health.version ?? null,
+        });
+        log(`✓ Local dev mode — serving on 127.0.0.1:${server.port} (tunnel skipped).`);
+        log(`  Your backend on this machine can reach the bridge directly. Keep this window open.`);
+        const shutdownLocal = () => { server.close(); process.exit(0); };
+        process.on('SIGINT', shutdownLocal);
+        process.on('SIGTERM', shutdownLocal);
+        return;
+    }
     let localTarget;
     let closeServer;
     if (config.mode === 'openclaw') {

package/dist/readers/claude.js

@@ -50,10 +50,14 @@ function summarize(file, entries) {
     let cwd = null;
     let userMessages = 0;
     let assistantMessages = 0;
+    let toolUses = 0;
     let inputTokens = 0;
     let outputTokens = 0;
+    let cacheReadTokens = 0;
+    let cacheCreationTokens = 0;
     let firstTs = null;
     let lastTs = null;
+    let lastUserPrompt = null;
     for (const entry of entries) {
         if (entry.gitBranch)
             gitBranch = entry.gitBranch;
@@ -68,22 +72,41 @@ function summarize(file, entries) {
                     lastTs = ts;
             }
         }
+        // Skip subagent side-conversations so counts/tokens aren't inflated.
+        if (entry.isSidechain)
+            continue;
         const msg = entry.message;
         if (!msg)
             continue;
         if (msg.model)
             model = msg.model;
-        if (msg.role === 'user')
+        if (msg.role === 'user') {
             userMessages++;
-        if (msg.role === 'assistant')
+            if (typeof msg.content === 'string' && msg.content.length > 0) {
+                lastUserPrompt = msg.content.slice(0, 500);
+            }
+        }
+        if (msg.role === 'assistant') {
             assistantMessages++;
+            if (Array.isArray(msg.content)) {
+                for (const block of msg.content) {
+                    if (block.type === 'tool_use')
+                        toolUses++;
+                }
+            }
+        }
         if (msg.usage) {
             inputTokens += msg.usage.input_tokens ?? 0;
             outputTokens += msg.usage.output_tokens ?? 0;
+            cacheReadTokens += msg.usage.cache_read_input_tokens ?? 0;
+            cacheCreationTokens += msg.usage.cache_creation_input_tokens ?? 0;
         }
     }
     const pricing = (model && MODEL_PRICING[model]) || DEFAULT_PRICING;
-    const estimatedCost = inputTokens * pricing.input + outputTokens * pricing.output;
+    const estimatedCost = inputTokens * pricing.input +
+        cacheReadTokens * pricing.input * 0.1 +
+        cacheCreationTokens * pricing.input * 1.25 +
+        outputTokens * pricing.output;
     const isActive = (lastTs ?? file.mtimeMs) > Date.now() - ACTIVE_THRESHOLD_MS;
     const projectSlug = cwd ? basename(cwd) : 'claude';
     return {
@@ -97,12 +120,16 @@ function summarize(file, entries) {
         gitBranch,
         userMessages,
         assistantMessages,
+        toolUses,
         inputTokens,
         outputTokens,
-        totalTokens: inputTokens + outputTokens,
-        estimatedCost,
+        cacheReadTokens,
+        cacheCreationTokens,
+        totalTokens: inputTokens + cacheReadTokens + cacheCreationTokens + outputTokens,
+        estimatedCost: Math.round(estimatedCost * 10000) / 10000,
         firstMessageAt: firstTs ? new Date(firstTs).toISOString() : null,
         lastMessageAt: lastTs ? new Date(lastTs).toISOString() : null,
+        lastUserPrompt,
         status: isActive ? 'active' : 'idle',
         isActive,
     };
@@ -161,6 +188,33 @@ export async function listSessions(limit = 50, skip = 0) {
     }
     return { sessions, hasMore: slice.length > limit };
 }
+function toParts(content) {
+    if (typeof content === 'string') {
+        return content ? [{ type: 'text', text: content }] : [];
+    }
+    const parts = [];
+    for (const block of content) {
+        if (block.type === 'text' && block.text) {
+            parts.push({ type: 'text', text: block.text });
+        }
+        else if (block.type === 'thinking' && typeof block.thinking === 'string' && block.thinking.trim()) {
+            parts.push({ type: 'thinking', thinking: block.thinking.slice(0, 4000) });
+        }
+        else if (block.type === 'tool_use') {
+            const input = block.input !== undefined ? JSON.stringify(block.input) : '';
+            parts.push({ type: 'tool_use', name: block.name ?? 'tool', input: input.slice(0, 2000) });
+        }
+        else if (block.type === 'tool_result') {
+            const c = typeof block.content === 'string'
+                ? block.content
+                : Array.isArray(block.content)
+                    ? block.content.map((b) => b?.text ?? '').join('\n')
+                    : block.content !== undefined ? JSON.stringify(block.content) : '';
+            parts.push({ type: 'tool_result', content: String(c).slice(0, 4000), isError: block.is_error === true });
+        }
+    }
+    return parts;
+}
 export async function sessionHistory(key, limit = 100, skip = 0) {
     const files = await walkJsonl(projectsDir());
     const target = files.find((f) => basename(f.path) === `${key}.jsonl`);
@@ -169,27 +223,63 @@ export async function sessionHistory(key, limit = 100, skip = 0) {
     const content = await fs.readFile(target.path, 'utf8');
     const entries = parseJsonl(content);
     const messages = entries
-        .filter((e) => e.message?.role === 'user' || e.message?.role === 'assistant')
+        .filter((e) => !e.isSidechain && (e.message?.role === 'user' || e.message?.role === 'assistant'))
         .map((e) => {
         const m = e.message;
-        const text = typeof m.content === 'string'
-            ? m.content
-            : Array.isArray(m.content)
-                ? m.content.filter((c) => c.type === 'text').map((c) => c.text ?? '').join('\n')
-                : '';
+        const parts = toParts(m.content ?? '');
         return {
             role: m.role ?? 'assistant',
-            content: text,
+            content: parts.length === 1 && parts[0].type === 'text' ? parts[0].text : parts,
             timestamp: e.timestamp,
             model: m.model ?? null,
             usage: m.usage
                 ? { input: m.usage.input_tokens ?? 0, output: m.usage.output_tokens ?? 0 }
                 : null,
         };
-    });
+    })
+        .filter((m) => m.content.length > 0);
     const sliced = messages.slice(skip, skip + limit);
     return { messages: sliced, hasMore: skip + limit < messages.length };
 }
+export async function sessionUsage(key) {
+    const empty = { input: 0, output: 0, totalTokens: 0, cost: 0, totalCost: 0, requests: 0, requestCount: 0 };
+    const files = await walkJsonl(projectsDir());
+    const target = files.find((f) => basename(f.path) === `${key}.jsonl`);
+    if (!target)
+        return empty;
+    const content = await fs.readFile(target.path, 'utf8');
+    const summary = summarize(target, parseJsonl(content));
+    if (!summary)
+        return empty;
+    const input = summary.inputTokens + summary.cacheReadTokens + summary.cacheCreationTokens;
+    return {
+        input,
+        output: summary.outputTokens,
+        totalTokens: summary.totalTokens,
+        cost: summary.estimatedCost,
+        totalCost: summary.estimatedCost,
+        requests: summary.assistantMessages,
+        requestCount: summary.assistantMessages,
+        totals: { input, output: summary.outputTokens, total: summary.totalTokens, cost: summary.estimatedCost, requests: summary.assistantMessages },
+    };
+}
+async function resolveSessionCwd(key) {
+    const files = await walkJsonl(projectsDir());
+    const target = files.find((f) => basename(f.path) === `${key}.jsonl`);
+    if (!target)
+        return undefined;
+    try {
+        const content = await fs.readFile(target.path, 'utf8');
+        for (const entry of parseJsonl(content)) {
+            if (entry.cwd)
+                return entry.cwd;
+        }
+    }
+    catch {
+        // ignore
+    }
+    return undefined;
+}
 export async function listSkills() {
     const dir = join(claudeDir(), 'skills');
     try {
@@ -218,8 +308,29 @@ export async function usage() {
     }
     return { totalCost, totalTokens, sessionCount: sessions.length };
 }
-export async function chat(message) {
-    const result = await run('claude', ['--print'], { input: message, timeoutMs: 180000 });
+export async function chat(message, sessionKey) {
+    // Only resume when the session key matches a real Claude session file
+    // (the Agents-page chat uses a synthetic key with no transcript to resume).
+    let resume = false;
+    let cwd;
+    if (sessionKey) {
+        const files = await walkJsonl(projectsDir());
+        const target = files.find((f) => basename(f.path) === `${sessionKey}.jsonl`);
+        if (target) {
+            resume = true;
+            cwd = await resolveSessionCwd(sessionKey);
+        }
+    }
+    const tryRun = (doResume) => {
+        const args = ['--print'];
+        if (doResume && sessionKey)
+            args.push('--resume', sessionKey);
+        return run('claude', args, { input: message, timeoutMs: 180000, cwd });
+    };
+    let result = await tryRun(resume);
+    if (result.code !== 0 && resume && /no conversation found|not a uuid|valid session|not found|unknown session/i.test(result.stderr)) {
+        result = await tryRun(false);
+    }
     if (result.code !== 0) {
         throw new Error(result.stderr || result.stdout || `claude exited with code ${result.code}`);
     }

package/dist/readers/codex.js

@@ -46,18 +46,26 @@ function summarize(file, entries) {
     let model = null;
     let userMessages = 0;
     let assistantMessages = 0;
+    let toolUses = 0;
     let inputTokens = 0;
     let outputTokens = 0;
     let firstTs = null;
     let lastTs = null;
+    let lastUserPrompt = null;
     for (const entry of entries) {
         if (entry.model)
             model = entry.model;
         const role = entry.message?.role ?? entry.role;
-        if (role === 'user')
+        if (role === 'user') {
             userMessages++;
+            const c = entry.message?.content ?? entry.content;
+            if (typeof c === 'string' && c.length > 0)
+                lastUserPrompt = c.slice(0, 500);
+        }
         if (role === 'assistant')
             assistantMessages++;
+        if (entry.type === 'function_call' || entry.type === 'tool_use' || entry.type === 'local_shell_call')
+            toolUses++;
         if (entry.usage) {
             inputTokens += entry.usage.input_tokens ?? entry.usage.prompt_tokens ?? 0;
             outputTokens += entry.usage.output_tokens ?? entry.usage.completion_tokens ?? 0;
@@ -84,12 +92,16 @@ function summarize(file, entries) {
         model,
         userMessages,
         assistantMessages,
+        toolUses,
         inputTokens,
         outputTokens,
+        cacheReadTokens: 0,
+        cacheCreationTokens: 0,
         totalTokens: inputTokens + outputTokens,
         estimatedCost: 0,
         firstMessageAt: firstTs ? new Date(firstTs).toISOString() : null,
         lastMessageAt: lastTs ? new Date(lastTs).toISOString() : null,
+        lastUserPrompt,
         status: isActive ? 'active' : 'idle',
         isActive,
     };
@@ -184,6 +196,27 @@ export async function sessionHistory(key, limit = 100, skip = 0) {
     const sliced = messages.slice(skip, skip + limit);
     return { messages: sliced, hasMore: skip + limit < messages.length };
 }
+export async function sessionUsage(key) {
+    const empty = { input: 0, output: 0, totalTokens: 0, cost: 0, totalCost: 0, requests: 0, requestCount: 0 };
+    const files = await walkJsonl(sessionsDir());
+    const target = files.find((f) => deriveSessionId(f.path) === key);
+    if (!target)
+        return empty;
+    const content = await fs.readFile(target.path, 'utf8');
+    const summary = summarize(target, parseJsonl(content));
+    if (!summary)
+        return empty;
+    return {
+        input: summary.inputTokens,
+        output: summary.outputTokens,
+        totalTokens: summary.totalTokens,
+        cost: summary.estimatedCost,
+        totalCost: summary.estimatedCost,
+        requests: summary.assistantMessages,
+        requestCount: summary.assistantMessages,
+        totals: { input: summary.inputTokens, output: summary.outputTokens, total: summary.totalTokens, cost: summary.estimatedCost, requests: summary.assistantMessages },
+    };
+}
 export async function usage() {
     const { sessions } = await listSessions(200, 0);
     let totalTokens = 0;
@@ -191,8 +224,22 @@ export async function usage() {
         totalTokens += s.totalTokens;
     return { totalCost: 0, totalTokens, sessionCount: sessions.length };
 }
-export async function chat(message) {
-    const result = await run('codex', ['exec', message], { timeoutMs: 180000 });
+export async function chat(message, sessionKey) {
+    // Only resume when the key matches a real session file (the Agents-page chat
+    // uses a synthetic key with no session to resume). cross-spawn passes the
+    // prompt as a discrete arg with no shell, so it can't be injected.
+    let resume = false;
+    if (sessionKey) {
+        const files = await walkJsonl(sessionsDir());
+        resume = files.some((f) => deriveSessionId(f.path) === sessionKey);
+    }
+    const args = resume && sessionKey
+        ? ['exec', 'resume', sessionKey, message, '--skip-git-repo-check']
+        : ['exec', message];
+    let result = await run('codex', args, { timeoutMs: 180000 });
+    if (result.code !== 0 && resume && /not found|no session|unknown/i.test(result.stderr)) {
+        result = await run('codex', ['exec', message], { timeoutMs: 180000 });
+    }
     if (result.code !== 0) {
         throw new Error(result.stderr || result.stdout || `codex exited with code ${result.code}`);
     }

package/dist/server.js

@@ -17,7 +17,7 @@ function sendJson(res, status, body) {
     res.writeHead(status, { 'Content-Type': 'application/json' });
     res.end(payload);
 }
-export function startLocalServer(mode, token) {
+export function startLocalServer(mode, token, fixedPort = 0) {
     const reader = readerFor(mode);
     const server = http.createServer((req, res) => {
         void handle(req, res).catch((err) => {
@@ -52,6 +52,12 @@ export function startLocalServer(mode, token) {
             sendJson(res, 200, result);
             return;
         }
+        if (req.method === 'GET' && path.startsWith('/sessions/') && path.endsWith('/usage')) {
+            const key = decodeURIComponent(path.slice('/sessions/'.length, -'/usage'.length));
+            const result = await reader.sessionUsage(key);
+            sendJson(res, 200, result);
+            return;
+        }
         if (req.method === 'GET' && path === '/skills') {
             const result = 'listSkills' in reader ? await reader.listSkills() : { skills: [] };
             sendJson(res, 200, result);
@@ -65,8 +71,11 @@ export function startLocalServer(mode, token) {
         if (req.method === 'POST' && path === '/chat') {
             const raw = await readBody(req);
             let message = '';
+            let sessionKey;
             try {
-                message = JSON.parse(raw).message ?? '';
+                const body = JSON.parse(raw);
+                message = body.message ?? '';
+                sessionKey = body.sessionKey;
             }
             catch {
                 sendJson(res, 400, { error: 'Invalid JSON body' });
@@ -76,14 +85,15 @@ export function startLocalServer(mode, token) {
                 sendJson(res, 400, { error: 'message is required' });
                 return;
             }
-            const content = await reader.chat(message);
+            const content = await reader.chat(message, sessionKey);
             sendJson(res, 200, { content });
             return;
         }
         sendJson(res, 404, { error: 'Not found' });
     }
-    return new Promise((resolve) => {
-        server.listen(0, '127.0.0.1', () => {
+    return new Promise((resolve, reject) => {
+        server.once('error', reject);
+        server.listen(fixedPort, '127.0.0.1', () => {
             const addr = server.address();
             const port = typeof addr === 'object' && addr ? addr.port : 0;
             log(`Local API server listening on 127.0.0.1:${port}`);

package/dist/util.js

@@ -1,4 +1,4 @@
-import { spawn } from 'node:child_process';
+import spawn from 'cross-spawn';
 export function log(...args) {
     const ts = new Date().toISOString().slice(11, 19);
     console.log(`[${ts}]`, ...args);
@@ -11,7 +11,9 @@ const IS_WIN = process.platform === 'win32';
 export function run(command, args, options = {}) {
     const timeoutMs = options.timeoutMs ?? 120000;
     return new Promise((resolve, reject) => {
-        const child = spawn(command, args, { shell: IS_WIN });
+        // cross-spawn safely runs Windows .cmd/.bat shims WITHOUT a shell, so
+        // arguments (including user chat prompts) can never be interpreted as shell commands.
+        const child = spawn(command, args, { shell: false, cwd: options.cwd });
         let stdout = '';
         let stderr = '';
         let settled = false;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rectify-so/bridge",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Rectify AgentPulse local bridge — securely connects locally-installed agent CLIs (Claude Code, Codex) and OpenClaw gateways to the Rectify dashboard over a reverse SSH tunnel.",
   "type": "module",
   "bin": {
@@ -28,7 +28,11 @@
     "tunnel"
   ],
   "license": "MIT",
+  "dependencies": {
+    "cross-spawn": "^7.0.6"
+  },
   "devDependencies": {
+    "@types/cross-spawn": "^6.0.6",
     "@types/node": "^20.11.0",
     "typescript": "^5.4.0"
   }