npm - @sickr/replay - Versions diffs - 0.1.0 - Mend

@sickr/replay 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,137 @@
+#!/usr/bin/env node
+import { pathToFileURL } from 'node:url';
+import { readFileSync, writeFileSync, mkdirSync, existsSync, readdirSync, statSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { spawn } from 'node:child_process';
+import { appendEvent, loadRun, runsDir, latestRunId } from './recorder.js';
+import { mergeHooks } from './hookConfig.js';
+import { renderRunHtml } from './render.js';
+import { buildSharePayload, publish } from './share.js';
+const REPLAY_ENDPOINT = process.env.SICKR_REPLAY_ENDPOINT ?? 'https://sickr.ai/api/replay';
+const COMMANDS = ['init', 'record', 'open', 'list', 'share'];
+export function parseCommand(argv) {
+    const c = argv[0];
+    return c && COMMANDS.includes(c) ? c : null;
+}
+export function currentRunId(cc) {
+    return String(cc.session_id ?? 'session');
+}
+/** Ingest one Claude Code hook payload. Must never throw — a hook error would break the agent. */
+export function handleRecord(input) {
+    try {
+        const cc = JSON.parse(input);
+        appendEvent(currentRunId(cc), cc);
+    }
+    catch {
+        /* swallow: recording is best-effort and must not disrupt the session */
+    }
+}
+function handleInit() {
+    const settingsPath = join(process.cwd(), '.claude', 'settings.json');
+    const settings = existsSync(settingsPath) ? JSON.parse(readFileSync(settingsPath, 'utf8')) : {};
+    const merged = mergeHooks(settings, 'npx @sickr/replay');
+    mkdirSync(join(process.cwd(), '.claude'), { recursive: true });
+    writeFileSync(settingsPath, JSON.stringify(merged, null, 2) + '\n');
+    mkdirSync(runsDir(), { recursive: true });
+    process.stdout.write(`sickr: installed Claude Code hooks in ${settingsPath}\n` +
+        `Runs are recorded locally to ${runsDir()} (secrets redacted).\n` +
+        `Use Claude Code as normal, then: npx @sickr/replay open\n`);
+}
+function openInBrowser(file) {
+    const cmd = process.platform === 'win32' ? 'cmd' : process.platform === 'darwin' ? 'open' : 'xdg-open';
+    const args = process.platform === 'win32' ? ['/c', 'start', '', file] : [file];
+    try {
+        spawn(cmd, args, { detached: true, stdio: 'ignore' }).unref();
+    }
+    catch { /* ignore */ }
+}
+function handleOpen(runId) {
+    const id = runId ?? latestRunId();
+    if (!id) {
+        process.stdout.write('sickr: no runs recorded yet. Run `npx @sickr/replay init`, then use Claude Code.\n');
+        return;
+    }
+    const html = renderRunHtml(loadRun(id));
+    const out = join(homedir(), '.sickr', 'last.html');
+    mkdirSync(join(homedir(), '.sickr'), { recursive: true });
+    writeFileSync(out, html);
+    process.stdout.write(`sickr: opened replay for ${id} → ${out}\n`);
+    openInBrowser(out);
+}
+function handleList() {
+    const dir = runsDir();
+    const files = existsSync(dir) ? readdirSync(dir).filter((f) => f.endsWith('.ndjson')) : [];
+    if (files.length === 0) {
+        process.stdout.write('sickr: no runs yet.\n');
+        return;
+    }
+    files
+        .sort((a, b) => statSync(join(dir, b)).mtimeMs - statSync(join(dir, a)).mtimeMs)
+        .forEach((f) => process.stdout.write(`${f.replace(/\.ndjson$/, '')}\t${statSync(join(dir, f)).mtime.toISOString()}\n`));
+}
+async function handleShare(runId, yes) {
+    const id = runId ?? latestRunId();
+    if (!id) {
+        process.stderr.write('sickr: no runs to share. Use Claude Code first.\n');
+        process.exit(1);
+        return;
+    }
+    const run = loadRun(id);
+    const payload = buildSharePayload(run);
+    process.stdout.write(`sickr: about to publish run "${id}" (${payload.run.events.length} events, secrets already redacted) to ${REPLAY_ENDPOINT}\n`);
+    for (const e of payload.run.events)
+        process.stdout.write(`  · ${e.label}: ${e.detail || ''}\n`);
+    if (!yes) {
+        if (!process.stdin.isTTY) {
+            process.stderr.write('sickr: re-run with --yes to publish non-interactively.\n');
+            process.exit(1);
+            return;
+        }
+        process.stdout.write('Publish this run publicly? [y/N] ');
+        const answer = await new Promise((resolve) => {
+            process.stdin.once('data', (d) => resolve(d.toString().trim().toLowerCase()));
+        });
+        if (answer !== 'y' && answer !== 'yes') {
+            process.stdout.write('sickr: cancelled.\n');
+            return;
+        }
+    }
+    const { url } = await publish(payload, REPLAY_ENDPOINT);
+    process.stdout.write(`sickr: published → ${url}\n`);
+}
+async function readStdin() {
+    const chunks = [];
+    for await (const chunk of process.stdin)
+        chunks.push(chunk);
+    return Buffer.concat(chunks).toString('utf8');
+}
+async function main() {
+    const argv = process.argv.slice(2);
+    const cmd = parseCommand(argv);
+    switch (cmd) {
+        case 'record':
+            handleRecord(await readStdin());
+            return;
+        case 'init':
+            handleInit();
+            return;
+        case 'open':
+            handleOpen(argv[1]);
+            return;
+        case 'list':
+            handleList();
+            return;
+        case 'share': {
+            const rest = argv.slice(1);
+            await handleShare(rest.find((a) => !a.startsWith('-')), rest.includes('--yes'));
+            return;
+        }
+        default:
+            process.stderr.write('usage: npx @sickr/replay <init|record|open|list|share>\n');
+            process.exit(argv[0] ? 1 : 0);
+    }
+}
+const invokedDirectly = process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href;
+if (invokedDirectly)
+    void main();

package/dist/hookConfig.js ADDED Viewed

@@ -0,0 +1,19 @@
+const EVENTS = ['SessionStart', 'UserPromptSubmit', 'PreToolUse', 'PostToolUse', 'Stop'];
+const TAG = '@sickr/replay record';
+/**
+ * Merge the SICKR recording hooks into a Claude Code settings object.
+ * Idempotent — re-running never duplicates the SICKR hook. Preserves any
+ * existing unrelated hooks.
+ */
+export function mergeHooks(settings, binPath) {
+    const next = { ...(settings ?? {}) };
+    next.hooks = { ...(next.hooks ?? {}) };
+    for (const ev of EVENTS) {
+        const groups = Array.isArray(next.hooks[ev]) ? [...next.hooks[ev]] : [];
+        const present = JSON.stringify(groups).includes(TAG);
+        if (!present)
+            groups.push({ hooks: [{ type: 'command', command: `${binPath} record` }] });
+        next.hooks[ev] = groups;
+    }
+    return next;
+}

package/dist/recorder.js ADDED Viewed

@@ -0,0 +1,57 @@
+import { mkdirSync, appendFileSync, readFileSync, existsSync, readdirSync, statSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { redact } from './redact.js';
+export function runsDir() {
+    return join(homedir(), '.sickr', 'runs');
+}
+/** Map one Claude Code hook payload to a redacted run event. */
+export function mapEvent(cc, now = new Date()) {
+    const at = now.toISOString();
+    const name = String(cc.hook_event_name ?? '');
+    switch (name) {
+        case 'SessionStart':
+            return { kind: 'start', label: 'Session', detail: redact(String(cc.cwd ?? '')), at };
+        case 'UserPromptSubmit':
+            return { kind: 'prompt', label: 'Prompt', detail: redact(String(cc.prompt ?? '')).slice(0, 400), at };
+        case 'Stop':
+            return { kind: 'stop', label: 'Stop', detail: '', at };
+        case 'PreToolUse':
+        case 'PostToolUse': {
+            const tool = String(cc.tool_name ?? 'tool');
+            const input = (cc.tool_input ?? {});
+            const raw = String(input.command ?? input.file_path ?? input.path ?? JSON.stringify(input));
+            return { kind: 'tool', label: tool, detail: redact(raw).slice(0, 400), at };
+        }
+        default:
+            return { kind: 'tool', label: name || 'event', detail: '', at };
+    }
+}
+export function appendEvent(runId, cc) {
+    const dir = runsDir();
+    mkdirSync(dir, { recursive: true });
+    appendFileSync(join(dir, `${runId}.ndjson`), JSON.stringify(mapEvent(cc)) + '\n');
+}
+export function loadRun(runId) {
+    const file = join(runsDir(), `${runId}.ndjson`);
+    const events = existsSync(file)
+        ? readFileSync(file, 'utf8').split('\n').filter(Boolean).map((l) => JSON.parse(l))
+        : [];
+    return {
+        id: runId,
+        cwd: events.find((e) => e.kind === 'start')?.detail ?? '',
+        startedAt: events[0]?.at ?? '',
+        events,
+    };
+}
+/** Most recently modified run id, or null if none. */
+export function latestRunId() {
+    const dir = runsDir();
+    if (!existsSync(dir))
+        return null;
+    const files = readdirSync(dir).filter((f) => f.endsWith('.ndjson'));
+    if (files.length === 0)
+        return null;
+    files.sort((a, b) => statSync(join(dir, b)).mtimeMs - statSync(join(dir, a)).mtimeMs);
+    return files[0].replace(/\.ndjson$/, '');
+}

package/dist/redact.js ADDED Viewed

@@ -0,0 +1,19 @@
+const MASK = '‹redacted›'; // ‹redacted›
+// Assignment of a secret-ish-named var: KEY=..., TOKEN: "...", etc.
+const ASSIGN = /\b([A-Z0-9_]*(?:KEY|TOKEN|SECRET|PASSWORD|PASSWD|CREDENTIAL)[A-Z0-9_]*)\s*[:=]\s*("?)([^\s"']+)\2/g;
+// Standalone secret shapes.
+const SHAPES = [
+    /\bBearer\s+[A-Za-z0-9._\-]+/g,
+    /\bsk-[A-Za-z0-9]{16,}/g,
+    /\bghp_[A-Za-z0-9]{20,}/g,
+    /\bgithub_pat_[A-Za-z0-9_]{20,}/g,
+    /\bAKIA[0-9A-Z]{16}\b/g,
+    /\beyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+/g, // JWT
+];
+/** Mask secrets before anything is written to disk or shared. */
+export function redact(input) {
+    let out = input.replace(ASSIGN, (_m, key) => `${key}=${MASK}`);
+    for (const re of SHAPES)
+        out = out.replace(re, MASK);
+    return out;
+}

package/dist/render.js ADDED Viewed

@@ -0,0 +1,45 @@
+const PLASMA = '#34e0ff';
+function esc(s) {
+    return s.replace(/[&<>"']/g, (c) => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c]));
+}
+function dot(kind) {
+    return kind === 'tool' ? PLASMA : kind === 'prompt' ? '#8b95a7' : '#5f6b80';
+}
+function row(e) {
+    const time = e.at ? esc(e.at.replace('T', ' ').slice(0, 19) + 'Z') : '';
+    return `<li>
+    <span class="dot" style="background:${dot(e.kind)}"></span>
+    <div><span class="lbl">${esc(e.label)}</span> <span class="kind">${esc(e.kind)}</span>
+    ${e.detail ? `<div class="detail">${esc(e.detail)}</div>` : ''}
+    <div class="time">${time}</div></div>
+  </li>`;
+}
+/** Self-contained, redacted-in audit-timeline HTML for one local run. */
+export function renderRunHtml(run) {
+    const events = run.events.map(row).join('\n');
+    return `<!doctype html>
+<html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/>
+<title>SICKR Replay — ${esc(run.id)}</title>
+<style>
+  body{margin:0;background:#06080d;color:#e7ecf3;font-family:Sora,system-ui,Arial,sans-serif;padding:40px 20px}
+  .wrap{max-width:820px;margin:0 auto}
+  .brand{font-family:"Chakra Petch",sans-serif;color:${PLASMA};letter-spacing:.04em;font-weight:700}
+  .meta{font-family:"JetBrains Mono",ui-monospace,monospace;font-size:12px;color:#5f6b80;margin:6px 0 28px}
+  ol{list-style:none;margin:0;padding:0;position:relative}
+  ol::before{content:"";position:absolute;left:6px;top:6px;bottom:6px;width:1px;background:linear-gradient(${PLASMA},transparent)}
+  li{position:relative;padding:0 0 18px 28px}
+  .dot{position:absolute;left:0;top:3px;width:13px;height:13px;border-radius:50%}
+  .lbl{font-family:"Chakra Petch",sans-serif;font-weight:600;color:#fff}
+  .kind{font-family:"JetBrains Mono",monospace;font-size:10px;text-transform:uppercase;letter-spacing:.12em;color:${PLASMA};margin-left:6px}
+  .detail{font-family:"JetBrains Mono",monospace;font-size:12.5px;color:#cdd5e1;margin-top:4px;white-space:pre-wrap;word-break:break-word}
+  .time{font-family:"JetBrains Mono",monospace;font-size:11px;color:#5f6b80;margin-top:3px}
+  .cta{margin-top:36px;border-top:1px solid #1b2435;padding-top:20px;font-size:14px;color:#8b95a7}
+  .cta a{color:${PLASMA};text-decoration:none}
+</style></head>
+<body><div class="wrap">
+  <div class="brand">sickr</div>
+  <div class="meta">replay · ${esc(run.id)} · ${esc(run.cwd || '')} · ${run.events.length} events</div>
+  <ol>${events}</ol>
+  <div class="cta">This is one local agent run. Govern your whole team — gates, approvals, multi-agent, full audit → <a href="https://sickr.ai">sickr.ai</a></div>
+</div></body></html>`;
+}

package/dist/share.js ADDED Viewed

@@ -0,0 +1,14 @@
+/** Strip the local id; events are already redacted at capture time. */
+export function buildSharePayload(run) {
+    return { run: { cwd: run.cwd, startedAt: run.startedAt, events: run.events } };
+}
+export async function publish(payload, endpoint) {
+    const res = await fetch(endpoint, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(payload),
+    });
+    if (!res.ok)
+        throw new Error(`publish failed: ${res.status}`);
+    return (await res.json());
+}

package/package.json ADDED Viewed

@@ -0,0 +1,21 @@
+{
+  "name": "@sickr/replay",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "npx @sickr/replay — local Claude Code audit + one-click share. The free wedge into SICKR.",
+  "bin": { "replay": "dist/cli.js" },
+  "files": ["dist"],
+  "publishConfig": { "access": "public" },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "dev": "tsc -w"
+  },
+  "engines": { "node": ">=20" },
+  "license": "UNLICENSED",
+  "devDependencies": {
+    "@types/node": "^20.14.0",
+    "typescript": "^5.6.2",
+    "vitest": "^2.1.1"
+  }
+}