@simonyea/holysheep-cli 2.1.38 → 2.1.41

package/src/webui/aionui-runtime-fetcher.js

@@ -1,429 +0,0 @@
-/**
- * AionUi runtime resolver
- *
- * Resolution order:
- *   1. ~/.holysheep/aionui-runtime/  (installed / cached) — ONLY if its
- *      version string matches DEFAULT_RUNTIME_VERSION (or
- *      HOLYSHEEP_AIONUI_PIN_VERSION). A mismatch is treated as *stale*: the
- *      cache is atomically replaced with the current version on next launch.
- *   2. <cli>/src/webui/vendor/aionui/  (dev checkout — not shipped to npm,
- *      no version gate)
- *   3. <cli>/../aionui-fork/  (ONLY when `HOLYSHEEP_DEV=1` is set — when you
- *      are actively iterating on the fork and want `bun run build` to take
- *      precedence over any cached runtime). OFF BY DEFAULT so that even
- *      when the CLI is run from the source repo, it behaves exactly like a
- *      user install (user-cache → download). This removed a massive
- *      silent-drift risk: previously a dev commit that broke the fork would
- *      silently ship to developers' `hs web` sessions but not to end users,
- *      so bugs were invisible locally.
- *   4. DEFAULT_RUNTIME_URL + DEFAULT_RUNTIME_SHA256 (baked in; auto-download
- *      when --setup-runtime is passed OR when cache is stale). Users can
- *      override via env.
- *   5. null → caller must show a clear "runtime not installed" error
- *
- * ── Why stale detection exists ──────────────────────────────────────────────
- * Before 2.1.10 the resolver returned the cache as soon as it saw
- * `dist-server/server.mjs` on disk, regardless of which version it was. That
- * meant users who installed hs web back when hs0/hs1 was the baked-in default
- * kept running that exact build forever — every subsequent release (hs2
- * rebrand, hs3 link fixes, hs5 OpenClaw model selector + HolySheep CLI card)
- * silently did nothing on their machines, because their ~/.holysheep/…
- * directory already "looked valid." This file now compares the cached
- * package.json version against DEFAULT_RUNTIME_VERSION and upgrades in place
- * via an atomic rename flow (stage → backup old → swap → drop backup).
- *
- * ── Atomic upgrade safety ───────────────────────────────────────────────────
- * 1. Download tarball to `${USER_CACHE_DIR}.staging-${ts}` and verify SHA256.
- * 2. Rename existing `USER_CACHE_DIR` → `${USER_CACHE_DIR}.bak-${ts}` (fast).
- * 3. Rename staging dir → `USER_CACHE_DIR` (fast).
- * 4. rm -rf the backup.
- * Any failure before step 3 leaves the old cache untouched. A failure between
- * step 2 and 3 is auto-restored from the backup. The user never ends up with
- * no runtime at all.
- */
-
-'use strict'
-
-const fs = require('fs')
-const path = require('path')
-const os = require('os')
-const crypto = require('crypto')
-const https = require('https')
-const http = require('http')
-
-const USER_CACHE_DIR = path.join(os.homedir(), '.holysheep', 'aionui-runtime')
-const VENDOR_DIR = path.join(__dirname, 'vendor', 'aionui')
-
-// Baked-in defaults — updated with every release that bumps the runtime bundle.
-// Override at runtime via HOLYSHEEP_AIONUI_RUNTIME_URL / HOLYSHEEP_AIONUI_RUNTIME_SHA256
-// / HOLYSHEEP_AIONUI_PIN_VERSION. When DEFAULT_RUNTIME_VERSION changes in a
-// new CLI release, the next `hs web` invocation on user machines will detect
-// the version drift and upgrade the cache in place.
-const DEFAULT_RUNTIME_URL =
-  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs26.tar.gz'
-const DEFAULT_RUNTIME_SHA256 =
-  'e0502f21376d21b3797c51a3d932970c5a86e29076cadf3eeb2939941abb47ed'
-const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs26'
-
-function isValidRuntimeDir(dir) {
-  if (!dir) return false
-  try {
-    return (
-      fs.existsSync(path.join(dir, 'dist-server', 'server.mjs')) &&
-      fs.existsSync(path.join(dir, 'out', 'renderer', 'index.html'))
-    )
-  } catch {
-    return false
-  }
-}
-
-/**
- * Read the version of a runtime directory.
- *
- * Order:
- *   1. `.holysheep-runtime-version` (flat text file we stamp after a
- *      successful download/upgrade — guaranteed to match what the fetcher
- *      pulled, regardless of whether the tarball itself shipped a
- *      package.json). This is the file future `isVersionCurrent` comparisons
- *      rely on; without it, every subsequent `hs web` would mis-detect the
- *      fresh cache as stale and re-download forever.
- *   2. `package.json` `version` field (legacy — the hs0/hs1 tarballs did
- *      include one with `1.9.18-holysheep`). Kept for backwards compat.
- *   3. 'unknown' — treated as NOT current, so the fetcher will upgrade.
- */
-function readVersion(dir) {
-  try {
-    const stamp = path.join(dir, '.holysheep-runtime-version')
-    if (fs.existsSync(stamp)) {
-      // .trim() is REQUIRED. writeVersionStamp() appends '\n', and a human
-      // doing manual recovery might have used `echo foo > file` (writes
-      // 'foo\n') or `echo -n foo > file` (writes 'foo' but on bash `echo`
-      // builtins that don't recognize -n you get '-n foo\n'). Trimming
-      // whitespace makes all these shapes compare equal — without it,
-      // isVersionCurrent() returned false on a freshly-stamped cache and
-      // looped into auto-upgrade. DO NOT remove this .trim().
-      const v = fs.readFileSync(stamp, 'utf8').trim()
-      if (v) return v
-    }
-  } catch {}
-  try {
-    const pkgPath = path.join(dir, 'package.json')
-    if (fs.existsSync(pkgPath)) {
-      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'))
-      return pkg.version || 'unknown'
-    }
-  } catch {}
-  return 'unknown'
-}
-
-/**
- * Stamp the runtime directory with the version we just installed so that
- * readVersion() returns the right answer on subsequent launches. Fails
- * silently — a missing stamp only means the _next_ launch will re-download,
- * which is annoying but not dangerous.
- */
-function writeVersionStamp(dir, version) {
-  try {
-    fs.writeFileSync(path.join(dir, '.holysheep-runtime-version'), version + '\n', 'utf8')
-  } catch {}
-}
-
-/**
- * Strict string equality against the expected version.
- *
- * We intentionally do not parse semver ranges — runtime releases are tagged
- * explicitly (hs5, hs6, …) and every CLI release pins exactly one expected
- * string. This keeps the upgrade decision a boolean, not a version-math
- * guessing game.
- *
- * Priority:
- *   1. HOLYSHEEP_AIONUI_PIN_VERSION   (user opted-in lock)
- *   2. DEFAULT_RUNTIME_VERSION         (baked into this CLI release)
- */
-function expectedVersion() {
-  return process.env.HOLYSHEEP_AIONUI_PIN_VERSION || DEFAULT_RUNTIME_VERSION
-}
-
-function isVersionCurrent(dir) {
-  return readVersion(dir) === expectedVersion()
-}
-
-/**
- * Resolve an AionUi runtime directory.
- *
- * @param {object}  opts
- * @param {boolean} opts.allowDownload - if true, will attempt to download
- *   the runtime when no local cache exists, OR when the local cache is
- *   stale (version mismatch). Stale-upgrade is suppressed when the env var
- *   `HOLYSHEEP_AIONUI_SKIP_UPGRADE=1` is set, in which case the stale cache
- *   is returned as-is with `source: 'user-cache-stale'`.
- * @param {(msg:string)=>void} opts.logger
- *
- * @returns {{ dir: string, version: string,
- *             source: 'user-cache'|'user-cache-stale'|'vendor'|'aionui-fork'|'download'|'download-upgrade'
- *           } | null}
- */
-async function resolveRuntime({ allowDownload = false, logger = () => {} } = {}) {
-  // 1. User cache (installed runtime)
-  if (isValidRuntimeDir(USER_CACHE_DIR)) {
-    const ver = readVersion(USER_CACHE_DIR)
-    if (isVersionCurrent(USER_CACHE_DIR)) {
-      return { dir: USER_CACHE_DIR, version: ver, source: 'user-cache' }
-    }
-
-    // Stale. Decide whether to upgrade in place.
-    const skipUpgrade = process.env.HOLYSHEEP_AIONUI_SKIP_UPGRADE === '1'
-    if (allowDownload && !skipUpgrade) {
-      logger(`runtime cache is out of date (found ${ver}, expected ${expectedVersion()}) — upgrading...`)
-      try {
-        await performAtomicUpgrade(USER_CACHE_DIR, logger)
-        return {
-          dir: USER_CACHE_DIR,
-          version: readVersion(USER_CACHE_DIR) || expectedVersion(),
-          source: 'download-upgrade',
-        }
-      } catch (e) {
-        logger(`runtime upgrade failed: ${e.message}`)
-        // Fall through: return stale cache as a degraded-but-usable state
-        // so the user still gets _some_ WebUI rather than a hard error.
-        return { dir: USER_CACHE_DIR, version: ver, source: 'user-cache-stale' }
-      }
-    }
-    // No upgrade allowed/desired → return stale
-    return { dir: USER_CACHE_DIR, version: ver, source: 'user-cache-stale' }
-  }
-
-  // 2. Dev vendor checkout (bundled for darwin-arm64 dev rigs — not in npm).
-  // No version gate: a dev checkout is assumed current by construction.
-  if (isValidRuntimeDir(VENDOR_DIR)) {
-    return { dir: VENDOR_DIR, version: readVersion(VENDOR_DIR), source: 'vendor' }
-  }
-
-  // 3. Dev repo aionui-fork/ — GATED BEHIND HOLYSHEEP_DEV=1. See resolver
-  // header docstring (order step 3) for rationale. Users (even devs running
-  // from the repo checkout) go through user-cache → download, so the
-  // production behavior is always what they see locally.
-  if (process.env.HOLYSHEEP_DEV === '1') {
-    const forkDir = path.resolve(__dirname, '..', '..', 'aionui-fork')
-    if (isValidRuntimeDir(forkDir)) {
-      return { dir: forkDir, version: readVersion(forkDir), source: 'dev-checkout' }
-    }
-  }
-
-  // 4. Fresh install — download from env override OR baked-in default
-  if (allowDownload) {
-    const url = process.env.HOLYSHEEP_AIONUI_RUNTIME_URL || DEFAULT_RUNTIME_URL
-    const expectedSha = process.env.HOLYSHEEP_AIONUI_RUNTIME_SHA256 || DEFAULT_RUNTIME_SHA256
-    try {
-      fs.mkdirSync(USER_CACHE_DIR, { recursive: true })
-      await downloadAndExtract(url, USER_CACHE_DIR, expectedSha, logger)
-      if (isValidRuntimeDir(USER_CACHE_DIR)) {
-        // Stamp the version so subsequent launches don't re-detect as stale
-        // (hs5+ tarballs ship no root package.json).
-        writeVersionStamp(USER_CACHE_DIR, expectedVersion())
-        return {
-          dir: USER_CACHE_DIR,
-          version: readVersion(USER_CACHE_DIR) || DEFAULT_RUNTIME_VERSION,
-          source: 'download',
-        }
-      }
-      logger('HolySheep runtime downloaded but directory structure invalid')
-    } catch (e) {
-      logger(`HolySheep runtime download failed: ${e.message}`)
-    }
-  }
-
-  return null
-}
-
-/**
- * Atomically replace the runtime at `targetDir` with a freshly downloaded
- * copy. Safe against mid-operation failure: the old cache is preserved
- * either in place (if download/verify fails) or as a `.bak-*` directory
- * (if we crash between backup and swap).
- *
- * Implementation:
- *   a) Download + extract to `${targetDir}.staging-${ts}`, verify SHA256.
- *   b) `mv targetDir → ${targetDir}.bak-${ts}`  (atomic, same filesystem)
- *   c) `mv stagingDir → targetDir`              (atomic, same filesystem)
- *   d) `rm -rf ${targetDir}.bak-${ts}` on success.
- *   e) On any failure in (b)→(c), try to restore from the `.bak-*` path.
- */
-async function performAtomicUpgrade(targetDir, logger) {
-  const url = process.env.HOLYSHEEP_AIONUI_RUNTIME_URL || DEFAULT_RUNTIME_URL
-  const expectedSha = process.env.HOLYSHEEP_AIONUI_RUNTIME_SHA256 || DEFAULT_RUNTIME_SHA256
-  const ts = Date.now()
-  const stagingDir = `${targetDir}.staging-${ts}`
-  const backupDir = `${targetDir}.bak-${ts}`
-
-  // (a) Download + extract + verify into an isolated staging dir.
-  fs.mkdirSync(stagingDir, { recursive: true })
-  try {
-    await downloadAndExtract(url, stagingDir, expectedSha, logger)
-  } catch (e) {
-    try { rmrf(stagingDir) } catch {}
-    throw e
-  }
-  if (!isValidRuntimeDir(stagingDir)) {
-    try { rmrf(stagingDir) } catch {}
-    throw new Error('staged runtime failed structure validation')
-  }
-
-  // (b) Back up the old cache, if any.
-  let backedUp = false
-  if (fs.existsSync(targetDir)) {
-    try {
-      fs.renameSync(targetDir, backupDir)
-      backedUp = true
-    } catch (e) {
-      try { rmrf(stagingDir) } catch {}
-      throw new Error(`failed to back up old runtime: ${e.message}`)
-    }
-  }
-
-  // (c) Move staging into place.
-  try {
-    fs.renameSync(stagingDir, targetDir)
-  } catch (e) {
-    // Try to restore the backup so the user isn't left runtime-less.
-    if (backedUp) {
-      try { fs.renameSync(backupDir, targetDir) } catch {}
-    }
-    try { rmrf(stagingDir) } catch {}
-    throw new Error(`failed to swap in new runtime: ${e.message}`)
-  }
-
-  // (d) Stamp the version. hs5+ tarballs do NOT include a root package.json,
-  // so without this stamp readVersion() would fall back to 'unknown' and the
-  // very next `hs web` would re-enter the stale-upgrade branch and download
-  // again. See readVersion() docstring above.
-  writeVersionStamp(targetDir, expectedVersion())
-
-  // (e) Success — drop the backup.
-  if (backedUp) {
-    try { rmrf(backupDir) } catch (e) {
-      logger(`warning: could not remove old runtime backup at ${backupDir}: ${e.message}`)
-    }
-  }
-}
-
-function rmrf(p) {
-  // fs.rmSync landed in Node 14.14, which is well below our floor.
-  fs.rmSync(p, { recursive: true, force: true })
-}
-
-/**
- * Download a tar.gz from url, verify optional SHA256, extract into destDir.
- * Uses only Node built-ins (https + tar via exec) — zero new deps.
- */
-function downloadAndExtract(url, destDir, expectedSha, logger) {
-  return new Promise((resolve, reject) => {
-    const tmpFile = path.join(os.tmpdir(), `aionui-runtime-${Date.now()}.tar.gz`)
-    logger(`Downloading HolySheep runtime from ${url}`)
-
-    const client = url.startsWith('https:') ? https : http
-    const file = fs.createWriteStream(tmpFile)
-    const hasher = crypto.createHash('sha256')
-    let totalBytes = 0
-
-    const req = client.get(url, (res) => {
-      // Follow redirects (GitHub Releases → S3 CDN)
-      if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-        file.close()
-        try { fs.unlinkSync(tmpFile) } catch {}
-        return resolve(downloadAndExtract(res.headers.location, destDir, expectedSha, logger))
-      }
-      if (res.statusCode !== 200) {
-        file.close()
-        try { fs.unlinkSync(tmpFile) } catch {}
-        return reject(new Error(`HTTP ${res.statusCode} from ${url}`))
-      }
-      res.on('data', (chunk) => {
-        hasher.update(chunk)
-        totalBytes += chunk.length
-      })
-      res.pipe(file)
-      file.on('finish', () => {
-        file.close(() => {
-          const actualSha = hasher.digest('hex')
-          if (expectedSha && expectedSha.toLowerCase() !== actualSha.toLowerCase()) {
-            try { fs.unlinkSync(tmpFile) } catch {}
-            return reject(new Error(`SHA256 mismatch: expected ${expectedSha}, got ${actualSha}`))
-          }
-          logger(`Downloaded ${(totalBytes / 1024 / 1024).toFixed(1)} MB, sha256=${actualSha.slice(0, 12)}…`)
-          try {
-            fs.mkdirSync(destDir, { recursive: true })
-            const { execSync } = require('child_process')
-            execSync(`tar -xzf "${tmpFile}" -C "${destDir}" --strip-components=0`, { stdio: 'ignore' })
-            try { fs.unlinkSync(tmpFile) } catch {}
-            // Post-extract sanity: hs4 once shipped a tarball that only
-            // contained dist-server/ — the WebUI launched but every
-            // renderer-side feature silently did nothing. Fail loudly here so
-            // the user gets a clear error instead of a half-broken UI.
-            const serverMjs = path.join(destDir, 'dist-server', 'server.mjs')
-            const rendererIndex = path.join(destDir, 'out', 'renderer', 'index.html')
-            const missing = []
-            if (!fs.existsSync(serverMjs)) missing.push('dist-server/server.mjs')
-            if (!fs.existsSync(rendererIndex)) missing.push('out/renderer/index.html')
-            if (missing.length) {
-              return reject(new Error(
-                `Runtime tarball is missing required files: ${missing.join(', ')}.\n` +
-                `This runtime cannot launch the WebUI. Check HOLYSHEEP_AIONUI_RUNTIME_URL ` +
-                `or report the broken URL (${url}).`
-              ))
-            }
-            resolve()
-          } catch (e) {
-            try { fs.unlinkSync(tmpFile) } catch {}
-            reject(new Error(`extract failed: ${e.message}`))
-          }
-        })
-      })
-    })
-
-    req.on('error', (e) => {
-      file.close()
-      try { fs.unlinkSync(tmpFile) } catch {}
-      reject(e)
-    })
-    req.setTimeout(120_000, () => {
-      req.destroy(new Error('download timeout (120s)'))
-    })
-  })
-}
-
-function describeInstallGuidance() {
-  return [
-    'HolySheep runtime not installed. Fastest way to get started:',
-    '',
-    '  One command (downloads the prebuilt 21 MB runtime):',
-    '    hs web --setup-runtime',
-    '',
-    '  Manual install via env overrides:',
-    `    export HOLYSHEEP_AIONUI_RUNTIME_URL=${DEFAULT_RUNTIME_URL}`,
-    `    export HOLYSHEEP_AIONUI_RUNTIME_SHA256=${DEFAULT_RUNTIME_SHA256}`,
-    '    hs web --setup-runtime',
-    '',
-    '  Force a fresh runtime download even if cache exists:',
-    `    rm -rf ${USER_CACHE_DIR} && hs web`,
-    '',
-    '  Or fall back to the legacy HolySheep Workspace:',
-    '    HOLYSHEEP_WEBUI_LEGACY=1 hs web',
-  ].join('\n')
-}
-
-module.exports = {
-  USER_CACHE_DIR,
-  VENDOR_DIR,
-  DEFAULT_RUNTIME_URL,
-  DEFAULT_RUNTIME_SHA256,
-  DEFAULT_RUNTIME_VERSION,
-  expectedVersion,
-  isVersionCurrent,
-  isValidRuntimeDir,
-  readVersion,
-  writeVersionStamp,
-  resolveRuntime,
-  performAtomicUpgrade,
-  describeInstallGuidance,
-}

package/src/webui/aionui-runtime.js

@@ -1,139 +0,0 @@
-'use strict'
-
-const fs = require('fs')
-const path = require('path')
-const os = require('os')
-const http = require('http')
-const { execSync, spawn } = require('child_process')
-
-function resolveBunPath() {
-  const bundledBun = path.join(__dirname, 'vendor', 'bun-darwin-arm64')
-  if (process.platform === 'darwin' && process.arch === 'arm64' && fs.existsSync(bundledBun)) {
-    return bundledBun
-  }
-  if (process.env.BUN && fs.existsSync(process.env.BUN)) return process.env.BUN
-  const isWindows = process.platform === 'win32'
-  try {
-    const cmd = isWindows ? 'where.exe bun' : 'which bun'
-    const raw = execSync(cmd, {
-      stdio: ['ignore', 'pipe', 'ignore'],
-      encoding: 'utf8',
-      timeout: 2000,
-    })
-    const candidates = String(raw).split(/\r?\n/).map((s) => s.trim()).filter(Boolean)
-    for (const p of candidates) {
-      if (fs.existsSync(p)) return p
-    }
-  } catch {}
-  // ~/.bun/bin fallback — canonical location of bun's official installer.
-  // Catches "installed bun but didn't reopen terminal" without needing PATH refresh.
-  const home = process.env.HOME || process.env.USERPROFILE || os.homedir()
-  if (home) {
-    const name = isWindows ? 'bun.exe' : 'bun'
-    const homeBun = path.join(home, '.bun', 'bin', name)
-    if (fs.existsSync(homeBun)) return homeBun
-  }
-  return null
-}
-
-function getRuntimeCandidates() {
-  const home = os.homedir()
-  return [
-    path.join(__dirname, 'vendor', 'aionui'),
-    process.env.HOLYSHEEP_AIONUI_DIR,
-    path.join(home, 'AionUi'),
-    path.join(home, 'Projects', 'AionUi'),
-    path.join(__dirname, '..', '..', 'vendor', 'aionui'),
-  ].filter(Boolean)
-}
-
-function isValidRuntimeDir(dir) {
-  if (!dir) return false
-  return fs.existsSync(path.join(dir, 'dist-server', 'server.mjs')) &&
-    fs.existsSync(path.join(dir, 'out', 'renderer', 'index.html'))
-}
-
-function resolveAionUiRuntimeDir() {
-  return getRuntimeCandidates().find(isValidRuntimeDir) || null
-}
-
-function waitForReady(port, timeoutMs = 15000) {
-  const startedAt = Date.now()
-  return new Promise((resolve, reject) => {
-    const tick = () => {
-      const req = http.get({
-        hostname: '127.0.0.1',
-        port,
-        path: '/',
-        family: 4,
-        timeout: 1500,
-      }, (res) => {
-        res.resume()
-        if (res.statusCode && res.statusCode < 500) {
-          resolve(true)
-          return
-        }
-        retry()
-      })
-
-      req.on('timeout', () => {
-        req.destroy()
-        retry()
-      })
-      req.on('error', retry)
-    }
-
-    const retry = () => {
-      if (Date.now() - startedAt >= timeoutMs) {
-        reject(new Error('HolySheep runtime did not become ready in time'))
-        return
-      }
-      setTimeout(tick, 500)
-    }
-
-    tick()
-  })
-}
-
-async function startAionUiRuntime(port) {
-  const runtimeDir = resolveAionUiRuntimeDir()
-  if (!runtimeDir) {
-    throw new Error(
-      'HolySheep runtime not bundled in this build — set HOLYSHEEP_WEBUI_AIONUI=1 with a local vendor/ directory to enable'
-    )
-  }
-
-  const bunPath = resolveBunPath()
-  if (!bunPath) {
-    throw new Error('bun is required to start the HolySheep runtime (install: https://bun.sh)')
-  }
-
-  const child = spawn(bunPath, ['dist-server/server.mjs'], {
-    cwd: runtimeDir,
-    env: {
-      ...process.env,
-      PORT: String(port),
-      NODE_ENV: 'production',
-    },
-    stdio: 'inherit',
-  })
-
-  try {
-    await waitForReady(port)
-  } catch (error) {
-    child.kill('SIGTERM')
-    throw error
-  }
-
-  return {
-    child,
-    runtimeDir,
-    bunPath,
-    mode: 'aionui',
-  }
-}
-
-module.exports = {
-  resolveAionUiRuntimeDir,
-  startAionUiRuntime,
-}