@supercakex/davnote 0.1.0

package/bin/davnote.js

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+
+import { createRequire } from "node:module";
+import { App } from "../src/app.js";
+
+const require = createRequire(import.meta.url);
+const packageJson = require("../package.json");
+
+const app = new App({
+  stdin: process.stdin,
+  stdout: process.stdout,
+  stderr: process.stderr,
+  version: packageJson.version,
+});
+
+process.exitCode = await app.run(process.argv.slice(2));

package/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "@supercakex/davnote",
+  "version": "0.1.0",
+  "description": "Send explicitly selected Markdown notes to configured WebDAV storage.",
+  "type": "module",
+  "bin": {
+    "davnote": "./bin/davnote.js"
+  },
+  "files": [
+    "bin",
+    "src"
+  ],
+  "scripts": {
+    "test": "node --test",
+    "check": "node --check bin/davnote.js && node --check src/*.js"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "license": "MIT"
+}

package/src/app.js

@@ -0,0 +1,663 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import {
+  DEFAULT_MAX_FILE_SIZE,
+  defaultConfigPath,
+  emptyConfig,
+  legacyConfigPath,
+  loadConfig,
+  permissionWarning,
+  saveConfig,
+  validateProfileName,
+} from "./config.js";
+import { DavnoteError, errorCode, errorMessage, exitCode } from "./errors.js";
+import { confirm, isInteractive, readLine, readSecret } from "./prompt.js";
+import { validateFile, validateRemoteName } from "./safety.js";
+import { installerPrefix, installerSuffix, skillBody } from "./skill.js";
+import { joinRemote, remoteParent, WebDAVClient } from "./webdav.js";
+
+export class App {
+  constructor(options = {}) {
+    this.stdin = options.stdin ?? process.stdin;
+    this.stdout = options.stdout ?? process.stdout;
+    this.stderr = options.stderr ?? process.stderr;
+    this.version = options.version ?? "dev";
+    this.configPath = options.configPath ?? defaultConfigPath();
+    this.legacyConfigPath =
+      options.legacyConfigPath ?? (options.configPath ? "" : legacyConfigPath());
+    this.isTTY = options.isTTY ?? (() => isInteractive(this.stdin, this.stdout));
+    this.createClient =
+      options.createClient ??
+      ((url, username, password) => new WebDAVClient(url, username, password));
+    this.prompts = options.prompts ?? { readLine, readSecret, confirm };
+  }
+
+  async run(args) {
+    if (args.length === 0) {
+      this.printHelp();
+      return 2;
+    }
+    if (args[0] === "--version" || args[0] === "version") {
+      this.writeOut(`${this.version}\n`);
+      return 0;
+    }
+    switch (args[0]) {
+      case "help":
+      case "-h":
+      case "--help":
+        this.printHelp();
+        return 0;
+      case "setup":
+        return this.setup(args.slice(1));
+      case "push":
+        return this.push(args.slice(1));
+      case "profile":
+        return this.profile(args.slice(1));
+      case "config":
+        return this.configCommand(args.slice(1));
+      case "skill":
+        return this.skill(args.slice(1));
+      case "doctor":
+        return this.doctor(args.slice(1));
+      default:
+        return this.fail(false, "INVALID_ARGUMENT", `unknown command: ${args[0]}`);
+    }
+  }
+
+  async setup(args) {
+    if (args.length > 0) {
+      return this.fail(false, "INVALID_ARGUMENT", "setup does not accept arguments");
+    }
+    if (!this.isTTY()) {
+      return this.fail(false, "INTERACTIVE_REQUIRED", "setup must be run in an interactive terminal");
+    }
+    let config;
+    try {
+      config = await this.loadConfiguration();
+    } catch (error) {
+      if (errorCode(error) === "CONFIG_NOT_FOUND") config = emptyConfig();
+      else return this.fail(false, errorCode(error, "CONFIG_INVALID"), errorMessage(error));
+    }
+    try {
+      let name = await this.prompts.readLine(this.stdin, this.stdout, "Profile name [personal]: ");
+      if (!name) name = "personal";
+      validateProfileName(name);
+      const profile = await this.promptProfile(defaultProfile(), true);
+      const client = this.createClient(profile.webdavUrl, profile.username, profile.password);
+      this.writeOut("Testing WebDAV connection and ensuring remote root...\n");
+      await client.test(profile.remoteRoot, true);
+      config.profiles[name] = profile;
+      config.defaultProfile = name;
+      await saveConfig(this.configPath, config);
+      this.writeOut(`Profile "${name}" saved to ${this.configPath}\n`);
+      return 0;
+    } catch (error) {
+      return this.fail(false, errorCode(error, "INPUT_ERROR"), errorMessage(error));
+    }
+  }
+
+  async promptProfile(existing, includePermissions) {
+    const profile = structuredClone(existing);
+    profile.webdavUrl = await this.promptDefault("WebDAV URL", profile.webdavUrl);
+    new WebDAVClient(profile.webdavUrl, "", "");
+    profile.username = await this.promptDefault("Username", profile.username);
+    const password = await this.prompts.readSecret(this.stdin, this.stdout, "Password: ");
+    if (password) profile.password = password;
+    profile.remoteRoot = await this.promptDefault("Remote root", profile.remoteRoot || "/Inbox");
+    profile.maxFileSize ||= DEFAULT_MAX_FILE_SIZE;
+    if (includePermissions) {
+      profile.permissions.allowOverwrite = await this.prompts.confirm(
+        this.stdin,
+        this.stdout,
+        "Allow overwriting existing remote files?",
+        false,
+      );
+    }
+    return profile;
+  }
+
+  async push(args) {
+    let options;
+    try {
+      options = parsePushArgs(args);
+    } catch (error) {
+      return this.fail(args.includes("--json"), "INVALID_ARGUMENT", error.message);
+    }
+    let config;
+    try {
+      config = await this.loadConfiguration();
+    } catch (error) {
+      return this.configFailure(options.json, error);
+    }
+    const profileName = options.profile || config.defaultProfile;
+    const profile = config.profiles[profileName];
+    if (!profile) return this.fail(options.json, "PROFILE_NOT_FOUND", "profile does not exist");
+    if (options.conflict === "overwrite" && !profile.permissions.allowOverwrite) {
+      return this.fail(
+        options.json,
+        "OVERWRITE_NOT_ALLOWED",
+        "overwrite is disabled by profile configuration",
+      );
+    }
+    try {
+      if (options.remoteName) {
+        if (options.files.length !== 1) {
+          throw new DavnoteError(
+            "INVALID_ARGUMENT",
+            "--remote-name requires exactly one file",
+          );
+        }
+        validateRemoteName(options.remoteName);
+      }
+      const client = this.createClient(profile.webdavUrl, profile.username, profile.password);
+      const results = [];
+      for (const file of options.files) {
+        results.push(await this.pushOne(client, profileName, profile, file, options));
+      }
+      const output = { ok: results.every((item) => item.ok), results };
+      if (options.json) {
+        this.writeOut(`${JSON.stringify(output)}\n`);
+      } else {
+        for (const item of results) {
+          if (item.ok) {
+            this.writeOut(
+              `${item.dry_run ? "Would upload" : "Uploaded"} ${item.local_path} -> ${item.remote_path}\n`,
+            );
+          } else {
+            this.writeErr(`${item.local_path}: ${item.message} (${item.code})\n`);
+          }
+        }
+      }
+      return output.ok ? 0 : 1;
+    } catch (error) {
+      return this.fail(options.json, errorCode(error), errorMessage(error));
+    }
+  }
+
+  async pushOne(client, profileName, profile, input, options) {
+    let local;
+    try {
+      local = await validateFile(input, profile.maxFileSize);
+    } catch (error) {
+      return {
+        ok: false,
+        code: errorCode(error),
+        message: errorMessage(error),
+        local_path: path.resolve(input),
+        profile: profileName,
+      };
+    }
+    const remotePath = joinRemote(
+      profile.remoteRoot,
+      options.remoteName || local.relativePath,
+    );
+    const result = {
+      ok: false,
+      local_path: local.path,
+      remote_path: remotePath,
+      bytes: local.size,
+      profile: profileName,
+    };
+    if (options.dryRun) result.dry_run = true;
+    try {
+      const exists = await client.exists(remotePath);
+      if (exists && options.conflict !== "overwrite") {
+        return {
+          ...result,
+          code: "REMOTE_FILE_EXISTS",
+          message: "a remote file already exists at the target path",
+          allowed_actions: allowedActions(profile),
+        };
+      }
+      if (options.dryRun) return { ...result, ok: true };
+      const data = await fs.readFile(local.path);
+      await client.ensureCollection(remoteParent(remotePath));
+      await client.put(remotePath, data);
+      return { ...result, ok: true };
+    } catch (error) {
+      return { ...result, code: errorCode(error), message: errorMessage(error) };
+    }
+  }
+
+  async profile(args) {
+    if (args.length === 0) {
+      return this.fail(false, "INVALID_ARGUMENT", "profile subcommand is required");
+    }
+    const json = args.includes("--json");
+    let config;
+    try {
+      config = await this.loadConfiguration();
+    } catch (error) {
+      if (args[0] === "add" && errorCode(error) === "CONFIG_NOT_FOUND") config = emptyConfig();
+      else return this.configFailure(json, error);
+    }
+
+    switch (args[0]) {
+      case "list": {
+        const profiles = Object.keys(config.profiles).sort();
+        if (json) {
+          this.writeOut(`${JSON.stringify({ ok: true, default_profile: config.defaultProfile, profiles })}\n`);
+        } else {
+          for (const name of profiles) {
+            this.writeOut(`${name === config.defaultProfile ? "*" : " "} ${name}\n`);
+          }
+        }
+        return 0;
+      }
+      case "show": {
+        const name = positional(args.slice(1))[0] || config.defaultProfile;
+        const profile = config.profiles[name];
+        if (!profile) return this.fail(json, "PROFILE_NOT_FOUND", "profile does not exist");
+        const view = profileView(name, profile);
+        if (json) this.writeOut(`${JSON.stringify({ ok: true, profile: view })}\n`);
+        else {
+          this.writeOut(
+            `name: ${name}\nwebdav_url: ${sanitizeUrl(profile.webdavUrl)}\nusername: ${profile.username}\nremote_root: ${profile.remoteRoot}\nallow_overwrite: ${profile.permissions.allowOverwrite}\n`,
+          );
+        }
+        return 0;
+      }
+      case "add":
+        return this.profileAdd(config, args.slice(1));
+      case "edit":
+        return this.profileEdit(config, args.slice(1), false);
+      case "credentials":
+        return this.profileEdit(config, args.slice(1), true);
+      case "remove":
+        return this.profileRemove(config, args.slice(1));
+      case "default":
+        return this.profileDefault(config, args.slice(1));
+      case "test":
+        return this.profileTest(config, args.slice(1), json);
+      default:
+        return this.fail(json, "INVALID_ARGUMENT", `unknown profile subcommand: ${args[0]}`);
+    }
+  }
+
+  async profileAdd(config, args) {
+    if (!this.isTTY()) {
+      return this.fail(false, "INTERACTIVE_REQUIRED", "profile changes require an interactive terminal");
+    }
+    try {
+      const name = positional(args)[0];
+      validateProfileName(name);
+      if (config.profiles[name]) throw new DavnoteError("INVALID_ARGUMENT", "profile already exists");
+      config.profiles[name] = await this.promptProfile(defaultProfile(), true);
+      config.defaultProfile ||= name;
+      await saveConfig(this.configPath, config);
+      this.writeOut(`Profile "${name}" added\n`);
+      return 0;
+    } catch (error) {
+      return this.fail(false, errorCode(error, "INPUT_ERROR"), errorMessage(error));
+    }
+  }
+
+  async profileEdit(config, args, credentialsOnly) {
+    if (!this.isTTY()) {
+      return this.fail(false, "INTERACTIVE_REQUIRED", "profile changes require an interactive terminal");
+    }
+    const name = positional(args)[0] || config.defaultProfile;
+    const profile = config.profiles[name];
+    if (!profile) return this.fail(false, "PROFILE_NOT_FOUND", "profile does not exist");
+    try {
+      if (credentialsOnly) {
+        profile.username = await this.promptDefault("Username", profile.username);
+        const password = await this.prompts.readSecret(this.stdin, this.stdout, "New password: ");
+        if (!password) throw new DavnoteError("INVALID_ARGUMENT", "password cannot be empty");
+        profile.password = password;
+      } else {
+        config.profiles[name] = await this.promptProfile(profile, false);
+      }
+      await saveConfig(this.configPath, config);
+      this.writeOut(`Profile "${name}" updated\n`);
+      return 0;
+    } catch (error) {
+      return this.fail(false, errorCode(error, "INPUT_ERROR"), errorMessage(error));
+    }
+  }
+
+  async profileRemove(config, args) {
+    if (!this.isTTY()) {
+      return this.fail(false, "INTERACTIVE_REQUIRED", "profile changes require an interactive terminal");
+    }
+    const name = positional(args)[0];
+    if (!name) return this.fail(false, "INVALID_ARGUMENT", "profile name is required");
+    if (!config.profiles[name]) return this.fail(false, "PROFILE_NOT_FOUND", "profile does not exist");
+    try {
+      const yes = await this.prompts.confirm(this.stdin, this.stdout, `Remove profile "${name}"?`, false);
+      if (!yes) {
+        this.writeOut("Cancelled\n");
+        return 0;
+      }
+      delete config.profiles[name];
+      if (config.defaultProfile === name) {
+        config.defaultProfile = Object.keys(config.profiles)[0] || "";
+      }
+      await saveConfig(this.configPath, config);
+      this.writeOut(`Profile "${name}" removed\n`);
+      return 0;
+    } catch (error) {
+      return this.fail(false, "INPUT_ERROR", errorMessage(error));
+    }
+  }
+
+  async profileDefault(config, args) {
+    if (!this.isTTY()) {
+      return this.fail(false, "INTERACTIVE_REQUIRED", "profile changes require an interactive terminal");
+    }
+    const name = positional(args)[0];
+    if (!config.profiles[name]) return this.fail(false, "PROFILE_NOT_FOUND", "profile does not exist");
+    config.defaultProfile = name;
+    await saveConfig(this.configPath, config);
+    this.writeOut(`Default profile set to "${name}"\n`);
+    return 0;
+  }
+
+  async profileTest(config, args, json) {
+    const name = positional(args)[0] || config.defaultProfile;
+    const profile = config.profiles[name];
+    if (!profile) return this.fail(json, "PROFILE_NOT_FOUND", "profile does not exist");
+    try {
+      const client = this.createClient(profile.webdavUrl, profile.username, profile.password);
+      await client.test(profile.remoteRoot, false);
+      if (json) this.writeOut(`${JSON.stringify({ ok: true, profile: name })}\n`);
+      else this.writeOut(`Profile "${name}" connection succeeded\n`);
+      return 0;
+    } catch (error) {
+      return this.fail(json, errorCode(error), errorMessage(error));
+    }
+  }
+
+  async configCommand(args) {
+    if (args.length === 0) {
+      return this.fail(false, "INVALID_ARGUMENT", "config subcommand is required");
+    }
+    const json = args.includes("--json");
+    if (args[0] === "path") {
+      this.writeOut(`${this.configPath}\n`);
+      return 0;
+    }
+    let config;
+    try {
+      config = await this.loadConfiguration();
+    } catch (error) {
+      return this.configFailure(json, error);
+    }
+    if (args[0] === "show") {
+      const view = configView(config);
+      this.writeOut(`${JSON.stringify(json ? { ok: true, config: view } : view, null, json ? 0 : 2)}\n`);
+      return 0;
+    }
+    if (args[0] === "permissions") {
+      return this.configPermissions(config, args.slice(1));
+    }
+    return this.fail(json, "INVALID_ARGUMENT", `unknown config subcommand: ${args[0]}`);
+  }
+
+  async configPermissions(config, args) {
+    const json = args.includes("--json");
+    if (json || args.includes("--non-interactive") || !this.isTTY()) {
+      return this.fail(json, "INTERACTIVE_REQUIRED", "permission changes require an interactive terminal");
+    }
+    let profileName;
+    try {
+      ({ profile: profileName } = parseProfileOption(args));
+    } catch (error) {
+      return this.fail(false, "INVALID_ARGUMENT", error.message);
+    }
+    profileName ||= config.defaultProfile;
+    const profile = config.profiles[profileName];
+    if (!profile) return this.fail(false, "PROFILE_NOT_FOUND", "profile does not exist");
+    try {
+      const overwrite = await this.prompts.confirm(
+        this.stdin,
+        this.stdout,
+        "Allow overwriting existing remote files?",
+        profile.permissions.allowOverwrite,
+      );
+      if (overwrite && !profile.permissions.allowOverwrite) {
+        const confirmed = await this.prompts.confirm(
+          this.stdin,
+          this.stdout,
+          "This expands remote-write capabilities. Confirm?",
+          false,
+        );
+        if (!confirmed) {
+          this.writeOut("Cancelled\n");
+          return 0;
+        }
+      }
+      profile.permissions.allowOverwrite = overwrite;
+      await saveConfig(this.configPath, config);
+      this.writeOut(`Permissions updated for profile "${profileName}"\n`);
+      return 0;
+    } catch (error) {
+      return this.fail(false, "INPUT_ERROR", errorMessage(error));
+    }
+  }
+
+  skill(args) {
+    if (args.some((arg) => arg !== "--raw")) {
+      return this.fail(false, "INVALID_ARGUMENT", `unknown skill option: ${args.find((arg) => arg !== "--raw")}`);
+    }
+    this.writeOut(args.includes("--raw") ? skillBody : installerPrefix + skillBody + installerSuffix);
+    return 0;
+  }
+
+  async doctor(args) {
+    const json = args.includes("--json");
+    if (args.some((arg) => arg !== "--json")) {
+      return this.fail(json, "INVALID_ARGUMENT", `unknown doctor option: ${args.find((arg) => arg !== "--json")}`);
+    }
+    const checks = [];
+    let config;
+    try {
+      config = await this.loadConfiguration();
+      checks.push({ name: "configuration", ok: true, message: this.configPath });
+      const warning = await permissionWarning(this.configPath);
+      checks.push({
+        name: "configuration_permissions",
+        ok: !warning,
+        message: warning || (process.platform === "win32" ? "managed by Windows ACLs" : "0600"),
+      });
+      for (const [name, profile] of Object.entries(config.profiles)) {
+        try {
+          const client = this.createClient(profile.webdavUrl, profile.username, profile.password);
+          await client.test(profile.remoteRoot, false);
+          checks.push({ name: `webdav:${name}`, ok: true, message: "connection succeeded" });
+        } catch (error) {
+          checks.push({ name: `webdav:${name}`, ok: false, message: errorMessage(error) });
+        }
+      }
+    } catch (error) {
+      checks.push({ name: "configuration", ok: false, message: errorMessage(error) });
+    }
+    const ok = checks.every((check) => check.ok);
+    if (json) this.writeOut(`${JSON.stringify({ ok, checks })}\n`);
+    else {
+      for (const check of checks) {
+        this.writeOut(`[${check.ok ? "OK" : "FAIL"}] ${check.name}: ${check.message}\n`);
+      }
+    }
+    return ok ? 0 : 1;
+  }
+
+  async promptDefault(label, current) {
+    const prompt = current ? `${label} [${current}]: ` : `${label}: `;
+    const value = (await this.prompts.readLine(this.stdin, this.stdout, prompt)) || current;
+    if (!value) throw new Error(`${label.toLowerCase()} is required`);
+    return value;
+  }
+
+  configFailure(json, error) {
+    if (errorCode(error) === "CONFIG_NOT_FOUND") {
+      return this.fail(
+        json,
+        "CONFIG_NOT_FOUND",
+        "configuration not found; run davnote setup in a terminal",
+      );
+    }
+    return this.fail(json, "CONFIG_INVALID", errorMessage(error));
+  }
+
+  fail(json, code, message, allowedActions) {
+    const safeMessage = sanitize(message);
+    if (json) {
+      const result = { ok: false, code, message: safeMessage };
+      if (allowedActions?.length) result.allowed_actions = allowedActions;
+      this.writeOut(`${JSON.stringify(result)}\n`);
+    } else {
+      this.writeErr(`${code}: ${safeMessage}\n`);
+    }
+    return exitCode(code);
+  }
+
+  printHelp() {
+    this.writeOut(`davnote pushes explicitly selected Markdown notes to configured WebDAV storage.
+
+Usage:
+  davnote setup
+  davnote push [options] <file.md> [more.md...]
+  davnote profile <list|add|edit|remove|show|test|default|credentials>
+  davnote config <path|show|permissions>
+  davnote skill [--raw]
+  davnote doctor [--json]
+  davnote version
+
+Run setup and all configuration-changing commands directly in an interactive terminal.
+`);
+  }
+
+  async loadConfiguration() {
+    try {
+      return await loadConfig(this.configPath);
+    } catch (error) {
+      if (errorCode(error) !== "CONFIG_NOT_FOUND" || !this.legacyConfigPath) throw error;
+      let legacy;
+      try {
+        legacy = await loadConfig(this.legacyConfigPath);
+      } catch {
+        throw error;
+      }
+      await saveConfig(this.configPath, legacy);
+      return legacy;
+    }
+  }
+
+  writeOut(value) {
+    this.stdout.write(value);
+  }
+
+  writeErr(value) {
+    this.stderr.write(value);
+  }
+}
+
+function parsePushArgs(args) {
+  const options = {
+    files: [],
+    profile: "",
+    json: false,
+    nonInteractive: false,
+    dryRun: false,
+    conflict: "error",
+    remoteName: "",
+  };
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+    if (arg === "--json") options.json = true;
+    else if (arg === "--non-interactive") options.nonInteractive = true;
+    else if (arg === "--dry-run") options.dryRun = true;
+    else if (["--profile", "--conflict", "--remote-name"].includes(arg)) {
+      if (index + 1 >= args.length) throw new Error(`${arg} requires a value`);
+      const value = args[++index];
+      if (arg === "--profile") options.profile = value;
+      else if (arg === "--conflict") options.conflict = value;
+      else options.remoteName = value;
+    } else if (arg.startsWith("-")) throw new Error(`unknown push option: ${arg}`);
+    else options.files.push(arg);
+  }
+  if (options.files.length === 0) throw new Error("at least one Markdown file is required");
+  if (!["error", "overwrite"].includes(options.conflict)) {
+    throw new Error("--conflict must be error or overwrite");
+  }
+  return options;
+}
+
+function parseProfileOption(args) {
+  let profile = "";
+  const rest = [];
+  for (let index = 0; index < args.length; index += 1) {
+    if (args[index] === "--profile") {
+      if (index + 1 >= args.length) throw new Error("--profile requires a value");
+      profile = args[++index];
+    } else if (args[index] === "--json" || args[index] === "--non-interactive") {
+      continue;
+    } else if (args[index].startsWith("-")) {
+      throw new Error(`unknown option: ${args[index]}`);
+    } else rest.push(args[index]);
+  }
+  return { profile, rest };
+}
+
+function positional(args) {
+  return parseProfileOption(args).rest;
+}
+
+function defaultProfile() {
+  return {
+    webdavUrl: "",
+    username: "",
+    password: "",
+    remoteRoot: "/Inbox",
+    maxFileSize: DEFAULT_MAX_FILE_SIZE,
+    permissions: { allowOverwrite: false },
+  };
+}
+
+function allowedActions(profile) {
+  return profile.permissions.allowOverwrite ? ["overwrite", "rename"] : ["rename"];
+}
+
+function profileView(name, profile) {
+  return {
+    name,
+    webdav_url: sanitizeUrl(profile.webdavUrl),
+    username: profile.username,
+    remote_root: profile.remoteRoot,
+    max_file_size: profile.maxFileSize,
+    allow_overwrite: profile.permissions.allowOverwrite,
+  };
+}
+
+function configView(config) {
+  return {
+    default_profile: config.defaultProfile,
+    profiles: Object.fromEntries(
+      Object.entries(config.profiles).map(([name, profile]) => [name, profileView(name, profile)]),
+    ),
+  };
+}
+
+function sanitizeUrl(value) {
+  try {
+    const url = new URL(value);
+    url.username = "";
+    url.password = "";
+    return url.toString();
+  } catch {
+    return "<invalid URL>";
+  }
+}
+
+function sanitize(value) {
+  const string = String(value);
+  try {
+    const url = new URL(string);
+    url.username = "";
+    url.password = "";
+    return url.toString();
+  } catch {
+    return string;
+  }
+}

package/src/config.js

@@ -0,0 +1,250 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { DavnoteError } from "./errors.js";
+
+export const DEFAULT_MAX_FILE_SIZE = 20 * 1024 * 1024;
+
+export function defaultConfigPath(platform = process.platform, env = process.env, home = os.homedir()) {
+  return applicationConfigPath("davnote", platform, env, home);
+}
+
+export function legacyConfigPath(platform = process.platform, env = process.env, home = os.homedir()) {
+  return applicationConfigPath("note-send", platform, env, home);
+}
+
+function applicationConfigPath(applicationName, platform, env, home) {
+  if (platform === "darwin") {
+    return path.join(home, "Library", "Application Support", applicationName, "config.toml");
+  }
+  if (platform === "win32") {
+    const base = env.APPDATA || path.join(home, "AppData", "Roaming");
+    return path.join(base, applicationName, "config.toml");
+  }
+  const base = env.XDG_CONFIG_HOME || path.join(home, ".config");
+  return path.join(base, applicationName, "config.toml");
+}
+
+export function emptyConfig() {
+  return { defaultProfile: "", profiles: {} };
+}
+
+export async function loadConfig(configPath) {
+  let text;
+  try {
+    text = await fs.readFile(configPath, "utf8");
+  } catch (error) {
+    if (error?.code === "ENOENT") {
+      throw new DavnoteError("CONFIG_NOT_FOUND", "configuration not found");
+    }
+    throw error;
+  }
+  try {
+    return parseToml(text);
+  } catch (error) {
+    throw new DavnoteError("CONFIG_INVALID", error.message);
+  }
+}
+
+export async function saveConfig(configPath, config) {
+  await fs.mkdir(path.dirname(configPath), { recursive: true, mode: 0o700 });
+  const tempPath = path.join(
+    path.dirname(configPath),
+    `.config-${process.pid}-${Date.now()}.tmp`,
+  );
+  try {
+    await fs.writeFile(tempPath, formatToml(config), { mode: 0o600 });
+    await fs.rename(tempPath, configPath);
+    if (process.platform !== "win32") {
+      await fs.chmod(configPath, 0o600);
+    }
+  } finally {
+    await fs.rm(tempPath, { force: true }).catch(() => {});
+  }
+}
+
+export async function permissionWarning(configPath) {
+  if (process.platform === "win32") return "";
+  const stat = await fs.stat(configPath);
+  const permissions = stat.mode & 0o777;
+  if ((permissions & 0o077) !== 0) {
+    return `configuration permissions are ${permissions.toString(8).padStart(4, "0")}; expected 0600`;
+  }
+  return "";
+}
+
+export function validateProfileName(name) {
+  if (!name) throw new DavnoteError("INVALID_ARGUMENT", "profile name is required");
+  if (!/^[a-z0-9-]+$/.test(name)) {
+    throw new DavnoteError(
+      "INVALID_ARGUMENT",
+      "profile name must contain only lowercase letters, digits, and hyphens",
+    );
+  }
+}
+
+function parseToml(text) {
+  const config = emptyConfig();
+  let profileName = "";
+  let permissions = false;
+  const lines = text.split(/\r?\n/);
+
+  for (let index = 0; index < lines.length; index += 1) {
+    const lineNumber = index + 1;
+    const line = stripComment(lines[index]).trim();
+    if (!line) continue;
+
+    if (line.startsWith("[") && line.endsWith("]")) {
+      const section = line.slice(1, -1).trim();
+      const parts = section.split(".");
+      if (parts.length === 2 && parts[0] === "profiles") {
+        [, profileName] = parts;
+        permissions = false;
+      } else if (parts.length === 3 && parts[0] === "profiles" && parts[2] === "permissions") {
+        [, profileName] = parts;
+        permissions = true;
+      } else {
+        throw new Error(`line ${lineNumber}: unsupported section "${section}"`);
+      }
+      config.profiles[profileName] ??= defaultProfile();
+      continue;
+    }
+
+    const separator = line.indexOf("=");
+    if (separator < 0) throw new Error(`line ${lineNumber}: expected key = value`);
+    const key = line.slice(0, separator).trim();
+    const value = line.slice(separator + 1).trim();
+
+    if (!profileName) {
+      if (key !== "default_profile") {
+        throw new Error(`line ${lineNumber}: unsupported top-level key "${key}"`);
+      }
+      config.defaultProfile = parseString(value, lineNumber);
+      continue;
+    }
+
+    const profile = config.profiles[profileName];
+    try {
+      if (permissions) {
+        if (key === "allow_overwrite") profile.permissions.allowOverwrite = parseBoolean(value);
+        else if (key === "allow_remote_rename") parseBoolean(value);
+        else throw new Error(`unsupported permissions key "${key}"`);
+      } else {
+        switch (key) {
+          case "webdav_url":
+            profile.webdavUrl = parseString(value);
+            break;
+          case "username":
+            profile.username = parseString(value);
+            break;
+          case "password":
+            profile.password = parseString(value);
+            break;
+          case "remote_root":
+            profile.remoteRoot = parseString(value);
+            break;
+          case "max_file_size":
+            profile.maxFileSize = parseInteger(value);
+            break;
+          case "allowed_roots":
+            parseStringArray(value);
+            break;
+          default:
+            throw new Error(`unsupported profile key "${key}"`);
+        }
+      }
+    } catch (error) {
+      throw new Error(`line ${lineNumber}: ${error.message}`);
+    }
+  }
+
+  for (const profile of Object.values(config.profiles)) {
+    if (!profile.maxFileSize) profile.maxFileSize = DEFAULT_MAX_FILE_SIZE;
+  }
+  return config;
+}
+
+function formatToml(config) {
+  const lines = [`default_profile = ${quote(config.defaultProfile)}`];
+  for (const name of Object.keys(config.profiles).sort()) {
+    const profile = config.profiles[name];
+    lines.push(
+      "",
+      `[profiles.${name}]`,
+      `webdav_url = ${quote(profile.webdavUrl)}`,
+      `username = ${quote(profile.username)}`,
+      `password = ${quote(profile.password)}`,
+      `remote_root = ${quote(profile.remoteRoot)}`,
+      `max_file_size = ${profile.maxFileSize || DEFAULT_MAX_FILE_SIZE}`,
+      "",
+      `[profiles.${name}.permissions]`,
+      `allow_overwrite = ${Boolean(profile.permissions?.allowOverwrite)}`,
+    );
+  }
+  return `${lines.join("\n")}\n`;
+}
+
+function defaultProfile() {
+  return {
+    webdavUrl: "",
+    username: "",
+    password: "",
+    remoteRoot: "",
+    maxFileSize: DEFAULT_MAX_FILE_SIZE,
+    permissions: { allowOverwrite: false },
+  };
+}
+
+function stripComment(line) {
+  let inString = false;
+  let escaped = false;
+  for (let index = 0; index < line.length; index += 1) {
+    const character = line[index];
+    if (escaped) {
+      escaped = false;
+      continue;
+    }
+    if (character === "\\" && inString) {
+      escaped = true;
+      continue;
+    }
+    if (character === '"') inString = !inString;
+    if (character === "#" && !inString) return line.slice(0, index);
+  }
+  return line;
+}
+
+function parseString(value) {
+  try {
+    const parsed = JSON.parse(value);
+    if (typeof parsed !== "string") throw new Error();
+    return parsed;
+  } catch {
+    throw new Error("expected quoted string");
+  }
+}
+
+function parseStringArray(value) {
+  try {
+    const parsed = JSON.parse(value);
+    if (!Array.isArray(parsed) || parsed.some((item) => typeof item !== "string")) throw new Error();
+    return parsed;
+  } catch {
+    throw new Error("expected string array");
+  }
+}
+
+function parseBoolean(value) {
+  if (value === "true") return true;
+  if (value === "false") return false;
+  throw new Error("expected boolean");
+}
+
+function parseInteger(value) {
+  if (!/^-?\d+$/.test(value)) throw new Error("expected integer");
+  return Number.parseInt(value, 10);
+}
+
+function quote(value) {
+  return JSON.stringify(value ?? "");
+}

package/src/errors.js

@@ -0,0 +1,43 @@
+export class DavnoteError extends Error {
+  constructor(code, message, options = {}) {
+    super(message);
+    this.name = "DavnoteError";
+    this.code = code;
+    this.statusCode = options.statusCode;
+    this.temporary = options.temporary ?? false;
+  }
+}
+
+export function errorCode(error, fallback = "SERVER_ERROR") {
+  return error instanceof DavnoteError ? error.code : fallback;
+}
+
+export function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+
+export function exitCode(code) {
+  switch (code) {
+    case "INVALID_ARGUMENT":
+    case "INPUT_ERROR":
+      return 2;
+    case "CONFIG_NOT_FOUND":
+    case "CONFIG_INVALID":
+    case "PROFILE_NOT_FOUND":
+      return 3;
+    case "AUTH_FAILED":
+      return 4;
+    case "INVALID_FILE_TYPE":
+    case "FILE_TOO_LARGE":
+    case "OVERWRITE_NOT_ALLOWED":
+    case "INTERACTIVE_REQUIRED":
+      return 5;
+    case "REMOTE_FILE_EXISTS":
+      return 6;
+    case "NETWORK_ERROR":
+    case "SERVER_ERROR":
+      return 7;
+    default:
+      return 1;
+  }
+}

package/src/prompt.js

@@ -0,0 +1,60 @@
+import readline from "node:readline/promises";
+
+export function isInteractive(input, output) {
+  return Boolean(input?.isTTY && output?.isTTY);
+}
+
+export async function readLine(input, output, prompt) {
+  const terminal = readline.createInterface({ input, output });
+  try {
+    return (await terminal.question(prompt)).trim();
+  } finally {
+    terminal.close();
+  }
+}
+
+export async function confirm(input, output, prompt, defaultYes = false) {
+  const suffix = defaultYes ? " [Y/n]: " : " [y/N]: ";
+  const answer = (await readLine(input, output, prompt + suffix)).toLowerCase();
+  if (!answer) return defaultYes;
+  if (answer === "y" || answer === "yes") return true;
+  if (answer === "n" || answer === "no") return false;
+  throw new Error("expected yes or no");
+}
+
+export async function readSecret(input, output, prompt) {
+  if (!input?.isTTY || typeof input.setRawMode !== "function") {
+    throw new Error("secret input requires a terminal");
+  }
+  output.write(prompt);
+  input.setRawMode(true);
+  input.resume();
+  input.setEncoding("utf8");
+  let value = "";
+  try {
+    return await new Promise((resolve, reject) => {
+      const onData = (character) => {
+        if (character === "\r" || character === "\n") {
+          input.off("data", onData);
+          output.write("\n");
+          resolve(value);
+          return;
+        }
+        if (character === "\u0003") {
+          input.off("data", onData);
+          reject(new Error("input cancelled"));
+          return;
+        }
+        if (character === "\u007f" || character === "\b") {
+          value = value.slice(0, -1);
+          return;
+        }
+        value += character;
+      };
+      input.on("data", onData);
+    });
+  } finally {
+    input.setRawMode(false);
+    input.pause();
+  }
+}

package/src/safety.js

@@ -0,0 +1,42 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { DavnoteError } from "./errors.js";
+
+export async function validateFile(input, maxFileSize) {
+  const absolutePath = path.resolve(input);
+  let realPath;
+  try {
+    realPath = await fs.realpath(absolutePath);
+  } catch {
+    throw new DavnoteError("FILE_NOT_FOUND", "local file does not exist");
+  }
+  let stat;
+  try {
+    stat = await fs.stat(realPath);
+  } catch {
+    throw new DavnoteError("FILE_NOT_FOUND", "cannot inspect local file");
+  }
+  if (!stat.isFile()) {
+    throw new DavnoteError("INVALID_FILE_TYPE", "local path is not a regular file");
+  }
+  if (path.extname(realPath).toLowerCase() !== ".md") {
+    throw new DavnoteError("INVALID_FILE_TYPE", "only Markdown (.md) files are allowed");
+  }
+  if (maxFileSize > 0 && stat.size > maxFileSize) {
+    throw new DavnoteError(
+      "FILE_TOO_LARGE",
+      `file exceeds maximum size of ${maxFileSize} bytes`,
+    );
+  }
+  return { path: realPath, relativePath: path.basename(realPath), size: stat.size };
+}
+
+export function validateRemoteName(name) {
+  if (!name) throw new DavnoteError("INVALID_ARGUMENT", "remote name cannot be empty");
+  if (name === "." || name === ".." || /[\\/]/.test(name)) {
+    throw new DavnoteError("INVALID_ARGUMENT", "remote name must be a single file name");
+  }
+  if (path.extname(name).toLowerCase() !== ".md") {
+    throw new DavnoteError("INVALID_ARGUMENT", "remote name must end in .md");
+  }
+}

package/src/skill.js

@@ -0,0 +1,78 @@
+export const skillBody = `---
+name: push-notes
+description: Push explicitly requested Markdown notes to the user's configured WebDAV storage with the davnote CLI.
+---
+
+# Send Notes
+
+Use the installed \`davnote\` command. The CLI owns WebDAV configuration, credentials, file validation, and remote-write permissions.
+
+## Workflow
+
+1. Only send Markdown files explicitly requested by the user.
+2. Resolve each requested note to an absolute path without moving or copying it.
+3. Run:
+
+   \`davnote push "<absolute-path>" --json --non-interactive\`
+
+   \`--json\` requests structured output for reliable result handling. \`--non-interactive\` guarantees that the command will not prompt for input.
+
+4. For multiple explicit files, pass all paths in one command.
+5. Report each returned local path, remote path, and result.
+6. If configuration is missing, tell the user to run \`davnote setup\` directly in a terminal.
+
+## Remote file names
+
+- By default, the remote file uses the local file's base name.
+- The remote name may be chosen at upload time without changing the local file:
+
+  \`davnote push "<absolute-path>" --remote-name "<name>.md" --json --non-interactive\`
+
+- \`--remote-name\` accepts one Markdown file at a time.
+- Use a different remote name when the user requests one or explicitly chooses rename to resolve a conflict.
+- Do not invent a different remote name without user intent or confirmation.
+
+## Conflicts and errors
+
+- Always inspect the JSON \`code\` and \`allowed_actions\` fields.
+- For \`REMOTE_FILE_EXISTS\`, never overwrite or choose a different name automatically.
+- Only offer actions present in \`allowed_actions\` and obtain explicit authorization for the affected file.
+- After explicit overwrite authorization, use \`--conflict overwrite\`.
+- Rename is always available; after the user explicitly supplies or confirms a different name, use \`--remote-name "<name>.md"\`.
+- If overwrite is not listed, do not enable it yourself. Rename remains available, or tell the user they may run \`davnote config permissions --profile <name>\` in their terminal.
+- For \`AUTH_FAILED\`, never request credentials in chat. Tell the user to run \`davnote profile credentials <name>\`.
+- For \`CONFIG_NOT_FOUND\` or \`PROFILE_NOT_FOUND\`, tell the user to run \`davnote setup\`.
+- For \`FILE_NOT_FOUND\`, do not choose a similarly named file without confirmation.
+- Do not retry authentication, permission, validation, or conflict failures.
+- The CLI may retry one temporary network failure. If it still fails, report the failure.
+- For multi-file results, report successes and failures separately. Never apply one file's conflict decision to other files without explicit instruction.
+
+## Safety
+
+- Never ask for, read, display, store, or modify WebDAV credentials.
+- Never read or edit the davnote configuration file.
+- Never invoke setup, profile mutation, or permission mutation on the user's behalf.
+- Never bypass file-type, size, or overwrite restrictions.
+- Never send additional files, linked attachments, or directories unless a future CLI version explicitly supports them and the user requests them.
+`;
+
+export const installerPrefix = `Create or update a Skill for yourself that uses the davnote CLI to push Markdown notes.
+
+Requirements:
+
+1. Determine your own Agent's Skill directory and required file format.
+2. Create a Skill named \`push-notes\`.
+3. Save the SKILL.md content between the markers below.
+4. Generate any additional platform metadata required by your Agent.
+5. Do not place WebDAV URLs, usernames, passwords, davnote configuration, or other credentials in the Skill.
+6. Preserve the safety and error-handling rules.
+7. Do not send any note during installation.
+8. When finished, report the exact path where the Skill was saved.
+
+--- BEGIN SKILL.md ---
+
+`;
+
+export const installerSuffix = `
+--- END SKILL.md ---
+`;

package/src/webdav.js

@@ -0,0 +1,156 @@
+import http from "node:http";
+import https from "node:https";
+import path from "node:path";
+import { DavnoteError } from "./errors.js";
+
+export class WebDAVClient {
+  constructor(rawUrl, username, password, options = {}) {
+    let parsed;
+    try {
+      parsed = new URL(rawUrl);
+    } catch {
+      throw new DavnoteError("CONFIG_INVALID", "invalid WebDAV URL");
+    }
+    if (parsed.protocol !== "https:") {
+      throw new DavnoteError("CONFIG_INVALID", "WebDAV URL must use HTTPS");
+    }
+    if (!parsed.hostname) {
+      throw new DavnoteError("CONFIG_INVALID", "WebDAV URL must include a host");
+    }
+    if (parsed.username || parsed.password) {
+      throw new DavnoteError("CONFIG_INVALID", "WebDAV URL must not contain credentials");
+    }
+    parsed.search = "";
+    parsed.hash = "";
+    this.baseUrl = parsed;
+    this.username = username;
+    this.password = password;
+    this.timeout = options.timeout ?? 30_000;
+    this.agent = options.agent;
+    this.requestImpl = options.requestImpl;
+  }
+
+  async test(remoteRoot, create = false) {
+    if (create) await this.ensureCollection(remoteRoot);
+    if (!(await this.exists(remoteRoot))) {
+      throw new DavnoteError("SERVER_ERROR", "remote root does not exist");
+    }
+  }
+
+  async exists(remotePath) {
+    let response = await this.request("HEAD", remotePath);
+    if (response.statusCode === 405 || response.statusCode === 501) {
+      response = await this.request("PROPFIND", remotePath, undefined, { Depth: "0" });
+    }
+    if (response.statusCode >= 200 && response.statusCode < 300) return true;
+    if (response.statusCode === 404) return false;
+    throw classifyStatus(response.statusCode, "existence check");
+  }
+
+  async put(remotePath, body) {
+    const response = await this.request("PUT", remotePath, body, {
+      "Content-Type": "text/markdown; charset=utf-8",
+    });
+    if (response.statusCode >= 200 && response.statusCode < 300) return;
+    throw classifyStatus(response.statusCode, "upload");
+  }
+
+  async ensureCollection(remotePath) {
+    const clean = cleanRemote(remotePath);
+    if (clean === "/") return;
+    let current = "";
+    for (const segment of clean.slice(1).split("/")) {
+      current += `/${segment}`;
+      if (await this.exists(current)) continue;
+      const response = await this.request("MKCOL", current);
+      if (response.statusCode >= 200 && response.statusCode < 300) continue;
+      if (response.statusCode === 405) continue;
+      throw classifyStatus(response.statusCode, "MKCOL");
+    }
+  }
+
+  async request(method, remotePath, body, extraHeaders = {}) {
+    const url = requestUrl(this.baseUrl, remotePath);
+    const bodyBuffer = body === undefined ? undefined : Buffer.from(body);
+    const headers = {
+      Authorization: `Basic ${Buffer.from(`${this.username}:${this.password}`).toString("base64")}`,
+      "User-Agent": "davnote/1",
+      ...extraHeaders,
+    };
+    if (bodyBuffer) headers["Content-Length"] = String(bodyBuffer.length);
+
+    for (let attempt = 0; attempt < 2; attempt += 1) {
+      try {
+        return await this.requestOnce(url, { method, headers }, bodyBuffer);
+      } catch (error) {
+        if (attempt === 0 && isTemporary(error)) continue;
+        throw new DavnoteError("NETWORK_ERROR", "WebDAV network request failed", {
+          temporary: isTemporary(error),
+        });
+      }
+    }
+    throw new DavnoteError("NETWORK_ERROR", "WebDAV network request failed");
+  }
+
+  requestOnce(url, options, body) {
+    if (this.requestImpl) return this.requestImpl(url, options, body);
+    const requestFn = url.protocol === "https:" ? https.request : http.request;
+    return new Promise((resolve, reject) => {
+      const request = requestFn(
+        url,
+        { ...options, agent: this.agent, timeout: this.timeout },
+        (response) => {
+          response.resume();
+          response.on("end", () => resolve({ statusCode: response.statusCode ?? 0 }));
+        },
+      );
+      request.on("timeout", () => request.destroy(Object.assign(new Error("request timed out"), { code: "ETIMEDOUT" })));
+      request.on("error", reject);
+      if (body) request.write(body);
+      request.end();
+    });
+  }
+}
+
+export function joinRemote(root, relative) {
+  return cleanRemote(path.posix.join("/", root, relative));
+}
+
+export function remoteParent(remotePath) {
+  return path.posix.dirname(cleanRemote(remotePath));
+}
+
+function requestUrl(baseUrl, remotePath) {
+  const url = new URL(baseUrl);
+  url.pathname = path.posix.join(baseUrl.pathname, cleanRemote(remotePath));
+  return url;
+}
+
+function cleanRemote(value) {
+  return path.posix.normalize(`/${String(value).trim()}`);
+}
+
+function classifyStatus(statusCode, operation) {
+  if (statusCode === 401 || statusCode === 403) {
+    return new DavnoteError(
+      "AUTH_FAILED",
+      "WebDAV authentication or authorization failed",
+      { statusCode },
+    );
+  }
+  if (statusCode >= 500) {
+    return new DavnoteError("SERVER_ERROR", `WebDAV server returned HTTP ${statusCode}`, {
+      statusCode,
+      temporary: true,
+    });
+  }
+  return new DavnoteError(
+    "SERVER_ERROR",
+    `WebDAV ${operation} returned HTTP ${statusCode}`,
+    { statusCode },
+  );
+}
+
+function isTemporary(error) {
+  return ["ECONNRESET", "ECONNREFUSED", "ETIMEDOUT", "EAI_AGAIN"].includes(error?.code);
+}