@tplog/pi-zendy 0.2.17

package/dist/preflight.js

@@ -0,0 +1,224 @@
+import { execFile } from "node:child_process";
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import { createInterface } from "node:readline";
+// ── Helpers ────────────────────────────────────────────────────────────
+function exec(cmd, args, timeoutMs = 5000) {
+    return new Promise((resolve) => {
+        execFile(cmd, args, { timeout: timeoutMs, encoding: "utf-8" }, (err, stdout, stderr) => {
+            if (err && err.code === "ENOENT") {
+                resolve({ code: 127, stdout: "", stderr: "" });
+                return;
+            }
+            // execFile callback err has an `exit code` when the process exits non-zero
+            const exitCode = err ? (err.status ?? 1) : 0;
+            resolve({ code: exitCode, stdout: stdout ?? "", stderr: stderr ?? "" });
+        });
+    });
+}
+// ── Individual checks ──────────────────────────────────────────────────
+// Common API key env vars that pi recognizes
+const PI_API_KEY_VARS = [
+    "ANTHROPIC_API_KEY",
+    "ANTHROPIC_OAUTH_TOKEN",
+    "OPENAI_API_KEY",
+    "GEMINI_API_KEY",
+    "GROQ_API_KEY",
+    "OPENROUTER_API_KEY",
+    "XAI_API_KEY",
+    "MISTRAL_API_KEY",
+    "AWS_ACCESS_KEY_ID",
+];
+async function checkPi() {
+    const base = {
+        name: "pi",
+        label: "AI Agent (pi)",
+        level: "fatal",
+    };
+    const result = await exec("pi", ["--version"]);
+    if (result.code === 127) {
+        return {
+            ...base,
+            status: "missing",
+            hint: "Install pi: npm install -g @earendil-works/pi-coding-agent",
+        };
+    }
+    // pi is installed — check if any auth is configured.
+    // Auth can be in ~/.pi/agent/auth.json (OAuth login) or via API key env vars.
+    const authFile = join(homedir(), ".pi", "agent", "auth.json");
+    const hasFileAuth = existsSync(authFile);
+    const hasEnvAuth = PI_API_KEY_VARS.some((v) => !!process.env[v]);
+    if (!hasFileAuth && !hasEnvAuth) {
+        return {
+            ...base,
+            status: "auth_error",
+            hint: "pi is installed but no provider is configured.\nRun: pi (to log in interactively)\nOr set an API key: export GEMINI_API_KEY=...",
+        };
+    }
+    return { ...base, status: "ok", hint: "" };
+}
+async function checkZcli() {
+    const base = {
+        name: "zcli",
+        label: "Zendesk access",
+        level: "core",
+    };
+    // `zcli whoami` calls GET /api/v2/users/me.json — succeeds only if zcli is
+    // installed, configured, and the Zendesk credentials are actually accepted.
+    const result = await exec("zcli", ["whoami"], 8000);
+    if (result.code === 127) {
+        return {
+            ...base,
+            status: "missing",
+            hint: "Install zcli: npm install -g @tplog/zendesk-cli\nThen run: zcli configure",
+        };
+    }
+    if (result.code === 0) {
+        return { ...base, status: "ok", hint: "" };
+    }
+    // zcli prints "Not configured..." to stderr from getConfig() when creds are absent.
+    if (result.stderr.includes("Not configured")) {
+        return {
+            ...base,
+            status: "auth_error",
+            hint: "zcli is installed but Zendesk credentials are not configured.\nRun: zcli configure",
+        };
+    }
+    // Configured but the API call failed — likely bad creds (401) or network issue.
+    return {
+        ...base,
+        status: "auth_error",
+        hint: "zcli is configured but the Zendesk API check failed.\nRun `zcli whoami` to see the error (check credentials and network).",
+    };
+}
+async function checkZendeskKg() {
+    const base = {
+        name: "zendesk-kg",
+        label: "Zendesk Knowledge Graph",
+        level: "enhanced",
+    };
+    const result = await exec("zendesk-kg", ["--version"]);
+    if (result.code === 127) {
+        return {
+            ...base,
+            status: "missing",
+            hint: "zendesk-kg not installed. Install with:\ncurl -fsSL https://raw.githubusercontent.com/sorphwer/zendesk-kg-cli-release/main/install.sh | sh\nThen run: zendesk-kg init",
+        };
+    }
+    return { ...base, status: "ok", hint: "" };
+}
+async function checkGithub() {
+    const base = {
+        name: "github",
+        label: "GitHub access",
+        level: "enhanced",
+    };
+    const result = await exec("ssh", ["-T", "-o", "ConnectTimeout=3", "-o", "StrictHostKeyChecking=no", "git@github.com"]);
+    // ssh -T git@github.com exits 1 on success (GitHub prints "Hi user!")
+    // exits 255 on auth failure, and 127 if ssh missing
+    if (result.code === 127) {
+        return {
+            ...base,
+            status: "missing",
+            hint: "SSH client not found. Install OpenSSH to enable source code analysis.",
+        };
+    }
+    const combined = result.stdout + result.stderr;
+    if (combined.includes("successfully authenticated") || combined.includes("Hi ")) {
+        return { ...base, status: "ok", hint: "" };
+    }
+    return {
+        ...base,
+        status: "auth_error",
+        hint: "GitHub SSH not configured. Source code analysis will be unavailable.\nSet up SSH keys: https://docs.github.com/en/authentication/connecting-to-github-with-ssh",
+    };
+}
+// ── Preflight runner ───────────────────────────────────────────────────
+export async function runPreflight() {
+    const results = await Promise.all([checkPi(), checkZcli(), checkZendeskKg(), checkGithub()]);
+    const failed = results.filter((r) => r.status !== "ok");
+    return {
+        results,
+        hasFatal: failed.some((r) => r.level === "fatal"),
+        hasCore: failed.some((r) => r.level === "core"),
+        hasEnhanced: failed.some((r) => r.level === "enhanced"),
+    };
+}
+// ── Terminal display ───────────────────────────────────────────────────
+const RESET = "\x1b[0m";
+const BOLD = "\x1b[1m";
+const RED = "\x1b[31m";
+const YELLOW = "\x1b[33m";
+const GREEN = "\x1b[32m";
+const DIM = "\x1b[2m";
+function statusIcon(status) {
+    if (status === "ok")
+        return `${GREEN}✓${RESET}`;
+    return `${RED}✗${RESET}`;
+}
+export function printPreflightReport(report) {
+    const failed = report.results.filter((r) => r.status !== "ok");
+    if (failed.length === 0)
+        return; // all good, stay silent
+    console.error("");
+    console.error(`${BOLD}Zendy setup check${RESET}`);
+    console.error("");
+    for (const r of report.results) {
+        console.error(`  ${statusIcon(r.status)} ${r.label}`);
+    }
+    console.error("");
+    // Fatal — hard stop
+    if (report.hasFatal) {
+        const fatal = failed.filter((r) => r.level === "fatal");
+        for (const r of fatal) {
+            console.error(`${RED}${BOLD}Error:${RESET} ${r.label} is required but not available.`);
+            console.error(`${DIM}${r.hint}${RESET}`);
+            console.error("");
+        }
+        return;
+    }
+    // Core missing — strong warning with options
+    if (report.hasCore) {
+        const core = failed.filter((r) => r.level === "core");
+        for (const r of core) {
+            console.error(`${YELLOW}${BOLD}Warning:${RESET} ${r.label} is not configured.`);
+            console.error(`${DIM}${r.hint}${RESET}`);
+            console.error("");
+        }
+    }
+    // Enhanced missing — light banner
+    if (report.hasEnhanced) {
+        const enhanced = failed.filter((r) => r.level === "enhanced");
+        for (const r of enhanced) {
+            console.error(`${DIM}Note: ${r.label} is not configured. ${r.hint.split("\n")[0]}${RESET}`);
+        }
+        console.error("");
+    }
+}
+/**
+ * Interactive prompt for core dependency failures.
+ * Returns true if the user wants to continue, false to exit.
+ */
+export function promptCoreMissing() {
+    return new Promise((resolve) => {
+        const rl = createInterface({
+            input: process.stdin,
+            output: process.stderr,
+        });
+        console.error(`${BOLD}What would you like to do?${RESET}`);
+        console.error(`  ${BOLD}1${RESET} Continue with limited capabilities`);
+        console.error(`  ${BOLD}2${RESET} Exit and configure manually`);
+        console.error("");
+        rl.question(`${DIM}Choose [1/2]: ${RESET}`, (answer) => {
+            rl.close();
+            const choice = answer.trim();
+            if (choice === "2") {
+                resolve(false);
+            }
+            else {
+                resolve(true); // default: continue
+            }
+        });
+    });
+}

package/dist/source-cleanup.d.ts

@@ -0,0 +1,43 @@
+export interface CandidateDir {
+    path: string;
+    name: string;
+    mtimeMs: number;
+    sizeBytes: number;
+}
+export interface ClassifyOptions {
+    nowMs: number;
+    /** Skip any dir whose mtime is within this window (0 disables). Wins over everything. */
+    minAgeMs: number;
+    /** Only delete dirs older than this (undefined = no age limit, i.e. --all). */
+    maxAgeMs?: number;
+    /** Keep the N most-recent candidates regardless of age. */
+    keepLast: number;
+    /** Absolute paths that must never be deleted (e.g. the current session dir). */
+    protectedPaths?: string[];
+}
+export interface ClassifyResult {
+    toDelete: CandidateDir[];
+    kept: CandidateDir[];
+    protected: CandidateDir[];
+}
+export interface DeleteResult {
+    deleted: string[];
+    bytesFreed: number;
+    errors: {
+        path: string;
+        error: string;
+    }[];
+}
+export declare function scanCandidates(baseDir: string, patterns: string[]): Promise<CandidateDir[]>;
+export declare function classifyCandidates(candidates: CandidateDir[], opts: ClassifyOptions): ClassifyResult;
+export declare function deleteCandidates(candidates: CandidateDir[]): Promise<DeleteResult>;
+export interface SessionDirInfo {
+    pid: number;
+    timestamp: number;
+}
+export declare function parseSessionDirName(name: string): SessionDirInfo | null;
+export declare function buildSessionDirName(pid: number, timestamp: number): string;
+export declare function isProcessAlive(pid: number): boolean;
+export declare function findOrphanSessionDirs(baseDir: string): Promise<string[]>;
+export declare function formatBytes(n: number): string;
+export declare function formatAge(ageMs: number): string;

package/dist/source-cleanup.js

@@ -0,0 +1,188 @@
+// Source clone directory cleanup library.
+//
+// Dify enterprise repositories are private; every extra minute their source
+// sits on local disk is an extra minute of exposure surface. This module
+// provides the primitives to enumerate, classify, and wipe those clones.
+//
+// Used by:
+//   - `src/cleanup-src.ts` — the `zendy cleanup-src` CLI subcommand.
+//   - `extensions/source-cleanup.ts` — the pi extension. The extension file
+//     inlines the tiny helpers it needs so it can be loaded as a self-contained
+//     TS file by pi at runtime.
+import { readdir, stat, rm } from "node:fs/promises";
+import { join } from "node:path";
+async function dirSize(path) {
+    let total = 0;
+    const stack = [path];
+    while (stack.length) {
+        const cur = stack.pop();
+        let entries;
+        try {
+            entries = await readdir(cur, { withFileTypes: true });
+        }
+        catch {
+            continue;
+        }
+        for (const e of entries) {
+            if (e.isSymbolicLink())
+                continue;
+            const full = join(cur, e.name);
+            if (e.isDirectory()) {
+                stack.push(full);
+            }
+            else if (e.isFile()) {
+                try {
+                    const s = await stat(full);
+                    total += s.size;
+                }
+                catch {
+                    // unreadable file — skip
+                }
+            }
+        }
+    }
+    return total;
+}
+function matchesAnyPattern(name, patterns) {
+    return patterns.some((p) => {
+        if (p.endsWith("*"))
+            return name.startsWith(p.slice(0, -1));
+        return name === p;
+    });
+}
+export async function scanCandidates(baseDir, patterns) {
+    let entries;
+    try {
+        entries = await readdir(baseDir, { withFileTypes: true });
+    }
+    catch {
+        return [];
+    }
+    const results = [];
+    for (const e of entries) {
+        if (!e.isDirectory())
+            continue; // skip files + symlinks
+        if (!matchesAnyPattern(e.name, patterns))
+            continue;
+        const full = join(baseDir, e.name);
+        let st;
+        try {
+            st = await stat(full);
+        }
+        catch {
+            continue;
+        }
+        const size = await dirSize(full);
+        results.push({ path: full, name: e.name, mtimeMs: st.mtimeMs, sizeBytes: size });
+    }
+    return results;
+}
+export function classifyCandidates(candidates, opts) {
+    const protectedSet = new Set(opts.protectedPaths ?? []);
+    const sorted = [...candidates].sort((a, b) => b.mtimeMs - a.mtimeMs);
+    const toDelete = [];
+    const kept = [];
+    const protectedOut = [];
+    let keptByKeepLast = 0;
+    for (const c of sorted) {
+        if (protectedSet.has(c.path)) {
+            protectedOut.push(c);
+            continue;
+        }
+        const ageMs = opts.nowMs - c.mtimeMs;
+        if (opts.minAgeMs > 0 && ageMs < opts.minAgeMs) {
+            protectedOut.push(c);
+            continue;
+        }
+        if (keptByKeepLast < opts.keepLast) {
+            kept.push(c);
+            keptByKeepLast++;
+            continue;
+        }
+        if (opts.maxAgeMs !== undefined && ageMs < opts.maxAgeMs) {
+            kept.push(c);
+            continue;
+        }
+        toDelete.push(c);
+    }
+    return { toDelete, kept, protected: protectedOut };
+}
+export async function deleteCandidates(candidates) {
+    const deleted = [];
+    const errors = [];
+    let bytesFreed = 0;
+    for (const c of candidates) {
+        try {
+            await rm(c.path, { recursive: true, force: true });
+            deleted.push(c.path);
+            bytesFreed += c.sizeBytes;
+        }
+        catch (err) {
+            errors.push({ path: c.path, error: err.message });
+        }
+    }
+    return { deleted, bytesFreed, errors };
+}
+export function parseSessionDirName(name) {
+    const m = /^zendy-session-(\d+)-(\d+)$/.exec(name);
+    if (!m)
+        return null;
+    return { pid: parseInt(m[1], 10), timestamp: parseInt(m[2], 10) };
+}
+export function buildSessionDirName(pid, timestamp) {
+    return `zendy-session-${pid}-${timestamp}`;
+}
+export function isProcessAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch (err) {
+        // EPERM: process exists but we can't signal it; it's still alive.
+        return err.code === "EPERM";
+    }
+}
+export async function findOrphanSessionDirs(baseDir) {
+    let entries;
+    try {
+        entries = await readdir(baseDir, { withFileTypes: true });
+    }
+    catch {
+        return [];
+    }
+    const orphans = [];
+    for (const e of entries) {
+        if (!e.isDirectory())
+            continue;
+        const info = parseSessionDirName(e.name);
+        if (!info)
+            continue;
+        if (!isProcessAlive(info.pid)) {
+            orphans.push(join(baseDir, e.name));
+        }
+    }
+    return orphans;
+}
+// ── Formatting helpers ────────────────────────────────────────────────
+export function formatBytes(n) {
+    if (n < 1024)
+        return `${n} B`;
+    if (n < 1024 * 1024)
+        return `${(n / 1024).toFixed(1)} KB`;
+    if (n < 1024 * 1024 * 1024)
+        return `${(n / 1024 / 1024).toFixed(1)} MB`;
+    return `${(n / 1024 / 1024 / 1024).toFixed(2)} GB`;
+}
+export function formatAge(ageMs) {
+    const s = Math.floor(ageMs / 1000);
+    if (s < 60)
+        return `${s}s`;
+    const m = Math.floor(s / 60);
+    if (m < 60)
+        return `${m}m`;
+    const h = Math.floor(m / 60);
+    if (h < 24)
+        return `${h}h`;
+    const d = Math.floor(h / 24);
+    return `${d}d`;
+}

package/extensions/custom-header.ts

@@ -0,0 +1,49 @@
+/**
+ * Custom Header Extension
+ *
+ * Displays "zendy" in ASCII art on startup.
+ */
+
+import type { ExtensionAPI, Theme } from "@earendil-works/pi-coding-agent";
+
+function getZendyArt(theme: Theme): string[] {
+  const c = (text: string) => theme.fg("accent", text);
+  const d = (text: string) => theme.fg("dim", text);
+  const m = (text: string) => theme.fg("muted", text);
+
+  return [
+    "",
+    c("███████╗███████╗███╗   ██╗██████╗ ██╗   ██╗"),
+    c("╚══███╔╝██╔════╝████╗  ██║██╔══██╗╚██╗ ██╔╝"),
+    c("  ███╔╝ █████╗  ██╔██╗ ██║██║  ██║ ╚████╔╝"),
+    c(" ███╔╝  ██╔══╝  ██║╚██╗██║██║  ██║  ╚██╔╝"),
+    c("███████╗███████╗██║ ╚████║██████╔╝   ██║"),
+    c("╚══════╝╚══════╝╚═╝  ╚═══╝╚═════╝    ╚═╝"),
+    "",
+    m("─── ") + d("Dify Enterprise Copilot") + m(" ───"),
+    "",
+  ];
+}
+
+export default function (pi: ExtensionAPI) {
+  pi.on("session_start", async (_event, ctx) => {
+    if (ctx.hasUI) {
+      ctx.ui.setHeader((_tui, theme) => {
+        return {
+          render(_width: number): string[] {
+            return getZendyArt(theme);
+          },
+          invalidate() {},
+        };
+      });
+    }
+  });
+
+  pi.registerCommand("restore-header", {
+    description: "Restore built-in header",
+    handler: async (_args, ctx) => {
+      ctx.ui.setHeader(undefined);
+      ctx.ui.notify("Built-in header restored", "info");
+    },
+  });
+}

package/extensions/source-cleanup.ts

@@ -0,0 +1,162 @@
+/**
+ * Source-clone cleanup extension (deterministic, code-level defense).
+ *
+ * dify-enterprise / dify-enterprise-frontend are PRIVATE repositories.
+ * Relying on skill-level ("please remember to clean up") guidance is
+ * prompt-level defense — an AI can forget. This extension enforces
+ * cleanup in code:
+ *
+ *   - on session_start:
+ *       · create /tmp/zendy-session-<pid>-<ts>/ (mode 0700)
+ *       · export its path via process.env.ZENDY_SRC_DIR so bash
+ *         subprocesses spawned by pi (and the source-check skill)
+ *         clone into it
+ *       · sweep orphan session dirs whose owning pid is dead
+ *
+ *   - on session_shutdown AND on process exit / SIGINT / SIGTERM /
+ *     uncaughtException:
+ *       · rm -rf this session's dir (idempotent, best-effort)
+ *
+ *   - /cleanup-src slash command inside pi: wipe all dify-* and
+ *     orphan zendy-session-* dirs on demand.
+ *
+ * Caveats (do not oversell):
+ *   - kill -9 / OOM / power loss bypass handlers → rely on the
+ *     next startup's orphan sweep.
+ *   - rm -rf is not secure erase. For at-rest confidentiality,
+ *     disk encryption (FileVault/LUKS) is required.
+ */
+
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { mkdirSync, rmSync, readdirSync } from "node:fs";
+import { join } from "node:path";
+
+const BASE_DIR = "/tmp";
+const SESSION_PREFIX = "zendy-session-";
+const WIPE_PREFIXES = ["dify-", SESSION_PREFIX];
+
+function parseSessionDir(name: string): { pid: number } | null {
+  const m = /^zendy-session-(\d+)-(\d+)$/.exec(name);
+  return m ? { pid: parseInt(m[1]!, 10) } : null;
+}
+
+function isAlive(pid: number): boolean {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (e) {
+    return (e as NodeJS.ErrnoException).code === "EPERM";
+  }
+}
+
+function safeRmrf(path: string): boolean {
+  try {
+    rmSync(path, { recursive: true, force: true });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function sweepOrphans(base: string, exclude: string): string[] {
+  let entries;
+  try {
+    entries = readdirSync(base, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+  const removed: string[] = [];
+  for (const e of entries) {
+    if (!e.isDirectory()) continue;
+    const info = parseSessionDir(e.name);
+    if (!info) continue;
+    const full = join(base, e.name);
+    if (full === exclude) continue;
+    if (isAlive(info.pid)) continue;
+    if (safeRmrf(full)) removed.push(full);
+  }
+  return removed;
+}
+
+export default function (pi: ExtensionAPI) {
+  const ts = Date.now();
+  const sessionDir = join(BASE_DIR, `${SESSION_PREFIX}${process.pid}-${ts}`);
+  let cleanedUp = false;
+
+  function ensureDir(): void {
+    try {
+      mkdirSync(sessionDir, { recursive: true, mode: 0o700 });
+    } catch {
+      // non-fatal; clone commands will also create subpaths with mkdir -p
+    }
+  }
+
+  function cleanupSession(): void {
+    if (cleanedUp) return;
+    cleanedUp = true;
+    safeRmrf(sessionDir);
+  }
+
+  // Belt-and-suspenders: if session_shutdown doesn't fire (some exit paths
+  // skip event dispatch), rely on node's process signals. All idempotent.
+  process.on("exit", cleanupSession);
+  process.on("SIGINT", () => {
+    cleanupSession();
+    process.exit(130);
+  });
+  process.on("SIGTERM", () => {
+    cleanupSession();
+    process.exit(143);
+  });
+  process.on("uncaughtException", (err) => {
+    cleanupSession();
+    // Preserve original Node behavior of non-zero exit + stderr trace.
+    // eslint-disable-next-line no-console
+    console.error(err);
+    process.exit(1);
+  });
+
+  pi.on("session_start", async (_event, ctx) => {
+    ensureDir();
+    process.env["ZENDY_SRC_DIR"] = sessionDir;
+    const removed = sweepOrphans(BASE_DIR, sessionDir);
+    if (ctx.hasUI && removed.length > 0) {
+      ctx.ui.notify(
+        `[source-cleanup] swept ${removed.length} orphan session dir(s)`,
+        "info",
+      );
+    }
+  });
+
+  pi.on("session_shutdown", async () => {
+    cleanupSession();
+  });
+
+  pi.registerCommand("cleanup-src", {
+    description:
+      "Wipe all Dify source clones (/tmp/dify-*) and orphan zendy session dirs",
+    handler: async (_args, ctx) => {
+      let entries;
+      try {
+        entries = readdirSync(BASE_DIR, { withFileTypes: true });
+      } catch {
+        ctx.ui.notify(`[source-cleanup] cannot read ${BASE_DIR}`, "error");
+        return;
+      }
+      const removed: string[] = [];
+      for (const e of entries) {
+        if (!e.isDirectory()) continue;
+        if (!WIPE_PREFIXES.some((p) => e.name.startsWith(p))) continue;
+        const full = join(BASE_DIR, e.name);
+        if (full === sessionDir) continue; // never nuke our own live session
+        if (safeRmrf(full)) removed.push(full);
+      }
+      ctx.ui.notify(
+        removed.length === 0
+          ? `[source-cleanup] nothing to remove`
+          : `[source-cleanup] removed ${removed.length} dir(s):\n${removed.join("\n")}`,
+        "info",
+      );
+    },
+  });
+}