@venturewild/workspace 0.1.0 → 0.1.2

package/server/src/config.mjs

@@ -1,236 +1,302 @@
-// Central config + role definitions.
-// One UI permission-flagged per AR-19.
-
-import path from 'node:path';
-import os from 'node:os';
-import fs from 'node:fs';
-import crypto from 'node:crypto';
-import { fileURLToPath } from 'node:url';
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-
-// Secrets that shipped as scaffold defaults. Forgeable — never allowed on a
-// non-localhost bind. Kept only so the startup guard can recognise them.
-export const WEAK_SECRETS = Object.freeze(
-  new Set(['dev-partner-token', 'dev-share-secret-change-me']),
-);
-
-const LOCAL_HOSTS = Object.freeze(new Set(['127.0.0.1', 'localhost', '::1']));
-
-export function isLocalhost(host) {
-  return LOCAL_HOSTS.has(host);
-}
-
-// The bmo-sync daemon's HTTP origin, derived from its WebSocket event-feed
-// URL so the two stay consistent when WILD_WORKSPACE_DAEMON_URL is overridden.
-function daemonHttpBase(wsUrl) {
-  try {
-    const u = new URL(wsUrl);
-    return `${u.protocol === 'wss:' ? 'https:' : 'http:'}//${u.host}`;
-  } catch {
-    return 'http://127.0.0.1:8320';
-  }
-}
-
-// Per-install secrets. Generated once, persisted to <dataDir>/secrets.json
-// (the .wild-workspace dir is gitignored). Replaces the weak scaffold defaults
-// so share tokens can't be forged. (Concern C2.)
-function loadOrCreateSecrets(dataDir) {
-  const secretsPath = path.join(dataDir, 'secrets.json');
-  try {
-    const parsed = JSON.parse(fs.readFileSync(secretsPath, 'utf8'));
-    if (parsed.partnerToken && parsed.shareSecret) return parsed;
-  } catch {
-    // missing / unreadable / malformed — fall through and regenerate
-  }
-  const generated = {
-    partnerToken: crypto.randomBytes(24).toString('base64url'),
-    shareSecret: crypto.randomBytes(32).toString('base64url'),
-  };
-  try {
-    fs.mkdirSync(dataDir, { recursive: true });
-    fs.writeFileSync(secretsPath, JSON.stringify(generated, null, 2), { mode: 0o600 });
-  } catch {
-    // can't persist (read-only fs?) — still use the generated pair for this run
-  }
-  return generated;
-}
-
-// Refuse to start in public mode with a forgeable secret. (Concerns C1/C2.)
-export function assertSecureBinding(config) {
-  if (!config.publicMode) return;
-  if (WEAK_SECRETS.has(config.partnerToken) || WEAK_SECRETS.has(config.shareSecret)) {
-    throw new Error(
-      `Refusing to run in public mode with a default secret. ` +
-        `Set WILD_WORKSPACE_PARTNER_TOKEN and WILD_WORKSPACE_SHARE_SECRET, ` +
-        `or remove them so per-install secrets are generated.`,
-    );
-  }
-}
-
-export const ROLES = Object.freeze({
-  PARTNER: 'partner',
-  VIEWER: 'viewer',
-  CLIENT: 'client',
-});
-
-export const ROLE_CAPABILITIES = Object.freeze({
-  partner: {
-    chat: true,
-    chatWrite: true,
-    preview: true,
-    fileTree: true,
-    terminal: true,
-    inbox: true,
-    share: true,
-    sync: true,
-    deploy: true,
-    requestChanges: false,
-  },
-  viewer: {
-    chat: true,
-    chatWrite: false,
-    preview: true,
-    fileTree: false,
-    terminal: false,
-    inbox: false,
-    share: false,
-    sync: false,
-    deploy: false,
-    requestChanges: false,
-  },
-  client: {
-    chat: true,
-    chatWrite: true,
-    preview: true,
-    fileTree: false,
-    terminal: false,
-    inbox: false,
-    share: false,
-    sync: false,
-    deploy: false,
-    requestChanges: true,
-  },
-});
-
-export const DEFAULT_AGENTS = Object.freeze([
-  {
-    id: 'claude',
-    binary: 'claude',
-    label: 'Claude Code',
-    description: 'Anthropic Claude Code',
-    args: ['-p', '--output-format', 'stream-json', '--include-partial-messages', '--verbose'],
-    streamFormat: 'claude-stream-json',
-  },
-  {
-    id: 'gemini',
-    binary: 'gemini',
-    label: 'Gemini CLI',
-    description: 'Google Gemini',
-    args: ['-p'],
-    streamFormat: 'text',
-  },
-  {
-    id: 'glm',
-    binary: 'glm',
-    label: 'GLM (Z.AI)',
-    description: 'GLM-4.6 via Z.AI',
-    args: ['-p', '--permission-mode', 'bypassPermissions'],
-    streamFormat: 'text',
-  },
-  {
-    id: 'codex',
-    binary: 'codex',
-    label: 'Codex (OpenAI)',
-    description: 'GPT-5 / o3 via Codex CLI',
-    args: ['exec', '--skip-git-repo-check'],
-    streamFormat: 'text',
-  },
-]);
-
-export function buildConfig(overrides = {}) {
-  const env = process.env;
-  const portOverride = overrides.port;
-  const resolvedPort =
-    typeof portOverride === 'number'
-      ? portOverride
-      : Number(env.WILD_WORKSPACE_PORT || 5173);
-  const workspaceDir = path.resolve(
-    overrides.workspaceDir || env.WILD_WORKSPACE_DIR || process.cwd(),
-  );
-  const dataDir = path.resolve(
-    overrides.dataDir ||
-      env.WILD_WORKSPACE_DATA_DIR ||
-      path.join(workspaceDir, '.wild-workspace'),
-  );
-  // Lazy: only load/generate persisted secrets if neither an override nor an
-  // env var supplies one — keeps tests that pass both from touching the fs.
-  let _secrets = null;
-  const secrets = () => (_secrets ??= loadOrCreateSecrets(dataDir));
-  const host = overrides.host || env.WILD_WORKSPACE_HOST || '127.0.0.1';
-  // publicMode = "treat every request as untrusted". True for a non-localhost
-  // bind, OR when WILD_WORKSPACE_PUBLIC=1 — needed when a tunnel (Cloudflare
-  // etc.) forwards public traffic to a localhost-bound server, since the bind
-  // address alone would otherwise look local. Drives the C1 auth posture.
-  const publicMode =
-    overrides.publicMode ??
-    (env.WILD_WORKSPACE_PUBLIC === '1' || !isLocalhost(host));
-  // bmo-sync: the local daemon's event feed (a WebSocket URL).
-  const daemonUrl =
-    overrides.daemonUrl ||
-    env.WILD_WORKSPACE_DAEMON_URL ||
-    'ws://127.0.0.1:8320/api/events';
-  return {
-    port: resolvedPort,
-    host,
-    publicMode,
-    workspaceDir,
-    dataDir,
-    webDir:
-      overrides.webDir ||
-      env.WILD_WORKSPACE_WEB_DIR ||
-      path.resolve(__dirname, '..', '..', 'web', 'dist'),
-    openBrowser: overrides.openBrowser ?? env.WILD_WORKSPACE_NO_OPEN !== '1',
-    shareBaseUrl:
-      overrides.shareBaseUrl ||
-      env.WILD_WORKSPACE_SHARE_BASE_URL ||
-      `http://${host}:${resolvedPort}`,
-    partnerToken:
-      overrides.partnerToken ||
-      env.WILD_WORKSPACE_PARTNER_TOKEN ||
-      secrets().partnerToken,
-    shareSecret:
-      overrides.shareSecret ||
-      env.WILD_WORKSPACE_SHARE_SECRET ||
-      secrets().shareSecret,
-    workspaceId:
-      overrides.workspaceId ||
-      env.WILD_WORKSPACE_ID ||
-      path.basename(workspaceDir) ||
-      'workspace',
-    role: overrides.role || env.WILD_WORKSPACE_ROLE || ROLES.PARTNER,
-    // bmo-sync daemon — a separate local process; the bridge retries quietly
-    // when it is absent. daemonUrl is the WebSocket event feed; daemonHttpUrl
-    // is the same origin's HTTP API (pair / detach / list).
-    daemonUrl,
-    daemonHttpUrl: daemonHttpBase(daemonUrl),
-    // Central bmo-sync server (Fly.io). Used to redeem invites (via the
-    // daemon) and — only when an admin key is set — to mint them.
-    bmoSyncServerUrl:
-      overrides.bmoSyncServerUrl ||
-      env.WILD_WORKSPACE_BMO_SYNC_URL ||
-      env.BMO_SYNC_URL ||
-      'https://sync.venturewild.llc',
-    // Optional. Present only on an install that mints invites (the folder
-    // owner). Absent installs can still redeem. Never sent to the browser.
-    bmoSyncAdminKey:
-      overrides.bmoSyncAdminKey ||
-      env.BMO_SYNC_ADMIN_KEY ||
-      env.WILD_WORKSPACE_BMO_ADMIN_KEY ||
-      null,
-    home: os.homedir(),
-    nodeEnv: env.NODE_ENV || 'production',
-  };
-}
-
-export const APP_VERSION = '0.1.0';
+// Central config + role definitions.
+// One UI permission-flagged per AR-19.
+
+import path from 'node:path';
+import os from 'node:os';
+import fs from 'node:fs';
+import crypto from 'node:crypto';
+import { fileURLToPath } from 'node:url';
+
+import { loadAccount } from './account.mjs';
+import { loadOperatorToken } from './operator.mjs';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+// Secrets that shipped as scaffold defaults. Forgeable — never allowed on a
+// non-localhost bind. Kept only so the startup guard can recognise them.
+export const WEAK_SECRETS = Object.freeze(
+  new Set(['dev-partner-token', 'dev-share-secret-change-me']),
+);
+
+const LOCAL_HOSTS = Object.freeze(new Set(['127.0.0.1', 'localhost', '::1']));
+
+export function isLocalhost(host) {
+  return LOCAL_HOSTS.has(host);
+}
+
+// The bmo-sync daemon's HTTP origin, derived from its WebSocket event-feed
+// URL so the two stay consistent when WILD_WORKSPACE_DAEMON_URL is overridden.
+function daemonHttpBase(wsUrl) {
+  try {
+    const u = new URL(wsUrl);
+    return `${u.protocol === 'wss:' ? 'https:' : 'http:'}//${u.host}`;
+  } catch {
+    return 'http://127.0.0.1:8320';
+  }
+}
+
+// Per-install secrets. Generated once, persisted to <dataDir>/secrets.json
+// (the .wild-workspace dir is gitignored). Replaces the weak scaffold defaults
+// so share tokens can't be forged. (Concern C2.)
+function loadOrCreateSecrets(dataDir) {
+  const secretsPath = path.join(dataDir, 'secrets.json');
+  try {
+    const parsed = JSON.parse(fs.readFileSync(secretsPath, 'utf8'));
+    if (parsed.partnerToken && parsed.shareSecret) return parsed;
+  } catch {
+    // missing / unreadable / malformed — fall through and regenerate
+  }
+  const generated = {
+    partnerToken: crypto.randomBytes(24).toString('base64url'),
+    shareSecret: crypto.randomBytes(32).toString('base64url'),
+  };
+  try {
+    fs.mkdirSync(dataDir, { recursive: true });
+    fs.writeFileSync(secretsPath, JSON.stringify(generated, null, 2), { mode: 0o600 });
+  } catch {
+    // can't persist (read-only fs?) — still use the generated pair for this run
+  }
+  return generated;
+}
+
+// Refuse to start in public mode with a forgeable secret. (Concerns C1/C2.)
+export function assertSecureBinding(config) {
+  if (!config.publicMode) return;
+  if (WEAK_SECRETS.has(config.partnerToken) || WEAK_SECRETS.has(config.shareSecret)) {
+    throw new Error(
+      `Refusing to run in public mode with a default secret. ` +
+        `Set WILD_WORKSPACE_PARTNER_TOKEN and WILD_WORKSPACE_SHARE_SECRET, ` +
+        `or remove them so per-install secrets are generated.`,
+    );
+  }
+}
+
+export const ROLES = Object.freeze({
+  PARTNER: 'partner',
+  VIEWER: 'viewer',
+  CLIENT: 'client',
+  // The consented support/operator channel (off by default — see operator.mjs).
+  OPERATOR: 'operator',
+});
+
+export const ROLE_CAPABILITIES = Object.freeze({
+  partner: {
+    chat: true,
+    chatWrite: true,
+    preview: true,
+    fileTree: true,
+    terminal: true,
+    inbox: true,
+    share: true,
+    sync: true,
+    deploy: true,
+    requestChanges: false,
+    operate: true, // the owner can also drive the operator allowlist locally
+  },
+  viewer: {
+    chat: true,
+    chatWrite: false,
+    preview: true,
+    fileTree: false,
+    terminal: false,
+    inbox: false,
+    share: false,
+    sync: false,
+    deploy: false,
+    requestChanges: false,
+    operate: false,
+  },
+  client: {
+    chat: true,
+    chatWrite: true,
+    preview: true,
+    fileTree: false,
+    terminal: false,
+    inbox: false,
+    share: false,
+    sync: false,
+    deploy: false,
+    requestChanges: true,
+    operate: false,
+  },
+  // Operator: remote diagnose + a curated remediation allowlist. Read-only on
+  // chat (can SEE the conversation to help, cannot drive the agent — chatWrite
+  // stays false), plus the `operate` capability the /api/operator/* routes gate
+  // on. Reachable only with the dedicated operator token (operator.mjs).
+  operator: {
+    chat: true,
+    chatWrite: false,
+    preview: true,
+    fileTree: true,
+    terminal: false,
+    inbox: false,
+    share: false,
+    sync: false,
+    deploy: false,
+    requestChanges: false,
+    operate: true,
+  },
+});
+
+export const DEFAULT_AGENTS = Object.freeze([
+  {
+    id: 'claude',
+    binary: 'claude',
+    label: 'Claude Code',
+    description: 'Anthropic Claude Code',
+    args: ['-p', '--output-format', 'stream-json', '--include-partial-messages', '--verbose'],
+    streamFormat: 'claude-stream-json',
+  },
+  {
+    id: 'gemini',
+    binary: 'gemini',
+    label: 'Gemini CLI',
+    description: 'Google Gemini',
+    args: ['-p'],
+    streamFormat: 'text',
+  },
+  {
+    id: 'glm',
+    binary: 'glm',
+    label: 'GLM (Z.AI)',
+    description: 'GLM-4.6 via Z.AI',
+    args: ['-p', '--permission-mode', 'bypassPermissions'],
+    streamFormat: 'text',
+  },
+  {
+    id: 'codex',
+    binary: 'codex',
+    label: 'Codex (OpenAI)',
+    description: 'GPT-5 / o3 via Codex CLI',
+    args: ['exec', '--skip-git-repo-check'],
+    streamFormat: 'text',
+  },
+]);
+
+export function buildConfig(overrides = {}) {
+  const env = process.env;
+  const portOverride = overrides.port;
+  const resolvedPort =
+    typeof portOverride === 'number'
+      ? portOverride
+      : Number(env.WILD_WORKSPACE_PORT || 5173);
+  const workspaceDir = path.resolve(
+    overrides.workspaceDir || env.WILD_WORKSPACE_DIR || process.cwd(),
+  );
+  const dataDir = path.resolve(
+    overrides.dataDir ||
+      env.WILD_WORKSPACE_DATA_DIR ||
+      path.join(workspaceDir, '.wild-workspace'),
+  );
+  // Lazy: only load/generate persisted secrets if neither an override nor an
+  // env var supplies one — keeps tests that pass both from touching the fs.
+  let _secrets = null;
+  const secrets = () => (_secrets ??= loadOrCreateSecrets(dataDir));
+  const host = overrides.host || env.WILD_WORKSPACE_HOST || '127.0.0.1';
+  // publicMode = "treat every request as untrusted". True for a non-localhost
+  // bind, OR when WILD_WORKSPACE_PUBLIC=1 — needed when a tunnel (Cloudflare
+  // etc.) forwards public traffic to a localhost-bound server, since the bind
+  // address alone would otherwise look local. Drives the C1 auth posture.
+  const publicMode =
+    overrides.publicMode ??
+    (env.WILD_WORKSPACE_PUBLIC === '1' || !isLocalhost(host));
+  // bmo-sync: the local daemon's event feed (a WebSocket URL).
+  const daemonUrl =
+    overrides.daemonUrl ||
+    env.WILD_WORKSPACE_DAEMON_URL ||
+    'ws://127.0.0.1:8320/api/events';
+  // Per-install bmo-sync account — null until the user runs `wild-workspace
+  // login` with the payload from `workspace.venturewild.llc`. Its presence
+  // upgrades the install to a real slug (shareBaseUrl flips to the user's
+  // subdomain) and lights up the /api/session.account field for the UI.
+  const account =
+    overrides.account === undefined ? loadAccount(dataDir) : overrides.account;
+  const accountShareBase = account?.slug
+    ? `https://${account.slug}.venturewild.llc`
+    : null;
+  return {
+    port: resolvedPort,
+    host,
+    publicMode,
+    workspaceDir,
+    dataDir,
+    webDir:
+      overrides.webDir ||
+      env.WILD_WORKSPACE_WEB_DIR ||
+      path.resolve(__dirname, '..', '..', 'web', 'dist'),
+    openBrowser: overrides.openBrowser ?? env.WILD_WORKSPACE_NO_OPEN !== '1',
+    shareBaseUrl:
+      overrides.shareBaseUrl ||
+      env.WILD_WORKSPACE_SHARE_BASE_URL ||
+      accountShareBase ||
+      `http://${host}:${resolvedPort}`,
+    // The signed-in account (if any). Kept on the server-side config so
+    // /api/session can expose the public bits (slug, email, accountId, displayName)
+    // to the UI while accountToken stays here only.
+    account: account
+      ? {
+          slug: account.slug,
+          email: account.email,
+          accountId: account.accountId,
+          displayName: account.displayName,
+          loggedInAt: account.loggedInAt,
+          // accountToken is intentionally kept out of the broadcasted config
+          // shape — it's read separately by code that needs to authenticate
+          // against bmo-sync.
+        }
+      : null,
+    accountToken: account?.accountToken || null,
+    partnerToken:
+      overrides.partnerToken ||
+      env.WILD_WORKSPACE_PARTNER_TOKEN ||
+      secrets().partnerToken,
+    shareSecret:
+      overrides.shareSecret ||
+      env.WILD_WORKSPACE_SHARE_SECRET ||
+      secrets().shareSecret,
+    // The operator-channel token — null unless the user explicitly enabled the
+    // channel (`wild-workspace operator enable`). Off by default. Server-side
+    // only; never broadcast to the browser.
+    operatorToken:
+      overrides.operatorToken ??
+      env.WILD_WORKSPACE_OPERATOR_TOKEN ??
+      loadOperatorToken(dataDir),
+    workspaceId:
+      overrides.workspaceId ||
+      env.WILD_WORKSPACE_ID ||
+      path.basename(workspaceDir) ||
+      'workspace',
+    role: overrides.role || env.WILD_WORKSPACE_ROLE || ROLES.PARTNER,
+    // bmo-sync daemon — a separate local process; the bridge retries quietly
+    // when it is absent. daemonUrl is the WebSocket event feed; daemonHttpUrl
+    // is the same origin's HTTP API (pair / detach / list).
+    daemonUrl,
+    daemonHttpUrl: daemonHttpBase(daemonUrl),
+    // Auto-start the bmo-sync daemon when the server boots. On by default;
+    // WILD_WORKSPACE_DAEMON_AUTOSTART=0 disables it. Forced off under the test
+    // runner (VITEST / NODE_ENV=test) so the suite never spawns a real daemon.
+    daemonAutostart:
+      overrides.daemonAutostart ??
+      (env.WILD_WORKSPACE_DAEMON_AUTOSTART !== '0' &&
+        !env.VITEST &&
+        env.NODE_ENV !== 'test'),
+    // Central bmo-sync server (Fly.io). Used to redeem invites (via the
+    // daemon) and — only when an admin key is set — to mint them.
+    bmoSyncServerUrl:
+      overrides.bmoSyncServerUrl ||
+      env.WILD_WORKSPACE_BMO_SYNC_URL ||
+      env.BMO_SYNC_URL ||
+      'https://sync.venturewild.llc',
+    // Optional. Present only on an install that mints invites (the folder
+    // owner). Absent installs can still redeem. Never sent to the browser.
+    bmoSyncAdminKey:
+      overrides.bmoSyncAdminKey ||
+      env.BMO_SYNC_ADMIN_KEY ||
+      env.WILD_WORKSPACE_BMO_ADMIN_KEY ||
+      null,
+    home: os.homedir(),
+    nodeEnv: env.NODE_ENV || 'production',
+  };
+}
+
+export const APP_VERSION = '0.1.0';

package/server/src/daemon-bin.mjs

@@ -36,9 +36,13 @@ export function daemonBinaryName() {
  *
  * @param {{ env?: NodeJS.ProcessEnv, vendorRoot?: string }} [opts]
  */
-export function resolveDaemonBinary({ env = process.env, vendorRoot } = {}) {
+export function resolveDaemonBinary({ env = process.env, vendorRoot, requireResolve } = {}) {
   const binName = daemonBinaryName();
   const tag = platformTag();
+  // Injected seam: lets a test simulate "the platform subpackage isn't
+  // installed" deterministically, regardless of what's in this machine's
+  // node_modules (the win32-x64 subpackage IS present on a Windows dev box).
+  const resolvePkg = requireResolve || ((id) => require.resolve(id));
 
   // 1. explicit override — if set but missing, that's an error, not a miss.
   const override = env.WILD_WORKSPACE_DAEMON_BIN;
@@ -49,7 +53,7 @@ export function resolveDaemonBinary({ env = process.env, vendorRoot } = {}) {
   // 2. per-platform npm subpackage — resolve via its package.json so the
   //    lookup doesn't depend on an `exports` map for the binary file.
   try {
-    const pkgJson = require.resolve(`@venturewild/workspace-daemon-${tag}/package.json`);
+    const pkgJson = resolvePkg(`@venturewild/workspace-daemon-${tag}/package.json`);
     const candidate = path.join(path.dirname(pkgJson), binName);
     if (existsSync(candidate)) return { path: candidate, source: 'subpackage' };
   } catch {