@venturewild/workspace 0.1.0 → 0.1.2

package/server/src/daemon-supervisor.mjs

@@ -0,0 +1,216 @@
+// Lifecycle owner for the bmo-sync daemon.
+//
+// The daemon is bmo-sync's sync engine running as its own process (a browser
+// app can't embed the Rust library the way wild-terminal's Tauri build did).
+// It does ALL the syncing; wild-workspace only displays its status and tells
+// it what to pair. This module is the one extra responsibility wild-workspace
+// takes on: pressing the daemon's power button.
+//
+// Why wild-workspace owns the lifecycle: on a locked-down (enterprise-managed)
+// machine the daemon cannot register itself as an OS service — logon-triggered
+// scheduled tasks are blocked without admin. So the app the user actually runs
+// starts it instead.
+//
+// The daemon is spawned DETACHED + window-hidden: it keeps running (and so
+// keeps syncing) after wild-workspace — server and browser both — has closed,
+// and it never flashes a console window. It is deliberately NOT stopped when
+// the server stops. The one gap this leaves — sync paused between a reboot and
+// the next `wild-workspace` launch — is covered by bmo-sync's offline-resume.
+
+import { spawn } from 'node:child_process';
+import {
+  openSync,
+  closeSync,
+  mkdirSync,
+  readFileSync,
+  writeFileSync,
+  unlinkSync,
+} from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import { resolveDaemonBinary } from './daemon-bin.mjs';
+
+const DEFAULT_HTTP_BASE = 'http://127.0.0.1:8320';
+
+export class DaemonSupervisor {
+  /**
+   * @param {object} [opts]
+   * @param {string} [opts.httpBase]   the daemon's local HTTP origin.
+   * @param {string} [opts.globalDir]  where the pid + log files live. A
+   *   machine-global dir (`~/.wild-workspace`) — the daemon is one per machine,
+   *   not one per workspace, so this is deliberately NOT the per-workspace
+   *   `.wild-workspace/` data dir.
+   * @param {Function} [opts.resolveBinary]  daemon-binary resolver (test seam).
+   * @param {Function} [opts.spawnImpl]      child_process.spawn (test seam).
+   * @param {Function} [opts.fetchImpl]      global fetch (test seam).
+   * @param {Function} [opts.killImpl]       process.kill (test seam).
+   * @param {NodeJS.ProcessEnv} [opts.env]
+   */
+  constructor({
+    httpBase = DEFAULT_HTTP_BASE,
+    globalDir = path.join(os.homedir(), '.wild-workspace'),
+    resolveBinary = resolveDaemonBinary,
+    spawnImpl = spawn,
+    fetchImpl = globalThis.fetch,
+    killImpl = (pid, sig) => process.kill(pid, sig),
+    env = process.env,
+    // b-ii: when the install is logged in (account.json present), these are
+    // injected into the daemon's spawn env so it opens the proxy link
+    // (`BMO_DAEMON_ACCOUNT_TOKEN`) against the right relay
+    // (`BMO_DAEMON_SERVER_URL`). Absent → daemon syncs only, no proxy link.
+    accountToken = null,
+    serverUrl = null,
+  } = {}) {
+    this.httpBase = httpBase.replace(/\/+$/, '');
+    this.globalDir = globalDir;
+    this.pidFile = path.join(globalDir, 'daemon.pid');
+    this.logFile = path.join(globalDir, 'daemon.log');
+    this.resolveBinary = resolveBinary;
+    this.spawnImpl = spawnImpl;
+    this.fetchImpl = fetchImpl;
+    this.killImpl = killImpl;
+    this.env = env;
+    this.accountToken = accountToken;
+    this.serverUrl = serverUrl;
+  }
+
+  /** Probe the daemon's /health endpoint. Never throws. */
+  async health() {
+    try {
+      const res = await this.fetchImpl(`${this.httpBase}/health`, {
+        signal: AbortSignal.timeout(2000),
+      });
+      return { running: !!res.ok };
+    } catch {
+      return { running: false };
+    }
+  }
+
+  /**
+   * Start the daemon unless it is already up. Idempotent and best-effort —
+   * the result is reported, never thrown.
+   * @returns {Promise<{started:boolean, alreadyRunning?:boolean, pid?:number,
+   *   error?:string}>}
+   */
+  async ensureRunning() {
+    if ((await this.health()).running) {
+      return { started: false, alreadyRunning: true };
+    }
+    return this.spawnDaemon();
+  }
+
+  /** Spawn the daemon detached + window-hidden, logging to `daemon.log`. */
+  spawnDaemon() {
+    const bin = this.resolveBinary({ env: this.env });
+    // `null` = an explicit override path that doesn't exist; `path` = nothing
+    // concrete found, only the bare name as a PATH last-resort. In neither case
+    // is there a real binary to launch — refuse rather than ENOENT later.
+    if (!bin || bin.source === 'path') {
+      return { started: false, error: 'daemon-binary-not-found' };
+    }
+
+    try {
+      mkdirSync(this.globalDir, { recursive: true });
+    } catch {
+      /* fall through — openSync below will surface a real problem */
+    }
+
+    // A real fd (not 'ignore') so the daemon's stdout/stderr land in a log the
+    // user can read — and so its eprintln writes hit a valid handle.
+    let logFd = 'ignore';
+    try {
+      logFd = openSync(this.logFile, 'a');
+    } catch {
+      /* can't open the log — run anyway with output discarded */
+    }
+
+    let child;
+    try {
+      child = this.spawnImpl(bin.path, [], {
+        detached: true, //      outlive the wild-workspace server
+        windowsHide: true, //   no console window — the whole point
+        stdio: ['ignore', logFd, logFd],
+        // b-ii proxy link: inject the account token + relay URL when the
+        // install is logged in. Object-spreading a falsy value is a no-op,
+        // so an unauthenticated install spawns with a clean inherited env.
+        env: {
+          ...this.env,
+          ...(this.accountToken && { BMO_DAEMON_ACCOUNT_TOKEN: this.accountToken }),
+          ...(this.serverUrl && { BMO_DAEMON_SERVER_URL: this.serverUrl }),
+        },
+      });
+    } catch (err) {
+      if (typeof logFd === 'number') {
+        try { closeSync(logFd); } catch {}
+      }
+      return { started: false, error: String(err?.message || err) };
+    }
+
+    // The parent must drop its own copy of the log fd + its handle on the
+    // child, or the server process can't exit cleanly.
+    if (typeof logFd === 'number') {
+      try { closeSync(logFd); } catch {}
+    }
+    child.unref();
+
+    try {
+      writeFileSync(this.pidFile, String(child.pid));
+    } catch {
+      /* pid file is best-effort — `stop` falls back to a health probe */
+    }
+    return { started: true, pid: child.pid, binary: bin.path, source: bin.source };
+  }
+
+  /** The pid recorded by the last spawn, or null. */
+  readPid() {
+    try {
+      const pid = Number(readFileSync(this.pidFile, 'utf8').trim());
+      return Number.isInteger(pid) && pid > 0 ? pid : null;
+    } catch {
+      return null;
+    }
+  }
+
+  /** Stop the daemon (best-effort) by signalling the recorded pid. */
+  async stop() {
+    const pid = this.readPid();
+    if (!pid) {
+      const running = (await this.health()).running;
+      return { stopped: false, reason: running ? 'no-pid-file' : 'not-running' };
+    }
+    try {
+      this.killImpl(pid, 'SIGTERM');
+    } catch (err) {
+      if (err?.code === 'ESRCH') {
+        // already gone — tidy the stale pid file
+        try { unlinkSync(this.pidFile); } catch {}
+        return { stopped: false, reason: 'not-running' };
+      }
+      return { stopped: false, reason: String(err?.message || err) };
+    }
+    try { unlinkSync(this.pidFile); } catch {}
+    return { stopped: true, pid };
+  }
+
+  /** Combined status for `wild-workspace daemon status`. */
+  async status() {
+    const { running } = await this.health();
+    return {
+      running,
+      pid: this.readPid(),
+      httpBase: this.httpBase,
+      pidFile: this.pidFile,
+      logFile: this.logFile,
+    };
+  }
+
+  /** Poll /health until the daemon answers or the deadline passes. */
+  async waitForHealthy(timeoutMs = 4000) {
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+      if ((await this.health()).running) return true;
+      await new Promise((r) => setTimeout(r, 250));
+    }
+    return false;
+  }
+}

package/server/src/daemon.mjs

@@ -147,6 +147,12 @@ export class DaemonBridge {
         path: msg.path,
         resolution: msg.resolution,
         conflictingUser: msg.conflictingUser,
+        // C12-e enrichment — present for daemon-detected conflicts only.
+        mineSha256: msg.mineSha256,
+        theirsSha256: msg.theirsSha256,
+        baseSha256: msg.baseSha256,
+        peerBackOfficePath: msg.peerBackOfficePath,
+        detectedAt: msg.detectedAt,
       });
     } else if (msg.kind === 'fatal') {
       this.activityBus.publish({

package/server/src/doctor.mjs

@@ -0,0 +1,246 @@
+// `wild-workspace doctor` — one pre/post-flight diagnostic for a real user's
+// machine. The riskiest moment for a brand-new (non-technical) user is the
+// install itself: no Claude yet, wrong Node, a busy port, a daemon binary that
+// didn't resolve, an unclaimed slug. When something breaks we need to SEE it —
+// ideally fix it — without making them feel stupid (docs/user-experience.md §5).
+//
+// runDoctor() returns a structured report (every check is { id, label, status,
+// detail, hint }); the CLI renders it with ✅/⚠️/❌ and the operator channel
+// serves the same JSON. Every external touch-point (agent detect, auth probe,
+// daemon resolve, port check, account load, service status, registry fetch) is
+// an injected seam so the test suite never spawns a process or hits the network.
+
+import os from 'node:os';
+import fs from 'node:fs';
+import path from 'node:path';
+
+import { buildConfig, APP_VERSION } from './config.mjs';
+import { detectAgents, pickDefaultAgent } from './agent.mjs';
+import { probeAgentReadiness } from './agent-readiness.mjs';
+import { resolveDaemonBinary } from './daemon-bin.mjs';
+import { checkPort } from './preview.mjs';
+import { loadAccount } from './account.mjs';
+import { serviceStatus } from './service.mjs';
+import { probeHealth } from './supervisor.mjs';
+import { listLogs, diagnosticsDir } from './logpaths.mjs';
+
+const STATUS_ICON = { ok: '✅', warn: '⚠️', fail: '❌', info: 'ℹ️' };
+
+// Native installer is Claude's canonical path today (npm i -g still works as a
+// fallback). Shown verbatim to the user, so keep it copy-pasteable.
+const CLAUDE_INSTALL_HINT =
+  'Install Claude Code: curl -fsSL https://claude.ai/install.sh | bash  (Windows: irm https://claude.ai/install.ps1 | iex)';
+
+function nodeMajor(version = process.version) {
+  const m = /^v?(\d+)/.exec(String(version));
+  return m ? Number(m[1]) : 0;
+}
+
+// Reach the bmo-sync registry: resolve the user's slug if linked, else /health.
+async function probeRegistry(config, fetchImpl) {
+  const base = String(config.bmoSyncServerUrl || '').replace(/\/$/, '');
+  const slug = config.account?.slug || null;
+  const url = slug
+    ? `${base}/api/slug/resolve/${encodeURIComponent(slug)}`
+    : `${base}/api/health`;
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), 5000);
+  try {
+    const res = await fetchImpl(url, { signal: ctrl.signal });
+    return { reachable: true, status: res.status, slug, url };
+  } catch (e) {
+    return { reachable: false, error: String(e?.message || e), slug, url };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+/**
+ * Run every diagnostic check. All deps are injectable for testing.
+ * @returns {{version,generatedAt,platform,summary,checks,logs}}
+ */
+export async function runDoctor(opts = {}, deps = {}) {
+  const config = opts.config || deps.config || buildConfig({});
+  const env = deps.env || process.env;
+  const d = {
+    detectAgents: deps.detectAgents || detectAgents,
+    probeReadiness: deps.probeAgentReadiness || probeAgentReadiness,
+    resolveDaemon: deps.resolveDaemonBinary || resolveDaemonBinary,
+    checkPort: deps.checkPort || checkPort,
+    loadAccount: deps.loadAccount || loadAccount,
+    serviceStatus: deps.serviceStatus || serviceStatus,
+    listLogs: deps.listLogs || listLogs,
+    fetchImpl: deps.fetchImpl || ((...a) => globalThis.fetch(...a)),
+  };
+  const checks = [];
+  const add = (c) => checks.push(c);
+  // Run a check body, capturing a thrown error as a non-fatal 'warn' so one bad
+  // check never aborts the whole report.
+  const guarded = async (id, label, body) => {
+    try {
+      add({ id, label, ...(await body()) });
+    } catch (e) {
+      add({ id, label, status: 'warn', detail: `check errored: ${String(e?.message || e)}`, hint: null });
+    }
+  };
+
+  // 1. Node runtime
+  await guarded('node', 'Node.js runtime', async () => {
+    const major = nodeMajor();
+    const detail = `${process.version} on ${os.platform()}-${os.arch()}`;
+    return major >= 18
+      ? { status: 'ok', detail, hint: null }
+      : { status: 'fail', detail, hint: 'Claude Code + wild-workspace need Node 18 or newer. Update Node, then retry.' };
+  });
+
+  // 2. Claude installed?
+  let claude = null;
+  await guarded('agent', 'Claude Code installed', async () => {
+    const agents = await d.detectAgents();
+    claude = (agents || []).find((a) => a.id === 'claude' && a.available) || null;
+    if (!claude) {
+      const fallback = pickDefaultAgent(agents || []);
+      if (fallback?.available) {
+        return { status: 'info', detail: `Claude not found; using ${fallback.label}.`, hint: null };
+      }
+      return { status: 'fail', detail: 'no `claude` on PATH', hint: CLAUDE_INSTALL_HINT };
+    }
+    return { status: 'ok', detail: claude.resolvedPath || claude.binary, hint: null };
+  });
+
+  // 3. Claude signed in AND able to run turns?
+  if (claude) {
+    await guarded('agentAuth', 'Claude ready to think', async () => {
+      const v = await d.probeReadiness(claude, undefined, env);
+      switch (v.status) {
+        case 'ready':
+          return { status: 'ok', detail: v.email ? `signed in as ${v.email}` : 'signed in', hint: null };
+        case 'subscribe':
+          return {
+            status: 'warn',
+            detail: v.email ? `signed in as ${v.email}, no active plan` : 'signed in, no active plan',
+            hint: 'Claude Code needs a Claude Pro plan (or higher). Subscribe at claude.ai, then retry.',
+          };
+        case 'login':
+          return { status: 'fail', detail: 'not signed in', hint: 'Run `claude auth login`, sign in, then retry.' };
+        case 'missing':
+          return { status: 'fail', detail: 'Claude not installed', hint: CLAUDE_INSTALL_HINT };
+        default:
+          return { status: 'info', detail: `readiness unknown (${v.status})`, hint: 'Will be confirmed on the first agent turn.' };
+      }
+    });
+  }
+
+  // 4. bmo-sync daemon binary resolvable?
+  await guarded('daemonBinary', 'Sync daemon binary', async () => {
+    const r = d.resolveDaemon({ env });
+    if (!r) {
+      return { status: 'fail', detail: 'WILD_WORKSPACE_DAEMON_BIN is set but the file is missing', hint: 'Unset it or point it at a real binary.' };
+    }
+    if (r.source === 'path') {
+      return {
+        status: 'warn',
+        detail: 'no bundled daemon found — relying on PATH; cross-device sync may be off',
+        hint: 'Reinstall: npm i -g @venturewild/workspace (pulls the daemon for your platform).',
+      };
+    }
+    return { status: 'ok', detail: `${r.path} (${r.source})`, hint: null };
+  });
+
+  // 5. Workspace port
+  await guarded('port', `Workspace port :${config.port}`, async () => {
+    const inUse = await d.checkPort(config.port);
+    return inUse
+      ? { status: 'info', detail: 'in use — your workspace is likely already running (or another app holds it)', hint: null }
+      : { status: 'ok', detail: 'free', hint: null };
+  });
+
+  // 6. Account linked (slug)
+  let account = null;
+  await guarded('account', 'Workspace account linked', async () => {
+    account = d.loadAccount(config.dataDir);
+    if (account?.slug) {
+      return { status: 'ok', detail: `${account.slug} (${account.email || 'no email'}) → https://${account.slug}.venturewild.llc`, hint: null };
+    }
+    return { status: 'warn', detail: 'not linked yet', hint: 'Run `wild-workspace login <blob>` with the code from workspace.venturewild.llc.' };
+  });
+
+  // 7. Registry reachable + slug status
+  await guarded('registry', 'Sync server reachable', async () => {
+    const r = await probeRegistry({ ...config, account: account || config.account }, d.fetchImpl);
+    if (!r.reachable) {
+      return { status: 'fail', detail: `can't reach ${r.url}: ${r.error}`, hint: 'Check the internet connection, then retry.' };
+    }
+    if (r.slug) {
+      if (r.status === 200) return { status: 'ok', detail: `slug "${r.slug}" is claimed`, hint: null };
+      if (r.status === 404) return { status: 'warn', detail: `slug "${r.slug}" is not claimed on the server`, hint: 'Re-run the claim, or `wild-workspace login` with a fresh blob.' };
+      return { status: 'warn', detail: `slug resolve returned HTTP ${r.status}`, hint: null };
+    }
+    return r.status < 500
+      ? { status: 'ok', detail: `reachable (HTTP ${r.status})`, hint: null }
+      : { status: 'warn', detail: `server returned HTTP ${r.status}`, hint: null };
+  });
+
+  // 8. Always-on / autostart
+  await guarded('service', 'Always-on (autostart)', async () => {
+    const s = await d.serviceStatus({ port: config.port }, { probeImpl: (p) => probeHealth(p) });
+    if (s.supported === false) {
+      return { status: 'info', detail: `not yet on ${s.platform} — run \`wild-workspace\` to start it`, hint: null };
+    }
+    const bits = [`installed=${s.installed ? 'yes' : 'no'}`, `supervisor=${s.supervisorAlive ? 'up' : 'down'}`, `server=${s.serverUp ? 'up' : 'down'}`];
+    return { status: s.installed ? 'ok' : 'info', detail: bits.join(' '), hint: s.installed ? null : 'Enable with `wild-workspace service install`.' };
+  });
+
+  const logs = d.listLogs(env);
+  const summary = checks.reduce(
+    (acc, c) => ((acc[c.status] = (acc[c.status] || 0) + 1), acc),
+    { ok: 0, warn: 0, fail: 0, info: 0 },
+  );
+
+  return {
+    version: APP_VERSION,
+    generatedAt: new Date().toISOString(),
+    platform: `${os.platform()}-${os.arch()}`,
+    summary,
+    checks,
+    logs,
+  };
+}
+
+// Render a report to a human string (used by the CLI). The operator channel
+// sends the JSON instead.
+export function renderDoctor(report) {
+  const lines = [];
+  lines.push(`wild-workspace doctor — v${report.version}  (${report.platform})`);
+  lines.push('');
+  for (const c of report.checks) {
+    lines.push(`${STATUS_ICON[c.status] || '•'}  ${c.label}: ${c.detail}`);
+    if (c.hint && (c.status === 'fail' || c.status === 'warn')) {
+      lines.push(`      → ${c.hint}`);
+    }
+  }
+  lines.push('');
+  const { ok, warn, fail } = report.summary;
+  lines.push(`Summary: ${ok} ok · ${warn} warning${warn === 1 ? '' : 's'} · ${fail} problem${fail === 1 ? '' : 's'}`);
+  lines.push('');
+  lines.push('Logs:');
+  for (const l of report.logs) {
+    lines.push(`  ${l.exists ? '·' : ' '} ${l.name.padEnd(10)} ${l.file}${l.exists ? ` (${l.size} bytes)` : ' (none yet)'}`);
+  }
+  return lines.join('\n');
+}
+
+// Persist the JSON report under ~/.wild-workspace/diagnostics/. Returns the
+// file path (or null if it couldn't be written). Best-effort.
+export function writeDoctorBundle(report, env = process.env) {
+  try {
+    const dir = diagnosticsDir(env);
+    fs.mkdirSync(dir, { recursive: true });
+    const stamp = report.generatedAt.replace(/[:.]/g, '-');
+    const file = path.join(dir, `doctor-${stamp}.json`);
+    fs.writeFileSync(file, JSON.stringify(report, null, 2));
+    return file;
+  } catch {
+    return null;
+  }
+}

package/server/src/error-reporter.mjs

@@ -0,0 +1,86 @@
+// Forwards meaningful errors (agent crashes, daemon exits, etc.) to the
+// central bmo-sync-server so support can see what went wrong on a client's
+// machine. Fire-and-forget — never blocks the user's request, never throws.
+//
+// Off-switch: WILD_WORKSPACE_NO_TELEMETRY=1 disables the reporter entirely.
+// Privacy: only error messages + stack traces are sent — no file contents, no
+// chat content, no file paths beyond their basename.
+
+import os from 'node:os';
+import path from 'node:path';
+import { APP_VERSION } from './config.mjs';
+
+// In-process burst guard so a thrashing daemon can't hammer the central
+// server. Per-(workspace+category) bucket, 10 reports per 60s window.
+const RL_WINDOW_MS = 60_000;
+const RL_CAP = 10;
+const buckets = new Map();
+
+function bucketKey(workspaceId, category) {
+  return `${workspaceId}:${category}`;
+}
+
+function allow(workspaceId, category) {
+  const now = Date.now();
+  const key = bucketKey(workspaceId, category);
+  const ts = buckets.get(key) || [];
+  const recent = ts.filter((t) => now - t < RL_WINDOW_MS);
+  if (recent.length >= RL_CAP) {
+    buckets.set(key, recent);
+    return false;
+  }
+  recent.push(now);
+  buckets.set(key, recent);
+  return true;
+}
+
+// Redact absolute paths down to a basename so we don't leak the user's home
+// directory or file layout to the central server. Picks up POSIX + Windows
+// paths in free text (messages and stack traces).
+const PATH_RE = /([A-Za-z]:\\[\w.\-\\\/]+|\/[\w.\-\/]+\.\w+)/g;
+function redactPaths(text) {
+  if (typeof text !== 'string') return text;
+  return text.replace(PATH_RE, (full) => path.basename(full));
+}
+
+export class ErrorReporter {
+  constructor({ bmoSyncUrl, workspaceId, enabled }) {
+    this.bmoSyncUrl = bmoSyncUrl?.replace(/\/$/, '') || null;
+    this.workspaceId = workspaceId || 'unknown';
+    this.enabled = enabled !== false && !this.bmoSyncUrl?.startsWith('http://127');
+  }
+
+  // Fire-and-forget. Catches every failure path so calling this never breaks
+  // the request that triggered it.
+  report({ category, message, stack, agentLabel, source }) {
+    if (!this.enabled || !this.bmoSyncUrl) return;
+    const cat = (category || 'agent').slice(0, 32);
+    if (!message) return;
+    if (!allow(this.workspaceId, cat)) return;
+    const body = {
+      workspace_id: this.workspaceId,
+      agent_label: agentLabel || null,
+      category: cat,
+      message: redactPaths(String(message)).slice(0, 4096),
+      stack: stack ? redactPaths(String(stack)).slice(0, 8192) : null,
+      app_version: APP_VERSION,
+      os: `${os.platform()}-${os.arch()}`,
+      source: source || 'wild-workspace',
+      ts: Math.floor(Date.now() / 1000),
+    };
+    const url = `${this.bmoSyncUrl}/api/errors/report`;
+    // Detached fetch with a short timeout so a hung server can't pile up.
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), 5000);
+    fetch(url, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify(body),
+      signal: ctrl.signal,
+    })
+      .catch(() => {
+        /* swallowed — telemetry never breaks the user's path */
+      })
+      .finally(() => clearTimeout(timer));
+  }
+}