@venturewild/workspace 0.1.0 → 0.1.2

package/server/src/logpaths.mjs

@@ -0,0 +1,97 @@
+// logpaths — one registry for the machine-global logs so `doctor`, `logs`, and
+// the operator channel all read the same set, and a tiny append/rotate/tail
+// helper for the new logs we write ourselves (cli, operator).
+//
+// WHY a registry and not just scattered paths: a brand-new user's install is the
+// riskiest moment (no Claude yet, wrong Node, port busy, daemon won't resolve),
+// and "I can't see what happened on their machine" is the #1 un-debuggable
+// failure. Centralising the log locations is what lets `wild-workspace doctor`
+// gather them and the operator channel tail them by name — never by arbitrary
+// path (the tail allowlist is TAILABLE below).
+//
+// NOTE: the supervisor + daemon-supervisor keep writing their logs at the
+// global-dir root (supervisor.log / server.out.log / daemon.log) — those paths
+// are reboot-proven and pinned by tests via an injected globalDir, so we mirror
+// them here for READING rather than moving them. Everything lives under
+// ~/.wild-workspace (NEVER the synced workspace — CLAUDE.md principle #1).
+
+import os from 'node:os';
+import path from 'node:path';
+import fs from 'node:fs';
+
+// THE machine-global dir. Mirrors service.mjs globalDir() + the supervisor
+// defaults. Overridable via env for tests / unusual homes.
+export function globalDir(env = process.env) {
+  return env.WILD_WORKSPACE_GLOBAL_DIR || path.join(os.homedir(), '.wild-workspace');
+}
+
+// Logical name → filename. The first three are written by existing components;
+// cli + operator are new. Doctor bundles go under diagnosticsDir() (below).
+export const LOG_FILES = Object.freeze({
+  supervisor: 'supervisor.log', // WorkspaceSupervisor watchdog
+  server: 'server.out.log', //     the :5173 server's stdout/stderr (launcher-redirected)
+  daemon: 'daemon.log', //         the bmo-sync daemon
+  cli: 'cli.log', //               every `wild-workspace …` invocation (first-run capture)
+  operator: 'operator.log', //     the consented operator channel's audit trail
+});
+
+// Logs the operator channel may tail BY NAME — never an arbitrary path.
+export const TAILABLE = Object.freeze(Object.keys(LOG_FILES));
+
+export function logFile(name, env = process.env) {
+  return path.join(globalDir(env), LOG_FILES[name] || `${name}.log`);
+}
+
+export function diagnosticsDir(env = process.env) {
+  return path.join(globalDir(env), 'diagnostics');
+}
+
+const MAX_LOG_BYTES = 2 * 1024 * 1024; // 2 MB → rotate to .1 (keep one prior gen)
+
+// Rotate `file` to `file.1` once it grows past maxBytes. Best-effort, no throw.
+export function rotateIfBig(file, maxBytes = MAX_LOG_BYTES) {
+  try {
+    if (fs.statSync(file).size > maxBytes) fs.renameSync(file, `${file}.1`);
+  } catch {
+    /* missing / racing rename — nothing to rotate */
+  }
+}
+
+// Append a timestamped line to a named log; ensures the dir + rotates. Returns
+// the file path. Never throws — logging must not break the caller's path.
+export function appendLine(name, line, env = process.env) {
+  const file = logFile(name, env);
+  try {
+    fs.mkdirSync(path.dirname(file), { recursive: true });
+    rotateIfBig(file);
+    fs.appendFileSync(file, `[${new Date().toISOString()}] ${line}\n`);
+  } catch {
+    /* read-only fs etc. — degrade silently */
+  }
+  return file;
+}
+
+// Last `n` lines of a file (logs are size-capped, so reading whole is cheap).
+// Returns '' when the file is missing/unreadable.
+export function tailFile(file, n = 200) {
+  try {
+    // Drop the trailing newline so the last line isn't an empty entry.
+    const lines = fs.readFileSync(file, 'utf8').replace(/\r?\n$/, '').split(/\r?\n/);
+    return lines.slice(Math.max(0, lines.length - n)).join('\n');
+  } catch {
+    return '';
+  }
+}
+
+// All known logs with on-disk size + mtime (null when absent) — for doctor/logs.
+export function listLogs(env = process.env) {
+  return TAILABLE.map((name) => {
+    const file = logFile(name, env);
+    try {
+      const st = fs.statSync(file);
+      return { name, file, exists: true, size: st.size, mtime: st.mtimeMs };
+    } catch {
+      return { name, file, exists: false, size: null, mtime: null };
+    }
+  });
+}

package/server/src/observability.mjs

@@ -0,0 +1,45 @@
+// Consent for the proactive session + install observability feed (session-reporter.mjs
+// + transcript.mjs).
+//
+// DEFAULT-ON: an absent file means consented — because the disclosure is shown at
+// onboarding, and this is the model the apps users already trust use (they retain
+// sessions by default with an easy off). An explicit opt-out persists here. Kept
+// in its own file (not agent-identity.json) so it's readable at first load —
+// before the agent is even named — and trivial to flip. Mirrors operator.mjs.
+//
+// What "on" actually streams: WHAT happened + install health, never the words
+// (redaction lives in session-reporter.mjs). Off also hard-stops the kill switch
+// path WILD_WORKSPACE_NO_TELEMETRY=1, which disables ALL telemetry regardless.
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+export const OBSERVABILITY_VERSION = 1;
+
+function consentFile(dataDir) {
+  return path.join(dataDir, 'observability.json');
+}
+
+export function loadObservabilityConsent(dataDir) {
+  try {
+    const p = JSON.parse(fs.readFileSync(consentFile(dataDir), 'utf8'));
+    return {
+      enabled: p.enabled !== false,
+      decidedAt: p.decidedAt ? Number(p.decidedAt) : null,
+      version: Number(p.version) || OBSERVABILITY_VERSION,
+    };
+  } catch {
+    return { enabled: true, decidedAt: null, version: OBSERVABILITY_VERSION }; // default-on
+  }
+}
+
+export function setObservabilityConsent(dataDir, enabled) {
+  const rec = { enabled: Boolean(enabled), decidedAt: Date.now(), version: OBSERVABILITY_VERSION };
+  try {
+    fs.mkdirSync(dataDir, { recursive: true });
+    fs.writeFileSync(consentFile(dataDir), JSON.stringify(rec, null, 2), { mode: 0o600 });
+  } catch {
+    /* read-only fs — fall back to in-memory for this run */
+  }
+  return rec;
+}

package/server/src/operator.mjs

@@ -0,0 +1,65 @@
+// Operator channel token — the consented "let the wild-workspace team help with
+// my install" capability (docs/SECURITY.md, docs/user-experience.md §5).
+//
+// SECURITY POSTURE: this channel is OFF by default. It only exists once a token
+// is minted (`wild-workspace operator enable`, an explicit user opt-in). With no
+// token, the operator role is unreachable and every /api/operator/* route 404s.
+// The token is a separate secret from the partner token (so it can be handed to
+// support + revoked independently), persisted 0600, and accepted ONLY in an
+// Authorization header — never a `?t=` query (it must not leak via logs /
+// history / referrer; SECURITY.md S1). Disabling deletes the token.
+
+import fs from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+
+export function operatorFile(dataDir) {
+  return path.join(dataDir, 'operator.json');
+}
+
+// The token, or null when the channel is disabled (the common case).
+export function loadOperatorToken(dataDir) {
+  try {
+    const parsed = JSON.parse(fs.readFileSync(operatorFile(dataDir), 'utf8'));
+    return typeof parsed.operatorToken === 'string' && parsed.operatorToken
+      ? parsed.operatorToken
+      : null;
+  } catch {
+    return null;
+  }
+}
+
+// Turn the channel on. Idempotent by default — returns the existing token if one
+// is already set (so a re-run doesn't invalidate the code the user already
+// shared). Pass { rotate:true } to force a fresh token. Returns the token, or
+// null if it couldn't be persisted.
+export function enableOperator(dataDir, { rotate = false } = {}) {
+  const existing = loadOperatorToken(dataDir);
+  if (existing && !rotate) return existing;
+  const token = crypto.randomBytes(24).toString('base64url');
+  try {
+    fs.mkdirSync(dataDir, { recursive: true });
+    fs.writeFileSync(
+      operatorFile(dataDir),
+      JSON.stringify({ operatorToken: token, enabledAt: Date.now() }, null, 2),
+      { mode: 0o600 },
+    );
+  } catch {
+    return null;
+  }
+  return token;
+}
+
+// Turn the channel off (revoke). Returns true if a token file was removed.
+export function disableOperator(dataDir) {
+  try {
+    fs.rmSync(operatorFile(dataDir));
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export function operatorStatus(dataDir) {
+  return { enabled: Boolean(loadOperatorToken(dataDir)), file: operatorFile(dataDir) };
+}

package/server/src/service.mjs

@@ -0,0 +1,127 @@
+// service.mjs — installs / removes the per-OS, NO-ADMIN autostart entry that
+// launches the WorkspaceSupervisor hidden at login. See docs/always-on-design.md.
+//
+// Windows (proven end-to-end incl. a real reboot, 2026-05-30): writes a tiny VBS
+// that runs `node <cli> service run` with no window, and registers it under
+// HKCU\...\Run (per-user, NO admin / UAC). macOS (LaunchAgent + KeepAlive) and
+// Linux (systemd --user + Restart=always) are designed but not yet implemented —
+// they return a clear "not yet" result so callers degrade gracefully (the user
+// can still run `wild-workspace` manually).
+//
+// All state (the VBS, service.json, the supervisor's lock/logs) lives in the
+// machine-global dir (~/.wild-workspace), NEVER the synced workspace (locked
+// principle #1). Every external touch-point (reg.exe, kill) is an injected seam.
+
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+
+const execFileP = promisify(execFile);
+
+export const RUN_KEY = 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run';
+export const RUN_VALUE_NAME = 'WildWorkspace';
+
+export function globalDir() { return path.join(os.homedir(), '.wild-workspace'); }
+
+/** Is per-user autostart implemented for this platform yet? */
+export function isSupported(platform = process.platform) { return platform === 'win32'; }
+
+// A VBS that runs `node <cli> service run` with NO window (0 = SW_HIDE,
+// False = don't wait). VBS string literals escape a `"` as `""`.
+export function buildVbs(node, cli) {
+  const cmd = `"${node}" "${cli}" service run`;
+  const vbsArg = '"' + cmd.replace(/"/g, '""') + '"';
+  return [
+    "' wild-workspace always-on launcher (generated by `wild-workspace service install`).",
+    "' Starts the workspace supervisor hidden at login. Disable via",
+    "' `wild-workspace service uninstall` (removes the HKCU\\...\\Run value).",
+    `CreateObject("WScript.Shell").Run ${vbsArg}, 0, False`,
+    '',
+  ].join('\r\n');
+}
+
+/** The HKCU\Run value: launch the VBS via the windowless wscript host. */
+export function buildRunValue(vbs) { return `wscript.exe "${vbs}"`; }
+
+// --- Windows implementation -------------------------------------------------
+
+async function winInstall({ node, cli, workspaceDir, port, version }, { dir, execFileImpl }) {
+  fs.mkdirSync(dir, { recursive: true });
+  const vbs = path.join(dir, 'launch-hidden.vbs');
+  const serviceJson = path.join(dir, 'service.json');
+  fs.writeFileSync(vbs, buildVbs(node, cli), 'utf8');
+  fs.writeFileSync(
+    serviceJson,
+    JSON.stringify({ node, cli, workspaceDir, port, version, installedAt: new Date().toISOString() }, null, 2),
+    'utf8',
+  );
+  const runValue = buildRunValue(vbs);
+  await execFileImpl('reg', ['add', RUN_KEY, '/v', RUN_VALUE_NAME, '/t', 'REG_SZ', '/d', runValue, '/f']);
+  return { installed: true, mechanism: 'HKCU\\Run', vbs, runValue, serviceJson };
+}
+
+async function winUninstall({ dir, execFileImpl, killImpl }) {
+  let removedKey = false;
+  try { await execFileImpl('reg', ['delete', RUN_KEY, '/v', RUN_VALUE_NAME, '/f']); removedKey = true; } catch { /* not present */ }
+  let stoppedPid = null;
+  try {
+    const pid = Number(fs.readFileSync(path.join(dir, 'supervisor.lock'), 'utf8').trim());
+    if (pid) { killImpl(pid); stoppedPid = pid; }
+  } catch { /* none running */ }
+  for (const f of ['launch-hidden.vbs', 'service.json']) { try { fs.unlinkSync(path.join(dir, f)); } catch { /* gone */ } }
+  return { uninstalled: true, removedKey, stoppedPid };
+}
+
+async function winStatus({ dir, execFileImpl, probeImpl, port }) {
+  let installed = false, runValue = null;
+  try {
+    const { stdout } = await execFileImpl('reg', ['query', RUN_KEY, '/v', RUN_VALUE_NAME]);
+    installed = new RegExp(RUN_VALUE_NAME, 'i').test(stdout);
+    runValue = (stdout.match(/REG_SZ\s+(.*?)\s*$/m) || [])[1] || null;
+  } catch { /* value absent → not installed */ }
+  let supervisorPid = null, supervisorAlive = false;
+  try { supervisorPid = Number(fs.readFileSync(path.join(dir, 'supervisor.lock'), 'utf8').trim()) || null; } catch { /* none */ }
+  if (supervisorPid) {
+    try { process.kill(supervisorPid, 0); supervisorAlive = true; } catch (e) { supervisorAlive = !!(e && e.code === 'EPERM'); }
+  }
+  const serverUp = await probeImpl(port);
+  return { installed, runValue, supervisorPid, supervisorAlive, serverUp };
+}
+
+// --- public API (platform dispatch) ----------------------------------------
+
+const unsupported = (platform, key) => ({
+  [key]: false,
+  supported: false,
+  platform,
+  message: `always-on autostart for ${platform} is not implemented yet — run \`wild-workspace\` to start manually (see docs/always-on-design.md)`,
+});
+
+export async function installService(opts = {}, deps = {}) {
+  const platform = deps.platform || process.platform;
+  if (platform !== 'win32') return unsupported(platform, 'installed');
+  return winInstall(opts, { dir: deps.dir || globalDir(), execFileImpl: deps.execFileImpl || execFileP });
+}
+
+export async function uninstallService(deps = {}) {
+  const platform = deps.platform || process.platform;
+  if (platform !== 'win32') return unsupported(platform, 'uninstalled');
+  return winUninstall({
+    dir: deps.dir || globalDir(),
+    execFileImpl: deps.execFileImpl || execFileP,
+    killImpl: deps.killImpl || ((pid) => process.kill(pid)),
+  });
+}
+
+export async function serviceStatus(opts = {}, deps = {}) {
+  const platform = deps.platform || process.platform;
+  if (platform !== 'win32') return { supported: false, platform };
+  return winStatus({
+    dir: deps.dir || globalDir(),
+    execFileImpl: deps.execFileImpl || execFileP,
+    probeImpl: deps.probeImpl || (async () => false),
+    port: opts.port || 5173,
+  });
+}

package/server/src/session-reporter.mjs

@@ -0,0 +1,201 @@
+// SessionReporter — the proactive, consented "is this user okay?" feed.
+//
+// WHY: the get-in path is self-serve, but if a real user gets stuck or their
+// install breaks, we were blind unless they ran `operator enable` and messaged
+// us — which makes us a bottleneck (docs/user-experience.md §5). This forwards a
+// LIVE, REDACTED stream of session events + install health to bmo-sync, keyed by
+// account, established at first load — so a stuck/broken user is never invisible
+// and never has to ask.
+//
+// PRIVACY — the load-bearing boundary: this feed carries WHAT happened (a turn
+// ran, tool X fired, an error, token/cost), NEVER the words. Chat text, tool
+// inputs, file contents, and paths are reduced to lengths/counts before anything
+// leaves the machine. Conversation *content* is a separate, separately-consented
+// channel (transcript.mjs). `redactEvent` is an ALLOWLIST projection — any event
+// type we don't explicitly model forwards only `{type}`, so a new event can
+// never leak by default. The matching test asserts a secret typed into a chat
+// turn never appears in the payload.
+//
+// Modeled on error-reporter.mjs (fire-and-forget, rate-limited, disable-able).
+// Gated by BOTH consent (user toggle) AND the shared WILD_WORKSPACE_NO_TELEMETRY
+// kill switch; inert without an accountToken (can't key it) or on a localhost
+// bmo-sync URL (dev).
+
+import os from 'node:os';
+import { APP_VERSION } from './config.mjs';
+
+function sanitizeUsage(u) {
+  if (!u || typeof u !== 'object') return null;
+  const out = {
+    input_tokens: Number(u.input_tokens) || 0,
+    output_tokens: Number(u.output_tokens) || 0,
+  };
+  if (typeof u.cost_usd === 'number') out.cost_usd = u.cost_usd;
+  return out;
+}
+
+/**
+ * Project one ActivityBus event to a SAFE shape. Allowlist by type; anything not
+ * listed forwards only {type, ts, id}. NEVER returns chat text, tool inputs,
+ * file paths, or file contents.
+ */
+export function redactEvent(ev) {
+  if (!ev || typeof ev !== 'object') return null;
+  const base = { type: ev.type, ts: ev.ts, id: ev.id };
+  if (ev.messageId) base.messageId = ev.messageId;
+  switch (ev.type) {
+    case 'chat-user':
+      // The user's prompt — length only, never the words.
+      return { ...base, textLen: typeof ev.text === 'string' ? ev.text.length : 0 };
+    case 'chat-stream': {
+      const c = ev.chunk || {};
+      const safe = { ...base, chunkType: c.type };
+      if (c.type === 'text' && typeof c.text === 'string') safe.textLen = c.text.length;
+      // tool NAME is safe ("Edit", "Bash"); the tool INPUT is not — never forward it.
+      if (c.type === 'tool-use') safe.tool = typeof c.name === 'string' ? c.name : c.tool || null;
+      if (c.type === 'usage' && c.usage) safe.usage = sanitizeUsage(c.usage);
+      if (c.type === 'error') safe.hasError = true; // the flag, not the message
+      return safe;
+    }
+    case 'usage':
+      return { ...base, usage: sanitizeUsage(ev.usage) };
+    case 'chat-end':
+      return { ...base, code: ev.code };
+    case 'identity-changed':
+      return { ...base, tone: ev.tone || null }; // tone only; drop the agent's name
+    case 'onboarded':
+      return { ...base, at: ev.at || null };
+    case 'agent-changed':
+      return { ...base, agentId: ev.agentId || null };
+    case 'daemon-status':
+      return { ...base, status: ev.status || null };
+    case 'operator-action':
+      return { ...base, action: ev.action || null }; // action verb, not its detail
+    case 'inbox-change':
+      return { ...base, count: Array.isArray(ev.snapshot) ? ev.snapshot.length : undefined };
+    case 'presence-join':
+    case 'presence-leave':
+    case 'presence-focus':
+      // sessionId + role are safe; `focus` can be a file path → dropped.
+      return { ...base, sessionId: ev.sessionId, role: ev.role };
+    default:
+      // Unknown event → minimal envelope only. Privacy fails CLOSED.
+      return { type: ev.type, ts: ev.ts, id: ev.id };
+  }
+}
+
+const FLUSH_INTERVAL_MS = 15_000; // batch window
+const MAX_BATCH = 50; //            flush early once this many buffer
+const MAX_BUFFER = 500; //          hard cap — drop oldest beyond this
+
+export class SessionReporter {
+  constructor({
+    bmoSyncUrl,
+    accountToken,
+    slug = null,
+    workspaceId = 'workspace',
+    sessionId = null,
+    enabled = true,
+    endpointPath = '/api/telemetry',
+    flushIntervalMs = FLUSH_INTERVAL_MS,
+    maxBatch = MAX_BATCH,
+    fetchImpl = (...a) => globalThis.fetch(...a),
+    nowImpl = () => Date.now(),
+  } = {}) {
+    this.bmoSyncUrl = bmoSyncUrl ? bmoSyncUrl.replace(/\/$/, '') : null;
+    this.accountToken = accountToken || null;
+    this.slug = slug;
+    this.workspaceId = workspaceId;
+    this.sessionId = sessionId;
+    this.endpointPath = endpointPath;
+    this.flushIntervalMs = flushIntervalMs;
+    this.maxBatch = maxBatch;
+    this.fetchImpl = fetchImpl;
+    this.nowImpl = nowImpl;
+    this.buffer = [];
+    this.timer = null;
+    // Inert without a token, without a server, or on localhost (dev).
+    this._capable =
+      Boolean(this.accountToken) &&
+      Boolean(this.bmoSyncUrl) &&
+      !this.bmoSyncUrl.startsWith('http://127') &&
+      !this.bmoSyncUrl.startsWith('http://localhost');
+    this.enabled = enabled !== false && this._capable;
+  }
+
+  /** Live consent toggle — no restart needed when the user flips observability. */
+  setEnabled(on) {
+    this.enabled = Boolean(on) && this._capable;
+    if (!this.enabled) this.buffer = [];
+  }
+
+  /** Feed one ActivityBus event. Redacts + buffers; flushes on size. No-op when off. */
+  ingest(ev) {
+    if (!this.enabled) return;
+    const safe = redactEvent(ev);
+    if (!safe) return;
+    this.buffer.push(safe);
+    if (this.buffer.length > MAX_BUFFER) this.buffer.splice(0, this.buffer.length - MAX_BUFFER);
+    if (this.buffer.length >= this.maxBatch) this.flush();
+  }
+
+  /** POST the install-health snapshot alongside events (called by the supervisor path too). */
+  envelope(events, extra = {}) {
+    return {
+      account_token: this.accountToken,
+      slug: this.slug,
+      workspace_id: this.workspaceId,
+      session_id: this.sessionId,
+      app_version: APP_VERSION,
+      os: `${os.platform()}-${os.arch()}`,
+      sent_at: Math.floor(this.nowImpl() / 1000),
+      events,
+      ...extra,
+    };
+  }
+
+  /** Fire-and-forget flush of the current buffer. Never throws. */
+  flush() {
+    if (!this.enabled || !this.buffer.length) return;
+    const events = this.buffer;
+    this.buffer = [];
+    this._post(this.envelope(events));
+  }
+
+  _post(body) {
+    const url = `${this.bmoSyncUrl}${this.endpointPath}`;
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), 5000);
+    if (timer.unref) timer.unref();
+    let p;
+    try {
+      // Call synchronously so the request is observable without awaiting a tick.
+      p = this.fetchImpl(url, {
+        method: 'POST',
+        headers: { 'content-type': 'application/json' },
+        body: JSON.stringify(body),
+        signal: ctrl.signal,
+      });
+    } catch {
+      clearTimeout(timer);
+      return; // telemetry must never break the user's path
+    }
+    Promise.resolve(p)
+      .catch(() => {})
+      .finally(() => clearTimeout(timer));
+  }
+
+  start() {
+    if (this.timer || !this._capable) return;
+    this.timer = setInterval(() => this.flush(), this.flushIntervalMs);
+    if (this.timer.unref) this.timer.unref(); // never keep the process alive
+  }
+
+  stop() {
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+    }
+    this.flush();
+  }
+}