npm - @venturewild/workspace - Versions diffs - 0.2.3 → 0.3.0 - Mend

@venturewild/workspace 0.2.3 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/package.json +5 -5
package/server/bin/wild-workspace.mjs +97 -0
package/server/src/config.mjs +35 -2
package/server/src/index.mjs +216 -1
package/server/src/supervisor.mjs +99 -0
package/server/src/support-consent.mjs +133 -0
package/web/dist/assets/{index-DVWgeTl_.js → index-DrF187By.js} +40 -40
package/web/dist/index.html +1 -1

package/server/src/support-consent.mjs ADDED Viewed

@@ -0,0 +1,133 @@
+// Support-channel consent (Phase 3, Pillar E) — the user's "VentureWild support
+// may act on my machine" grant for the daemon-hosted support channel (Pillar A).
+//
+// SECURITY POSTURE: OFF by default + PER-INCIDENT + TIME-BOXED (Tuan's locked
+// decisions, design doc Part 6). A grant is an explicit user gesture
+// (`wild-workspace support allow`), carries a tier (1 = read-only diagnostics/
+// logs; 2 = curated fixes) and an expiry, and auto-expires. Revoke is instant:
+// delete the file (`wild-workspace support revoke`).
+//
+// CRITICAL — lives in the machine-global dir (`~/.wild-workspace`), NOT the
+// per-workspace dataDir, because the **bmo-sync daemon** (a separate process) is
+// the enforcement gate and reads this exact file by the same `~/.wild-workspace`
+// convention. The relay never stores or checks consent — so a relay compromise
+// can't forge it; the daemon's local read is the hard gate. (Contrast
+// operator.mjs, which is server-read and keyed on dataDir.)
+import fs from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+export const SUPPORT_CONSENT_VERSION = 1;
+// Tiers: 1 = read-only diagnostics/logs · 2 = curated fixes (restart/relink/
+// reinstall) · 3 = agent-mediated operation (Phase 4 — support drives the agent
+// on a task) · 4 = raw shell (the rare, loud escape hatch; Phase 4 PR 4.4).
+// Tiers 3–4 are "operate" grants and the CLI requires explicit confirmation.
+export const MAX_TIER = 4;
+/** At/above this tier a grant lets support OPERATE the machine (agent or shell). */
+export const OPERATE_TIER = 3;
+/** Cap a single grant so a forgotten "allow" can't leave the door open forever. */
+export const MAX_GRANT_MINUTES = 24 * 60;
+export function consentFile(globalDir) {
+  return path.join(globalDir, 'support-consent.json');
+}
+/** The raw consent record, or null when absent/unparseable. No expiry check. */
+export function loadConsent(globalDir) {
+  try {
+    const p = JSON.parse(fs.readFileSync(consentFile(globalDir), 'utf8'));
+    const tier = Number(p.tier);
+    const expiresAt = Number(p.expiresAt);
+    if (!Number.isFinite(tier) || !Number.isFinite(expiresAt)) return null;
+    return {
+      tier,
+      grantedAt: Number(p.grantedAt) || null,
+      expiresAt,
+      nonce: typeof p.nonce === 'string' ? p.nonce : null,
+      version: Number(p.version) || SUPPORT_CONSENT_VERSION,
+    };
+  } catch {
+    return null;
+  }
+}
+/**
+ * Effective consent status, with the expiry applied. `enabled` is true only when
+ * a grant exists AND hasn't expired. `now` is injectable for tests.
+ */
+export function consentStatus(globalDir, { now = Date.now } = {}) {
+  const rec = loadConsent(globalDir);
+  const t = now();
+  if (!rec) return { enabled: false, tier: 0, expiresAt: null, remainingMs: 0, file: consentFile(globalDir) };
+  const remainingMs = Math.max(0, rec.expiresAt - t);
+  const enabled = remainingMs > 0;
+  return {
+    enabled,
+    tier: enabled ? rec.tier : 0,
+    grantedAt: rec.grantedAt,
+    expiresAt: rec.expiresAt,
+    remainingMs,
+    file: consentFile(globalDir),
+  };
+}
+/**
+ * Grant support consent at `tier` for `minutes`. Overwrites any prior grant (a
+ * fresh, explicit gesture). Returns the stored record, or null if it couldn't be
+ * persisted. `minutes` is clamped to (0, MAX_GRANT_MINUTES]; `tier` to [1, MAX_TIER].
+ */
+export function grantConsent(globalDir, { tier = 1, minutes = 60, now = Date.now } = {}) {
+  const clampedTier = Math.min(MAX_TIER, Math.max(1, Math.floor(Number(tier) || 1)));
+  const clampedMinutes = Math.min(MAX_GRANT_MINUTES, Math.max(1, Math.floor(Number(minutes) || 1)));
+  const grantedAt = now();
+  const rec = {
+    tier: clampedTier,
+    grantedAt,
+    expiresAt: grantedAt + clampedMinutes * 60_000,
+    nonce: crypto.randomBytes(12).toString('base64url'),
+    version: SUPPORT_CONSENT_VERSION,
+  };
+  try {
+    fs.mkdirSync(globalDir, { recursive: true });
+    fs.writeFileSync(consentFile(globalDir), JSON.stringify(rec, null, 2), { mode: 0o600 });
+  } catch {
+    return null;
+  }
+  return rec;
+}
+/** Revoke instantly by deleting the file. Returns true if a grant was removed. */
+export function revokeConsent(globalDir) {
+  try {
+    fs.rmSync(consentFile(globalDir));
+    return true;
+  } catch {
+    return false;
+  }
+}
+export function auditFile(globalDir) {
+  return path.join(globalDir, 'support-audit.jsonl');
+}
+/**
+ * The user-owned support audit: the most recent `limit` actions the daemon
+ * recorded (newest first). Written by the bmo-sync daemon (one JSON object per
+ * line) into the same machine-global dir; this is the read side the UI/CLI shows.
+ * Best-effort — a missing/corrupt file yields an empty list.
+ */
+export function readAudit(globalDir, { limit = 50 } = {}) {
+  let raw;
+  try {
+    raw = fs.readFileSync(auditFile(globalDir), 'utf8');
+  } catch {
+    return [];
+  }
+  const lines = raw.split('\n').filter(Boolean);
+  const out = [];
+  for (const line of lines.slice(-limit)) {
+    try { out.push(JSON.parse(line)); } catch { /* skip a partial/corrupt line */ }
+  }
+  return out.reverse(); // newest first
+}