@venturewild/workspace 0.3.5 → 0.3.7

package/server/src/share.mjs

@@ -1,182 +1,182 @@
-// Share-by-URL token issuance + verification (AR-20).
-// Reuses bmo-sync invite shape: tokens are signed claims with role + workspace + expiry.
-
-import { SignJWT, jwtVerify } from 'jose';
-import { nanoid } from 'nanoid';
-import { readFileSync, writeFileSync } from 'node:fs';
-
-const SHARE_ISSUER = 'wild-workspace';
-
-function secretToKey(secret) {
-  return new TextEncoder().encode(secret);
-}
-
-export async function mintShareToken({
-  secret,
-  workspaceId,
-  role,
-  ttlSeconds = 60 * 60 * 24, // 24h default per R17 mitigation
-  audience = 'wild-workspace-viewer',
-  subject = nanoid(12),
-}) {
-  if (!['viewer', 'client'].includes(role)) {
-    throw new Error(`shareable role must be 'viewer' or 'client'; got ${role}`);
-  }
-  const key = secretToKey(secret);
-  const iat = Math.floor(Date.now() / 1000);
-  const exp = iat + ttlSeconds;
-  const jwt = await new SignJWT({
-    role,
-    workspaceId,
-    jti: nanoid(16),
-  })
-    .setProtectedHeader({ alg: 'HS256', typ: 'JWT' })
-    .setIssuer(SHARE_ISSUER)
-    .setAudience(audience)
-    .setSubject(subject)
-    .setIssuedAt(iat)
-    .setExpirationTime(exp)
-    .sign(key);
-  return { token: jwt, exp, role, workspaceId, sub: subject };
-}
-
-// Mint a PARTNER-role token for an approved device (Phase 2 device sign-in).
-// Separate from `mintShareToken` on purpose: that path is least-privilege and
-// must NEVER mint partner (its viewer/client guard is load-bearing). A device
-// token is full owner access, so it's bounded (90d default) and individually
-// revocable via `TokenRegistry` (its `device-` subject is registered at approve
-// time). It verifies through the same `verifyShareToken` path — `classifyToken`
-// then resolves `role:'partner'` exactly like the env partner token, but with a
-// revocable `sub`.
-export async function mintDeviceToken({
-  secret,
-  workspaceId,
-  ttlSeconds = 90 * 24 * 60 * 60, // 90 days — bounded RCE-grade token
-  audience = 'wild-workspace-device',
-  subject = `device-${nanoid(12)}`,
-}) {
-  const key = secretToKey(secret);
-  const iat = Math.floor(Date.now() / 1000);
-  const exp = iat + ttlSeconds;
-  const jwt = await new SignJWT({
-    role: 'partner',
-    workspaceId,
-    jti: nanoid(16),
-  })
-    .setProtectedHeader({ alg: 'HS256', typ: 'JWT' })
-    .setIssuer(SHARE_ISSUER)
-    .setAudience(audience)
-    .setSubject(subject)
-    .setIssuedAt(iat)
-    .setExpirationTime(exp)
-    .sign(key);
-  return { token: jwt, exp, role: 'partner', workspaceId, sub: subject };
-}
-
-// Mint a one-time-ish BOOTSTRAP token for the first-device sign-in on the public
-// URL (B1). The local launcher fetches this over genuine loopback and opens
-// <slug>.venturewild.llc/?t=<token>; the SPA exchanges it for a DURABLE device
-// cookie (see /api/auth/exchange) and strips it from the address bar. It is
-// partner-role but deliberately SHORT-LIVED (5 min default) so its only window
-// of exposure — one navigation through the VW tunnel — is tightly bounded; the
-// long-lived credential the browser keeps is the re-minted device token, never
-// this. Carries `boot:true` so the exchange path can recognise + upgrade it.
-export async function mintBootstrapToken({
-  secret,
-  workspaceId,
-  ttlSeconds = 5 * 60, // 5 minutes — bounds the token-in-URL window
-  audience = 'wild-workspace-bootstrap',
-  subject = `bootstrap-${nanoid(12)}`,
-}) {
-  const key = secretToKey(secret);
-  const iat = Math.floor(Date.now() / 1000);
-  const exp = iat + ttlSeconds;
-  const jwt = await new SignJWT({
-    role: 'partner',
-    workspaceId,
-    boot: true,
-    jti: nanoid(16),
-  })
-    .setProtectedHeader({ alg: 'HS256', typ: 'JWT' })
-    .setIssuer(SHARE_ISSUER)
-    .setAudience(audience)
-    .setSubject(subject)
-    .setIssuedAt(iat)
-    .setExpirationTime(exp)
-    .sign(key);
-  return { token: jwt, exp, role: 'partner', workspaceId, sub: subject };
-}
-
-export async function verifyShareToken(token, secret) {
-  if (!token) return null;
-  try {
-    const { payload } = await jwtVerify(token, secretToKey(secret), {
-      issuer: SHARE_ISSUER,
-    });
-    return payload;
-  } catch {
-    return null;
-  }
-}
-
-export function buildShareUrl({ shareBaseUrl, workspaceId, token }) {
-  const base = shareBaseUrl.replace(/\/$/, '');
-  return `${base}/share/${encodeURIComponent(workspaceId)}?t=${encodeURIComponent(token)}`;
-}
-
-// Token registry so the partner can list + revoke. The revocation set (and the
-// active-token list) is persisted to `<dataDir>/revoked.json` so a "revoked"
-// share token stays revoked across a server restart (concern C8) — without it,
-// the in-memory set reset on restart and a previously-revoked-but-unexpired JWT
-// validated again by signature. No `persistPath` → in-memory only (tests).
-export class TokenRegistry {
-  constructor({ persistPath = null } = {}) {
-    this.persistPath = persistPath;
-    this.tokens = new Map(); // sub -> { sub, role, workspaceId, exp, label, createdAt }
-    this.revoked = new Set();
-    this._load();
-  }
-  _load() {
-    if (!this.persistPath) return;
-    try {
-      const data = JSON.parse(readFileSync(this.persistPath, 'utf8'));
-      if (Array.isArray(data.revoked)) this.revoked = new Set(data.revoked);
-      if (Array.isArray(data.tokens)) {
-        for (const t of data.tokens) if (t?.sub) this.tokens.set(t.sub, t);
-      }
-    } catch {
-      /* missing / corrupt — start empty */
-    }
-  }
-  _persist() {
-    if (!this.persistPath) return;
-    try {
-      const now = Math.floor(Date.now() / 1000);
-      // Don't carry expired tokens forward; the revoked set stays (small).
-      const tokens = [...this.tokens.values()].filter((r) => r.exp > now);
-      writeFileSync(
-        this.persistPath,
-        JSON.stringify({ revoked: [...this.revoked], tokens }, null, 2),
-        { mode: 0o600 },
-      );
-    } catch {
-      /* read-only fs — revocation degrades to in-memory for this run */
-    }
-  }
-  add(record) {
-    this.tokens.set(record.sub, record);
-    this._persist();
-  }
-  list() {
-    const now = Math.floor(Date.now() / 1000);
-    return [...this.tokens.values()].filter((r) => r.exp > now && !this.revoked.has(r.sub));
-  }
-  revoke(sub) {
-    this.revoked.add(sub);
-    this.tokens.delete(sub);
-    this._persist();
-  }
-  isRevoked(sub) {
-    return this.revoked.has(sub);
-  }
-}
+// Share-by-URL token issuance + verification (AR-20).
+// Reuses bmo-sync invite shape: tokens are signed claims with role + workspace + expiry.
+
+import { SignJWT, jwtVerify } from 'jose';
+import { nanoid } from 'nanoid';
+import { readFileSync, writeFileSync } from 'node:fs';
+
+const SHARE_ISSUER = 'wild-workspace';
+
+function secretToKey(secret) {
+  return new TextEncoder().encode(secret);
+}
+
+export async function mintShareToken({
+  secret,
+  workspaceId,
+  role,
+  ttlSeconds = 60 * 60 * 24, // 24h default per R17 mitigation
+  audience = 'wild-workspace-viewer',
+  subject = nanoid(12),
+}) {
+  if (!['viewer', 'client'].includes(role)) {
+    throw new Error(`shareable role must be 'viewer' or 'client'; got ${role}`);
+  }
+  const key = secretToKey(secret);
+  const iat = Math.floor(Date.now() / 1000);
+  const exp = iat + ttlSeconds;
+  const jwt = await new SignJWT({
+    role,
+    workspaceId,
+    jti: nanoid(16),
+  })
+    .setProtectedHeader({ alg: 'HS256', typ: 'JWT' })
+    .setIssuer(SHARE_ISSUER)
+    .setAudience(audience)
+    .setSubject(subject)
+    .setIssuedAt(iat)
+    .setExpirationTime(exp)
+    .sign(key);
+  return { token: jwt, exp, role, workspaceId, sub: subject };
+}
+
+// Mint a PARTNER-role token for an approved device (Phase 2 device sign-in).
+// Separate from `mintShareToken` on purpose: that path is least-privilege and
+// must NEVER mint partner (its viewer/client guard is load-bearing). A device
+// token is full owner access, so it's bounded (90d default) and individually
+// revocable via `TokenRegistry` (its `device-` subject is registered at approve
+// time). It verifies through the same `verifyShareToken` path — `classifyToken`
+// then resolves `role:'partner'` exactly like the env partner token, but with a
+// revocable `sub`.
+export async function mintDeviceToken({
+  secret,
+  workspaceId,
+  ttlSeconds = 90 * 24 * 60 * 60, // 90 days — bounded RCE-grade token
+  audience = 'wild-workspace-device',
+  subject = `device-${nanoid(12)}`,
+}) {
+  const key = secretToKey(secret);
+  const iat = Math.floor(Date.now() / 1000);
+  const exp = iat + ttlSeconds;
+  const jwt = await new SignJWT({
+    role: 'partner',
+    workspaceId,
+    jti: nanoid(16),
+  })
+    .setProtectedHeader({ alg: 'HS256', typ: 'JWT' })
+    .setIssuer(SHARE_ISSUER)
+    .setAudience(audience)
+    .setSubject(subject)
+    .setIssuedAt(iat)
+    .setExpirationTime(exp)
+    .sign(key);
+  return { token: jwt, exp, role: 'partner', workspaceId, sub: subject };
+}
+
+// Mint a one-time-ish BOOTSTRAP token for the first-device sign-in on the public
+// URL (B1). The local launcher fetches this over genuine loopback and opens
+// <slug>.venturewild.llc/?t=<token>; the SPA exchanges it for a DURABLE device
+// cookie (see /api/auth/exchange) and strips it from the address bar. It is
+// partner-role but deliberately SHORT-LIVED (5 min default) so its only window
+// of exposure — one navigation through the VW tunnel — is tightly bounded; the
+// long-lived credential the browser keeps is the re-minted device token, never
+// this. Carries `boot:true` so the exchange path can recognise + upgrade it.
+export async function mintBootstrapToken({
+  secret,
+  workspaceId,
+  ttlSeconds = 5 * 60, // 5 minutes — bounds the token-in-URL window
+  audience = 'wild-workspace-bootstrap',
+  subject = `bootstrap-${nanoid(12)}`,
+}) {
+  const key = secretToKey(secret);
+  const iat = Math.floor(Date.now() / 1000);
+  const exp = iat + ttlSeconds;
+  const jwt = await new SignJWT({
+    role: 'partner',
+    workspaceId,
+    boot: true,
+    jti: nanoid(16),
+  })
+    .setProtectedHeader({ alg: 'HS256', typ: 'JWT' })
+    .setIssuer(SHARE_ISSUER)
+    .setAudience(audience)
+    .setSubject(subject)
+    .setIssuedAt(iat)
+    .setExpirationTime(exp)
+    .sign(key);
+  return { token: jwt, exp, role: 'partner', workspaceId, sub: subject };
+}
+
+export async function verifyShareToken(token, secret) {
+  if (!token) return null;
+  try {
+    const { payload } = await jwtVerify(token, secretToKey(secret), {
+      issuer: SHARE_ISSUER,
+    });
+    return payload;
+  } catch {
+    return null;
+  }
+}
+
+export function buildShareUrl({ shareBaseUrl, workspaceId, token }) {
+  const base = shareBaseUrl.replace(/\/$/, '');
+  return `${base}/share/${encodeURIComponent(workspaceId)}?t=${encodeURIComponent(token)}`;
+}
+
+// Token registry so the partner can list + revoke. The revocation set (and the
+// active-token list) is persisted to `<dataDir>/revoked.json` so a "revoked"
+// share token stays revoked across a server restart (concern C8) — without it,
+// the in-memory set reset on restart and a previously-revoked-but-unexpired JWT
+// validated again by signature. No `persistPath` → in-memory only (tests).
+export class TokenRegistry {
+  constructor({ persistPath = null } = {}) {
+    this.persistPath = persistPath;
+    this.tokens = new Map(); // sub -> { sub, role, workspaceId, exp, label, createdAt }
+    this.revoked = new Set();
+    this._load();
+  }
+  _load() {
+    if (!this.persistPath) return;
+    try {
+      const data = JSON.parse(readFileSync(this.persistPath, 'utf8'));
+      if (Array.isArray(data.revoked)) this.revoked = new Set(data.revoked);
+      if (Array.isArray(data.tokens)) {
+        for (const t of data.tokens) if (t?.sub) this.tokens.set(t.sub, t);
+      }
+    } catch {
+      /* missing / corrupt — start empty */
+    }
+  }
+  _persist() {
+    if (!this.persistPath) return;
+    try {
+      const now = Math.floor(Date.now() / 1000);
+      // Don't carry expired tokens forward; the revoked set stays (small).
+      const tokens = [...this.tokens.values()].filter((r) => r.exp > now);
+      writeFileSync(
+        this.persistPath,
+        JSON.stringify({ revoked: [...this.revoked], tokens }, null, 2),
+        { mode: 0o600 },
+      );
+    } catch {
+      /* read-only fs — revocation degrades to in-memory for this run */
+    }
+  }
+  add(record) {
+    this.tokens.set(record.sub, record);
+    this._persist();
+  }
+  list() {
+    const now = Math.floor(Date.now() / 1000);
+    return [...this.tokens.values()].filter((r) => r.exp > now && !this.revoked.has(r.sub));
+  }
+  revoke(sub) {
+    this.revoked.add(sub);
+    this.tokens.delete(sub);
+    this._persist();
+  }
+  isRevoked(sub) {
+    return this.revoked.has(sub);
+  }
+}

package/server/src/skills.mjs

@@ -0,0 +1,213 @@
+// Skill discovery + the Powers-block curation store (§7/§8). There is NO native
+// "list commands" API in Claude Code, so we discover the user's skills the cleanest
+// way the design settled on: SCAN the skill directories and parse YAML frontmatter.
+//
+//   - project skills:  <workspace>/.claude/skills/<name>/SKILL.md
+//   - project commands: <workspace>/.claude/commands/<name>.md
+//   - user skills:     ~/.claude/skills/<name>/SKILL.md
+//
+// Precedence (per §2): project > user. The Powers block is USER-CURATED — we surface
+// what the user has (their own + a teammate's, both trusted by membership) with NO
+// VW-prescribed core forced. The "─ from Bazaar ─" zone stays empty/LOCKED until the
+// Shelf trust/provenance Class-D gate ships (a tap runs third-party instructions with
+// bypassPermissions), so this module never returns Bazaar skills.
+//
+// Invocation is NOT done here: a Powers tap injects `/<name>` as a chat message, which
+// Claude Code expands+runs headless (verified §2) — the same stdin path we already use.
+//
+// Curation (which skills are pinned/hidden + their order) lives under
+// ~/.wild-workspace/powers/ (CLAUDE.md #1 — never the synced repo, never localStorage).
+
+import fs from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+
+// Bounds so a workspace stuffed with skills can't bloat the store/UI.
+const CAP = { skills: 80, name: 64, desc: 280 };
+
+// --- frontmatter parse -----------------------------------------------------
+// Minimal, dependency-free. We only need a few scalar keys; the description often
+// CONTAINS colons ("Usage: /foo"), so we split on the FIRST colon only. Never throws.
+
+export function parseFrontmatter(text = '') {
+  const out = {};
+  if (typeof text !== 'string') return out;
+  // Frontmatter is the block between the first two `---` fences at the top.
+  const m = text.match(/^?---\s*\r?\n([\s\S]*?)\r?\n---/);
+  if (!m) return out;
+  for (const rawLine of m[1].split(/\r?\n/)) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith('#')) continue;
+    const i = line.indexOf(':');
+    if (i < 0) continue;
+    const key = line.slice(0, i).trim();
+    let val = line.slice(i + 1).trim();
+    // strip matching surrounding quotes
+    if ((val.startsWith('"') && val.endsWith('"')) || (val.startsWith("'") && val.endsWith("'"))) {
+      val = val.slice(1, -1);
+    }
+    out[key] = val;
+  }
+  return out;
+}
+
+function asBool(v, dflt) {
+  if (v === undefined) return dflt;
+  const s = String(v).trim().toLowerCase();
+  if (s === 'true' || s === 'yes' || s === '1') return true;
+  if (s === 'false' || s === 'no' || s === '0') return false;
+  return dflt;
+}
+
+function clip(s, n) {
+  return String(s || '').slice(0, n);
+}
+
+// Build one skill record from a parsed frontmatter + its fallback name.
+function toSkill(fm, fallbackName, source) {
+  const name = clip(fm.name || fallbackName, CAP.name).trim();
+  if (!name) return null;
+  return {
+    name,
+    description: clip(fm.description || '', CAP.desc).trim(),
+    source, //                       'project' | 'user'
+    // user-invocable defaults TRUE (most skills can be run as /name); only an explicit
+    // `user-invocable: false` opts out of being a tappable Power.
+    userInvocable: asBool(fm['user-invocable'], true),
+  };
+}
+
+function readFileSafe(file) {
+  try { return fs.readFileSync(file, 'utf8'); } catch { return null; }
+}
+
+function listDirs(dir) {
+  try {
+    return fs.readdirSync(dir, { withFileTypes: true })
+      .filter((e) => e.isDirectory())
+      .map((e) => e.name);
+  } catch { return []; }
+}
+
+function listFiles(dir, ext) {
+  try {
+    return fs.readdirSync(dir, { withFileTypes: true })
+      .filter((e) => e.isFile() && e.name.endsWith(ext))
+      .map((e) => e.name);
+  } catch { return []; }
+}
+
+// Scan one skills root (<root>/<name>/SKILL.md) → skill records.
+function scanSkillsRoot(root, source) {
+  const out = [];
+  for (const name of listDirs(root)) {
+    const text = readFileSafe(path.join(root, name, 'SKILL.md'));
+    if (text == null) continue;
+    const s = toSkill(parseFrontmatter(text), name, source);
+    if (s) out.push(s);
+  }
+  return out;
+}
+
+// Scan a commands root (<root>/<name>.md) → skill records.
+function scanCommandsRoot(root, source) {
+  const out = [];
+  for (const file of listFiles(root, '.md')) {
+    const text = readFileSafe(path.join(root, file));
+    if (text == null) continue;
+    const s = toSkill(parseFrontmatter(text), file.replace(/\.md$/, ''), source);
+    if (s) out.push(s);
+  }
+  return out;
+}
+
+/**
+ * Discover the workspace's skills. Project entries take precedence over same-named
+ * user entries (§2). Returns ONLY user-invocable skills (the Powers block taps run
+ * them as /name), capped. Never throws — a missing dir just yields fewer skills.
+ */
+export function discoverSkills({ workspaceDir = process.cwd(), home = os.homedir() } = {}) {
+  const project = [
+    ...scanSkillsRoot(path.join(workspaceDir, '.claude', 'skills'), 'project'),
+    ...scanCommandsRoot(path.join(workspaceDir, '.claude', 'commands'), 'project'),
+  ];
+  const user = scanSkillsRoot(path.join(home, '.claude', 'skills'), 'user');
+
+  // Dedup by name, project wins.
+  const byName = new Map();
+  for (const s of user) byName.set(s.name, s);
+  for (const s of project) byName.set(s.name, s); // overrides user
+  return [...byName.values()]
+    .filter((s) => s.userInvocable)
+    .sort((a, b) => a.name.localeCompare(b.name))
+    .slice(0, CAP.skills);
+}
+
+// --- curation store --------------------------------------------------------
+// The user's arrangement: `order` (pinned, in display order) + `hidden` (subtracted).
+// A discovered skill not in either is shown after the pinned ones (so a NEW skill
+// appears without the user having to add it — "add/subtract/arrange", subtract is opt-in).
+
+export function defaultPowersDir(env = process.env, home = os.homedir()) {
+  const base = env.WILD_WORKSPACE_GLOBAL_DIR || path.join(home, '.wild-workspace');
+  return path.join(base, 'powers');
+}
+
+function readJsonSafe(file, fallback) {
+  try { return JSON.parse(fs.readFileSync(file, 'utf8')); } catch { return fallback; }
+}
+
+export function createPowers({ baseDir, workspaceDir, home = os.homedir(), env = process.env } = {}) {
+  const dir = baseDir || defaultPowersDir(env, home);
+  const curationFile = path.join(dir, 'curation.json');
+
+  function getCuration() {
+    const v = readJsonSafe(curationFile, null);
+    const order = Array.isArray(v?.order) ? v.order.filter((s) => typeof s === 'string') : [];
+    const hidden = Array.isArray(v?.hidden) ? v.hidden.filter((s) => typeof s === 'string') : [];
+    return { order, hidden };
+  }
+
+  function saveCuration(raw = {}) {
+    const order = Array.isArray(raw.order)
+      ? [...new Set(raw.order.filter((s) => typeof s === 'string').map((s) => s.slice(0, CAP.name)))].slice(0, CAP.skills)
+      : [];
+    const hidden = Array.isArray(raw.hidden)
+      ? [...new Set(raw.hidden.filter((s) => typeof s === 'string').map((s) => s.slice(0, CAP.name)))].slice(0, CAP.skills)
+      : [];
+    const data = { order, hidden, ts: Date.now() };
+    try {
+      fs.mkdirSync(dir, { recursive: true });
+      const tmp = `${curationFile}.${process.pid}.tmp`;
+      fs.writeFileSync(tmp, JSON.stringify(data, null, 2));
+      fs.renameSync(tmp, curationFile);
+    } catch { /* read-only fs — degrade to not-persisted */ }
+    return data;
+  }
+
+  // The merged view the UI renders: discovered skills, ordered by curation, with a
+  // `hidden` flag. Pinned (in `order`) first, then the rest alphabetically.
+  function state() {
+    const discovered = discoverSkills({ workspaceDir, home });
+    const { order, hidden } = getCuration();
+    const hiddenSet = new Set(hidden);
+    const rank = new Map(order.map((n, i) => [n, i]));
+    const skills = discovered
+      .map((s) => ({ ...s, hidden: hiddenSet.has(s.name) }))
+      .sort((a, b) => {
+        const ra = rank.has(a.name) ? rank.get(a.name) : Infinity;
+        const rb = rank.has(b.name) ? rank.get(b.name) : Infinity;
+        if (ra !== rb) return ra - rb;
+        return a.name.localeCompare(b.name);
+      });
+    return {
+      skills,
+      curation: { order, hidden },
+      // The marketplace zone is specified but GATED (Class-D, not built) — always
+      // empty + locked here so the UI can render the "─ from Bazaar ─" boundary.
+      bazaar: { locked: true, skills: [] },
+    };
+  }
+
+  return { dir, curationFile, getCuration, saveCuration, state };
+}