@venturewild/workspace 0.3.6 → 0.3.7

package/server/src/support-consent.mjs

@@ -1,133 +1,133 @@
-// Support-channel consent (Phase 3, Pillar E) — the user's "VentureWild support
-// may act on my machine" grant for the daemon-hosted support channel (Pillar A).
-//
-// SECURITY POSTURE: OFF by default + PER-INCIDENT + TIME-BOXED (Tuan's locked
-// decisions, design doc Part 6). A grant is an explicit user gesture
-// (`wild-workspace support allow`), carries a tier (1 = read-only diagnostics/
-// logs; 2 = curated fixes) and an expiry, and auto-expires. Revoke is instant:
-// delete the file (`wild-workspace support revoke`).
-//
-// CRITICAL — lives in the machine-global dir (`~/.wild-workspace`), NOT the
-// per-workspace dataDir, because the **bmo-sync daemon** (a separate process) is
-// the enforcement gate and reads this exact file by the same `~/.wild-workspace`
-// convention. The relay never stores or checks consent — so a relay compromise
-// can't forge it; the daemon's local read is the hard gate. (Contrast
-// operator.mjs, which is server-read and keyed on dataDir.)
-
-import fs from 'node:fs';
-import path from 'node:path';
-import crypto from 'node:crypto';
-
-export const SUPPORT_CONSENT_VERSION = 1;
-// Tiers: 1 = read-only diagnostics/logs · 2 = curated fixes (restart/relink/
-// reinstall) · 3 = agent-mediated operation (Phase 4 — support drives the agent
-// on a task) · 4 = raw shell (the rare, loud escape hatch; Phase 4 PR 4.4).
-// Tiers 3–4 are "operate" grants and the CLI requires explicit confirmation.
-export const MAX_TIER = 4;
-/** At/above this tier a grant lets support OPERATE the machine (agent or shell). */
-export const OPERATE_TIER = 3;
-/** Cap a single grant so a forgotten "allow" can't leave the door open forever. */
-export const MAX_GRANT_MINUTES = 24 * 60;
-
-export function consentFile(globalDir) {
-  return path.join(globalDir, 'support-consent.json');
-}
-
-/** The raw consent record, or null when absent/unparseable. No expiry check. */
-export function loadConsent(globalDir) {
-  try {
-    const p = JSON.parse(fs.readFileSync(consentFile(globalDir), 'utf8'));
-    const tier = Number(p.tier);
-    const expiresAt = Number(p.expiresAt);
-    if (!Number.isFinite(tier) || !Number.isFinite(expiresAt)) return null;
-    return {
-      tier,
-      grantedAt: Number(p.grantedAt) || null,
-      expiresAt,
-      nonce: typeof p.nonce === 'string' ? p.nonce : null,
-      version: Number(p.version) || SUPPORT_CONSENT_VERSION,
-    };
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Effective consent status, with the expiry applied. `enabled` is true only when
- * a grant exists AND hasn't expired. `now` is injectable for tests.
- */
-export function consentStatus(globalDir, { now = Date.now } = {}) {
-  const rec = loadConsent(globalDir);
-  const t = now();
-  if (!rec) return { enabled: false, tier: 0, expiresAt: null, remainingMs: 0, file: consentFile(globalDir) };
-  const remainingMs = Math.max(0, rec.expiresAt - t);
-  const enabled = remainingMs > 0;
-  return {
-    enabled,
-    tier: enabled ? rec.tier : 0,
-    grantedAt: rec.grantedAt,
-    expiresAt: rec.expiresAt,
-    remainingMs,
-    file: consentFile(globalDir),
-  };
-}
-
-/**
- * Grant support consent at `tier` for `minutes`. Overwrites any prior grant (a
- * fresh, explicit gesture). Returns the stored record, or null if it couldn't be
- * persisted. `minutes` is clamped to (0, MAX_GRANT_MINUTES]; `tier` to [1, MAX_TIER].
- */
-export function grantConsent(globalDir, { tier = 1, minutes = 60, now = Date.now } = {}) {
-  const clampedTier = Math.min(MAX_TIER, Math.max(1, Math.floor(Number(tier) || 1)));
-  const clampedMinutes = Math.min(MAX_GRANT_MINUTES, Math.max(1, Math.floor(Number(minutes) || 1)));
-  const grantedAt = now();
-  const rec = {
-    tier: clampedTier,
-    grantedAt,
-    expiresAt: grantedAt + clampedMinutes * 60_000,
-    nonce: crypto.randomBytes(12).toString('base64url'),
-    version: SUPPORT_CONSENT_VERSION,
-  };
-  try {
-    fs.mkdirSync(globalDir, { recursive: true });
-    fs.writeFileSync(consentFile(globalDir), JSON.stringify(rec, null, 2), { mode: 0o600 });
-  } catch {
-    return null;
-  }
-  return rec;
-}
-
-/** Revoke instantly by deleting the file. Returns true if a grant was removed. */
-export function revokeConsent(globalDir) {
-  try {
-    fs.rmSync(consentFile(globalDir));
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-export function auditFile(globalDir) {
-  return path.join(globalDir, 'support-audit.jsonl');
-}
-
-/**
- * The user-owned support audit: the most recent `limit` actions the daemon
- * recorded (newest first). Written by the bmo-sync daemon (one JSON object per
- * line) into the same machine-global dir; this is the read side the UI/CLI shows.
- * Best-effort — a missing/corrupt file yields an empty list.
- */
-export function readAudit(globalDir, { limit = 50 } = {}) {
-  let raw;
-  try {
-    raw = fs.readFileSync(auditFile(globalDir), 'utf8');
-  } catch {
-    return [];
-  }
-  const lines = raw.split('\n').filter(Boolean);
-  const out = [];
-  for (const line of lines.slice(-limit)) {
-    try { out.push(JSON.parse(line)); } catch { /* skip a partial/corrupt line */ }
-  }
-  return out.reverse(); // newest first
-}
+// Support-channel consent (Phase 3, Pillar E) — the user's "VentureWild support
+// may act on my machine" grant for the daemon-hosted support channel (Pillar A).
+//
+// SECURITY POSTURE: OFF by default + PER-INCIDENT + TIME-BOXED (Tuan's locked
+// decisions, design doc Part 6). A grant is an explicit user gesture
+// (`wild-workspace support allow`), carries a tier (1 = read-only diagnostics/
+// logs; 2 = curated fixes) and an expiry, and auto-expires. Revoke is instant:
+// delete the file (`wild-workspace support revoke`).
+//
+// CRITICAL — lives in the machine-global dir (`~/.wild-workspace`), NOT the
+// per-workspace dataDir, because the **bmo-sync daemon** (a separate process) is
+// the enforcement gate and reads this exact file by the same `~/.wild-workspace`
+// convention. The relay never stores or checks consent — so a relay compromise
+// can't forge it; the daemon's local read is the hard gate. (Contrast
+// operator.mjs, which is server-read and keyed on dataDir.)
+
+import fs from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+
+export const SUPPORT_CONSENT_VERSION = 1;
+// Tiers: 1 = read-only diagnostics/logs · 2 = curated fixes (restart/relink/
+// reinstall) · 3 = agent-mediated operation (Phase 4 — support drives the agent
+// on a task) · 4 = raw shell (the rare, loud escape hatch; Phase 4 PR 4.4).
+// Tiers 3–4 are "operate" grants and the CLI requires explicit confirmation.
+export const MAX_TIER = 4;
+/** At/above this tier a grant lets support OPERATE the machine (agent or shell). */
+export const OPERATE_TIER = 3;
+/** Cap a single grant so a forgotten "allow" can't leave the door open forever. */
+export const MAX_GRANT_MINUTES = 24 * 60;
+
+export function consentFile(globalDir) {
+  return path.join(globalDir, 'support-consent.json');
+}
+
+/** The raw consent record, or null when absent/unparseable. No expiry check. */
+export function loadConsent(globalDir) {
+  try {
+    const p = JSON.parse(fs.readFileSync(consentFile(globalDir), 'utf8'));
+    const tier = Number(p.tier);
+    const expiresAt = Number(p.expiresAt);
+    if (!Number.isFinite(tier) || !Number.isFinite(expiresAt)) return null;
+    return {
+      tier,
+      grantedAt: Number(p.grantedAt) || null,
+      expiresAt,
+      nonce: typeof p.nonce === 'string' ? p.nonce : null,
+      version: Number(p.version) || SUPPORT_CONSENT_VERSION,
+    };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Effective consent status, with the expiry applied. `enabled` is true only when
+ * a grant exists AND hasn't expired. `now` is injectable for tests.
+ */
+export function consentStatus(globalDir, { now = Date.now } = {}) {
+  const rec = loadConsent(globalDir);
+  const t = now();
+  if (!rec) return { enabled: false, tier: 0, expiresAt: null, remainingMs: 0, file: consentFile(globalDir) };
+  const remainingMs = Math.max(0, rec.expiresAt - t);
+  const enabled = remainingMs > 0;
+  return {
+    enabled,
+    tier: enabled ? rec.tier : 0,
+    grantedAt: rec.grantedAt,
+    expiresAt: rec.expiresAt,
+    remainingMs,
+    file: consentFile(globalDir),
+  };
+}
+
+/**
+ * Grant support consent at `tier` for `minutes`. Overwrites any prior grant (a
+ * fresh, explicit gesture). Returns the stored record, or null if it couldn't be
+ * persisted. `minutes` is clamped to (0, MAX_GRANT_MINUTES]; `tier` to [1, MAX_TIER].
+ */
+export function grantConsent(globalDir, { tier = 1, minutes = 60, now = Date.now } = {}) {
+  const clampedTier = Math.min(MAX_TIER, Math.max(1, Math.floor(Number(tier) || 1)));
+  const clampedMinutes = Math.min(MAX_GRANT_MINUTES, Math.max(1, Math.floor(Number(minutes) || 1)));
+  const grantedAt = now();
+  const rec = {
+    tier: clampedTier,
+    grantedAt,
+    expiresAt: grantedAt + clampedMinutes * 60_000,
+    nonce: crypto.randomBytes(12).toString('base64url'),
+    version: SUPPORT_CONSENT_VERSION,
+  };
+  try {
+    fs.mkdirSync(globalDir, { recursive: true });
+    fs.writeFileSync(consentFile(globalDir), JSON.stringify(rec, null, 2), { mode: 0o600 });
+  } catch {
+    return null;
+  }
+  return rec;
+}
+
+/** Revoke instantly by deleting the file. Returns true if a grant was removed. */
+export function revokeConsent(globalDir) {
+  try {
+    fs.rmSync(consentFile(globalDir));
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export function auditFile(globalDir) {
+  return path.join(globalDir, 'support-audit.jsonl');
+}
+
+/**
+ * The user-owned support audit: the most recent `limit` actions the daemon
+ * recorded (newest first). Written by the bmo-sync daemon (one JSON object per
+ * line) into the same machine-global dir; this is the read side the UI/CLI shows.
+ * Best-effort — a missing/corrupt file yields an empty list.
+ */
+export function readAudit(globalDir, { limit = 50 } = {}) {
+  let raw;
+  try {
+    raw = fs.readFileSync(auditFile(globalDir), 'utf8');
+  } catch {
+    return [];
+  }
+  const lines = raw.split('\n').filter(Boolean);
+  const out = [];
+  for (const line of lines.slice(-limit)) {
+    try { out.push(JSON.parse(line)); } catch { /* skip a partial/corrupt line */ }
+  }
+  return out.reverse(); // newest first
+}