@vibelet/cli 0.1.37 → 1.0.0

package/src/advertised-hosts.test.ts

@@ -1,125 +0,0 @@
-import test from 'node:test';
-import assert from 'node:assert/strict';
-import type { NetworkInterfaceInfo } from 'os';
-import {
-  computeAdvertisedConnectionTarget,
-  computeAdvertisedHosts,
-  parseTailscaleStatus,
-  readConfiguredFallbackHosts,
-  readTailscaleHosts,
-} from './advertised-hosts.js';
-
-function ipv4(address: string): NetworkInterfaceInfo {
-  return {
-    address,
-    netmask: '255.255.255.0',
-    family: 'IPv4',
-    mac: '00:00:00:00:00:00',
-    internal: false,
-    cidr: `${address}/24`,
-  };
-}
-
-test('computeAdvertisedHosts prefers configured canonical host and prioritizes Tailscale IPs', () => {
-  const advertised = computeAdvertisedHosts({
-    canonicalHost: 'desk-mac.local',
-    configuredCanonicalHost: 'desk.tailnet.ts.net',
-    configuredFallbackHosts: ['100.88.1.9'],
-    tailscaleCanonicalHost: '100.77.2.3',
-    tailscaleFallbackHosts: ['desk.ts.net'],
-    interfaces: {
-      en0: [ipv4('192.168.31.20')],
-      utun8: [ipv4('100.77.2.3')],
-    },
-  });
-
-  assert.equal(advertised.canonicalHost, 'desk.tailnet.ts.net');
-  assert.deepStrictEqual(advertised.fallbackHosts, ['desk-mac.local', '100.88.1.9', 'desk.ts.net', '100.77.2.3', '192.168.31.20']);
-});
-
-test('computeAdvertisedHosts removes duplicates and excludes the canonical host', () => {
-  const advertised = computeAdvertisedHosts({
-    canonicalHost: '100.77.2.3',
-    configuredFallbackHosts: ['100.77.2.3', '192.168.31.20', '192.168.31.20'],
-    interfaces: {
-      utun8: [ipv4('100.77.2.3')],
-      en0: [ipv4('192.168.31.20')],
-    },
-  });
-
-  assert.equal(advertised.canonicalHost, '100.77.2.3');
-  assert.deepStrictEqual(advertised.fallbackHosts, ['192.168.31.20']);
-});
-
-test('computeAdvertisedHosts filters out link-local and benchmark addresses', () => {
-  const advertised = computeAdvertisedHosts({
-    canonicalHost: 'desk-mac.local',
-    interfaces: {
-      en0: [ipv4('192.168.31.20'), ipv4('169.254.12.2')],
-      utun4: [ipv4('198.19.0.1')],
-    },
-  });
-
-  assert.equal(advertised.canonicalHost, 'desk-mac.local');
-  assert.deepStrictEqual(advertised.fallbackHosts, ['192.168.31.20']);
-});
-
-test('parseTailscaleStatus prefers the first Tailscale IP and keeps MagicDNS as fallback', () => {
-  const advertised = parseTailscaleStatus(JSON.stringify({
-    Self: {
-      DNSName: 'desk.tailnet.ts.net.',
-      TailscaleIPs: ['100.88.1.9', '100.99.2.4'],
-    },
-  }));
-
-  assert.deepStrictEqual(advertised, {
-    canonicalHost: '100.88.1.9',
-    fallbackHosts: ['desk.tailnet.ts.net', '100.99.2.4'],
-  });
-});
-
-test('readTailscaleHosts returns empty data when tailscale is unavailable', () => {
-  const advertised = readTailscaleHosts(() => {
-    throw new Error('tailscale unavailable');
-  });
-
-  assert.deepStrictEqual(advertised, { fallbackHosts: [] });
-});
-
-test('readConfiguredFallbackHosts parses comma separated env values', () => {
-  assert.deepStrictEqual(
-    readConfiguredFallbackHosts(' 100.77.2.3, desk.tailnet.ts.net , 192.168.31.20 '),
-    ['100.77.2.3', 'desk.tailnet.ts.net', '192.168.31.20'],
-  );
-});
-
-test('computeAdvertisedConnectionTarget keeps the base host and port without a relay', () => {
-  assert.deepStrictEqual(
-    computeAdvertisedConnectionTarget({
-      canonicalHost: 'desk-mac.local',
-      fallbackHosts: ['100.88.1.9', '192.168.31.20'],
-      port: 9876,
-    }),
-    {
-      canonicalHost: 'desk-mac.local',
-      fallbackHosts: ['100.88.1.9', '192.168.31.20'],
-      port: 9876,
-    },
-  );
-});
-
-test('computeAdvertisedConnectionTarget prefers the relay host and preserves local fallbacks', () => {
-  assert.deepStrictEqual(
-    computeAdvertisedConnectionTarget({
-      canonicalHost: 'desk-mac.local',
-      fallbackHosts: ['desk-mac.local', '100.88.1.9', '100.88.1.9', '192.168.31.20'],
-      port: 9876,
-      relayUrl: 'https://relay.example.com',
-    }),
-    {
-      canonicalHost: 'relay.example.com',
-      fallbackHosts: ['desk-mac.local', '100.88.1.9', '192.168.31.20'],
-      port: 443,
-    },
-  );
-});

package/src/advertised-hosts.ts

@@ -1,225 +0,0 @@
-import { execFileSync } from 'child_process';
-import type { NetworkInterfaceInfo } from 'os';
-
-export interface AdvertisedHostsOptions {
-  canonicalHost: string;
-  configuredCanonicalHost?: string;
-  configuredFallbackHosts?: string[];
-  tailscaleCanonicalHost?: string;
-  tailscaleFallbackHosts?: string[];
-  interfaces: NodeJS.Dict<NetworkInterfaceInfo[]>;
-}
-
-interface TailscaleStatusPayload {
-  Self?: {
-    DNSName?: string;
-    TailscaleIPs?: string[];
-  };
-}
-
-export interface TailscaleHosts {
-  canonicalHost?: string;
-  fallbackHosts: string[];
-}
-
-export interface AdvertisedConnectionTargetOptions {
-  canonicalHost: string;
-  fallbackHosts?: string[];
-  port: number;
-  relayUrl?: string;
-}
-
-export interface AdvertisedConnectionTarget {
-  canonicalHost: string;
-  fallbackHosts: string[];
-  port: number;
-}
-
-function isIpv4(address: string): boolean {
-  const parts = address.split('.');
-  if (parts.length !== 4) return false;
-  return parts.every((part) => /^\d+$/.test(part) && Number(part) >= 0 && Number(part) <= 255);
-}
-
-function isTailscaleIpv4(address: string): boolean {
-  if (!isIpv4(address)) return false;
-  const [first, second] = address.split('.').map(Number);
-  return first === 100 && second >= 64 && second <= 127;
-}
-
-function isLinkLocalIpv4(address: string): boolean {
-  if (!isIpv4(address)) return false;
-  const [first, second] = address.split('.').map(Number);
-  return first === 169 && second === 254;
-}
-
-function isBenchmarkIpv4(address: string): boolean {
-  if (!isIpv4(address)) return false;
-  const [first, second] = address.split('.').map(Number);
-  return first === 198 && (second === 18 || second === 19);
-}
-
-function isUsableHost(address: string): boolean {
-  return Boolean(address)
-    && !isLinkLocalIpv4(address)
-    && !isBenchmarkIpv4(address);
-}
-
-function normalizeHost(host: string | undefined): string | undefined {
-  if (!host) return undefined;
-  const trimmed = host.trim().replace(/\.$/, '');
-  return trimmed ? trimmed.toLowerCase() : undefined;
-}
-
-function normalizeFallbackHosts(
-  hosts: string[] | undefined,
-  canonicalHost: string,
-): string[] {
-  return (hosts ?? [])
-    .map((host) => normalizeHost(host))
-    .filter((host): host is string => Boolean(host))
-    .filter((host) => isUsableHost(host))
-    .filter((host, index, all) => host !== canonicalHost && all.indexOf(host) === index);
-}
-
-export function readConfiguredFallbackHosts(rawValue: string | undefined): string[] {
-  if (!rawValue) return [];
-  return rawValue
-    .split(',')
-    .map((entry) => entry.trim())
-    .filter(Boolean);
-}
-
-function collectInterfaceHosts(interfaces: NodeJS.Dict<NetworkInterfaceInfo[]>): string[] {
-  const tailscaleHosts: string[] = [];
-  const lanHosts: string[] = [];
-
-  for (const entries of Object.values(interfaces)) {
-    if (!entries) continue;
-    for (const entry of entries) {
-      if (entry.internal || entry.family !== 'IPv4') continue;
-      if (!isUsableHost(entry.address)) continue;
-      if (isTailscaleIpv4(entry.address)) {
-        tailscaleHosts.push(entry.address);
-      } else {
-        lanHosts.push(entry.address);
-      }
-    }
-  }
-
-  return [...tailscaleHosts, ...lanHosts];
-}
-
-export function parseTailscaleStatus(rawStatus: string): TailscaleHosts {
-  const parsed = JSON.parse(rawStatus) as TailscaleStatusPayload;
-  const dnsName = normalizeHost(parsed.Self?.DNSName);
-  const tailscaleIps = (parsed.Self?.TailscaleIPs ?? [])
-    .map((host) => normalizeHost(host))
-    .filter((host): host is string => Boolean(host))
-    .filter((host) => isTailscaleIpv4(host) && isUsableHost(host));
-  const canonicalHost = tailscaleIps[0] ?? dnsName;
-  const fallbackHosts = [
-    ...(dnsName && dnsName !== canonicalHost ? [dnsName] : []),
-    ...tailscaleIps.filter((host) => host !== canonicalHost),
-  ];
-
-  return {
-    canonicalHost,
-    fallbackHosts,
-  };
-}
-
-export function readTailscaleHosts(runCommand: typeof execFileSync = execFileSync): TailscaleHosts {
-  const socketPaths = [
-    process.env.TAILSCALE_SOCKET,
-    '/tmp/tailscale.sock',
-  ].filter(Boolean) as string[];
-
-  // Try with custom socket paths first
-  for (const socket of socketPaths) {
-    try {
-      const rawStatus = runCommand('tailscale', ['--socket', socket, 'status', '--json'], {
-        encoding: 'utf8',
-        stdio: ['ignore', 'pipe', 'pipe'],
-        timeout: 1500,
-      });
-      return parseTailscaleStatus(rawStatus);
-    } catch { /* try next */ }
-  }
-
-  // Fallback to default socket
-  try {
-    const rawStatus = runCommand('tailscale', ['status', '--json'], {
-      encoding: 'utf8',
-      stdio: ['ignore', 'pipe', 'pipe'],
-      timeout: 1500,
-    });
-    return parseTailscaleStatus(rawStatus);
-  } catch {
-    return { fallbackHosts: [] };
-  }
-}
-
-export function computeAdvertisedConnectionTarget(
-  options: AdvertisedConnectionTargetOptions,
-): AdvertisedConnectionTarget {
-  const baseCanonicalHost = normalizeHost(options.canonicalHost) || 'localhost';
-  const baseFallbackHosts = normalizeFallbackHosts(options.fallbackHosts, baseCanonicalHost);
-
-  if (!options.relayUrl) {
-    return {
-      canonicalHost: baseCanonicalHost,
-      fallbackHosts: baseFallbackHosts,
-      port: options.port,
-    };
-  }
-
-  try {
-    const relay = new URL(options.relayUrl);
-    const relayCanonicalHost = normalizeHost(relay.hostname);
-    if (!relayCanonicalHost) {
-      throw new Error('invalid relay hostname');
-    }
-
-    const relayPort = relay.port
-      ? Number(relay.port)
-      : (relay.protocol === 'https:' ? 443 : 80);
-
-    return {
-      canonicalHost: relayCanonicalHost,
-      fallbackHosts: normalizeFallbackHosts([baseCanonicalHost, ...baseFallbackHosts], relayCanonicalHost),
-      port: Number.isFinite(relayPort) && relayPort > 0 ? Math.floor(relayPort) : options.port,
-    };
-  } catch {
-    return {
-      canonicalHost: baseCanonicalHost,
-      fallbackHosts: baseFallbackHosts,
-      port: options.port,
-    };
-  }
-}
-
-export function computeAdvertisedHosts(options: AdvertisedHostsOptions): { canonicalHost: string; fallbackHosts: string[] } {
-  const baseCanonicalHost = normalizeHost(options.canonicalHost);
-  const canonicalHost = normalizeHost(options.configuredCanonicalHost)
-    || normalizeHost(options.tailscaleCanonicalHost)
-    || baseCanonicalHost
-    || 'localhost';
-  const fallbackHosts = [
-    ...(baseCanonicalHost && baseCanonicalHost !== canonicalHost
-      ? [baseCanonicalHost]
-      : []),
-    ...(options.configuredFallbackHosts ?? []),
-    ...(options.tailscaleFallbackHosts ?? []),
-    ...collectInterfaceHosts(options.interfaces),
-  ]
-    .map((host) => normalizeHost(host))
-    .filter((host): host is string => Boolean(host))
-    .filter((host) => isUsableHost(host))
-    .filter((host, index, all) => host !== canonicalHost && all.indexOf(host) === index);
-
-  return {
-    canonicalHost,
-    fallbackHosts,
-  };
-}

package/src/audit.test.ts

@@ -1,38 +0,0 @@
-import test from 'node:test';
-import assert from 'node:assert/strict';
-import { buildAppAuditEntry, sanitizeAppAuditData } from './audit.js';
-
-test('sanitizeAppAuditData strips reserved audit fields from client payloads', () => {
-  assert.deepEqual(
-    sanitizeAppAuditData({
-      event: 'override',
-      source: 'app',
-      level: 'debug',
-      appEvent: 'fake',
-      ts: '2026-01-01T00:00:00.000Z',
-      sessionId: 'session-123',
-      agent: 'codex',
-    }),
-    {
-      sessionId: 'session-123',
-      agent: 'codex',
-    },
-  );
-});
-
-test('buildAppAuditEntry preserves the audit envelope while keeping client data', () => {
-  const entry = buildAppAuditEntry('app.session.send', 'info', {
-    sessionId: 'session-123',
-    event: 'override',
-    level: 'debug',
-  }, '2026-03-21T12:00:00.000Z');
-
-  assert.deepEqual(entry, {
-    ts: '2026-03-21T12:00:00.000Z',
-    event: 'app.log',
-    source: 'app',
-    appEvent: 'app.session.send',
-    level: 'info',
-    sessionId: 'session-123',
-  });
-});

package/src/audit.ts

@@ -1,117 +0,0 @@
-/**
- * Size-bounded audit log for session lifecycle events.
- *
- * Writes JSONL to ~/.vibelet/data/audit.jsonl.
- * Each line is a self-contained event with timestamp, event type, and context.
- *
- * Usage:
- *   import { audit } from './audit.js';
- *   audit.emit('session.create', { sessionId, agent, cwd });
- *   audit.emit('session.done', { sessionId, cost, usage });
- */
-
-import { appendFileSync, mkdirSync } from 'fs';
-import { dirname } from 'path';
-import { AUDIT_PATH } from './paths.js';
-import { config } from './config.js';
-import { trimFileTailSync } from './storage-housekeeping.js';
-
-export type AuditEvent =
-  | 'session.create'
-  | 'session.resume'
-  | 'session.reconnect'
-  | 'session.send'
-  | 'session.done'
-  | 'session.interrupted'
-  | 'session.stop'
-  | 'session.delete'
-  | 'session.interrupt'
-  | 'driver.spawn'
-  | 'driver.init'
-  | 'driver.exit'
-  | 'driver.error'
-  | 'driver.idle_timeout'
-  | 'driver.stall_timeout'
-  | 'approval.request'
-  | 'approval.response'
-  | 'ws.connect'
-  | 'ws.disconnect'
-  | 'daemon.start'
-  | 'daemon.shutdown'
-  | 'daemon.error'
-  | 'app.log';
-
-export type AuditSource = 'daemon' | 'app';
-
-interface AuditEntry {
-  ts: string;
-  event: AuditEvent | string;
-  source?: AuditSource;
-  [key: string]: unknown;
-}
-
-let initialized = false;
-const APP_AUDIT_RESERVED_FIELDS = new Set(['ts', 'event', 'source', 'appEvent', 'level']);
-
-function isTestRuntime(): boolean {
-  return process.env.VIBE_TEST === '1' || process.argv.includes('--test');
-}
-
-export function sanitizeAppAuditData(data: Record<string, unknown> = {}): Record<string, unknown> {
-  const sanitized: Record<string, unknown> = {};
-  for (const [key, value] of Object.entries(data)) {
-    if (APP_AUDIT_RESERVED_FIELDS.has(key)) continue;
-    sanitized[key] = value;
-  }
-  return sanitized;
-}
-
-export function buildAppAuditEntry(
-  appEvent: string,
-  level: string,
-  data: Record<string, unknown> = {},
-  clientTs?: string,
-): AuditEntry {
-  return {
-    ts: clientTs ?? new Date().toISOString(),
-    event: 'app.log',
-    source: 'app' as AuditSource,
-    appEvent,
-    level,
-    ...sanitizeAppAuditData(data),
-  };
-}
-
-function ensureDir(): void {
-  if (initialized) return;
-  mkdirSync(dirname(AUDIT_PATH), { recursive: true });
-  initialized = true;
-}
-
-class AuditLog {
-  emit(event: AuditEvent, data: Record<string, unknown> = {}): void {
-    this.write({ ts: new Date().toISOString(), event, ...data });
-  }
-
-  /** Write an app-reported log entry. Preserves client-side timestamp if provided. */
-  emitApp(appEvent: string, level: string, data: Record<string, unknown> = {}, clientTs?: string): void {
-    this.write(buildAppAuditEntry(appEvent, level, data, clientTs));
-  }
-
-  private write(entry: Record<string, unknown>): void {
-    if (isTestRuntime()) return;
-    ensureDir();
-    try {
-      const line = JSON.stringify(entry) + '\n';
-      trimFileTailSync(AUDIT_PATH, {
-        maxBytes: config.auditMaxBytes,
-        incomingBytes: Buffer.byteLength(line),
-      });
-      appendFileSync(AUDIT_PATH, line);
-    } catch {
-      // Audit log is best-effort — never crash the daemon
-    }
-  }
-}
-
-export const audit = new AuditLog();

package/src/auth.ts

@@ -1,31 +0,0 @@
-export function isLoopbackAddress(address: string | undefined): boolean {
-  if (!address) return false;
-  return address === '127.0.0.1'
-    || address === '::1'
-    || address === '::ffff:127.0.0.1';
-}
-
-export function readBearerToken(header: string | undefined): string | null {
-  if (!header) return null;
-  const match = header.match(/^Bearer\s+(.+)$/i);
-  return match?.[1]?.trim() || null;
-}
-
-export function resolveRequestToken(authHeader: string | undefined, queryToken: string | null): string | null {
-  return readBearerToken(authHeader) ?? queryToken;
-}
-
-export function isLegacyToken(token: string | null, legacyToken: string): boolean {
-  return Boolean(token && legacyToken && token === legacyToken);
-}
-
-export function isAuthorizedToken(
-  token: string | null,
-  legacyToken: string,
-  validatePairToken: (token: string, touch?: boolean) => unknown,
-  touch = true,
-): boolean {
-  if (!token) return false;
-  if (isLegacyToken(token, legacyToken)) return true;
-  return Boolean(validatePairToken(token, touch));
-}