@westbayberry/dg 1.3.3 → 2.0.0

package/dist/state/cleanup-registry.js

@@ -0,0 +1,60 @@
+import { readJsonFile, writeJsonFileAtomic } from "./store.js";
+import { acquireLock, CLEANUP_REGISTRY_LOCK } from "./locks.js";
+export function emptyCleanupRegistry() {
+    return {
+        version: 1,
+        entries: []
+    };
+}
+export async function readCleanupRegistry(paths) {
+    const registry = await readJsonFile(paths.cleanupRegistryPath, emptyCleanupRegistry());
+    if (registry.version !== 1 || !Array.isArray(registry.entries)) {
+        throw new Error(`Unsupported cleanup registry at ${paths.cleanupRegistryPath}`);
+    }
+    return registry;
+}
+export async function writeCleanupRegistry(paths, registry) {
+    await writeJsonFileAtomic(paths.cleanupRegistryPath, registry);
+}
+export async function recordCleanupEntry(paths, entry) {
+    const lock = await acquireLock(paths, CLEANUP_REGISTRY_LOCK);
+    try {
+        const registry = await readCleanupRegistry(paths);
+        const nextEntry = {
+            ...entry,
+            installedAt: entry.installedAt ?? new Date().toISOString(),
+            owner: "dg"
+        };
+        const entries = registry.entries.filter((candidate) => !sameRegistryTarget(candidate, nextEntry));
+        const next = {
+            version: 1,
+            entries: [...entries, nextEntry]
+        };
+        await writeCleanupRegistry(paths, next);
+        return next;
+    }
+    finally {
+        await lock.release();
+    }
+}
+export async function removeCleanupEntry(paths, target) {
+    const lock = await acquireLock(paths, CLEANUP_REGISTRY_LOCK);
+    try {
+        const registry = await readCleanupRegistry(paths);
+        const next = {
+            version: 1,
+            entries: registry.entries.filter((candidate) => !sameRegistryTarget(candidate, target))
+        };
+        await writeCleanupRegistry(paths, next);
+        return next;
+    }
+    finally {
+        await lock.release();
+    }
+}
+export function ownedCleanupEntries(registry) {
+    return registry.entries.filter((entry) => entry.owner === "dg");
+}
+function sameRegistryTarget(left, right) {
+    return left.kind === right.kind && left.path === right.path && left.sentinel === right.sentinel;
+}

package/dist/state/index.js

@@ -0,0 +1,5 @@
+export * from "./cleanup-registry.js";
+export * from "./locks.js";
+export * from "./paths.js";
+export * from "./sessions.js";
+export * from "./store.js";

package/dist/state/locks.js

@@ -0,0 +1,161 @@
+import { closeSync, mkdirSync, openSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs";
+import { mkdir, open, readFile, rename, rm, stat } from "node:fs/promises";
+import { join } from "node:path";
+export const CLEANUP_REGISTRY_LOCK = "cleanup-registry";
+let takeoverCounter = 0;
+function isErrno(error, code) {
+    return typeof error === "object" && error !== null && "code" in error && error.code === code;
+}
+export class LockBusyError extends Error {
+    path;
+    constructor(path) {
+        super(`dg lock is already held: ${path}`);
+        this.path = path;
+        this.name = "LockBusyError";
+    }
+}
+export async function acquireLock(paths, name, options = {}) {
+    assertLockName(name);
+    await mkdir(paths.locksDir, {
+        recursive: true
+    });
+    const path = join(paths.locksDir, `${name}.lock`);
+    await removeStaleLock(path, options);
+    let handle;
+    try {
+        handle = await open(path, "wx", 0o600);
+    }
+    catch (error) {
+        if (isErrno(error, "EEXIST")) {
+            throw new LockBusyError(path);
+        }
+        throw error;
+    }
+    const metadata = {
+        pid: process.pid,
+        acquiredAt: (options.now ?? new Date()).toISOString()
+    };
+    try {
+        await handle.writeFile(`${JSON.stringify(metadata)}\n`, "utf8");
+    }
+    finally {
+        await handle.close();
+    }
+    return {
+        name,
+        path,
+        release: async () => {
+            await rm(path, {
+                force: true
+            });
+        }
+    };
+}
+export function acquireLockSync(paths, name, options = {}) {
+    assertLockName(name);
+    mkdirSync(paths.locksDir, {
+        recursive: true
+    });
+    const path = join(paths.locksDir, `${name}.lock`);
+    removeStaleLockSync(path, options);
+    let fd;
+    try {
+        fd = openSync(path, "wx", 0o600);
+    }
+    catch (error) {
+        if (isErrno(error, "EEXIST")) {
+            throw new LockBusyError(path);
+        }
+        throw error;
+    }
+    const metadata = {
+        pid: process.pid,
+        acquiredAt: (options.now ?? new Date()).toISOString()
+    };
+    try {
+        writeFileSync(fd, `${JSON.stringify(metadata)}\n`, "utf8");
+    }
+    finally {
+        closeSync(fd);
+    }
+    return {
+        name,
+        path,
+        release: () => {
+            rmSync(path, {
+                force: true
+            });
+        }
+    };
+}
+export async function readLockMetadata(path) {
+    return JSON.parse(await readFile(path, "utf8"));
+}
+async function removeStaleLock(path, options) {
+    if (!options.staleMs) {
+        return;
+    }
+    const details = await stat(path).catch((error) => {
+        if (isErrno(error, "ENOENT")) {
+            return null;
+        }
+        throw error;
+    });
+    if (!details) {
+        return;
+    }
+    const now = options.now?.getTime() ?? Date.now();
+    if (now - details.mtimeMs < options.staleMs) {
+        return;
+    }
+    const takeoverPath = `${path}.stale-${process.pid}-${++takeoverCounter}`;
+    try {
+        await rename(path, takeoverPath);
+    }
+    catch (error) {
+        if (isErrno(error, "ENOENT")) {
+            return;
+        }
+        throw error;
+    }
+    await rm(takeoverPath, {
+        force: true
+    });
+}
+function removeStaleLockSync(path, options) {
+    if (!options.staleMs) {
+        return;
+    }
+    let details;
+    try {
+        details = statSync(path);
+    }
+    catch (error) {
+        if (isErrno(error, "ENOENT")) {
+            return;
+        }
+        throw error;
+    }
+    const now = options.now?.getTime() ?? Date.now();
+    if (now - details.mtimeMs < options.staleMs) {
+        return;
+    }
+    const takeoverPath = `${path}.stale-${process.pid}-${++takeoverCounter}`;
+    try {
+        renameSync(path, takeoverPath);
+    }
+    catch (error) {
+        if (isErrno(error, "ENOENT")) {
+            return;
+        }
+        throw error;
+    }
+    rmSync(takeoverPath, {
+        force: true
+    });
+}
+function assertLockName(name) {
+    if (!/^[a-z][a-z0-9-]{0,63}$/.test(name)) {
+        throw new Error(`Invalid dg lock name: ${name}`);
+    }
+}

package/dist/state/paths.js

@@ -0,0 +1,24 @@
+import { homedir } from "node:os";
+import { isAbsolute, join } from "node:path";
+export function resolveDgPaths(env = process.env) {
+    const homeDir = env.HOME && isAbsolute(env.HOME) ? env.HOME : homedir();
+    const fallbackRoot = join(homeDir, ".dg");
+    const configDir = xdgPath(env.XDG_CONFIG_HOME, fallbackRoot);
+    const stateDir = xdgPath(env.XDG_STATE_HOME, join(fallbackRoot, "state"));
+    const cacheDir = xdgPath(env.XDG_CACHE_HOME, join(fallbackRoot, "cache"));
+    return {
+        homeDir,
+        configDir,
+        stateDir,
+        cacheDir,
+        sessionsDir: join(stateDir, "sessions"),
+        cleanupRegistryPath: join(stateDir, "cleanup-registry.json"),
+        locksDir: join(stateDir, "locks")
+    };
+}
+function xdgPath(value, fallback) {
+    if (!value || !isAbsolute(value)) {
+        return fallback;
+    }
+    return join(value, "dg");
+}

package/dist/state/sessions.js

@@ -0,0 +1,170 @@
+import { mkdirSync, readdirSync, rmSync, statSync } from "node:fs";
+import { appendFile, mkdir, readdir, rm, stat } from "node:fs/promises";
+import { join } from "node:path";
+import { randomUUID } from "node:crypto";
+import { readJsonFile, writeJsonFileAtomic } from "./store.js";
+export async function createSession(paths, id = randomUUID()) {
+    assertSessionId(id);
+    const dir = join(paths.sessionsDir, id);
+    await mkdir(paths.sessionsDir, {
+        recursive: true,
+        mode: 0o700
+    });
+    await mkdir(dir, {
+        recursive: false,
+        mode: 0o700
+    });
+    return {
+        id,
+        dir,
+        files: sessionFiles(dir)
+    };
+}
+export function createSessionSync(paths, id = randomUUID()) {
+    assertSessionId(id);
+    const dir = join(paths.sessionsDir, id);
+    mkdirSync(paths.sessionsDir, {
+        recursive: true,
+        mode: 0o700
+    });
+    mkdirSync(dir, {
+        recursive: false,
+        mode: 0o700
+    });
+    return {
+        id,
+        dir,
+        files: sessionFiles(dir)
+    };
+}
+export async function writeSessionJson(session, name, value) {
+    await writeJsonFileAtomic(session.files[name], value);
+}
+export async function readSessionJson(session, name, fallback) {
+    return readJsonFile(session.files[name], fallback);
+}
+export async function appendSessionLog(session, value) {
+    await appendFile(session.files.log, `${JSON.stringify(value)}\n`, {
+        encoding: "utf8",
+        mode: 0o600
+    });
+}
+export async function cleanupSession(session) {
+    await rm(session.dir, {
+        force: true,
+        recursive: true
+    });
+}
+export function cleanupSessionSync(session) {
+    rmSync(session.dir, {
+        force: true,
+        recursive: true
+    });
+}
+export async function sweepStaleSessions(paths, options) {
+    const now = options.now?.getTime() ?? Date.now();
+    const entries = await readdir(paths.sessionsDir, {
+        withFileTypes: true
+    }).catch((error) => {
+        if (typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT") {
+            return [];
+        }
+        throw error;
+    });
+    const removed = [];
+    for (const entry of entries) {
+        if (!entry.isDirectory() || !isValidSessionId(entry.name)) {
+            continue;
+        }
+        const dir = join(paths.sessionsDir, entry.name);
+        const details = await stat(dir).catch((error) => {
+            if (isEnoent(error)) {
+                return null;
+            }
+            throw error;
+        });
+        if (!details || now - details.mtimeMs < options.olderThanMs) {
+            continue;
+        }
+        await rm(dir, {
+            force: true,
+            recursive: true
+        });
+        removed.push(entry.name);
+    }
+    return {
+        removed
+    };
+}
+export function findStaleSessionsSync(paths, options) {
+    const now = options.now?.getTime() ?? Date.now();
+    let entries;
+    try {
+        entries = readdirSync(paths.sessionsDir, {
+            withFileTypes: true
+        });
+    }
+    catch (error) {
+        if (typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT") {
+            return {
+                stale: []
+            };
+        }
+        throw error;
+    }
+    const stale = [];
+    for (const entry of entries) {
+        if (!entry.isDirectory() || !isValidSessionId(entry.name)) {
+            continue;
+        }
+        const dir = join(paths.sessionsDir, entry.name);
+        let details;
+        try {
+            details = statSync(dir);
+        }
+        catch (error) {
+            if (isEnoent(error)) {
+                continue;
+            }
+            throw error;
+        }
+        if (now - details.mtimeMs >= options.olderThanMs) {
+            stale.push(entry.name);
+        }
+    }
+    return {
+        stale
+    };
+}
+export function sweepStaleSessionsSync(paths, options) {
+    const report = findStaleSessionsSync(paths, options);
+    for (const id of report.stale) {
+        rmSync(join(paths.sessionsDir, id), {
+            force: true,
+            recursive: true
+        });
+    }
+    return {
+        removed: report.stale
+    };
+}
+function sessionFiles(dir) {
+    return {
+        proxy: join(dir, "proxy.json"),
+        ca: join(dir, "ca.pem"),
+        block: join(dir, "block.json"),
+        hash: join(dir, "hash.json"),
+        log: join(dir, "log.jsonl")
+    };
+}
+function assertSessionId(id) {
+    if (!isValidSessionId(id)) {
+        throw new Error(`Invalid dg session id: ${id}`);
+    }
+}
+function isValidSessionId(id) {
+    return /^[a-zA-Z0-9][a-zA-Z0-9._-]{0,127}$/.test(id);
+}
+function isEnoent(error) {
+    return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+}

package/dist/state/store.js

@@ -0,0 +1,50 @@
+import { mkdir, readFile, rename, rm, writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+import { randomUUID } from "node:crypto";
+export class JsonStoreError extends Error {
+    cause;
+    constructor(message, cause) {
+        super(message);
+        this.cause = cause;
+        this.name = "JsonStoreError";
+    }
+}
+export async function readJsonFile(path, fallback) {
+    try {
+        const content = await readFile(path, "utf8");
+        return JSON.parse(content);
+    }
+    catch (error) {
+        if (isNotFound(error)) {
+            return fallback;
+        }
+        if (error instanceof SyntaxError) {
+            throw new JsonStoreError(`Malformed JSON store at ${path}`, error);
+        }
+        throw error;
+    }
+}
+export async function writeJsonFileAtomic(path, value) {
+    await mkdir(dirname(path), {
+        recursive: true
+    });
+    const tempPath = `${path}.${process.pid}.${randomUUID()}.tmp`;
+    const payload = `${JSON.stringify(value, null, 2)}\n`;
+    try {
+        await writeFile(tempPath, payload, {
+            encoding: "utf8",
+            flag: "wx",
+            mode: 0o600
+        });
+        await rename(tempPath, path);
+    }
+    catch (error) {
+        await rm(tempPath, {
+            force: true
+        });
+        throw error;
+    }
+}
+function isNotFound(error) {
+    return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+}

package/dist/telemetry/events.js

@@ -0,0 +1,40 @@
+import { appendFileSync, mkdirSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { loadUserConfig } from "../config/settings.js";
+import { resolveDgPaths } from "../state/index.js";
+const ALLOWED_ATTRIBUTE_KEYS = new Set(["command", "exitCode", "policyMode", "decision", "packageCount", "authenticated"]);
+export function telemetryLogPath(paths) {
+    return join(paths.stateDir, "telemetry.jsonl");
+}
+export function buildTelemetryEvent(type, attributes, now = new Date()) {
+    return {
+        type,
+        createdAt: now.toISOString(),
+        attributes: sanitizeTelemetryAttributes(attributes)
+    };
+}
+export function recordTelemetryEvent(event, env = process.env) {
+    const config = loadUserConfig(env);
+    if (!config.telemetry.enabled) {
+        return false;
+    }
+    const path = telemetryLogPath(resolveDgPaths(env));
+    mkdirSync(dirname(path), {
+        recursive: true,
+        mode: 0o700
+    });
+    appendFileSync(path, `${JSON.stringify(event)}\n`, {
+        encoding: "utf8",
+        mode: 0o600
+    });
+    return true;
+}
+function sanitizeTelemetryAttributes(attributes) {
+    const sanitized = {};
+    for (const [key, value] of Object.entries(attributes)) {
+        if (ALLOWED_ATTRIBUTE_KEYS.has(key)) {
+            sanitized[key] = value;
+        }
+    }
+    return sanitized;
+}

package/dist/util/git.js

@@ -0,0 +1,20 @@
+import { spawnSync } from "node:child_process";
+const DEFAULT_MAX_BUFFER = 256 * 1024 * 1024;
+export function gitSync(args, options) {
+    const result = spawnSync("git", [...args], {
+        cwd: options.cwd,
+        env: options.env ?? process.env,
+        encoding: "utf8",
+        maxBuffer: options.maxBuffer ?? DEFAULT_MAX_BUFFER
+    });
+    return {
+        ok: result.status === 0,
+        code: result.status,
+        stdout: result.stdout ?? "",
+        stderr: (result.stderr ?? "").trim()
+    };
+}
+export function gitTrimmed(args, options) {
+    const result = gitSync(args, options);
+    return result.ok ? result.stdout.trim() : null;
+}

package/dist/util/tty-prompt.js

@@ -0,0 +1,43 @@
+import { closeSync, openSync, readSync } from "node:fs";
+export function promptYesNo(question, defaultYes, out = process.stderr) {
+    let tty;
+    try {
+        tty = openSync("/dev/tty", "rs");
+    }
+    catch {
+        return null;
+    }
+    try {
+        out.write(`${question} ${defaultYes ? "[Y/n]" : "[y/N]"} `);
+        const byte = Buffer.alloc(1);
+        let answer = "";
+        for (;;) {
+            let read = 0;
+            try {
+                read = readSync(tty, byte, 0, 1, null);
+            }
+            catch (error) {
+                if (error.code === "EAGAIN") {
+                    continue;
+                }
+                break;
+            }
+            if (read === 0) {
+                break;
+            }
+            const char = byte.toString("utf8");
+            if (char === "\n" || char === "\r") {
+                break;
+            }
+            answer += char;
+        }
+        const normalized = answer.trim().toLowerCase();
+        if (normalized === "") {
+            return defaultYes;
+        }
+        return normalized === "y" || normalized === "yes";
+    }
+    finally {
+        closeSync(tty);
+    }
+}