@wipcomputer/wip-ldm-os 0.4.73-alpha.29 → 0.4.73-alpha.30

package/bin/ldm.js

@@ -446,6 +446,98 @@ function syncInboxCheckHook() {
   return changed;
 }
 
+// ── Inbox rewake hook sync ──
+//
+// Deploys src/hooks/inbox-rewake-hook.mjs to ~/.ldm/library/hooks/ and
+// wires it into ~/.claude/settings.json as a Stop hook with
+// `asyncRewake: true`. This is the autonomous push layer that wakes
+// an idle Claude Code session when a bridge message arrives, without
+// the user having to type anything.
+//
+// Mechanics: the Stop hook fires after every CC turn. The rewake hook
+// acquires a per-session lock file (so concurrent Stop-event spawns do
+// not stack), then holds a long-lived fs.watch on ~/.ldm/messages/.
+// When a matching message file arrives, the hook writes the message to
+// stderr and exits with code 2. The CC harness wraps that stderr into
+// a system-reminder task-notification that wakes the idle model or
+// gets injected mid-query if the model is busy. See Claude Code's
+// `src/utils/hooks.ts` asyncRewake path for the exact mechanism.
+//
+// This closes the layer 1 gap from:
+//   ai/product/plans-prds/bridge/2026-04-11--cc-mini--autonomous-push-architecture.md
+//
+// Layers 2-4 (UserPromptSubmit inbox-check hook, SessionStart boot
+// hook, manual lesa_check_inbox) remain as independent fallbacks.
+//
+// Idempotent: subsequent installs update the file only if its contents
+// changed, and only add the settings.json entry if it isn't already
+// wired to the exact same command path.
+function syncInboxRewakeHook() {
+  const srcHook = join(__dirname, '..', 'src', 'hooks', 'inbox-rewake-hook.mjs');
+  const destHook = join(LDM_ROOT, 'library', 'hooks', 'inbox-rewake-hook.mjs');
+  let changed = false;
+
+  if (!existsSync(srcHook)) return false;
+
+  // 1. File deploy: copy src/hooks/inbox-rewake-hook.mjs to ~/.ldm/library/hooks/
+  try {
+    const srcContent = readFileSync(srcHook, 'utf8');
+    let destContent = '';
+    try { destContent = readFileSync(destHook, 'utf8'); } catch {}
+
+    if (srcContent !== destContent) {
+      mkdirSync(dirname(destHook), { recursive: true });
+      writeFileSync(destHook, srcContent);
+      changed = true;
+    }
+  } catch {
+    return false;
+  }
+
+  // 2. Settings.json patch: wire the hook into hooks.Stop as an
+  //    asyncRewake background hook if absent.
+  const settingsPath = join(HOME, '.claude', 'settings.json');
+  if (!existsSync(settingsPath)) return changed;
+
+  try {
+    const raw = readFileSync(settingsPath, 'utf8');
+    const settings = JSON.parse(raw);
+    if (!settings.hooks) settings.hooks = {};
+    if (!settings.hooks.Stop) settings.hooks.Stop = [];
+
+    const hookCommand = `node ${destHook}`;
+    const alreadyWired = settings.hooks.Stop.some(group =>
+      Array.isArray(group.hooks) &&
+      group.hooks.some(h =>
+        h.type === 'command' &&
+        h.command === hookCommand &&
+        h.asyncRewake === true,
+      ),
+    );
+
+    if (!alreadyWired) {
+      settings.hooks.Stop.push({
+        hooks: [{
+          type: 'command',
+          command: hookCommand,
+          async: true,
+          asyncRewake: true,
+          // 6 hours: matches the rewake hook's internal hard timeout.
+          // The hook self-terminates well before this on parent death,
+          // hard cancel, or match, so this is just a runaway guard.
+          timeout: 21600,
+        }],
+      });
+      writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
+      changed = true;
+    }
+  } catch {
+    // Settings file malformed or unreadable. Leave it alone.
+  }
+
+  return changed;
+}
+
 // ── Catalog helpers ──
 
 function loadCatalog() {
@@ -2494,6 +2586,14 @@ async function cmdInstallCatalog() {
     console.log('  + Inbox-check hook updated (bridge messages surface automatically)');
   }
 
+  // Sync inbox-rewake hook: Stop hook with asyncRewake that watches
+  // ~/.ldm/messages/ in the background and wakes the model when a new
+  // bridge message arrives, without requiring user interaction. Layer 1
+  // of the April 11 autonomous-push-architecture plan.
+  if (syncInboxRewakeHook()) {
+    console.log('  + Inbox-rewake hook updated (autonomous push: wakes on new bridge message)');
+  }
+
   // Deploy git pre-commit hook on every install (not just init)
   const hooksDir = join(LDM_ROOT, 'hooks');
   const preCommitDest = join(hooksDir, 'pre-commit');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.73-alpha.29",
+  "version": "0.4.73-alpha.30",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {

package/src/hooks/inbox-rewake-hook.mjs

@@ -0,0 +1,338 @@
+#!/usr/bin/env node
+/**
+ * LDM OS Inbox Rewake Hook
+ *
+ * asyncRewake background hook for Claude Code. Watches ~/.ldm/messages/
+ * with fs.watch and, when a new message addressed to this agent:session
+ * arrives, writes the message as a system-reminder to stderr and exits
+ * with code 2. Claude Code's harness wraps the stderr in a system-reminder
+ * task-notification that wakes the model if idle or gets injected mid-query
+ * if the model is busy. See:
+ *
+ *   ai/product/plans-prds/bridge/2026-04-11--cc-mini--autonomous-push-architecture.md
+ *
+ * Attached as a Stop hook with asyncRewake: true. Fires after every CC
+ * turn. A lockfile prevents multiple instances from stacking across many
+ * Stop events: only the first instance acquires the lock and watches;
+ * subsequent instances see the lock held by a live process and exit 0
+ * silently. The lock is released when the watching instance exits
+ * (message caught, parent dead, hard timeout, or hard cancel).
+ *
+ * This hook is the "true push" layer 1 from the plan. Layers 2-4
+ * (UserPromptSubmit inbox-check hook, SessionStart boot hook, manual
+ * lesa_check_inbox) remain as independent fallbacks.
+ *
+ * Idempotent with inbox-check-hook.mjs: after firing, this hook marks
+ * the message file's `read` field to true so the UserPromptSubmit hook
+ * on the next user prompt does not re-surface the same message.
+ *
+ * Zero external dependencies beyond node:fs, node:path, node:os.
+ */
+
+import {
+  existsSync,
+  readFileSync,
+  readdirSync,
+  writeFileSync,
+  unlinkSync,
+  watch,
+} from 'node:fs';
+import { join, basename } from 'node:path';
+import { homedir } from 'node:os';
+
+const HOME = homedir();
+const MESSAGES_DIR = join(HOME, '.ldm', 'messages');
+const LOCK_PATH = join(MESSAGES_DIR, '.rewake.lock');
+const LDM_CONFIG_PATH = join(HOME, '.ldm', 'config.json');
+const TAG = '[inbox-rewake-hook]';
+
+// Hard safety timeout: the watcher exits after 6 hours no matter what,
+// so it cannot leak forever if the parent check or lock cleanup misses.
+const HARD_TIMEOUT_MS = 6 * 60 * 60 * 1000;
+
+// Parent CC process liveness check: every minute, verify the parent PID
+// is still alive. If the parent died while this background hook is
+// running, exit cleanly so we do not orphan.
+const PARENT_CHECK_INTERVAL_MS = 60 * 1000;
+
+// ── Helpers (mirror inbox-check-hook.mjs) ──
+
+function readJSON(path) {
+  try {
+    return JSON.parse(readFileSync(path, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function getAgentId() {
+  const config = readJSON(LDM_CONFIG_PATH);
+  if (config?.agents) {
+    for (const [id, agent] of Object.entries(config.agents)) {
+      if (agent.harness === 'claude-code') return id;
+    }
+  }
+  return 'cc-mini';
+}
+
+function getSessionName(input) {
+  // Mirror inbox-check-hook.mjs: CC writes /rename labels to
+  // ~/.claude/sessions/<pid>.json, and this hook is spawned fresh by CC
+  // so ppid = CC PID. Reading the session file picks up /rename and
+  // /resume labels without any env var or restart.
+  try {
+    const ccSessionPath = join(HOME, '.claude', 'sessions', `${process.ppid}.json`);
+    const data = JSON.parse(readFileSync(ccSessionPath, 'utf8'));
+    if (data.name && typeof data.name === 'string') {
+      return data.name;
+    }
+  } catch {
+    // No session file. Normal for non-CC harnesses.
+  }
+  return (
+    process.env.LDM_SESSION_NAME ||
+    process.env.CLAUDE_SESSION_NAME ||
+    basename(input?.cwd || process.cwd()) ||
+    'default'
+  );
+}
+
+/**
+ * Check if a message's "to" field matches this agent:session.
+ * Same logic as inbox-check-hook.mjs so both hooks agree on routing.
+ */
+function messageMatchesAgent(to, agentId, sessionName) {
+  if (!to) return false;
+  if (to === '*' || to === 'all') return true;
+  if (to === agentId) return true;
+  if (to === `${agentId}:*`) return true;
+  if (to === `${agentId}:${sessionName}`) return true;
+  if (to === sessionName) return true;
+  return false;
+}
+
+// ── Lock management ──
+//
+// A single machine may have seven or more concurrent CC sessions, each
+// spawning its own rewake hook on every Stop event. Without a lock, we
+// accumulate fs.watch handles forever and every new message fires all
+// pending hooks simultaneously.
+//
+// The lock is per-session, keyed by agent:session, so different CC
+// sessions do not block each other. The lock file lives at
+// ~/.ldm/messages/.rewake.<agent>-<session>.lock and contains the PID
+// of the watching process. Subsequent hook spawns in the same session
+// see the lock, verify the PID is alive, and exit silently.
+
+function lockPathFor(agentId, sessionName) {
+  // Replace any filesystem-unfriendly chars with '-' so session names
+  // like "memory:crystal" or "brainstorm (oc)" do not produce invalid
+  // filenames. Keeps alphanumerics, dashes, underscores.
+  const safe = `${agentId}-${sessionName}`.replace(/[^a-zA-Z0-9._-]/g, '-');
+  return join(MESSAGES_DIR, `.rewake.${safe}.lock`);
+}
+
+function pidIsAlive(pid) {
+  try {
+    process.kill(pid, 0); // signal 0 is a liveness probe
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function acquireLock(lockPath) {
+  try {
+    if (existsSync(lockPath)) {
+      const raw = readFileSync(lockPath, 'utf8').trim();
+      const existing = parseInt(raw, 10);
+      if (existing && existing > 0 && pidIsAlive(existing)) {
+        return false;
+      }
+      // Stale lock: previous holder is dead, take over.
+      try { unlinkSync(lockPath); } catch {}
+    }
+  } catch {}
+
+  try {
+    writeFileSync(lockPath, String(process.pid));
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function releaseLock(lockPath) {
+  try {
+    if (!existsSync(lockPath)) return;
+    const raw = readFileSync(lockPath, 'utf8').trim();
+    const pid = parseInt(raw, 10);
+    if (pid === process.pid) {
+      unlinkSync(lockPath);
+    }
+  } catch {}
+}
+
+// ── Message delivery ──
+//
+// When a match is found, we:
+//   1. Mark the file's `read` field to true (so inbox-check-hook.mjs on
+//      the next UserPromptSubmit does not re-surface it).
+//   2. Write the formatted message body to stderr.
+//   3. Release the lock.
+//   4. process.exit(2) to trigger Claude Code's asyncRewake wake path.
+
+function markRead(filePath) {
+  try {
+    const data = readJSON(filePath);
+    if (!data) return;
+    data.read = true;
+    writeFileSync(filePath, JSON.stringify(data, null, 2) + '\n');
+  } catch {
+    // Non-fatal. Worst case: inbox-check-hook surfaces the same message
+    // on the next UserPromptSubmit. That is still correct behavior; it
+    // just means the same message gets two surfaces.
+  }
+}
+
+function fireMessage(msg, filePath, lockPath, agentId, sessionName) {
+  markRead(filePath);
+
+  const body =
+    `== Bridge Push (autonomous) ==\n` +
+    `You have 1 new message delivered by the inbox-rewake hook while you were idle. ` +
+    `The message was addressed to ${agentId}:${sessionName} and is now marked read in the inbox.\n\n` +
+    `[${msg.type || 'chat'}] from ${msg.from || 'unknown'} (${msg.timestamp || 'no timestamp'}):\n` +
+    `${msg.body || '(empty)'}\n\n` +
+    `Acknowledge or respond as appropriate. Use lesa_check_inbox or ldm_send_message to continue the thread.`;
+
+  process.stderr.write(body);
+  process.stderr.write(`\n${TAG} fired for ${msg.id || '(no id)'} to ${agentId}:${sessionName}\n`);
+
+  releaseLock(lockPath);
+  process.exit(2);
+}
+
+// ── Main ──
+
+async function main() {
+  // Drain stdin even if we ignore it. Hooks receive JSON per the CC
+  // hook protocol; we do not need any of the fields here.
+  let raw = '';
+  try {
+    for await (const chunk of process.stdin) raw += chunk;
+  } catch {}
+
+  let input = {};
+  try { input = JSON.parse(raw); } catch {}
+
+  if (!existsSync(MESSAGES_DIR)) {
+    // Nothing to watch. Exit silently. A future install will recreate.
+    process.exit(0);
+  }
+
+  const agentId = getAgentId();
+  const sessionName = getSessionName(input);
+  const lockPath = lockPathFor(agentId, sessionName);
+  const parentPid = process.ppid;
+
+  // Try to take the lock. If another instance of this session's rewake
+  // hook is already watching, exit silently and let them handle it.
+  if (!acquireLock(lockPath)) {
+    process.stderr.write(
+      `${TAG} another live instance holds ${basename(lockPath)}, exiting\n`,
+    );
+    process.exit(0);
+  }
+
+  // Guarantee we release the lock on any exit path.
+  process.on('exit', () => releaseLock(lockPath));
+  process.on('SIGTERM', () => { releaseLock(lockPath); process.exit(0); });
+  process.on('SIGINT',  () => { releaseLock(lockPath); process.exit(0); });
+  process.on('uncaughtException', (err) => {
+    process.stderr.write(`${TAG} uncaughtException: ${err.message}\n`);
+    releaseLock(lockPath);
+    process.exit(0);
+  });
+
+  // Track which message IDs we have already fired for in this run.
+  // fs.watch can fire multiple events for a single file write; the
+  // in-memory set prevents duplicate firings in the window between
+  // writing `read: true` to disk and the next scan picking it up.
+  const seen = new Set();
+
+  function inspectFile(filePath) {
+    const data = readJSON(filePath);
+    if (!data) return false;
+    if (data.read === true) return false;
+    if (data.id && seen.has(data.id)) return false;
+    if (!messageMatchesAgent(data.to, agentId, sessionName)) return false;
+    if (data.id) seen.add(data.id);
+
+    fireMessage(data, filePath, lockPath, agentId, sessionName);
+    return true; // fireMessage exits, but be explicit.
+  }
+
+  function scanDir() {
+    try {
+      const files = readdirSync(MESSAGES_DIR).filter((f) => f.endsWith('.json'));
+      for (const file of files) {
+        if (inspectFile(join(MESSAGES_DIR, file))) return true;
+      }
+    } catch {}
+    return false;
+  }
+
+  // Initial scan: catch any messages that arrived between the previous
+  // hook instance exiting and this one starting up.
+  if (scanDir()) return;
+
+  // Set up the fs.watch for new messages.
+  let watcher;
+  try {
+    watcher = watch(MESSAGES_DIR, { persistent: true }, (eventType, filename) => {
+      if (!filename || !filename.endsWith('.json')) return;
+      // Re-scan on every event. fs.watch can coalesce or miss events
+      // under load, so scanning the directory is more reliable than
+      // trusting the filename argument alone.
+      scanDir();
+    });
+  } catch (e) {
+    process.stderr.write(`${TAG} fs.watch failed: ${e.message}\n`);
+    releaseLock(lockPath);
+    process.exit(0);
+  }
+
+  // Parent process liveness check. If the CC session that spawned us
+  // has exited, stop watching and release the lock.
+  const parentCheck = setInterval(() => {
+    if (!pidIsAlive(parentPid)) {
+      process.stderr.write(`${TAG} parent pid ${parentPid} is dead, exiting\n`);
+      clearInterval(parentCheck);
+      if (watcher) watcher.close();
+      releaseLock(lockPath);
+      process.exit(0);
+    }
+  }, PARENT_CHECK_INTERVAL_MS);
+
+  // Hard safety timeout.
+  const hardTimeout = setTimeout(() => {
+    process.stderr.write(`${TAG} hard timeout after ${HARD_TIMEOUT_MS / 1000}s\n`);
+    clearInterval(parentCheck);
+    if (watcher) watcher.close();
+    releaseLock(lockPath);
+    process.exit(0);
+  }, HARD_TIMEOUT_MS);
+
+  // Let the timers keep the event loop alive. If either timer fires or
+  // the watcher fires a message match, the process exits and releases
+  // the lock.
+  process.stderr.write(
+    `${TAG} watching ${MESSAGES_DIR} for ${agentId}:${sessionName} (parent pid ${parentPid})\n`,
+  );
+}
+
+main().catch((err) => {
+  process.stderr.write(`${TAG} fatal in main: ${err && err.message}\n`);
+  process.exit(0);
+});