aggroot 1.3.8 → 1.3.9

package/install-linux.sh

@@ -77,8 +77,24 @@ else
 fi
 echo ""
 
-# 步骤 3: 构建项目
-echo -e "${YELLOW}[3/3] 构建项目...${NC}"
+# 步骤 3: 安装浏览器
+echo -e "${YELLOW}[3/4] 安装 Playwright 浏览器...${NC}"
+export PLAYWRIGHT_DOWNLOAD_HOST=https://npmmirror.com/mirrors/playwright
+if ! npx playwright install chromium; then
+    echo -e "${YELLOW}淘宝镜像失败，尝试官方源...${NC}"
+    unset PLAYWRIGHT_DOWNLOAD_HOST
+    if ! npx playwright install chromium; then
+        echo -e "${YELLOW}⚠️ 警告: 浏览器安装失败，将在首次使用时自动下载${NC}"
+    else
+        echo -e "${GREEN}✅ 浏览器安装完成${NC}"
+    fi
+else
+    echo -e "${GREEN}✅ 浏览器安装完成${NC}"
+fi
+echo ""
+
+# 步骤 4: 构建项目
+echo -e "${YELLOW}[4/4] 构建项目...${NC}"
 if ! npm run build:dev; then
     echo -e "${RED}❌ 错误: 构建失败${NC}"
     echo "请检查 TypeScript 配置"

package/install-windows.bat

@@ -70,8 +70,26 @@ if %errorlevel% neq 0 (
 )
 echo.
 
-REM 步骤 3: 构建项目
-echo [3/3] 构建项目...
+REM 步骤 3: 安装浏览器
+echo [3/4] 安装 Playwright 浏览器...
+set PLAYWRIGHT_DOWNLOAD_HOST=https://npmmirror.com/mirrors/playwright
+call npx playwright install chromium
+if %errorlevel% neq 0 (
+    echo 淘宝镜像失败，尝试官方源...
+    set PLAYWRIGHT_DOWNLOAD_HOST=
+    call npx playwright install chromium
+    if !errorlevel! neq 0 (
+        echo ⚠️ 警告: 浏览器安装失败，将在首次使用时自动下载
+    ) else (
+        echo ✅ 浏览器安装完成
+    )
+) else (
+    echo ✅ 浏览器安装完成
+)
+echo.
+
+REM 步骤 4: 构建项目
+echo [4/4] 构建项目...
 call npm run build:dev
 if %errorlevel% neq 0 (
     echo ❌ 错误: 构建失败

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aggroot",
-  "version": "1.3.8",
+  "version": "1.3.9",
   "description": "AggRoot - AI Assistant (Node.js/TypeScript Version)",
   "keywords": [
     "ai",
@@ -34,6 +34,7 @@
   "files": [
     "dist/",
     "share/",
+    "scripts/",
     ".env.example",
     "install-windows.bat",
     "install-linux.sh",
@@ -70,7 +71,6 @@
     "@xenova/transformers": "^2.17.0",
     "ajv": "^8.18.0",
     "ajv-formats": "^3.0.1",
-    "better-sqlite3": "^12.8.0",
     "chalk": "^5.6.2",
     "chokidar": "^5.0.0",
     "cli-table3": "^0.6.5",
@@ -88,12 +88,11 @@
     "ora": "^8.1.0",
     "pino": "^9.5.0",
     "pino-pretty": "^11.2.0",
-    "playwright": "^1.59.1",
+    "playwright": "^1.60.0",
     "pptxgenjs": "^4.0.1",
     "react": "^19.2.4",
     "react-reconciler": "^0.31.0",
     "scheduler": "^0.27.0",
-    "sharp": "^0.34.5",
     "simple-git": "^3.26.0",
     "string-width": "^8.2.1",
     "tiktoken": "^1.0.22",
@@ -104,6 +103,10 @@
     "web-tree-sitter": "^0.26.8",
     "zod": "^3.25.76"
   },
+  "optionalDependencies": {
+    "better-sqlite3": "^12.8.0",
+    "sharp": "^0.34.5"
+  },
   "devDependencies": {
     "@eslint/js": "^9.13.0",
     "@types/ajv": "^0.0.5",

package/scripts/import-meta-shim.js

@@ -0,0 +1,3 @@
+// Shim for import.meta.url in CJS bundle
+// esbuild will inject this when using format: 'cjs'
+export const __dirname_url__ = require('url').pathToFileURL(__filename).href;

package/scripts/install-browsers.mjs

@@ -0,0 +1,132 @@
+#!/usr/bin/env node
+
+import { spawn } from "child_process";
+import { existsSync, readdirSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+
+const MIRRORS = [
+  { host: "https://npmmirror.com/mirrors/playwright", name: "淘宝镜像" },
+  { host: "", name: "官方源" },
+];
+
+// npm postinstall 会吞掉 stdout，用 stderr 输出状态让用户看到
+function status(msg) {
+  process.stderr.write(`\n[browsers] ${msg}\n`);
+}
+
+/**
+ * 获取当前 playwright 包需要的 chromium 版本号
+ * 从 playwright-core 的 registry 中读取
+ */
+function getRequiredChromiumVersion() {
+  try {
+    // 尝试从 playwright-core 的 registry 文件读取
+    const registryPaths = [
+      join(import.meta.url.replace('file:///', '').replace(/\/scripts\/.*/, ''), 'node_modules', 'playwright-core', 'browsers.json'),
+      join(process.cwd(), 'node_modules', 'playwright-core', 'browsers.json'),
+    ];
+
+    // 也检查全局安装路径
+    const globalPaths = [
+      join(homedir(), 'AppData', 'Roaming', 'npm', 'node_modules', 'aggroot', 'node_modules', 'playwright-core', 'browsers.json'),
+      join('/usr', 'local', 'lib', 'node_modules', 'aggroot', 'node_modules', 'playwright-core', 'browsers.json'),
+    ];
+
+    for (const p of [...registryPaths, ...globalPaths]) {
+      const filePath = p.startsWith('/') ? p : p.replace(/\//g, '\\');
+      if (existsSync(filePath)) {
+        const data = JSON.parse(readFileSync(filePath, 'utf-8'));
+        const chromium = data.browsers?.find(b => b.name === 'chromium');
+        if (chromium?.revision) return chromium.revision;
+      }
+    }
+  } catch { /* fallback to npx */ }
+  return null;
+}
+
+/**
+ * 检查 Playwright Chromium 浏览器是否已安装且版本匹配
+ */
+function isChromiumInstalled() {
+  const playwrightDir = process.platform === 'win32'
+    ? join(homedir(), 'AppData', 'Local', 'ms-playwright')
+    : join(homedir(), '.cache', 'ms-playwright');
+
+  if (!existsSync(playwrightDir)) return false;
+
+  // 查找已安装的 chromium 目录
+  const dirs = readdirSync(playwrightDir, { withFileTypes: true })
+    .filter(d => d.isDirectory() && d.name.startsWith('chromium-'))
+    .map(d => d.name);
+
+  if (dirs.length === 0) return false;
+
+  // 检查是否有可执行文件
+  const latestDir = dirs.sort().pop();
+  const exeName = process.platform === 'win32' ? 'chrome.exe' : 'chrome';
+  const possiblePaths = [
+    join(playwrightDir, latestDir, 'chrome-win64', exeName),
+    join(playwrightDir, latestDir, 'chrome-linux', exeName),
+    join(playwrightDir, latestDir, 'chrome-mac', 'Chromium.app', 'Contents', 'MacOS', 'Chromium'),
+  ];
+
+  return possiblePaths.some(p => existsSync(p));
+}
+
+function tryInstall(mirror) {
+  return new Promise((resolve) => {
+    const env = { ...process.env };
+    if (mirror.host) {
+      env.PLAYWRIGHT_DOWNLOAD_HOST = mirror.host;
+    } else {
+      delete env.PLAYWRIGHT_DOWNLOAD_HOST;
+    }
+
+    status(`正在下载 Playwright Chromium (${mirror.name})...`);
+
+    const child = spawn("npx", ["playwright", "install", "chromium"], {
+      stdio: "inherit",
+      shell: true,
+      env,
+    });
+
+    let timedOut = false;
+    const timer = setTimeout(() => {
+      timedOut = true;
+      child.kill();
+    }, 120000);
+
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      resolve(timedOut ? "timeout" : code);
+    });
+
+    child.on("error", () => {
+      clearTimeout(timer);
+      resolve("error");
+    });
+  });
+}
+
+(async () => {
+  // 先检查是否已安装
+  if (isChromiumInstalled()) {
+    status("Playwright Chromium 已安装，跳过下载。");
+    return;
+  }
+
+  status("Playwright Chromium 未安装，开始下载...");
+
+  for (const mirror of MIRRORS) {
+    const result = await tryInstall(mirror);
+    if (result === 0) {
+      status("浏览器安装完成。");
+      return;
+    }
+    if (mirror === MIRRORS[0]) {
+      status(`${mirror.name}下载失败，尝试${MIRRORS[1].name}...`);
+    }
+  }
+  status("浏览器安装失败，将在首次使用时自动下载。");
+})();

package/scripts/obfuscate.mjs

@@ -0,0 +1,185 @@
+#!/usr/bin/env node
+
+/**
+ * Bundle dist/ into a single file using esbuild.
+ *
+ * Strategy:
+ * 1. tsc compiles TS → JS (no source maps, no declarations)
+ * 2. esbuild bundles + minifies all JS into dist/index.cjs
+ *    - All variable names shortened
+ *    - All whitespace removed
+ *    - Dead code eliminated
+ *    - No directory structure visible
+ *    - No file names visible
+ *
+ * esbuild minification alone provides strong protection:
+ * - Variables become single-letter names (a, b, c...)
+ * - All comments and formatting stripped
+ * - Original module structure completely flattened
+ * - No source maps, no type declarations
+ */
+
+import * as esbuild from 'esbuild';
+import { readFileSync, writeFileSync, readdirSync, rmSync, statSync, copyFileSync, mkdirSync, existsSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+
+const DIST_DIR = join(process.cwd(), 'dist');
+const ENTRY = join(DIST_DIR, 'index.js');
+const BUNDLE_OUTPUT = join(DIST_DIR, 'index.bundled.js');
+
+// Step 1: Bundle with esbuild
+console.log('[bundle] Bundling with esbuild...');
+
+try {
+  const result = await esbuild.build({
+    entryPoints: [ENTRY],
+    bundle: true,
+    platform: 'node',
+    target: 'node20',
+    format: 'cjs',
+    outfile: BUNDLE_OUTPUT,
+    // Replace import.meta.url with CJS equivalent
+    define: {
+      'import.meta.url': '__dirname_url__',
+    },
+    // Inject __dirname_url__ variable
+    inject: [join(process.cwd(), 'scripts', 'import-meta-shim.js')],
+    external: [
+      'sharp',
+      'playwright',
+      '@xenova/transformers',
+      'tiktoken',
+      'yoga-layout',
+      // Heavy dependencies externalized for faster startup
+      'pino-pretty',
+      'docx',
+      'exceljs',
+      'mammoth',
+      'pptxgenjs',
+      'openai',
+      // bindings is only used by better-sqlite3's fallback path (when nativeBinding is not provided)
+      // We always provide nativeBinding, so bindings is never actually called at runtime
+      'bindings',
+    ],
+    minify: true,
+    legalComments: 'none',
+    treeShaking: true,
+    metafile: true,
+  });
+
+  if (result.metafile) {
+    console.log(`[bundle] Input: ${Object.keys(result.metafile.inputs).length} modules`);
+  }
+  const outputSize = statSync(BUNDLE_OUTPUT).size;
+  console.log(`[bundle] Output: ${(outputSize / 1024).toFixed(0)} KB`);
+} catch (error) {
+  console.error('[bundle] Failed:', error.message);
+  process.exit(1);
+}
+
+// Step 1.5: Copy WASM files to dist/ (esbuild cannot bundle binary .wasm files)
+const WASM_FILES = [
+  { src: 'web-tree-sitter/web-tree-sitter.wasm', dest: 'web-tree-sitter.wasm' },
+  { src: 'tree-sitter-cpp/tree-sitter-cpp.wasm', dest: 'tree-sitter-cpp.wasm' },
+  { src: 'tree-sitter-c/tree-sitter-c.wasm', dest: 'tree-sitter-c.wasm' },
+];
+
+for (const { src, dest } of WASM_FILES) {
+  const srcPath = join(process.cwd(), 'node_modules', src);
+  const destPath = join(DIST_DIR, dest);
+  if (existsSync(srcPath)) {
+    copyFileSync(srcPath, destPath);
+    console.log(`[bundle] Copied WASM: ${dest}`);
+  } else {
+    console.warn(`[bundle] WASM not found: ${src}`);
+  }
+}
+
+// Step 1.6: Copy pre-compiled native modules to dist/native/
+// This avoids requiring users to have C++ build tools installed
+const NATIVE_DIR = join(DIST_DIR, 'native');
+const NATIVE_MODULES = [
+  { src: 'better-sqlite3/build/Release/better_sqlite3.node', dest: 'better_sqlite3.node' },
+];
+
+if (!existsSync(NATIVE_DIR)) {
+  mkdirSync(NATIVE_DIR, { recursive: true });
+}
+
+for (const { src, dest } of NATIVE_MODULES) {
+  const srcPath = join(process.cwd(), 'node_modules', src);
+  const destPath = join(NATIVE_DIR, dest);
+  if (existsSync(srcPath)) {
+    copyFileSync(srcPath, destPath);
+    console.log(`[bundle] Copied native: ${dest}`);
+  } else {
+    console.warn(`[bundle] Native module not found: ${src} — users will need build tools`);
+  }
+}
+
+// Step 2: Remove original directory structure
+console.log('[bundle] Cleaning up original files...');
+
+const filesToKeep = new Set(['index.bundled.js', 'web-tree-sitter.wasm', 'tree-sitter-cpp.wasm', 'tree-sitter-c.wasm', 'cli.cjs']);
+const dirsToKeep = new Set(['native']);
+
+function cleanDir(dir) {
+  const entries = readdirSync(dir, { withFileTypes: true });
+  for (const entry of entries) {
+    const fullPath = join(dir, entry.name);
+    if (entry.isDirectory()) {
+      if (!dirsToKeep.has(entry.name)) {
+        rmSync(fullPath, { recursive: true, force: true });
+      }
+    } else if (!filesToKeep.has(entry.name)) {
+      rmSync(fullPath, { force: true });
+    }
+  }
+}
+cleanDir(DIST_DIR);
+
+// Step 3: Fix shebang and write final file
+// Remove shebang from bundle body (it gets displaced by processing)
+let bundleContent = readFileSync(BUNDLE_OUTPUT, 'utf-8');
+if (bundleContent.startsWith('#!')) {
+  bundleContent = bundleContent.substring(bundleContent.indexOf('\n') + 1);
+}
+
+const finalPath = join(DIST_DIR, 'index.cjs');
+writeFileSync(finalPath, '#!/usr/bin/env node\n' + bundleContent, 'utf-8');
+rmSync(BUNDLE_OUTPUT, { force: true });
+
+const finalSize = statSync(finalPath).size;
+console.log(`[bundle] Done: dist/index.cjs (${(finalSize / 1024).toFixed(0)} KB)`);
+console.log('[bundle] Complete — single minified file, no source exposure');
+
+// Step 4: Generate CLI wrapper that sets --max-old-space-size=4096
+// The shebang #!/usr/bin/env node cannot pass flags, so we need a wrapper
+// that re-spawns node with the larger heap limit when needed.
+// Use .cjs extension so Node treats it as CommonJS regardless of package.json "type"
+const cliWrapperPath = join(DIST_DIR, 'cli.cjs');
+const cliWrapperContent = `#!/usr/bin/env node
+// AggRoot CLI wrapper - ensures Node.js heap is large enough for long sessions.
+const v8 = require('node:v8');
+const path = require('node:path');
+const { spawn } = require('node:child_process');
+const heapLimitMB = Math.round(v8.getHeapStatistics().heap_size_limit / 1024 / 1024);
+
+if (heapLimitMB < 3500 && !process.env.AGGROOT_SPAWNED) {
+  // Re-spawn with larger heap, inheriting stdio for seamless UX
+  const child = spawn(process.execPath, [
+    '--max-old-space-size=4096',
+    '--no-warnings',
+    path.resolve(__dirname, 'index.cjs'),
+    ...process.argv.slice(2),
+  ], {
+    stdio: 'inherit',
+    env: { ...process.env, AGGROOT_SPAWNED: '1' },
+  });
+  child.on('exit', (code) => process.exit(code ?? 0));
+} else {
+  require('./index.cjs');
+}
+`;
+writeFileSync(cliWrapperPath, cliWrapperContent, 'utf-8');
+console.log(`[bundle] CLI wrapper: dist/cli.cjs`);

package/scripts/verify-no-source.mjs

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+
+/**
+ * Verify that dist/ contains no original source code after obfuscation.
+ *
+ * Checks that:
+ * 1. Only expected files exist in dist/
+ * 2. No .js files contain readable source patterns (comments, multi-line functions, etc.)
+ */
+
+import { readdirSync, readFileSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+
+const DIST_DIR = join(process.cwd(), 'dist');
+
+const ALLOWED_FILES = new Set([
+  'index.cjs',
+  'cli.cjs',
+  'web-tree-sitter.wasm',
+  'tree-sitter-cpp.wasm',
+  'tree-sitter-c.wasm',
+  'native/better_sqlite3.node',
+]);
+
+// Collect all files recursively
+function walkDir(dir) {
+  const files = [];
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    const fullPath = join(dir, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...walkDir(fullPath));
+    } else {
+      files.push(fullPath);
+    }
+  }
+  return files;
+}
+
+const allFiles = walkDir(DIST_DIR);
+const violations = [];
+
+// Check 1: No unexpected files or directories
+for (const file of allFiles) {
+  const relative = file.slice(DIST_DIR.length + 1).replace(/\\/g, '/');
+  if (!ALLOWED_FILES.has(relative)) {
+    violations.push(`Unexpected file in dist/: ${relative}`);
+  }
+}
+
+// Check 2: The bundled .cjs file should not contain readable source patterns
+const cjsPath = join(DIST_DIR, 'index.cjs');
+if (statSync(cjsPath, { throwIfNoEntry: false })) {
+  const content = readFileSync(cjsPath, 'utf-8');
+
+  // Real ESM import/export at the top level (line starts with import/export).
+  // Inside minified code these only appear within strings — never at the start of a line.
+  if (/^import\s/m.test(content) || /^export\s/m.test(content)) {
+    violations.push('index.cjs contains top-level ES module syntax (bundling may have failed)');
+  }
+
+  // A real sourceMappingURL directive starts at the beginning of a line (after optional whitespace)
+  if (/^\s*\/\/[#@]\s*sourceMappingURL/m.test(content)) {
+    violations.push('index.cjs contains source map reference');
+  }
+
+  // Original TypeScript source directories should not appear as-is in the bundle.
+  // esbuild minification flattens everything — seeing "src/" paths as module references means
+  // the original file structure leaked.
+  const srcPathRefs = content.match(/require\(["']\.\/src\//g) || [];
+  if (srcPathRefs.length > 0) {
+    violations.push(`index.cjs contains ${srcPathRefs.length} require("./src/...") reference(s) — original directory structure leaked`);
+  }
+}
+
+if (violations.length > 0) {
+  console.error('[verify] Source exposure detected:');
+  for (const v of violations) {
+    console.error(`  - ${v}`);
+  }
+  process.exit(1);
+}
+
+console.log('[verify] OK — no source exposure in dist/');