androdex 1.1.3

package/src/rollout-watch.js

@@ -0,0 +1,308 @@
+// FILE: rollout-watch.js
+// Purpose: Shared rollout-file lookup/watch helpers for CLI inspection and desktop refresh.
+// Layer: CLI helper
+// Exports: watchThreadRollout, createThreadRolloutActivityWatcher
+// Depends on: fs, os, path, ./session-state
+
+const fs = require("fs");
+const os = require("os");
+const path = require("path");
+const { readLastActiveThread } = require("./session-state");
+
+const DEFAULT_WATCH_INTERVAL_MS = 1_000;
+const DEFAULT_LOOKUP_TIMEOUT_MS = 5_000;
+const DEFAULT_IDLE_TIMEOUT_MS = 10_000;
+const DEFAULT_TRANSIENT_ERROR_RETRY_LIMIT = 2;
+
+// Polls one rollout file until it materializes and then reports size growth.
+function createThreadRolloutActivityWatcher({
+  threadId,
+  intervalMs = DEFAULT_WATCH_INTERVAL_MS,
+  lookupTimeoutMs = DEFAULT_LOOKUP_TIMEOUT_MS,
+  idleTimeoutMs = DEFAULT_IDLE_TIMEOUT_MS,
+  now = () => Date.now(),
+  fsModule = fs,
+  transientErrorRetryLimit = DEFAULT_TRANSIENT_ERROR_RETRY_LIMIT,
+  onEvent = () => {},
+  onIdle = () => {},
+  onTimeout = () => {},
+  onError = () => {},
+} = {}) {
+  const resolvedThreadId = resolveThreadId(threadId);
+  const sessionsRoot = resolveSessionsRoot();
+  const startedAt = now();
+
+  let isStopped = false;
+  let rolloutPath = null;
+  let lastSize = null;
+  let lastGrowthAt = startedAt;
+  let transientErrorCount = 0;
+
+  const tick = () => {
+    if (isStopped) {
+      return;
+    }
+
+    try {
+      const currentTime = now();
+
+      if (!rolloutPath) {
+        if (currentTime - startedAt >= lookupTimeoutMs) {
+          onTimeout({ threadId: resolvedThreadId });
+          stop();
+          return;
+        }
+
+        rolloutPath = findRolloutFileForThread(sessionsRoot, resolvedThreadId, { fsModule });
+        if (!rolloutPath) {
+          transientErrorCount = 0;
+          return;
+        }
+
+        lastSize = readFileSize(rolloutPath, fsModule);
+        lastGrowthAt = currentTime;
+        transientErrorCount = 0;
+        onEvent({
+          reason: "materialized",
+          threadId: resolvedThreadId,
+          rolloutPath,
+          size: lastSize,
+        });
+        return;
+      }
+
+      const nextSize = readFileSize(rolloutPath, fsModule);
+      transientErrorCount = 0;
+      if (nextSize > lastSize) {
+        lastSize = nextSize;
+        lastGrowthAt = currentTime;
+        onEvent({
+          reason: "growth",
+          threadId: resolvedThreadId,
+          rolloutPath,
+          size: nextSize,
+        });
+        return;
+      }
+
+      if (currentTime - lastGrowthAt >= idleTimeoutMs) {
+        onIdle({
+          threadId: resolvedThreadId,
+          rolloutPath,
+          size: lastSize,
+        });
+        stop();
+      }
+    } catch (error) {
+      if (isRetryableFilesystemError(error) && transientErrorCount < transientErrorRetryLimit) {
+        transientErrorCount += 1;
+        return;
+      }
+
+      onError(error);
+      stop();
+    }
+  };
+
+  const intervalId = setInterval(tick, intervalMs);
+  tick();
+
+  function stop() {
+    if (isStopped) {
+      return;
+    }
+
+    isStopped = true;
+    clearInterval(intervalId);
+  }
+
+  return {
+    stop,
+    get threadId() {
+      return resolvedThreadId;
+    },
+  };
+}
+
+function watchThreadRollout(threadId = "") {
+  const resolvedThreadId = resolveThreadId(threadId);
+  const sessionsRoot = resolveSessionsRoot();
+  const rolloutPath = findRolloutFileForThread(sessionsRoot, resolvedThreadId);
+
+  if (!rolloutPath) {
+    throw new Error(`No rollout file found for thread ${resolvedThreadId}.`);
+  }
+
+  let offset = fs.statSync(rolloutPath).size;
+  let partialLine = "";
+
+  console.log(`[androdex] Watching thread ${resolvedThreadId}`);
+  console.log(`[androdex] Rollout file: ${rolloutPath}`);
+  console.log("[androdex] Waiting for new persisted events... (Ctrl+C to stop)");
+
+  const onChange = (current, previous) => {
+    if (current.size <= previous.size) {
+      return;
+    }
+
+    const stream = fs.createReadStream(rolloutPath, {
+      start: offset,
+      end: current.size - 1,
+      encoding: "utf8",
+    });
+
+    let chunkBuffer = "";
+    stream.on("data", (chunk) => {
+      chunkBuffer += chunk;
+    });
+
+    stream.on("end", () => {
+      offset = current.size;
+      const combined = partialLine + chunkBuffer;
+      const lines = combined.split("\n");
+      partialLine = lines.pop() || "";
+
+      for (const line of lines) {
+        const formatted = formatRolloutLine(line);
+        if (formatted) {
+          console.log(formatted);
+        }
+      }
+    });
+  };
+
+  fs.watchFile(rolloutPath, { interval: 700 }, onChange);
+
+  const cleanup = () => {
+    fs.unwatchFile(rolloutPath, onChange);
+    process.exit(0);
+  };
+
+  process.on("SIGINT", cleanup);
+  process.on("SIGTERM", cleanup);
+}
+
+function resolveThreadId(threadId) {
+  if (threadId && typeof threadId === "string") {
+    return threadId;
+  }
+
+  const last = readLastActiveThread();
+  if (last?.threadId) {
+    return last.threadId;
+  }
+
+  throw new Error("No thread id provided and no remembered Androdex thread found.");
+}
+
+function resolveSessionsRoot() {
+  const codexHome = process.env.CODEX_HOME || path.join(os.homedir(), ".codex");
+  return path.join(codexHome, "sessions");
+}
+
+function findRolloutFileForThread(root, threadId, { fsModule = fs } = {}) {
+  if (!fsModule.existsSync(root)) {
+    return null;
+  }
+
+  const stack = [root];
+
+  while (stack.length > 0) {
+    const current = stack.pop();
+    const entries = fsModule.readdirSync(current, { withFileTypes: true });
+
+    for (const entry of entries) {
+      const fullPath = path.join(current, entry.name);
+      if (entry.isDirectory()) {
+        stack.push(fullPath);
+        continue;
+      }
+
+      if (!entry.isFile()) {
+        continue;
+      }
+
+      if (entry.name.includes(threadId) && entry.name.startsWith("rollout-") && entry.name.endsWith(".jsonl")) {
+        return fullPath;
+      }
+    }
+  }
+
+  return null;
+}
+
+function formatRolloutLine(rawLine) {
+  const trimmed = rawLine.trim();
+  if (!trimmed) {
+    return null;
+  }
+
+  let parsed = null;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch {
+    return null;
+  }
+
+  const timestamp = formatTimestamp(parsed.timestamp);
+  const payload = parsed.payload || {};
+
+  if (parsed.type === "event_msg") {
+    const eventType = payload.type;
+    if (eventType === "user_message") {
+      return `${timestamp} Phone: ${previewText(payload.message)}`;
+    }
+    if (eventType === "agent_message") {
+      return `${timestamp} Codex: ${previewText(payload.message)}`;
+    }
+    if (eventType === "task_started") {
+      return `${timestamp} Task started`;
+    }
+    if (eventType === "task_complete") {
+      return `${timestamp} Task complete`;
+    }
+  }
+
+  return null;
+}
+
+function formatTimestamp(value) {
+  if (!value || typeof value !== "string") {
+    return "[time?]";
+  }
+
+  const date = new Date(value);
+  if (Number.isNaN(date.getTime())) {
+    return "[time?]";
+  }
+
+  return `[${date.toLocaleTimeString("en-GB", { hour: "2-digit", minute: "2-digit", second: "2-digit" })}]`;
+}
+
+function previewText(value) {
+  if (typeof value !== "string") {
+    return "";
+  }
+
+  const normalized = value.replace(/\s+/g, " ").trim();
+  if (normalized.length <= 120) {
+    return normalized;
+  }
+
+  return `${normalized.slice(0, 117)}...`;
+}
+
+function readFileSize(filePath, fsModule = fs) {
+  return fsModule.statSync(filePath).size;
+}
+
+function isRetryableFilesystemError(error) {
+  return ["ENOENT", "EACCES", "EPERM", "EBUSY"].includes(error?.code);
+}
+
+module.exports = {
+  watchThreadRollout,
+  createThreadRolloutActivityWatcher,
+  resolveSessionsRoot,
+  findRolloutFileForThread,
+};

package/src/scripts/codex-refresh.applescript

@@ -0,0 +1,51 @@
+-- FILE: codex-refresh.applescript
+-- Purpose: Forces a non-destructive route bounce inside Codex so the target thread remounts without killing runs.
+-- Layer: UI automation helper
+-- Args: bundle id, app path fallback, optional target deep link
+
+on run argv
+  set bundleId to item 1 of argv
+  set appPath to item 2 of argv
+  set targetUrl to ""
+  set bounceUrl to "codex://settings"
+
+  if (count of argv) is greater than or equal to 3 then
+    set targetUrl to item 3 of argv
+  end if
+
+  try
+    tell application "Finder" to activate
+  end try
+
+  delay 0.12
+
+  my openCodexUrl(bundleId, appPath, bounceUrl)
+  delay 0.18
+
+  if targetUrl is not "" then
+    my openCodexUrl(bundleId, appPath, targetUrl)
+  else
+    my openCodexUrl(bundleId, appPath, "")
+  end if
+
+  delay 0.18
+  try
+    tell application id bundleId to activate
+  end try
+end run
+
+on openCodexUrl(bundleId, appPath, targetUrl)
+  try
+    if targetUrl is not "" then
+      do shell script "open -b " & quoted form of bundleId & " " & quoted form of targetUrl
+    else
+      do shell script "open -b " & quoted form of bundleId
+    end if
+  on error
+    if targetUrl is not "" then
+      do shell script "open -a " & quoted form of appPath & " " & quoted form of targetUrl
+    else
+      do shell script "open -a " & quoted form of appPath
+    end if
+  end try
+end openCodexUrl

package/src/secure-device-state.js

@@ -0,0 +1,257 @@
+// FILE: secure-device-state.js
+// Purpose: Persists the bridge device identity and trusted phone registry for E2EE pairing.
+// Layer: CLI helper
+// Exports: loadOrCreateBridgeDeviceState, resetBridgeDeviceState, rememberTrustedPhone, getTrustedPhonePublicKey
+// Depends on: fs, os, path, crypto, child_process
+
+const fs = require("fs");
+const os = require("os");
+const path = require("path");
+const { randomUUID, generateKeyPairSync } = require("crypto");
+const { execFileSync } = require("child_process");
+
+const STORE_DIR = path.join(os.homedir(), ".androdex");
+const STORE_FILE = path.join(STORE_DIR, "device-state.json");
+const KEYCHAIN_SERVICE = "io.androdex.bridge.device-state";
+const KEYCHAIN_ACCOUNT = "default";
+
+function loadOrCreateBridgeDeviceState() {
+  const existingState = readBridgeDeviceState();
+  if (existingState) {
+    if (!existingState.hostId || existingState.version < 2) {
+      writeBridgeDeviceState(existingState);
+    }
+    return existingState;
+  }
+
+  const nextState = createBridgeDeviceState();
+  writeBridgeDeviceState(nextState);
+  return nextState;
+}
+
+function resetBridgeDeviceState() {
+  const removedFileState = deleteStoredDeviceStateString();
+  const removedKeychainState = deleteKeychainStateString();
+  return {
+    hadState: removedFileState || removedKeychainState,
+    removedFileState,
+    removedKeychainState,
+  };
+}
+
+function rememberTrustedPhone(state, phoneDeviceId, phoneIdentityPublicKey) {
+  const normalizedDeviceId = normalizeNonEmptyString(phoneDeviceId);
+  const normalizedPublicKey = normalizeNonEmptyString(phoneIdentityPublicKey);
+  if (!normalizedDeviceId || !normalizedPublicKey) {
+    return state;
+  }
+
+  // Androdex supports one trusted mobile client per bridge state, so a new trust record replaces old ones.
+  const nextState = {
+    ...state,
+    trustedPhones: {
+      [normalizedDeviceId]: normalizedPublicKey,
+    },
+  };
+  writeBridgeDeviceState(nextState);
+  return nextState;
+}
+
+function getTrustedPhonePublicKey(state, phoneDeviceId) {
+  const normalizedDeviceId = normalizeNonEmptyString(phoneDeviceId);
+  if (!normalizedDeviceId) {
+    return null;
+  }
+  return state.trustedPhones?.[normalizedDeviceId] || null;
+}
+
+function createBridgeDeviceState() {
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519");
+  const privateJwk = privateKey.export({ format: "jwk" });
+  const publicJwk = publicKey.export({ format: "jwk" });
+
+  return {
+    version: 2,
+    hostId: randomUUID(),
+    macDeviceId: randomUUID(),
+    macIdentityPublicKey: base64UrlToBase64(publicJwk.x),
+    macIdentityPrivateKey: base64UrlToBase64(privateJwk.d),
+    trustedPhones: {},
+  };
+}
+
+function readBridgeDeviceState() {
+  const rawState = readStoredDeviceStateString();
+  if (!rawState) {
+    return null;
+  }
+
+  try {
+    return normalizeBridgeDeviceState(JSON.parse(rawState));
+  } catch {
+    return null;
+  }
+}
+
+function writeBridgeDeviceState(state) {
+  const serialized = JSON.stringify(state, null, 2);
+  if (process.platform === "darwin" && writeKeychainStateString(serialized)) {
+    return;
+  }
+
+  fs.mkdirSync(STORE_DIR, { recursive: true });
+  fs.writeFileSync(STORE_FILE, serialized, { mode: 0o600 });
+  try {
+    fs.chmodSync(STORE_FILE, 0o600);
+  } catch {
+    // Best-effort only on filesystems that support POSIX modes.
+  }
+}
+
+function readStoredDeviceStateString() {
+  if (process.platform === "darwin") {
+    const keychainValue = readKeychainStateString();
+    if (keychainValue) {
+      return keychainValue;
+    }
+  }
+
+  if (!fs.existsSync(STORE_FILE)) {
+    return null;
+  }
+
+  try {
+    return fs.readFileSync(STORE_FILE, "utf8");
+  } catch {
+    return null;
+  }
+}
+
+function readKeychainStateString() {
+  try {
+    return execFileSync(
+      "security",
+      [
+        "find-generic-password",
+        "-s",
+        KEYCHAIN_SERVICE,
+        "-a",
+        KEYCHAIN_ACCOUNT,
+        "-w",
+      ],
+      { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"] }
+    ).trim();
+  } catch {
+    return null;
+  }
+}
+
+function writeKeychainStateString(value) {
+  try {
+    execFileSync(
+      "security",
+      [
+        "add-generic-password",
+        "-U",
+        "-s",
+        KEYCHAIN_SERVICE,
+        "-a",
+        KEYCHAIN_ACCOUNT,
+        "-w",
+        value,
+      ],
+      { stdio: ["ignore", "ignore", "ignore"] }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function deleteStoredDeviceStateString() {
+  const existed = fs.existsSync(STORE_FILE);
+  try {
+    fs.rmSync(STORE_FILE, { force: true });
+    return existed;
+  } catch {
+    return false;
+  }
+}
+
+function deleteKeychainStateString() {
+  if (process.platform !== "darwin") {
+    return false;
+  }
+
+  try {
+    execFileSync(
+      "security",
+      [
+        "delete-generic-password",
+        "-s",
+        KEYCHAIN_SERVICE,
+        "-a",
+        KEYCHAIN_ACCOUNT,
+      ],
+      { stdio: ["ignore", "ignore", "ignore"] }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function normalizeBridgeDeviceState(rawState) {
+  const hostId = normalizeNonEmptyString(rawState?.hostId) || randomUUID();
+  const macDeviceId = normalizeNonEmptyString(rawState?.macDeviceId);
+  const macIdentityPublicKey = normalizeNonEmptyString(rawState?.macIdentityPublicKey);
+  const macIdentityPrivateKey = normalizeNonEmptyString(rawState?.macIdentityPrivateKey);
+
+  if (!macDeviceId || !macIdentityPublicKey || !macIdentityPrivateKey) {
+    throw new Error("Bridge device state is incomplete");
+  }
+
+  const trustedPhones = {};
+  if (rawState?.trustedPhones && typeof rawState.trustedPhones === "object") {
+    for (const [deviceId, publicKey] of Object.entries(rawState.trustedPhones)) {
+      const normalizedDeviceId = normalizeNonEmptyString(deviceId);
+      const normalizedPublicKey = normalizeNonEmptyString(publicKey);
+      if (!normalizedDeviceId || !normalizedPublicKey) {
+        continue;
+      }
+      trustedPhones[normalizedDeviceId] = normalizedPublicKey;
+    }
+  }
+
+  return {
+    version: 2,
+    hostId,
+    macDeviceId,
+    macIdentityPublicKey,
+    macIdentityPrivateKey,
+    trustedPhones,
+  };
+}
+
+function normalizeNonEmptyString(value) {
+  if (typeof value !== "string") {
+    return "";
+  }
+  return value.trim();
+}
+
+function base64UrlToBase64(value) {
+  if (typeof value !== "string" || value.length === 0) {
+    return "";
+  }
+
+  const padded = `${value}${"=".repeat((4 - (value.length % 4 || 4)) % 4)}`;
+  return padded.replace(/-/g, "+").replace(/_/g, "/");
+}
+
+module.exports = {
+  getTrustedPhonePublicKey,
+  loadOrCreateBridgeDeviceState,
+  rememberTrustedPhone,
+  resetBridgeDeviceState,
+};