arisa 2.3.55 → 3.0.0

package/src/shared/ai-cli.ts

@@ -1,165 +0,0 @@
-/**
- * @module shared/ai-cli
- * @role Resolve agent CLI binaries and execute them via Bun runtime.
- *       When running as root, wraps calls with su arisa to satisfy
- *       Claude CLI's non-root requirement.
- */
-
-import { existsSync, openSync, readSync, closeSync } from "fs";
-import { delimiter, dirname, join } from "path";
-
-export type AgentCliName = "claude" | "codex";
-
-const ARISA_HOME = "/home/arisa";
-// Use root's bun — arisa user has traverse+read access via chmod o+x /root, o+rX /root/.bun
-const ROOT_BUN_INSTALL = process.env.BUN_INSTALL || "/root/.bun";
-const ROOT_BUN_BIN = `${ROOT_BUN_INSTALL}/bin`;
-const ARISA_BUN_ENV = `export HOME=${ARISA_HOME} && export BUN_INSTALL=${ROOT_BUN_INSTALL} && export PATH=${ROOT_BUN_BIN}:$PATH`;
-
-export function isRunningAsRoot(): boolean {
-  return process.getuid?.() === 0;
-}
-
-function shellEscape(arg: string): string {
-  return "'" + arg.replace(/'/g, "'\\''") + "'";
-}
-
-function unique(paths: Array<string | null | undefined>): string[] {
-  const seen = new Set<string>();
-  const out: string[] = [];
-  for (const p of paths) {
-    if (!p) continue;
-    if (seen.has(p)) continue;
-    seen.add(p);
-    out.push(p);
-  }
-  return out;
-}
-
-function cliOverrideEnvVar(cli: AgentCliName): string | undefined {
-  return cli === "codex" ? process.env.ARISA_CODEX_BIN : process.env.ARISA_CLAUDE_BIN;
-}
-
-function candidatePaths(cli: AgentCliName): string[] {
-  const arisaBunBin = `${ARISA_HOME}/.bun/bin`;
-
-  if (isRunningAsRoot()) {
-    return unique([
-      cliOverrideEnvVar(cli),
-      join(ROOT_BUN_BIN, cli),
-      join(arisaBunBin, cli),
-    ]);
-  }
-
-  const bunInstall = process.env.BUN_INSTALL?.trim();
-  const bunDir = dirname(process.execPath);
-  const fromPath = Bun.which(cli);
-  const fromEnvPath = (process.env.PATH || "")
-    .split(delimiter)
-    .map((entry) => entry.trim())
-    .filter(Boolean)
-    .map((entry) => join(entry, cli));
-
-  return unique([
-    cliOverrideEnvVar(cli),
-    bunInstall ? join(bunInstall, "bin", cli) : null,
-    join(arisaBunBin, cli),
-    join(bunDir, cli),
-    fromPath,
-    ...fromEnvPath,
-  ]);
-}
-
-export function resolveAgentCliPath(cli: AgentCliName): string | null {
-  for (const candidate of candidatePaths(cli)) {
-    if (existsSync(candidate)) return candidate;
-  }
-  return null;
-}
-
-export function isAgentCliInstalled(cli: AgentCliName): boolean {
-  return resolveAgentCliPath(cli) !== null;
-}
-
-const INK_SHIM = join(dirname(new URL(import.meta.url).pathname), "ink-shim.js");
-
-// Env vars that must survive the su - login shell reset.
-// CLAUDE_CODE_OAUTH_TOKEN is a long-lived (1 year) token from `claude setup-token`
-// — the headless auth method. It must be passed through to the CLI.
-const PASSTHROUGH_VARS = [
-  "CLAUDE_CODE_OAUTH_TOKEN",
-  "ANTHROPIC_API_KEY",
-  "OPENAI_API_KEY",
-];
-
-function buildEnvExports(): string {
-  const exports: string[] = [];
-  for (const key of PASSTHROUGH_VARS) {
-    const val = process.env[key];
-    if (val) exports.push(`export ${key}=${shellEscape(val)}`);
-  }
-  return exports.length > 0 ? exports.join(" && ") + " && " : "";
-}
-
-export interface AgentCliOptions {
-  /** Skip the ink-shim preload (useful for interactive login flows). Default: false */
-  skipPreload?: boolean;
-}
-
-/** Env vars to suppress Ink/TTY in non-interactive CLI spawns. Merge into Bun.spawn env. */
-export const CLI_SPAWN_ENV: Record<string, string> = { CI: "true", TERM: "dumb" };
-
-/**
- * Detect native executables (Mach-O, ELF) by reading magic bytes.
- * Claude Code CLI v2+ ships as a native binary, not a JS script.
- */
-function isNativeBinary(filePath: string): boolean {
-  try {
-    const fd = openSync(filePath, "r");
-    const buf = Buffer.alloc(4);
-    readSync(fd, buf, 0, 4, 0);
-    closeSync(fd);
-    const magic = buf.readUInt32BE(0);
-    return (
-      magic === 0xCFFAEDFE || // Mach-O 64-bit LE (macOS arm64/x86_64)
-      magic === 0xCEFAEDFE || // Mach-O 32-bit LE
-      magic === 0xFEEDFACF || // Mach-O 64-bit BE
-      magic === 0xFEEDFACE || // Mach-O 32-bit BE
-      magic === 0xCAFEBABE || // Mach-O Universal
-      magic === 0x7F454C46    // ELF (Linux)
-    );
-  } catch {
-    return false;
-  }
-}
-
-export function buildBunWrappedAgentCliCommand(cli: AgentCliName, args: string[], options?: AgentCliOptions): string[] {
-  const cliPath = isRunningAsRoot()
-    ? (resolveAgentCliPath(cli) || join(ROOT_BUN_BIN, cli))
-    : resolveAgentCliPath(cli);
-
-  if (!cliPath) {
-    throw new Error(`${cli} CLI not found`);
-  }
-
-  // Native binaries (Mach-O, ELF) must be executed directly — bun can't parse them as JS
-  const native = isNativeBinary(cliPath);
-
-  if (isRunningAsRoot()) {
-    // Run as arisa user — Claude CLI refuses to run as root.
-    const ciEnv = options?.skipPreload ? "" : "export CI=true && export TERM=dumb && ";
-    const inner = native
-      ? [cliPath, ...args].map(shellEscape).join(" ")
-      : ["bun", "--bun", ...(!options?.skipPreload ? ["--preload", INK_SHIM] : []), cliPath, ...args].map(shellEscape).join(" ");
-    // su without "-" preserves parent env (tokens, keys); explicit HOME/PATH for arisa
-    return ["su", "arisa", "-s", "/bin/bash", "-c", `${ARISA_BUN_ENV} && ${ciEnv}${buildEnvExports()}${inner}`];
-  }
-
-  if (native) {
-    return [cliPath, ...args];
-  }
-
-  // JS/Node scripts: wrap with bun for performance + optional ink-shim preload
-  const preloadArgs = !options?.skipPreload ? ["--preload", INK_SHIM] : [];
-  return ["bun", "--bun", ...preloadArgs, cliPath, ...args];
-}

package/src/shared/config.ts

@@ -1,137 +0,0 @@
-/**
- * @module shared/config
- * @role Centralized configuration from encrypted secrets + env vars fallback
- * @responsibilities
- *   - Load API keys from encrypted secrets DB (with .env fallback)
- *   - Define ports, paths, timeouts
- * @dependencies secrets.ts
- * @effects Reads encrypted secrets on first access
- */
-
-import { existsSync, readFileSync } from "fs";
-import { join } from "path";
-import { secrets } from "./secrets";
-import { dataDir, legacyDataDir, preferredDataDir, projectDir } from "./paths";
-
-const ENV_PATH_CANDIDATES = Array.from(new Set([
-  join(dataDir, ".env"),
-  join(preferredDataDir, ".env"),
-  join(legacyDataDir, ".env"),
-]));
-
-function loadEnvFile(): Record<string, string> {
-  for (const envPath of ENV_PATH_CANDIDATES) {
-    if (!existsSync(envPath)) continue;
-
-    const content = readFileSync(envPath, "utf8");
-    const vars: Record<string, string> = {};
-    for (const line of content.split("\n")) {
-      const match = line.match(/^([A-Z_][A-Z0-9_]*)=(.+)$/);
-      if (match) {
-        vars[match[1]] = match[2].trim();
-      }
-    }
-    return vars;
-  }
-
-  return {};
-}
-
-const envFile = loadEnvFile();
-
-// Inject .env vars into process.env so child processes inherit them
-for (const [key, value] of Object.entries(envFile)) {
-  if (!process.env[key]) process.env[key] = value;
-}
-
-function env(key: string): string | undefined {
-  return process.env[key] || envFile[key];
-}
-
-/**
- * Lazy-loaded API keys from encrypted secrets with fallback to .env
- */
-class SecureConfig {
-  private _telegramBotToken?: string;
-  private _openaiApiKey?: string;
-  private _elevenlabsApiKey?: string;
-  private _initialized = false;
-
-  async initialize(): Promise<void> {
-    if (this._initialized) return;
-
-    // Load all secrets in parallel
-    const [telegram, openai, elevenlabs] = await Promise.all([
-      secrets.telegram(),
-      secrets.openai(),
-      secrets.elevenlabs(),
-    ]);
-
-    this._telegramBotToken = telegram || env("TELEGRAM_BOT_TOKEN") || "";
-    this._openaiApiKey = openai || env("OPENAI_API_KEY") || "";
-    this._elevenlabsApiKey = elevenlabs || env("ELEVENLABS_API_KEY") || "";
-    this._initialized = true;
-  }
-
-  async getTelegramBotToken(): Promise<string> {
-    await this.initialize();
-    return this._telegramBotToken!;
-  }
-
-  async getOpenaiApiKey(): Promise<string> {
-    await this.initialize();
-    return this._openaiApiKey!;
-  }
-
-  async getElevenlabsApiKey(): Promise<string> {
-    await this.initialize();
-    return this._elevenlabsApiKey!;
-  }
-
-  // Synchronous getters for backwards compatibility (will use cached values)
-  get telegramBotToken(): string {
-    return this._telegramBotToken || "";
-  }
-
-  get openaiApiKey(): string {
-    return this._openaiApiKey || "";
-  }
-
-  get elevenlabsApiKey(): string {
-    return this._elevenlabsApiKey || "";
-  }
-}
-
-const secureConfig = new SecureConfig();
-
-export const config = {
-  projectDir,
-  arisaDir: dataDir,
-  // Backward-compatible alias for existing modules.
-  tinyclawDir: dataDir,
-
-  corePort: 51777,
-  daemonPort: 51778,
-  coreSocket: join(dataDir, "core.sock"),
-  daemonSocket: join(dataDir, "daemon.sock"),
-
-  // API keys - use async getters for first load
-  get telegramBotToken() { return secureConfig.telegramBotToken; },
-  get openaiApiKey() { return secureConfig.openaiApiKey; },
-  get elevenlabsApiKey() { return secureConfig.elevenlabsApiKey; },
-
-  elevenlabsVoiceId: "BpjGufoPiobT79j2vtj4",
-
-  logsDir: join(dataDir, "logs"),
-  tasksFile: join(dataDir, "scheduler", "tasks.json"),
-  resetFlagPath: join(dataDir, "reset_flag"),
-  voiceTempDir: join(dataDir, "voice_temp"),
-  attachmentsDir: join(dataDir, "attachments"),
-  attachmentMaxAgeDays: 30,
-
-  claudeTimeout: 120_000,
-  maxResponseLength: 4000,
-
-  // Async API key loaders
-  secrets: secureConfig,
-} as const;

package/src/shared/db.ts

@@ -1,304 +0,0 @@
-/**
- * @module shared/db
- * @role Unified persistence layer using deepbase
- * @responsibilities
- *   - Persist scheduled tasks, authorized users, onboarded users, queue messages
- *   - Provide type-safe operations with JSON storage
- *   - Auto-connect on first operation
- * @dependencies deepbase, shared/types, shared/config
- * @effects Disk I/O (runtime db directory)
- */
-
-import DeepBase from "deepbase";
-import { config } from "./config";
-import type { ScheduledTask, AttachmentRecord, MessageRecord } from "./types";
-import { DeepbaseSecure } from "./deepbase-secure";
-import { existsSync, readFileSync, writeFileSync, mkdirSync, copyFileSync } from "fs";
-import { randomBytes } from "crypto";
-import { dirname } from "path";
-
-const DB_PATH = `${config.arisaDir}/db`;
-const ARISA_DB_FILE = `${DB_PATH}/arisa.json`;
-const LEGACY_DB_FILE = `${DB_PATH}/tinyclaw.json`;
-
-function readDbJson(path: string): Record<string, any> {
-  try {
-    if (!existsSync(path)) return {};
-    const raw = readFileSync(path, "utf8").trim();
-    if (!raw) return {};
-    const parsed = JSON.parse(raw);
-    return parsed && typeof parsed === "object" ? parsed : {};
-  } catch {
-    return {};
-  }
-}
-
-function mergeLegacyIntoArisa(): void {
-  if (!existsSync(LEGACY_DB_FILE)) return;
-
-  // If arisa DB doesn't exist yet, seed it from legacy and keep legacy file as backup/history.
-  if (!existsSync(ARISA_DB_FILE)) {
-    try {
-      mkdirSync(DB_PATH, { recursive: true });
-      copyFileSync(LEGACY_DB_FILE, ARISA_DB_FILE);
-    } catch {
-      // Best-effort migration; if copy fails, app can still run on a fresh arisa DB.
-    }
-    return;
-  }
-
-  const arisa = readDbJson(ARISA_DB_FILE);
-  const legacy = readDbJson(LEGACY_DB_FILE);
-  let changed = false;
-
-  for (const [collection, legacyCollection] of Object.entries(legacy)) {
-    if (!legacyCollection || typeof legacyCollection !== "object") continue;
-
-    const arisaCollection = arisa[collection];
-    if (!arisaCollection || typeof arisaCollection !== "object") {
-      arisa[collection] = legacyCollection;
-      changed = true;
-      continue;
-    }
-
-    for (const [key, value] of Object.entries(legacyCollection as Record<string, any>)) {
-      if (!(key in arisaCollection)) {
-        arisaCollection[key] = value;
-        changed = true;
-      }
-    }
-  }
-
-  if (changed) {
-    try {
-      writeFileSync(ARISA_DB_FILE, JSON.stringify(arisa, null, 4));
-    } catch {
-      // Ignore write failures; runtime will continue with current DB state.
-    }
-  }
-}
-
-// Ensure legacy data is available in arisa DB before DeepBase picks a file.
-mergeLegacyIntoArisa();
-
-// Initialize deepbase with the storage directory
-const db = new DeepBase({
-  path: DB_PATH,
-  name: "arisa",
-});
-
-// Initialize encrypted secrets database
-function getOrCreateEncryptionKey(): string {
-  const keyPath = `${config.arisaDir}/.encryption_key`;
-  const keyDir = dirname(keyPath);
-
-  if (!existsSync(keyDir)) {
-    mkdirSync(keyDir, { recursive: true });
-  }
-
-  if (existsSync(keyPath)) {
-    return readFileSync(keyPath, 'utf-8').trim();
-  }
-
-  const key = randomBytes(32).toString('hex');
-  writeFileSync(keyPath, key, { mode: 0o600 });
-  return key;
-}
-
-const secretsDb = new DeepbaseSecure({
-  path: DB_PATH,
-  name: "secrets",
-  encryptionKey: getOrCreateEncryptionKey(),
-});
-
-/**
- * Helper functions for common operations
- */
-
-// Tasks
-export async function getTasks(): Promise<ScheduledTask[]> {
-  const tasks = await db.values("tasks");
-  return tasks || [];
-}
-
-export async function getTask(id: string): Promise<ScheduledTask | null> {
-  return await db.get("tasks", id);
-}
-
-export async function addTask(task: ScheduledTask): Promise<void> {
-  await db.set("tasks", task.id, task);
-}
-
-export async function updateTask(id: string, updates: Partial<ScheduledTask>): Promise<void> {
-  const existing = await db.get("tasks", id);
-  if (existing) {
-    await db.set("tasks", id, { ...existing, ...updates });
-  }
-}
-
-export async function deleteTask(id: string): Promise<void> {
-  await db.del("tasks", id);
-}
-
-export async function deleteTasks(filter: Partial<ScheduledTask>): Promise<number> {
-  const tasks = await getTasks();
-  let deleted = 0;
-
-  for (const task of tasks) {
-    const matches = Object.entries(filter).every(([key, value]) => {
-      return task[key as keyof ScheduledTask] === value;
-    });
-
-    if (matches) {
-      await db.del("tasks", task.id);
-      deleted++;
-    }
-  }
-
-  return deleted;
-}
-
-// Authorized users
-export async function isAuthorized(userId: string): Promise<boolean> {
-  const user = await db.get("authorized", userId);
-  return user !== null && user !== undefined;
-}
-
-export async function addAuthorized(userId: string): Promise<void> {
-  await db.set("authorized", userId, { userId });
-}
-
-export async function getAuthorizedUsers(): Promise<string[]> {
-  const users = await db.keys("authorized");
-  return users || [];
-}
-
-// Onboarded users
-export async function isOnboarded(userId: string): Promise<boolean> {
-  const user = await db.get("onboarded", userId);
-  return user !== null && user !== undefined;
-}
-
-export async function addOnboarded(userId: string): Promise<void> {
-  await db.set("onboarded", userId, { userId });
-}
-
-export async function getOnboardedUsers(): Promise<string[]> {
-  const users = await db.keys("onboarded");
-  return users || [];
-}
-
-// Queue operations
-export async function enqueueMessage(message: {
-  id: string;
-  chatId: string | number;
-  text: string;
-  type: "heartbeat" | "message";
-}): Promise<void> {
-  await db.set("queue", message.id, {
-    ...message,
-    timestamp: Date.now(),
-  });
-}
-
-export async function dequeueMessages(limit?: number): Promise<any[]> {
-  const messages = await db.values("queue");
-  if (!messages || messages.length === 0) return [];
-
-  const sorted = messages.sort((a: any, b: any) => a.timestamp - b.timestamp);
-  const batch = limit ? sorted.slice(0, limit) : sorted;
-
-  // Delete the dequeued messages
-  for (const msg of batch) {
-    await db.del("queue", msg.id);
-  }
-
-  return batch;
-}
-
-export async function getQueueSize(): Promise<number> {
-  const messages = await db.keys("queue");
-  return messages ? messages.length : 0;
-}
-
-export async function clearQueue(): Promise<void> {
-  const keys = await db.keys("queue");
-  if (keys) {
-    for (const key of keys) {
-      await db.del("queue", key);
-    }
-  }
-}
-
-// Settings (auth token, etc.)
-export async function getSetting(key: string): Promise<string | null> {
-  const val = await db.get("settings", key);
-  return val?.value ?? null;
-}
-
-export async function setSetting(key: string, value: string): Promise<void> {
-  await db.set("settings", key, { value });
-}
-
-// Attachments
-export async function addAttachment(record: AttachmentRecord): Promise<void> {
-  await db.set("attachments", record.id, record);
-}
-
-export async function getAttachments(chatId?: string): Promise<AttachmentRecord[]> {
-  const all = (await db.values("attachments")) || [];
-  if (!chatId) return all;
-  return all.filter((a: AttachmentRecord) => a.chatId === chatId);
-}
-
-export async function getAttachment(id: string): Promise<AttachmentRecord | null> {
-  return await db.get("attachments", id);
-}
-
-export async function deleteAttachment(id: string): Promise<void> {
-  await db.del("attachments", id);
-}
-
-export async function getExpiredAttachments(maxAgeDays: number): Promise<AttachmentRecord[]> {
-  const all = (await db.values("attachments")) || [];
-  const cutoff = Date.now() - maxAgeDays * 24 * 60 * 60 * 1000;
-  return all.filter((a: AttachmentRecord) => a.createdAt < cutoff);
-}
-
-// Messages (ledger)
-export async function saveMessageRecord(record: MessageRecord): Promise<void> {
-  await db.set("messages", record.id, record);
-}
-
-export async function getMessageRecord(chatId: string, messageId: number): Promise<MessageRecord | null> {
-  return await db.get("messages", `${chatId}_${messageId}`);
-}
-
-export async function cleanupOldMessages(maxAgeDays: number): Promise<number> {
-  const all = (await db.values("messages")) || [];
-  const cutoff = Date.now() - maxAgeDays * 24 * 60 * 60 * 1000;
-  let deleted = 0;
-  for (const record of all) {
-    if ((record as MessageRecord).timestamp < cutoff) {
-      await db.del("messages", (record as MessageRecord).id);
-      deleted++;
-    }
-  }
-  return deleted;
-}
-
-// Secrets (API keys stored encrypted)
-export async function getSecret(key: string): Promise<string | null> {
-  const val = await secretsDb.get("secrets", key);
-  return val?.value ?? null;
-}
-
-export async function setSecret(key: string, value: string): Promise<void> {
-  await secretsDb.set("secrets", key, { value });
-}
-
-export async function deleteSecret(key: string): Promise<void> {
-  await secretsDb.del("secrets", key);
-}
-
-export { db, secretsDb };

package/src/shared/deepbase-secure.ts

@@ -1,39 +0,0 @@
-import CryptoJS from 'crypto-js';
-import DeepBase from 'deepbase';
-import { JsonDriver } from 'deepbase-json';
-
-interface DeepbaseSecureOptions {
-  encryptionKey: string;
-  path: string;
-  name: string;
-}
-
-export class DeepbaseSecure extends DeepBase {
-  constructor(opts: DeepbaseSecureOptions) {
-    const encryptionKey = opts.encryptionKey;
-    const { path, name } = opts;
-
-    // Create JSON driver with encryption
-    const driver = new JsonDriver({
-      path,
-      name,
-      stringify: (obj: any) => {
-        const iv = CryptoJS.lib.WordArray.random(128 / 8);
-        const encrypted = CryptoJS.AES.encrypt(
-          JSON.stringify(obj),
-          encryptionKey,
-          { iv }
-        );
-        return iv.toString(CryptoJS.enc.Hex) + ':' + encrypted.toString();
-      },
-      parse: (encryptedData: string) => {
-        const [ivHex, encrypted] = encryptedData.split(':');
-        const iv = CryptoJS.enc.Hex.parse(ivHex);
-        const bytes = CryptoJS.AES.decrypt(encrypted, encryptionKey, { iv });
-        return JSON.parse(bytes.toString(CryptoJS.enc.Utf8));
-      }
-    });
-
-    super(driver);
-  }
-}

package/src/shared/ink-shim.js

@@ -1,14 +0,0 @@
-// Shim for running CLI tools that use Ink without a TTY.
-// Prevents "Raw mode is not supported" crash by providing a no-op setRawMode.
-// Uses Object.defineProperty for robustness (Bun may make stdin props non-writable).
-if (process.stdin) {
-  if (!process.stdin.isTTY) {
-    try { Object.defineProperty(process.stdin, "isTTY", { value: true, writable: true, configurable: true }); }
-    catch { process.stdin.isTTY = true; }
-  }
-  if (typeof process.stdin.setRawMode !== "function") {
-    const noop = function () { return process.stdin; };
-    try { Object.defineProperty(process.stdin, "setRawMode", { value: noop, writable: true, configurable: true }); }
-    catch { process.stdin.setRawMode = noop; }
-  }
-}

package/src/shared/logger.ts

@@ -1,42 +0,0 @@
-/**
- * @module shared/logger
- * @role Structured logging to runtime logs dir and stdout.
- * @responsibilities
- *   - Create named loggers per component (core, daemon, telegram, scheduler)
- *   - Write timestamped log lines to file + console
- *   - Ensure log directory exists
- * @dependencies shared/config
- * @effects Writes to disk (logs dir), writes to stdout
- */
-
-import { appendFileSync, mkdirSync, existsSync } from "fs";
-import { join } from "path";
-import { config } from "./config";
-
-type Level = "DEBUG" | "INFO" | "WARN" | "ERROR";
-
-export function createLogger(component: string) {
-  const logFile = join(config.logsDir, `${component}.log`);
-
-  if (!existsSync(config.logsDir)) {
-    mkdirSync(config.logsDir, { recursive: true });
-  }
-
-  function write(level: Level, message: string) {
-    const timestamp = new Date().toISOString();
-    const line = `[${timestamp}] [${level}] ${message}\n`;
-    console.log(line.trim());
-    try {
-      appendFileSync(logFile, line);
-    } catch {
-      // If we can't write to log file, at least console output happened
-    }
-  }
-
-  return {
-    debug: (msg: string) => write("DEBUG", msg),
-    info: (msg: string) => write("INFO", msg),
-    warn: (msg: string) => write("WARN", msg),
-    error: (msg: string) => write("ERROR", msg),
-  };
-}