auggy 0.3.0

package/src/cli/commands/visitors-revoke.ts

@@ -0,0 +1,155 @@
+/**
+ * `auggy visitors <agent> --revoke <email>` — hard-revoke + memory cascade.
+ *
+ * Operates on SQLite files directly (visitor-auth.db, memory.db). Safe with
+ * a running agent thanks to WAL mode.
+ *
+ * Cascade order:
+ *   1. visitor-auth.db: revokeByEmail returns visitorId
+ *   2. memory.db: DELETE FROM entries WHERE peer_id = visitorId
+ */
+
+import { existsSync } from "node:fs";
+import { Database } from "bun:sqlite";
+import { join, resolve } from "node:path";
+import { getAgent } from "../agent-index";
+import { createSqliteVisitorAuthStore } from "../../augments/visitor-auth/storage/sqlite-store";
+import { parseAugmentConfigOnly } from "../yaml-helpers";
+
+export interface VisitorsRevokeOptions {
+  auggyDir?: string;
+  /** When true, prompt the user. When false (or --yes), skip the prompt. */
+  confirm?: boolean;
+  log?: (line: string) => void;
+  /** Test seam — production reads from stdin (currently always returns false in non-interactive contexts). */
+  _confirmAnswer?: (prompt: string) => boolean;
+}
+
+interface ResolvedPaths {
+  agentDir: string;
+  visitorAuthDb: string;
+  memoryDb: string | null;
+}
+
+function resolvePaths(agentName: string, opts: VisitorsRevokeOptions): ResolvedPaths {
+  const entry = getAgent(agentName, { auggyDir: opts.auggyDir });
+  if (!entry) {
+    throw new Error(
+      `Agent "${agentName}" is not registered. Run \`auggy ls\` to see registered agents.`,
+    );
+  }
+  const agentDir = entry.localDir;
+  const yamlPath = join(agentDir, "agent.yaml");
+  // parseAugmentConfigOnly handles env-var interpolation (F15) so that
+  // `dbPath: ${MY_DB_PATH}` / `layeredMemoryDbPath: ${MEMORY_DB}` in
+  // agent.yaml resolves correctly here.
+  const vaOptions = parseAugmentConfigOnly(yamlPath, "visitorAuth");
+  if (!vaOptions) {
+    throw new Error(`Agent "${agentName}": visitorAuth is not configured.`);
+  }
+  const dbPath = (vaOptions.dbPath as string | undefined) ?? "./visitor-auth.db";
+  // null = explicit opt-out from peer-id migration; undefined = default.
+  const memPathRaw =
+    vaOptions.layeredMemoryDbPath === null
+      ? null
+      : ((vaOptions.layeredMemoryDbPath as string | undefined) ?? "./memory.db");
+  return {
+    agentDir,
+    visitorAuthDb: resolve(agentDir, dbPath),
+    memoryDb: memPathRaw === null ? null : resolve(agentDir, memPathRaw),
+  };
+}
+
+function defaultConfirm(prompt: string): boolean {
+  process.stdout.write(prompt);
+  // Synchronous stdin read in Bun is non-trivial. For v1 we assume "no" in
+  // non-interactive contexts. Operators must pass `--yes` for non-interactive
+  // revocation. Tests inject _confirmAnswer.
+  return false;
+}
+
+export async function runVisitorsRevoke(
+  agentName: string,
+  email: string,
+  opts: VisitorsRevokeOptions = {},
+): Promise<void> {
+  const log = opts.log ?? ((l: string) => console.log(l));
+  const paths = resolvePaths(agentName, opts);
+
+  if (!existsSync(paths.visitorAuthDb)) {
+    throw new Error(`No verified visitors yet — visitor-auth.db not found.`);
+  }
+
+  const store = createSqliteVisitorAuthStore({ dbPath: paths.visitorAuthDb });
+  store.initialize();
+  const existing = store.findVerifiedByEmail(email);
+  if (!existing) {
+    store.close();
+    throw new Error(`No verified visitor found for "${email}".`);
+  }
+
+  // Already-revoked branch: re-run the memory cascade to recover from a
+  // previously-interrupted revoke (e.g. operator hit Ctrl-C between the
+  // visitor-auth UPDATE and the memory.db DELETE). DELETE is idempotent —
+  // a no-op when there are no orphan rows.
+  if (existing.revoked) {
+    store.close();
+    const memDeleted = cascadeMemoryDelete(paths.memoryDb, existing.visitorId, log);
+    log(
+      `Visitor "${email}" was already revoked (${existing.revokedReason ?? "unspecified"}). ${memDeleted} stale memory row(s) cleaned up.`,
+    );
+    return;
+  }
+
+  if (opts.confirm) {
+    const ok = (opts._confirmAnswer ?? defaultConfirm)(
+      `Revoke verified visitor "${email}" (${existing.visitorId})? This deletes peer-scoped memory rows. [y/N] `,
+    );
+    if (!ok) {
+      log("Cancelled. No changes made.");
+      store.close();
+      return;
+    }
+  }
+
+  const visitorId = store.revokeByEmail(email, "operator", Date.now())!;
+  store.close();
+
+  const memDeleted = cascadeMemoryDelete(paths.memoryDb, visitorId, log);
+  log(`Revoked "${email}" (${visitorId}). ${memDeleted} memory row(s) removed.`);
+}
+
+/**
+ * DELETE memory rows for a peer-id from the layeredMemory SQLite file.
+ * Best-effort — exceptions are logged and swallowed; the visitor-auth row
+ * has already been revoked at the call site, so partial-success state is
+ * acceptable. Returns the row count (0 if missing-file/null-path).
+ */
+function cascadeMemoryDelete(
+  memoryDb: string | null,
+  visitorId: string,
+  log: (line: string) => void,
+): number {
+  if (!memoryDb) return 0;
+  if (!existsSync(memoryDb)) {
+    log(`memory.db not found at ${memoryDb} — skipping memory cascade.`);
+    return 0;
+  }
+  let db: Database | null = null;
+  try {
+    db = new Database(memoryDb, { readwrite: true });
+    const r = db.prepare(`DELETE FROM entries WHERE peer_id = ?`).run(visitorId);
+    return r.changes;
+  } catch (err) {
+    log(`Memory cascade failed: ${(err as Error).message}. Operator should retry manually.`);
+    return 0;
+  } finally {
+    if (db) {
+      try {
+        db.close();
+      } catch {
+        // ignore close errors
+      }
+    }
+  }
+}

package/src/cli/commands/visitors.ts

@@ -0,0 +1,101 @@
+/**
+ * `auggy visitors <agent>` — list verified visitors for a single agent.
+ *
+ * Operates on the agent's SQLite files directly (visitor-auth.db). The agent
+ * does NOT need to be running — SQLite WAL mode keeps reads safe alongside
+ * a running agent.
+ */
+
+import { existsSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { getAgent } from "../agent-index";
+import { createSqliteVisitorAuthStore } from "../../augments/visitor-auth/storage/sqlite-store";
+import { parseAugmentConfigOnly } from "../yaml-helpers";
+
+export interface VisitorsCommandOptions {
+  auggyDir?: string;
+  log?: (line: string) => void;
+}
+
+interface ResolvedAgentPaths {
+  agentDir: string;
+  visitorAuthDb: string;
+}
+
+function resolveAgentPaths(agentName: string, opts: VisitorsCommandOptions): ResolvedAgentPaths {
+  const entry = getAgent(agentName, { auggyDir: opts.auggyDir });
+  if (!entry) {
+    throw new Error(
+      `Agent "${agentName}" is not registered. Run \`auggy ls\` to see registered agents.`,
+    );
+  }
+  const agentDir = entry.localDir;
+  const yamlPath = join(agentDir, "agent.yaml");
+  // parseAugmentConfigOnly handles env-var interpolation (F15) so that
+  // `dbPath: ${MY_DB_PATH}` in agent.yaml resolves correctly here.
+  const vaOptions = parseAugmentConfigOnly(yamlPath, "visitorAuth");
+  if (!vaOptions) {
+    throw new Error(`Agent "${agentName}": visitorAuth augment is not configured.`);
+  }
+  const dbPath = (vaOptions.dbPath as string | undefined) ?? "./visitor-auth.db";
+  return {
+    agentDir,
+    visitorAuthDb: resolve(agentDir, dbPath),
+  };
+}
+
+function pad(s: string, w: number): string {
+  return s + " ".repeat(Math.max(0, w - s.length));
+}
+
+function formatTs(ms: number | null): string {
+  if (!ms) return "—";
+  return `${new Date(ms).toISOString().replace("T", " ").slice(0, 19)} UTC`;
+}
+
+function statusLabel(row: {
+  revoked: boolean;
+  reverifyDueAt: number;
+  revokedReason: string | null;
+}): string {
+  if (row.revoked) {
+    const reason = row.revokedReason ?? "unspecified";
+    return `revoked (${reason})`;
+  }
+  if (row.reverifyDueAt <= Date.now()) return "reverify due";
+  return "active";
+}
+
+export async function runVisitorsList(
+  agentName: string,
+  opts: VisitorsCommandOptions = {},
+): Promise<void> {
+  const log = opts.log ?? ((l: string) => console.log(l));
+  const paths = resolveAgentPaths(agentName, opts);
+
+  if (!existsSync(paths.visitorAuthDb)) {
+    log(`(none) — visitor-auth.db has not been created yet for "${agentName}".`);
+    return;
+  }
+  const store = createSqliteVisitorAuthStore({ dbPath: paths.visitorAuthDb });
+  store.initialize();
+  const rows = store.listVerifiedVisitors();
+  store.close();
+
+  if (rows.length === 0) {
+    log(`(none) — no verified visitors recorded for "${agentName}".`);
+    return;
+  }
+
+  const headers = ["EMAIL", "VISITOR_ID", "VERIFIED_AT", "LAST_SEEN", "STATUS"];
+  const data = rows.map((r) => [
+    r.email,
+    r.visitorId,
+    formatTs(r.verifiedAt),
+    formatTs(r.lastSeenAt),
+    statusLabel(r),
+  ]);
+  const widths = headers.map((h, i) => Math.max(h.length, ...data.map((row) => row[i]!.length)));
+  log(headers.map((h, i) => pad(h, widths[i]!)).join("  "));
+  for (const row of data) log(row.map((c, i) => pad(c, widths[i]!)).join("  "));
+}