autohand-cli 0.7.6 → 0.7.8

package/dist/chunk-XFPITUFJ.cjs

@@ -0,0 +1,674 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+var _chunkSFGJQPGCcjs = require('./chunk-SFGJQPGC.cjs');
+
+
+var _chunkPMMSDR44cjs = require('./chunk-PMMSDR44.cjs');
+
+// src/sync/types.ts
+var DEFAULT_SYNC_CONFIG = {
+  enabled: true,
+  interval: 5 * 60 * 1e3,
+  // 5 minutes
+  includeTelemetry: false,
+  includeFeedback: false
+};
+var SYNC_EXCLUDE_ALWAYS = [
+  "device-id",
+  "error.log",
+  "feedback.log",
+  "version-*.json",
+  ".sync-lock",
+  ".sync-state.json"
+];
+var SYNC_CONSENT_REQUIRED = {
+  telemetry: "telemetry/",
+  feedback: "feedback/"
+};
+var SYNC_INCLUDE_DEFAULT = [
+  "config.json",
+  "agents/",
+  "community-skills/",
+  "hooks/",
+  "memory/",
+  "projects/",
+  "sessions/",
+  "share/",
+  "skills/"
+];
+
+// src/sync/encryption.ts
+var _crypto = require('crypto'); var _crypto2 = _interopRequireDefault(_crypto);
+var ALGORITHM = "aes-256-gcm";
+var KEY_LENGTH = 32;
+var IV_LENGTH = 16;
+var AUTH_TAG_LENGTH = 16;
+var SALT = "autohand-sync-v1";
+var ITERATIONS = 1e5;
+function deriveKey(authToken) {
+  if (!authToken || authToken.length < 10) {
+    throw new Error("Invalid auth token for key derivation");
+  }
+  return _crypto2.default.pbkdf2Sync(authToken, SALT, ITERATIONS, KEY_LENGTH, "sha256");
+}
+function encrypt(plaintext, authToken) {
+  if (!plaintext) {
+    return plaintext;
+  }
+  const key = deriveKey(authToken);
+  const iv = _crypto2.default.randomBytes(IV_LENGTH);
+  const cipher = _crypto2.default.createCipheriv(ALGORITHM, key, iv);
+  let ciphertext = cipher.update(plaintext, "utf8", "base64");
+  ciphertext += cipher.final("base64");
+  const authTag = cipher.getAuthTag();
+  return `${iv.toString("base64")}:${authTag.toString("base64")}:${ciphertext}`;
+}
+function decrypt(encrypted, authToken) {
+  if (!encrypted || !encrypted.includes(":")) {
+    throw new Error("Invalid encrypted format");
+  }
+  const parts = encrypted.split(":");
+  if (parts.length !== 3) {
+    throw new Error("Invalid encrypted format: expected iv:authTag:ciphertext");
+  }
+  const [ivB64, authTagB64, ciphertext] = parts;
+  const key = deriveKey(authToken);
+  const iv = Buffer.from(ivB64, "base64");
+  const authTag = Buffer.from(authTagB64, "base64");
+  if (iv.length !== IV_LENGTH) {
+    throw new Error("Invalid IV length");
+  }
+  if (authTag.length !== AUTH_TAG_LENGTH) {
+    throw new Error("Invalid auth tag length");
+  }
+  const decipher = _crypto2.default.createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(authTag);
+  let plaintext = decipher.update(ciphertext, "base64", "utf8");
+  plaintext += decipher.final("utf8");
+  return plaintext;
+}
+function isEncrypted(value) {
+  if (!value || typeof value !== "string") {
+    return false;
+  }
+  const parts = value.split(":");
+  if (parts.length !== 3) {
+    return false;
+  }
+  try {
+    const iv = Buffer.from(parts[0], "base64");
+    const authTag = Buffer.from(parts[1], "base64");
+    return iv.length === IV_LENGTH && authTag.length === AUTH_TAG_LENGTH;
+  } catch (e) {
+    return false;
+  }
+}
+function encryptConfig(config, authToken) {
+  const result = {};
+  for (const [key, value] of Object.entries(config)) {
+    if (value === null || value === void 0) {
+      result[key] = value;
+      continue;
+    }
+    if (typeof value === "object" && !Array.isArray(value)) {
+      result[key] = encryptConfig(value, authToken);
+      continue;
+    }
+    if (typeof value === "string" && isSensitiveKey(key) && value.length > 0 && !isEncrypted(value)) {
+      result[key] = encrypt(value, authToken);
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+function decryptConfig(config, authToken) {
+  const result = {};
+  for (const [key, value] of Object.entries(config)) {
+    if (value === null || value === void 0) {
+      result[key] = value;
+      continue;
+    }
+    if (typeof value === "object" && !Array.isArray(value)) {
+      result[key] = decryptConfig(value, authToken);
+      continue;
+    }
+    if (typeof value === "string" && isSensitiveKey(key) && isEncrypted(value)) {
+      try {
+        result[key] = decrypt(value, authToken);
+      } catch (e2) {
+        result[key] = value;
+      }
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+function isSensitiveKey(key) {
+  const lowerKey = key.toLowerCase();
+  return lowerKey === "apikey" || lowerKey.endsWith("key") || lowerKey.endsWith("token") || lowerKey.endsWith("secret") || lowerKey === "password";
+}
+function computeHash(data) {
+  return _crypto2.default.createHash("sha256").update(data).digest("hex");
+}
+
+// src/sync/SyncService.ts
+var _fsextra = require('fs-extra'); var _fsextra2 = _interopRequireDefault(_fsextra);
+var _path = require('path'); var _path2 = _interopRequireDefault(_path);
+var MANIFEST_VERSION = 1;
+var SYNC_STATE_FILE = ".sync-state.json";
+var SYNC_LOCK_FILE = ".sync-lock";
+var MAX_TOTAL_SIZE = 100 * 1024 * 1024;
+var SyncService = class {
+  constructor(options) {
+    this.timer = null;
+    this.syncing = false;
+    this.started = false;
+    this.authToken = options.authToken;
+    this.userId = options.userId;
+    this.config = options.config;
+    this.client = options.apiClient || _chunkSFGJQPGCcjs.getSyncApiClient.call(void 0, );
+    this.onEvent = options.onEvent || (() => {
+    });
+    this.basePath = _chunkPMMSDR44cjs.AUTOHAND_HOME;
+  }
+  /**
+   * Start the background sync timer
+   */
+  start() {
+    if (this.started) return;
+    this.started = true;
+    this.sync().catch(() => {
+    });
+    this.timer = setInterval(() => {
+      this.sync().catch(() => {
+      });
+    }, this.config.interval);
+  }
+  /**
+   * Stop the background sync timer
+   */
+  stop() {
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+    }
+    this.started = false;
+  }
+  /**
+   * Check if the service is running
+   */
+  get isRunning() {
+    return this.started;
+  }
+  /**
+   * Perform a sync operation
+   */
+  async sync() {
+    if (this.syncing) {
+      return {
+        success: false,
+        uploaded: 0,
+        downloaded: 0,
+        conflicts: 0,
+        error: "Sync already in progress"
+      };
+    }
+    const lockPath = _path2.default.join(this.basePath, SYNC_LOCK_FILE);
+    if (await _fsextra2.default.pathExists(lockPath)) {
+      const lockContent = await _fsextra2.default.readFile(lockPath, "utf8").catch(() => "");
+      const lockAge = Date.now() - parseInt(lockContent, 10);
+      if (lockAge < 5 * 60 * 1e3) {
+        return {
+          success: false,
+          uploaded: 0,
+          downloaded: 0,
+          conflicts: 0,
+          error: "Sync locked by another process"
+        };
+      }
+      await _fsextra2.default.remove(lockPath);
+    }
+    this.syncing = true;
+    const startTime = Date.now();
+    await _fsextra2.default.writeFile(lockPath, Date.now().toString());
+    this.onEvent({ type: "sync_started" });
+    try {
+      const localManifest = await this.buildLocalManifest();
+      const totalSize = localManifest.files.reduce((sum, f) => sum + f.size, 0);
+      if (totalSize > MAX_TOTAL_SIZE) {
+        return {
+          success: false,
+          uploaded: 0,
+          downloaded: 0,
+          conflicts: 0,
+          error: `Total sync size (${Math.round(totalSize / 1024 / 1024)}MB) exceeds limit (${Math.round(MAX_TOTAL_SIZE / 1024 / 1024)}MB)`
+        };
+      }
+      const remoteManifest = await this.client.getRemoteManifest(this.authToken);
+      const actions = this.compareManifests(localManifest, remoteManifest);
+      let downloaded = 0;
+      let uploaded = 0;
+      let conflicts = 0;
+      if (actions.downloads.length > 0 || actions.conflicts.length > 0) {
+        const toDownload = [...actions.downloads, ...actions.conflicts];
+        conflicts = actions.conflicts.length;
+        const { downloadUrls } = await this.client.initiateDownload(
+          this.authToken,
+          toDownload.map((f) => f.path)
+        );
+        for (const file of toDownload) {
+          const url = downloadUrls[file.path];
+          if (!url) continue;
+          try {
+            const content = await this.client.downloadFile(url);
+            const localPath = _path2.default.join(this.basePath, file.path);
+            if (file.path === "config.json") {
+              const config = JSON.parse(content.toString("utf8"));
+              const decrypted = decryptConfig(config, this.authToken);
+              await _fsextra2.default.ensureDir(_path2.default.dirname(localPath));
+              await _fsextra2.default.writeJson(localPath, decrypted, { spaces: 2 });
+            } else {
+              await _fsextra2.default.ensureDir(_path2.default.dirname(localPath));
+              await _fsextra2.default.writeFile(localPath, content);
+            }
+            downloaded++;
+            this.onEvent({ type: "file_downloaded", path: file.path, size: content.length });
+            if (actions.conflicts.includes(file)) {
+              this.onEvent({ type: "conflict_resolved", path: file.path, strategy: "cloud_wins" });
+            }
+          } catch (error) {
+            console.error(`Failed to download ${file.path}:`, error);
+          }
+        }
+        for (const filePath of actions.localDeletes) {
+          const localPath = _path2.default.join(this.basePath, filePath);
+          await _fsextra2.default.remove(localPath).catch(() => {
+          });
+        }
+      }
+      if (actions.uploads.length > 0) {
+        const { uploadUrls } = await this.client.initiateUpload(
+          this.authToken,
+          localManifest,
+          actions.uploads.map((f) => f.path)
+        );
+        for (const file of actions.uploads) {
+          const url = uploadUrls[file.path];
+          if (!url) continue;
+          try {
+            const localPath = _path2.default.join(this.basePath, file.path);
+            let content;
+            if (file.path === "config.json") {
+              const config = await _fsextra2.default.readJson(localPath);
+              const encrypted = encryptConfig(config, this.authToken);
+              content = Buffer.from(JSON.stringify(encrypted, null, 2), "utf8");
+            } else {
+              content = await _fsextra2.default.readFile(localPath);
+            }
+            await this.client.uploadFile(url, content);
+            uploaded++;
+            this.onEvent({ type: "file_uploaded", path: file.path, size: content.length });
+          } catch (error) {
+            console.error(`Failed to upload ${file.path}:`, error);
+          }
+        }
+        await this.client.completeUpload(this.authToken, localManifest);
+      }
+      const stateFile = _path2.default.join(this.basePath, SYNC_STATE_FILE);
+      const state = {
+        lastSync: (/* @__PURE__ */ new Date()).toISOString(),
+        lastManifestHash: computeHash(JSON.stringify(localManifest))
+      };
+      await _fsextra2.default.writeJson(stateFile, state, { spaces: 2 });
+      const result = {
+        success: true,
+        uploaded,
+        downloaded,
+        conflicts,
+        duration: Date.now() - startTime
+      };
+      this.onEvent({ type: "sync_completed", result });
+      return result;
+    } catch (error) {
+      const errorMessage = error.message;
+      this.onEvent({ type: "sync_failed", error: errorMessage });
+      return {
+        success: false,
+        uploaded: 0,
+        downloaded: 0,
+        conflicts: 0,
+        error: errorMessage,
+        duration: Date.now() - startTime
+      };
+    } finally {
+      this.syncing = false;
+      await _fsextra2.default.remove(lockPath).catch(() => {
+      });
+    }
+  }
+  /**
+   * Build manifest from local ~/.autohand/ files
+   */
+  async buildLocalManifest() {
+    const files = [];
+    const includePaths = await this.getIncludePaths();
+    for (const relativePath of includePaths) {
+      const fullPath = _path2.default.join(this.basePath, relativePath);
+      if (await _fsextra2.default.pathExists(fullPath)) {
+        const stat = await _fsextra2.default.stat(fullPath);
+        if (stat.isFile()) {
+          const content = await _fsextra2.default.readFile(fullPath);
+          files.push({
+            path: relativePath,
+            hash: computeHash(content),
+            size: stat.size,
+            modifiedAt: stat.mtime.toISOString(),
+            encrypted: relativePath === "config.json"
+          });
+        } else if (stat.isDirectory()) {
+          const dirFiles = await this.getFilesInDirectory(relativePath);
+          files.push(...dirFiles);
+        }
+      }
+    }
+    const manifest = {
+      version: MANIFEST_VERSION,
+      userId: this.userId,
+      lastModified: (/* @__PURE__ */ new Date()).toISOString(),
+      files,
+      checksum: ""
+      // Will be set below
+    };
+    manifest.checksum = computeHash(JSON.stringify({ ...manifest, checksum: "" }));
+    return manifest;
+  }
+  /**
+   * Get list of paths to include in sync
+   */
+  async getIncludePaths() {
+    const paths = [...SYNC_INCLUDE_DEFAULT];
+    if (this.config.includeTelemetry) {
+      paths.push(SYNC_CONSENT_REQUIRED.telemetry);
+    }
+    if (this.config.includeFeedback) {
+      paths.push(SYNC_CONSENT_REQUIRED.feedback);
+    }
+    const excludePatterns = [...SYNC_EXCLUDE_ALWAYS, ...this.config.exclude || []];
+    return paths.filter((p) => !this.isExcluded(p, excludePatterns));
+  }
+  /**
+   * Get all files in a directory recursively
+   * Skips symlinks to prevent security issues and infinite loops
+   */
+  async getFilesInDirectory(dirPath) {
+    const files = [];
+    const fullDirPath = _path2.default.join(this.basePath, dirPath);
+    if (!await _fsextra2.default.pathExists(fullDirPath)) {
+      return files;
+    }
+    const entries = await _fsextra2.default.readdir(fullDirPath, { withFileTypes: true });
+    const excludePatterns = [...SYNC_EXCLUDE_ALWAYS, ...this.config.exclude || []];
+    for (const entry of entries) {
+      const relativePath = _path2.default.join(dirPath, entry.name);
+      const fullPath = _path2.default.join(this.basePath, relativePath);
+      if (this.isExcluded(relativePath, excludePatterns)) {
+        continue;
+      }
+      if (entry.isSymbolicLink()) {
+        continue;
+      }
+      if (entry.isFile()) {
+        try {
+          const stat = await _fsextra2.default.stat(fullPath);
+          const content = await _fsextra2.default.readFile(fullPath);
+          files.push({
+            path: relativePath,
+            hash: computeHash(content),
+            size: stat.size,
+            modifiedAt: stat.mtime.toISOString()
+          });
+        } catch (e3) {
+          continue;
+        }
+      } else if (entry.isDirectory()) {
+        const subFiles = await this.getFilesInDirectory(relativePath);
+        files.push(...subFiles);
+      }
+    }
+    return files;
+  }
+  /**
+   * Check if a path matches any exclude pattern
+   */
+  isExcluded(filePath, patterns) {
+    for (const pattern of patterns) {
+      if (pattern.includes("*")) {
+        const regex = new RegExp("^" + pattern.replace(/\*/g, ".*") + "$");
+        if (regex.test(filePath) || regex.test(_path2.default.basename(filePath))) {
+          return true;
+        }
+      } else if (filePath === pattern || filePath.startsWith(pattern)) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Compare local and remote manifests to determine sync actions
+   */
+  compareManifests(local, remote) {
+    const actions = {
+      uploads: [],
+      downloads: [],
+      conflicts: [],
+      localDeletes: [],
+      remoteDeletes: []
+    };
+    if (!remote) {
+      actions.uploads = [...local.files];
+      return actions;
+    }
+    const localFiles = new Map(local.files.map((f) => [f.path, f]));
+    const remoteFiles = new Map(remote.files.map((f) => [f.path, f]));
+    for (const [filePath, localFile] of localFiles) {
+      const remoteFile = remoteFiles.get(filePath);
+      if (!remoteFile) {
+        actions.uploads.push(localFile);
+      } else if (localFile.hash !== remoteFile.hash) {
+        actions.conflicts.push(remoteFile);
+      }
+    }
+    for (const [filePath, remoteFile] of remoteFiles) {
+      if (!localFiles.has(filePath)) {
+        actions.downloads.push(remoteFile);
+      }
+    }
+    return actions;
+  }
+  /**
+   * Force a full sync (re-download everything from cloud)
+   */
+  async forceDownload() {
+    const remoteManifest = await this.client.getRemoteManifest(this.authToken);
+    if (!remoteManifest) {
+      return {
+        success: false,
+        uploaded: 0,
+        downloaded: 0,
+        conflicts: 0,
+        error: "No remote data to download"
+      };
+    }
+    const actions = {
+      uploads: [],
+      downloads: remoteManifest.files,
+      conflicts: [],
+      localDeletes: [],
+      remoteDeletes: []
+    };
+    return this.performSyncActions(actions, remoteManifest);
+  }
+  /**
+   * Force a full upload (overwrite cloud with local)
+   */
+  async forceUpload() {
+    const localManifest = await this.buildLocalManifest();
+    const actions = {
+      uploads: localManifest.files,
+      downloads: [],
+      conflicts: [],
+      localDeletes: [],
+      remoteDeletes: []
+    };
+    return this.performSyncActions(actions, localManifest);
+  }
+  /**
+   * Helper to perform sync actions
+   */
+  async performSyncActions(actions, manifest) {
+    const startTime = Date.now();
+    let uploaded = 0;
+    let downloaded = 0;
+    try {
+      if (actions.downloads.length > 0) {
+        const { downloadUrls } = await this.client.initiateDownload(
+          this.authToken,
+          actions.downloads.map((f) => f.path)
+        );
+        for (const file of actions.downloads) {
+          const url = downloadUrls[file.path];
+          if (!url) continue;
+          try {
+            const content = await this.client.downloadFile(url);
+            const localPath = _path2.default.join(this.basePath, file.path);
+            if (file.path === "config.json") {
+              const config = JSON.parse(content.toString("utf8"));
+              const decrypted = decryptConfig(config, this.authToken);
+              await _fsextra2.default.ensureDir(_path2.default.dirname(localPath));
+              await _fsextra2.default.writeJson(localPath, decrypted, { spaces: 2 });
+            } else {
+              await _fsextra2.default.ensureDir(_path2.default.dirname(localPath));
+              await _fsextra2.default.writeFile(localPath, content);
+            }
+            downloaded++;
+          } catch (e4) {
+          }
+        }
+      }
+      if (actions.uploads.length > 0) {
+        const { uploadUrls } = await this.client.initiateUpload(
+          this.authToken,
+          manifest,
+          actions.uploads.map((f) => f.path)
+        );
+        for (const file of actions.uploads) {
+          const url = uploadUrls[file.path];
+          if (!url) continue;
+          try {
+            const localPath = _path2.default.join(this.basePath, file.path);
+            let content;
+            if (file.path === "config.json") {
+              const config = await _fsextra2.default.readJson(localPath);
+              const encrypted = encryptConfig(config, this.authToken);
+              content = Buffer.from(JSON.stringify(encrypted, null, 2), "utf8");
+            } else {
+              content = await _fsextra2.default.readFile(localPath);
+            }
+            await this.client.uploadFile(url, content);
+            uploaded++;
+          } catch (e5) {
+          }
+        }
+        await this.client.completeUpload(this.authToken, manifest);
+      }
+      return {
+        success: true,
+        uploaded,
+        downloaded,
+        conflicts: 0,
+        duration: Date.now() - startTime
+      };
+    } catch (error) {
+      return {
+        success: false,
+        uploaded,
+        downloaded,
+        conflicts: 0,
+        error: error.message,
+        duration: Date.now() - startTime
+      };
+    }
+  }
+  /**
+   * Get current sync status
+   */
+  async getStatus() {
+    const stateFile = _path2.default.join(this.basePath, SYNC_STATE_FILE);
+    let lastSync = null;
+    if (await _fsextra2.default.pathExists(stateFile)) {
+      const state = await _fsextra2.default.readJson(stateFile).catch(() => ({}));
+      lastSync = state.lastSync || null;
+    }
+    const manifest = await this.buildLocalManifest();
+    const totalSize = manifest.files.reduce((sum, f) => sum + f.size, 0);
+    return {
+      enabled: this.config.enabled,
+      lastSync,
+      syncing: this.syncing,
+      fileCount: manifest.files.length,
+      totalSize
+    };
+  }
+};
+function createSyncService(options) {
+  return new SyncService(options);
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+exports.DEFAULT_SYNC_CONFIG = DEFAULT_SYNC_CONFIG; exports.SYNC_EXCLUDE_ALWAYS = SYNC_EXCLUDE_ALWAYS; exports.SYNC_CONSENT_REQUIRED = SYNC_CONSENT_REQUIRED; exports.SYNC_INCLUDE_DEFAULT = SYNC_INCLUDE_DEFAULT; exports.deriveKey = deriveKey; exports.encrypt = encrypt; exports.decrypt = decrypt; exports.isEncrypted = isEncrypted; exports.encryptConfig = encryptConfig; exports.decryptConfig = decryptConfig; exports.computeHash = computeHash; exports.SyncService = SyncService; exports.createSyncService = createSyncService;
+/**
+ * @license
+ * Copyright 2025 Autohand AI LLC
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Types for settings sync service
+ */
+/**
+ * @license
+ * Copyright 2025 Autohand AI LLC
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Encryption utilities for settings sync
+ * Uses AES-256-GCM for authenticated encryption of sensitive data
+ */
+/**
+ * @license
+ * Copyright 2025 Autohand AI LLC
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Settings Sync Service
+ * Manages background synchronization of ~/.autohand/ to cloud storage
+ */
+/**
+ * @license
+ * Copyright 2025 Autohand AI LLC
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Settings Sync Module
+ * Synchronizes ~/.autohand/ configuration to cloud storage for logged-in users
+ */