chainlesschain 0.162.78 → 0.162.80

package/src/lib/dao-governance.js

@@ -437,7 +437,7 @@ export function castVote(db, opts) {
       `Invalid voteType: ${voteType}. Must be one of: ${Object.values(VOTE_TYPE).join(", ")}`,
     );
   }
-  if (typeof voteCount !== "number" || voteCount <= 0) {
+  if (!Number.isFinite(voteCount) || voteCount <= 0) {
     throw new Error("voteCount must be a positive number");
   }
 
@@ -686,7 +686,7 @@ export function allocateFundsV2(db, opts) {
   const { proposalId, recipient, amount, asset = "native", memo } = opts || {};
   if (!proposalId) throw new Error("proposalId is required");
   if (!recipient) throw new Error("recipient is required");
-  if (typeof amount !== "number" || amount <= 0) {
+  if (!Number.isFinite(amount) || amount <= 0) {
     throw new Error("amount must be a positive number");
   }
   if (amount > _configV2.maxSingleAllocation) {
@@ -807,7 +807,7 @@ export function getConfigV2() {
 
 export function depositToTreasuryV2(db, opts) {
   const { amount, asset = "native", memo, depositorDid } = opts || {};
-  if (typeof amount !== "number" || amount <= 0) {
+  if (!Number.isFinite(amount) || amount <= 0) {
     throw new Error("amount must be a positive number");
   }
 

package/src/lib/downloader.js

@@ -24,6 +24,67 @@ const ASSET_PATTERNS = {
   linux: { x64: /chainlesschain.*linux.*x64.*\.zip$/i },
 };
 
+/**
+ * Stream a fetch Response body to `destPath` with two robustness guards for the
+ * download/install path:
+ *   - idle timeout: if no bytes arrive for `idleTimeoutMs`, abort `controller`
+ *     (which cancels the underlying fetch) so a hung server can't freeze the
+ *     download forever. The timer resets on every chunk — a stall detector, not
+ *     a total-time cap — and is unref'd so it never holds the loop open.
+ *   - size verification: if the server advertised a Content-Length and fewer
+ *     bytes arrived, throw. A silently truncated download must not look like a
+ *     successful one (the caller would otherwise extract/install a corrupt file).
+ *
+ * Exported for tests. Returns { downloadedBytes, totalBytes }.
+ */
+export async function streamToFileVerified(
+  response,
+  destPath,
+  {
+    controller = null,
+    idleTimeoutMs = 60000,
+    onProgress = null,
+    createWriteStreamImpl = createWriteStream,
+  } = {},
+) {
+  const totalBytes = parseInt(
+    response.headers.get("content-length") || "0",
+    10,
+  );
+  let downloadedBytes = 0;
+  let idleTimer = null;
+  const armIdle = () => {
+    if (!controller || !(idleTimeoutMs > 0)) return;
+    if (idleTimer) clearTimeout(idleTimer);
+    idleTimer = setTimeout(() => controller.abort(), idleTimeoutMs);
+    if (idleTimer && typeof idleTimer.unref === "function") idleTimer.unref();
+  };
+  const reader = response.body.getReader();
+  async function* track() {
+    try {
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done) return;
+        armIdle();
+        downloadedBytes += value.byteLength;
+        if (onProgress) onProgress(downloadedBytes, totalBytes);
+        yield value;
+      }
+    } finally {
+      if (idleTimer) clearTimeout(idleTimer);
+    }
+  }
+  armIdle();
+  await pipeline(track(), createWriteStreamImpl(destPath));
+  if (idleTimer) clearTimeout(idleTimer);
+  if (totalBytes > 0 && downloadedBytes !== totalBytes) {
+    throw new Error(
+      `Download truncated: received ${downloadedBytes} of ${totalBytes} bytes`,
+    );
+  }
+  return { downloadedBytes, totalBytes };
+}
+
 export async function downloadRelease(version, options = {}) {
   const binDir = ensureDir(getBinDir());
 
@@ -41,9 +102,14 @@ export async function downloadRelease(version, options = {}) {
   const spinner = ora(`Downloading ${assetName}...`).start();
 
   try {
+    // Abort the fetch if the download stalls (no bytes for idleTimeoutMs) so a
+    // hung mirror can't freeze `cc setup` forever; streamToFileVerified also
+    // verifies the full body landed (truncation guard).
+    const controller = new AbortController();
     const response = await fetch(assetUrl, {
       headers: { Accept: "application/octet-stream" },
       redirect: "follow",
+      signal: controller.signal,
     });
 
     if (!response.ok) {
@@ -52,30 +118,16 @@ export async function downloadRelease(version, options = {}) {
       );
     }
 
-    const totalBytes = parseInt(
-      response.headers.get("content-length") || "0",
-      10,
-    );
-    let downloadedBytes = 0;
-
-    // Stream the fetch body to disk via an async generator (stable APIs only —
-    // avoids the experimental stream.Readable.fromWeb); `pipeline` keeps the
-    // backpressure + error handling. Progress is tracked as chunks flow through.
-    const reader = response.body.getReader();
-    async function* trackProgress() {
-      while (true) {
-        const { done, value } = await reader.read();
-        if (done) return;
-        downloadedBytes += value.byteLength;
-        if (totalBytes > 0) {
-          const pct = ((downloadedBytes / totalBytes) * 100).toFixed(1);
-          spinner.text = `Downloading ${assetName}... ${pct}% (${formatBytes(downloadedBytes)}/${formatBytes(totalBytes)})`;
+    const { downloadedBytes } = await streamToFileVerified(response, destPath, {
+      controller,
+      idleTimeoutMs: options.idleTimeoutMs,
+      onProgress: (downloaded, total) => {
+        if (total > 0) {
+          const pct = ((downloaded / total) * 100).toFixed(1);
+          spinner.text = `Downloading ${assetName}... ${pct}% (${formatBytes(downloaded)}/${formatBytes(total)})`;
         }
-        yield value;
-      }
-    }
-
-    await pipeline(trackProgress(), createWriteStream(destPath));
+      },
+    });
 
     spinner.succeed(
       `Downloaded ${assetName} (${formatBytes(downloadedBytes)})`,
@@ -96,11 +148,16 @@ export async function downloadRelease(version, options = {}) {
 
     return binDir;
   } catch (err) {
-    spinner.fail(`Download failed: ${err.message}`);
+    const stalled =
+      err && (err.name === "AbortError" || err.code === "ABORT_ERR");
+    const msg = stalled
+      ? `Download stalled (no data received): ${assetName}`
+      : `Download failed: ${err.message}`;
+    spinner.fail(msg);
     if (existsSync(destPath)) {
       unlinkSync(destPath);
     }
-    throw err;
+    throw stalled ? new Error(msg) : err;
   }
 }
 

package/src/lib/headless-config-command.js

@@ -0,0 +1,62 @@
+/**
+ * Headless `/config` directive (Claude-Code 2.1.181 parity — "/config key=value
+ * in interactive AND -p modes"). The REPL already handles `/config` for the
+ * interactive half; this is the `-p` / piped-stdin half: when the headless
+ * prompt is a leading `/config …` slash command, treat it as a one-shot config
+ * get / set / show instead of a task for the LLM — no model call, no session,
+ * no bootstrap. (`cc config get|set` covers the same ground for pure scripting;
+ * this gives the symmetric single-interface form Claude Code exposes.)
+ *
+ * Pure detection + execution; config-manager does the disk I/O (injected for
+ * tests). Secrets stay masked on read and write — the same invariant the REPL
+ * `/config` upholds.
+ */
+import {
+  parseConfigCommand,
+  renderConfigGet,
+  renderConfigSet,
+  renderConfigSummary,
+} from "../repl/config-summary.js";
+
+/** Does this headless prompt start with the `/config` slash command? */
+export function isHeadlessConfigCommand(prompt) {
+  return /^\/config(?:\s|$)/.test((prompt || "").trim());
+}
+
+/**
+ * Execute a `/config …` directive. Returns `{ text, isError }`.
+ *
+ * @param {string} prompt  the full prompt (leading `/config …`)
+ * @param {object} deps
+ *   - configManager: { loadConfig, getConfigValue, setConfigValue } (required)
+ *   - getConfigPath?: () => string|null  (shown in the `show` summary)
+ */
+export function runConfigDirective(prompt, deps = {}) {
+  const cm = deps.configManager;
+  if (!cm) return { text: "/config: no config manager", isError: true };
+  const getConfigPath = deps.getConfigPath || (() => null);
+  const argStr = (prompt || "").trim().replace(/^\/config\b/, "");
+  const cmd = parseConfigCommand(argStr);
+
+  if (cmd.action === "error") {
+    return { text: `/config: ${cmd.message}`, isError: true };
+  }
+  if (cmd.action === "get") {
+    return {
+      text: renderConfigGet(cmd.key, cm.getConfigValue(cmd.key)),
+      isError: false,
+    };
+  }
+  if (cmd.action === "set") {
+    cm.setConfigValue(cmd.key, cmd.value);
+    return {
+      text: renderConfigSet(cmd.key, cm.getConfigValue(cmd.key)),
+      isError: false,
+    };
+  }
+  // show
+  return {
+    text: renderConfigSummary(cm.loadConfig(), { path: getConfigPath() }),
+    isError: false,
+  };
+}

package/src/lib/json-schema-output.js

@@ -34,21 +34,32 @@ export function validateAgainstSchema(value, schema, path = "$") {
   if (schema.type) {
     const want = Array.isArray(schema.type) ? schema.type : [schema.type];
     const got = typeOf(value);
-    const ok = want.some((t) => t === got || (t === "number" && got === "integer"));
+    const ok = want.some(
+      (t) => t === got || (t === "number" && got === "integer"),
+    );
     if (!ok) {
       errors.push(`${path}: expected type ${want.join("|")}, got ${got}`);
       return errors; // type mismatch — deeper checks are noise
     }
   }
-  if (schema.enum && !schema.enum.some((e) => JSON.stringify(e) === JSON.stringify(value))) {
-    errors.push(`${path}: value not in enum [${schema.enum.map((e) => JSON.stringify(e)).join(", ")}]`);
+  if (
+    schema.enum &&
+    !schema.enum.some((e) => JSON.stringify(e) === JSON.stringify(value))
+  ) {
+    errors.push(
+      `${path}: value not in enum [${schema.enum.map((e) => JSON.stringify(e)).join(", ")}]`,
+    );
   }
-  if (schema.const !== undefined && JSON.stringify(schema.const) !== JSON.stringify(value)) {
+  if (
+    schema.const !== undefined &&
+    JSON.stringify(schema.const) !== JSON.stringify(value)
+  ) {
     errors.push(`${path}: must equal const ${JSON.stringify(schema.const)}`);
   }
   if (typeOf(value) === "object" && !Array.isArray(value)) {
     for (const req of schema.required || []) {
-      if (!(req in value)) errors.push(`${path}: missing required property "${req}"`);
+      if (!(req in value))
+        errors.push(`${path}: missing required property "${req}"`);
     }
     const props = schema.properties || {};
     for (const [k, v] of Object.entries(value)) {
@@ -61,7 +72,9 @@ export function validateAgainstSchema(value, schema, path = "$") {
   }
   if (Array.isArray(value) && schema.items) {
     value.forEach((item, i) => {
-      errors.push(...validateAgainstSchema(item, schema.items, `${path}[${i}]`));
+      errors.push(
+        ...validateAgainstSchema(item, schema.items, `${path}[${i}]`),
+      );
     });
   }
   return errors;
@@ -76,10 +89,12 @@ export function extractJsonPayload(text) {
   if (fence) tries.push(fence[1].trim());
   const firstObj = raw.indexOf("{");
   const lastObj = raw.lastIndexOf("}");
-  if (firstObj !== -1 && lastObj > firstObj) tries.push(raw.slice(firstObj, lastObj + 1));
+  if (firstObj !== -1 && lastObj > firstObj)
+    tries.push(raw.slice(firstObj, lastObj + 1));
   const firstArr = raw.indexOf("[");
   const lastArr = raw.lastIndexOf("]");
-  if (firstArr !== -1 && lastArr > firstArr) tries.push(raw.slice(firstArr, lastArr + 1));
+  if (firstArr !== -1 && lastArr > firstArr)
+    tries.push(raw.slice(firstArr, lastArr + 1));
   for (const candidate of tries) {
     if (!candidate) continue;
     try {
@@ -111,6 +126,35 @@ export function buildRetryPrompt(originalPrompt, raw, errors) {
   ].join("\n");
 }
 
+/**
+ * Load + parse a --json-schema file, raising errors that name the file and
+ * the underlying cause instead of a bare `ENOENT …` or `Unexpected token …`
+ * stack (which is all the user would otherwise see).
+ *
+ * @param {{ readFileSync: Function }} fs
+ * @param {string} schemaFile
+ */
+export function loadSchemaFile(fs, schemaFile) {
+  if (!schemaFile) {
+    throw new Error(
+      "No schema provided: pass --json-schema <file> or a schema object",
+    );
+  }
+  let raw;
+  try {
+    raw = fs.readFileSync(schemaFile, "utf-8");
+  } catch (e) {
+    throw new Error(`Cannot read schema file "${schemaFile}": ${e.message}`);
+  }
+  try {
+    return JSON.parse(raw);
+  } catch (e) {
+    throw new Error(
+      `Invalid JSON in schema file "${schemaFile}": ${e.message}`,
+    );
+  }
+}
+
 /**
  * Run a headless turn constrained to a schema, retrying on validation
  * failure. Prints the validated JSON to writeOut; returns the exit code.
@@ -124,8 +168,7 @@ export async function runJsonSchemaConstrained(cfg = {}) {
   const writeErr = cfg.writeErr || ((s) => process.stderr.write(s));
   const maxAttempts = cfg.maxAttempts || MAX_ATTEMPTS;
 
-  const schema =
-    cfg.schema || JSON.parse(fs.readFileSync(cfg.schemaFile, "utf-8"));
+  const schema = cfg.schema || loadSchemaFile(fs, cfg.schemaFile);
   const instruction = buildSchemaInstruction(schema);
   const base = cfg.baseOptions || {};
 
@@ -151,7 +194,8 @@ export async function runJsonSchemaConstrained(cfg = {}) {
         writeErr,
       },
     );
-    const raw = String(outcome?.result ?? captured ?? "").trim() || captured.trim();
+    const raw =
+      String(outcome?.result ?? captured ?? "").trim() || captured.trim();
     lastRaw = raw;
     const parsed = extractJsonPayload(raw);
     if (parsed.ok) {

package/src/lib/mcp-oauth.js

@@ -39,7 +39,11 @@ export const _deps = {
 };
 
 const base64url = (buf) =>
-  Buffer.from(buf).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  Buffer.from(buf)
+    .toString("base64")
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=+$/, "");
 
 /** RFC 7636 PKCE pair (S256). */
 export function generatePkce() {
@@ -53,6 +57,52 @@ export function randomState(bytes = 16) {
   return base64url(_deps.randomBytes(bytes));
 }
 
+/** Minimal HTML-escape for values reflected into the callback page. */
+function escapeHtml(s) {
+  return String(s).replace(
+    /[&<>"']/g,
+    (c) =>
+      ({
+        "&": "&amp;",
+        "<": "&lt;",
+        ">": "&gt;",
+        '"': "&quot;",
+        "'": "&#39;",
+      })[c],
+  );
+}
+
+/**
+ * The HTML shown in the user's browser after the OAuth redirect hits our
+ * localhost callback. On success it AUTO-CLOSES the tab (Claude-Code 2.1.181
+ * parity) — best-effort, since window.close() only acts on script-opened
+ * windows, so the page still tells the user they may close it manually. The
+ * provider-supplied `error` is HTML-escaped (it is reflected into the page).
+ * Pure → unit-testable.
+ *
+ * @param {string|null|undefined} error  the `error` query param, if any
+ */
+export function renderCallbackPage(error) {
+  const ok = !error;
+  const title = ok ? "Authorized" : "Authorization failed";
+  const body = ok
+    ? "You can close this tab and return to the terminal."
+    : `The provider returned an error: ${escapeHtml(error)}`;
+  const autoClose = ok
+    ? "<script>setTimeout(function(){try{window.close();}catch(e){}},800);</script>"
+    : "";
+  return (
+    '<!doctype html><html><head><meta charset="utf-8"><title>' +
+    title +
+    "</title></head>" +
+    '<body style="font-family:system-ui,-apple-system,sans-serif;text-align:center;margin-top:18vh;color:#222">' +
+    `<h2 style="color:${ok ? "#16794a" : "#b00020"}">${title}</h2>` +
+    `<p style="color:#555">${body}</p>` +
+    autoClose +
+    "</body></html>"
+  );
+}
+
 async function fetchJson(url, opts) {
   const res = await _deps.fetch(url, opts);
   if (!res || !res.ok) {
@@ -63,7 +113,9 @@ async function fetchJson(url, opts) {
     } catch {
       /* ignore */
     }
-    const err = new Error(`HTTP ${status}${body ? `: ${body.slice(0, 200)}` : ""}`);
+    const err = new Error(
+      `HTTP ${status}${body ? `: ${body.slice(0, 200)}` : ""}`,
+    );
     err.status = res ? res.status : null;
     throw err;
   }
@@ -76,7 +128,10 @@ async function fetchJson(url, opts) {
  * the authorization-server doc directly at the origin.
  * @returns {Promise<{issuer?,authorization_endpoint,token_endpoint,registration_endpoint?,scopes_supported?}>}
  */
-export async function discoverAuthMetadata(serverUrl, { resourceMetadataUrl } = {}) {
+export async function discoverAuthMetadata(
+  serverUrl,
+  { resourceMetadataUrl } = {},
+) {
   const origin = new URL(serverUrl).origin;
   // 1. protected-resource metadata (RFC 9728) → authorization_servers[]
   let authServer = origin;
@@ -84,7 +139,10 @@ export async function discoverAuthMetadata(serverUrl, { resourceMetadataUrl } =
     const prUrl =
       resourceMetadataUrl || `${origin}/.well-known/oauth-protected-resource`;
     const pr = await fetchJson(prUrl);
-    if (Array.isArray(pr.authorization_servers) && pr.authorization_servers[0]) {
+    if (
+      Array.isArray(pr.authorization_servers) &&
+      pr.authorization_servers[0]
+    ) {
       authServer = String(pr.authorization_servers[0]).replace(/\/$/, "");
     }
   } catch {
@@ -118,9 +176,14 @@ export async function discoverAuthMetadata(serverUrl, { resourceMetadataUrl } =
 }
 
 /** RFC 7591 dynamic client registration → client_id (public client). */
-export async function registerClient(metadata, { redirectUri, clientName = "chainlesschain-cli" } = {}) {
+export async function registerClient(
+  metadata,
+  { redirectUri, clientName = "chainlesschain-cli" } = {},
+) {
   if (!metadata.registration_endpoint) {
-    throw new Error("server has no registration_endpoint and no --client-id was given");
+    throw new Error(
+      "server has no registration_endpoint and no --client-id was given",
+    );
   }
   const reg = await fetchJson(metadata.registration_endpoint, {
     method: "POST",
@@ -133,12 +196,16 @@ export async function registerClient(metadata, { redirectUri, clientName = "chai
       token_endpoint_auth_method: "none",
     }),
   });
-  if (!reg.client_id) throw new Error("registration did not return a client_id");
+  if (!reg.client_id)
+    throw new Error("registration did not return a client_id");
   return { clientId: reg.client_id, clientSecret: reg.client_secret || null };
 }
 
 /** Build the authorize URL (Authorization Code + PKCE). */
-export function buildAuthorizeUrl(metadata, { clientId, redirectUri, scope, codeChallenge, state, resource }) {
+export function buildAuthorizeUrl(
+  metadata,
+  { clientId, redirectUri, scope, codeChallenge, state, resource },
+) {
   const u = new URL(metadata.authorization_endpoint);
   u.searchParams.set("response_type", "code");
   u.searchParams.set("client_id", clientId);
@@ -157,7 +224,10 @@ function _tokenExpiresAt(tok) {
 }
 
 /** Exchange an authorization code for tokens. */
-export async function exchangeCodeForToken(metadata, { code, codeVerifier, clientId, clientSecret, redirectUri, resource }) {
+export async function exchangeCodeForToken(
+  metadata,
+  { code, codeVerifier, clientId, clientSecret, redirectUri, resource },
+) {
   const body = new URLSearchParams({
     grant_type: "authorization_code",
     code,
@@ -182,7 +252,10 @@ export async function exchangeCodeForToken(metadata, { code, codeVerifier, clien
 }
 
 /** Refresh an access token. */
-export async function refreshAccessToken(metadata, { refreshToken, clientId, clientSecret, resource }) {
+export async function refreshAccessToken(
+  metadata,
+  { refreshToken, clientId, clientSecret, resource },
+) {
   const body = new URLSearchParams({
     grant_type: "refresh_token",
     refresh_token: refreshToken,
@@ -249,7 +322,11 @@ export function deleteStoredToken(serverUrl) {
   if (!(key in store)) return false;
   delete store[key];
   try {
-    _deps.fs.writeFileSync(file, JSON.stringify(store, null, 2) + "\n", "utf-8");
+    _deps.fs.writeFileSync(
+      file,
+      JSON.stringify(store, null, 2) + "\n",
+      "utf-8",
+    );
   } catch {
     /* best-effort */
   }
@@ -292,8 +369,7 @@ function defaultOpenBrowser(url) {
   const platform = process.platform;
   const cmd =
     platform === "win32" ? "cmd" : platform === "darwin" ? "open" : "xdg-open";
-  const args =
-    platform === "win32" ? ["/c", "start", "", url] : [url];
+  const args = platform === "win32" ? ["/c", "start", "", url] : [url];
   try {
     const child = spawn(cmd, args, { stdio: "ignore", detached: true });
     child.unref?.();
@@ -304,7 +380,12 @@ function defaultOpenBrowser(url) {
 }
 
 /** Wait for the OAuth redirect on a localhost callback server; resolve {code,state}. */
-function waitForCallback({ port, host = "127.0.0.1", path = "/callback", timeout = 300_000 }) {
+function waitForCallback({
+  port,
+  host = "127.0.0.1",
+  path = "/callback",
+  timeout = 300_000,
+}) {
   return new Promise((resolve, reject) => {
     const server = _deps.createServer((req, res) => {
       let u;
@@ -323,10 +404,8 @@ function waitForCallback({ port, host = "127.0.0.1", path = "/callback", timeout
       const code = u.searchParams.get("code");
       const state = u.searchParams.get("state");
       const error = u.searchParams.get("error");
-      res.writeHead(200, { "content-type": "text/html" });
-      res.end(
-        `<html><body style="font-family:sans-serif"><h3>${error ? "Authorization failed" : "Authorized — you can close this tab."}</h3></body></html>`,
-      );
+      res.writeHead(200, { "content-type": "text/html; charset=utf-8" });
+      res.end(renderCallbackPage(error));
       server.close();
       clearTimeout(timer);
       if (error) reject(new Error(`authorization error: ${error}`));
@@ -377,13 +456,22 @@ export async function authorizeInteractive(serverUrl, opts = {}) {
   const authorizeUrl = buildAuthorizeUrl(metadata, {
     clientId,
     redirectUri,
-    scope: scope || (metadata.scopes_supported ? metadata.scopes_supported.join(" ") : undefined),
+    scope:
+      scope ||
+      (metadata.scopes_supported
+        ? metadata.scopes_supported.join(" ")
+        : undefined),
     codeChallenge: pkce.challenge,
     state,
     resource: serverUrl,
   });
 
-  const callbackPromise = waitForCallback({ port, host, path: redirectPath, timeout });
+  const callbackPromise = waitForCallback({
+    port,
+    host,
+    path: redirectPath,
+    timeout,
+  });
   const opened = _deps.openBrowser(authorizeUrl);
   writeOut(
     (opened
@@ -393,7 +481,8 @@ export async function authorizeInteractive(serverUrl, opts = {}) {
   );
 
   const { code, state: returnedState } = await callbackPromise;
-  if (returnedState !== state) throw new Error("OAuth state mismatch (possible CSRF)");
+  if (returnedState !== state)
+    throw new Error("OAuth state mismatch (possible CSRF)");
 
   const tok = await exchangeCodeForToken(metadata, {
     code,