chainlesschain 0.46.0 → 0.47.1

package/src/lib/cowork-evomap-adapter.js

@@ -0,0 +1,121 @@
+/**
+ * Cowork ↔ EvoMap adapter — publish Cowork templates as EvoMap "genes" and
+ * pull them back for local install. Thin wrapper over `evomap-client.js`
+ * that fixes `kind = "cowork-template"` and carries N4 signatures through.
+ *
+ * Pure glue: all I/O is delegated to EvoMapClient (network) and the
+ * marketplace/share modules (disk). Injectable via `_deps.createClient`.
+ *
+ * @module cowork-evomap-adapter
+ */
+
+import { EvoMapClient } from "./evomap-client.js";
+import {
+  toShareableTemplate,
+  saveUserTemplate,
+} from "./cowork-template-marketplace.js";
+import { buildPacket } from "./cowork-share.js";
+
+export const _deps = {
+  createClient: (opts) => new EvoMapClient(opts),
+};
+
+const KIND = "cowork-template";
+
+function _wrapGene(template, signer) {
+  const payload = toShareableTemplate(template);
+  // Reuse share-packet builder so signed genes land on the hub with the same
+  // canonical shape as file-based packets (checksum + optional signature).
+  const packet = buildPacket({
+    kind: "template",
+    payload,
+    author: signer?.did || "anonymous",
+    cliVersion: undefined,
+    signer: signer || undefined,
+  });
+  return {
+    id: payload.id,
+    name: payload.name || payload.id,
+    description: payload.description || "",
+    kind: KIND,
+    version: payload.version || "1.0.0",
+    packet,
+  };
+}
+
+/**
+ * Publish a template to a hub. Requires API key on the client.
+ * @returns {Promise<object>} hub response (typically { id, ... })
+ */
+export async function publishTemplateToHub(
+  template,
+  { hubUrl, apiKey, signer } = {},
+) {
+  if (!template || !template.id) {
+    throw new Error("template.id required");
+  }
+  const client = _deps.createClient({ hubUrl, apiKey });
+  const gene = _wrapGene(template, signer);
+  return client.publish(gene);
+}
+
+/**
+ * Search templates on a hub. Degrades to [] on network error unless
+ * `strict: true` is passed.
+ * @returns {Promise<Array>} annotated with `_hubMeta`
+ */
+export async function searchTemplatesInHub(
+  query,
+  { hubUrl, limit = 20, strict = false } = {},
+) {
+  const client = _deps.createClient({ hubUrl });
+  try {
+    const results = await client.search(query || "", {
+      category: KIND,
+      limit,
+    });
+    return (results || []).map((r) => ({
+      ...r,
+      _hubMeta: {
+        hubUrl: client.hubUrl,
+        downloads: r.downloads || 0,
+        rating: r.rating || null,
+      },
+    }));
+  } catch (err) {
+    if (strict) throw err;
+    return [];
+  }
+}
+
+/**
+ * Fetch a gene by id and install its template into the local marketplace.
+ * Returns the saved template object.
+ */
+export async function installTemplateFromHub(
+  cwd,
+  geneId,
+  { hubUrl, requireSigned = false, trustedDids = null } = {},
+) {
+  const client = _deps.createClient({ hubUrl });
+  const data = await client.download(geneId);
+  // Hub may return { gene: { packet } } or { packet } directly
+  const gene = data?.gene || data;
+  const packet = gene?.packet || data?.packet;
+  if (!packet || packet.kind !== "template" || !packet.payload) {
+    throw new Error("Hub response missing template packet");
+  }
+  if (requireSigned && !packet.signature) {
+    throw new Error("Gene is not signed and --require-signed was set");
+  }
+  if (
+    Array.isArray(trustedDids) &&
+    trustedDids.length > 0 &&
+    (!packet.signature || !trustedDids.includes(packet.signature.did))
+  ) {
+    throw new Error(
+      `Gene signer not in trusted list${packet.signature ? ` (${packet.signature.did})` : ""}`,
+    );
+  }
+  return saveUserTemplate(cwd, packet.payload);
+}

package/src/lib/cowork-observe-html.js

@@ -0,0 +1,108 @@
+/**
+ * Cowork Observe HTML — builds a static single-page dashboard from an
+ * aggregate snapshot. Pure function; no I/O.
+ *
+ * @module cowork-observe-html
+ */
+
+function escapeHtml(s) {
+  return String(s)
+    .replace(/&/g, "&")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&#39;");
+}
+
+function escapeJsonForScript(obj) {
+  return JSON.stringify(obj)
+    .replace(/</g, "\\u003c")
+    .replace(/>/g, "\\u003e")
+    .replace(/&/g, "\\u0026");
+}
+
+/**
+ * Build a self-contained HTML dashboard from aggregate output.
+ * @param {object} data - result of `aggregate()`
+ * @returns {string} full HTML document
+ */
+export function buildHtml(data) {
+  const safeJson = escapeJsonForScript(data || {});
+  const win = data?.window || {};
+  const t = data?.tasks || {};
+  const templates = data?.templates || [];
+  const failures = data?.failures || [];
+  const next = data?.schedules?.nextTriggers || [];
+
+  const templateRows = templates
+    .slice(0, 10)
+    .map(
+      (row) =>
+        `<tr><td>${escapeHtml(row.templateName || row.templateId)}</td>` +
+        `<td>${row.runs}</td><td>${Math.round((row.successRate || 0) * 100)}%</td>` +
+        `<td>${row.avgTokens || 0}</td></tr>`,
+    )
+    .join("");
+
+  const failureRows = failures
+    .slice(0, 10)
+    .map(
+      (row) =>
+        `<tr><td>${escapeHtml(row.templateName || row.templateId)}</td>` +
+        `<td>${row.failureCount}</td>` +
+        `<td>${escapeHtml((row.commonSummaries?.[0]?.summary || "—").slice(0, 80))}</td></tr>`,
+    )
+    .join("");
+
+  const nextRows = next
+    .map(
+      (n) =>
+        `<tr><td>${escapeHtml(n.at)}</td><td>${escapeHtml(n.cron)}</td><td>${escapeHtml(n.scheduleId || "—")}</td></tr>`,
+    )
+    .join("");
+
+  return `<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Cowork Observe — ChainlessChain</title>
+  <script>window.__COWORK_OBSERVE__ = ${safeJson};</script>
+  <style>
+    body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; margin: 0; padding: 20px; background: #0e1116; color: #e6edf3; }
+    h1 { margin: 0 0 8px; font-size: 22px; }
+    h2 { margin: 24px 0 8px; font-size: 16px; color: #9ec5ff; }
+    .meta { color: #7d8590; font-size: 13px; }
+    .cards { display: grid; grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); gap: 12px; margin: 16px 0; }
+    .card { background: #161b22; border: 1px solid #30363d; border-radius: 6px; padding: 14px; }
+    .card .num { font-size: 24px; font-weight: 600; color: #58a6ff; }
+    .card .lbl { color: #7d8590; font-size: 12px; margin-top: 4px; }
+    table { width: 100%; border-collapse: collapse; background: #161b22; border: 1px solid #30363d; border-radius: 6px; overflow: hidden; }
+    th, td { padding: 8px 12px; text-align: left; border-bottom: 1px solid #30363d; font-size: 13px; }
+    th { background: #1f242c; color: #9ec5ff; font-weight: 500; }
+    tr:last-child td { border-bottom: none; }
+    .empty { color: #7d8590; font-style: italic; padding: 12px 0; }
+  </style>
+</head>
+<body>
+  <h1>Cowork Observe</h1>
+  <div class="meta">Window: ${escapeHtml(win.days || 7)} days · ${escapeHtml(win.from || "")} → ${escapeHtml(win.to || "")}</div>
+  <div class="cards">
+    <div class="card"><div class="num">${t.total || 0}</div><div class="lbl">Tasks</div></div>
+    <div class="card"><div class="num">${Math.round((t.successRate || 0) * 100)}%</div><div class="lbl">Success rate</div></div>
+    <div class="card"><div class="num">${t.failed || 0}</div><div class="lbl">Failed</div></div>
+    <div class="card"><div class="num">${t.avgTokens || 0}</div><div class="lbl">Avg tokens</div></div>
+    <div class="card"><div class="num">${data?.schedules?.active || 0}</div><div class="lbl">Active schedules</div></div>
+  </div>
+
+  <h2>Templates (top 10 by runs)</h2>
+  ${templates.length ? `<table><thead><tr><th>Template</th><th>Runs</th><th>Success</th><th>Avg tokens</th></tr></thead><tbody>${templateRows}</tbody></table>` : `<div class="empty">No template runs in window.</div>`}
+
+  <h2>Failures (top 10)</h2>
+  ${failures.length ? `<table><thead><tr><th>Template</th><th>Count</th><th>Common summary</th></tr></thead><tbody>${failureRows}</tbody></table>` : `<div class="empty">No failures in window — nice.</div>`}
+
+  <h2>Next scheduled triggers</h2>
+  ${next.length ? `<table><thead><tr><th>At</th><th>Cron</th><th>Schedule</th></tr></thead><tbody>${nextRows}</tbody></table>` : `<div class="empty">No upcoming triggers.</div>`}
+</body>
+</html>`;
+}

package/src/lib/cowork-observe.js

@@ -0,0 +1,160 @@
+/**
+ * Cowork Observe — aggregate view over Cowork task/workflow/schedule history.
+ *
+ * Produces a single snapshot combining:
+ *   - task history (from F9 learning layer)
+ *   - workflow run history (from F6)
+ *   - active schedules + next fire times (from F5 cron)
+ *
+ * Pure + `_deps`-injected for testability. Reads files, never writes.
+ *
+ * @module cowork-observe
+ */
+
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import {
+  loadHistory,
+  computeTemplateStats,
+  summarizeFailures,
+} from "./cowork-learning.js";
+import { loadSchedules, parseCron } from "./cowork-cron.js";
+
+export const _deps = {
+  existsSync,
+  readFileSync,
+  now: () => new Date(),
+};
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+function _parseTs(s) {
+  if (!s) return 0;
+  const t = Date.parse(s);
+  return Number.isFinite(t) ? t : 0;
+}
+
+function _loadWorkflowHistory(cwd, cutoffMs) {
+  const file = join(cwd, ".chainlesschain", "cowork", "workflow-history.jsonl");
+  if (!_deps.existsSync(file)) return [];
+  const raw = _deps.readFileSync(file, "utf-8");
+  const out = [];
+  for (const line of raw.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    try {
+      const rec = JSON.parse(trimmed);
+      if (_parseTs(rec.startedAt || rec.timestamp) >= cutoffMs) out.push(rec);
+    } catch (_e) {
+      // skip malformed
+    }
+  }
+  // Most recent first, top 10
+  out.sort(
+    (a, b) =>
+      _parseTs(b.startedAt || b.timestamp) -
+      _parseTs(a.startedAt || a.timestamp),
+  );
+  return out.slice(0, 10);
+}
+
+/**
+ * Compute the next N fire times across all enabled schedules.
+ * Probes minute-by-minute from `from` for up to `maxMinutesAhead` (default 7d).
+ *
+ * Exported for testability.
+ */
+export function _computeNextTriggers(schedules, from, limit = 5) {
+  const enabled = (schedules || []).filter((s) => s && s.enabled !== false);
+  if (enabled.length === 0) return [];
+  const matchers = [];
+  for (const s of enabled) {
+    try {
+      matchers.push({ id: s.id, cron: s.cron, match: parseCron(s.cron) });
+    } catch (_e) {
+      // skip invalid cron
+    }
+  }
+  if (matchers.length === 0) return [];
+
+  const out = [];
+  const MAX_MINUTES = 60 * 24 * 7; // 1 week window is enough for typical cadences
+  const start = new Date(from);
+  start.setSeconds(0, 0);
+  start.setMinutes(start.getMinutes() + 1); // first candidate = next whole minute
+  const cursor = new Date(start);
+  for (let i = 0; i < MAX_MINUTES && out.length < limit; i++) {
+    for (const m of matchers) {
+      if (m.match(cursor)) {
+        out.push({
+          scheduleId: m.id,
+          cron: m.cron,
+          at: new Date(cursor).toISOString(),
+        });
+        if (out.length >= limit) break;
+      }
+    }
+    cursor.setMinutes(cursor.getMinutes() + 1);
+  }
+  return out;
+}
+
+// ─── Main aggregate ──────────────────────────────────────────────────────────
+
+/**
+ * Aggregate all Cowork state for the given window.
+ *
+ * @param {string} cwd
+ * @param {object} [options]
+ * @param {number} [options.windowDays=7]
+ * @returns {{
+ *   window: { days: number, from: string, to: string },
+ *   tasks: { total, completed, failed, successRate, avgTokens },
+ *   templates: Array, failures: Array, workflows: Array,
+ *   schedules: { active: number, nextTriggers: Array },
+ * }}
+ */
+export function aggregate(cwd, { windowDays = 7 } = {}) {
+  const now = _deps.now();
+  const cutoff = now.getTime() - windowDays * 86400_000;
+  const allHistory = loadHistory(cwd);
+  const history = allHistory.filter((r) => _parseTs(r.timestamp) >= cutoff);
+
+  const total = history.length;
+  const completed = history.filter((r) => r.status === "completed").length;
+  const failed = history.filter((r) => r.status === "failed").length;
+  let tokenSum = 0;
+  let tokenCount = 0;
+  for (const r of history) {
+    const t = Number(r.result?.tokenCount || 0);
+    if (t > 0) {
+      tokenSum += t;
+      tokenCount += 1;
+    }
+  }
+
+  const schedules = loadSchedules(cwd);
+  const activeSchedules = schedules.filter((s) => s && s.enabled !== false);
+
+  return {
+    window: {
+      days: windowDays,
+      from: new Date(cutoff).toISOString(),
+      to: now.toISOString(),
+    },
+    tasks: {
+      total,
+      completed,
+      failed,
+      successRate: total > 0 ? +(completed / total).toFixed(3) : 0,
+      avgTokens: tokenCount > 0 ? Math.round(tokenSum / tokenCount) : 0,
+    },
+    templates: computeTemplateStats(history),
+    failures: summarizeFailures(history),
+    workflows: _loadWorkflowHistory(cwd, cutoff),
+    schedules: {
+      active: activeSchedules.length,
+      nextTriggers: _computeNextTriggers(schedules, now, 5),
+    },
+  };
+}

package/src/lib/cowork-share.js

@@ -17,11 +17,12 @@
 
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
-import { createHash } from "node:crypto";
+import crypto, { createHash } from "node:crypto";
 import {
   toShareableTemplate,
   saveUserTemplate,
 } from "./cowork-template-marketplace.js";
+import { generateDID } from "./did-manager.js";
 
 export const _deps = {
   existsSync,
@@ -31,6 +32,8 @@ export const _deps = {
   now: () => new Date().toISOString(),
 };
 
+const SUPPORTED_SIG_ALG = "Ed25519";
+
 const PACKET_VERSION = 1;
 const PACKET_KINDS = ["template", "result"];
 
@@ -62,7 +65,13 @@ function sha256Hex(s) {
  * filled with createdAt/cliVersion defaults; checksum is computed over the
  * canonical form of `{ kind, version, payload, meta }`.
  */
-export function buildPacket({ kind, payload, author, cliVersion } = {}) {
+export function buildPacket({
+  kind,
+  payload,
+  author,
+  cliVersion,
+  signer,
+} = {}) {
   if (!PACKET_KINDS.includes(kind)) {
     throw new Error(`kind must be one of ${PACKET_KINDS.join(", ")}`);
   }
@@ -76,7 +85,74 @@ export function buildPacket({ kind, payload, author, cliVersion } = {}) {
   };
   const body = { kind, version: PACKET_VERSION, payload, meta };
   const checksum = sha256Hex(canonicalize(body));
-  return { ...body, checksum };
+  const packet = { ...body, checksum };
+  if (signer) {
+    packet.signature = _signBody(body, signer);
+  }
+  return packet;
+}
+
+// ─── Signatures (Ed25519) ────────────────────────────────────────────────────
+
+function _signBody(body, signer) {
+  if (!signer.did || typeof signer.did !== "string") {
+    throw new Error("signer.did required");
+  }
+  if (!signer.privateKey || !signer.publicKey) {
+    throw new Error("signer.privateKey and signer.publicKey required (hex)");
+  }
+  if (signer.alg && signer.alg !== SUPPORTED_SIG_ALG) {
+    throw new Error(`unsupported signature alg: ${signer.alg}`);
+  }
+  // Verify did matches publicKey (prevents accidental DID spoofing in signer)
+  const expectedDid = generateDID(signer.publicKey);
+  if (signer.did !== expectedDid) {
+    throw new Error(
+      `signer.did does not match publicKey (expected ${expectedDid})`,
+    );
+  }
+  const privKey = crypto.createPrivateKey({
+    key: Buffer.from(signer.privateKey, "hex"),
+    format: "der",
+    type: "pkcs8",
+  });
+  const bytes = Buffer.from(canonicalize(body), "utf-8");
+  const sig = crypto.sign(null, bytes, privKey);
+  return {
+    alg: SUPPORTED_SIG_ALG,
+    did: signer.did,
+    publicKey: signer.publicKey,
+    sig: sig.toString("base64url").replace(/=+$/, ""),
+  };
+}
+
+function _verifySignature(body, signature) {
+  if (!signature || typeof signature !== "object") {
+    return { valid: false, error: "signature missing" };
+  }
+  if (signature.alg !== SUPPORTED_SIG_ALG) {
+    return { valid: false, error: `unsupported alg '${signature.alg}'` };
+  }
+  if (!signature.did || !signature.publicKey || !signature.sig) {
+    return { valid: false, error: "signature fields incomplete" };
+  }
+  const expectedDid = generateDID(signature.publicKey);
+  if (signature.did !== expectedDid) {
+    return { valid: false, error: "did does not match embedded publicKey" };
+  }
+  try {
+    const pubKey = crypto.createPublicKey({
+      key: Buffer.from(signature.publicKey, "hex"),
+      format: "der",
+      type: "spki",
+    });
+    const bytes = Buffer.from(canonicalize(body), "utf-8");
+    const sigBytes = Buffer.from(signature.sig, "base64url");
+    const ok = crypto.verify(null, bytes, pubKey, sigBytes);
+    return { valid: ok, error: ok ? null : "signature invalid" };
+  } catch (err) {
+    return { valid: false, error: `signature verify error: ${err.message}` };
+  }
 }
 
 /**
@@ -103,12 +179,18 @@ export function verifyPacket(packet) {
   if (!packet.checksum) errors.push("checksum missing");
   if (errors.length > 0) return { valid: false, errors };
 
-  const { checksum, ...body } = packet;
+  const { checksum, signature, ...body } = packet;
   const expected = sha256Hex(canonicalize(body));
   if (expected !== checksum) {
     errors.push("checksum mismatch (packet may be corrupted or tampered with)");
   }
-  return { valid: errors.length === 0, errors };
+  if (signature !== undefined) {
+    const sigRes = _verifySignature(body, signature);
+    if (!sigRes.valid) {
+      errors.push(sigRes.error);
+    }
+  }
+  return { valid: errors.length === 0, errors, signed: !!signature };
 }
 
 // ─── Higher-level helpers ────────────────────────────────────────────────────
@@ -117,16 +199,22 @@ export function verifyPacket(packet) {
  * Build a packet from a full Cowork template object. The template is reduced
  * to its shareable fields first.
  */
-export function exportTemplatePacket(template, { author, cliVersion } = {}) {
+export function exportTemplatePacket(
+  template,
+  { author, cliVersion, signer } = {},
+) {
   const payload = toShareableTemplate(template);
-  return buildPacket({ kind: "template", payload, author, cliVersion });
+  return buildPacket({ kind: "template", payload, author, cliVersion, signer });
 }
 
 /**
  * Build a packet from a history record (one line of history.jsonl).
  * Irrelevant internal fields are dropped.
  */
-export function exportResultPacket(historyRecord, { author, cliVersion } = {}) {
+export function exportResultPacket(
+  historyRecord,
+  { author, cliVersion, signer } = {},
+) {
   if (!historyRecord || typeof historyRecord !== "object") {
     throw new Error("historyRecord required");
   }
@@ -139,7 +227,7 @@ export function exportResultPacket(historyRecord, { author, cliVersion } = {}) {
     timestamp: historyRecord.timestamp,
     result: historyRecord.result,
   };
-  return buildPacket({ kind: "result", payload, author, cliVersion });
+  return buildPacket({ kind: "result", payload, author, cliVersion, signer });
 }
 
 /**
@@ -175,7 +263,8 @@ export function writePacket(filePath, packet) {
 /**
  * Read + verify a packet from disk. Throws on verification failure.
  */
-export function readPacket(filePath) {
+export function readPacket(filePath, opts = {}) {
+  const { requireSigned = false, trustedDids = null } = opts;
   if (!_deps.existsSync(filePath)) {
     throw new Error(`Packet not found: ${filePath}`);
   }
@@ -188,6 +277,21 @@ export function readPacket(filePath) {
   }
   const { valid, errors } = verifyPacket(packet);
   if (!valid) throw new Error(`Invalid packet: ${errors.join("; ")}`);
+  if (requireSigned && !packet.signature) {
+    throw new Error(
+      "Invalid packet: signature required but packet is unsigned",
+    );
+  }
+  if (
+    Array.isArray(trustedDids) &&
+    trustedDids.length > 0 &&
+    packet.signature &&
+    !trustedDids.includes(packet.signature.did)
+  ) {
+    throw new Error(
+      `Invalid packet: signer ${packet.signature.did} not in trusted list`,
+    );
+  }
   return packet;
 }