chatcc-agent 0.4.0 → 0.5.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "chatcc-agent",
-  "version": "0.4.0",
+  "version": "0.5.1",
   "description": "CCLink Agent - bridges Claude Code CLI with instant messaging",
   "bin": {
     "chatcc": "src/cli.js"

package/src/claude-bridge.js

@@ -64,6 +64,7 @@ class ClaudeBridge {
     this._pendingPermissionRequests = new Map();
     this._toolUseBlockQueue = new Map();
     this._askedQuestionIds = new Map(); // msgID → Set<tool_use_id>
+    this._pendingQuestionRequests = new Map(); // tool_use_id → { requestId, msgID, replyTo, sessionID, questions }
     this._toolMeta = new Map(); // tool_use_id → { toolName, input }
     this._queue = new ProcessQueue({
       maxConcurrency: options.maxConcurrency || 5,
@@ -155,6 +156,45 @@ class ClaudeBridge {
     return true;
   }
 
+  resolveQuestionAnswer(toolUseID, answers, from) {
+    const req = this._pendingQuestionRequests.get(toolUseID);
+    if (!req) {
+      console.warn(`[Bridge] resolveQuestionAnswer: no pending question for tool_use_id=${toolUseID}`);
+      return false;
+    }
+    // Only the client who owns this session may answer
+    if (from && req.replyTo && req.replyTo !== from) {
+      console.warn(`[Security] question_answer rejected: ${from} is not the session owner (${req.replyTo})`);
+      return false;
+    }
+    this._pendingQuestionRequests.delete(toolUseID);
+
+    const entry = this._activeProcesses.get(req.msgID);
+    if (!entry) {
+      console.warn(`[Bridge] resolveQuestionAnswer: process gone for tool_use_id=${toolUseID}`);
+      return false;
+    }
+
+    // Write the answer back to the waiting Claude process as a control_response.
+    // The SDK maps updatedInput.answers (keyed by question text) into the tool_result.
+    this._writeToStdin(entry.proc, {
+      type: 'control_response',
+      response: {
+        subtype: 'success',
+        request_id: req.requestId,
+        response: {
+          behavior: 'allow',
+          updatedInput: {
+            questions: req.questions,
+            answers: answers || {},
+            annotations: {},
+          },
+        },
+      },
+    });
+    return true;
+  }
+
   _handlePermissionRequest(event, replyTo, msgID, sessionID, cwd, workspaceRestricted, permissions) {
     const req = event.request;
     const requestId = req.request_id;
@@ -599,6 +639,19 @@ class ClaudeBridge {
         const req = event.request;
         if (req?.subtype === 'permission') {
           this._handlePermissionRequest(event, replyTo, msgID, sessionID, cwd, workspaceRestricted, permissions);
+        } else if (req?.subtype === 'can_use_tool' && req.tool_name === 'AskUserQuestion') {
+          // AskUserQuestion asks for the user's selection via the permission-prompt-tool
+          // stdio protocol. The assistant tool_use already pushed a user_question to the
+          // client (see _handleAssistantEvent); here we only record the control_request's
+          // request_id so the client's answer can be written back as a control_response.
+          const toolUseID = req.tool_use_id;
+          if (toolUseID) {
+            this._pendingQuestionRequests.set(toolUseID, {
+              requestId: event.request_id,
+              msgID, replyTo, sessionID,
+              questions: req.input?.questions || [],
+            });
+          }
         }
         break;
       }

package/src/config.js

@@ -48,15 +48,20 @@ function callCloudFunction(action, params, env) {
     const postData = JSON.stringify({ type: action, ...params });
     const url = new URL(httpTrigger + '/index');
 
+    // traceId 贯穿到云函数：有当前请求上下文就带 X-Trace-Id 头，便于跨层关联
+    const traceId = require('./trace').getTraceId();
+    const headers = {
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(postData),
+    };
+    if (traceId) headers['X-Trace-Id'] = traceId;
+
     const options = {
       hostname: url.hostname,
       port: 443,
       path: url.pathname,
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Content-Length': Buffer.byteLength(postData),
-      },
+      headers,
     };
 
     const req = require('https').request(options, (res) => {
@@ -399,5 +404,5 @@ module.exports = {
   CREDENTIALS_FILE, startRenewalTimer, renewAgentNow,
   readPairedClients, addPairedClient, removePairedClient,
   tryRenewFromRaw, startClientValidationTimer,
-  validateAgentExists, clearLocalState,
+  validateAgentExists, clearLocalState, readCachedCredentials,
 };

package/src/im-client.js

@@ -149,7 +149,10 @@ class IMClient {
     // Stamp a monotonic seq onto every outgoing message (including chunks).
     // The iOS client uses it as the authoritative sort key. Placed here so it
     // is impossible to send without one — this is the sole send path.
+    // traceId：当前请求上下文有就带上，跨 hop 续链。
+    const traceId = require('./trace').getTraceId();
     payload = { ...payload, seq: this._seqStore.next() };
+    if (traceId) payload.trace_id = traceId;
     const message = this.tim.createCustomMessage({
       to,
       conversationType: this.TIM.TYPES.CONV_C2C,

package/src/image-downloader.js

@@ -70,10 +70,13 @@ function downloadImage(url, tempFiles) {
           // we later declare to Claude, so it must match the actual bytes.
           const realExt = CONTENT_TYPE_EXT[contentType] || urlExt;
           if (realExt !== urlExt) {
+            console.log(`[Image] Realign ext: url=${urlExt} -> ${realExt} (content-type=${contentType})`);
             tempFiles.delete(writePath);
             fs.unlink(writePath, () => {});
             writePath = makePath(realExt);
             tempFiles.add(writePath);
+          } else {
+            console.log(`[Image] ext=${realExt} (content-type=${contentType})`);
           }
 
           const contentLength = parseInt(res.headers['content-length'], 10);
@@ -90,7 +93,11 @@ function downloadImage(url, tempFiles) {
             }
           });
           res.pipe(file);
-          file.on('finish', () => { file.close(); resolve(writePath); });
+          file.on('finish', () => {
+            file.close();
+            console.log(`[Image] Downloaded ${downloaded} bytes -> ${path.basename(writePath)}`);
+            resolve(writePath);
+          });
         }).on('error', fail);
       }).catch(fail);
     }

package/src/index.js

@@ -15,6 +15,7 @@ const fs = require('fs');
 const path = require('path');
 const os = require('os');
 const crypto = require('crypto');
+const logUploader = require('./log-uploader');
 
 const isDaemon = process.argv.includes('--daemon');
 const CHATCC_DIR = path.join(os.homedir(), '.chatcc');
@@ -32,8 +33,14 @@ if (isDaemon) {
   const ts = () => new Date().toISOString().slice(0, 19);
   const bindStream = (stream) => {
     console.log = (...args) => { origLog(...args); stream.write(`[${ts()}] ` + args.join(' ') + '\n'); };
-    console.warn = (...args) => { origWarn(...args); stream.write(`[${ts()}] WARN ` + args.join(' ') + '\n'); };
-    console.error = (...args) => { origErr(...args); stream.write(`[${ts()}] ERROR ` + args.join(' ') + '\n'); };
+    console.warn = (...args) => {
+      origWarn(...args); stream.write(`[${ts()}] WARN ` + args.join(' ') + '\n');
+      logUploader.collect('WARN', args.join(' ')); // 采样上报到 CLS（未 start 时为空操作）
+    };
+    console.error = (...args) => {
+      origErr(...args); stream.write(`[${ts()}] ERROR ` + args.join(' ') + '\n');
+      logUploader.collect('ERROR', args.join(' '));
+    };
   };
   bindStream(logStream);
   cleanupOldLogs(CHATCC_DIR);
@@ -127,6 +134,7 @@ async function shutdown(signal) {
   if (termBridge) await termBridge.killAll();
   cleanupTempFiles();
   sessions.flush();
+  await logUploader.stop(); // 退出前把缓冲日志 flush 到云函数
   if (imClient) {
     try { await imClient.logout(); } catch {}
   }
@@ -171,6 +179,9 @@ async function main() {
 
   const config = await loadConfig();
 
+  // 启动日志上报（采样 error/warn → 云函数 → CLS）；仅 daemon 模式上报，前台调试只落本地
+  if (isDaemon) logUploader.start({ agentUserID: config.agentUserID, tcbEnv: config.tcbEnv });
+
   console.log('╔══════════════════════════════════════╗');
   console.log('║       CCLink Agent v' + getVersion() + '             ║');
   console.log('╚══════════════════════════════════════╝');
@@ -282,6 +293,9 @@ async function main() {
 
   // Route incoming messages
   imClient.onMessage(async (from, data) => {
+    // 建立请求级 traceId 上下文：沿用入站 trace_id（跨 hop 续链），没有则生成。
+    // 后续所有出站 IM/HTTP 调用、日志都会自动带上。
+    require('./trace').enterWithTrace(data && data.trace_id);
     const qs = bridge.getQueueStatus();
     console.log(`[Message] from=${from} cc_type=${data.cc_type} queue_active=${qs.activeCount} queue_waiting=${qs.queuedCount}`);
 
@@ -377,6 +391,7 @@ async function main() {
             // If every image failed, there's nothing to analyze — tell the client instead
             // of silently feeding an empty (or text-only) prompt to Claude.
             if (ok.length === 0) {
+              console.warn(`[Image] All ${paths.length} image(s) failed to download in session ${sid}; notifying client`);
               imClient.sendCustomMessage(from, 'error', {
                 type: 'image_download',
                 session_id: sid,
@@ -424,6 +439,16 @@ async function main() {
         break;
       }
 
+      case 'question_answer': {
+        // Structured answer to an AskUserQuestion. data.answers is keyed by question text;
+        // value is the chosen label (single-select) or array of labels (multi-select).
+        console.log(`[Question] tool_use_id=${data.tool_use_id} from=${from} answers=${JSON.stringify(data.answers)}`);
+        if (bridge) {
+          bridge.resolveQuestionAnswer(data.tool_use_id, data.answers, from);
+        }
+        break;
+      }
+
       case 'file_tree_request': {
         if (fileSessionDenied(from, data)) {
           imClient.sendCustomMessage(from, 'file_tree_response', { request_id: data.request_id, error: 'Access denied' }).catch(() => {});

package/src/log-uploader.js

@@ -0,0 +1,91 @@
+// Agent 日志上报：采集本进程 error/warn 日志 → 采样 + 脱敏 → 批量转发到云函数 agentLog handler。
+// 安全：CLS 写密钥留在服务端，本模块只把日志交给云函数，不直接碰 CLS（密钥不下发到用户机器）。
+// 防风暴：每分钟采集上限，单批上限；flush 失败静默且绝不再打日志（防递归）。
+const config = require('./config');
+const { getTraceId } = require('./trace');
+
+let AGENT_VERSION = 'unknown';
+try { AGENT_VERSION = require('../package.json').version; } catch (e) {}
+
+const MAX_BATCH = 50;
+const FLUSH_INTERVAL_MS = 60 * 1000;   // 每 60s 定时 flush 一次
+const PER_MINUTE_CAP = 30;             // 每分钟最多采集 30 条（采样上限，控成本）
+
+let _buffer = [];
+let _sentThisMinute = 0;
+let _minuteStart = 0;
+let _timer = null;
+let _cfg = null; // { agentUserID, tcbEnv }
+
+// 脱敏：抹掉用户名路径、token/密钥片段，避免隐私/凭证进 CLS
+function sanitize(input) {
+  let s = (typeof input === 'string') ? input : String(input);
+  s = s.replace(/\/Users\/[^/\s"']+/g, '/Users/***');
+  s = s.replace(/\/home\/[^/\s"']+/g, '/home/***');
+  s = s.replace(/C:\\Users\\[^\\\s"']+/g, 'C:\\Users\\***');
+  s = s.replace(/(token|secret|password|passwd|apikey|api_key|authorization)["']?\s*[:=]\s*"?[^\s"',}]+/gi, '$1=***');
+  if (s.length > 4000) s = s.slice(0, 4000) + '…[truncated]';
+  return s;
+}
+
+// 采集一条 error/warn 日志。绝不调用 console.*（否则与 console patch 互相递归）。
+function collect(level, msg, extra) {
+  if (!_cfg) return; // 未 start，不采集
+  const now = Date.now();
+  if (_minuteStart === 0) _minuteStart = now;
+  if (now - _minuteStart > 60000) { _minuteStart = now; _sentThisMinute = 0; }
+  if (_sentThisMinute >= PER_MINUTE_CAP) return; // 触顶采样，丢弃
+  _sentThisMinute++;
+
+  const entry = {
+    ts: new Date(now).toISOString(),
+    level,
+    msg: sanitize(msg),
+    traceId: getTraceId() || '',
+  };
+  if (extra && typeof extra === 'object') {
+    for (const k of Object.keys(extra)) {
+      if (['msg', 'level', 'traceId'].includes(k)) continue;
+      const v = extra[k];
+      if (v != null) entry[k] = sanitize(v);
+    }
+  }
+  _buffer.push(entry);
+  if (_buffer.length >= MAX_BATCH) {
+    flush().catch(() => {});
+  }
+}
+
+// 把当前缓冲区推送到云函数。失败静默（不打日志，防递归/防风暴）。
+async function flush() {
+  if (!_cfg || _buffer.length === 0) return;
+  const batch = _buffer.splice(0, Math.min(_buffer.length, MAX_BATCH));
+  try {
+    const cached = config.readCachedCredentials();
+    const renew_token = cached && cached.renew_token;
+    if (!renew_token) return; // 没凭证就不报，等配对后自然有
+    await config.callCloudFunction('agentLog', {
+      agent_im_user_id: _cfg.agentUserID,
+      renew_token,
+      agent_version: AGENT_VERSION,
+      logs: batch,
+    }, _cfg.tcbEnv);
+  } catch (e) {
+    // 上报失败：静默丢弃，避免日志上报自身的错误再被采集（递归）
+  }
+}
+
+function start(cfg) {
+  _cfg = cfg;
+  _minuteStart = Date.now();
+  if (_timer) clearInterval(_timer);
+  _timer = setInterval(() => { flush().catch(() => {}); }, FLUSH_INTERVAL_MS);
+  _timer.unref(); // 不阻止进程退出
+}
+
+async function stop() {
+  if (_timer) { clearInterval(_timer); _timer = null; }
+  await flush().catch(() => {});
+}
+
+module.exports = { start, stop, collect, flush };

package/src/trace.js

@@ -0,0 +1,30 @@
+// 请求级 traceId：贯穿一次入站请求的所有出站 IM/HTTP 调用 + 日志。
+// 用 AsyncLocalStorage，业务代码不用层层传参；跨 hop 时 sendCustomMessage /
+// callCloudFunction 会把当前 traceId 带上，云函数侧也生成/回传，形成跨层链路。
+const { AsyncLocalStorage } = require('async_hooks');
+const crypto = require('crypto');
+
+const als = new AsyncLocalStorage();
+
+// 在入站请求边界调用：data 里有 trace_id 就沿用（跨 hop 续链），没有则生成。
+// 两种用法：
+//  - startTrace(id, fn)：把整段逻辑包进闭包，上下文随 fn 自动传播
+//  - enterWithTrace(id)：在 handler 顶部同步设上下文，后续 await/出站都带上
+//    （适合含多个 early return 的 handler，无需重排主体）
+function startTrace(traceId, fn) {
+  const id = (traceId && typeof traceId === 'string') ? traceId : crypto.randomUUID();
+  return als.run({ traceId: id }, fn);
+}
+
+function enterWithTrace(traceId) {
+  const id = (traceId && typeof traceId === 'string') ? traceId : crypto.randomUUID();
+  als.enterWith({ traceId: id });
+}
+
+// 业务代码/出站调用读取当前 traceId；无上下文时返回 undefined（不强制）
+function getTraceId() {
+  const store = als.getStore();
+  return store ? store.traceId : undefined;
+}
+
+module.exports = { startTrace, enterWithTrace, getTraceId };