clankie 0.2.2 → 0.2.4

package/src/extensions/workspace-jail.ts

@@ -1,171 +0,0 @@
-/**
- * Workspace Jail Extension
- *
- * Restricts agent file/command access to the workspace directory.
- * Prevents the agent from reading, writing, or executing commands
- * that reference paths outside the configured workspace.
- *
- * Uses pi's tool_call event to intercept and validate all tool calls.
- */
-
-import { existsSync, realpathSync } from "node:fs";
-import { isAbsolute, normalize, resolve } from "node:path";
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-
-/**
- * Create a workspace jail extension that restricts file access.
- *
- * @param workspaceDir - Absolute path to the workspace directory
- * @param allowedPaths - Additional paths outside workspace that should be permitted
- */
-export function createWorkspaceJailExtension(workspaceDir: string, allowedPaths: string[] = []) {
-	// Normalize workspace path and ensure it ends with /
-	const normalizedWorkspace = `${normalize(workspaceDir).replace(/\/$/, "")}/`;
-
-	// Normalize allowed paths (resolve to absolute, real paths where they exist)
-	const normalizedAllowedPaths = allowedPaths.map((p) => {
-		const resolved = resolve(p);
-		try {
-			return existsSync(resolved) ? realpathSync(resolved) : resolved;
-		} catch {
-			return resolved;
-		}
-	});
-
-	return function workspaceJail(pi: ExtensionAPI) {
-		/**
-		 * Check if a path is within the workspace or allowed paths.
-		 * Handles symlinks, relative paths, ~ expansion, etc.
-		 */
-		function isPathAllowed(inputPath: string): { allowed: boolean; reason?: string } {
-			// Resolve to absolute path
-			let absolutePath: string;
-
-			// Handle ~ expansion
-			if (inputPath.startsWith("~/")) {
-				return { allowed: false, reason: "Access to home directory (~/) is blocked" };
-			}
-			if (inputPath === "~") {
-				return { allowed: false, reason: "Access to home directory (~) is blocked" };
-			}
-
-			// Resolve relative/absolute paths against workspace
-			absolutePath = isAbsolute(inputPath) ? inputPath : resolve(workspaceDir, inputPath);
-
-			// Resolve symlinks if the path exists
-			let realPath: string;
-			try {
-				realPath = existsSync(absolutePath) ? realpathSync(absolutePath) : absolutePath;
-			} catch {
-				// If realpathSync fails (permission denied, etc), use the absolute path
-				realPath = absolutePath;
-			}
-
-			// Normalize for comparison
-			const normalized = `${normalize(realPath).replace(/\/$/, "")}/`;
-
-			// Check if within workspace
-			if (normalized.startsWith(normalizedWorkspace)) {
-				return { allowed: true };
-			}
-
-			// Check if within allowed paths
-			for (const allowedPath of normalizedAllowedPaths) {
-				const normalizedAllowed = `${normalize(allowedPath).replace(/\/$/, "")}/`;
-				if (normalized.startsWith(normalizedAllowed)) {
-					return { allowed: true };
-				}
-			}
-
-			return {
-				allowed: false,
-				reason: `Access denied: path '${inputPath}' is outside workspace (${workspaceDir})`,
-			};
-		}
-
-		/**
-		 * Scan a bash command for obvious path escapes.
-		 * This is defense-in-depth, not a complete sandbox.
-		 */
-		function scanBashCommand(command: string): { allowed: boolean; reason?: string } {
-			// Block absolute paths outside workspace
-			const absolutePathPattern = /(?:^|\s)([~/][\w\-./]+)/g;
-			let match: RegExpExecArray | null;
-
-			// biome-ignore lint/suspicious/noAssignInExpressions: regex exec pattern
-			while ((match = absolutePathPattern.exec(command)) !== null) {
-				const pathLike = match[1];
-
-				// Check if it looks like a path to a sensitive location
-				if (
-					pathLike.startsWith("/etc") ||
-					pathLike.startsWith("/var") ||
-					pathLike.startsWith("/usr") ||
-					pathLike.startsWith("/sys") ||
-					pathLike.startsWith("/proc") ||
-					pathLike.startsWith("/root") ||
-					pathLike.startsWith("~/")
-				) {
-					return {
-						allowed: false,
-						reason: `Blocked: command references path outside workspace: ${pathLike}`,
-					};
-				}
-			}
-
-			// Block cd to absolute paths outside workspace
-			if (/\bcd\s+\//.test(command)) {
-				return { allowed: false, reason: "Blocked: 'cd /' or 'cd /path' outside workspace" };
-			}
-
-			// Block obvious .. traversal attempts that escape workspace
-			// This is heuristic - catches patterns like "cd ../../.." but won't catch all evasion
-			const dotsPattern = /(?:^|\s)cd\s+(?:\.\.\/){3,}/;
-			if (dotsPattern.test(command)) {
-				return {
-					allowed: false,
-					reason: "Blocked: command attempts to traverse outside workspace using '..'",
-				};
-			}
-
-			return { allowed: true };
-		}
-
-		// Intercept all tool calls
-		pi.on("tool_call", async (event) => {
-			const { toolName, input } = event;
-
-			// File tools: validate the 'path' parameter
-			if (["read", "write", "edit", "grep", "find", "ls"].includes(toolName)) {
-				const toolInput = input as { path?: string };
-				if (toolInput.path) {
-					const check = isPathAllowed(toolInput.path);
-					if (!check.allowed) {
-						return { block: true, reason: check.reason };
-					}
-				}
-			}
-
-			// Bash: scan command for obvious path escapes
-			if (toolName === "bash") {
-				const toolInput = input as { command?: string };
-				if (toolInput.command) {
-					const check = scanBashCommand(toolInput.command);
-					if (!check.allowed) {
-						return { block: true, reason: check.reason };
-					}
-				}
-			}
-
-			return undefined;
-		});
-
-		// Inject system prompt reminder
-		pi.on("before_agent_start", async () => {
-			return {
-				systemPrompt: `\n\nIMPORTANT: You are restricted to working within the directory: ${workspaceDir}
-Do not access files, run commands, or reference paths outside this directory.`,
-			};
-		});
-	};
-}

package/src/service.ts

@@ -1,374 +0,0 @@
-/**
- * clankie service installer — manages systemd (Linux) and launchd (macOS) services.
- *
- * Commands:
- *   clankie daemon install    — install and start the service
- *   clankie daemon uninstall  — stop and remove the service
- *   clankie daemon logs       — show service logs
- *
- * On Linux:  installs a systemd user service (~/.config/systemd/user/clankie.service)
- * On macOS:  installs a launchd user agent (~/Library/LaunchAgents/ai.clankie.daemon.plist)
- *
- * Note: Requires Node 24+ for native TypeScript execution.
- */
-
-import { execSync } from "node:child_process";
-import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
-import { homedir, platform } from "node:os";
-import { dirname, join } from "node:path";
-import { getAppDir } from "./config.ts";
-
-const SERVICE_NAME = "clankie";
-const LAUNCHD_LABEL = "ai.clankie.daemon";
-
-// ─── Resolve the app binary path ──────────────────────────────────────────────
-
-function _resolveAppBinary(): string {
-	// If running from a compiled binary, use its path
-	if (!process.argv[1]?.endsWith(".ts")) {
-		return process.argv[0];
-	}
-
-	// Running from source — use bun + script path
-	// Return the full command that systemd/launchd will use
-	return process.argv[0]; // bun binary path
-}
-
-function resolveProgramArguments(): string[] {
-	if (!process.argv[1]?.endsWith(".ts")) {
-		// Compiled binary
-		return [process.argv[0], "start", "--foreground"];
-	}
-	// Running from source with Node.js (TypeScript files)
-	return [process.argv[0], process.argv[1], "start", "--foreground"];
-}
-
-// ─── Systemd (Linux) ──────────────────────────────────────────────────────────
-
-function systemdUnitPath(): string {
-	return join(homedir(), ".config", "systemd", "user", `${SERVICE_NAME}.service`);
-}
-
-function buildSystemdUnit(): string {
-	const args = resolveProgramArguments();
-	const execStart = args.map(systemdEscapeArg).join(" ");
-	const workspace = join(getAppDir(), "workspace");
-	const logDir = join(getAppDir(), "logs");
-
-	return [
-		"[Unit]",
-		`Description=clankie — personal AI assistant daemon`,
-		"After=network-online.target",
-		"Wants=network-online.target",
-		"",
-		"[Service]",
-		`ExecStart=${execStart}`,
-		`WorkingDirectory=${workspace}`,
-		"Restart=always",
-		"RestartSec=5",
-		"KillMode=process",
-		`Environment=HOME=${homedir()}`,
-		`Environment=PATH=${process.env.PATH}`,
-		`StandardOutput=append:${join(logDir, "daemon.log")}`,
-		`StandardError=append:${join(logDir, "daemon.log")}`,
-		"",
-		"[Install]",
-		"WantedBy=default.target",
-		"",
-	].join("\n");
-}
-
-function systemdEscapeArg(value: string): string {
-	if (!/[\s"\\]/.test(value)) return value;
-	return `"${value.replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"`;
-}
-
-function execSafe(cmd: string): { ok: boolean; stdout: string; stderr: string } {
-	try {
-		const stdout = execSync(cmd, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
-		return { ok: true, stdout: stdout.trim(), stderr: "" };
-	} catch (err: unknown) {
-		const error = err as { stdout?: string; stderr?: string };
-		return { ok: false, stdout: error.stdout?.trim() ?? "", stderr: error.stderr?.trim() ?? "" };
-	}
-}
-
-async function installSystemd(): Promise<void> {
-	// Check systemctl is available
-	const check = execSafe("systemctl --user status");
-	if (!check.ok) {
-		const detail = `${check.stderr} ${check.stdout}`.toLowerCase();
-		if (detail.includes("not found") || detail.includes("no such file")) {
-			console.error("systemctl not found. systemd user services are required on Linux.");
-			process.exit(1);
-		}
-	}
-
-	const unitPath = systemdUnitPath();
-	const logDir = join(getAppDir(), "logs");
-	const workspace = join(getAppDir(), "workspace");
-
-	// Ensure directories exist
-	mkdirSync(dirname(unitPath), { recursive: true });
-	mkdirSync(logDir, { recursive: true });
-	mkdirSync(workspace, { recursive: true });
-
-	// Write unit file
-	const unit = buildSystemdUnit();
-	writeFileSync(unitPath, unit, "utf-8");
-	console.log(`Wrote systemd unit: ${unitPath}`);
-
-	// Enable lingering so services run without an active login session
-	const linger = execSafe("loginctl enable-linger");
-	if (linger.ok) {
-		console.log("Enabled user linger (service runs without active login).");
-	}
-
-	// Reload, enable, and start
-	const reload = execSafe("systemctl --user daemon-reload");
-	if (!reload.ok) {
-		console.error(`daemon-reload failed: ${reload.stderr}`);
-		process.exit(1);
-	}
-
-	const enable = execSafe(`systemctl --user enable ${SERVICE_NAME}.service`);
-	if (!enable.ok) {
-		console.error(`enable failed: ${enable.stderr}`);
-		process.exit(1);
-	}
-
-	const restart = execSafe(`systemctl --user restart ${SERVICE_NAME}.service`);
-	if (!restart.ok) {
-		console.error(`restart failed: ${restart.stderr}`);
-		process.exit(1);
-	}
-
-	console.log(`\n✓ Installed and started systemd service: ${SERVICE_NAME}.service`);
-	console.log(`  Logs: journalctl --user -u ${SERVICE_NAME} -f`);
-	console.log(`  Or:   ${join(logDir, "daemon.log")}`);
-}
-
-async function uninstallSystemd(): Promise<void> {
-	const unitPath = systemdUnitPath();
-
-	execSafe(`systemctl --user disable --now ${SERVICE_NAME}.service`);
-
-	try {
-		unlinkSync(unitPath);
-		console.log(`Removed: ${unitPath}`);
-	} catch {
-		console.log(`Service file not found at ${unitPath}`);
-	}
-
-	execSafe("systemctl --user daemon-reload");
-	console.log(`✓ Uninstalled systemd service.`);
-}
-
-function logsSystemd(): void {
-	const logFile = join(getAppDir(), "logs", "daemon.log");
-	console.log(`Log file: ${logFile}\n`);
-
-	// Try journalctl first, fall back to log file
-	const result = execSafe(`journalctl --user -u ${SERVICE_NAME} --no-pager -n 50`);
-	if (result.ok && result.stdout) {
-		console.log(result.stdout);
-	} else if (existsSync(logFile)) {
-		const content = readFileSync(logFile, "utf-8");
-		const lines = content.split("\n");
-		const last50 = lines.slice(-50).join("\n");
-		console.log(last50);
-	} else {
-		console.log("No logs found.");
-	}
-}
-
-function statusSystemd(): void {
-	const result = execSafe(`systemctl --user status ${SERVICE_NAME}.service`);
-	console.log(result.stdout || result.stderr || "Service not found.");
-}
-
-// ─── launchd (macOS) ──────────────────────────────────────────────────────────
-
-function launchdPlistPath(): string {
-	return join(homedir(), "Library", "LaunchAgents", `${LAUNCHD_LABEL}.plist`);
-}
-
-function plistEscape(value: string): string {
-	return value
-		.replace(/&/g, "&amp;")
-		.replace(/</g, "&lt;")
-		.replace(/>/g, "&gt;")
-		.replace(/"/g, "&quot;")
-		.replace(/'/g, "&apos;");
-}
-
-function buildLaunchdPlist(): string {
-	const args = resolveProgramArguments();
-	const logDir = join(getAppDir(), "logs");
-	const workspace = join(getAppDir(), "workspace");
-
-	const argsXml = args.map((a) => `      <string>${plistEscape(a)}</string>`).join("\n");
-
-	// Build environment variables
-	const envVars: Record<string, string> = {};
-	if (process.env.PATH) envVars.PATH = process.env.PATH;
-	if (process.env.HOME) envVars.HOME = process.env.HOME;
-
-	const envXml = Object.entries(envVars)
-		.map(([k, v]) => `      <key>${plistEscape(k)}</key>\n      <string>${plistEscape(v)}</string>`)
-		.join("\n");
-
-	return `<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-  <dict>
-    <key>Label</key>
-    <string>${plistEscape(LAUNCHD_LABEL)}</string>
-    <key>RunAtLoad</key>
-    <true/>
-    <key>KeepAlive</key>
-    <true/>
-    <key>ProgramArguments</key>
-    <array>
-${argsXml}
-    </array>
-    <key>WorkingDirectory</key>
-    <string>${plistEscape(workspace)}</string>
-    <key>StandardOutPath</key>
-    <string>${plistEscape(join(logDir, "daemon.log"))}</string>
-    <key>StandardErrorPath</key>
-    <string>${plistEscape(join(logDir, "daemon.log"))}</string>
-    <key>EnvironmentVariables</key>
-    <dict>
-${envXml}
-    </dict>
-  </dict>
-</plist>
-`;
-}
-
-async function installLaunchd(): Promise<void> {
-	const plistPath = launchdPlistPath();
-	const logDir = join(getAppDir(), "logs");
-	const workspace = join(getAppDir(), "workspace");
-
-	mkdirSync(dirname(plistPath), { recursive: true });
-	mkdirSync(logDir, { recursive: true });
-	mkdirSync(workspace, { recursive: true });
-
-	// Unload existing if present
-	if (existsSync(plistPath)) {
-		execSafe(`launchctl unload "${plistPath}"`);
-	}
-
-	const plist = buildLaunchdPlist();
-	writeFileSync(plistPath, plist, "utf-8");
-	console.log(`Wrote plist: ${plistPath}`);
-
-	const load = execSafe(`launchctl load "${plistPath}"`);
-	if (!load.ok) {
-		console.error(`launchctl load failed: ${load.stderr}`);
-		process.exit(1);
-	}
-
-	console.log(`\n✓ Installed and started launchd agent: ${LAUNCHD_LABEL}`);
-	console.log(`  Logs: tail -f ${join(logDir, "daemon.log")}`);
-}
-
-async function uninstallLaunchd(): Promise<void> {
-	const plistPath = launchdPlistPath();
-
-	if (existsSync(plistPath)) {
-		execSafe(`launchctl unload "${plistPath}"`);
-		unlinkSync(plistPath);
-		console.log(`Removed: ${plistPath}`);
-	} else {
-		console.log(`Plist not found at ${plistPath}`);
-	}
-
-	console.log(`✓ Uninstalled launchd agent.`);
-}
-
-function logsLaunchd(): void {
-	const logFile = join(getAppDir(), "logs", "daemon.log");
-	console.log(`Log file: ${logFile}\n`);
-
-	if (existsSync(logFile)) {
-		const content = readFileSync(logFile, "utf-8");
-		const lines = content.split("\n");
-		const last50 = lines.slice(-50).join("\n");
-		console.log(last50);
-	} else {
-		console.log("No logs found.");
-	}
-}
-
-function statusLaunchd(): void {
-	const result = execSafe(`launchctl list | grep ${LAUNCHD_LABEL}`);
-	if (result.ok && result.stdout) {
-		const parts = result.stdout.split(/\s+/);
-		const pid = parts[0];
-		const exitCode = parts[1];
-		if (pid && pid !== "-") {
-			console.log(`Daemon is running (pid ${pid}).`);
-		} else {
-			console.log(`Daemon is not running (last exit code: ${exitCode}).`);
-		}
-	} else {
-		console.log("Daemon is not installed as a launchd agent.");
-	}
-}
-
-// ─── Platform dispatch ────────────────────────────────────────────────────────
-
-const isMac = platform() === "darwin";
-const isLinux = platform() === "linux";
-
-export async function installService(): Promise<void> {
-	if (isMac) {
-		await installLaunchd();
-	} else if (isLinux) {
-		await installSystemd();
-	} else {
-		console.error(`Service installation not supported on ${platform()}.`);
-		console.log("Run 'clankie start' manually instead.");
-		process.exit(1);
-	}
-}
-
-export async function uninstallService(): Promise<void> {
-	if (isMac) {
-		await uninstallLaunchd();
-	} else if (isLinux) {
-		await uninstallSystemd();
-	} else {
-		console.error(`Service management not supported on ${platform()}.`);
-		process.exit(1);
-	}
-}
-
-export function showServiceLogs(): void {
-	if (isMac) {
-		logsLaunchd();
-	} else if (isLinux) {
-		logsSystemd();
-	} else {
-		const logFile = join(getAppDir(), "logs", "daemon.log");
-		if (existsSync(logFile)) {
-			console.log(readFileSync(logFile, "utf-8"));
-		} else {
-			console.log("No logs found.");
-		}
-	}
-}
-
-export function showServiceStatus(): void {
-	if (isMac) {
-		statusLaunchd();
-	} else if (isLinux) {
-		statusSystemd();
-	} else {
-		console.log(`Service management not supported on ${platform()}.`);
-		console.log("Use 'clankie status' to check if the daemon is running via PID file.");
-	}
-}