claude-nb 0.3.0 → 0.5.1

package/bin/sync-version

@@ -0,0 +1,131 @@
+#!/usr/bin/env python3
+"""sync-version — sync VERSION to package.json and pyproject.toml.
+
+Reads the canonical version from VERSION file and updates:
+  - package.json: "version" field
+  - pyproject.toml: version field (PEP 440 format: X.Y.Z.dev0)
+Also syncs the license from pyproject.toml to package.json.
+
+Usage:
+    ./bin/sync-version          # sync + report
+    ./bin/sync-version --check  # check consistency only (exit 1 if drift)
+"""
+
+import json
+import re
+import sys
+from pathlib import Path
+
+ROOT = Path(__file__).resolve().parent.parent
+
+
+def read_version() -> str:
+    return (ROOT / "VERSION").read_text().strip()
+
+
+def read_pyproject() -> tuple[str, str]:
+    """Return (version, license) from pyproject.toml."""
+    text = (ROOT / "pyproject.toml").read_text()
+    ver_m = re.search(r'^version\s*=\s*"([^"]+)"', text, re.MULTILINE)
+    lic_m = re.search(r'^license\s*=\s*"([^"]+)"', text, re.MULTILINE)
+    return (ver_m.group(1) if ver_m else ""), (lic_m.group(1) if lic_m else "")
+
+
+def read_package_json() -> tuple[str, str]:
+    """Return (version, license) from package.json."""
+    data = json.loads((ROOT / "package.json").read_text())
+    return data.get("version", ""), data.get("license", "")
+
+
+def canonical_to_pep440(ver: str) -> str:
+    """Convert '0.5.1-dev' to '0.5.1.dev0' (PEP 440)."""
+    return re.sub(r"-dev$", ".dev0", ver)
+
+
+def pep440_to_npm(ver: str) -> str:
+    """Convert '0.5.1.dev0' to '0.5.1-dev'."""
+    return re.sub(r"\.dev\d+$", "-dev", ver)
+
+
+def check() -> list[str]:
+    """Return list of inconsistency descriptions. Empty = all good."""
+    ver = read_version()
+    pep_ver, pep_lic = read_pyproject()
+    npm_ver, npm_lic = read_package_json()
+
+    expected_pep = canonical_to_pep440(ver)
+    errors = []
+
+    if pep_ver != expected_pep:
+        errors.append(f"pyproject.toml version '{pep_ver}' != expected '{expected_pep}' (from VERSION '{ver}')")
+    if npm_ver != ver:
+        errors.append(f"package.json version '{npm_ver}' != VERSION '{ver}'")
+    if pep_lic and npm_lic != pep_lic:
+        errors.append(f"package.json license '{npm_lic}' != pyproject.toml license '{pep_lic}'")
+
+    return errors
+
+
+def sync() -> None:
+    ver = read_version()
+    _, pep_lic = read_pyproject()
+
+    # Sync package.json
+    pkg_path = ROOT / "package.json"
+    pkg = json.loads(pkg_path.read_text())
+    changed = False
+    if pkg.get("version") != ver:
+        print(f"package.json version: '{pkg['version']}' -> '{ver}'")
+        pkg["version"] = ver
+        changed = True
+    if pep_lic and pkg.get("license") != pep_lic:
+        print(f"package.json license: '{pkg.get('license')}' -> '{pep_lic}'")
+        pkg["license"] = pep_lic
+        changed = True
+    if changed:
+        pkg_path.write_text(json.dumps(pkg, indent=2) + "\n")
+    else:
+        print("package.json: already in sync")
+
+    # Sync pyproject.toml version
+    pyp_path = ROOT / "pyproject.toml"
+    text = pyp_path.read_text()
+    expected_pep = canonical_to_pep440(ver)
+    new_text = re.sub(
+        r'^(version\s*=\s*")[^"]+"',
+        rf'\g<1>{expected_pep}"',
+        text,
+        count=1,
+        flags=re.MULTILINE,
+    )
+    if new_text != text:
+        pep_ver, _ = read_pyproject()
+        print(f"pyproject.toml version: '{pep_ver}' -> '{expected_pep}'")
+        pyp_path.write_text(new_text)
+    else:
+        print("pyproject.toml: already in sync")
+
+
+def main() -> None:
+    if "--check" in sys.argv:
+        errors = check()
+        if errors:
+            print("VERSION DRIFT DETECTED:")
+            for e in errors:
+                print(f"  - {e}")
+            raise SystemExit(1)
+        print("OK all versions and licenses consistent")
+        return
+
+    sync()
+    errors = check()
+    if errors:
+        print("\nWARNING: still inconsistent after sync:")
+        for e in errors:
+            print(f"  - {e}")
+        raise SystemExit(1)
+    print("\nOK all synced")
+
+
+if __name__ == "__main__":
+    main()

package/lib/board_admin.py

@@ -4,9 +4,12 @@ import subprocess
 import time
 
 from lib.board_db import BoardDB, ts
+from lib.common import validate_identity
 
 
 def cmd_suspend(db: BoardDB, identity: str, args: list[str]) -> None:
+    assert db.env is not None
+    validate_identity(db, identity)
     name = identity.lower()
     if not args:
         print("Usage: ./board --as <name> suspend <session>")
@@ -35,15 +38,19 @@ def cmd_suspend(db: BoardDB, identity: str, args: list[str]) -> None:
 
     prefix = db.env.prefix
     sess = f"{prefix}-{target}"
-    r = subprocess.run(["tmux", "has-session", "-t", sess], capture_output=True)
-    if r.returncode == 0:
-        subprocess.run(
-            ["tmux", "send-keys", "-t", sess, "/exit", "Enter"],
-            capture_output=True,
-        )
-        time.sleep(2)
-        subprocess.run(["tmux", "kill-session", "-t", sess], capture_output=True)
-        print(f"{target}: tmux session 已关闭")
+    try:
+        r = subprocess.run(["tmux", "has-session", "-t", sess], capture_output=True, timeout=5)
+        if r.returncode == 0:
+            subprocess.run(
+                ["tmux", "send-keys", "-t", sess, "/exit", "Enter"],
+                capture_output=True,
+                timeout=5,
+            )
+            time.sleep(2)
+            subprocess.run(["tmux", "kill-session", "-t", sess], capture_output=True, timeout=5)
+            print(f"{target}: tmux session 已关闭")
+    except (subprocess.TimeoutExpired, OSError):
+        pass
 
     now = ts()
     db.execute(
@@ -53,6 +60,8 @@ def cmd_suspend(db: BoardDB, identity: str, args: list[str]) -> None:
 
 
 def cmd_resume(db: BoardDB, identity: str, args: list[str]) -> None:
+    assert db.env is not None
+    validate_identity(db, identity)
     name = identity.lower()
     if not args:
         print("Usage: ./board --as <name> resume <session>")
@@ -80,6 +89,7 @@ def cmd_resume(db: BoardDB, identity: str, args: list[str]) -> None:
 
 
 def cmd_kudos(db: BoardDB, identity: str, args: list[str]) -> None:
+    validate_identity(db, identity)
     name = identity.lower()
     if len(args) < 2:
         print("Usage: ./board --as <name> kudos <target> <reason> [--evidence <commit/link>]")

package/lib/board_bbs.py

@@ -3,31 +3,43 @@
 import hashlib
 
 from lib.board_db import BoardDB, ts
+from lib.common import validate_identity
 
 
 def cmd_post(db: BoardDB, identity: str, args: list[str]) -> None:
+    validate_identity(db, identity)
     name = identity.lower()
     if len(args) < 2:
         print("Usage: ./board --as <name> post <标题> <内容>")
         raise SystemExit(1)
     title = args[0]
+    body = " ".join(args[1:])
     now = ts()
     tid = hashlib.sha256(f"{title}{now}{identity}".encode()).hexdigest()[:6]
 
-    db.execute(
-        "INSERT INTO threads(id, title, author) VALUES (?, ?, ?)",
-        (tid, title, name),
-    )
-    db.execute(
-        "INSERT INTO messages(ts, sender, recipient, body) VALUES (?, ?, 'all', ?)",
-        (now, name, f"[BBS] 新帖「{title}」({tid})"),
-    )
+    with db.conn() as c:
+        db.execute(
+            "INSERT INTO threads(id, title, author) VALUES (?, ?, ?)",
+            (tid, title, name),
+            c=c,
+        )
+        db.execute(
+            "INSERT INTO thread_replies(thread_id, author, body) VALUES (?, ?, ?)",
+            (tid, name, body),
+            c=c,
+        )
+        db.execute(
+            "INSERT INTO messages(ts, sender, recipient, body) VALUES (?, ?, 'all', ?)",
+            (now, name, f"[BBS] 新帖「{title}」({tid})"),
+            c=c,
+        )
     print(f"OK 帖子已创建: {tid}")
     print(f"  标题: {title}")
     print(f"  查看: ./board --as <name> thread {tid}")
 
 
 def cmd_reply(db: BoardDB, identity: str, args: list[str]) -> None:
+    validate_identity(db, identity)
     name = identity.lower()
     if len(args) < 2:
         print("Usage: ./board --as <name> reply <帖子ID> <内容>")
@@ -70,6 +82,9 @@ def cmd_thread(db: BoardDB, args: list[str]) -> None:
         raise SystemExit(1)
 
     row = db.query_one("SELECT title, author, created_at FROM threads WHERE id=?", (full_tid,))
+    if not row:
+        print(f"ERROR: 帖子 {full_tid} 数据异常")
+        raise SystemExit(1)
     title, author, created = row
     print(f"# {title}")
     print(f"> @{author} — {created}\n")

package/lib/board_bug.py

@@ -4,10 +4,11 @@ import time
 from datetime import datetime
 
 from lib.board_db import BoardDB, ts
-from lib.common import is_terminal_bug_status
+from lib.common import is_terminal_bug_status, validate_identity
 
 
 def cmd_bug(db: BoardDB, identity: str, args: list[str]) -> None:
+    validate_identity(db, identity)
     subcmd = args[0] if args else "list"
     rest = args[1:] if len(args) > 1 else []
     dispatch = {

package/lib/board_db.py

@@ -1,4 +1,4 @@
-"""board_db — DB connection, helpers, and .md file sync."""
+"""board_db — DB connection and helpers."""
 
 from __future__ import annotations
 
@@ -25,7 +25,7 @@ class BoardDB(BaseDB):
     """Unified SQLite wrapper — new connection per call, no pooling.
 
     Accepts either a ClaudesEnv (production) or a bare Path/str (tests, lightweight callers).
-    Adds .md file sync helpers on top of the BaseDB interface.
+    SQLite is the single source of truth; no .md file sync.
     """
 
     def __init__(self, env_or_path: ClaudesEnv | Path | str):
@@ -41,6 +41,10 @@ class BoardDB(BaseDB):
             self.env = None
             self.db_path = Path(env_or_path)
 
+    def require_env(self) -> ClaudesEnv:
+        assert self.env is not None, "BoardDB created without ClaudesEnv — this command requires a full environment"
+        return self.env
+
     def _auto_migrate(self) -> None:
         """Apply pending schema migrations on first load (idempotent).
 
@@ -92,164 +96,51 @@ class BoardDB(BaseDB):
 
     def execute(self, sql: str, params: tuple[Any, ...] = (), *, c: sqlite3.Connection | None = None) -> int:
         if c is not None:
-            return c.execute(sql, params).lastrowid
+            return c.execute(sql, params).lastrowid or 0
         with self.conn() as conn:
             cur = conn.execute(sql, params)
-            return cur.lastrowid
+            return cur.lastrowid or 0
 
     def execute_changes(self, sql: str, params: tuple[Any, ...] = (), *, c: sqlite3.Connection | None = None) -> int:
         if c is not None:
             c.execute(sql, params)
-            return c.execute("SELECT changes()").fetchone()[0]
+            return int(c.execute("SELECT changes()").fetchone()[0])
         with self.conn() as conn:
             conn.execute(sql, params)
-            return conn.execute("SELECT changes()").fetchone()[0]
+            return int(conn.execute("SELECT changes()").fetchone()[0])
 
     def ensure_session(self, name: str, *, c: sqlite3.Connection | None = None) -> None:
         n = name.lower()
         existing = self.scalar("SELECT COUNT(*) FROM sessions WHERE name=?", (n,), c=c)
-        if existing == 0:
-            self.execute("INSERT INTO sessions(name) VALUES (?)", (n,), c=c)
-
-    # --- .md file sync ---
-    #
-    # All writes use temp-file + atomic rename to avoid corruption on
-    # crash mid-write.  Section detection is strict: ## heading must be
-    # followed by space or end-of-line (not e.g. "## @收件箱-extra").
-
-    INBOX_HEADINGS: tuple[str, ...] = ("## @inbox", "## @收件箱")
-    TASK_HEADINGS: tuple[str, ...] = ("## Current task", "## 当前任务")
-
-    @staticmethod
-    def _replace_section(
-        text: str,
-        headings: tuple[str, ...],
-        replacement: str | None,
-    ) -> str | None:
-        """Replace or remove the content of a named Markdown section.
-
-        If *replacement* is None, the section is removed.  Returns the new
-        text, or None if the section was not found and no append is needed.
-
-        Heading detection: a line is a section boundary if it starts with "## "
-        (after stripping leading whitespace). Target headings are matched
-        case-insensitively against the normalized prefix.
-        """
-        lines = text.split("\n")
-        out: list[str] = []
-        in_section = False
-        found = False
-
-        normalized_headings = tuple(h.strip().lower() for h in headings)
-
-        for line in lines:
-            stripped = line.strip().lower()
-            if any(stripped == h or stripped.startswith(h + " ") for h in normalized_headings):
-                found = True
-                in_section = True
-                if replacement is not None:
-                    out.append(line)
-                    out.append(replacement)
-                continue
-            if in_section and stripped.startswith("## "):
-                in_section = False
-                out.append("")
-                out.append(line)
-                continue
-            if in_section:
-                continue
-            out.append(line)
-
-        if not found:
-            return None
-        return "\n".join(out)
-
-    def _atomic_write(self, path: Path, content: str) -> None:
-        """Write *content* to *path* atomically (temp + rename)."""
-        tmp = path.with_suffix(path.suffix + ".tmp")
-        try:
-            tmp.write_text(content)
-            tmp.replace(path)
-        except OSError:
-            pass
-
-    # ── inbox sync ──
-
-    def sync_inbox_to_file(self, target: str, *, c: sqlite3.Connection | None = None) -> None:
-        """Sync unread inbox messages to {target}.md file.
-
-        Accepts an optional *c* to use the caller's connection (so that
-        uncommitted inbox rows are visible within a transaction).
-        """
-        if not self.env:
-            return
-        sf = self.env.sessions_dir / f"{target}.md"
-        if not sf.exists():
+        if existing:
             return
-        rows = self.query(
-            "SELECT '- [' || m.ts || '] **' || m.sender || '**: ' || substr(m.body, 1, 60) "
-            "FROM inbox i JOIN messages m ON i.message_id=m.id "
-            "WHERE i.session=? AND i.read=0 ORDER BY m.ts",
-            (target,),
-            c=c,
-        )
-        inbox_lines = "\n".join(r[0] for r in rows) if rows else ""
+        if self.env is not None:
+            from lib.common import PRIVILEGED_ROLES
 
-        try:
-            text = sf.read_text()
-        except OSError:
-            return
-
-        result = self._replace_section(text, self.INBOX_HEADINGS, inbox_lines or None)
-        if result is not None:
-            self._atomic_write(sf, result)
-        elif inbox_lines:
-            heading = self.INBOX_HEADINGS[1]  # canonical: Chinese heading
-            self._atomic_write(sf, text.rstrip("\n") + f"\n\n{heading}\n{inbox_lines}\n")
-
-    def clear_inbox_file(self, target: str) -> None:
-        if not self.env:
-            return
-        sf = self.env.sessions_dir / f"{target}.md"
-        if not sf.exists():
-            return
-        try:
-            text = sf.read_text()
-        except OSError:
-            return
-        result = self._replace_section(text, self.INBOX_HEADINGS, None)
-        if result is not None:
-            self._atomic_write(sf, result)
-
-    # ── status sync ──
-
-    def sync_status_to_file(self, target: str, status: str) -> None:
-        if not self.env:
-            return
-        sf = self.env.sessions_dir / f"{target}.md"
-        if not sf.exists():
-            return
-        try:
-            text = sf.read_text()
-        except OSError:
-            return
-        result = self._replace_section(text, self.TASK_HEADINGS, status)
-        if result is not None:
-            self._atomic_write(sf, result)
+            allowed = {s.lower() for s in self.env.sessions} | {"all"} | PRIVILEGED_ROLES
+            if n not in allowed:
+                print(f"ERROR: '{n}' is not a registered session")
+                raise SystemExit(1)
+        self.execute("INSERT INTO sessions(name) VALUES (?)", (n,), c=c)
 
     def deliver_to_inbox(
         self, sender: str, recipient: str, msg_id: int, *, c: sqlite3.Connection | None = None
     ) -> None:
         if recipient == "all":
-            sessions = self.query("SELECT name FROM sessions WHERE name != ?", (sender,), c=c)
-            for (target,) in sessions:
-                self.execute(
-                    "INSERT INTO inbox(session, message_id) VALUES (?, ?)",
-                    (target, msg_id),
-                    c=c,
+
+            def _do(conn: sqlite3.Connection) -> list[str]:
+                conn.execute(
+                    "INSERT INTO inbox(session, message_id) SELECT name, ? FROM sessions WHERE name != ?",
+                    (msg_id, sender),
                 )
-            for (target,) in sessions:
-                self.sync_inbox_to_file(target, c=c)
+                return [r[0] for r in conn.execute("SELECT name FROM sessions WHERE name != ?", (sender,)).fetchall()]
+
+            if c is not None:
+                targets = _do(c)
+            else:
+                with self.conn() as conn:
+                    targets = _do(conn)
+            for target in targets:
                 inbox_delivered.emit(target)
         else:
             self.ensure_session(recipient, c=c)
@@ -258,5 +149,4 @@ class BoardDB(BaseDB):
                 (recipient, msg_id),
                 c=c,
             )
-            self.sync_inbox_to_file(recipient, c=c)
             inbox_delivered.emit(recipient)

package/lib/board_lock.py

@@ -4,6 +4,7 @@ import subprocess
 import time
 
 from lib.board_db import BoardDB, ts
+from lib.common import validate_identity
 
 GIT_LOCK_TTL = 60
 
@@ -14,6 +15,7 @@ def _cleanup_stale(db: BoardDB) -> None:
 
 
 def cmd_git_lock(db: BoardDB, identity: str, args: list[str]) -> None:
+    validate_identity(db, identity)
     name = identity.lower()
     reason = " ".join(args) if args else "git operation"
 
@@ -50,6 +52,8 @@ def cmd_git_lock(db: BoardDB, identity: str, args: list[str]) -> None:
 
 
 def cmd_git_unlock(db: BoardDB, identity: str, args: list[str]) -> None:
+    validate_identity(db, identity)
+    assert db.env is not None
     name = identity.lower()
     force = "--force" in args
 
@@ -72,7 +76,6 @@ def cmd_git_unlock(db: BoardDB, identity: str, args: list[str]) -> None:
             (now, holder, f"[GIT-LOCK] {name} force-released your git lock"),
         )
         db.execute("INSERT INTO inbox(session, message_id) VALUES (?, ?)", (holder, msg_id))
-        db.sync_inbox_to_file(holder)
 
     db.execute("DELETE FROM git_locks WHERE id=1")
     print("OK git-lock released")
@@ -91,6 +94,7 @@ def cmd_git_unlock(db: BoardDB, identity: str, args: list[str]) -> None:
 
 
 def cmd_git_lock_status(db: BoardDB) -> None:
+    assert db.env is not None
     _cleanup_stale(db)
 
     row = db.query_one("SELECT session, reason, acquired_at, expires_at FROM git_locks WHERE id=1")

package/lib/board_mailbox.py

@@ -1,8 +1,11 @@
 """board_mailbox — encrypted async messaging between registered agents."""
 
+import binascii
 import json
 from pathlib import Path
 
+from cryptography.exceptions import InvalidTag
+
 from lib.board_db import BoardDB, ts
 from lib.crypto import (
     generate_keypair,
@@ -19,12 +22,14 @@ PUBKEYS_FILE = REGISTRY_DIR / "pubkeys.json"
 
 
 def _keys_dir(db: BoardDB) -> Path:
+    assert db.env is not None
     return db.env.claudes_dir / "keys"
 
 
 def _load_pubkeys() -> dict[str, str]:
     if PUBKEYS_FILE.exists():
-        return json.loads(PUBKEYS_FILE.read_text())
+        data: dict[str, str] = json.loads(PUBKEYS_FILE.read_text())
+        return data
     return {}
 
 
@@ -66,7 +71,11 @@ def cmd_seal(db: BoardDB, identity: str, args: list[str]) -> None:
         raise SystemExit(1)
 
     recipient = args[0].lower()
-    plaintext = " ".join(args[1:])
+    plaintext = " ".join(args[1:]).strip()
+
+    if not plaintext:
+        print("ERROR: 消息不能为空")
+        raise SystemExit(1)
 
     recipient_pubkey_hex = _find_pubkey(recipient)
     if not recipient_pubkey_hex:
@@ -110,12 +119,13 @@ def cmd_unseal(db: BoardDB, identity: str) -> None:
             plaintext = unseal_b64(encrypted_body, private)
             print(f"  [{msg_ts}] **{sender}**: {plaintext}")
             decrypted_ids.append(msg_id)
-        except Exception:
-            print(f"  [{msg_ts}] **{sender}**: [解密失败 — 密钥不匹配或消息损坏]")
+        except (InvalidTag, ValueError, binascii.Error, UnicodeDecodeError) as e:
+            print(f"  [{msg_ts}] **{sender}**: [解密失败 — {type(e).__name__}: {e}]")
 
     if decrypted_ids:
-        placeholders = ",".join("?" * len(decrypted_ids))
-        db.execute(f"UPDATE mailbox SET read=1 WHERE id IN ({placeholders})", tuple(decrypted_ids))
+        with db.conn() as c:
+            for mid in decrypted_ids:
+                db.execute("UPDATE mailbox SET read=1 WHERE id=?", (mid,), c=c)
         print(f"\n已标记 {len(decrypted_ids)} 条为已读")
 
 
@@ -141,5 +151,5 @@ def cmd_mailbox_log(db: BoardDB, identity: str) -> None:
         try:
             plaintext = unseal_b64(encrypted_body, private)
             print(f"  [{msg_ts}] {sender}: {plaintext}")
-        except Exception:
-            print(f"  [{msg_ts}] {sender}: [无法解密]")
+        except (InvalidTag, ValueError, binascii.Error, UnicodeDecodeError) as e:
+            print(f"  [{msg_ts}] {sender}: [无法解密 — {type(e).__name__}: {e}]")