claude-nb 0.3.0

package/lib/board_lock.py

@@ -0,0 +1,113 @@
+"""board_lock — git lock coordination: git-lock / git-unlock / git-lock-status."""
+
+import subprocess
+import time
+
+from lib.board_db import BoardDB, ts
+
+GIT_LOCK_TTL = 60
+
+
+def _cleanup_stale(db: BoardDB) -> None:
+    now_epoch = int(time.time())
+    db.execute("DELETE FROM git_locks WHERE expires_at < ?", (now_epoch,))
+
+
+def cmd_git_lock(db: BoardDB, identity: str, args: list[str]) -> None:
+    name = identity.lower()
+    reason = " ".join(args) if args else "git operation"
+
+    _cleanup_stale(db)
+
+    expires = int(time.time()) + GIT_LOCK_TTL
+    did_insert = db.execute_changes(
+        "INSERT OR IGNORE INTO git_locks(id, session, reason, expires_at) VALUES (1, ?, ?, ?)",
+        (name, reason, expires),
+    )
+    if did_insert:
+        print(f"OK git-lock acquired by {name} (expires in {GIT_LOCK_TTL}s)")
+        return
+
+    holder = db.scalar("SELECT session FROM git_locks WHERE id=1")
+    if holder == name:
+        new_expires = int(time.time()) + GIT_LOCK_TTL
+        db.execute(
+            "UPDATE git_locks SET expires_at=?, reason=?, "
+            "acquired_at=strftime('%Y-%m-%d %H:%M:%S', 'now', 'localtime') WHERE id=1",
+            (new_expires, reason),
+        )
+        print(f"OK git-lock extended (held by you, expires in {GIT_LOCK_TTL}s)")
+        return
+
+    expires_at = db.scalar("SELECT expires_at FROM git_locks WHERE id=1") or 0
+    remaining = expires_at - int(time.time())
+    lock_reason = db.scalar("SELECT reason FROM git_locks WHERE id=1") or ""
+    print(
+        f"BLOCKED: git lock held by '{holder}' ({lock_reason}, expires in {remaining}s)",
+    )
+    print(f"  Wait and retry, or force with: ./board --as {identity} git-unlock --force")
+    raise SystemExit(1)
+
+
+def cmd_git_unlock(db: BoardDB, identity: str, args: list[str]) -> None:
+    name = identity.lower()
+    force = "--force" in args
+
+    _cleanup_stale(db)
+
+    holder = db.scalar("SELECT session FROM git_locks WHERE id=1")
+    if not holder:
+        print("OK git lock is already free")
+        return
+
+    if holder != name and not force:
+        print(f"ERROR: git lock held by '{holder}', not you. Use --force to override.")
+        raise SystemExit(1)
+
+    if holder != name and force:
+        print(f"WARN: force-releasing git lock held by '{holder}'")
+        now = ts()
+        msg_id = db.execute(
+            "INSERT INTO messages(ts, sender, recipient, body) VALUES (?, 'SYSTEM', ?, ?)",
+            (now, holder, f"[GIT-LOCK] {name} force-released your git lock"),
+        )
+        db.execute("INSERT INTO inbox(session, message_id) VALUES (?, ?)", (holder, msg_id))
+        db.sync_inbox_to_file(holder)
+
+    db.execute("DELETE FROM git_locks WHERE id=1")
+    print("OK git-lock released")
+
+    index_lock = db.env.project_root / ".git" / "index.lock"
+    if index_lock.exists():
+        r = subprocess.run(
+            ["pgrep", "-f", f"git.*{db.env.project_root}"],
+            capture_output=True,
+        )
+        if r.returncode != 0:
+            index_lock.unlink()
+            print("  Also removed stale .git/index.lock")
+        else:
+            print("  WARN: .git/index.lock exists and a git process is running")
+
+
+def cmd_git_lock_status(db: BoardDB) -> None:
+    _cleanup_stale(db)
+
+    row = db.query_one("SELECT session, reason, acquired_at, expires_at FROM git_locks WHERE id=1")
+    if not row:
+        print("FREE: no session holds the git lock")
+    else:
+        holder, reason, acquired, expires_at = row
+        remaining = expires_at - int(time.time())
+        print(f"LOCKED by {holder}")
+        print(f"  Reason: {reason}")
+        print(f"  Acquired: {acquired}")
+        print(f"  Expires in: {remaining}s")
+
+    index_lock = db.env.project_root / ".git" / "index.lock"
+    if index_lock.exists():
+        try:
+            lock_age = int(time.time()) - int(index_lock.stat().st_mtime)
+        except OSError:
+            lock_age = 0
+        print(f"  .git/index.lock exists (age: {lock_age}s)")

package/lib/board_mailbox.py

@@ -0,0 +1,145 @@
+"""board_mailbox — encrypted async messaging between registered agents."""
+
+import json
+from pathlib import Path
+
+from lib.board_db import BoardDB, ts
+from lib.crypto import (
+    generate_keypair,
+    load_private_key,
+    public_key_from_hex,
+    public_key_to_hex,
+    save_keypair,
+    seal_b64,
+    unseal_b64,
+)
+
+REGISTRY_DIR = Path(__file__).resolve().parent.parent / "registry"
+PUBKEYS_FILE = REGISTRY_DIR / "pubkeys.json"
+
+
+def _keys_dir(db: BoardDB) -> Path:
+    return db.env.claudes_dir / "keys"
+
+
+def _load_pubkeys() -> dict[str, str]:
+    if PUBKEYS_FILE.exists():
+        return json.loads(PUBKEYS_FILE.read_text())
+    return {}
+
+
+def _save_pubkeys(data: dict[str, str]) -> None:
+    PUBKEYS_FILE.write_text(json.dumps(data, indent=2, ensure_ascii=False) + "\n")
+
+
+def _find_pubkey(name: str) -> str | None:
+    """Look up public_key from pubkeys.json (separate from immutable chain blocks)."""
+    return _load_pubkeys().get(name)
+
+
+def cmd_keygen(db: BoardDB, identity: str) -> None:
+    name = identity.lower()
+    kd = _keys_dir(db)
+
+    if (kd / f"{name}.pem").exists():
+        print(f"ERROR: 密钥已存在 ({kd / f'{name}.pem'})，如需重新生成请先删除旧密钥")
+        raise SystemExit(1)
+
+    private, public = generate_keypair()
+    save_keypair(kd, name, private, public)
+    pubkey_hex = public_key_to_hex(public)
+
+    pubkeys = _load_pubkeys()
+    pubkeys[name] = pubkey_hex
+    _save_pubkeys(pubkeys)
+
+    print("OK 密钥已生成")
+    print(f"  私钥: {kd / f'{name}.pem'} (勿泄露)")
+    print(f"  公钥: {pubkey_hex[:16]}...")
+    print(f"  已写入 {PUBKEYS_FILE.relative_to(REGISTRY_DIR.parent)}")
+
+
+def cmd_seal(db: BoardDB, identity: str, args: list[str]) -> None:
+    name = identity.lower()
+    if len(args) < 2:
+        print("Usage: ./board --as <name> seal <recipient> <message>")
+        raise SystemExit(1)
+
+    recipient = args[0].lower()
+    plaintext = " ".join(args[1:])
+
+    recipient_pubkey_hex = _find_pubkey(recipient)
+    if not recipient_pubkey_hex:
+        print(f"ERROR: {recipient} 未注册公钥 (需先运行 keygen)")
+        raise SystemExit(1)
+
+    recipient_pub = public_key_from_hex(recipient_pubkey_hex)
+    encrypted = seal_b64(plaintext, recipient_pub)
+
+    now = ts()
+    db.execute(
+        "INSERT INTO mailbox(ts, sender, recipient, encrypted_body) VALUES (?, ?, ?, ?)",
+        (now, name, recipient, encrypted),
+    )
+    print(f"OK 加密消息已发送给 {recipient} ({len(encrypted)} bytes)")
+
+
+def cmd_unseal(db: BoardDB, identity: str) -> None:
+    name = identity.lower()
+    kd = _keys_dir(db)
+
+    try:
+        private = load_private_key(kd, name)
+    except FileNotFoundError as e:
+        print(f"ERROR: {e}")
+        raise SystemExit(1)
+
+    rows = db.query(
+        "SELECT id, ts, sender, encrypted_body FROM mailbox WHERE recipient=? AND read=0 ORDER BY ts",
+        (name,),
+    )
+
+    if not rows:
+        print("加密信箱为空")
+        return
+
+    print(f"你有 {len(rows)} 条加密消息:\n")
+    decrypted_ids = []
+    for msg_id, msg_ts, sender, encrypted_body in rows:
+        try:
+            plaintext = unseal_b64(encrypted_body, private)
+            print(f"  [{msg_ts}] **{sender}**: {plaintext}")
+            decrypted_ids.append(msg_id)
+        except Exception:
+            print(f"  [{msg_ts}] **{sender}**: [解密失败 — 密钥不匹配或消息损坏]")
+
+    if decrypted_ids:
+        placeholders = ",".join("?" * len(decrypted_ids))
+        db.execute(f"UPDATE mailbox SET read=1 WHERE id IN ({placeholders})", tuple(decrypted_ids))
+        print(f"\n已标记 {len(decrypted_ids)} 条为已读")
+
+
+def cmd_mailbox_log(db: BoardDB, identity: str) -> None:
+    name = identity.lower()
+    kd = _keys_dir(db)
+
+    try:
+        private = load_private_key(kd, name)
+    except FileNotFoundError as e:
+        print(f"ERROR: {e}")
+        raise SystemExit(1)
+
+    rows = db.query(
+        "SELECT ts, sender, encrypted_body FROM mailbox WHERE recipient=? ORDER BY ts DESC LIMIT 20",
+        (name,),
+    )
+    if not rows:
+        print("无加密消息记录")
+        return
+
+    for msg_ts, sender, encrypted_body in reversed(rows):
+        try:
+            plaintext = unseal_b64(encrypted_body, private)
+            print(f"  [{msg_ts}] {sender}: {plaintext}")
+        except Exception:
+            print(f"  [{msg_ts}] {sender}: [无法解密]")

package/lib/board_maintenance.py

@@ -0,0 +1,237 @@
+"""board_maintenance — data maintenance: prune, backup, restore."""
+
+import shutil
+import time
+from pathlib import Path
+
+from lib.board_db import BoardDB
+
+# ---------------------------------------------------------------------------
+# prune
+# ---------------------------------------------------------------------------
+
+
+def cmd_prune(db: BoardDB, args: list[str]) -> None:
+    """Prune old messages and inbox entries.
+
+    Usage: board --as <name> prune [--before YYYY-MM-DD] [--keep N] [--dry-run]
+    """
+    usage = "Usage: board --as <name> prune [--before YYYY-MM-DD] [--keep N] [--dry-run]"
+
+    before_days = 90  # default: keep 90 days
+    dry_run = False
+    positional: list[str] = []
+
+    i = 0
+    while i < len(args):
+        if args[i] == "--before" and i + 1 < len(args):
+            before_days = _parse_days(args[i + 1])
+            i += 2
+        elif args[i] == "--keep" and i + 1 < len(args):
+            try:
+                int(args[i + 1])
+            except ValueError:
+                print(f"ERROR: --keep requires a number, got '{args[i + 1]}'")
+                raise SystemExit(1)
+            i += 2
+        elif args[i] == "--dry-run":
+            dry_run = True
+            i += 1
+        else:
+            positional.append(args[i])
+            i += 1
+
+    if positional:
+        print(usage)
+        raise SystemExit(1)
+
+    cutoff = _days_ago_ts(before_days)
+
+    # Count what would be deleted
+    old_inbox = db.scalar(
+        "SELECT COUNT(*) FROM inbox WHERE message_id IN "
+        "(SELECT id FROM messages WHERE ts < ?)",
+        (cutoff,),
+    ) or 0
+    old_messages = db.scalar(
+        "SELECT COUNT(*) FROM messages WHERE ts < ?",
+        (cutoff,),
+    ) or 0
+
+    # Also count old read inbox entries (not just those linked to old messages)
+    old_read_inbox = db.scalar(
+        "SELECT COUNT(*) FROM inbox WHERE read=1 AND "
+        "delivered_at < ?",
+        (cutoff,),
+    ) or 0
+
+    if dry_run:
+        print("=== DRY RUN: would delete ===")
+        print(f"  {old_messages} messages older than {before_days} days")
+        print(f"  {old_inbox} inbox entries referencing old messages")
+        print(f"  {old_read_inbox} already-read inbox entries")
+        total = old_messages + old_inbox + old_read_inbox
+        if total == 0:
+            print("  Nothing to prune.")
+        else:
+            print(f"  Total: {total} rows")
+        return
+
+    total_deleted = 0
+
+    # Delete old messages (cascades to inbox via FK)
+    if old_messages > 0:
+        db.execute("DELETE FROM messages WHERE ts < ?", (cutoff,))
+        total_deleted += old_messages
+
+    # Delete old read inbox entries (not covered by message FK cascade)
+    if old_read_inbox > 0:
+        db.execute("DELETE FROM inbox WHERE read=1 AND delivered_at < ?", (cutoff,))
+        total_deleted += old_read_inbox
+
+    if total_deleted == 0:
+        print("OK nothing to prune")
+    else:
+        print(f"OK pruned {total_deleted} rows (messages older than {before_days} days)")
+
+
+def _parse_days(arg: str) -> int:
+    """Parse a date or day-count argument.
+
+    Accepts: 'YYYY-MM-DD' (exact date), or integer (days ago).
+    """
+    from datetime import datetime
+
+    try:
+        target = datetime.strptime(arg, "%Y-%m-%d")
+        now = datetime.now()
+        return (now - target).days
+    except ValueError:
+        pass
+    try:
+        return int(arg)
+    except ValueError:
+        print(f"ERROR: invalid date/days: '{arg}'. Use YYYY-MM-DD or a number.")
+        raise SystemExit(1)
+
+
+def _days_ago_ts(days: int) -> str:
+    """Return a timestamp string for *days* ago."""
+    from datetime import datetime, timedelta
+
+    return (datetime.now() - timedelta(days=days)).strftime("%Y-%m-%d %H:%M:%S")
+
+
+# ---------------------------------------------------------------------------
+# backup
+# ---------------------------------------------------------------------------
+
+
+def cmd_backup(db: BoardDB, args: list[str]) -> None:
+    """Backup board.db to a timestamped file.
+
+    Usage: board backup [--output <path>]
+    """
+    import shutil as _shutil
+
+    output: Path | None = None
+    for arg in args:
+        if arg.startswith("--output="):
+            output = Path(arg.split("=", 1)[1])
+        elif arg == "--output" and len(args) > args.index(arg) + 1:
+            output = Path(args[args.index(arg) + 1])
+        elif arg == "--help":
+            print("Usage: board backup [--output <path>]")
+            return
+
+    if output is None:
+        stamp = time.strftime("%Y%m%d-%H%M%S")
+        output = db.db_path.parent / f"backup-{stamp}.db"
+
+    _shutil.copy2(db.db_path, output)
+
+    # Verify the backup
+    import sqlite3
+
+    try:
+        conn = sqlite3.connect(str(output))
+        conn.execute("SELECT COUNT(*) FROM meta")
+        conn.close()
+    except sqlite3.Error as e:
+        print(f"ERROR: backup verification failed: {e}")
+        if output.exists():
+            output.unlink()
+        raise SystemExit(1)
+
+    size = output.stat().st_size
+    print(f"OK backup saved: {output}")
+    print(f"  Size: {size} bytes")
+
+
+# ---------------------------------------------------------------------------
+# restore
+# ---------------------------------------------------------------------------
+
+
+def cmd_restore(db: BoardDB, args: list[str]) -> None:
+    """Restore board.db from a backup file.
+
+    Usage: board restore <backup-file> [--force]
+    """
+    force = False
+    source: Path | None = None
+    for arg in args:
+        if arg in ("--force", "-f"):
+            force = True
+        elif arg in ("--help", "-h"):
+            print("Usage: board restore <backup-file> [--force]")
+            print()
+            print("  --force  Skip confirmation prompt")
+            return
+        else:
+            source = Path(arg)
+
+    if source is None:
+        print("Usage: board restore <backup-file> [--force]")
+        raise SystemExit(1)
+    if not source.exists():
+        print(f"ERROR: backup file not found: {source}")
+        raise SystemExit(1)
+
+    # Verify the backup
+    import sqlite3
+
+    try:
+        conn = sqlite3.connect(str(source))
+        conn.execute("PRAGMA integrity_check")
+        tables = conn.execute(
+            "SELECT name FROM sqlite_master WHERE type='table'"
+        ).fetchall()
+        conn.close()
+        if not tables:
+            print("ERROR: backup file contains no tables")
+            raise SystemExit(1)
+    except sqlite3.Error as e:
+        print(f"ERROR: invalid backup file: {e}")
+        raise SystemExit(1)
+
+    if not force:
+        print("About to restore board.db from:")
+        print(f"  {source}")
+        print("This will OVERWRITE the current database.")
+        try:
+            answer = input("Continue? [y/N] ").strip().lower()
+        except (EOFError, KeyboardInterrupt):
+            print("\nCancelled.")
+            return
+        if answer not in ("y", "yes"):
+            print("Cancelled.")
+            return
+
+    # Atomic restore: copy to temp, rename
+    tmp = db.db_path.with_suffix(".db.restore-tmp")
+    shutil.copy2(source, tmp)
+    tmp.replace(db.db_path)
+
+    print(f"OK restored from {source}")
+    print("  Sessions may need to restart to pick up changes.")