clawmini 0.0.8 → 0.0.9

package/src/cli/lite.ts

@@ -2,8 +2,7 @@
 
 import { Command } from 'commander';
 import { createTRPCClient, httpLink } from '@trpc/client';
-import type { AgentRouter as AppRouter } from '../daemon/api/index.js';
-import type { CronJob } from '../shared/config.js';
+import type { AgentRouter as AppRouter, AgentCronJobInput } from '../daemon/api/index.js';
 import { registerSubagentCommands } from './subagent-commands.js';
 
 /**
@@ -135,15 +134,7 @@ jobs
   .option('--cron <cron>', 'Schedule via cron expression')
   .option('-m, --message <msg>', 'Message to send')
   .option('-r, --reply <reply>', 'Reply text')
-  .option('-a, --agent <agentId>', 'Agent ID')
   .option('-s, --session <type>', 'Session type (must be "new")')
-  .option(
-    '-e, --env <env>',
-    'Environment variables in key=value format',
-    (val: string, prev: string[]) => prev.concat([val]),
-    []
-  )
-  .option('-c, --chat <chatId>', 'Chat ID')
   .action(async (name, options) => {
     try {
       let schedule;
@@ -152,29 +143,18 @@ jobs
       else if (options.cron) schedule = { cron: options.cron };
       else throw new Error('A schedule must be specified (--at, --every, or --cron).');
 
-      const job: CronJob = {
+      const job: AgentCronJobInput = {
         id: name,
-        createdAt: new Date().toISOString(),
         message: options.message || '',
         schedule,
       };
 
       if (options.reply) job.reply = options.reply;
-      if (options.agent) job.agentId = options.agent;
       if (options.session) {
         if (options.session !== 'new') throw new Error('Only "new" session type is supported.');
         job.session = { type: 'new' };
       }
 
-      if (options.env && options.env.length > 0) {
-        const jobEnv: Record<string, string> = {};
-        for (const e of options.env) {
-          const [k, ...v] = e.split('=');
-          if (k) jobEnv[k] = v.join('=');
-        }
-        job.env = jobEnv;
-      }
-
       const client = getClient();
       await client.addCronJob.mutate({ job });
       console.log(`Job '${name}' created successfully.`);
@@ -230,6 +210,51 @@ requests
     }
   });
 
+requests
+  .command('show <name>')
+  .description(
+    'Show full details of a single policy. Includes the script body when the command points inside .clawmini/policy-scripts/.'
+  )
+  .action(async (name: string) => {
+    try {
+      const client = getClient();
+      const config = await client.listPolicies.query();
+      const policy = config?.policies?.[name];
+
+      if (!policy) {
+        console.error(`Policy not found: ${name}`);
+        process.exit(1);
+      }
+
+      console.log(JSON.stringify({ name, ...policy }, null, 2));
+
+      try {
+        const script = await client.readPolicyScript.query({ commandName: name });
+        console.log(`\n--- Script: ${script.path} (${script.size} bytes) ---`);
+        if ('spilledTo' in script && script.spilledTo) {
+          console.log(`(script body too large to inline; copied to ${script.spilledTo})`);
+        } else if ('content' in script && typeof script.content === 'string') {
+          process.stdout.write(script.content);
+          if (!script.content.endsWith('\n')) process.stdout.write('\n');
+        }
+      } catch (err) {
+        // Distinguish "no script body to show" (policy wraps a system command,
+        // script file missing, too large, etc.) from a real failure (auth,
+        // network, daemon down). Re-raise the latter so the outer catch surfaces it.
+        const code = (err as { data?: { code?: string } })?.data?.code;
+        if (code === 'BAD_REQUEST' || code === 'NOT_FOUND') {
+          const msg = err instanceof Error ? err.message : String(err);
+          console.log(`\n(no script body: ${msg})`);
+        } else {
+          throw err;
+        }
+      }
+    } catch (err) {
+      console.error('Error:', err instanceof Error ? err.message : err);
+      process.exit(1);
+    }
+  });
+
 program
   .command('request <cmd>')
   .description('Submit a sandbox policy request')
@@ -280,6 +305,7 @@ program
         commandName: cmdName,
         args: opaqueArgs,
         fileMappings,
+        cwd: process.cwd(),
       });
 
       if (request.executionResult) {
@@ -293,6 +319,12 @@ program
       } else {
         console.log(`Request created successfully.`);
         console.log(`Request ID: ${request.id}`);
+        console.log('');
+        console.log('This request has not run yet — it is queued for user approval. When the');
+        console.log('user approves (or rejects) it, the result will arrive as a new user');
+        console.log('message in this chat; do not poll. Finish any unrelated work that does');
+        console.log('not depend on this request, then end your turn with a brief message');
+        console.log('explaining you are blocked on this request.');
       }
     } catch (err) {
       console.error('Error:', err instanceof Error ? err.message : err);

package/src/cli/manage-policies-utils.ts

@@ -0,0 +1,104 @@
+import { randomBytes } from 'node:crypto';
+import fs from 'node:fs';
+import path from 'node:path';
+import type { PolicyConfigFile, PolicyDefinition } from '../shared/policies.js';
+import { parseShellArgs } from '../shared/utils/shell.js';
+import { getClawminiDir } from '../shared/workspace.js';
+
+const NAME_RE = /^[a-z0-9-]+$/;
+
+export function fail(message: string): never {
+  console.error(`Error: ${message}`);
+  process.exit(1);
+}
+
+export function assertValidName(name: string): void {
+  if (!NAME_RE.test(name)) {
+    fail('Policy name must only contain lowercase letters, numbers, and hyphens.');
+  }
+}
+
+export function loadPolicies(): {
+  dirPath: string;
+  policies: PolicyConfigFile;
+  policiesPath: string;
+} {
+  const dirPath = getClawminiDir();
+  const policiesPath = path.join(dirPath, 'policies.json');
+  if (!fs.existsSync(dirPath)) {
+    fail('.clawmini directory not found. Please run "clawmini init" first.');
+  }
+  let policies: PolicyConfigFile = { policies: {} };
+  if (fs.existsSync(policiesPath)) {
+    policies = JSON.parse(fs.readFileSync(policiesPath, 'utf8'));
+  }
+  return { dirPath, policies, policiesPath };
+}
+
+export function writePolicies(policiesPath: string, policies: PolicyConfigFile): void {
+  // policies.json gates every policy invocation; a partial write would brick
+  // policy resolution. Stage to a sibling tempfile and rename — rename(2) on
+  // the same filesystem is atomic, so readers see either the old or new file.
+  const tmpPath = `${policiesPath}.${process.pid}.${randomBytes(4).toString('hex')}.tmp`;
+  try {
+    fs.writeFileSync(tmpPath, JSON.stringify(policies, null, 2));
+    fs.renameSync(tmpPath, policiesPath);
+  } catch (err) {
+    try {
+      fs.unlinkSync(tmpPath);
+    } catch {
+      // tmpfile may not exist if writeFileSync threw before creating it.
+    }
+    throw err;
+  }
+}
+
+export function installScript(dirPath: string, name: string, scriptFile: string): string {
+  const scriptsDir = path.join(dirPath, 'policy-scripts');
+  if (!fs.existsSync(scriptsDir)) {
+    fs.mkdirSync(scriptsDir, { recursive: true });
+  }
+  const ext = path.extname(scriptFile) || '.sh';
+  const destScript = path.join(scriptsDir, `${name}${ext}`);
+  fs.copyFileSync(scriptFile, destScript);
+  fs.chmodSync(destScript, 0o755);
+  return `./.clawmini/policy-scripts/${path.basename(destScript)}`;
+}
+
+// Resolves a stored policy.command (relative to the workspace root) and
+// returns its absolute path if it lives inside the managed `policy-scripts/`
+// directory, else null. We compare absolute paths so basename collisions
+// outside the dir cannot trigger an unintended unlink.
+export function scriptInsidePolicyScripts(dirPath: string, command: string): string | null {
+  const workspaceRoot = path.dirname(dirPath);
+  const abs = path.resolve(workspaceRoot, command);
+  const scriptsDir = path.join(dirPath, 'policy-scripts');
+  const sep = path.sep;
+  const dirWithSep = scriptsDir.endsWith(sep) ? scriptsDir : scriptsDir + sep;
+  return abs.startsWith(dirWithSep) ? abs : null;
+}
+
+export function unlinkIfExists(filePath: string): void {
+  try {
+    fs.unlinkSync(filePath);
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code !== 'ENOENT') throw err;
+  }
+}
+
+export function applyCommandString(definition: PolicyDefinition, commandStr: string): void {
+  let parts: string[];
+  try {
+    parts = parseShellArgs(commandStr);
+  } catch (err) {
+    fail(`--command: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  const [head, ...rest] = parts;
+  if (head === undefined) {
+    fail('--command must contain a command to run.');
+  }
+  definition.command = head;
+  if (rest.length > 0) {
+    definition.args = rest;
+  }
+}

package/src/cli/manage-policies.ts

@@ -0,0 +1,291 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { pathToFileURL } from 'node:url';
+import { BUILTIN_POLICIES, type PolicyDefinition } from '../shared/policies.js';
+import {
+  applyCommandString,
+  assertValidName,
+  fail,
+  installScript,
+  loadPolicies,
+  scriptInsidePolicyScripts,
+  unlinkIfExists,
+  writePolicies,
+} from './manage-policies-utils.js';
+
+const root = new Command('manage-policies');
+root.description(
+  'Manage clawmini policies. Subcommands: add, update, remove. Reads are unrestricted — use `clawmini-lite requests show <name>` instead.'
+);
+
+root
+  .command('add')
+  .description('Register a new policy. Errors if the name already exists.')
+  .requiredOption('--name <policy_name>', 'Name of the policy')
+  .requiredOption('--description <description>', 'Description of the policy')
+  .option('--command <command_string>', 'The shell command to run (e.g. "npm install -g")')
+  .option('--script-file <path>', 'Path to a script file (mapped securely via --file)')
+  .option(
+    '--dangerously-auto-approve',
+    'Skip user approval for every invocation of this policy. Only safe for fully sandboxed, side-effect-free commands.',
+    false
+  )
+  .option(
+    '--dangerously-allow-help',
+    'Allow the agent to run the policy with `--help` without approval. Only safe if the underlying command treats `--help` as read-only.',
+    false
+  )
+  .addHelpText(
+    'after',
+    `
+Examples:
+  1. Add a policy that wraps a shell command:
+     clawmini-lite request manage-policies -- add --name npm-install --description "Run npm install" --command "npm install"
+
+  2. Add a policy backed by a script file:
+     clawmini-lite request manage-policies --file script=./install.sh -- add --name custom-install --description "Run custom install script" --script-file "{{script}}"
+
+  3. Add a read-only policy that auto-approves and exposes --help:
+     clawmini-lite request manage-policies -- add --name list-files --description "List files" --command "ls" --dangerously-auto-approve --dangerously-allow-help
+`
+  )
+  .action((options) => {
+    const name: string = options.name;
+    const description: string = options.description;
+    const commandStr: string | undefined = options.command;
+    const scriptFile: string | undefined = options.scriptFile;
+    const autoApprove = !!options.dangerouslyAutoApprove;
+    const allowHelp = !!options.dangerouslyAllowHelp;
+
+    assertValidName(name);
+
+    if (!commandStr && !scriptFile) {
+      fail('Must provide either --command or --script-file.');
+    }
+    if (commandStr && scriptFile) {
+      fail('--command and --script-file are mutually exclusive.');
+    }
+
+    const { dirPath, policies, policiesPath } = loadPolicies();
+
+    if (Object.prototype.hasOwnProperty.call(policies.policies, name)) {
+      fail(
+        `Policy '${name}' is already registered. Use 'manage-policies update' to modify it, or 'manage-policies remove' first.`
+      );
+    }
+
+    const definition: PolicyDefinition = {
+      description,
+      allowHelp,
+      autoApprove,
+      command: '',
+    };
+
+    if (scriptFile) {
+      definition.command = installScript(dirPath, name, scriptFile);
+    } else if (commandStr) {
+      applyCommandString(definition, commandStr);
+    }
+
+    policies.policies[name] = definition;
+    writePolicies(policiesPath, policies);
+    console.log(`Successfully added policy '${name}'.`);
+  });
+
+root
+  .command('update')
+  .description('Modify fields on an existing user-registered policy.')
+  .requiredOption('--name <policy_name>', 'Name of the policy to update')
+  .option('--description <description>', 'New description')
+  .option('--command <command_string>', 'Replace the shell command (e.g. "npm install -g")')
+  .option('--script-file <path>', 'Replace the policy with a script file (mapped via --file)')
+  .option(
+    '--dangerously-auto-approve',
+    'Enable autoApprove. Only safe for fully sandboxed, side-effect-free commands.'
+  )
+  .option('--no-dangerously-auto-approve', 'Disable autoApprove.')
+  .option(
+    '--dangerously-allow-help',
+    'Enable allowHelp. Only safe if the underlying command treats `--help` as read-only.'
+  )
+  .option('--no-dangerously-allow-help', 'Disable allowHelp.')
+  .addHelpText(
+    'after',
+    `
+Examples:
+  1. Update the description of an existing policy:
+     clawmini-lite request manage-policies -- update --name npm-install --description "Run npm install (with cache)"
+
+  2. Replace the command:
+     clawmini-lite request manage-policies -- update --name npm-install --command "npm ci"
+
+  3. Enable the dangerous flags:
+     clawmini-lite request manage-policies -- update --name list-files --dangerously-auto-approve --dangerously-allow-help
+
+  4. Turn a dangerous flag off again:
+     clawmini-lite request manage-policies -- update --name list-files --no-dangerously-auto-approve
+`
+  )
+  .action((options) => {
+    const name: string = options.name;
+    const description: string | undefined = options.description;
+    const commandStr: string | undefined = options.command;
+    const scriptFile: string | undefined = options.scriptFile;
+    const autoApprove: boolean | undefined = options.dangerouslyAutoApprove;
+    const allowHelp: boolean | undefined = options.dangerouslyAllowHelp;
+
+    assertValidName(name);
+
+    if (commandStr && scriptFile) {
+      fail('--command and --script-file are mutually exclusive.');
+    }
+
+    const noChange =
+      description === undefined &&
+      commandStr === undefined &&
+      scriptFile === undefined &&
+      autoApprove === undefined &&
+      allowHelp === undefined;
+    if (noChange) {
+      fail(
+        'No fields specified to update. Pass at least one of --description, --command, --script-file, --dangerously-auto-approve, --dangerously-allow-help.'
+      );
+    }
+
+    const { dirPath, policies, policiesPath } = loadPolicies();
+    const existing = policies.policies[name];
+
+    if (existing === false) {
+      // The user previously disabled this entry with `remove --disable-builtin`.
+      // We don't auto-clear that here — the agent must reaffirm intent via remove
+      // (which clears the false) and then add. Otherwise an update could silently
+      // re-enable a policy the user explicitly opted out of.
+      fail(
+        `Policy '${name}' is currently disabled. Run 'manage-policies remove --name ${name}' to clear the disable, then 'manage-policies add' to register it.`
+      );
+    }
+    if (existing === undefined) {
+      // Built-ins are only modifiable by writing an explicit user override
+      // (which is what `add` does). We refuse here so updates can't silently
+      // shadow a built-in the user never opted into.
+      fail(
+        `No user-registered policy '${name}' to update. Use 'manage-policies add' to register one.`
+      );
+    }
+
+    // Capture before mutating: if the policy currently points at a managed
+    // script file, we may need to unlink it after replacing the command.
+    const priorScriptAbs = scriptInsidePolicyScripts(dirPath, existing.command);
+
+    const updated: PolicyDefinition = { ...existing };
+    if (description !== undefined) updated.description = description;
+    if (scriptFile !== undefined) {
+      updated.command = installScript(dirPath, name, scriptFile);
+      delete updated.args;
+    } else if (commandStr !== undefined) {
+      delete updated.args;
+      applyCommandString(updated, commandStr);
+    }
+    if (autoApprove !== undefined) updated.autoApprove = autoApprove;
+    if (allowHelp !== undefined) updated.allowHelp = allowHelp;
+
+    policies.policies[name] = updated;
+    writePolicies(policiesPath, policies);
+
+    // Now that policies.json points at the new command, drop the orphaned
+    // prior script (e.g. `<name>.sh` left behind when updating to `<name>.py`,
+    // or any script file when switching to --command). Done after the json
+    // write so a failure here cannot strand policies.json pointing at a
+    // file we just deleted.
+    const newScriptAbs = scriptInsidePolicyScripts(dirPath, updated.command);
+    if (priorScriptAbs && priorScriptAbs !== newScriptAbs) {
+      unlinkIfExists(priorScriptAbs);
+    }
+
+    console.log(`Successfully updated policy '${name}'.`);
+  });
+
+root
+  .command('remove')
+  .description('Remove (or disable) a registered policy.')
+  .requiredOption('--name <policy_name>', 'Name of the policy to remove')
+  .option(
+    '--disable-builtin',
+    'When the name matches a built-in policy, write `false` to opt out instead of just deleting the user override.',
+    false
+  )
+  .addHelpText(
+    'after',
+    `
+Examples:
+  1. Remove a user-registered policy:
+     clawmini-lite request manage-policies -- remove --name npm-install
+
+  2. Disable a built-in policy (writes \`false\` to opt out):
+     clawmini-lite request manage-policies -- remove --name manage-policies --disable-builtin
+
+  3. Drop a user override of a built-in (the built-in then surfaces again):
+     clawmini-lite request manage-policies -- remove --name manage-policies
+`
+  )
+  .action((options) => {
+    const name: string = options.name;
+    const disableBuiltin: boolean = !!options.disableBuiltin;
+
+    assertValidName(name);
+
+    const { policies, policiesPath } = loadPolicies();
+    const isBuiltin = name in BUILTIN_POLICIES;
+    const existing = policies.policies[name];
+
+    if (disableBuiltin) {
+      if (!isBuiltin) {
+        fail(
+          `--disable-builtin can only be used for built-in policies; '${name}' is not a built-in.`
+        );
+      }
+      if (existing === false) {
+        fail(`Built-in policy '${name}' is already disabled.`);
+      }
+      // A user override (object) is a deliberate customization; silently
+      // replacing it with `false` would destroy approved work. Force the
+      // agent to drop the override first, then re-run with --disable-builtin.
+      if (existing !== undefined) {
+        fail(
+          `Policy '${name}' has a user override that would be lost. Run 'manage-policies remove --name ${name}' first, then re-run with --disable-builtin.`
+        );
+      }
+      policies.policies[name] = false;
+      writePolicies(policiesPath, policies);
+      console.log(`Successfully disabled built-in policy '${name}'.`);
+      return;
+    }
+
+    if (existing === undefined) {
+      const hint = isBuiltin
+        ? ` '${name}' is a built-in. To opt out, re-run with --disable-builtin.`
+        : '';
+      fail(`No policy entry '${name}' to remove.${hint}`);
+    }
+
+    delete policies.policies[name];
+    writePolicies(policiesPath, policies);
+
+    if (existing === false) {
+      console.log(
+        `Successfully cleared the disable entry for '${name}'.${
+          isBuiltin ? ' The built-in will surface again.' : ''
+        }`
+      );
+    } else if (isBuiltin) {
+      console.log(
+        `Successfully removed user override of built-in policy '${name}'. The built-in will surface again.`
+      );
+    } else {
+      console.log(`Successfully removed policy '${name}'.`);
+    }
+  });
+
+if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
+  root.parse(process.argv);
+}

package/src/cli/run-host.ts

@@ -0,0 +1,45 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { spawn } from 'node:child_process';
+import { pathToFileURL } from 'node:url';
+
+const runHostCmd = new Command('run-host');
+
+runHostCmd
+  .description('Run an arbitrary shell command on the host via `sh -c`.')
+  .requiredOption(
+    '--command <command_string>',
+    'The shell command to execute. Supports pipes, redirection, &&, ||, etc.'
+  )
+  .addHelpText(
+    'after',
+    `
+Examples:
+  1. Run a simple command:
+     clawmini-lite request run-host -- --command "ls -la"
+
+  2. Run a command with pipes and redirection:
+     clawmini-lite request run-host -- --command "cat file.txt | grep error > errors.log"
+
+  3. Chain commands:
+     clawmini-lite request run-host -- --command "npm install && npm test"
+`
+  )
+  .action((options: { command: string }) => {
+    const child = spawn('sh', ['-c', options.command], {
+      stdio: ['ignore', 'inherit', 'inherit'],
+    });
+
+    child.on('close', (code) => {
+      process.exit(code ?? 1);
+    });
+
+    child.on('error', (err) => {
+      console.error(`Failed to execute command: ${err.message}`);
+      process.exit(1);
+    });
+  });
+
+if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
+  runHostCmd.parse(process.argv);
+}