npm - clementine-agent - Versions diffs - 1.1.11 → 1.1.13 - Mend

clementine-agent 1.1.11 → 1.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/agent/assistant.js +16 -3
package/dist/cli/dashboard.js +45 -0
package/dist/cli/index.js +73 -3
package/dist/config/harden-permissions.d.ts +52 -0
package/dist/config/harden-permissions.js +181 -0
package/package.json +1 -1

package/dist/agent/assistant.js CHANGED Viewed

@@ -1517,18 +1517,31 @@ You have a cost budget per message — not a hard turn limit. Work until the tas
                 const { detectFrustrationSignals, detectRepeatedTopics } = require('./insight-engine.js');
                 const since24h = new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString();
                 const since7d = new Date(Date.now() - 7 * 24 * 60 * 60 * 1000).toISOString();
-                const recent = this.getRecentActivity(since24h, 50);
-                const week = this.getRecentActivity(since7d, 200);
+                let recent = this.getRecentActivity(since24h, 50);
+                let week = this.getRecentActivity(since7d, 200);
+                // Phase 10c: per-agent scope filter. Per-agent bot session keys
+                // embed the agent slug (e.g. dm:ross-the-sdr:userId), so when this
+                // prompt is for a specific agent profile we only consider sessions
+                // that involved THAT agent. Without this filter, Nate's frustration
+                // chatting with Sasha would leak into Ross's prompt — wrong signal.
+                if (profile?.slug) {
+                    const slugMarker = `:${profile.slug}:`;
+                    recent = recent.filter(e => e.sessionKey.includes(slugMarker));
+                    week = week.filter(e => e.sessionKey.includes(slugMarker));
+                }
                 const frustration = detectFrustrationSignals(recent);
                 const topics = detectRepeatedTopics(week);
                 const allSignals = [...frustration, ...topics];
                 if (allSignals.length > 0) {
+                    const scopeNote = profile?.slug
+                        ? `\n\n*Scope: signals from sessions with you (${profile.slug}).*`
+                        : '';
                     const guidance = frustration.length > 0
                         ? '\n\n**Adjust your approach:** When friction signals are present, lead with a clarifying question instead of assuming. Acknowledge the prior misunderstanding briefly without over-apologizing. Confirm understanding before acting.'
                         : '\n\n**Use this context naturally:** Recurring topics may indicate an unresolved thread — if relevant, offer to close the loop or summarize current state. Do not force callbacks if not directly applicable.';
                     volatileParts.push(`## Conversational Context\n\nSignals from recent sessions:\n` +
                         allSignals.map(s => `- ${s}`).join('\n') +
-                        guidance);
+                        guidance + scopeNote);
                 }
             }
             catch { /* non-fatal — insight-engine optional */ }

package/dist/cli/dashboard.js CHANGED Viewed

@@ -16981,6 +16981,51 @@ async function refreshToolUsagePanel() {
       }
       html += '</table>';
     }
+    // Phase 11e: cost-by-source pivot — aggregates the bySource maps from
+    // every family into a single "top jobs by spend" view. Uses only data
+    // already in the response, no extra API call.
+    const sourceTotals = {};
+    for (const f of (data.families || [])) {
+      const callsPerSource = {};
+      for (const s of (f.bySource || [])) callsPerSource[s.source] = s.count;
+      const familyTotalCalls = f.totalCalls || 0;
+      for (const s of (f.bySource || [])) {
+        const share = familyTotalCalls > 0 ? s.count / familyTotalCalls : 0;
+        const cost = (f.estimatedCostUsd || 0) * share;
+        if (!sourceTotals[s.source]) sourceTotals[s.source] = { source: s.source, cost: 0, calls: 0 };
+        sourceTotals[s.source].cost += cost;
+        sourceTotals[s.source].calls += s.count;
+      }
+    }
+    const sourceList = Object.values(sourceTotals)
+      .filter(s => s.source !== 'unknown' || sourceTotals.unknown.cost > 0)
+      .sort((a, b) => b.cost - a.cost);
+    if (sourceList.length > 0) {
+      const maxSrcCost = Math.max.apply(null, sourceList.map(s => s.cost).concat([0.0001]));
+      html += '<div style="margin-top:18px"><div style="font-weight:600;font-size:13px;margin-bottom:8px;color:var(--text-secondary)">Top jobs by cost</div>';
+      html += '<table style="width:100%;font-size:13px"><tr>'
+        + '<th>Job / source</th><th style="text-align:right">Cost</th><th style="text-align:right">Share</th><th style="text-align:right">Calls</th><th>Distribution</th></tr>';
+      const totalSrcCost = sourceList.reduce((sum, s) => sum + s.cost, 0);
+      for (const s of sourceList.slice(0, 10)) {
+        const pct = totalSrcCost > 0 ? ((s.cost / totalSrcCost) * 100).toFixed(1) + '%' : '0.0%';
+        const barW = Math.max(2, Math.round((s.cost / maxSrcCost) * 100));
+        const sourceLabel = s.source === 'unknown'
+          ? '<em style="color:var(--text-muted)">unattributed</em>'
+          : '<strong>' + esc(s.source) + '</strong>';
+        html += '<tr>'
+          + '<td>' + sourceLabel + '</td>'
+          + '<td style="text-align:right;color:var(--green)">$' + s.cost.toFixed(2) + '</td>'
+          + '<td style="text-align:right;color:var(--text-muted)">' + pct + '</td>'
+          + '<td style="text-align:right">' + s.calls.toLocaleString() + '</td>'
+          + '<td><div style="background:var(--bg-elev);height:8px;border-radius:4px;overflow:hidden;width:100%;max-width:160px">'
+          + '<div style="background:var(--blue);height:100%;width:' + barW + '%"></div></div></td>'
+          + '</tr>';
+      }
+      html += '</table></div>';
+    }
     html += '</div></div>';
     host.innerHTML = html;
   } catch(e) {

package/dist/cli/index.js CHANGED Viewed

@@ -899,7 +899,10 @@ function cmdConfigSet(key, value) {
     else {
         content = content.trimEnd() + `\n${upperKey}=${value}\n`;
     }
-    writeFileSync(ENV_PATH, content);
+    // Mode 0o600 — credentials live here; never world-readable. Phase 12
+    // hardening also fixes pre-existing .env files via `clementine config
+    // harden-permissions`.
+    writeFileSync(ENV_PATH, content, { mode: 0o600 });
     console.log(`  Set ${upperKey}=${value}`);
 }
 function cmdConfigGet(key) {
@@ -1217,6 +1220,65 @@ async function cmdConfigMigrateFromKeychain(opts) {
     console.log(`  ${GREEN}Migrated ${result.migrated.length} key${result.migrated.length === 1 ? '' : 's'} out of keychain.${RESET}`);
     console.log();
 }
+// ── Config harden-permissions ────────────────────────────────────────
+async function cmdConfigHardenPermissions(opts) {
+    const { hardenPermissions } = await import('../config/harden-permissions.js');
+    const report = hardenPermissions(BASE_DIR, { dryRun: opts.dryRun });
+    if (opts.json) {
+        console.log(JSON.stringify(report, null, 2));
+        process.exit(report.failed > 0 ? 1 : 0);
+    }
+    const DIM = '\x1b[0;90m';
+    const BOLD = '\x1b[1m';
+    const GREEN = '\x1b[0;32m';
+    const YELLOW = '\x1b[0;33m';
+    const RED = '\x1b[0;31m';
+    const CYAN = '\x1b[0;36m';
+    const RESET = '\x1b[0m';
+    console.log();
+    console.log(`  ${BOLD}Data home:${RESET}  ${report.baseDir}`);
+    console.log(`  ${BOLD}Mode:${RESET}        ${opts.dryRun ? `${YELLOW}dry run${RESET}` : `${GREEN}apply${RESET}`}`);
+    console.log();
+    console.log(`  ${BOLD}Scanned:${RESET}         ${report.scanned}`);
+    console.log(`  ${GREEN}Tightened:${RESET}       ${report.tightened}`);
+    console.log(`  ${DIM}Already correct:${RESET} ${report.alreadyCorrect}`);
+    console.log(`  ${DIM}Skipped:${RESET}         ${report.skipped}`);
+    if (report.failed > 0) {
+        console.log(`  ${RED}Failed:${RESET}          ${report.failed}`);
+    }
+    console.log();
+    // Show first ~20 tightened entries — enough to see the shape without flooding
+    const tightened = report.entries.filter(e => e.status === 'tightened').slice(0, 20);
+    if (tightened.length > 0) {
+        console.log(`  ${BOLD}${opts.dryRun ? 'Would tighten' : 'Tightened'} (showing first ${tightened.length}):${RESET}`);
+        for (const e of tightened) {
+            const rel = e.path.startsWith(report.baseDir + '/') ? e.path.slice(report.baseDir.length + 1) : e.path;
+            const kindTag = e.kind === 'directory' ? `${CYAN}d${RESET}` : `${DIM}-${RESET}`;
+            console.log(`    ${kindTag} ${e.beforeMode} ${DIM}→${RESET} ${GREEN}${e.afterMode}${RESET}  ${rel}`);
+        }
+        if (report.tightened > tightened.length) {
+            console.log(`    ${DIM}... ${report.tightened - tightened.length} more${RESET}`);
+        }
+        console.log();
+    }
+    const failed = report.entries.filter(e => e.status === 'failed').slice(0, 10);
+    if (failed.length > 0) {
+        console.log(`  ${RED}${BOLD}Failed:${RESET}`);
+        for (const e of failed) {
+            console.log(`    ${RED}✗${RESET} ${e.path} — ${e.error ?? 'unknown'}`);
+        }
+        console.log();
+    }
+    if (opts.dryRun) {
+        console.log(`  ${DIM}Re-run without --dry-run to apply.${RESET}`);
+        console.log();
+    }
+    else if (report.tightened > 0) {
+        console.log(`  ${GREEN}Done.${RESET} ${DIM}Re-run \`clementine config doctor\` to confirm permissions are now correct.${RESET}`);
+        console.log();
+    }
+    process.exit(report.failed > 0 ? 1 : 0);
+}
 // ── Config keychain-fix-acl ─────────────────────────────────────────
 async function cmdConfigKeychainFixAcl(opts) {
     const { listClementineKeychainEntries, fixAllClementineEntries } = await import('../config/keychain-fix-acl.js');
@@ -2004,6 +2066,14 @@ configCmd
     .action(async (opts) => {
     await cmdConfigKeychainFixAcl(opts);
 });
+configCmd
+    .command('harden-permissions')
+    .description('Tighten file modes in ~/.clementine/ — files to 0600, directories to 0700')
+    .option('--dry-run', 'Preview without changing anything')
+    .option('--json', 'Emit machine-readable JSON')
+    .action(async (opts) => {
+    await cmdConfigHardenPermissions(opts);
+});
 configCmd
     .command('edit')
     .description('Open .env in your editor')
@@ -2229,10 +2299,10 @@ async function cmdUpdate(options) {
     console.log(`  ${S()} Backing up config...`);
     if (!options.dryRun) {
         mkdirSync(backupDir, { recursive: true });
-        // .env
+        // .env (mode 0o600 — backup carries credentials, same protection as live file)
         if (existsSync(ENV_PATH)) {
             const envContent = readFileSync(ENV_PATH, 'utf-8');
-            writeFileSync(path.join(backupDir, '.env'), envContent);
+            writeFileSync(path.join(backupDir, '.env'), envContent, { mode: 0o600 });
         }
         // Cron state
         const cronStateFile = path.join(BASE_DIR, '.cron_last_run.json');

package/dist/config/harden-permissions.d.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Tighten file modes on the Clementine data home.
+ *
+ * Walks ~/.clementine/ (or any baseDir) and:
+ *   - Sets every regular file to mode 0600 (owner read/write only)
+ *   - Sets every directory to mode 0700 (owner traverse only)
+ *
+ * Why: state files live alongside `credentials.json` and `.env`. Even
+ * after Phase 9b's outbound redaction, contents on disk include
+ * conversation transcripts, advisor LLM outputs, cron run logs, full
+ * Discord/Slack message snippets, etc. Default umask 022 leaves all of
+ * those world-readable; on a single-user laptop the practical risk is
+ * Time Machine backup exposure and any process running as the user.
+ *
+ * Pure: returns a result describing what was tightened, what was already
+ * correct, and what failed (e.g. permission denied if user wasn't owner).
+ * Caller decides whether to print, JSON-stringify, or act on the result.
+ *
+ * Idempotent: re-running on an already-hardened tree is a no-op (every
+ * entry returns "already correct"). chmod is the cheapest syscall —
+ * even a 1000-file tree completes in milliseconds.
+ *
+ * Skip list: a few entries are intentionally NOT touched:
+ *   - Symlinks (chmod follows symlinks; could escalate elsewhere). We
+ *     check via lstat and skip non-files/non-dirs.
+ *   - Files we don't own (chmod will fail; we capture the failure in
+ *     the report rather than crashing).
+ */
+export type HardenStatus = 'tightened' | 'already-correct' | 'skipped' | 'failed';
+export interface HardenEntry {
+    path: string;
+    kind: 'file' | 'directory' | 'other';
+    beforeMode: string;
+    afterMode: string;
+    status: HardenStatus;
+    error?: string;
+}
+export interface HardenReport {
+    baseDir: string;
+    scanned: number;
+    tightened: number;
+    alreadyCorrect: number;
+    skipped: number;
+    failed: number;
+    /** Per-entry detail. Cap at 50 in printable form to keep output sane;
+     *  full list available in the JSON output. */
+    entries: HardenEntry[];
+}
+export declare function hardenPermissions(baseDir: string, opts?: {
+    dryRun?: boolean;
+}): HardenReport;
+//# sourceMappingURL=harden-permissions.d.ts.map

package/dist/config/harden-permissions.js ADDED Viewed

@@ -0,0 +1,181 @@
+/**
+ * Tighten file modes on the Clementine data home.
+ *
+ * Walks ~/.clementine/ (or any baseDir) and:
+ *   - Sets every regular file to mode 0600 (owner read/write only)
+ *   - Sets every directory to mode 0700 (owner traverse only)
+ *
+ * Why: state files live alongside `credentials.json` and `.env`. Even
+ * after Phase 9b's outbound redaction, contents on disk include
+ * conversation transcripts, advisor LLM outputs, cron run logs, full
+ * Discord/Slack message snippets, etc. Default umask 022 leaves all of
+ * those world-readable; on a single-user laptop the practical risk is
+ * Time Machine backup exposure and any process running as the user.
+ *
+ * Pure: returns a result describing what was tightened, what was already
+ * correct, and what failed (e.g. permission denied if user wasn't owner).
+ * Caller decides whether to print, JSON-stringify, or act on the result.
+ *
+ * Idempotent: re-running on an already-hardened tree is a no-op (every
+ * entry returns "already correct"). chmod is the cheapest syscall —
+ * even a 1000-file tree completes in milliseconds.
+ *
+ * Skip list: a few entries are intentionally NOT touched:
+ *   - Symlinks (chmod follows symlinks; could escalate elsewhere). We
+ *     check via lstat and skip non-files/non-dirs.
+ *   - Files we don't own (chmod will fail; we capture the failure in
+ *     the report rather than crashing).
+ */
+import { readdirSync, lstatSync, chmodSync } from 'node:fs';
+import path from 'node:path';
+const FILE_TARGET = 0o600;
+const DIR_TARGET = 0o700;
+function octal(mode) {
+    return (mode & 0o777).toString(8).padStart(3, '0');
+}
+/**
+ * Walk a directory tree iteratively (not recursively — no stack-blow risk
+ * on deep vault trees). Returns absolute paths.
+ */
+function walk(root) {
+    const out = [];
+    const stack = [root];
+    while (stack.length > 0) {
+        const dir = stack.pop();
+        let entries;
+        try {
+            entries = readdirSync(dir);
+        }
+        catch {
+            continue; // unreadable dir — caller will see it as skipped
+        }
+        for (const name of entries) {
+            const full = path.join(dir, name);
+            try {
+                const st = lstatSync(full);
+                if (st.isSymbolicLink())
+                    continue; // never follow
+                if (st.isDirectory()) {
+                    out.push(full);
+                    stack.push(full);
+                }
+                else if (st.isFile()) {
+                    out.push(full);
+                }
+            }
+            catch {
+                // stat failed — skip
+            }
+        }
+    }
+    return out;
+}
+export function hardenPermissions(baseDir, opts = {}) {
+    const report = {
+        baseDir,
+        scanned: 0,
+        tightened: 0,
+        alreadyCorrect: 0,
+        skipped: 0,
+        failed: 0,
+        entries: [],
+    };
+    // Always include baseDir itself in the walk
+    let baseSt;
+    try {
+        baseSt = lstatSync(baseDir);
+    }
+    catch (err) {
+        report.entries.push({
+            path: baseDir,
+            kind: 'other',
+            beforeMode: '???',
+            afterMode: '???',
+            status: 'failed',
+            error: `baseDir not accessible: ${String(err).slice(0, 100)}`,
+        });
+        report.failed++;
+        return report;
+    }
+    if (!baseSt.isDirectory()) {
+        report.entries.push({
+            path: baseDir,
+            kind: 'other',
+            beforeMode: octal(baseSt.mode),
+            afterMode: octal(baseSt.mode),
+            status: 'skipped',
+            error: 'baseDir is not a directory',
+        });
+        report.skipped++;
+        return report;
+    }
+    const all = [baseDir, ...walk(baseDir)];
+    for (const p of all) {
+        let st;
+        try {
+            st = lstatSync(p);
+        }
+        catch (err) {
+            report.entries.push({
+                path: p,
+                kind: 'other',
+                beforeMode: '???',
+                afterMode: '???',
+                status: 'failed',
+                error: String(err).slice(0, 100),
+            });
+            report.failed++;
+            continue;
+        }
+        report.scanned++;
+        const beforeMode = octal(st.mode);
+        let kind = 'other';
+        let target = null;
+        if (st.isDirectory()) {
+            kind = 'directory';
+            target = DIR_TARGET;
+        }
+        else if (st.isFile()) {
+            kind = 'file';
+            target = FILE_TARGET;
+        }
+        if (target === null) {
+            // Sockets, FIFOs, devices, etc. — leave alone.
+            report.entries.push({
+                path: p, kind, beforeMode, afterMode: beforeMode, status: 'skipped',
+            });
+            report.skipped++;
+            continue;
+        }
+        if ((st.mode & 0o777) === target) {
+            report.entries.push({
+                path: p, kind, beforeMode, afterMode: beforeMode, status: 'already-correct',
+            });
+            report.alreadyCorrect++;
+            continue;
+        }
+        if (opts.dryRun) {
+            report.entries.push({
+                path: p, kind, beforeMode, afterMode: octal(target), status: 'tightened',
+            });
+            report.tightened++;
+            continue;
+        }
+        try {
+            chmodSync(p, target);
+            report.entries.push({
+                path: p, kind, beforeMode, afterMode: octal(target), status: 'tightened',
+            });
+            report.tightened++;
+        }
+        catch (err) {
+            report.entries.push({
+                path: p, kind, beforeMode, afterMode: beforeMode, status: 'failed',
+                error: String(err).slice(0, 100),
+            });
+            report.failed++;
+        }
+    }
+    return report;
+}
+//# sourceMappingURL=harden-permissions.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.1.11",
+  "version": "1.1.13",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",