cli-claw-kit 0.0.1

package/dist/terminal-manager.js

@@ -0,0 +1,307 @@
+import { spawn } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { logger } from './logger.js';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+/**
+ * Standalone Node.js script that wraps node-pty.
+ * Spawned as `node pty-worker.cjs <json-args>`, communicates via JSON lines
+ * over stdin/stdout.  This sidesteps Bun's incompatibility with node-pty's
+ * native addon.
+ */
+const PTY_WORKER_PATH = path.resolve(__dirname, '..', 'src', 'pty-worker.cjs');
+export class TerminalManager {
+    sessions = new Map();
+    /** Set to true when node-pty is detected as broken (e.g. Node.js version incompatibility) */
+    ptyDisabled = false;
+    start(groupJid, containerName, cols, rows, onData, onExit) {
+        // 如果已有会话，先关闭
+        if (this.sessions.has(groupJid)) {
+            this.stop(groupJid);
+        }
+        logger.info({ groupJid, containerName, cols, rows }, 'Starting terminal session');
+        const shellBootstrap = 'export TERM="${TERM:-xterm-256color}"; stty erase "^?" 2>/dev/null; ' +
+            'if command -v zsh >/dev/null 2>&1; then exec zsh -il; ' +
+            'elif command -v bash >/dev/null 2>&1; then exec bash -il; ' +
+            'else exec sh -i; fi';
+        // Try PTY mode via node subprocess (Bun can't load node-pty natively)
+        if (!this.ptyDisabled && fs.existsSync(PTY_WORKER_PATH)) {
+            try {
+                const workerArgs = JSON.stringify({
+                    file: 'docker',
+                    args: [
+                        'exec',
+                        '-it',
+                        '-u',
+                        'node',
+                        containerName,
+                        '/bin/sh',
+                        '-c',
+                        shellBootstrap,
+                    ],
+                    name: 'xterm-256color',
+                    cols,
+                    rows,
+                });
+                const proc = spawn('node', [PTY_WORKER_PATH, workerArgs], {
+                    stdio: ['pipe', 'pipe', 'pipe'],
+                    env: process.env,
+                });
+                const session = {
+                    mode: 'pty',
+                    process: proc,
+                    containerName,
+                    groupJid,
+                    createdAt: Date.now(),
+                    stoppedManually: false,
+                };
+                // Track whether PTY worker has been alive long enough to be considered healthy
+                let ptyHealthy = false;
+                const ptyHealthTimer = setTimeout(() => {
+                    ptyHealthy = true;
+                }, 2000);
+                // Parse JSON-line messages from the worker
+                let buffer = '';
+                proc.stdout?.on('data', (chunk) => {
+                    buffer += chunk.toString();
+                    let newlineIdx;
+                    while ((newlineIdx = buffer.indexOf('\n')) !== -1) {
+                        const line = buffer.slice(0, newlineIdx);
+                        buffer = buffer.slice(newlineIdx + 1);
+                        try {
+                            const msg = JSON.parse(line);
+                            if (msg.type === 'data') {
+                                onData(msg.data);
+                            }
+                            else if (msg.type === 'exit') {
+                                if (!session.stoppedManually) {
+                                    logger.info({ groupJid, exitCode: msg.exitCode, signal: msg.signal }, 'Terminal session exited');
+                                    this.sessions.delete(groupJid);
+                                    onExit(msg.exitCode, msg.signal);
+                                }
+                            }
+                        }
+                        catch {
+                            // Not JSON — forward as raw output
+                            onData(line);
+                        }
+                    }
+                });
+                proc.stderr?.on('data', (chunk) => {
+                    logger.warn({ groupJid, stderr: chunk.toString().trim() }, 'PTY worker stderr');
+                });
+                proc.on('close', (exitCode) => {
+                    clearTimeout(ptyHealthTimer);
+                    if (session.stoppedManually || !this.sessions.has(groupJid))
+                        return;
+                    // If PTY worker crashes quickly (< 2s), node-pty is broken — fall back to pipe mode permanently
+                    if (!ptyHealthy) {
+                        logger.warn({ groupJid, exitCode }, 'PTY worker crashed on startup, disabling PTY and falling back to pipe mode');
+                        this.ptyDisabled = true;
+                        this.sessions.delete(groupJid);
+                        this.startPipeMode(groupJid, containerName, shellBootstrap, onData, onExit);
+                        return;
+                    }
+                    logger.info({ groupJid, exitCode }, 'PTY worker process closed');
+                    this.sessions.delete(groupJid);
+                    onExit(exitCode ?? 1);
+                });
+                proc.on('error', (err) => {
+                    clearTimeout(ptyHealthTimer);
+                    logger.warn({ err, groupJid }, 'PTY worker spawn error');
+                    if (!session.stoppedManually && this.sessions.has(groupJid)) {
+                        this.sessions.delete(groupJid);
+                        // Disable PTY and fall back to pipe mode
+                        this.ptyDisabled = true;
+                        this.startPipeMode(groupJid, containerName, shellBootstrap, onData, onExit);
+                    }
+                });
+                this.sessions.set(groupJid, session);
+                return;
+            }
+            catch (err) {
+                logger.warn({ err, groupJid, containerName }, 'PTY worker spawn failed, falling back to pipe terminal');
+                this.ptyDisabled = true;
+            }
+        }
+        else if (!fs.existsSync(PTY_WORKER_PATH)) {
+            logger.warn({ path: PTY_WORKER_PATH }, 'PTY worker script not found, falling back to pipe terminal');
+        }
+        this.startPipeMode(groupJid, containerName, shellBootstrap, onData, onExit);
+    }
+    /** Pipe mode fallback (no PTY, line-based input) */
+    startPipeMode(groupJid, containerName, shellBootstrap, onData, onExit) {
+        const proc = spawn('docker', [
+            'exec',
+            '-i',
+            '-u',
+            'node',
+            containerName,
+            '/bin/sh',
+            '-c',
+            shellBootstrap,
+        ], {
+            stdio: ['pipe', 'pipe', 'pipe'],
+            env: {
+                ...process.env,
+                TERM: process.env.TERM || 'xterm-256color',
+            },
+        });
+        const session = {
+            mode: 'pipe',
+            process: proc,
+            onData,
+            lineBuffer: '',
+            containerName,
+            groupJid,
+            createdAt: Date.now(),
+            stoppedManually: false,
+        };
+        let exited = false;
+        const finalizeExit = (exitCode) => {
+            if (exited || session.stoppedManually)
+                return;
+            exited = true;
+            logger.info({ groupJid, exitCode }, 'Pipe terminal session exited');
+            this.sessions.delete(groupJid);
+            onExit(exitCode);
+        };
+        proc.stdout?.on('data', (chunk) => {
+            onData(chunk.toString());
+        });
+        proc.stderr?.on('data', (chunk) => {
+            onData(chunk.toString());
+        });
+        proc.on('error', (err) => {
+            onData(`\r\n[terminal process error: ${err.message}]\r\n`);
+            finalizeExit(1);
+        });
+        proc.on('close', (exitCode) => {
+            finalizeExit(exitCode ?? 0);
+        });
+        this.sessions.set(groupJid, session);
+        onData('\r\n[terminal compatibility mode: no PTY available]\r\n' +
+            '[input is line-based; press Enter to execute]\r\n');
+    }
+    write(groupJid, data) {
+        const session = this.sessions.get(groupJid);
+        if (!session)
+            return;
+        if (session.mode === 'pty') {
+            // Send write command to PTY worker via JSON line
+            session.process.stdin?.write(JSON.stringify({ type: 'write', data }) + '\n');
+        }
+        else if (session.process.stdin?.writable) {
+            // Pipe mode: local line buffer with editing support.
+            // Characters are buffered locally; only the final edited line is sent
+            // to the shell on Enter. This is necessary because pipe stdin has no
+            // PTY line discipline to process backspace / Ctrl-U / etc.
+            for (let i = 0; i < data.length; i++) {
+                const ch = data[i];
+                if (ch === '\r' || ch === '\n') {
+                    // Skip \n following \r (Windows CRLF from paste)
+                    if (ch === '\r' && i + 1 < data.length && data[i + 1] === '\n')
+                        i++;
+                    // Send the clean, edited line to the shell
+                    session.process.stdin.write(session.lineBuffer + '\n');
+                    session.onData('\r\n');
+                    session.lineBuffer = '';
+                }
+                else if (ch === '\x7f' || ch === '\b') {
+                    // Backspace / DEL: remove last character
+                    if (session.lineBuffer.length > 0) {
+                        session.lineBuffer = session.lineBuffer.slice(0, -1);
+                        session.onData('\b \b');
+                    }
+                }
+                else if (ch === '\x15') {
+                    // Ctrl-U: kill entire line
+                    const len = session.lineBuffer.length;
+                    if (len > 0) {
+                        session.onData('\b \b'.repeat(len));
+                        session.lineBuffer = '';
+                    }
+                }
+                else if (ch === '\x17') {
+                    // Ctrl-W: delete last word
+                    const buf = session.lineBuffer;
+                    const trimmed = buf.replace(/\s+$/, '');
+                    const lastSpace = trimmed.lastIndexOf(' ');
+                    const newBuf = lastSpace >= 0 ? buf.slice(0, lastSpace + 1) : '';
+                    const removed = buf.length - newBuf.length;
+                    if (removed > 0) {
+                        session.onData('\b \b'.repeat(removed));
+                        session.lineBuffer = newBuf;
+                    }
+                }
+                else if (ch === '\x03') {
+                    // Ctrl-C: discard current line
+                    session.onData('^C\r\n');
+                    session.lineBuffer = '';
+                }
+                else if (ch === '\x04') {
+                    // Ctrl-D: send EOF if line is empty, otherwise ignore
+                    if (session.lineBuffer.length === 0) {
+                        session.process.stdin.end();
+                    }
+                }
+                else if (ch === '\t') {
+                    // Tab: insert literal tab (no completion in pipe mode)
+                    session.lineBuffer += ch;
+                    session.onData(ch);
+                }
+                else if (ch >= ' ') {
+                    // Printable character
+                    session.lineBuffer += ch;
+                    session.onData(ch);
+                }
+                // Ignore other control characters (arrow keys, etc.)
+            }
+        }
+    }
+    resize(groupJid, cols, rows) {
+        const session = this.sessions.get(groupJid);
+        if (session?.mode === 'pty') {
+            try {
+                session.process.stdin?.write(JSON.stringify({ type: 'resize', cols, rows }) + '\n');
+            }
+            catch {
+                // Worker may already be dead — ignore
+            }
+        }
+    }
+    stop(groupJid) {
+        const session = this.sessions.get(groupJid);
+        if (session) {
+            logger.info({ groupJid }, 'Stopping terminal session');
+            session.stoppedManually = true;
+            this.sessions.delete(groupJid);
+            try {
+                if (session.mode === 'pty') {
+                    session.process.stdin?.write(JSON.stringify({ type: 'kill' }) + '\n');
+                    setTimeout(() => {
+                        try {
+                            session.process.kill();
+                        }
+                        catch { }
+                    }, 500);
+                }
+                else {
+                    session.process.kill();
+                }
+            }
+            catch {
+                // ignore - process may already be dead
+            }
+        }
+    }
+    has(groupJid) {
+        return this.sessions.has(groupJid);
+    }
+    shutdown() {
+        for (const [groupJid] of this.sessions) {
+            this.stop(groupJid);
+        }
+    }
+}

package/dist/tool-step-display.js

@@ -0,0 +1 @@
+export { formatToolStepLine } from '../shared/dist/tool-step-display.js';

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/dist/utils.js

@@ -0,0 +1,85 @@
+// Utility functions
+import fs from 'fs';
+import path from 'path';
+import { DATA_DIR, TRUST_PROXY } from './config.js';
+/**
+ * Strip agent-internal XML tags from output text.
+ * Removes `<internal>...</internal>` and `<process>...</process>` blocks
+ * that the agent uses for internal reasoning / process tracking.
+ */
+export function stripAgentInternalTags(text) {
+    return text
+        .replace(/<internal>[\s\S]*?<\/internal>/g, '')
+        .replace(/<process>[\s\S]*?<\/process>/g, '')
+        .trim();
+}
+/**
+ * Detect whether an agent output is system-maintenance noise that should
+ * be suppressed from IM delivery when sourceKind is 'auto_continue'.
+ *
+ * These are short acknowledgements that the agent generates when its session
+ * transcript contains memory-flush / AGENTS.md-update context from the
+ * compaction pipeline (issue #275). Substantive user-facing continuations
+ * (task resumption, actual replies) are NOT noise and must pass through.
+ *
+ * Heuristic: text is "noise" if it is short (<= 30 chars) AND matches a
+ * known system-acknowledgement pattern after normalisation.
+ */
+const NOISE_PATTERNS = [
+    /^ok[.。!！]?$/,
+    /^好的[.。!！]?$/,
+    /^已更新/,
+    /^已完成/,
+    /^已刷新/,
+    /^记忆已/,
+    /^agents\.md\s*已/,
+    /^memory\s*(flush|updated)/i,
+];
+export function isSystemMaintenanceNoise(text) {
+    const normalized = text.trim().toLowerCase();
+    if (!normalized)
+        return true;
+    if (normalized.length > 30)
+        return false;
+    return NOISE_PATTERNS.some((p) => p.test(normalized));
+}
+/**
+ * Strip virtual JID suffixes (#task:xxx, #agent:xxx) to get the base JID.
+ */
+export function stripVirtualJidSuffix(jid) {
+    const taskSep = jid.indexOf('#task:');
+    if (taskSep >= 0)
+        return jid.slice(0, taskSep);
+    const agentSep = jid.indexOf('#agent:');
+    if (agentSep >= 0)
+        return jid.slice(0, agentSep);
+    return jid;
+}
+export function getClientIp(c) {
+    if (TRUST_PROXY) {
+        const xff = c.req.header('x-forwarded-for');
+        if (xff) {
+            const firstIp = xff.split(',')[0]?.trim();
+            if (firstIp)
+                return firstIp;
+        }
+        const realIp = c.req.header('x-real-ip');
+        if (realIp)
+            return realIp;
+    }
+    // Fallback: connection remote address (Hono + Node.js adapter)
+    // Hono Node.js adapter 将 IncomingMessage 存于 c.env.incoming
+    const connInfo = c.env?.incoming?.socket?.remoteAddress ||
+        c.env?.remoteAddr ||
+        c.req.raw?.socket?.remoteAddress;
+    return connInfo || 'unknown';
+}
+/** Create IPC + session directories for an agent. */
+export function ensureAgentDirectories(folder, agentId) {
+    const agentIpcDir = path.join(DATA_DIR, 'ipc', folder, 'agents', agentId);
+    fs.mkdirSync(path.join(agentIpcDir, 'input'), { recursive: true });
+    fs.mkdirSync(path.join(agentIpcDir, 'messages'), { recursive: true });
+    fs.mkdirSync(path.join(agentIpcDir, 'tasks'), { recursive: true });
+    fs.mkdirSync(path.join(DATA_DIR, 'sessions', folder, 'agents', agentId, '.claude'), { recursive: true });
+    return agentIpcDir;
+}

package/dist/web-context.js

@@ -0,0 +1,161 @@
+// Shared state and utilities for web server
+import { getJidsByFolder, getRegisteredGroup, getGroupMemberRole, getSessionWithUser, } from './db.js';
+let deps = null;
+export const wsClients = new Map();
+export const MAX_GROUP_NAME_LEN = 40;
+export function setWebDeps(d) {
+    deps = d;
+}
+export function getWebDeps() {
+    return deps;
+}
+// lastActiveCache - 5 min debounce for session activity tracking
+export const lastActiveCache = new Map();
+export const LAST_ACTIVE_DEBOUNCE_MS = 5 * 60 * 1000;
+const LAST_ACTIVE_CACHE_TTL_MS = 24 * 60 * 60 * 1000;
+const lastActiveCleanupTimer = setInterval(() => {
+    const cutoff = Date.now() - LAST_ACTIVE_CACHE_TTL_MS;
+    for (const [sessionId, touchedAt] of lastActiveCache.entries()) {
+        if (touchedAt < cutoff)
+            lastActiveCache.delete(sessionId);
+    }
+}, 60 * 60 * 1000);
+lastActiveCleanupTimer.unref?.();
+// Session data cache — 30s TTL, avoids DB query on every request
+const SESSION_CACHE_TTL_MS = 30 * 1000;
+const sessionCache = new Map();
+export function getCachedSessionWithUser(sessionId) {
+    const cached = sessionCache.get(sessionId);
+    if (cached && cached.expiry > Date.now()) {
+        return cached.data;
+    }
+    sessionCache.delete(sessionId);
+    const data = getSessionWithUser(sessionId);
+    if (data) {
+        sessionCache.set(sessionId, {
+            data,
+            expiry: Date.now() + SESSION_CACHE_TTL_MS,
+        });
+    }
+    return data;
+}
+export function invalidateSessionCache(sessionId) {
+    sessionCache.delete(sessionId);
+    lastActiveCache.delete(sessionId);
+}
+export function invalidateUserSessions(userId) {
+    for (const [sid, entry] of sessionCache.entries()) {
+        if (entry.data.user_id === userId) {
+            sessionCache.delete(sid);
+            lastActiveCache.delete(sid);
+        }
+    }
+}
+const sessionCacheCleanupTimer = setInterval(() => {
+    const now = Date.now();
+    for (const [sid, entry] of sessionCache.entries()) {
+        if (entry.expiry < now)
+            sessionCache.delete(sid);
+    }
+}, 5 * 60 * 1000);
+sessionCacheCleanupTimer.unref?.();
+// Cookie parser - used by middleware and WebSocket
+export function parseCookie(cookieHeader) {
+    if (!cookieHeader)
+        return {};
+    const cookies = {};
+    for (const cookie of cookieHeader.split(';')) {
+        const pair = cookie.trim();
+        const eqIndex = pair.indexOf('=');
+        if (eqIndex === -1)
+            continue;
+        const key = pair.slice(0, eqIndex).trim();
+        const value = pair.slice(eqIndex + 1).trim();
+        if (key)
+            cookies[key] = value;
+    }
+    return cookies;
+}
+// Host execution helpers
+export function isHostExecutionGroup(group) {
+    return (group.executionMode || 'container') === 'host';
+}
+export function hasHostExecutionPermission(user) {
+    return user.role === 'admin';
+}
+/**
+ * Check if a user can access (view messages, send messages to) a group.
+ * All users (including admin) follow the same visibility rules:
+ * - is_home groups → only the owner (created_by) can access
+ * - IM groups (jid does not start with 'web:') → owner or group_members
+ * - folder === 'main' → only the admin who owns it
+ * - Web groups → created_by matches user.id, or user is in group_members
+ */
+export function canAccessGroup(user, group) {
+    if (group.is_home)
+        return group.created_by === user.id;
+    // IM groups: check ownership if created_by is set.
+    // For legacy rows without created_by, resolve owner from sibling home group.
+    if (!group.jid.startsWith('web:')) {
+        if (group.created_by === user.id)
+            return true;
+        // Check membership for IM groups sharing a non-home folder
+        if (getGroupMemberRole(group.folder, user.id) !== null)
+            return true;
+        if (group.created_by)
+            return false;
+        const siblingJids = getJidsByFolder(group.folder);
+        for (const jid of siblingJids) {
+            if (jid === group.jid)
+                continue;
+            const sibling = getRegisteredGroup(jid);
+            if (sibling?.is_home && sibling.created_by) {
+                return sibling.created_by === user.id;
+            }
+        }
+        // Ownership cannot be resolved for this IM group → deny by default.
+        return false;
+    }
+    // folder === 'main': only accessible by the admin who owns it (via created_by or group_members)
+    if (group.folder === 'main') {
+        if (group.created_by === user.id)
+            return true;
+        return getGroupMemberRole(group.folder, user.id) !== null;
+    }
+    if (group.created_by === user.id)
+        return true;
+    // Check group_members table for shared workspaces
+    return getGroupMemberRole(group.folder, user.id) !== null;
+}
+/**
+ * Check if a user can modify (rename, reset) a group.
+ * - Users can modify their own home group.
+ * - Users can modify web groups they created.
+ * - IM groups can be modified by their owner (created_by).
+ */
+export function canModifyGroup(user, group) {
+    if (group.is_home)
+        return group.created_by === user.id;
+    if (!group.jid.startsWith('web:'))
+        return group.created_by === user.id;
+    return group.created_by === user.id;
+}
+/**
+ * Check if a user can manage members (add/remove) of a group.
+ * - Home groups cannot have members managed.
+ * - Only the group creator (owner) can manage members.
+ */
+export function canManageGroupMembers(user, group) {
+    if (group.is_home)
+        return false;
+    return group.created_by === user.id;
+}
+/**
+ * Check if a user can delete a group.
+ * - is_home groups cannot be deleted by anyone.
+ */
+export function canDeleteGroup(user, group) {
+    if (group.is_home)
+        return false;
+    return canModifyGroup(user, group);
+}