cli4ai 1.0.3 → 1.1.0

package/src/core/remotes.ts

@@ -0,0 +1,268 @@
+/**
+ * Remote host configuration for distributed cli4ai execution.
+ *
+ * Manages named remote hosts that can execute cli4ai commands.
+ * Each remote is a cli4ai instance running `cli4ai serve`.
+ */
+
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { resolve } from 'path';
+import { CLI4AI_HOME, ensureCli4aiHome } from './config.js';
+
+// ═══════════════════════════════════════════════════════════════════════════
+// TYPES
+// ═══════════════════════════════════════════════════════════════════════════
+
+export interface RemoteHost {
+  /** Unique name for this remote (e.g., "chrome-server", "gpu-box") */
+  name: string;
+  /** Base URL of the remote cli4ai service (e.g., "http://192.168.1.50:4100") */
+  url: string;
+  /** Optional API key for authentication */
+  apiKey?: string;
+  /** Optional description */
+  description?: string;
+  /** When this remote was added */
+  addedAt: string;
+  /** Last successful connection time */
+  lastConnected?: string;
+}
+
+export interface RemotesConfig {
+  version: 1;
+  remotes: RemoteHost[];
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// PATHS
+// ═══════════════════════════════════════════════════════════════════════════
+
+const REMOTES_FILE = resolve(CLI4AI_HOME, 'remotes.json');
+
+// ═══════════════════════════════════════════════════════════════════════════
+// LOADING & SAVING
+// ═══════════════════════════════════════════════════════════════════════════
+
+const DEFAULT_REMOTES_CONFIG: RemotesConfig = {
+  version: 1,
+  remotes: []
+};
+
+/**
+ * Load remotes configuration
+ */
+export function loadRemotesConfig(): RemotesConfig {
+  ensureCli4aiHome();
+
+  if (!existsSync(REMOTES_FILE)) {
+    return { ...DEFAULT_REMOTES_CONFIG };
+  }
+
+  try {
+    const content = readFileSync(REMOTES_FILE, 'utf-8');
+    const data = JSON.parse(content);
+
+    // Validate and migrate if needed
+    if (!data.version || data.version !== 1) {
+      return { ...DEFAULT_REMOTES_CONFIG };
+    }
+
+    return data as RemotesConfig;
+  } catch {
+    return { ...DEFAULT_REMOTES_CONFIG };
+  }
+}
+
+/**
+ * Save remotes configuration
+ */
+export function saveRemotesConfig(config: RemotesConfig): void {
+  ensureCli4aiHome();
+  const content = JSON.stringify(config, null, 2) + '\n';
+  writeFileSync(REMOTES_FILE, content, { mode: 0o600 });
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// REMOTE MANAGEMENT
+// ═══════════════════════════════════════════════════════════════════════════
+
+export class RemoteNotFoundError extends Error {
+  constructor(public remoteName: string) {
+    super(`Remote not found: ${remoteName}`);
+    this.name = 'RemoteNotFoundError';
+  }
+}
+
+export class RemoteAlreadyExistsError extends Error {
+  constructor(public remoteName: string) {
+    super(`Remote already exists: ${remoteName}`);
+    this.name = 'RemoteAlreadyExistsError';
+  }
+}
+
+export class InvalidRemoteUrlError extends Error {
+  constructor(public url: string, public reason: string) {
+    super(`Invalid remote URL "${url}": ${reason}`);
+    this.name = 'InvalidRemoteUrlError';
+  }
+}
+
+/**
+ * Validate and normalize a remote URL
+ */
+export function validateRemoteUrl(url: string): string {
+  // Basic URL validation
+  let parsed: URL;
+  try {
+    parsed = new URL(url);
+  } catch {
+    throw new InvalidRemoteUrlError(url, 'Not a valid URL');
+  }
+
+  // Only allow http and https
+  if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+    throw new InvalidRemoteUrlError(url, 'Must use http or https protocol');
+  }
+
+  // Remove trailing slash for consistency
+  let normalized = parsed.origin;
+  if (parsed.pathname && parsed.pathname !== '/') {
+    normalized += parsed.pathname.replace(/\/$/, '');
+  }
+
+  return normalized;
+}
+
+/**
+ * Validate remote name (alphanumeric, dashes, underscores)
+ */
+export function validateRemoteName(name: string): void {
+  if (!name || name.length === 0) {
+    throw new Error('Remote name cannot be empty');
+  }
+
+  if (!/^[a-zA-Z][a-zA-Z0-9_-]*$/.test(name)) {
+    throw new Error('Remote name must start with a letter and contain only letters, numbers, dashes, and underscores');
+  }
+
+  if (name.length > 64) {
+    throw new Error('Remote name must be 64 characters or less');
+  }
+}
+
+/**
+ * Get all configured remotes
+ */
+export function getRemotes(): RemoteHost[] {
+  const config = loadRemotesConfig();
+  return config.remotes;
+}
+
+/**
+ * Get a remote by name
+ */
+export function getRemote(name: string): RemoteHost | null {
+  const config = loadRemotesConfig();
+  return config.remotes.find(r => r.name === name) ?? null;
+}
+
+/**
+ * Get a remote by name, throwing if not found
+ */
+export function getRemoteOrThrow(name: string): RemoteHost {
+  const remote = getRemote(name);
+  if (!remote) {
+    throw new RemoteNotFoundError(name);
+  }
+  return remote;
+}
+
+/**
+ * Add a new remote
+ */
+export function addRemote(
+  name: string,
+  url: string,
+  options?: { apiKey?: string; description?: string }
+): RemoteHost {
+  validateRemoteName(name);
+  const normalizedUrl = validateRemoteUrl(url);
+
+  const config = loadRemotesConfig();
+
+  // Check for duplicate name
+  if (config.remotes.some(r => r.name === name)) {
+    throw new RemoteAlreadyExistsError(name);
+  }
+
+  const remote: RemoteHost = {
+    name,
+    url: normalizedUrl,
+    apiKey: options?.apiKey,
+    description: options?.description,
+    addedAt: new Date().toISOString()
+  };
+
+  config.remotes.push(remote);
+  saveRemotesConfig(config);
+
+  return remote;
+}
+
+/**
+ * Update an existing remote
+ */
+export function updateRemote(
+  name: string,
+  updates: { url?: string; apiKey?: string; description?: string }
+): RemoteHost {
+  const config = loadRemotesConfig();
+  const index = config.remotes.findIndex(r => r.name === name);
+
+  if (index === -1) {
+    throw new RemoteNotFoundError(name);
+  }
+
+  const remote = config.remotes[index];
+
+  if (updates.url !== undefined) {
+    remote.url = validateRemoteUrl(updates.url);
+  }
+  if (updates.apiKey !== undefined) {
+    remote.apiKey = updates.apiKey || undefined;
+  }
+  if (updates.description !== undefined) {
+    remote.description = updates.description || undefined;
+  }
+
+  saveRemotesConfig(config);
+  return remote;
+}
+
+/**
+ * Remove a remote
+ */
+export function removeRemote(name: string): void {
+  const config = loadRemotesConfig();
+  const index = config.remotes.findIndex(r => r.name === name);
+
+  if (index === -1) {
+    throw new RemoteNotFoundError(name);
+  }
+
+  config.remotes.splice(index, 1);
+  saveRemotesConfig(config);
+}
+
+/**
+ * Update last connected time for a remote
+ */
+export function updateRemoteLastConnected(name: string): void {
+  const config = loadRemotesConfig();
+  const remote = config.remotes.find(r => r.name === name);
+
+  if (remote) {
+    remote.lastConnected = new Date().toISOString();
+    saveRemotesConfig(config);
+  }
+}

package/src/core/routine-engine.ts

@@ -4,7 +4,10 @@
 
 import { readFileSync } from 'fs';
 import { spawn } from 'child_process';
+import { parse as parseYaml } from 'yaml';
 import { executeTool, ExecuteToolError } from './execute.js';
+import { remoteRunTool, RemoteConnectionError, RemoteApiError } from './remote-client.js';
+import { getRemote } from './remotes.js';
 
 export class RoutineParseError extends Error {
   constructor(
@@ -78,6 +81,8 @@ export interface RoutineC4aiStep extends RoutineBaseStep {
   env?: Record<string, string>;
   stdin?: string;
   capture?: StepCapture;
+  /** Name of a configured remote to execute on (optional) */
+  remote?: string;
 }
 
 export interface RoutineSetStep extends RoutineBaseStep {
@@ -153,11 +158,13 @@ export function loadRoutineDefinition(path: string): RoutineDefinition {
     throw new RoutineParseError(path, `Failed to read: ${err instanceof Error ? err.message : String(err)}`);
   }
 
+  const isYaml = path.endsWith('.yaml') || path.endsWith('.yml');
   let data: unknown;
   try {
-    data = JSON.parse(content);
-  } catch {
-    throw new RoutineParseError(path, 'Invalid JSON');
+    data = isYaml ? parseYaml(content) : JSON.parse(content);
+  } catch (err) {
+    const format = isYaml ? 'YAML' : 'JSON';
+    throw new RoutineParseError(path, `Invalid ${format}: ${err instanceof Error ? err.message : String(err)}`);
   }
 
   return validateRoutineDefinition(data, path);
@@ -318,6 +325,9 @@ function validateRoutineDefinition(value: unknown, source?: string): RoutineDefi
       if (s.capture !== undefined && !['inherit', 'text', 'json'].includes(String(s.capture))) {
         throw new RoutineValidationError(`Step "${s.id}" has invalid "capture"`, { source, id: s.id, got: s.capture });
       }
+      if (s.remote !== undefined && typeof s.remote !== 'string') {
+        throw new RoutineValidationError(`Step "${s.id}" has invalid "remote" (must be string)`, { source, id: s.id, got: s.remote });
+      }
     }
 
     if (s.type === 'set') {
@@ -718,39 +728,91 @@ export async function runRoutine(def: RoutineDefinition, vars: Record<string, st
       const args = renderStringArray(step.args, ctx, { stepId: step.id, field: 'args' });
       const env = renderEnv(step.env, ctx, { stepId: step.id, field: 'env' });
       const stdin = step.stdin !== undefined ? renderString(step.stdin, ctx, { stepId: step.id, field: 'stdin' }) : undefined;
+      const remoteName = step.remote !== undefined ? renderScalarString(step.remote, ctx, { stepId: step.id, field: 'remote' }) : undefined;
 
       const capture = step.capture ?? 'text';
 
       try {
-        const execRes = await executeTool({
-          packageName: pkg,
-          command: cmd,
-          args,
-          cwd: invocationDir,
-          env,
-          stdin,
-          capture: 'pipe',
-          timeoutMs: step.timeout,
-          teeStderr: true
-        });
+        let execResult: { exitCode: number; durationMs: number; stdout?: string; stderr?: string };
+
+        if (remoteName) {
+          // Remote execution
+          const remote = getRemote(remoteName);
+          if (!remote) {
+            throw new ExecuteToolError('NOT_FOUND', `Remote "${remoteName}" not found`, {
+              step: step.id,
+              hint: 'Use "cli4ai remotes add <name> <url>" to configure a remote'
+            });
+          }
+
+          const remoteRes = await remoteRunTool(remoteName, {
+            package: pkg,
+            command: cmd,
+            args,
+            env: Object.keys(env).length > 0 ? env : undefined,
+            stdin,
+            timeout: step.timeout
+          });
+
+          execResult = {
+            exitCode: remoteRes.exitCode,
+            durationMs: remoteRes.durationMs,
+            stdout: remoteRes.stdout,
+            stderr: remoteRes.stderr
+          };
+
+          // Log stderr from remote
+          if (remoteRes.stderr) {
+            process.stderr.write(remoteRes.stderr);
+          }
+
+          // Handle remote-level errors
+          if (remoteRes.error && !remoteRes.success) {
+            throw new ExecuteToolError(
+              remoteRes.error.code,
+              remoteRes.error.message,
+              remoteRes.error.details
+            );
+          }
+        } else {
+          // Local execution
+          const localRes = await executeTool({
+            packageName: pkg,
+            command: cmd,
+            args,
+            cwd: invocationDir,
+            env,
+            stdin,
+            capture: 'pipe',
+            timeoutMs: step.timeout,
+            teeStderr: true
+          });
+
+          execResult = {
+            exitCode: localRes.exitCode,
+            durationMs: localRes.durationMs,
+            stdout: localRes.stdout,
+            stderr: localRes.stderr
+          };
+        }
 
         const res: StepRunResult = {
           id: step.id,
           type: step.type,
-          status: execRes.exitCode === 0 ? 'success' : 'failed',
-          exitCode: execRes.exitCode,
-          durationMs: execRes.durationMs,
-          stdout: execRes.stdout,
-          stderr: execRes.stderr
+          status: execResult.exitCode === 0 ? 'success' : 'failed',
+          exitCode: execResult.exitCode,
+          durationMs: execResult.durationMs,
+          stdout: execResult.stdout,
+          stderr: execResult.stderr
         };
 
         if (capture === 'json') {
           try {
-            res.json = execRes.stdout ? JSON.parse(execRes.stdout) : null;
+            res.json = execResult.stdout ? JSON.parse(execResult.stdout) : null;
           } catch {
             throw new RoutineTemplateError(`JSON parse error in step "${step.id}": stdout is not valid JSON`, {
               step: step.id,
-              stdout: (execRes.stdout ?? '').slice(0, 200)
+              stdout: (execResult.stdout ?? '').slice(0, 200)
             });
           }
         }
@@ -758,8 +820,8 @@ export async function runRoutine(def: RoutineDefinition, vars: Record<string, st
         stepsById[step.id] = res;
         steps.push(res);
 
-        if (execRes.exitCode !== 0 && !step.continueOnError) {
-          return finalizeFailure(def, ctxVars, steps, Date.now() - startTime, execRes.exitCode);
+        if (execResult.exitCode !== 0 && !step.continueOnError) {
+          return finalizeFailure(def, ctxVars, steps, Date.now() - startTime, execResult.exitCode);
         }
         continue;
       } catch (err) {
@@ -799,6 +861,12 @@ function normalizeError(err: unknown): { code: string; message: string; details?
   if (err instanceof ExecuteToolError) {
     return { code: err.code, message: err.message, details: err.details };
   }
+  if (err instanceof RemoteConnectionError) {
+    return { code: 'NETWORK_ERROR', message: err.message, details: { remote: err.remoteName, url: err.url } };
+  }
+  if (err instanceof RemoteApiError) {
+    return { code: err.code, message: err.message, details: err.details };
+  }
   if (err instanceof RoutineTemplateError) {
     return { code: 'INVALID_INPUT', message: err.message, details: err.details };
   }

package/src/core/routines.ts

@@ -7,15 +7,16 @@
  *
  * Resolution order:
  * - local before global (unless globalOnly)
- * - within a scope: .routine.json before .routine.sh
+ * - within a scope: .routine.yaml > .routine.yml > .routine.json > .routine.sh
  */
 
 import { existsSync, readdirSync, statSync, readFileSync } from 'fs';
 import { resolve } from 'path';
+import { parse as parseYaml } from 'yaml';
 import { ensureCli4aiHome, ensureLocalDir, ROUTINES_DIR, LOCAL_ROUTINES_DIR } from './config.js';
 import { validateScheduleConfig, type RoutineSchedule } from './routine-engine.js';
 
-export type RoutineKind = 'json' | 'bash';
+export type RoutineKind = 'yaml' | 'json' | 'bash';
 export type RoutineScope = 'local' | 'global';
 
 export interface RoutineInfo {
@@ -30,6 +31,8 @@ export interface ResolveRoutineOptions {
 }
 
 const ROUTINE_FILES = [
+  { kind: 'yaml' as const, suffix: '.routine.yaml' },
+  { kind: 'yaml' as const, suffix: '.routine.yml' },
   { kind: 'json' as const, suffix: '.routine.json' },
   { kind: 'bash' as const, suffix: '.routine.sh' }
 ] as const;
@@ -127,13 +130,13 @@ export function getScheduledRoutines(projectDir?: string): ScheduledRoutineInfo[
   const results: ScheduledRoutineInfo[] = [];
   const seen = new Set<string>();
 
-  // Collect all JSON routines
+  // Collect all structured routines (YAML and JSON - bash scripts cannot have schedules)
   const allRoutines: RoutineInfo[] = [];
 
   if (projectDir) {
-    allRoutines.push(...getLocalRoutines(projectDir).filter(r => r.kind === 'json'));
+    allRoutines.push(...getLocalRoutines(projectDir).filter(r => r.kind === 'yaml' || r.kind === 'json'));
   }
-  allRoutines.push(...getGlobalRoutines().filter(r => r.kind === 'json'));
+  allRoutines.push(...getGlobalRoutines().filter(r => r.kind === 'yaml' || r.kind === 'json'));
 
   for (const routine of allRoutines) {
     // Skip if we've already processed a routine with this name (local takes precedence)
@@ -142,7 +145,7 @@ export function getScheduledRoutines(projectDir?: string): ScheduledRoutineInfo[
 
     try {
       const content = readFileSync(routine.path, 'utf-8');
-      const data = JSON.parse(content);
+      const data = routine.kind === 'yaml' ? parseYaml(content) : JSON.parse(content);
 
       if (data.schedule && typeof data.schedule === 'object') {
         // Check if schedule is enabled (defaults to true)

package/src/core/scheduler.ts

@@ -11,7 +11,7 @@
  *     └── scheduler.log      # Daemon logs
  */
 
-import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync, readdirSync } from 'fs';
+import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync, readdirSync, appendFileSync } from 'fs';
 import { resolve, join } from 'path';
 import parser from 'cron-parser';
 import { SCHEDULER_DIR, ensureCli4aiHome } from './config.js';
@@ -282,7 +282,7 @@ export function appendSchedulerLog(level: LogLevel, message: string): void {
   ensureSchedulerDirs();
   const timestamp = new Date().toISOString();
   const line = `[${timestamp}] [${level.toUpperCase()}] ${message}\n`;
-  const fd = require('fs').appendFileSync(SCHEDULER_LOG_FILE, line);
+  appendFileSync(SCHEDULER_LOG_FILE, line);
 }
 
 // ═══════════════════════════════════════════════════════════════════════════

package/src/mcp/server.ts

@@ -17,6 +17,7 @@ import { homedir } from 'os';
 import { type Manifest } from '../core/manifest.js';
 import { manifestToMcpTools, type McpTool } from './adapter.js';
 import { getSecret } from '../core/secrets.js';
+import { loadConfig } from '../core/config.js';
 
 // ═══════════════════════════════════════════════════════════════════════════
 // SECURITY: Audit logging and rate limiting
@@ -33,6 +34,7 @@ interface RateLimitEntry {
 
 /**
  * Audit log an MCP tool call for security tracking
+ * Can be disabled via `cli4ai config set audit.enabled false`
  */
 function auditLog(
   packageName: string,
@@ -42,6 +44,12 @@ function auditLog(
   errorMessage?: string
 ): void {
   try {
+    // Check if audit logging is enabled
+    const config = loadConfig();
+    if (!config.audit?.enabled) {
+      return;
+    }
+
     if (!existsSync(AUDIT_LOG_DIR)) {
       mkdirSync(AUDIT_LOG_DIR, { recursive: true });
     }