cli4ai 1.2.0 → 1.2.2

package/dist/core/scheduler.js

@@ -0,0 +1,492 @@
+/**
+ * Scheduler core - manages scheduled routine execution.
+ *
+ * Storage structure:
+ * ~/.cli4ai/scheduler/
+ * ├── scheduler.pid          # Daemon PID
+ * ├── state.json             # Next runs, last results
+ * ├── runs/                  # Execution records
+ * │   └── <routine>-<ts>.json
+ * └── logs/
+ *     └── scheduler.log      # Daemon logs
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync, readdirSync, appendFileSync } from 'fs';
+import { resolve } from 'path';
+import parser from 'cron-parser';
+import { SCHEDULER_DIR, ensureCli4aiHome } from './config.js';
+import { getScheduledRoutines } from './routines.js';
+import { loadRoutineDefinition, runRoutine } from './routine-engine.js';
+// ═══════════════════════════════════════════════════════════════════════════
+// PATHS
+// ═══════════════════════════════════════════════════════════════════════════
+export const SCHEDULER_PID_FILE = resolve(SCHEDULER_DIR, 'scheduler.pid');
+export const SCHEDULER_STATE_FILE = resolve(SCHEDULER_DIR, 'state.json');
+export const SCHEDULER_RUNS_DIR = resolve(SCHEDULER_DIR, 'runs');
+export const SCHEDULER_LOGS_DIR = resolve(SCHEDULER_DIR, 'logs');
+export const SCHEDULER_LOG_FILE = resolve(SCHEDULER_LOGS_DIR, 'scheduler.log');
+// ═══════════════════════════════════════════════════════════════════════════
+// INTERVAL PARSING
+// ═══════════════════════════════════════════════════════════════════════════
+const INTERVAL_PATTERN = /^(\d+)(s|m|h|d)$/;
+const INTERVAL_MULTIPLIERS = {
+    s: 1000,
+    m: 60 * 1000,
+    h: 60 * 60 * 1000,
+    d: 24 * 60 * 60 * 1000
+};
+/**
+ * Parse an interval string like "30s", "5m", "1h", "1d" into milliseconds.
+ */
+export function parseInterval(interval) {
+    const match = interval.match(INTERVAL_PATTERN);
+    if (!match) {
+        throw new Error(`Invalid interval format: ${interval}`);
+    }
+    const value = parseInt(match[1], 10);
+    const unit = match[2];
+    return value * INTERVAL_MULTIPLIERS[unit];
+}
+/**
+ * Calculate the next run time for a schedule.
+ * If both cron and interval are specified, returns the earlier of the two.
+ */
+export function getNextRunTime(schedule, after = new Date()) {
+    const candidates = [];
+    // Calculate from cron expression
+    if (schedule.cron) {
+        try {
+            const options = {
+                currentDate: after,
+                tz: schedule.timezone
+            };
+            const cronExpr = parser.parseExpression(schedule.cron, options);
+            candidates.push(cronExpr.next().toDate());
+        }
+        catch {
+            // Invalid cron expression - skip
+        }
+    }
+    // Calculate from interval
+    if (schedule.interval) {
+        try {
+            const intervalMs = parseInterval(schedule.interval);
+            candidates.push(new Date(after.getTime() + intervalMs));
+        }
+        catch {
+            // Invalid interval - skip
+        }
+    }
+    if (candidates.length === 0) {
+        return null;
+    }
+    // Return the earliest next run time
+    return candidates.reduce((earliest, candidate) => candidate < earliest ? candidate : earliest);
+}
+// ═══════════════════════════════════════════════════════════════════════════
+// DAEMON LIFECYCLE
+// ═══════════════════════════════════════════════════════════════════════════
+/**
+ * Get the PID of the running daemon, or null if not running.
+ */
+export function getDaemonPid() {
+    if (!existsSync(SCHEDULER_PID_FILE)) {
+        return null;
+    }
+    try {
+        const content = readFileSync(SCHEDULER_PID_FILE, 'utf-8').trim();
+        // SECURITY: Validate PID format and bounds
+        if (!/^\d+$/.test(content))
+            return null;
+        const pid = parseInt(content, 10);
+        // PIDs must be positive integers within reasonable bounds
+        // Max PID varies by OS but is typically 32768-4194304
+        if (!Number.isInteger(pid) || pid < 1 || pid > 4194304)
+            return null;
+        return pid;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Check if a process with the given PID is running.
+ */
+function isProcessRunning(pid) {
+    try {
+        // Sending signal 0 doesn't actually send a signal, but checks if process exists
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Check if the scheduler daemon is running.
+ */
+export function isDaemonRunning() {
+    const pid = getDaemonPid();
+    if (pid === null)
+        return false;
+    return isProcessRunning(pid);
+}
+/**
+ * Write the daemon PID file.
+ */
+export function writeDaemonPid(pid) {
+    ensureSchedulerDirs();
+    writeFileSync(SCHEDULER_PID_FILE, String(pid));
+}
+/**
+ * Remove the daemon PID file.
+ */
+export function removeDaemonPid() {
+    if (existsSync(SCHEDULER_PID_FILE)) {
+        unlinkSync(SCHEDULER_PID_FILE);
+    }
+}
+// ═══════════════════════════════════════════════════════════════════════════
+// STATE MANAGEMENT
+// ═══════════════════════════════════════════════════════════════════════════
+export function ensureSchedulerDirs() {
+    ensureCli4aiHome();
+    if (!existsSync(SCHEDULER_RUNS_DIR)) {
+        mkdirSync(SCHEDULER_RUNS_DIR, { recursive: true });
+    }
+    if (!existsSync(SCHEDULER_LOGS_DIR)) {
+        mkdirSync(SCHEDULER_LOGS_DIR, { recursive: true });
+    }
+}
+/**
+ * Load scheduler state from disk.
+ */
+export function loadSchedulerState() {
+    if (!existsSync(SCHEDULER_STATE_FILE)) {
+        return null;
+    }
+    try {
+        const content = readFileSync(SCHEDULER_STATE_FILE, 'utf-8');
+        return JSON.parse(content);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Save scheduler state to disk.
+ */
+export function saveSchedulerState(state) {
+    ensureSchedulerDirs();
+    writeFileSync(SCHEDULER_STATE_FILE, JSON.stringify(state, null, 2));
+}
+/**
+ * Save a run record to disk.
+ */
+export function saveRunRecord(record) {
+    ensureSchedulerDirs();
+    const filename = `${record.routine}-${new Date(record.startedAt).getTime()}.json`;
+    const filepath = resolve(SCHEDULER_RUNS_DIR, filename);
+    writeFileSync(filepath, JSON.stringify(record, null, 2));
+}
+/**
+ * Get run history for a routine (or all routines).
+ */
+export function getRunHistory(routineName, limit = 20) {
+    ensureSchedulerDirs();
+    if (!existsSync(SCHEDULER_RUNS_DIR)) {
+        return [];
+    }
+    const files = readdirSync(SCHEDULER_RUNS_DIR)
+        .filter(f => f.endsWith('.json'))
+        .filter(f => !routineName || f.startsWith(`${routineName}-`))
+        .sort()
+        .reverse()
+        .slice(0, limit);
+    const records = [];
+    for (const file of files) {
+        try {
+            const content = readFileSync(resolve(SCHEDULER_RUNS_DIR, file), 'utf-8');
+            records.push(JSON.parse(content));
+        }
+        catch {
+            // Skip invalid files
+        }
+    }
+    return records;
+}
+export function appendSchedulerLog(level, message) {
+    ensureSchedulerDirs();
+    const timestamp = new Date().toISOString();
+    const line = `[${timestamp}] [${level.toUpperCase()}] ${message}\n`;
+    appendFileSync(SCHEDULER_LOG_FILE, line);
+}
+export class Scheduler {
+    state;
+    tickIntervalMs;
+    projectDir;
+    running = false;
+    tickTimer = null;
+    routineChainByName = new Map();
+    constructor(options = {}) {
+        this.tickIntervalMs = options.tickIntervalMs ?? 10000; // 10 seconds default
+        this.projectDir = options.projectDir;
+        // Load or initialize state
+        const existingState = loadSchedulerState();
+        if (existingState) {
+            this.state = existingState;
+        }
+        else {
+            this.state = {
+                version: 1,
+                startedAt: new Date().toISOString(),
+                routines: {}
+            };
+        }
+    }
+    /**
+     * Refresh the list of scheduled routines from disk.
+     */
+    refreshRoutines() {
+        const scheduled = getScheduledRoutines(this.projectDir);
+        // Remove routines that no longer exist or are disabled
+        const currentNames = new Set(scheduled.map(r => r.name));
+        for (const name of Object.keys(this.state.routines)) {
+            if (!currentNames.has(name)) {
+                delete this.state.routines[name];
+            }
+        }
+        // Add or update routines
+        for (const routine of scheduled) {
+            const existing = this.state.routines[routine.name];
+            if (existing) {
+                // Update schedule if changed
+                existing.schedule = routine.schedule;
+                existing.path = routine.path;
+                // Recalculate next run if schedule changed
+                if (!existing.nextRunAt) {
+                    existing.nextRunAt = getNextRunTime(routine.schedule)?.toISOString() ?? null;
+                }
+            }
+            else {
+                // New routine
+                this.state.routines[routine.name] = {
+                    name: routine.name,
+                    path: routine.path,
+                    schedule: routine.schedule,
+                    nextRunAt: getNextRunTime(routine.schedule)?.toISOString() ?? null,
+                    lastRunAt: null,
+                    lastStatus: null,
+                    running: false,
+                    retryCount: 0
+                };
+            }
+        }
+        saveSchedulerState(this.state);
+    }
+    /**
+     * Start the scheduler loop.
+     */
+    async start() {
+        if (this.running)
+            return;
+        this.running = true;
+        this.state.startedAt = new Date().toISOString();
+        appendSchedulerLog('info', 'Scheduler started');
+        this.refreshRoutines();
+        // Run tick loop
+        this.scheduleTick();
+    }
+    /**
+     * Stop the scheduler loop.
+     */
+    async stop() {
+        this.running = false;
+        if (this.tickTimer) {
+            clearTimeout(this.tickTimer);
+            this.tickTimer = null;
+        }
+        appendSchedulerLog('info', 'Scheduler stopped');
+        saveSchedulerState(this.state);
+    }
+    /**
+     * Get current scheduler state (for status display).
+     */
+    getState() {
+        return this.state;
+    }
+    scheduleTick() {
+        if (!this.running)
+            return;
+        this.tickTimer = setTimeout(async () => {
+            await this.tick();
+            this.scheduleTick();
+        }, this.tickIntervalMs);
+    }
+    isRoutineActive(name) {
+        return this.routineChainByName.has(name);
+    }
+    enqueueRoutineExecution(routine) {
+        const name = routine.name;
+        const prev = this.routineChainByName.get(name) ?? Promise.resolve();
+        const next = prev
+            .catch(() => {
+            // Keep queue alive even if a previous run rejected unexpectedly.
+        })
+            .then(async () => {
+            try {
+                await this.executeRoutine(routine);
+            }
+            catch (err) {
+                appendSchedulerLog('error', `Unexpected error executing routine ${routine.name}: ${err instanceof Error ? err.message : String(err)}`);
+            }
+        });
+        this.routineChainByName.set(name, next);
+        next.finally(() => {
+            if (this.routineChainByName.get(name) === next) {
+                this.routineChainByName.delete(name);
+            }
+        });
+    }
+    /**
+     * Execute one tick - check for routines that need to run.
+     */
+    async tick() {
+        const now = new Date();
+        // Refresh routines periodically to pick up changes
+        this.refreshRoutines();
+        for (const [name, routine] of Object.entries(this.state.routines)) {
+            if (!routine.nextRunAt)
+                continue;
+            const nextRun = new Date(routine.nextRunAt);
+            if (nextRun > now)
+                continue;
+            const concurrency = routine.schedule.concurrency ?? 'skip';
+            // Advance next run time immediately to avoid re-triggering the same run.
+            routine.nextRunAt = getNextRunTime(routine.schedule, now)?.toISOString() ?? null;
+            saveSchedulerState(this.state);
+            if (this.isRoutineActive(name)) {
+                if (concurrency === 'skip') {
+                    appendSchedulerLog('debug', `Skipping ${name}: still running from previous invocation`);
+                    continue;
+                }
+                appendSchedulerLog('debug', `Queueing ${name}: previous invocation still running`);
+                this.enqueueRoutineExecution(routine);
+                continue;
+            }
+            // Execute the routine (async, doesn't block the tick loop)
+            this.enqueueRoutineExecution(routine);
+        }
+    }
+    /**
+     * Execute a routine (async, doesn't block the tick loop).
+     */
+    async executeRoutine(routine) {
+        const startedAt = new Date();
+        routine.running = true;
+        saveSchedulerState(this.state);
+        appendSchedulerLog('info', `Starting routine: ${routine.name}`);
+        let result = null;
+        let error;
+        try {
+            const def = loadRoutineDefinition(routine.path);
+            const invocationDir = this.projectDir ?? process.cwd();
+            result = await runRoutine(def, {}, invocationDir);
+        }
+        catch (err) {
+            error = err instanceof Error ? err.message : String(err);
+            appendSchedulerLog('error', `Routine ${routine.name} failed: ${error}`);
+        }
+        const finishedAt = new Date();
+        const status = result?.status === 'success' ? 'success' : 'failed';
+        // Log routine output
+        if (result) {
+            for (const step of result.steps) {
+                // Log stderr (where progress messages typically go)
+                if (step.stderr) {
+                    for (const line of step.stderr.split('\n')) {
+                        if (line.trim()) {
+                            appendSchedulerLog('info', `[${routine.name}] ${line}`);
+                        }
+                    }
+                }
+                // Log stdout if it's not JSON (JSON output is typically for machine consumption)
+                if (step.stdout && !step.json) {
+                    for (const line of step.stdout.split('\n')) {
+                        if (line.trim()) {
+                            appendSchedulerLog('info', `[${routine.name}] ${line}`);
+                        }
+                    }
+                }
+            }
+        }
+        // Save run record
+        const record = {
+            routine: routine.name,
+            startedAt: startedAt.toISOString(),
+            finishedAt: finishedAt.toISOString(),
+            status,
+            exitCode: result?.exitCode ?? 1,
+            durationMs: finishedAt.getTime() - startedAt.getTime(),
+            retryAttempt: routine.retryCount,
+            error
+        };
+        saveRunRecord(record);
+        // Update routine state
+        routine.running = false;
+        routine.lastRunAt = finishedAt.toISOString();
+        routine.lastStatus = status;
+        // Handle retries
+        const maxRetries = routine.schedule.retries ?? 0;
+        if (status === 'failed' && routine.retryCount < maxRetries) {
+            routine.retryCount++;
+            const retryDelay = routine.schedule.retryDelayMs ?? 60000;
+            routine.nextRunAt = new Date(finishedAt.getTime() + retryDelay).toISOString();
+            appendSchedulerLog('info', `Scheduling retry ${routine.retryCount}/${maxRetries} for ${routine.name}`);
+        }
+        else {
+            // Reset retry count and calculate next run
+            routine.retryCount = 0;
+        }
+        saveSchedulerState(this.state);
+        appendSchedulerLog('info', `Finished routine: ${routine.name} (${status})`);
+    }
+    /**
+     * Manually trigger a routine to run now.
+     */
+    async runNow(routineName) {
+        const routine = this.state.routines[routineName];
+        if (!routine) {
+            throw new Error(`Routine not found: ${routineName}`);
+        }
+        const startedAt = new Date();
+        let result = null;
+        let error;
+        try {
+            const def = loadRoutineDefinition(routine.path);
+            const invocationDir = this.projectDir ?? process.cwd();
+            result = await runRoutine(def, {}, invocationDir);
+        }
+        catch (err) {
+            error = err instanceof Error ? err.message : String(err);
+        }
+        const finishedAt = new Date();
+        const status = result?.status === 'success' ? 'success' : 'failed';
+        const record = {
+            routine: routineName,
+            startedAt: startedAt.toISOString(),
+            finishedAt: finishedAt.toISOString(),
+            status,
+            exitCode: result?.exitCode ?? 1,
+            durationMs: finishedAt.getTime() - startedAt.getTime(),
+            retryAttempt: 0,
+            error
+        };
+        saveRunRecord(record);
+        // Update state
+        routine.lastRunAt = finishedAt.toISOString();
+        routine.lastStatus = status;
+        routine.nextRunAt = getNextRunTime(routine.schedule, finishedAt)?.toISOString() ?? null;
+        saveSchedulerState(this.state);
+        return record;
+    }
+}

package/dist/core/secrets.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Secrets management for cli4ai
+ *
+ * Priority order:
+ * 1. Scoped environment variables (C4AI_<PKG>__<KEY>)
+ * 2. Environment variables (for CI/CD)
+ * 3. Scoped local secrets vault (<pkg>:<key>)
+ * 4. Global local secrets vault (~/.cli4ai/secrets.json)
+ *
+ * Secrets are stored encrypted using a machine-specific key with random entropy.
+ *
+ * SECURITY: The encryption key is derived from:
+ * - Machine hostname
+ * - Username
+ * - A random 32-byte salt stored in ~/.cli4ai/secrets.salt
+ *
+ * This ensures that even if an attacker knows the hostname and username,
+ * they cannot reconstruct the key without access to the salt file.
+ */
+export type SecretSource = 'env_scoped' | 'env' | 'vault_scoped' | 'vault' | 'missing';
+/**
+ * Get a secret value (env var takes precedence)
+ */
+export declare function getSecret(key: string, packageName?: string): string | undefined;
+/**
+ * Set a secret in the vault
+ */
+export declare function setSecret(key: string, value: string, packageName?: string): void;
+/**
+ * Delete a secret from the vault
+ */
+export declare function deleteSecret(key: string, packageName?: string): boolean;
+/**
+ * List all secret keys (not values)
+ */
+export declare function listSecretKeys(): string[];
+/**
+ * Check if a secret exists (in env or vault)
+ */
+export declare function hasSecret(key: string, packageName?: string): boolean;
+/**
+ * Get secret source (for display)
+ */
+export declare function getSecretSource(key: string, packageName?: string): SecretSource;
+/**
+ * Export secrets as environment variables (for subprocess)
+ */
+export declare function getSecretsAsEnv(keys: string[], packageName?: string): Record<string, string>;