npm - codepiper - Versions diffs - 0.1.0 - Mend

codepiper 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/.env.example +28 -0
package/CHANGELOG.md +10 -0
package/LEGAL_NOTICE.md +39 -0
package/LICENSE +21 -0
package/README.md +524 -0
package/package.json +90 -0
package/packages/cli/package.json +13 -0
package/packages/cli/src/commands/analytics.ts +157 -0
package/packages/cli/src/commands/attach.ts +299 -0
package/packages/cli/src/commands/audit.ts +50 -0
package/packages/cli/src/commands/auth.ts +261 -0
package/packages/cli/src/commands/daemon.ts +162 -0
package/packages/cli/src/commands/doctor.ts +303 -0
package/packages/cli/src/commands/env-set.ts +162 -0
package/packages/cli/src/commands/hook-forward.ts +268 -0
package/packages/cli/src/commands/keys.ts +77 -0
package/packages/cli/src/commands/kill.ts +19 -0
package/packages/cli/src/commands/logs.ts +419 -0
package/packages/cli/src/commands/model.ts +172 -0
package/packages/cli/src/commands/policy-set.ts +185 -0
package/packages/cli/src/commands/policy.ts +227 -0
package/packages/cli/src/commands/providers.ts +114 -0
package/packages/cli/src/commands/resize.ts +34 -0
package/packages/cli/src/commands/send.ts +184 -0
package/packages/cli/src/commands/sessions.ts +202 -0
package/packages/cli/src/commands/slash.ts +92 -0
package/packages/cli/src/commands/start.ts +243 -0
package/packages/cli/src/commands/stop.ts +19 -0
package/packages/cli/src/commands/tail.ts +137 -0
package/packages/cli/src/commands/workflow.ts +786 -0
package/packages/cli/src/commands/workspace.ts +127 -0
package/packages/cli/src/lib/api.ts +78 -0
package/packages/cli/src/lib/args.ts +72 -0
package/packages/cli/src/lib/format.ts +93 -0
package/packages/cli/src/main.ts +563 -0
package/packages/core/package.json +7 -0
package/packages/core/src/config.ts +30 -0
package/packages/core/src/errors.ts +38 -0
package/packages/core/src/eventBus.ts +56 -0
package/packages/core/src/eventBusAdapter.ts +143 -0
package/packages/core/src/index.ts +10 -0
package/packages/core/src/sqliteEventBus.ts +336 -0
package/packages/core/src/types.ts +63 -0
package/packages/daemon/package.json +11 -0
package/packages/daemon/src/api/analyticsRoutes.ts +343 -0
package/packages/daemon/src/api/authRoutes.ts +344 -0
package/packages/daemon/src/api/bodyLimit.ts +133 -0
package/packages/daemon/src/api/envSetRoutes.ts +170 -0
package/packages/daemon/src/api/gitRoutes.ts +409 -0
package/packages/daemon/src/api/hooks.ts +588 -0
package/packages/daemon/src/api/inputPolicy.ts +249 -0
package/packages/daemon/src/api/notificationRoutes.ts +532 -0
package/packages/daemon/src/api/policyRoutes.ts +234 -0
package/packages/daemon/src/api/policySetRoutes.ts +445 -0
package/packages/daemon/src/api/routeUtils.ts +28 -0
package/packages/daemon/src/api/routes.ts +1004 -0
package/packages/daemon/src/api/server.ts +1388 -0
package/packages/daemon/src/api/settingsRoutes.ts +367 -0
package/packages/daemon/src/api/sqliteErrors.ts +47 -0
package/packages/daemon/src/api/stt.ts +143 -0
package/packages/daemon/src/api/terminalRoutes.ts +200 -0
package/packages/daemon/src/api/validation.ts +287 -0
package/packages/daemon/src/api/validationRoutes.ts +174 -0
package/packages/daemon/src/api/workflowRoutes.ts +567 -0
package/packages/daemon/src/api/workspaceRoutes.ts +151 -0
package/packages/daemon/src/api/ws.ts +1588 -0
package/packages/daemon/src/auth/apiRateLimiter.ts +73 -0
package/packages/daemon/src/auth/authMiddleware.ts +305 -0
package/packages/daemon/src/auth/authService.ts +496 -0
package/packages/daemon/src/auth/rateLimiter.ts +137 -0
package/packages/daemon/src/config/pricing.ts +79 -0
package/packages/daemon/src/crypto/encryption.ts +196 -0
package/packages/daemon/src/db/db.ts +2745 -0
package/packages/daemon/src/db/index.ts +16 -0
package/packages/daemon/src/db/migrations.ts +182 -0
package/packages/daemon/src/db/policyDb.ts +349 -0
package/packages/daemon/src/db/schema.sql +408 -0
package/packages/daemon/src/db/workflowDb.ts +464 -0
package/packages/daemon/src/git/gitUtils.ts +544 -0
package/packages/daemon/src/index.ts +6 -0
package/packages/daemon/src/main.ts +525 -0
package/packages/daemon/src/notifications/pushNotifier.ts +369 -0
package/packages/daemon/src/providers/codexAppServerScaffold.ts +49 -0
package/packages/daemon/src/providers/registry.ts +111 -0
package/packages/daemon/src/providers/types.ts +82 -0
package/packages/daemon/src/sessions/auditLogger.ts +103 -0
package/packages/daemon/src/sessions/policyEngine.ts +165 -0
package/packages/daemon/src/sessions/policyMatcher.ts +114 -0
package/packages/daemon/src/sessions/policyTypes.ts +94 -0
package/packages/daemon/src/sessions/ptyProcess.ts +141 -0
package/packages/daemon/src/sessions/sessionManager.ts +1770 -0
package/packages/daemon/src/sessions/tmuxSession.ts +1073 -0
package/packages/daemon/src/sessions/transcriptManager.ts +110 -0
package/packages/daemon/src/sessions/transcriptParser.ts +149 -0
package/packages/daemon/src/sessions/transcriptTailer.ts +214 -0
package/packages/daemon/src/tracking/tokenTracker.ts +168 -0
package/packages/daemon/src/workflows/contextManager.ts +83 -0
package/packages/daemon/src/workflows/index.ts +31 -0
package/packages/daemon/src/workflows/resultExtractor.ts +118 -0
package/packages/daemon/src/workflows/waitConditionPoller.ts +131 -0
package/packages/daemon/src/workflows/workflowParser.ts +217 -0
package/packages/daemon/src/workflows/workflowRunner.ts +969 -0
package/packages/daemon/src/workflows/workflowTypes.ts +188 -0
package/packages/daemon/src/workflows/workflowValidator.ts +533 -0
package/packages/providers/claude-code/package.json +11 -0
package/packages/providers/claude-code/src/index.ts +7 -0
package/packages/providers/claude-code/src/overlaySettings.ts +198 -0
package/packages/providers/claude-code/src/provider.ts +311 -0
package/packages/web/dist/android-chrome-192x192.png +0 -0
package/packages/web/dist/android-chrome-512x512.png +0 -0
package/packages/web/dist/apple-touch-icon.png +0 -0
package/packages/web/dist/assets/AnalyticsPage-BIopKWRf.js +17 -0
package/packages/web/dist/assets/PoliciesPage-CjdLN3dl.js +11 -0
package/packages/web/dist/assets/SessionDetailPage-BtSA0V0M.js +179 -0
package/packages/web/dist/assets/SettingsPage-Dbbz4Ca5.js +37 -0
package/packages/web/dist/assets/WorkflowsPage-Dv6f3GgU.js +1 -0
package/packages/web/dist/assets/chart-vendor-DlOHLaCG.js +49 -0
package/packages/web/dist/assets/codicon-ngg6Pgfi.ttf +0 -0
package/packages/web/dist/assets/css.worker-BvV5MPou.js +93 -0
package/packages/web/dist/assets/editor.worker-CKy7Pnvo.js +26 -0
package/packages/web/dist/assets/html.worker-BLJhxQJQ.js +470 -0
package/packages/web/dist/assets/index-BbdhRfr2.css +1 -0
package/packages/web/dist/assets/index-hgphORiw.js +204 -0
package/packages/web/dist/assets/json.worker-usMZ-FED.js +58 -0
package/packages/web/dist/assets/monaco-core-B_19GPAS.css +1 -0
package/packages/web/dist/assets/monaco-core-DQ5Mk8AK.js +1234 -0
package/packages/web/dist/assets/monaco-react-DfZNWvtW.js +11 -0
package/packages/web/dist/assets/monacoSetup-DvBj52bT.js +1 -0
package/packages/web/dist/assets/pencil-Dbczxz59.js +11 -0
package/packages/web/dist/assets/react-vendor-B5MgMUHH.js +136 -0
package/packages/web/dist/assets/refresh-cw-B0MGsYPL.js +6 -0
package/packages/web/dist/assets/tabs-C8LsWiR5.js +1 -0
package/packages/web/dist/assets/terminal-vendor-Cs8KPbV3.js +9 -0
package/packages/web/dist/assets/terminal-vendor-LcAfv9l9.css +32 -0
package/packages/web/dist/assets/trash-2-Btlg0d4l.js +6 -0
package/packages/web/dist/assets/ts.worker-DGHjMaqB.js +67731 -0
package/packages/web/dist/favicon.ico +0 -0
package/packages/web/dist/icon.svg +1 -0
package/packages/web/dist/index.html +29 -0
package/packages/web/dist/manifest.json +29 -0
package/packages/web/dist/og-image.png +0 -0
package/packages/web/dist/originals/android-chrome-192x192.png +0 -0
package/packages/web/dist/originals/android-chrome-512x512.png +0 -0
package/packages/web/dist/originals/apple-touch-icon.png +0 -0
package/packages/web/dist/originals/favicon.ico +0 -0
package/packages/web/dist/piper.svg +1 -0
package/packages/web/dist/sounds/codepiper-soft-chime.wav +0 -0
package/packages/web/dist/sw.js +257 -0
package/scripts/postinstall-link-workspaces.mjs +58 -0

package/packages/daemon/src/api/inputPolicy.ts ADDED Viewed

@@ -0,0 +1,249 @@
+import * as crypto from "node:crypto";
+import type { EventBus, SessionHandle } from "@codepiper/core";
+import type { Database } from "../db/db";
+import { getProviderDefinition } from "../providers/registry";
+import type { AuditLogger } from "../sessions/auditLogger";
+import type { PolicyEngine } from "../sessions/policyEngine";
+import type { PermissionRequest } from "../sessions/policyTypes";
+import { isDangerousModeMetadata, type SessionManager } from "../sessions/sessionManager";
+interface InputPolicyContext {
+  sessionManager: Pick<SessionManager, "getSession">;
+  db: Pick<Database, "getSession" | "getEffectivePolicies" | "insertEvent">;
+  eventBus: Pick<EventBus, "emit">;
+  policyEngine: Pick<PolicyEngine, "evaluate" | "getDefaultAction">;
+  auditLogger: Pick<AuditLogger, "logDecision">;
+}
+export type InputPolicyRequest =
+  | {
+      kind: "text";
+      input: string;
+      newline: boolean;
+    }
+  | {
+      kind: "keys";
+      keys: string[];
+    };
+export interface InputPolicyResult {
+  allowed: boolean;
+  sessionExists: boolean;
+  provider?: SessionHandle["provider"];
+  status?: number;
+  error?: string;
+  policyAction?: "allow" | "deny" | "ask";
+}
+export class InputPolicyBlockedError extends Error {
+  readonly code = "policy_blocked";
+  readonly status: number;
+  readonly policyAction: "allow" | "deny" | "ask";
+  readonly provider?: SessionHandle["provider"];
+  constructor(result: InputPolicyResult) {
+    const message = result.error || "Input blocked by policy";
+    super(message);
+    this.name = "InputPolicyBlockedError";
+    this.status = result.status ?? 403;
+    this.policyAction = result.policyAction ?? "deny";
+    this.provider = result.provider;
+  }
+}
+export function assertInputPolicyAllowed(result: InputPolicyResult): void {
+  if (result.allowed) {
+    return;
+  }
+  throw new InputPolicyBlockedError(result);
+}
+function resolveSessionForPolicy(
+  ctx: InputPolicyContext,
+  sessionId: string
+): SessionHandle | undefined {
+  return ctx.sessionManager.getSession(sessionId) ?? ctx.db.getSession(sessionId);
+}
+function hashString(value: string): string {
+  return crypto.createHash("sha256").update(value, "utf8").digest("hex");
+}
+function buildPolicyRequest(
+  session: SessionHandle,
+  sessionId: string,
+  request: InputPolicyRequest
+): PermissionRequest {
+  if (request.kind === "text") {
+    return {
+      sessionId,
+      tool: "terminal_input",
+      args: {
+        input: request.input,
+        newline: request.newline,
+        provider: session.provider,
+      },
+      cwd: session.cwd,
+    };
+  }
+  return {
+    sessionId,
+    tool: "terminal_keys",
+    args: {
+      keys: request.keys,
+      provider: session.provider,
+    },
+    cwd: session.cwd,
+  };
+}
+function buildPayload(
+  session: SessionHandle,
+  request: InputPolicyRequest,
+  decision: {
+    policyAction: "allow" | "deny" | "ask";
+    effectiveAction: "allow" | "deny";
+    policyId?: string;
+    ruleId?: string;
+    reason: string;
+  }
+): Record<string, unknown> {
+  const basePayload: Record<string, unknown> = {
+    provider: session.provider,
+    tool: request.kind === "text" ? "terminal_input" : "terminal_keys",
+    policyAction: decision.policyAction,
+    effectiveAction: decision.effectiveAction,
+    policyId: decision.policyId,
+    ruleId: decision.ruleId,
+    reason: decision.reason,
+  };
+  if (request.kind === "text") {
+    basePayload.newline = request.newline;
+    basePayload.inputBytes = Buffer.byteLength(request.input, "utf8");
+    basePayload.inputHash = hashString(request.input);
+    return basePayload;
+  }
+  basePayload.keysCount = request.keys.length;
+  basePayload.keysHash = hashString(JSON.stringify(request.keys));
+  return basePayload;
+}
+function buildAuditArgs(
+  session: SessionHandle,
+  request: InputPolicyRequest
+): Record<string, unknown> {
+  if (request.kind === "text") {
+    return {
+      provider: session.provider,
+      newline: request.newline,
+      inputBytes: Buffer.byteLength(request.input, "utf8"),
+      inputHash: hashString(request.input),
+    };
+  }
+  return {
+    provider: session.provider,
+    keysCount: request.keys.length,
+    keysHash: hashString(JSON.stringify(request.keys)),
+  };
+}
+export async function enforceInputPolicyPreflight(
+  ctx: InputPolicyContext,
+  sessionId: string,
+  request: InputPolicyRequest
+): Promise<InputPolicyResult> {
+  const session = resolveSessionForPolicy(ctx, sessionId);
+  if (!session) {
+    return { allowed: true, sessionExists: false };
+  }
+  const providerDefinition = getProviderDefinition(session.provider);
+  if (providerDefinition.capabilities.policyChannel !== "input-preflight") {
+    return { allowed: true, sessionExists: true, provider: session.provider };
+  }
+  if (isDangerousModeMetadata(session.metadata)) {
+    return { allowed: true, sessionExists: true, provider: session.provider };
+  }
+  const policyRequest = buildPolicyRequest(session, sessionId, request);
+  const policies = ctx.db.getEffectivePolicies(sessionId);
+  const policyDecision = await ctx.policyEngine.evaluate(policyRequest, policies);
+  let effectiveAction: "allow" | "deny";
+  let responseStatus = 403;
+  let responseMessage = policyDecision.reason || "Input blocked by policy";
+  if (policyDecision.action === "allow") {
+    effectiveAction = "allow";
+  } else if (
+    policyDecision.action === "ask" &&
+    !policyDecision.policyId &&
+    ctx.policyEngine.getDefaultAction() === "ask"
+  ) {
+    effectiveAction = "allow";
+    responseMessage = "No matching policy rule found (default ask fallback for no-hook provider)";
+  } else {
+    effectiveAction = "deny";
+    if (policyDecision.action === "ask") {
+      responseStatus = 409;
+      responseMessage =
+        policyDecision.reason ||
+        "Policy returned ask, but this provider does not support interactive policy approvals";
+    }
+  }
+  const payload = buildPayload(session, request, {
+    policyAction: policyDecision.action,
+    effectiveAction,
+    policyId: policyDecision.policyId,
+    ruleId: policyDecision.ruleId,
+    reason: responseMessage,
+  });
+  const eventId = ctx.db.insertEvent({
+    sessionId,
+    source: "pty",
+    type: "InputPolicyDecision",
+    payload,
+  });
+  ctx.eventBus.emit("session:event", {
+    id: eventId,
+    sessionId,
+    type: "InputPolicyDecision",
+    source: "pty",
+    timestamp: new Date(),
+    payload,
+  });
+  ctx.auditLogger.logDecision({
+    sessionId,
+    eventId,
+    toolName: policyRequest.tool,
+    args: buildAuditArgs(session, request),
+    decision: policyDecision,
+  });
+  if (effectiveAction === "deny") {
+    return {
+      allowed: false,
+      sessionExists: true,
+      provider: session.provider,
+      status: responseStatus,
+      error: responseMessage,
+      policyAction: policyDecision.action,
+    };
+  }
+  return {
+    allowed: true,
+    sessionExists: true,
+    provider: session.provider,
+    policyAction: policyDecision.action,
+  };
+}