npm - codepiper - Versions diffs - 0.1.0 - Mend

codepiper 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/.env.example +28 -0
package/CHANGELOG.md +10 -0
package/LEGAL_NOTICE.md +39 -0
package/LICENSE +21 -0
package/README.md +524 -0
package/package.json +90 -0
package/packages/cli/package.json +13 -0
package/packages/cli/src/commands/analytics.ts +157 -0
package/packages/cli/src/commands/attach.ts +299 -0
package/packages/cli/src/commands/audit.ts +50 -0
package/packages/cli/src/commands/auth.ts +261 -0
package/packages/cli/src/commands/daemon.ts +162 -0
package/packages/cli/src/commands/doctor.ts +303 -0
package/packages/cli/src/commands/env-set.ts +162 -0
package/packages/cli/src/commands/hook-forward.ts +268 -0
package/packages/cli/src/commands/keys.ts +77 -0
package/packages/cli/src/commands/kill.ts +19 -0
package/packages/cli/src/commands/logs.ts +419 -0
package/packages/cli/src/commands/model.ts +172 -0
package/packages/cli/src/commands/policy-set.ts +185 -0
package/packages/cli/src/commands/policy.ts +227 -0
package/packages/cli/src/commands/providers.ts +114 -0
package/packages/cli/src/commands/resize.ts +34 -0
package/packages/cli/src/commands/send.ts +184 -0
package/packages/cli/src/commands/sessions.ts +202 -0
package/packages/cli/src/commands/slash.ts +92 -0
package/packages/cli/src/commands/start.ts +243 -0
package/packages/cli/src/commands/stop.ts +19 -0
package/packages/cli/src/commands/tail.ts +137 -0
package/packages/cli/src/commands/workflow.ts +786 -0
package/packages/cli/src/commands/workspace.ts +127 -0
package/packages/cli/src/lib/api.ts +78 -0
package/packages/cli/src/lib/args.ts +72 -0
package/packages/cli/src/lib/format.ts +93 -0
package/packages/cli/src/main.ts +563 -0
package/packages/core/package.json +7 -0
package/packages/core/src/config.ts +30 -0
package/packages/core/src/errors.ts +38 -0
package/packages/core/src/eventBus.ts +56 -0
package/packages/core/src/eventBusAdapter.ts +143 -0
package/packages/core/src/index.ts +10 -0
package/packages/core/src/sqliteEventBus.ts +336 -0
package/packages/core/src/types.ts +63 -0
package/packages/daemon/package.json +11 -0
package/packages/daemon/src/api/analyticsRoutes.ts +343 -0
package/packages/daemon/src/api/authRoutes.ts +344 -0
package/packages/daemon/src/api/bodyLimit.ts +133 -0
package/packages/daemon/src/api/envSetRoutes.ts +170 -0
package/packages/daemon/src/api/gitRoutes.ts +409 -0
package/packages/daemon/src/api/hooks.ts +588 -0
package/packages/daemon/src/api/inputPolicy.ts +249 -0
package/packages/daemon/src/api/notificationRoutes.ts +532 -0
package/packages/daemon/src/api/policyRoutes.ts +234 -0
package/packages/daemon/src/api/policySetRoutes.ts +445 -0
package/packages/daemon/src/api/routeUtils.ts +28 -0
package/packages/daemon/src/api/routes.ts +1004 -0
package/packages/daemon/src/api/server.ts +1388 -0
package/packages/daemon/src/api/settingsRoutes.ts +367 -0
package/packages/daemon/src/api/sqliteErrors.ts +47 -0
package/packages/daemon/src/api/stt.ts +143 -0
package/packages/daemon/src/api/terminalRoutes.ts +200 -0
package/packages/daemon/src/api/validation.ts +287 -0
package/packages/daemon/src/api/validationRoutes.ts +174 -0
package/packages/daemon/src/api/workflowRoutes.ts +567 -0
package/packages/daemon/src/api/workspaceRoutes.ts +151 -0
package/packages/daemon/src/api/ws.ts +1588 -0
package/packages/daemon/src/auth/apiRateLimiter.ts +73 -0
package/packages/daemon/src/auth/authMiddleware.ts +305 -0
package/packages/daemon/src/auth/authService.ts +496 -0
package/packages/daemon/src/auth/rateLimiter.ts +137 -0
package/packages/daemon/src/config/pricing.ts +79 -0
package/packages/daemon/src/crypto/encryption.ts +196 -0
package/packages/daemon/src/db/db.ts +2745 -0
package/packages/daemon/src/db/index.ts +16 -0
package/packages/daemon/src/db/migrations.ts +182 -0
package/packages/daemon/src/db/policyDb.ts +349 -0
package/packages/daemon/src/db/schema.sql +408 -0
package/packages/daemon/src/db/workflowDb.ts +464 -0
package/packages/daemon/src/git/gitUtils.ts +544 -0
package/packages/daemon/src/index.ts +6 -0
package/packages/daemon/src/main.ts +525 -0
package/packages/daemon/src/notifications/pushNotifier.ts +369 -0
package/packages/daemon/src/providers/codexAppServerScaffold.ts +49 -0
package/packages/daemon/src/providers/registry.ts +111 -0
package/packages/daemon/src/providers/types.ts +82 -0
package/packages/daemon/src/sessions/auditLogger.ts +103 -0
package/packages/daemon/src/sessions/policyEngine.ts +165 -0
package/packages/daemon/src/sessions/policyMatcher.ts +114 -0
package/packages/daemon/src/sessions/policyTypes.ts +94 -0
package/packages/daemon/src/sessions/ptyProcess.ts +141 -0
package/packages/daemon/src/sessions/sessionManager.ts +1770 -0
package/packages/daemon/src/sessions/tmuxSession.ts +1073 -0
package/packages/daemon/src/sessions/transcriptManager.ts +110 -0
package/packages/daemon/src/sessions/transcriptParser.ts +149 -0
package/packages/daemon/src/sessions/transcriptTailer.ts +214 -0
package/packages/daemon/src/tracking/tokenTracker.ts +168 -0
package/packages/daemon/src/workflows/contextManager.ts +83 -0
package/packages/daemon/src/workflows/index.ts +31 -0
package/packages/daemon/src/workflows/resultExtractor.ts +118 -0
package/packages/daemon/src/workflows/waitConditionPoller.ts +131 -0
package/packages/daemon/src/workflows/workflowParser.ts +217 -0
package/packages/daemon/src/workflows/workflowRunner.ts +969 -0
package/packages/daemon/src/workflows/workflowTypes.ts +188 -0
package/packages/daemon/src/workflows/workflowValidator.ts +533 -0
package/packages/providers/claude-code/package.json +11 -0
package/packages/providers/claude-code/src/index.ts +7 -0
package/packages/providers/claude-code/src/overlaySettings.ts +198 -0
package/packages/providers/claude-code/src/provider.ts +311 -0
package/packages/web/dist/android-chrome-192x192.png +0 -0
package/packages/web/dist/android-chrome-512x512.png +0 -0
package/packages/web/dist/apple-touch-icon.png +0 -0
package/packages/web/dist/assets/AnalyticsPage-BIopKWRf.js +17 -0
package/packages/web/dist/assets/PoliciesPage-CjdLN3dl.js +11 -0
package/packages/web/dist/assets/SessionDetailPage-BtSA0V0M.js +179 -0
package/packages/web/dist/assets/SettingsPage-Dbbz4Ca5.js +37 -0
package/packages/web/dist/assets/WorkflowsPage-Dv6f3GgU.js +1 -0
package/packages/web/dist/assets/chart-vendor-DlOHLaCG.js +49 -0
package/packages/web/dist/assets/codicon-ngg6Pgfi.ttf +0 -0
package/packages/web/dist/assets/css.worker-BvV5MPou.js +93 -0
package/packages/web/dist/assets/editor.worker-CKy7Pnvo.js +26 -0
package/packages/web/dist/assets/html.worker-BLJhxQJQ.js +470 -0
package/packages/web/dist/assets/index-BbdhRfr2.css +1 -0
package/packages/web/dist/assets/index-hgphORiw.js +204 -0
package/packages/web/dist/assets/json.worker-usMZ-FED.js +58 -0
package/packages/web/dist/assets/monaco-core-B_19GPAS.css +1 -0
package/packages/web/dist/assets/monaco-core-DQ5Mk8AK.js +1234 -0
package/packages/web/dist/assets/monaco-react-DfZNWvtW.js +11 -0
package/packages/web/dist/assets/monacoSetup-DvBj52bT.js +1 -0
package/packages/web/dist/assets/pencil-Dbczxz59.js +11 -0
package/packages/web/dist/assets/react-vendor-B5MgMUHH.js +136 -0
package/packages/web/dist/assets/refresh-cw-B0MGsYPL.js +6 -0
package/packages/web/dist/assets/tabs-C8LsWiR5.js +1 -0
package/packages/web/dist/assets/terminal-vendor-Cs8KPbV3.js +9 -0
package/packages/web/dist/assets/terminal-vendor-LcAfv9l9.css +32 -0
package/packages/web/dist/assets/trash-2-Btlg0d4l.js +6 -0
package/packages/web/dist/assets/ts.worker-DGHjMaqB.js +67731 -0
package/packages/web/dist/favicon.ico +0 -0
package/packages/web/dist/icon.svg +1 -0
package/packages/web/dist/index.html +29 -0
package/packages/web/dist/manifest.json +29 -0
package/packages/web/dist/og-image.png +0 -0
package/packages/web/dist/originals/android-chrome-192x192.png +0 -0
package/packages/web/dist/originals/android-chrome-512x512.png +0 -0
package/packages/web/dist/originals/apple-touch-icon.png +0 -0
package/packages/web/dist/originals/favicon.ico +0 -0
package/packages/web/dist/piper.svg +1 -0
package/packages/web/dist/sounds/codepiper-soft-chime.wav +0 -0
package/packages/web/dist/sw.js +257 -0
package/scripts/postinstall-link-workspaces.mjs +58 -0

package/packages/daemon/src/crypto/encryption.ts ADDED Viewed

@@ -0,0 +1,196 @@
+import * as crypto from "node:crypto";
+import * as fs from "node:fs";
+import * as os from "node:os";
+import * as path from "node:path";
+/**
+ * Encrypted data blob with IV, auth tag, and ciphertext (all hex-encoded)
+ */
+export interface EncryptedBlob {
+  iv: string; // hex
+  tag: string; // hex
+  ciphertext: string; // hex
+}
+const ALGORITHM = "aes-256-gcm";
+const IV_BYTES = 12;
+const KEY_BYTES = 32;
+const HOOK_SECRET_BYTES = 32;
+interface SecretsFile {
+  encryptionKey?: string;
+  hookSecret?: string;
+  [key: string]: string | undefined;
+}
+function getCodepiperDir(): string {
+  return path.join(os.homedir(), ".codepiper");
+}
+function getSecretsPath(): string {
+  return path.join(getCodepiperDir(), "secrets.json");
+}
+function ensureCodepiperDir(): void {
+  const dir = getCodepiperDir();
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  }
+  try {
+    fs.chmodSync(dir, 0o700);
+  } catch {
+    // best-effort on non-POSIX filesystems
+  }
+}
+function hardenSecretsFilePermissions(): void {
+  const secretsPath = getSecretsPath();
+  if (!fs.existsSync(secretsPath)) {
+    return;
+  }
+  try {
+    fs.chmodSync(secretsPath, 0o600);
+  } catch {
+    // best-effort on non-POSIX filesystems
+  }
+}
+function readSecretsFile(): SecretsFile {
+  ensureCodepiperDir();
+  const secretsPath = getSecretsPath();
+  if (!fs.existsSync(secretsPath)) {
+    return {};
+  }
+  hardenSecretsFilePermissions();
+  const raw = fs.readFileSync(secretsPath, "utf-8");
+  const parsed: unknown = JSON.parse(raw);
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error(`Invalid secrets file format: ${secretsPath}`);
+  }
+  return parsed as SecretsFile;
+}
+function writeSecretsFile(secrets: SecretsFile): void {
+  ensureCodepiperDir();
+  const secretsPath = getSecretsPath();
+  // Write via temp file + rename to avoid partial writes.
+  const tempPath = `${secretsPath}.tmp-${process.pid}-${Date.now()}`;
+  const fd = fs.openSync(tempPath, "w", 0o600);
+  try {
+    fs.writeSync(fd, JSON.stringify(secrets, null, 2));
+  } finally {
+    fs.closeSync(fd);
+  }
+  fs.renameSync(tempPath, secretsPath);
+  try {
+    fs.chmodSync(secretsPath, 0o600);
+  } catch {
+    // best-effort on filesystems that do not honor POSIX permissions
+  }
+}
+/**
+ * Get or create the encryption key from ~/.codepiper/secrets.json.
+ * If the file or key doesn't exist, generates a new 32-byte random key,
+ * writes it back, and sets file permissions to 600.
+ */
+export function getOrCreateEncryptionKey(): Buffer {
+  const secrets = readSecretsFile();
+  if (secrets.encryptionKey) {
+    return Buffer.from(secrets.encryptionKey, "hex");
+  }
+  // Generate a new key
+  const key = crypto.randomBytes(KEY_BYTES);
+  secrets.encryptionKey = key.toString("hex");
+  writeSecretsFile(secrets);
+  return key;
+}
+/**
+ * Get or create a persistent hook authentication secret.
+ * The secret is shared across daemon restarts so preserved sessions keep working.
+ */
+export function getOrCreateHookSecret(): string {
+  const secrets = readSecretsFile();
+  const existing = secrets.hookSecret;
+  if (existing && /^[a-f0-9]{64}$/.test(existing)) {
+    return existing;
+  }
+  const secret = crypto.randomBytes(HOOK_SECRET_BYTES).toString("hex");
+  secrets.hookSecret = secret;
+  writeSecretsFile(secrets);
+  return secret;
+}
+/**
+ * Encrypt plaintext using AES-256-GCM.
+ * Returns an EncryptedBlob with hex-encoded iv, tag, and ciphertext.
+ */
+export function encrypt(plaintext: string, key: Buffer): EncryptedBlob {
+  const iv = crypto.randomBytes(IV_BYTES);
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return {
+    iv: iv.toString("hex"),
+    tag: tag.toString("hex"),
+    ciphertext: encrypted.toString("hex"),
+  };
+}
+/**
+ * Decrypt an EncryptedBlob back to plaintext using AES-256-GCM.
+ * Throws if the ciphertext or auth tag has been tampered with.
+ */
+export function decrypt(blob: EncryptedBlob, key: Buffer): string {
+  const iv = Buffer.from(blob.iv, "hex");
+  const tag = Buffer.from(blob.tag, "hex");
+  const ciphertext = Buffer.from(blob.ciphertext, "hex");
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(tag);
+  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+  return decrypted.toString("utf-8");
+}
+/**
+ * Mask a value for display: shows "****" + last 4 chars.
+ * For values shorter than 5 chars, returns "****".
+ */
+export function maskValue(value: string): string {
+  if (value.length < 5) {
+    return "****";
+  }
+  return `****${value.slice(-4)}`;
+}
+/**
+ * Encrypt a vars object (Record<string, string>) as a single JSON blob.
+ * Returns the encrypted JSON as a string (JSON-serialized EncryptedBlob).
+ */
+export function encryptVars(vars: Record<string, string>, key: Buffer): string {
+  const plaintext = JSON.stringify(vars);
+  const blob = encrypt(plaintext, key);
+  return JSON.stringify(blob);
+}
+/**
+ * Decrypt an encrypted vars JSON string back to a Record<string, string>.
+ */
+export function decryptVars(encryptedJson: string, key: Buffer): Record<string, string> {
+  const blob: EncryptedBlob = JSON.parse(encryptedJson);
+  const plaintext = decrypt(blob, key);
+  return JSON.parse(plaintext);
+}