codewhale 0.8.41

package/scripts/preflight-glibc.js

@@ -0,0 +1,135 @@
+const fs = require("fs");
+const { execFileSync } = require("child_process");
+
+const GLIBC_VERSION_RE = /GLIBC_(\d+)\.(\d+)(?:\.(\d+))?/g;
+
+function isLinux() {
+  return process.platform === "linux";
+}
+
+function parseVersion(text) {
+  const match = String(text || "").match(/(\d+)\.(\d+)(?:\.(\d+))?/);
+  if (!match) return null;
+  return [Number(match[1]), Number(match[2]), Number(match[3] || 0)];
+}
+
+function compareVersion(a, b) {
+  for (let i = 0; i < 3; i += 1) {
+    if (a[i] !== b[i]) return a[i] - b[i];
+  }
+  return 0;
+}
+
+function formatVersion(version) {
+  return version[2] ? `${version[0]}.${version[1]}.${version[2]}` : `${version[0]}.${version[1]}`;
+}
+
+function detectHostGlibc() {
+  try {
+    const out = execFileSync("getconf", ["GNU_LIBC_VERSION"], {
+      encoding: "utf8",
+      stdio: ["ignore", "pipe", "ignore"],
+    });
+    const version = parseVersion(out);
+    if (version) return version;
+  } catch {
+    // fall through to ldd
+  }
+  try {
+    const out = execFileSync("ldd", ["--version"], {
+      encoding: "utf8",
+      stdio: ["ignore", "pipe", "ignore"],
+    });
+    const firstLine = out.split("\n", 1)[0];
+    const version = parseVersion(firstLine);
+    if (version) return version;
+  } catch {
+    // glibc not present (e.g. musl / Alpine)
+  }
+  return null;
+}
+
+function detectBinaryRequiredGlibc(filePath) {
+  const buf = fs.readFileSync(filePath);
+  const text = buf.toString("latin1");
+  let highest = null;
+  GLIBC_VERSION_RE.lastIndex = 0;
+  let match;
+  while ((match = GLIBC_VERSION_RE.exec(text)) !== null) {
+    const version = [Number(match[1]), Number(match[2]), Number(match[3] || 0)];
+    if (!highest || compareVersion(version, highest) > 0) {
+      highest = version;
+    }
+  }
+  return highest;
+}
+
+function buildFromSourceHint() {
+  return [
+    "You can still run codewhale by building from source with Cargo:",
+    "",
+    "  # Requires Rust 1.88+ (https://rustup.rs)",
+    "  cargo install codewhale-cli --locked   # provides `codewhale`",
+    "  cargo install codewhale-tui --locked   # provides `codewhale-tui`",
+    "",
+    "Or build from a checkout:",
+    "",
+    "  git clone https://github.com/Hmbown/CodeWhale.git",
+    "  cd CodeWhale",
+    "  cargo install --path crates/cli --locked",
+    "  cargo install --path crates/tui --locked",
+    "",
+    "See https://github.com/Hmbown/CodeWhale/blob/main/docs/INSTALL.md",
+  ].join("\n");
+}
+
+function preflightGlibc(filePath) {
+  if (!isLinux()) return;
+  if (
+    process.env.DEEPSEEK_TUI_SKIP_GLIBC_CHECK === "1" ||
+    process.env.DEEPSEEK_SKIP_GLIBC_CHECK === "1"
+  ) {
+    return;
+  }
+
+  const required = detectBinaryRequiredGlibc(filePath);
+  if (!required) {
+    // Statically linked / musl binary, or no GLIBC_* version dependencies present.
+    return;
+  }
+
+  const host = detectHostGlibc();
+  if (!host) {
+    throw new Error(
+      [
+        `The prebuilt binary requires GLIBC_${formatVersion(required)}, but no GNU libc was detected on this host.`,
+        "This usually means you're on a musl-based distro such as Alpine.",
+        "",
+        buildFromSourceHint(),
+        "",
+        "Set DEEPSEEK_TUI_SKIP_GLIBC_CHECK=1 to bypass this check at your own risk.",
+      ].join("\n"),
+    );
+  }
+
+  if (compareVersion(host, required) < 0) {
+    throw new Error(
+      [
+        `Prebuilt DeepSeek TUI binary requires GLIBC_${formatVersion(required)} but this system has glibc ${formatVersion(host)}.`,
+        "Older distros (CentOS 7/8, RHEL 7/8, Debian 10, etc.) ship an older glibc that is not compatible with the prebuilt artifact.",
+        "",
+        buildFromSourceHint(),
+        "",
+        "Set DEEPSEEK_TUI_SKIP_GLIBC_CHECK=1 to bypass this check at your own risk.",
+      ].join("\n"),
+    );
+  }
+}
+
+module.exports = {
+  preflightGlibc,
+  detectHostGlibc,
+  detectBinaryRequiredGlibc,
+  // exported for tests
+  _internal: { parseVersion, compareVersion, formatVersion },
+};

package/scripts/run.js

@@ -0,0 +1,59 @@
+const { spawnSync } = require("child_process");
+const { getBinaryPath } = require("./install");
+
+const pkg = require("../package.json");
+
+function isVersionFlag(args = process.argv.slice(2)) {
+  return args.includes("--version") || args.includes("-V");
+}
+
+function handleVersionFallback(binaryName) {
+  if (isVersionFlag()) {
+    const binVersion =
+      pkg.codewhaleBinaryVersion || pkg.deepseekBinaryVersion || pkg.version;
+    console.log(`${binaryName} (npm wrapper) v${pkg.version}`);
+    console.log(`binary version: v${binVersion}`);
+    console.log(`repo: ${pkg.repository?.url || "N/A"}`);
+    process.exit(0);
+  }
+}
+
+async function run(binaryName) {
+  // Intercept --version before attempting binary download/launch
+  handleVersionFallback(binaryName);
+
+  const binaryPath = await getBinaryPath(binaryName);
+  const result = spawnSync(binaryPath, process.argv.slice(2), {
+    stdio: "inherit",
+  });
+  if (result.error) {
+    // If binary fails and user asked for --version, show npm version instead
+    handleVersionFallback(binaryName);
+    throw result.error;
+  }
+  process.exit(result.status ?? 1);
+}
+
+async function runCodeWhale() {
+  await run("codewhale");
+}
+
+async function runCodeWhaleTui() {
+  await run("codewhale-tui");
+}
+
+module.exports = {
+  run,
+  runCodeWhale,
+  runCodeWhaleTui,
+  _internal: { isVersionFlag },
+};
+
+if (require.main === module) {
+  const command = process.argv[1] || "";
+  if (command.includes("tui")) {
+    runCodeWhaleTui();
+  } else {
+    runCodeWhale();
+  }
+}

package/scripts/verify-release-assets.js

@@ -0,0 +1,140 @@
+const https = require("https");
+const http = require("http");
+const {
+  allAssetNames,
+  allReleaseAssetNames,
+  checksumManifestUrl,
+  releaseAssetUrl,
+} = require("./artifacts");
+
+const pkg = require("../package.json");
+
+function resolveBinaryVersion() {
+  const configuredVersion =
+    process.env.DEEPSEEK_TUI_VERSION ||
+    process.env.DEEPSEEK_VERSION ||
+    pkg.codewhaleBinaryVersion || pkg.deepseekBinaryVersion ||
+    pkg.version;
+  return String(configuredVersion).trim();
+}
+
+function resolveRepo() {
+  return process.env.DEEPSEEK_TUI_GITHUB_REPO || process.env.DEEPSEEK_GITHUB_REPO || "Hmbown/CodeWhale";
+}
+
+function requestStatus(url, method = "HEAD", redirects = 0) {
+  if (redirects > 10) {
+    throw new Error(`Too many redirects while checking ${url}`);
+  }
+  const client = url.startsWith("https:") ? https : http;
+  return new Promise((resolve, reject) => {
+    const req = client.request(
+      url,
+      {
+        method,
+        headers: {
+          "User-Agent": "codewhale-npm-release-check",
+        },
+      },
+      (res) => {
+        const status = res.statusCode || 0;
+        const location = res.headers.location;
+        res.resume();
+        if (status >= 300 && status < 400 && location) {
+          const next = new URL(location, url).toString();
+          resolve(requestStatus(next, method, redirects + 1));
+          return;
+        }
+        resolve(status);
+      },
+    );
+    req.on("error", reject);
+    req.end();
+  });
+}
+
+async function verifyAsset(url, label) {
+  let status = await requestStatus(url, "HEAD");
+  if (status === 403 || status === 405) {
+    status = await requestStatus(url, "GET");
+  }
+  if (status < 200 || status >= 400) {
+    throw new Error(`${label} returned HTTP ${status} (${url})`);
+  }
+}
+
+async function downloadText(url) {
+  const client = url.startsWith("https:") ? https : http;
+  return new Promise((resolve, reject) => {
+    client
+      .get(
+        url,
+        {
+          headers: {
+            "User-Agent": "codewhale-npm-release-check",
+          },
+        },
+        (res) => {
+          const status = res.statusCode || 0;
+          if (status >= 300 && status < 400 && res.headers.location) {
+            const next = new URL(res.headers.location, url).toString();
+            resolve(downloadText(next));
+            return;
+          }
+          if (status !== 200) {
+            reject(new Error(`Request failed with status ${status}: ${url}`));
+            res.resume();
+            return;
+          }
+          const chunks = [];
+          res.setEncoding("utf8");
+          res.on("data", (chunk) => chunks.push(chunk));
+          res.on("end", () => resolve(chunks.join("")));
+        },
+      )
+      .on("error", reject);
+  });
+}
+
+function parseChecksumManifest(text) {
+  const checksums = new Map();
+  for (const line of text.split(/\r?\n/)) {
+    const trimmed = line.trim();
+    if (!trimmed) {
+      continue;
+    }
+    const match = trimmed.match(/^([a-fA-F0-9]{64})\s+\*?(.+)$/);
+    if (!match) {
+      throw new Error(`Invalid checksum manifest line: ${trimmed}`);
+    }
+    checksums.set(match[2], match[1].toLowerCase());
+  }
+  return checksums;
+}
+
+async function run() {
+  const version = resolveBinaryVersion();
+  const repo = resolveRepo();
+  const assets = allReleaseAssetNames();
+
+  console.log(`Verifying ${assets.length} release assets for ${repo}@v${version}...`);
+  for (const asset of assets) {
+    const url = releaseAssetUrl(asset, version, repo);
+    await verifyAsset(url, asset);
+    console.log(`  ok ${asset}`);
+  }
+  const checksums = parseChecksumManifest(
+    await downloadText(checksumManifestUrl(version, repo)),
+  );
+  for (const asset of allAssetNames()) {
+    if (!checksums.has(asset)) {
+      throw new Error(`Checksum manifest is missing ${asset}`);
+    }
+  }
+  console.log("Release assets verified.");
+}
+
+run().catch((error) => {
+  console.error("Release asset verification failed:", error.message);
+  process.exit(1);
+});

package/test/artifacts.test.js

@@ -0,0 +1,66 @@
+const assert = require("node:assert/strict");
+const path = require("node:path");
+const test = require("node:test");
+const os = require("os");
+
+const ARTIFACTS_PATH = path.join(__dirname, "..", "scripts", "artifacts.js");
+
+function withMockedOs(platform, arch, fn) {
+  const origPlatform = os.platform;
+  const origArch = os.arch;
+  os.platform = () => platform;
+  os.arch = () => arch;
+  delete require.cache[ARTIFACTS_PATH];
+  try {
+    return fn();
+  } finally {
+    os.platform = origPlatform;
+    os.arch = origArch;
+    delete require.cache[ARTIFACTS_PATH];
+  }
+}
+
+test("openharmony x64 resolves to linux x64 binaries", () => {
+  withMockedOs("openharmony", "x64", () => {
+    const { detectBinaryNames } = require(ARTIFACTS_PATH);
+    const result = detectBinaryNames();
+    assert.equal(result.codewhale, "codewhale-linux-x64");
+    assert.equal(result.tui, "codewhale-tui-linux-x64");
+  });
+});
+
+test("openharmony arm64 resolves to linux arm64 binaries", () => {
+  withMockedOs("openharmony", "arm64", () => {
+    const { detectBinaryNames } = require(ARTIFACTS_PATH);
+    const result = detectBinaryNames();
+    assert.equal(result.codewhale, "codewhale-linux-arm64");
+    assert.equal(result.tui, "codewhale-tui-linux-arm64");
+  });
+});
+
+test("genuinely unsupported platform throws with raw platform name", () => {
+  withMockedOs("freebsd", "x64", () => {
+    const { detectBinaryNames } = require(ARTIFACTS_PATH);
+    assert.throws(
+      () => detectBinaryNames(),
+      (err) => {
+        assert.match(err.message, /Unsupported platform: freebsd/);
+        return true;
+      },
+    );
+  });
+});
+
+test("known platforms are unaffected by alias map", () => {
+  for (const [platform, arch, expectedCodeWhale] of [
+    ["linux", "x64", "codewhale-linux-x64"],
+    ["darwin", "arm64", "codewhale-macos-arm64"],
+    ["win32", "x64", "codewhale-windows-x64.exe"],
+  ]) {
+    withMockedOs(platform, arch, () => {
+      const { detectBinaryNames } = require(ARTIFACTS_PATH);
+      const result = detectBinaryNames();
+      assert.equal(result.codewhale, expectedCodeWhale);
+    });
+  }
+});

package/test/install.test.js

@@ -0,0 +1,180 @@
+const assert = require("node:assert/strict");
+const crypto = require("node:crypto");
+const fs = require("node:fs");
+const os = require("node:os");
+const path = require("node:path");
+const test = require("node:test");
+
+const installScript = fs.readFileSync(
+  path.join(__dirname, "..", "scripts", "install.js"),
+  "utf8",
+);
+const { installFailureHint, _internal } = require("../scripts/install");
+
+function sha256(content) {
+  return crypto.createHash("sha256").update(content).digest("hex");
+}
+
+async function makeTempDir(t) {
+  const dir = await fs.promises.mkdtemp(path.join(os.tmpdir(), "codewhale-install-test-"));
+  t.after(() => fs.promises.rm(dir, { force: true, recursive: true }));
+  return dir;
+}
+
+async function exists(file) {
+  return fs.promises.access(file).then(
+    () => true,
+    () => false,
+  );
+}
+
+async function withoutForcedDownload(callback) {
+  const previousTui = process.env.DEEPSEEK_TUI_FORCE_DOWNLOAD;
+  const previousLegacy = process.env.DEEPSEEK_FORCE_DOWNLOAD;
+  delete process.env.DEEPSEEK_TUI_FORCE_DOWNLOAD;
+  delete process.env.DEEPSEEK_FORCE_DOWNLOAD;
+  try {
+    return await callback();
+  } finally {
+    if (previousTui === undefined) {
+      delete process.env.DEEPSEEK_TUI_FORCE_DOWNLOAD;
+    } else {
+      process.env.DEEPSEEK_TUI_FORCE_DOWNLOAD = previousTui;
+    }
+    if (previousLegacy === undefined) {
+      delete process.env.DEEPSEEK_FORCE_DOWNLOAD;
+    } else {
+      process.env.DEEPSEEK_FORCE_DOWNLOAD = previousLegacy;
+    }
+  }
+}
+
+test("install script checks Node support before loading helpers", () => {
+  const guardIndex = installScript.indexOf("assertSupportedNode();");
+  const firstRequireIndex = installScript.indexOf("require(");
+
+  assert.notEqual(guardIndex, -1);
+  assert.notEqual(firstRequireIndex, -1);
+  assert.ok(guardIndex < firstRequireIndex);
+});
+
+test("install script remains parseable before the Node support guard runs", () => {
+  assert.equal(installScript.includes("??"), false);
+  assert.equal(installScript.includes("?."), false);
+});
+
+test("install failure hint explains release base override for blocked GitHub downloads", () => {
+  const previous = process.env.DEEPSEEK_TUI_RELEASE_BASE_URL;
+  delete process.env.DEEPSEEK_TUI_RELEASE_BASE_URL;
+  try {
+    const error = Object.assign(
+      new Error(
+        "fetch https://github.com/Hmbown/CodeWhale/releases/download/v0.8.19/codewhale-artifacts-sha256.txt failed after 5 attempts:\ngetaddrinfo ENOTFOUND github.com",
+      ),
+      { code: "ENOTFOUND" },
+    );
+
+    const hint = installFailureHint(error);
+
+    assert.match(hint, /DEEPSEEK_TUI_RELEASE_BASE_URL/);
+    assert.match(hint, /codewhale-artifacts-sha256\.txt/);
+    assert.match(hint, /platform binaries/);
+    assert.match(hint, /#npm-binary-download-times-out/);
+  } finally {
+    if (previous === undefined) {
+      delete process.env.DEEPSEEK_TUI_RELEASE_BASE_URL;
+    } else {
+      process.env.DEEPSEEK_TUI_RELEASE_BASE_URL = previous;
+    }
+  }
+});
+
+test("install failure hint checks configured release base when override is already set", () => {
+  const previous = process.env.DEEPSEEK_TUI_RELEASE_BASE_URL;
+  process.env.DEEPSEEK_TUI_RELEASE_BASE_URL = "https://mirror.example/deepseek/";
+  try {
+    const error = Object.assign(new Error("download stalled"), {
+      code: "EDOWNLOADTIMEOUT",
+    });
+
+    const hint = installFailureHint(error);
+
+    assert.match(hint, /is set to https:\/\/mirror\.example\/deepseek\//);
+    assert.match(hint, /codewhale-artifacts-sha256\.txt/);
+    assert.doesNotMatch(hint, /If GitHub is unavailable/);
+  } finally {
+    if (previous === undefined) {
+      delete process.env.DEEPSEEK_TUI_RELEASE_BASE_URL;
+    } else {
+      process.env.DEEPSEEK_TUI_RELEASE_BASE_URL = previous;
+    }
+  }
+});
+
+test("ensureBinary adopts a manually placed target binary after checksum validation", async (t) => {
+  const dir = await makeTempDir(t);
+  const target = path.join(dir, process.platform === "win32" ? "codewhale.exe" : "codewhale");
+  const assetName = process.platform === "win32" ? "codewhale-windows-x64.exe" : "codewhale-linux-x64";
+  const version = "0.8.25";
+  const content = Buffer.from("manual codewhale binary");
+  let checksumLoads = 0;
+
+  await fs.promises.writeFile(target, content, { mode: 0o600 });
+  await fs.promises.writeFile(`${target}.version`, "0.8.24", "utf8");
+
+  const result = await withoutForcedDownload(() =>
+    _internal.ensureBinary(target, assetName, version, "Hmbown/CodeWhale", async () => {
+      checksumLoads += 1;
+      return new Map([[assetName, sha256(content)]]);
+    }),
+  );
+
+  assert.equal(result, target);
+  assert.equal(checksumLoads, 1);
+  assert.equal(await fs.promises.readFile(`${target}.version`, "utf8"), version);
+  if (process.platform !== "win32") {
+    assert.notEqual((await fs.promises.stat(target)).mode & 0o111, 0);
+  }
+});
+
+test("ensureBinary adopts an official release-named binary placed in downloads", async (t) => {
+  const dir = await makeTempDir(t);
+  const target = path.join(dir, process.platform === "win32" ? "codewhale.exe" : "codewhale");
+  const assetName = process.platform === "win32" ? "codewhale-windows-x64.exe" : "codewhale-linux-x64";
+  const assetPath = path.join(dir, assetName);
+  const version = "0.8.25";
+  const content = Buffer.from("official release binary");
+
+  await fs.promises.writeFile(assetPath, content);
+
+  const result = await withoutForcedDownload(() =>
+    _internal.ensureBinary(target, assetName, version, "Hmbown/CodeWhale", async () =>
+      new Map([[assetName, sha256(content)]]),
+    ),
+  );
+
+  assert.equal(result, target);
+  assert.equal(await exists(target), true);
+  assert.equal(await exists(assetPath), false);
+  assert.equal(await fs.promises.readFile(`${target}.version`, "utf8"), version);
+});
+
+test("manual binaries with mismatched checksums are not adopted", async (t) => {
+  const dir = await makeTempDir(t);
+  const target = path.join(dir, process.platform === "win32" ? "codewhale.exe" : "codewhale");
+  const assetName = process.platform === "win32" ? "codewhale-windows-x64.exe" : "codewhale-linux-x64";
+  const content = Buffer.from("wrong binary bytes");
+
+  await fs.promises.writeFile(target, content);
+
+  const adopted = await _internal.adoptExistingBinaryIfValid(
+    target,
+    assetName,
+    "0.8.25",
+    async () => new Map([[assetName, sha256(Buffer.from("different bytes"))]]),
+    `${target}.version`,
+  );
+
+  assert.equal(adopted, false);
+  assert.equal(await exists(`${target}.version`), false);
+});