companionbot 0.6.0 → 0.7.0

package/README.md

@@ -29,12 +29,21 @@
 - **일회성 예약** - "내일 오전 9시에 알려줘"
 - **반복 작업** - "30분마다 주식 가격 확인해줘"
 
-### 🤖 고급 기능 (v0.3.0)
+### 🤖 고급 기능 (v0.3.0+)
 - **서브 에이전트** - 복잡한 작업을 백그라운드에서 처리
 - **백그라운드 실행** - 긴 명령어를 백그라운드에서 실행하고 결과 확인
 - **파일 시스템** - 워크스페이스 내 파일 읽기/쓰기/편집
 - **일일 메모리** - 대화 내용 자동 저장
 
+### 🧠 시맨틱 메모리 (v0.6.0)
+- **벡터 검색** - 임베딩 기반 관련 메모리 검색
+- **자동 인덱싱** - 메모리 파일 자동 청크 분할 및 임베딩
+- **유사도 매칭** - 의미 기반으로 관련 대화 기록 찾기
+
+### 🔧 시스템 (v0.6.0)
+- **헬스 체크** - 봇 상태 모니터링 (uptime, 메시지 수, 오류 수)
+- **업데이트 알림** - 새 버전 출시 시 자동 알림
+
 ## 설치
 
 ### 사전 준비
@@ -273,7 +282,22 @@ npm test       # 테스트 실행
 
 ## 버전 히스토리
 
-### v0.3.0 (현재)
+### v0.6.0 (현재)
+- 🧠 시맨틱 메모리 검색 (임베딩 기반)
+- 💚 헬스 체크 모니터링
+- 🔄 자동 업데이트 알림
+
+### v0.5.0
+- 🔒 보안 강화 (SSRF 방지, 경로 검증)
+- ✅ 테스트 추가 (vitest)
+- 📖 문서 개선
+
+### v0.4.0
+- 🛡️ 보안 강화 (TOCTOU, 심볼릭 링크 검증)
+- 🧹 세션 자동 정리
+- 🔧 환경변수 기반 경로 설정
+
+### v0.3.0
 - 🔍 웹 검색 (Brave Search API)
 - 🕐 Cron 스케줄링 (한국어 지원)
 - 🤖 서브 에이전트 (백그라운드 작업)

package/dist/ai/claude.js

@@ -1,5 +1,48 @@
-import Anthropic from "@anthropic-ai/sdk";
+import Anthropic, { APIError } from "@anthropic-ai/sdk";
 import { tools, executeTool } from "../tools/index.js";
+import { sleep } from "../utils/time.js";
+import { MAX_RETRIES, BASE_RETRY_DELAY_MS } from "../utils/constants.js";
+async function withRetry(fn, retries = MAX_RETRIES) {
+    let lastError = null;
+    for (let attempt = 0; attempt < retries; attempt++) {
+        try {
+            return await fn();
+        }
+        catch (error) {
+            // APIError 타입 체크
+            if (error instanceof APIError) {
+                lastError = error;
+                // Rate limit (429)
+                if (error.status === 429) {
+                    const retryAfter = error.headers?.["retry-after"];
+                    const delay = retryAfter
+                        ? parseInt(retryAfter) * 1000
+                        : BASE_RETRY_DELAY_MS * Math.pow(2, attempt);
+                    console.log(`[RateLimit] 429 received, waiting ${delay}ms (attempt ${attempt + 1}/${retries})`);
+                    await sleep(delay);
+                    continue;
+                }
+                // 서버 에러 (500+)
+                if (error.status >= 500) {
+                    const delay = BASE_RETRY_DELAY_MS * Math.pow(2, attempt);
+                    console.log(`[ServerError] ${error.status}, waiting ${delay}ms (attempt ${attempt + 1}/${retries})`);
+                    await sleep(delay);
+                    continue;
+                }
+            }
+            // 일반 Error 처리
+            if (error instanceof Error) {
+                lastError = error;
+            }
+            else {
+                lastError = new Error(String(error));
+            }
+            // 다른 에러는 바로 throw
+            throw error;
+        }
+    }
+    throw lastError;
+}
 let anthropic = null;
 function getClient() {
     if (!anthropic) {
@@ -58,20 +101,7 @@ export async function chat(messages, systemPrompt, modelId = "sonnet") {
         return params;
     };
     let response;
-    try {
-        response = await client.messages.create(buildRequestParams());
-    }
-    catch (error) {
-        if (error instanceof Anthropic.APIError) {
-            if (error.status === 429) {
-                throw new Error("API 요청이 너무 많아. 잠시 후 다시 시도해줘.");
-            }
-            if (error.status >= 500) {
-                throw new Error("AI 서버에 문제가 생겼어. 잠시 후 다시 시도해줘.");
-            }
-        }
-        throw error;
-    }
+    response = await withRetry(() => client.messages.create(buildRequestParams()));
     // Tool use 루프 - Claude가 도구 사용을 멈출 때까지 반복 (최대 10회)
     const MAX_TOOL_ITERATIONS = 10;
     let iterations = 0;
@@ -103,20 +133,7 @@ export async function chat(messages, systemPrompt, modelId = "sonnet") {
             content: toolResults,
         });
         // 다음 응답 요청 (도구 루프에서도 thinking 유지)
-        try {
-            response = await client.messages.create(buildRequestParams());
-        }
-        catch (error) {
-            if (error instanceof Anthropic.APIError) {
-                if (error.status === 429) {
-                    throw new Error("API 요청이 너무 많아. 잠시 후 다시 시도해줘.");
-                }
-                if (error.status >= 500) {
-                    throw new Error("AI 서버에 문제가 생겼어. 잠시 후 다시 시도해줘.");
-                }
-            }
-            throw error;
-        }
+        response = await withRetry(() => client.messages.create(buildRequestParams()));
     }
     // 반복 횟수 초과 시 경고
     if (iterations >= MAX_TOOL_ITERATIONS) {
@@ -163,7 +180,9 @@ export async function chatSmart(messages, systemPrompt, modelId, onChunk) {
     // (도구 호출 폴백 시 chat()에서 thinking 사용됨)
     let accumulated = "";
     let stopReason = null;
-    try {
+    // 스트리밍에 withRetry 적용 - 실패 시 자동 재시도
+    return await withRetry(async () => {
+        accumulated = ""; // 재시도 시 초기화
         const stream = client.messages.stream(params);
         // 스트리밍 이벤트 처리
         stream.on("text", async (text) => {
@@ -187,30 +206,5 @@ export async function chatSmart(messages, systemPrompt, modelId, onChunk) {
         }
         // 성공적으로 스트리밍 완료
         return { text: accumulated, usedTools: false };
-    }
-    catch (error) {
-        // 스트리밍 에러 핸들링
-        if (error instanceof Anthropic.APIError) {
-            if (error.status === 429) {
-                throw new Error("API 요청이 너무 많아. 잠시 후 다시 시도해줘.");
-            }
-            if (error.status >= 500) {
-                throw new Error("AI 서버에 문제가 생겼어. 잠시 후 다시 시도해줘.");
-            }
-        }
-        // 연결 끊김 등 스트리밍 에러 - 이미 받은 내용이 있으면 반환 시도
-        if (accumulated.length > 50) {
-            console.warn("[Stream] Connection error, returning partial response");
-            return { text: accumulated + "\n\n(연결이 끊겨서 응답이 잘렸을 수 있어)", usedTools: false };
-        }
-        // 응답이 거의 없으면 일반 chat으로 재시도
-        console.warn("[Stream] Connection error, retrying with chat()");
-        try {
-            const text = await chat(messages, systemPrompt, modelId);
-            return { text, usedTools: false };
-        }
-        catch (retryError) {
-            throw retryError;
-        }
-    }
+    });
 }

package/dist/calendar/index.js

@@ -1,4 +1,5 @@
-import { google } from "googleapis";
+import { calendar } from "@googleapis/calendar";
+import { OAuth2Client } from "google-auth-library";
 import * as fs from "fs/promises";
 import * as path from "path";
 import * as http from "http";
@@ -69,7 +70,7 @@ export async function getAuthUrl() {
     const creds = await loadCredentials();
     if (!creds)
         return null;
-    const oauth2Client = new google.auth.OAuth2(creds.client_id, creds.client_secret, REDIRECT_URI);
+    const oauth2Client = new OAuth2Client(creds.client_id, creds.client_secret, REDIRECT_URI);
     return oauth2Client.generateAuthUrl({
         access_type: "offline",
         scope: SCOPES,
@@ -120,7 +121,7 @@ export async function exchangeCodeForToken(code) {
     const creds = await loadCredentials();
     if (!creds)
         return false;
-    const oauth2Client = new google.auth.OAuth2(creds.client_id, creds.client_secret, REDIRECT_URI);
+    const oauth2Client = new OAuth2Client(creds.client_id, creds.client_secret, REDIRECT_URI);
     try {
         const { tokens } = await oauth2Client.getToken(code);
         if (tokens.access_token && tokens.refresh_token) {
@@ -145,7 +146,7 @@ async function getAuthClient() {
     if (!creds || !token) {
         throw new Error("Calendar not configured. Use /calendar_setup");
     }
-    const oauth2Client = new google.auth.OAuth2(creds.client_id, creds.client_secret, REDIRECT_URI);
+    const oauth2Client = new OAuth2Client(creds.client_id, creds.client_secret, REDIRECT_URI);
     oauth2Client.setCredentials({
         access_token: token.access_token,
         refresh_token: token.refresh_token,
@@ -169,17 +170,18 @@ async function getAuthClient() {
 // 캘린더 API 인스턴스
 async function getCalendar() {
     const auth = await getAuthClient();
-    return google.calendar({ version: "v3", auth });
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    return calendar({ version: "v3", auth: auth });
 }
 // 오늘 일정 조회
 export async function getTodayEvents() {
-    const calendar = await getCalendar();
+    const cal = await getCalendar();
     const now = new Date();
     const startOfDay = new Date(now);
     startOfDay.setHours(0, 0, 0, 0);
     const endOfDay = new Date(now);
     endOfDay.setHours(23, 59, 59, 999);
-    const response = await calendar.events.list({
+    const response = await cal.events.list({
         calendarId: "primary",
         timeMin: startOfDay.toISOString(),
         timeMax: endOfDay.toISOString(),
@@ -190,8 +192,8 @@ export async function getTodayEvents() {
 }
 // 특정 기간 일정 조회
 export async function getEvents(startDate, endDate) {
-    const calendar = await getCalendar();
-    const response = await calendar.events.list({
+    const cal = await getCalendar();
+    const response = await cal.events.list({
         calendarId: "primary",
         timeMin: startDate.toISOString(),
         timeMax: endDate.toISOString(),
@@ -203,7 +205,7 @@ export async function getEvents(startDate, endDate) {
 }
 // 일정 추가
 export async function addEvent(summary, startTime, endTime, description) {
-    const calendar = await getCalendar();
+    const cal = await getCalendar();
     // 종료 시간이 없으면 1시간 후
     const end = endTime || new Date(startTime.getTime() + 60 * 60 * 1000);
     const event = {
@@ -218,7 +220,7 @@ export async function addEvent(summary, startTime, endTime, description) {
             timeZone: "Asia/Seoul",
         },
     };
-    const response = await calendar.events.insert({
+    const response = await cal.events.insert({
         calendarId: "primary",
         requestBody: event,
     });
@@ -227,8 +229,8 @@ export async function addEvent(summary, startTime, endTime, description) {
 // 일정 삭제
 export async function deleteEvent(eventId) {
     try {
-        const calendar = await getCalendar();
-        await calendar.events.delete({
+        const cal = await getCalendar();
+        await cal.events.delete({
             calendarId: "primary",
             eventId,
         });

package/dist/cron/parser.js

@@ -131,50 +131,82 @@ export function parseCronExpression(expr) {
 }
 /**
  * Calculate the next run time for a cron expression
+ * Returns null if no valid next run time is found (safer than throwing)
  */
 export function getNextCronRun(expression, fromDate = new Date(), timezone) {
-    const parsed = parseCronExpression(expression);
-    const from = new Date(fromDate);
-    // Start from the next minute
-    from.setSeconds(0);
-    from.setMilliseconds(0);
-    from.setMinutes(from.getMinutes() + 1);
-    // Search for the next matching time (max 2 years ahead)
-    const maxIterations = 365 * 24 * 60 * 2; // 2 years in minutes
-    for (let i = 0; i < maxIterations; i++) {
-        const candidate = new Date(from.getTime() + i * 60000);
-        const minute = candidate.getMinutes();
-        const hour = candidate.getHours();
-        const dayOfMonth = candidate.getDate();
-        const month = candidate.getMonth() + 1;
-        const dayOfWeek = candidate.getDay();
-        if (parsed.minute.values.includes(minute) &&
-            parsed.hour.values.includes(hour) &&
-            parsed.month.values.includes(month) &&
-            (parsed.dayOfMonth.values.includes(dayOfMonth) ||
-                parsed.dayOfWeek.values.includes(dayOfWeek))) {
-            return candidate;
+    // null/undefined/빈 문자열 처리
+    if (!expression || expression.trim() === "") {
+        console.warn("[Cron] Empty cron expression provided");
+        return null;
+    }
+    try {
+        const parsed = parseCronExpression(expression);
+        const from = new Date(fromDate);
+        // Invalid date 체크
+        if (isNaN(from.getTime())) {
+            console.warn("[Cron] Invalid fromDate provided");
+            return null;
+        }
+        // Start from the next minute
+        from.setSeconds(0);
+        from.setMilliseconds(0);
+        from.setMinutes(from.getMinutes() + 1);
+        // Search for the next matching time (max 2 years ahead)
+        const maxIterations = 365 * 24 * 60 * 2; // 2 years in minutes
+        for (let i = 0; i < maxIterations; i++) {
+            const candidate = new Date(from.getTime() + i * 60000);
+            const minute = candidate.getMinutes();
+            const hour = candidate.getHours();
+            const dayOfMonth = candidate.getDate();
+            const month = candidate.getMonth() + 1;
+            const dayOfWeek = candidate.getDay();
+            if (parsed.minute.values.includes(minute) &&
+                parsed.hour.values.includes(hour) &&
+                parsed.month.values.includes(month) &&
+                (parsed.dayOfMonth.values.includes(dayOfMonth) ||
+                    parsed.dayOfWeek.values.includes(dayOfWeek))) {
+                return candidate;
+            }
         }
+        console.warn(`[Cron] Could not find next run time for: ${expression}`);
+        return null;
+    }
+    catch (error) {
+        console.error(`[Cron] Error parsing expression "${expression}":`, error);
+        return null;
     }
-    throw new Error(`Could not find next run time for: ${expression}`);
 }
 /**
  * Get the next run time for any schedule type
+ * Returns NaN if schedule is invalid (check with isNaN())
  */
 export function getNextRun(schedule, now = new Date()) {
+    // null/undefined 처리
+    if (!schedule) {
+        console.warn("[Cron] No schedule provided to getNextRun");
+        return NaN;
+    }
     switch (schedule.kind) {
         case "at":
-            return schedule.atMs;
+            return schedule.atMs ?? NaN;
         case "every": {
+            const everyMs = schedule.everyMs || schedule.intervalMs;
+            if (!everyMs || everyMs <= 0) {
+                console.warn("[Cron] Invalid everyMs in schedule");
+                return NaN;
+            }
             const startMs = schedule.startMs ?? now.getTime();
             const elapsed = now.getTime() - startMs;
-            const intervals = Math.floor(elapsed / schedule.everyMs);
-            return startMs + (intervals + 1) * schedule.everyMs;
+            const intervals = Math.floor(elapsed / everyMs);
+            return startMs + (intervals + 1) * everyMs;
+        }
+        case "cron": {
+            const nextRun = getNextCronRun(schedule.expression, now, schedule.timezone);
+            return nextRun ? nextRun.getTime() : NaN;
         }
-        case "cron":
-            return getNextCronRun(schedule.expression, now, schedule.timezone).getTime();
         default:
-            throw new Error(`Unknown schedule kind: ${schedule.kind}`);
+            console.warn(`[Cron] Unknown schedule kind: ${schedule.kind}`);
+            return NaN;
     }
 }
 /**

package/dist/cron/scheduler.js

@@ -7,6 +7,8 @@
 import { getDueJobs, markJobExecuted, loadJobs, addJob, removeJob, updateJob, getJobsByChat } from "./store.js";
 import { chat } from "../ai/claude.js";
 import { buildSystemPrompt } from "../telegram/utils/prompt.js";
+import { INTERVAL_1_MINUTE } from "../utils/time.js";
+import { TELEGRAM_SAFE_LIMIT } from "../utils/constants.js";
 // Scheduler state
 let schedulerInterval = null;
 let botInstance = null;
@@ -36,7 +38,7 @@ export class CronScheduler {
         // Then check every minute
         this.interval = setInterval(() => {
             this.checkAndRun().catch((err) => console.error("[CronScheduler] Check failed:", err));
-        }, 60 * 1000); // 1 minute
+        }, INTERVAL_1_MINUTE);
         console.log("[CronScheduler] Started - checking every minute");
     }
     /**
@@ -167,21 +169,24 @@ async function executeAgentTurn(job, payload, bot) {
         // Call Claude API
         const response = await chat(messages, systemPrompt, "sonnet");
         // Send the response to the chat
-        if (response && response.trim()) {
+        const trimmedResponse = response?.trim();
+        if (trimmedResponse) {
             // Split long messages (Telegram limit is 4096 characters)
-            const maxLength = 4000;
-            if (response.length <= maxLength) {
-                await bot.api.sendMessage(job.chatId, response, {
+            const maxLength = TELEGRAM_SAFE_LIMIT;
+            if (trimmedResponse.length <= maxLength) {
+                await bot.api.sendMessage(job.chatId, trimmedResponse, {
                     parse_mode: "Markdown",
                 });
             }
             else {
                 // Split into multiple messages
-                const chunks = splitMessage(response, maxLength);
+                const chunks = splitMessage(trimmedResponse, maxLength);
                 for (const chunk of chunks) {
-                    await bot.api.sendMessage(job.chatId, chunk, {
-                        parse_mode: "Markdown",
-                    });
+                    if (chunk) {
+                        await bot.api.sendMessage(job.chatId, chunk, {
+                            parse_mode: "Markdown",
+                        });
+                    }
                 }
             }
         }
@@ -202,6 +207,10 @@ async function executeAgentTurn(job, payload, bot) {
  * Split a long message into chunks
  */
 function splitMessage(text, maxLength) {
+    // null/undefined/빈 문자열 처리
+    if (!text || text.trim().length === 0) {
+        return [];
+    }
     const chunks = [];
     let remaining = text;
     while (remaining.length > 0) {

package/dist/cron/store.js

@@ -6,13 +6,11 @@
 import * as fs from "fs/promises";
 import * as path from "path";
 import { getWorkspacePath } from "../workspace/paths.js";
+import { sleep } from "../utils/time.js";
+import { LOCK_TIMEOUT_MS, LOCK_RETRY_MS, LOCK_MAX_RETRIES } from "../utils/constants.js";
 const CRON_FILE = "cron-jobs.json";
 const LOCK_FILE = "cron-jobs.lock";
 const STORE_VERSION = 1;
-// Lock configuration
-const LOCK_TIMEOUT_MS = 5000;
-const LOCK_RETRY_MS = 50;
-const LOCK_MAX_RETRIES = 100;
 function getCronFilePath() {
     return path.join(getWorkspacePath(), CRON_FILE);
 }
@@ -73,9 +71,6 @@ async function releaseLock() {
         // Ignore errors on unlock
     }
 }
-function sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-}
 /**
  * Execute a function with file lock protection
  */
@@ -94,13 +89,39 @@ async function withLock(fn) {
 async function loadJobsInternal() {
     try {
         const data = await fs.readFile(getCronFilePath(), "utf-8");
+        // 빈 파일 체크
+        if (!data || data.trim() === "") {
+            return [];
+        }
         const store = JSON.parse(data);
-        return store.jobs || [];
+        // jobs 배열 유효성 검사
+        if (!store || !Array.isArray(store.jobs)) {
+            console.warn("[Cron] Invalid store format, returning empty array");
+            return [];
+        }
+        return store.jobs;
     }
     catch (error) {
         if (error.code === "ENOENT") {
             return [];
         }
+        // JSON 파싱 오류
+        if (error instanceof SyntaxError) {
+            console.error("[Cron] Corrupted cron-jobs.json file:", error.message);
+            // 백업 파일 생성 시도
+            try {
+                const backupPath = `${getCronFilePath()}.corrupted.${Date.now()}`;
+                const data = await fs.readFile(getCronFilePath(), "utf-8").catch(() => "");
+                if (data) {
+                    await fs.writeFile(backupPath, data, "utf-8");
+                    console.log(`[Cron] Corrupted file backed up to: ${backupPath}`);
+                }
+            }
+            catch {
+                // 백업 실패는 무시
+            }
+            return [];
+        }
         console.error("[Cron] Failed to load jobs:", error);
         return [];
     }
@@ -446,12 +467,21 @@ function getDaysInMonth(year, month) {
  * Parse cron field like "1,3,5" or "1-5" or step values into array of numbers
  */
 function parseCronField(field, min, max) {
-    if (field === "*") {
+    // 빈 문자열/null/undefined 처리
+    if (!field || field.trim() === "") {
+        return Array.from({ length: max - min + 1 }, (_, i) => i + min); // wildcard로 처리
+    }
+    const trimmedField = field.trim();
+    if (trimmedField === "*") {
         return Array.from({ length: max - min + 1 }, (_, i) => i + min);
     }
     // Handle step values like */5
-    if (field.startsWith("*/")) {
-        const step = parseInt(field.slice(2), 10);
+    if (trimmedField.startsWith("*/")) {
+        const step = parseInt(trimmedField.slice(2), 10);
+        if (isNaN(step) || step <= 0) {
+            console.warn(`[Cron] Invalid step value in field: ${field}, using default`);
+            return Array.from({ length: max - min + 1 }, (_, i) => i + min);
+        }
         const values = [];
         for (let i = min; i <= max; i += step) {
             values.push(i);
@@ -459,39 +489,66 @@ function parseCronField(field, min, max) {
         return values;
     }
     const values = [];
-    const parts = field.split(",");
+    const parts = trimmedField.split(",");
     for (const part of parts) {
-        if (part.includes("-")) {
-            const [start, end] = part.split("-").map(Number);
-            for (let i = start; i <= end; i++) {
-                values.push(i);
+        const trimmedPart = part.trim();
+        if (!trimmedPart)
+            continue;
+        if (trimmedPart.includes("-") && !trimmedPart.includes("/")) {
+            const [startStr, endStr] = trimmedPart.split("-");
+            const start = Number(startStr);
+            const end = Number(endStr);
+            if (!isNaN(start) && !isNaN(end)) {
+                for (let i = start; i <= end; i++) {
+                    values.push(i);
+                }
             }
         }
-        else if (part.includes("/")) {
+        else if (trimmedPart.includes("/")) {
             // Handle range with step like 0-30/5
-            const [range, stepStr] = part.split("/");
+            const [range, stepStr] = trimmedPart.split("/");
             const step = parseInt(stepStr, 10);
+            if (isNaN(step) || step <= 0)
+                continue;
             let rangeStart = min;
             let rangeEnd = max;
-            if (range.includes("-")) {
-                [rangeStart, rangeEnd] = range.split("-").map(Number);
+            if (range && range.includes("-")) {
+                const [rs, re] = range.split("-").map(Number);
+                if (!isNaN(rs))
+                    rangeStart = rs;
+                if (!isNaN(re))
+                    rangeEnd = re;
             }
             for (let i = rangeStart; i <= rangeEnd; i += step) {
                 values.push(i);
             }
         }
         else {
-            values.push(parseInt(part, 10));
+            const num = parseInt(trimmedPart, 10);
+            if (!isNaN(num)) {
+                values.push(num);
+            }
         }
     }
-    return values.filter((v) => v >= min && v <= max);
+    // 유효한 값이 없으면 wildcard로 폴백
+    const filtered = values.filter((v) => v >= min && v <= max);
+    return filtered.length > 0 ? filtered : Array.from({ length: max - min + 1 }, (_, i) => i + min);
 }
 /**
  * Get all jobs for a specific chat
  */
 export async function getJobsByChat(chatId) {
+    // null/undefined 처리
+    if (chatId == null) {
+        return [];
+    }
     const jobs = await loadJobs();
     const numericChatId = typeof chatId === "string" ? parseInt(chatId, 10) : chatId;
+    // NaN 체크
+    if (isNaN(numericChatId)) {
+        console.warn(`[Cron] Invalid chatId: ${chatId}`);
+        return [];
+    }
     return jobs.filter((j) => j.chatId === numericChatId);
 }
 /**