dondo-donuts 0.1.0

package/src/config.ts

@@ -0,0 +1,55 @@
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+const env = (key: string) => {
+    const value = process.env[key]?.trim();
+    return value ? value : undefined;
+};
+
+const appDataDir = () => {
+    if (process.platform === 'darwin') {
+        return join(homedir(), 'Library', 'Application Support', 'Dondo');
+    }
+    if (process.platform === 'win32') {
+        return join(env('LOCALAPPDATA') ?? join(homedir(), 'AppData', 'Local'), 'Dondo', 'Data');
+    }
+    return join(env('XDG_DATA_HOME') ?? join(homedir(), '.local', 'share'), 'dondo');
+};
+
+const parsePort = () => {
+    const raw = env('DONDO_PORT') ?? env('PORT') ?? '3000';
+    const port = Number(raw);
+    if (!Number.isInteger(port) || port < 1 || port > 65_535) {
+        throw new Error(`Invalid port: ${raw}`);
+    }
+    return port;
+};
+
+export const HOST = '127.0.0.1';
+export const PORT = parsePort();
+export const DATA_DIR = env('DONDO_DATA_DIR') ?? appDataDir();
+export const VAULT_PATH = env('DONDO_VAULT') ?? env('ANTIGRAVITY_VAULT') ?? join(DATA_DIR, 'vault.json');
+export const CODEX_AUTH_PATH = env('CODEX_AUTH_PATH') ?? join(homedir(), '.codex', 'auth.json');
+
+export const VAULT_KEY_SERVICE = 'dondo';
+export const VAULT_KEY_ACCOUNT = 'vault-key';
+
+export const ANTIGRAVITY_KEYCHAIN = env('ANTIGRAVITY_KEYCHAIN') ?? 'login.keychain-db';
+export const ANTIGRAVITY_SERVICE = env('ANTIGRAVITY_SERVICE') ?? 'gemini';
+export const ANTIGRAVITY_ACCOUNT = env('ANTIGRAVITY_ACCOUNT') ?? 'antigravity';
+
+export const ANTIGRAVITY_VERSION = env('ANTIGRAVITY_VERSION') ?? '2.0.3';
+export const GOOGLE_CLIENT_ID = env('GOOGLE_CLIENT_ID') ?? '';
+export const GOOGLE_CLIENT_SECRET = env('GOOGLE_CLIENT_SECRET') ?? '';
+export const GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token';
+export const LOAD_PROJECT_URL = 'https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist';
+export const QUOTA_URLS = [
+    'https://daily-cloudcode-pa.sandbox.googleapis.com/v1internal:fetchAvailableModels',
+    'https://daily-cloudcode-pa.googleapis.com/v1internal:fetchAvailableModels',
+    'https://cloudcode-pa.googleapis.com/v1internal:fetchAvailableModels',
+];
+
+export const CODEX_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+export const CODEX_TOKEN_URL = 'https://auth.openai.com/oauth/token';
+export const CODEX_USAGE_URL = 'https://chatgpt.com/backend-api/wham/usage';
+export const CODEX_USER_AGENT = 'codex-cli/1.0.0';

package/src/errors.test.ts

@@ -0,0 +1,20 @@
+import { expect, it } from 'bun:test';
+import { assertAccountKey, redactSecrets } from './errors.ts';
+
+it('should redact token-shaped values from public errors', () => {
+    const redacted = redactSecrets(
+        'Bearer ya29.secret_token {"access_token":"abc","refresh_token":"def"} password: "plain"',
+    );
+
+    expect(redacted).not.toContain('secret_token');
+    expect(redacted).not.toContain('abc');
+    expect(redacted).not.toContain('def');
+    expect(redacted).not.toContain('plain');
+    expect(redacted).toContain('Bearer [redacted]');
+});
+
+it('should reject whitespace-only and padded account keys', () => {
+    expect(() => assertAccountKey('   ')).toThrow();
+    expect(() => assertAccountKey(' account ')).toThrow();
+    expect(assertAccountKey('account.one@example.com')).toBe('account.one@example.com');
+});

package/src/errors.ts

@@ -0,0 +1,42 @@
+import type { LimitResult } from './types.ts';
+
+export type PublicError = Error & {
+    status: number;
+};
+
+export const publicError = (status: number, message: string): PublicError => {
+    return Object.assign(new Error(message), { status });
+};
+
+export const redactSecrets = (value: unknown) => {
+    return String(value)
+        .replace(/Bearer\s+[^"\s]+/g, 'Bearer [redacted]')
+        .replace(/password:\s*"[^"]*"/gi, 'password: "[redacted]"')
+        .replace(
+            /(["']?(?:access_token|refresh_token|id_token|OPENAI_API_KEY)["']?\s*[:=]\s*["'])[^"']+(["'])/gi,
+            '$1[redacted]$2',
+        );
+};
+
+export const errorMessage = (error: unknown) => {
+    return redactSecrets(error instanceof Error ? error.message : String(error));
+};
+
+export const errorStatus = (error: unknown) => {
+    return typeof error === 'object' && error !== null && 'status' in error
+        ? Number((error as { status: unknown }).status) || 500
+        : 500;
+};
+
+export const cleanLimitError = (error: unknown): LimitResult => ({
+    error: errorMessage(error),
+    ok: false,
+});
+
+export const assertAccountKey = (key: string) => {
+    const trimmed = key.trim();
+    if (trimmed !== key || !/^[\w .@-]{1,80}$/.test(trimmed)) {
+        throw publicError(400, 'Use 1-80 letters, numbers, spaces, dots, @, _ or - with no leading/trailing spaces');
+    }
+    return trimmed;
+};

package/src/package-ui-smoke.test.ts

@@ -0,0 +1,140 @@
+import { describe, expect, it } from 'bun:test';
+import { mkdtemp, rm } from 'node:fs/promises';
+import { createServer } from 'node:net';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+const HOST = '127.0.0.1';
+const TIMEOUT_MS = 30_000;
+
+type PackageManifest = {
+    name: string;
+    version: string;
+};
+
+type Probe = {
+    bodyText: string;
+    contentType: string | null;
+    ok: boolean;
+    status: number;
+};
+
+const packageTarballPath = (dir: string, manifest: PackageManifest) =>
+    join(dir, `${manifest.name}-${manifest.version}.tgz`);
+
+const getAvailablePort = async () =>
+    new Promise<number>((resolve, reject) => {
+        const server = createServer();
+        server.unref();
+        server.once('error', reject);
+        server.listen(0, HOST, () => {
+            const address = server.address();
+            if (!address || typeof address === 'string') {
+                server.close(() => reject(new Error('Could not allocate a smoke-test port')));
+                return;
+            }
+            server.close(() => resolve(address.port));
+        });
+    });
+
+const runCommand = async (argv: string[], cwd: string) => {
+    const proc = Bun.spawn(argv, { cwd, stderr: 'pipe', stdout: 'pipe' });
+    const [exitCode, stdoutText, stderrText] = await Promise.all([
+        proc.exited,
+        new Response(proc.stdout).text(),
+        new Response(proc.stderr).text(),
+    ]);
+    if (exitCode !== 0) {
+        throw new Error(`${argv.join(' ')} failed\n${stdoutText}\n${stderrText}`.trim());
+    }
+};
+
+const waitForHealthyUi = async (url: string) => {
+    const deadline = Date.now() + TIMEOUT_MS;
+    let lastError = '';
+
+    while (Date.now() < deadline) {
+        try {
+            const response = await fetch(url);
+            const probe: Probe = {
+                bodyText: await response.text(),
+                contentType: response.headers.get('content-type'),
+                ok: response.ok,
+                status: response.status,
+            };
+            if (
+                probe.ok &&
+                probe.contentType?.includes('text/html') &&
+                probe.bodyText.includes('<title>Dondo</title>') &&
+                probe.bodyText.includes('Dondo') &&
+                !probe.bodyText.includes('Welcome to Bun!')
+            ) {
+                return probe;
+            }
+            lastError = `HTTP ${probe.status}: ${probe.bodyText.slice(0, 120)}`;
+        } catch (error) {
+            lastError = error instanceof Error ? error.message : String(error);
+        }
+
+        await Bun.sleep(250);
+    }
+
+    throw new Error(`Timed out waiting for Dondo UI at ${url}${lastError ? ` (${lastError})` : ''}`);
+};
+
+describe('packaged UI smoke', () => {
+    it('should launch the UI server through the packaged bunx dondo path', async () => {
+        const manifest = (await Bun.file('package.json').json()) as PackageManifest;
+        const tempDir = await mkdtemp(join(tmpdir(), 'dondo-packaged-ui-smoke-'));
+        const port = await getAvailablePort();
+
+        try {
+            await runCommand(['bun', 'pm', 'pack', '--destination', tempDir], process.cwd());
+            await Bun.write(join(tempDir, 'package.json'), '{"name":"dondo-smoke","private":true}\n');
+
+            const proc = Bun.spawn(['bunx', '--package', packageTarballPath(tempDir, manifest), 'dondo'], {
+                cwd: tempDir,
+                env: {
+                    ...process.env,
+                    CODEX_AUTH_PATH: join(tempDir, 'auth.json'),
+                    DONDO_DATA_DIR: join(tempDir, 'data'),
+                    DONDO_PORT: String(port),
+                },
+                stderr: 'pipe',
+                stdout: 'pipe',
+            });
+            const stdoutPromise = new Response(proc.stdout).text();
+            const stderrPromise = new Response(proc.stderr).text();
+
+            try {
+                const probe = await waitForHealthyUi(`http://${HOST}:${port}/`);
+                expect(probe.status).toBe(200);
+            } catch (error) {
+                proc.kill();
+                const [stdoutText, stderrText] = await Promise.all([
+                    stdoutPromise.catch(() => ''),
+                    stderrPromise.catch(() => ''),
+                    proc.exited.catch(() => undefined),
+                ]);
+                throw new Error(
+                    [
+                        error instanceof Error ? error.message : String(error),
+                        stdoutText.trim() ? `stdout:\n${stdoutText}` : '',
+                        stderrText.trim() ? `stderr:\n${stderrText}` : '',
+                    ]
+                        .filter(Boolean)
+                        .join('\n\n'),
+                );
+            } finally {
+                proc.kill();
+                await Promise.all([
+                    proc.exited.catch(() => undefined),
+                    stdoutPromise.catch(() => ''),
+                    stderrPromise.catch(() => ''),
+                ]);
+            }
+        } finally {
+            await rm(tempDir, { force: true, recursive: true });
+        }
+    }, 60_000);
+});

package/src/server.test.ts

@@ -0,0 +1,63 @@
+import { expect, it } from 'bun:test';
+import { createFetch } from './server.ts';
+
+const app = createFetch({
+    appJs: 'console.log("ok");',
+    css: 'body{}',
+    iconPng: Bun.file(new URL('../icon.png', import.meta.url).pathname),
+    iconSvg: '<svg />',
+});
+
+const json = async (response: Response) => (await response.json()) as { error?: string };
+
+it('should apply security headers to the UI shell', async () => {
+    const response = await app(new Request('http://127.0.0.1:3000/'));
+
+    expect(response.status).toBe(200);
+    expect(response.headers.get('x-content-type-options')).toBe('nosniff');
+    expect(response.headers.get('x-frame-options')).toBe('DENY');
+    expect(response.headers.get('content-security-policy')).toContain("default-src 'self'");
+});
+
+it('should reject non-local API origins', async () => {
+    const response = await app(
+        new Request('http://127.0.0.1:3000/api/codex/state', {
+            headers: { Origin: 'https://example.com' },
+        }),
+    );
+
+    expect(response.status).toBe(403);
+});
+
+it('should reject unsupported API methods before reading a body', async () => {
+    const response = await app(new Request('http://127.0.0.1:3000/api/antigravity/save'));
+
+    expect(response.status).toBe(405);
+    expect(await json(response)).toEqual({ error: 'Method not allowed' });
+});
+
+it('should reject malformed JSON bodies before service calls', async () => {
+    const response = await app(
+        new Request('http://127.0.0.1:3000/api/antigravity/save', {
+            body: '{',
+            method: 'POST',
+        }),
+    );
+
+    expect(response.status).toBe(400);
+    expect(await json(response)).toEqual({ error: 'Invalid JSON body' });
+});
+
+it('should not expose token-shaped fields in API error responses', async () => {
+    const response = await app(
+        new Request('http://127.0.0.1:3000/api/antigravity/load', {
+            body: JSON.stringify({ key: 'Bearer ya29.secret' }),
+            method: 'POST',
+        }),
+    );
+    const text = await response.text();
+
+    expect(text).not.toContain('ya29.secret');
+    expect(text).not.toContain('access_token');
+    expect(text).not.toContain('refresh_token');
+});

package/src/server.ts

@@ -0,0 +1,289 @@
+#!/usr/bin/env bun
+
+import { antigravityState, clearAntigravity, loadAntigravity, saveAntigravity } from './antigravity/service.ts';
+import { codexState, loadCodex, saveCodex } from './codex/service.ts';
+import { HOST, PORT } from './config.ts';
+import { errorMessage, errorStatus, publicError } from './errors.ts';
+import { renderHtml } from './ui/html.ts';
+
+type Assets = {
+    appJs: string;
+    css: string;
+    iconPng: ReturnType<typeof Bun.file>;
+    iconSvg: string;
+};
+
+type Route = {
+    handler: (req: Request) => Promise<Response>;
+};
+
+const SECURITY_HEADERS = {
+    'Content-Security-Policy':
+        "default-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; script-src 'self'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'",
+    'X-Content-Type-Options': 'nosniff',
+    'X-Frame-Options': 'DENY',
+};
+
+const API_RATE_LIMIT = {
+    hits: [] as number[],
+    max: 120,
+    windowMs: 10_000,
+};
+
+const buildAssets = async (): Promise<Assets> => {
+    const result = await Bun.build({
+        entrypoints: [new URL('./ui/client.tsx', import.meta.url).pathname],
+        jsx: {
+            importSource: 'preact',
+            runtime: 'automatic',
+        },
+        target: 'browser',
+    });
+    if (!result.success) {
+        throw new Error(result.logs.map((log) => log.message).join('\n') || 'Failed to build UI assets');
+    }
+
+    const js = result.outputs.find((output) => output.path.endsWith('.js'));
+    if (!js) {
+        throw new Error('UI build did not produce JavaScript');
+    }
+
+    return {
+        appJs: await js.text(),
+        css: await Bun.file(new URL('./ui/styles.css', import.meta.url).pathname).text(),
+        iconPng: Bun.file(new URL('../icon.png', import.meta.url).pathname),
+        iconSvg: await Bun.file(new URL('../icon.svg', import.meta.url).pathname).text(),
+    };
+};
+
+const withHeaders = (response: Response, headers: Record<string, string>) => {
+    const merged = new Headers(response.headers);
+    for (const [key, value] of Object.entries({ ...SECURITY_HEADERS, ...headers })) {
+        merged.set(key, value);
+    }
+    return new Response(response.body, {
+        headers: merged,
+        status: response.status,
+        statusText: response.statusText,
+    });
+};
+
+const json = (value: unknown, status = 200) => {
+    return withHeaders(Response.json(value, { status }), {});
+};
+
+const jsonError = (error: unknown) => {
+    return json({ error: errorMessage(error) }, errorStatus(error));
+};
+
+const localName = (host: string | null) => {
+    const lower = host?.toLowerCase();
+    const value = lower?.startsWith('[') ? lower.slice(0, lower.indexOf(']') + 1) : lower?.split(':')[0];
+    return value === 'localhost' || value === '127.0.0.1' || value === '[::1]' || value === '::1';
+};
+
+const assertLocalRequest = (req: Request) => {
+    const host = req.headers.get('host') ?? new URL(req.url).host;
+    if (!localName(host)) {
+        throw publicError(403, 'Only localhost requests are allowed');
+    }
+
+    const origin = req.headers.get('origin');
+    if (origin) {
+        try {
+            if (!localName(new URL(origin).host)) {
+                throw publicError(403, 'Only localhost origins are allowed');
+            }
+        } catch {
+            throw publicError(403, 'Only localhost origins are allowed');
+        }
+    }
+};
+
+const assertRateLimit = () => {
+    const now = Date.now();
+    API_RATE_LIMIT.hits = API_RATE_LIMIT.hits.filter((hit) => hit > now - API_RATE_LIMIT.windowMs);
+    if (API_RATE_LIMIT.hits.length >= API_RATE_LIMIT.max) {
+        throw publicError(429, 'Too many local API requests; wait a moment and try again');
+    }
+    API_RATE_LIMIT.hits.push(now);
+};
+
+const body = async (req: Request) => {
+    const text = await req.text();
+    if (!text.trim()) {
+        return {};
+    }
+    try {
+        const parsed = JSON.parse(text) as unknown;
+        if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+            throw publicError(400, 'JSON body must be an object');
+        }
+        return parsed as { key?: unknown };
+    } catch (error) {
+        if (errorStatus(error) !== 500) {
+            throw error;
+        }
+        throw publicError(400, 'Invalid JSON body');
+    }
+};
+
+const optionalKey = async (req: Request) => {
+    const key = (await body(req)).key;
+    if (key === undefined) {
+        return undefined;
+    }
+    if (typeof key !== 'string') {
+        throw publicError(400, 'key must be a string');
+    }
+    return key;
+};
+
+const requiredKey = async (req: Request) => {
+    const key = await optionalKey(req);
+    if (!key) {
+        throw publicError(400, 'key is required');
+    }
+    return key;
+};
+
+const routes = new Map<string, Route>([
+    ['GET /api/antigravity/state', { handler: async () => json(await antigravityState()) }],
+    [
+        'POST /api/antigravity/limits/refresh',
+        {
+            handler: async (req) =>
+                json(await antigravityState({ refreshLimitKey: await optionalKey(req), refreshLimits: true })),
+        },
+    ],
+    [
+        'POST /api/antigravity/save',
+        {
+            handler: async (req) => {
+                await saveAntigravity(await requiredKey(req));
+                return json({ ok: true });
+            },
+        },
+    ],
+    [
+        'POST /api/antigravity/load',
+        {
+            handler: async (req) => {
+                await loadAntigravity(await requiredKey(req));
+                return json({ ok: true });
+            },
+        },
+    ],
+    [
+        'POST /api/antigravity/clear',
+        {
+            handler: async () => {
+                await clearAntigravity();
+                return json({ ok: true });
+            },
+        },
+    ],
+    ['GET /api/codex/state', { handler: async () => json(await codexState()) }],
+    [
+        'POST /api/codex/limits/refresh',
+        {
+            handler: async (req) =>
+                json(await codexState({ refreshLimitKey: await optionalKey(req), refreshLimits: true })),
+        },
+    ],
+    [
+        'POST /api/codex/save',
+        {
+            handler: async (req) => {
+                await saveCodex(await requiredKey(req));
+                return json({ ok: true });
+            },
+        },
+    ],
+    [
+        'POST /api/codex/load',
+        {
+            handler: async (req) => {
+                await loadCodex(await requiredKey(req));
+                return json({ ok: true });
+            },
+        },
+    ],
+]);
+
+const handleApi = async (url: URL, req: Request) => {
+    if (!url.pathname.startsWith('/api/')) {
+        return null;
+    }
+    assertLocalRequest(req);
+    assertRateLimit();
+    const route = routes.get(`${req.method} ${url.pathname}`);
+    if (!route) {
+        const hasPath = [...routes.keys()].some((key) => key.endsWith(` ${url.pathname}`));
+        return hasPath ? json({ error: 'Method not allowed' }, 405) : json({ error: 'Not found' }, 404);
+    }
+    return route.handler(req);
+};
+
+const handleAsset = (url: URL, assets: Assets) => {
+    if (url.pathname === '/') {
+        return withHeaders(new Response(renderHtml()), { 'Cache-Control': 'no-store', 'Content-Type': 'text/html' });
+    }
+    if (url.pathname === '/assets/app.js') {
+        return withHeaders(new Response(assets.appJs), {
+            'Cache-Control': 'max-age=3600',
+            'Content-Type': 'text/javascript',
+        });
+    }
+    if (url.pathname === '/assets/styles.css') {
+        return withHeaders(new Response(assets.css), { 'Cache-Control': 'max-age=3600', 'Content-Type': 'text/css' });
+    }
+    if (url.pathname === '/icon.svg') {
+        return withHeaders(new Response(assets.iconSvg), {
+            'Cache-Control': 'max-age=86400',
+            'Content-Type': 'image/svg+xml',
+        });
+    }
+    if (url.pathname === '/icon.png' || url.pathname === '/favicon.ico') {
+        return withHeaders(new Response(assets.iconPng), {
+            'Cache-Control': 'max-age=86400',
+            'Content-Type': 'image/png',
+        });
+    }
+    return null;
+};
+
+export const createFetch = (assets: Assets) => {
+    return async (req: Request) => {
+        const url = new URL(req.url);
+        try {
+            const asset = handleAsset(url, assets);
+            if (asset) {
+                return asset;
+            }
+            const api = await handleApi(url, req);
+            if (api) {
+                return api;
+            }
+            return json({ error: 'Not found' }, 404);
+        } catch (error) {
+            return jsonError(error);
+        }
+    };
+};
+
+export const startServer = async () => {
+    const assets = await buildAssets();
+    const server = Bun.serve({
+        fetch: createFetch(assets),
+        hostname: HOST,
+        port: PORT,
+    });
+
+    console.log(`Dondo running at http://${HOST}:${server.port}`);
+    return server;
+};
+
+if (import.meta.main) {
+    await startServer();
+}

package/src/shell.test.ts

@@ -0,0 +1,8 @@
+import { expect, it } from 'bun:test';
+import { run } from './shell.ts';
+
+it('should redact sensitive subprocess stderr in failure messages', async () => {
+    await expect(run('bun', ['-e', 'console.error(`password: "secret"`); process.exit(2)'])).rejects.toThrow(
+        'password: "[redacted]"',
+    );
+});

package/src/shell.ts

@@ -0,0 +1,49 @@
+import { errorMessage, redactSecrets } from './errors.ts';
+
+export type RunError = Error & {
+    code: number;
+    stderr: string;
+    stdout: string;
+};
+
+type RunOptions = {
+    timeoutMs?: number;
+};
+
+const DEFAULT_TIMEOUT_MS = 15_000;
+
+const safeArgs = (args: string[]) => {
+    return args.map((arg, index) => (args[index - 1] === '-w' ? '[redacted]' : arg));
+};
+
+export const isRunError = (error: unknown): error is RunError => {
+    return error instanceof Error && 'code' in error && 'stderr' in error && 'stdout' in error;
+};
+
+export const run = async (cmd: string, args: string[], options: RunOptions = {}) => {
+    const proc = Bun.spawn([cmd, ...args], { stderr: 'pipe', stdout: 'pipe' });
+    let timedOut = false;
+    const timer = setTimeout(() => {
+        timedOut = true;
+        proc.kill();
+    }, options.timeoutMs ?? DEFAULT_TIMEOUT_MS);
+
+    const [stdout, stderr, code] = await Promise.all([
+        new Response(proc.stdout).text(),
+        new Response(proc.stderr).text(),
+        proc.exited,
+    ]).finally(() => clearTimeout(timer));
+
+    if (code !== 0) {
+        const message = timedOut
+            ? `${cmd} ${safeArgs(args).join(' ')} timed out`
+            : `${cmd} ${safeArgs(args).join(' ')} failed (${code}): ${errorMessage(stderr || stdout)}`;
+        throw Object.assign(new Error(message), {
+            code,
+            stderr: redactSecrets(stderr),
+            stdout: redactSecrets(stdout),
+        });
+    }
+
+    return { stderr, stdout };
+};