ethagent 0.2.0 → 1.0.0

package/src/storage/atomicWrite.ts

@@ -0,0 +1,68 @@
+import fs from 'node:fs/promises'
+
+const RETRYABLE_RENAME_CODES = new Set(['EPERM', 'EBUSY', 'EACCES'])
+const RETRY_DELAYS_MS = [20, 60, 120]
+
+type WriteOptions = {
+  mode?: number
+}
+
+export async function atomicWriteText(
+  file: string,
+  data: string,
+  options: WriteOptions = {},
+): Promise<void> {
+  const tmp = `${file}.${process.pid}.${Date.now()}.tmp`
+  const mode = options.mode ?? 0o600
+
+  await fs.writeFile(tmp, data, { encoding: 'utf8', mode })
+
+  try {
+    await replaceFileWithRetry(tmp, file)
+  } catch (error: unknown) {
+    await cleanupTempFile(tmp)
+    throw error
+  }
+}
+
+async function replaceFileWithRetry(tmp: string, file: string): Promise<void> {
+  let lastError: unknown
+
+  for (let attempt = 0; attempt <= RETRY_DELAYS_MS.length; attempt += 1) {
+    try {
+      await fs.rename(tmp, file)
+      return
+    } catch (error: unknown) {
+      lastError = error
+      const code = (error as NodeJS.ErrnoException).code
+      if (!code || !RETRYABLE_RENAME_CODES.has(code)) break
+      if (attempt === RETRY_DELAYS_MS.length) break
+
+      await sleep(RETRY_DELAYS_MS[attempt]!)
+
+      try {
+        await fs.copyFile(tmp, file)
+        await cleanupTempFile(tmp)
+        return
+      } catch (copyError: unknown) {
+        lastError = copyError
+        const copyCode = (copyError as NodeJS.ErrnoException).code
+        if (!copyCode || !RETRYABLE_RENAME_CODES.has(copyCode)) break
+      }
+    }
+  }
+
+  throw lastError
+}
+
+async function cleanupTempFile(file: string): Promise<void> {
+  try {
+    await fs.unlink(file)
+  } catch (error: unknown) {
+    if ((error as NodeJS.ErrnoException).code !== 'ENOENT') throw error
+  }
+}
+
+async function sleep(ms: number): Promise<void> {
+  await new Promise(resolve => setTimeout(resolve, ms))
+}

package/src/storage/config.ts

@@ -0,0 +1,189 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import os from 'node:os'
+import { z } from 'zod'
+import { atomicWriteText } from './atomicWrite.js'
+
+export const PROVIDERS = ['llamacpp', 'openai', 'anthropic', 'gemini'] as const
+export type ProviderId = (typeof PROVIDERS)[number]
+const LEGACY_PROVIDERS = ['ollama', ...PROVIDERS] as const
+
+export const SELECTABLE_NETWORKS = ['mainnet', 'arbitrum', 'base', 'optimism', 'polygon'] as const
+export type SelectableNetwork = (typeof SELECTABLE_NETWORKS)[number]
+
+const IdentitySchema = z.object({
+  address: z.string().regex(/^0x[a-fA-F0-9]{40}$/),
+  createdAt: z.string(),
+  source: z.enum(['local-key', 'erc8004']).optional(),
+  ownerAddress: z.string().regex(/^0x[a-fA-F0-9]{40}$/).optional(),
+  chainId: z.number().int().positive().optional(),
+  rpcUrl: z.string().url().optional(),
+  identityRegistryAddress: z.string().regex(/^0x[a-fA-F0-9]{40}$/).optional(),
+  agentId: z.string().min(1).optional(),
+  agentUri: z.string().min(1).optional(),
+  metadataCid: z.string().min(1).optional(),
+  state: z.record(z.unknown()).optional(),
+  backup: z.object({
+    cid: z.string().min(1),
+    createdAt: z.string(),
+    envelopeVersion: z.string().min(1),
+    ipfsApiUrl: z.string().url(),
+    status: z.enum(['pinned', 'restored', 'failed', 'unknown']),
+    ownerAddress: z.string().regex(/^0x[a-fA-F0-9]{40}$/).optional(),
+    chainId: z.number().int().positive().optional(),
+    rpcUrl: z.string().url().optional(),
+    identityRegistryAddress: z.string().regex(/^0x[a-fA-F0-9]{40}$/).optional(),
+    agentId: z.string().min(1).optional(),
+    agentUri: z.string().min(1).optional(),
+    metadataCid: z.string().min(1).optional(),
+    txHash: z.string().regex(/^0x[a-fA-F0-9]+$/).optional(),
+    pastBackups: z.array(z.object({
+      cid: z.string().min(1),
+      createdAt: z.string(),
+    })).optional(),
+  }).optional(),
+  publicSkills: z.object({
+    cid: z.string().min(1).optional(),
+    agentCardCid: z.string().min(1).optional(),
+    updatedAt: z.string().optional(),
+    status: z.enum(['pinned', 'failed', 'unknown']).optional(),
+  }).optional(),
+})
+
+const ConfigSchema = z.object({
+  version: z.literal(1),
+  provider: z.enum(PROVIDERS),
+  model: z.string().min(1),
+  baseUrl: z.string().url().optional(),
+  firstRunAt: z.string(),
+  identity: IdentitySchema.optional(),
+  erc8004: z.object({
+    chainId: z.number().int().positive(),
+    rpcUrl: z.string().url(),
+    identityRegistryAddress: z.string().regex(/^0x[a-fA-F0-9]{40}$/),
+    fromBlock: z.string().regex(/^\d+$/).optional(),
+  }).optional(),
+  selectedNetwork: z.enum(SELECTABLE_NETWORKS).optional(),
+})
+
+const LEGACY_OLLAMA_BASE_URL = 'http://localhost:11434/v1'
+const LegacyConfigSchema = ConfigSchema.extend({
+  provider: z.enum(LEGACY_PROVIDERS),
+})
+
+type LegacyConfig = z.infer<typeof LegacyConfigSchema>
+
+export type EthagentIdentity = z.infer<typeof IdentitySchema>
+
+export type EthagentConfig = z.infer<typeof ConfigSchema>
+
+export function getConfigDir(): string {
+  return path.join(os.homedir(), '.ethagent')
+}
+
+export function getConfigPath(): string {
+  return path.join(getConfigDir(), 'config.json')
+}
+
+export async function ensureConfigDir(): Promise<void> {
+  await fs.mkdir(getConfigDir(), { recursive: true })
+}
+
+export async function loadConfig(): Promise<EthagentConfig | null> {
+  const file = getConfigPath()
+  let raw: string
+  try {
+    raw = await fs.readFile(file, 'utf8')
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code === 'ENOENT') return null
+    throw err
+  }
+  try {
+    const parsed = JSON.parse(raw)
+    const active = ConfigSchema.safeParse(parsed)
+    if (active.success) return normalizeConfig(active.data)
+    const legacy = LegacyConfigSchema.safeParse(parsed)
+    if (legacy.success) return migrateLegacyConfig(legacy.data)
+    return null
+  } catch {
+    return null
+  }
+}
+
+export async function saveConfig(config: EthagentConfig): Promise<void> {
+  await ensureConfigDir()
+  const validated = ConfigSchema.parse(normalizeConfig(config))
+  const file = getConfigPath()
+  await atomicWriteText(file, JSON.stringify(validated, null, 2) + '\n')
+}
+
+export async function deleteConfig(): Promise<void> {
+  try {
+    await fs.unlink(getConfigPath())
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code !== 'ENOENT') throw err
+  }
+}
+
+export function defaultModelFor(provider: ProviderId): string {
+  switch (provider) {
+    case 'openai':    return 'gpt-5.2'
+    case 'anthropic': return 'claude-sonnet-4-5'
+    case 'gemini':    return 'gemini-2.0-flash'
+    case 'llamacpp':  return 'huggingface-link'
+  }
+}
+
+export function defaultBaseUrlFor(provider: ProviderId): string | undefined {
+  if (provider === 'llamacpp') return 'http://localhost:8080/v1'
+  return undefined
+}
+
+export type LocalProviderId = Extract<ProviderId, 'llamacpp'>
+
+export function localProviderBaseUrlFor(provider: LocalProviderId, baseUrl?: string): string {
+  const fallback = defaultBaseUrlFor(provider) ?? ''
+  if (!baseUrl) return fallback
+  return isDefaultBaseUrlFor(baseUrl, LEGACY_OLLAMA_BASE_URL) ? fallback : baseUrl
+}
+
+export function normalizeConfig(config: EthagentConfig): EthagentConfig {
+  if (config.provider !== 'llamacpp') return config
+  const baseUrl = localProviderBaseUrlFor(config.provider, config.baseUrl)
+  return config.baseUrl === baseUrl ? config : { ...config, baseUrl }
+}
+
+function migrateLegacyConfig(config: LegacyConfig): EthagentConfig {
+  if (config.provider !== 'ollama') return normalizeConfig(ConfigSchema.parse(config))
+  return {
+    ...config,
+    provider: 'llamacpp',
+    model: defaultModelFor('llamacpp'),
+    baseUrl: defaultBaseUrlFor('llamacpp'),
+  }
+}
+
+function isDefaultBaseUrlFor(value: string, fallback: string | undefined): boolean {
+  if (!fallback) return false
+  try {
+    const url = new URL(value)
+    const defaultUrl = new URL(fallback)
+    if (url.protocol !== defaultUrl.protocol) return false
+    if (url.hostname.toLowerCase() !== defaultUrl.hostname.toLowerCase()) return false
+    if (effectivePort(url) !== effectivePort(defaultUrl)) return false
+    const path = stripTrailingSlash(url.pathname) || '/'
+    const defaultPath = stripTrailingSlash(defaultUrl.pathname) || '/'
+    return path === '/' || path === defaultPath
+  } catch {
+    return stripTrailingSlash(value) === stripTrailingSlash(fallback)
+  }
+}
+
+function effectivePort(url: URL): string {
+  if (url.port) return url.port
+  return url.protocol === 'https:' ? '443' : '80'
+}
+
+function stripTrailingSlash(value: string): string {
+  return value.replace(/\/+$/, '')
+}

package/src/storage/factoryReset.ts

@@ -0,0 +1,130 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { PROVIDERS, getConfigDir } from './config.js'
+import { rmSecret } from './secrets.js'
+
+const PRESERVED_LOCAL_MODEL_ENTRIES = new Set([
+  'local-models.json',
+  'local-runner.json',
+  'models',
+  'runners',
+])
+
+const SECRET_ACCOUNTS = [
+  'ethereum:default',
+  'pinata:jwt',
+  ...PROVIDERS,
+] as const
+
+export type FactoryResetPlan = {
+  configDir: string
+  deletePaths: string[]
+  preservedPaths: string[]
+  preservedDescriptions: string[]
+  remoteDescriptions: string[]
+}
+
+export type FactoryResetResult = {
+  deletedPaths: string[]
+  preservedPaths: string[]
+  clearedSecretAccounts: string[]
+}
+
+export async function createFactoryResetPlan(): Promise<FactoryResetPlan> {
+  const configDir = path.resolve(getConfigDir())
+  const entries = await readConfigEntries(configDir)
+  const deletePaths: string[] = []
+  const preservedPaths: string[] = []
+
+  for (const entry of entries) {
+    const target = path.join(configDir, entry)
+    assertInsideConfigDir(configDir, target)
+    if (PRESERVED_LOCAL_MODEL_ENTRIES.has(entry)) preservedPaths.push(target)
+    else deletePaths.push(target)
+  }
+
+  return {
+    configDir,
+    deletePaths,
+    preservedPaths,
+    preservedDescriptions: [
+      'Hugging Face GGUF model files under models/',
+      'local model registry local-models.json',
+      'llama.cpp runner assets under runners/',
+      'local runner path config local-runner.json',
+      'external package-installed runtimes outside ~/.ethagent',
+    ],
+    remoteDescriptions: [
+      'ERC-8004 tokens and onchain records',
+      'IPFS-pinned encrypted snapshots and public skills metadata',
+    ],
+  }
+}
+
+export async function runFactoryReset(options: { clearSecrets?: boolean } = {}): Promise<FactoryResetResult> {
+  const plan = await createFactoryResetPlan()
+  const clearedSecretAccounts: string[] = []
+  if (options.clearSecrets ?? true) {
+    for (const account of SECRET_ACCOUNTS) {
+      try {
+        await rmSecret(account)
+        clearedSecretAccounts.push(account)
+      } catch {
+        continue
+      }
+    }
+  }
+
+  const deletedPaths: string[] = []
+  for (const target of plan.deletePaths) {
+    assertInsideConfigDir(plan.configDir, target)
+    await fs.rm(target, { recursive: true, force: true })
+    deletedPaths.push(target)
+  }
+
+  return {
+    deletedPaths,
+    preservedPaths: plan.preservedPaths,
+    clearedSecretAccounts,
+  }
+}
+
+export function formatFactoryResetPlan(plan: FactoryResetPlan): string {
+  return [
+    'ethagent reset',
+    '',
+    'will delete:',
+    ...formatPaths(plan.deletePaths, plan.configDir),
+    '',
+    'will keep:',
+    ...plan.preservedDescriptions.map(item => `  · ${item}`),
+    '',
+    'not touched:',
+    ...plan.remoteDescriptions.map(item => `  · ${item}`),
+    '',
+    'type confirm to reset this machine.',
+  ].join('\n')
+}
+
+async function readConfigEntries(configDir: string): Promise<string[]> {
+  try {
+    return await fs.readdir(configDir)
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code === 'ENOENT') return []
+    throw err
+  }
+}
+
+function formatPaths(paths: string[], configDir: string): string[] {
+  if (paths.length === 0) return ['  · no local ethagent data found']
+  return paths
+    .map(target => `  · ${path.relative(configDir, target) || path.basename(target)}`)
+    .sort()
+}
+
+function assertInsideConfigDir(configDir: string, target: string): void {
+  const relative = path.relative(path.resolve(configDir), path.resolve(target))
+  if (!relative || relative.startsWith('..') || path.isAbsolute(relative)) {
+    throw new Error(`refusing to reset path outside ethagent config: ${target}`)
+  }
+}

package/src/storage/history.ts

@@ -0,0 +1,58 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { getConfigDir } from './config.js'
+
+const MAX_ENTRIES = 500
+
+export function getHistoryPath(): string {
+  return path.join(getConfigDir(), 'history.jsonl')
+}
+
+type Entry = { text: string; ts: number }
+
+export async function appendHistory(text: string): Promise<void> {
+  const clean = text.trim()
+  if (!clean) return
+  try {
+    await fs.mkdir(getConfigDir(), { recursive: true })
+  } catch {
+    return
+  }
+  const line = JSON.stringify({ text: clean, ts: Date.now() } satisfies Entry) + '\n'
+  try {
+    await fs.appendFile(getHistoryPath(), line, { mode: 0o600 })
+  } catch {
+    return
+  }
+}
+
+export async function readHistory(): Promise<string[]> {
+  let raw: string
+  try {
+    raw = await fs.readFile(getHistoryPath(), 'utf8')
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code === 'ENOENT') return []
+    throw err
+  }
+  const entries: Entry[] = []
+  for (const line of raw.split('\n')) {
+    const trimmed = line.trim()
+    if (!trimmed) continue
+    try {
+      entries.push(JSON.parse(trimmed) as Entry)
+    } catch {
+      continue
+    }
+  }
+  const seen = new Set<string>()
+  const out: string[] = []
+  for (let i = entries.length - 1; i >= 0; i--) {
+    const entry = entries[i]
+    if (!entry) continue
+    if (seen.has(entry.text)) continue
+    seen.add(entry.text)
+    out.unshift(entry.text)
+    if (out.length >= MAX_ENTRIES) break
+  }
+  return out
+}

package/src/storage/identity.ts

@@ -0,0 +1,99 @@
+import {
+  loadConfig,
+  saveConfig,
+  type EthagentConfig,
+  type EthagentIdentity,
+} from './config.js'
+import {
+  getSecret,
+  rmSecret,
+  hasSecret,
+  whichBackend,
+  type KeyBackend,
+} from './secrets.js'
+
+const IDENTITY_ACCOUNT = 'ethereum:default'
+
+export type IdentityStatus = {
+  address: string
+  createdAt: string
+  backend: KeyBackend | 'browser-wallet'
+  backup?: EthagentIdentity['backup']
+  publicSkills?: EthagentIdentity['publicSkills']
+  source?: EthagentIdentity['source']
+  agentId?: string
+  chainId?: number
+} | null
+
+export async function getIdentityStatus(config?: EthagentConfig): Promise<IdentityStatus> {
+  const resolved = config ?? (await loadConfig())
+  if (!resolved?.identity) return null
+  if (resolved.identity.source === 'erc8004' || resolved.identity.agentId) {
+    return {
+      address: resolved.identity.address,
+      createdAt: resolved.identity.createdAt,
+      backend: 'browser-wallet',
+      backup: resolved.identity.backup,
+      publicSkills: resolved.identity.publicSkills,
+      source: resolved.identity.source,
+      agentId: resolved.identity.agentId,
+      chainId: resolved.identity.chainId,
+    }
+  }
+  const present = await hasSecret(IDENTITY_ACCOUNT)
+  if (!present) return null
+  const backend = await whichBackend()
+  return {
+    address: resolved.identity.address,
+    createdAt: resolved.identity.createdAt,
+    backend,
+    backup: resolved.identity.backup,
+    publicSkills: resolved.identity.publicSkills,
+    source: resolved.identity.source,
+    chainId: resolved.identity.chainId,
+  }
+}
+
+export async function setTokenIdentity(
+  config: EthagentConfig,
+  identity: EthagentIdentity,
+): Promise<EthagentConfig> {
+  if (!identity.address || !identity.agentId || !identity.agentUri || !identity.ownerAddress) {
+    throw new Error('token identity is missing ERC-8004 metadata')
+  }
+  const next: EthagentConfig = {
+    ...config,
+    identity: {
+      ...identity,
+      source: 'erc8004',
+    },
+  }
+  await saveConfig(next)
+  return next
+}
+
+export async function updateIdentityBackup(
+  config: EthagentConfig,
+  backup: NonNullable<EthagentIdentity['backup']>,
+): Promise<EthagentConfig> {
+  if (!config.identity) throw new Error('no identity set')
+  const next: EthagentConfig = {
+    ...config,
+    identity: {
+      ...config.identity,
+      backup,
+    },
+  }
+  await saveConfig(next)
+  return next
+}
+
+export async function clearIdentity(config: EthagentConfig): Promise<EthagentConfig> {
+  await rmSecret(IDENTITY_ACCOUNT)
+  if (!config.identity) return config
+  const { identity: _drop, ...rest } = config
+  void _drop
+  const next = { ...rest } as EthagentConfig
+  await saveConfig(next)
+  return next
+}

package/src/storage/permissions.ts

@@ -0,0 +1,76 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { z } from 'zod'
+import { ensureConfigDir, getConfigDir } from './config.js'
+import { SessionPermissionRuleSchema, type SessionPermissionRule } from '../tools/contracts.js'
+import { atomicWriteText } from './atomicWrite.js'
+
+const StoredPermissionRuleSchema = z.object({
+  workspaceRoot: z.string().min(1),
+  rule: SessionPermissionRuleSchema,
+})
+
+type StoredPermissionRule = z.infer<typeof StoredPermissionRuleSchema>
+
+function getPermissionsPath(): string {
+  return path.join(getConfigDir(), 'permissions.json')
+}
+
+export async function loadPermissionRules(workspaceRoot: string): Promise<SessionPermissionRule[]> {
+  const normalizedWorkspaceRoot = path.resolve(workspaceRoot)
+  const allRules = await loadAllPermissionRules()
+  return allRules
+    .filter(entry => path.resolve(entry.workspaceRoot) === normalizedWorkspaceRoot)
+    .map(entry => entry.rule)
+}
+
+export async function deletePermissionRule(workspaceRoot: string, rule: SessionPermissionRule): Promise<void> {
+  const normalizedWorkspaceRoot = path.resolve(workspaceRoot)
+  const allRules = await loadAllPermissionRules()
+  const next = allRules.filter(entry =>
+    !(path.resolve(entry.workspaceRoot) === normalizedWorkspaceRoot && JSON.stringify(entry.rule) === JSON.stringify(rule)),
+  )
+  await writeAllPermissionRules(next)
+}
+
+export async function clearPermissionRules(workspaceRoot: string): Promise<void> {
+  const normalizedWorkspaceRoot = path.resolve(workspaceRoot)
+  const allRules = await loadAllPermissionRules()
+  const next = allRules.filter(entry => path.resolve(entry.workspaceRoot) !== normalizedWorkspaceRoot)
+  await writeAllPermissionRules(next)
+}
+
+export async function savePermissionRule(workspaceRoot: string, rule: SessionPermissionRule): Promise<void> {
+  const allRules = await loadAllPermissionRules()
+  const normalizedWorkspaceRoot = path.resolve(workspaceRoot)
+  const nextEntry: StoredPermissionRule = { workspaceRoot: normalizedWorkspaceRoot, rule }
+  const deduped = [...allRules.filter(entry => !sameStoredRule(entry, nextEntry)), nextEntry]
+  await writeAllPermissionRules(deduped)
+}
+
+async function loadAllPermissionRules(): Promise<StoredPermissionRule[]> {
+  let raw: string
+  try {
+    raw = await fs.readFile(getPermissionsPath(), 'utf8')
+  } catch (error: unknown) {
+    if ((error as NodeJS.ErrnoException).code === 'ENOENT') return []
+    throw error
+  }
+
+  try {
+    const parsed = JSON.parse(raw)
+    return z.array(StoredPermissionRuleSchema).parse(parsed)
+  } catch {
+    return []
+  }
+}
+
+async function writeAllPermissionRules(rules: StoredPermissionRule[]): Promise<void> {
+  await ensureConfigDir()
+  const file = getPermissionsPath()
+  await atomicWriteText(file, JSON.stringify(rules, null, 2) + '\n')
+}
+
+function sameStoredRule(left: StoredPermissionRule, right: StoredPermissionRule): boolean {
+  return left.workspaceRoot === right.workspaceRoot && JSON.stringify(left.rule) === JSON.stringify(right.rule)
+}