ethagent 0.2.1 → 1.0.1

package/src/storage/rewind.ts

@@ -0,0 +1,246 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { z } from 'zod'
+import { ensureConfigDir, getConfigDir } from './config.js'
+import { atomicWriteText } from './atomicWrite.js'
+
+const RewindSnapshotSchema = z.object({
+  id: z.string().optional(),
+  workspaceRoot: z.string().min(1),
+  filePath: z.string().min(1),
+  relativePath: z.string().optional(),
+  existedBefore: z.boolean(),
+  previousContent: z.string(),
+  changeSummary: z.string().optional(),
+  createdAt: z.string(),
+  sessionId: z.string().optional(),
+  turnId: z.string().optional(),
+  messageRole: z.literal('user').optional(),
+  promptSnippet: z.string().optional(),
+  checkpointLabel: z.string().optional(),
+})
+
+type RewindSnapshot = z.infer<typeof RewindSnapshotSchema>
+export type RewindEntry = {
+  id: string
+  workspaceRoot: string
+  filePath: string
+  relativePath: string
+  existedBefore: boolean
+  previousContent: string
+  changeSummary: string
+  createdAt: string
+  sessionId?: string
+  turnId?: string
+  messageRole?: 'user'
+  promptSnippet: string
+  checkpointLabel: string
+}
+
+export type ListRewindEntriesOptions = {
+  limit?: number
+  offset?: number
+}
+
+function getRewindPath(): string {
+  return path.join(getConfigDir(), 'rewind.jsonl')
+}
+
+export async function recordRewindSnapshot(snapshot: RewindSnapshot): Promise<void> {
+  await ensureConfigDir()
+  const normalized = normalizeSnapshot(snapshot)
+  if (isIdentityMarkdownSnapshot(normalized)) return
+  await fs.appendFile(getRewindPath(), `${JSON.stringify(normalized)}\n`, { encoding: 'utf8', mode: 0o600 })
+}
+
+export async function rewindWorkspaceEdits(
+  workspaceRoot: string,
+  steps = 1,
+): Promise<{ reverted: number; files: string[] }> {
+  const normalizedWorkspaceRoot = path.resolve(workspaceRoot)
+  const snapshots = await loadSnapshots()
+  const candidates = snapshots
+    .map((snapshot, index) => ({ snapshot, index }))
+    .filter(entry =>
+      path.resolve(entry.snapshot.workspaceRoot) === normalizedWorkspaceRoot &&
+      !isIdentityMarkdownSnapshot(entry.snapshot),
+    )
+
+  if (candidates.length === 0) return { reverted: 0, files: [] }
+
+  const selected = candidates.slice(Math.max(0, candidates.length - steps))
+  const revertedFiles: string[] = []
+
+  for (let index = selected.length - 1; index >= 0; index -= 1) {
+    const snapshot = selected[index]!.snapshot
+    if (snapshot.existedBefore) {
+      await fs.mkdir(path.dirname(snapshot.filePath), { recursive: true })
+      await fs.writeFile(snapshot.filePath, snapshot.previousContent, 'utf8')
+    } else {
+      try {
+        await fs.unlink(snapshot.filePath)
+      } catch (error: unknown) {
+        if ((error as NodeJS.ErrnoException).code !== 'ENOENT') throw error
+      }
+    }
+    revertedFiles.push(snapshot.filePath)
+  }
+
+  const selectedIndexes = new Set(selected.map(entry => entry.index))
+  const remaining = snapshots.filter((_snapshot, index) => !selectedIndexes.has(index))
+  await writeSnapshots(remaining)
+
+  return { reverted: selected.length, files: revertedFiles }
+}
+
+async function loadSnapshots(): Promise<RewindSnapshot[]> {
+  let raw: string
+  try {
+    raw = await fs.readFile(getRewindPath(), 'utf8')
+  } catch (error: unknown) {
+    if ((error as NodeJS.ErrnoException).code === 'ENOENT') return []
+    throw error
+  }
+
+  const out: RewindSnapshot[] = []
+  for (const line of raw.split('\n')) {
+    const trimmed = line.trim()
+    if (!trimmed) continue
+    try {
+      out.push(normalizeSnapshot(RewindSnapshotSchema.parse(JSON.parse(trimmed))))
+    } catch {
+      continue
+    }
+  }
+  return out
+}
+
+export async function listRewindEntries(
+  workspaceRoot: string,
+  options: ListRewindEntriesOptions = {},
+): Promise<RewindEntry[]> {
+  const normalizedWorkspaceRoot = path.resolve(workspaceRoot)
+  const limit = options.limit ?? 30
+  const offset = options.offset ?? 0
+  const snapshots = await loadSnapshots()
+  return snapshots
+    .filter(snapshot => !isIdentityMarkdownSnapshot(snapshot))
+    .filter(snapshot => isSnapshotWithinScope(snapshot, normalizedWorkspaceRoot))
+    .map(snapshot => toEntry(snapshot))
+    .reverse()
+    .slice(offset, offset + limit)
+}
+
+export async function rewindWorkspaceEditsByEntryIds(
+  workspaceRoot: string,
+  entryIds: string[],
+): Promise<{ reverted: number; files: string[] }> {
+  const normalizedWorkspaceRoot = path.resolve(workspaceRoot)
+  const selectedIds = new Set(entryIds)
+  const snapshots = await loadSnapshots()
+  const selected = snapshots
+    .map((snapshot, index) => ({ snapshot, index }))
+    .filter(entry =>
+      path.resolve(entry.snapshot.workspaceRoot) === normalizedWorkspaceRoot &&
+      !isIdentityMarkdownSnapshot(entry.snapshot) &&
+      selectedIds.has(entry.snapshot.id!),
+    )
+
+  if (selected.length === 0) return { reverted: 0, files: [] }
+
+  const revertedFiles: string[] = []
+  for (let index = selected.length - 1; index >= 0; index -= 1) {
+    const snapshot = selected[index]!.snapshot
+    if (snapshot.existedBefore) {
+      await fs.mkdir(path.dirname(snapshot.filePath), { recursive: true })
+      await fs.writeFile(snapshot.filePath, snapshot.previousContent, 'utf8')
+    } else {
+      try {
+        await fs.unlink(snapshot.filePath)
+      } catch (error: unknown) {
+        if ((error as NodeJS.ErrnoException).code !== 'ENOENT') throw error
+      }
+    }
+    revertedFiles.push(snapshot.filePath)
+  }
+
+  const selectedIndexes = new Set(selected.map(entry => entry.index))
+  const remaining = snapshots.filter((_snapshot, index) => !selectedIndexes.has(index))
+  await writeSnapshots(remaining)
+
+  return { reverted: selected.length, files: revertedFiles }
+}
+
+async function writeSnapshots(snapshots: RewindSnapshot[]): Promise<void> {
+  await ensureConfigDir()
+  const file = getRewindPath()
+  const body = snapshots.map(snapshot => JSON.stringify(snapshot)).join('\n')
+  await atomicWriteText(file, body ? `${body}\n` : '')
+}
+
+function normalizeSnapshot(snapshot: RewindSnapshot): RewindSnapshot {
+  const workspaceRoot = path.resolve(snapshot.workspaceRoot)
+  const filePath = path.resolve(snapshot.filePath)
+  return {
+    ...snapshot,
+    id: snapshot.id ?? stableSnapshotId(workspaceRoot, filePath, snapshot.createdAt),
+    workspaceRoot,
+    filePath,
+    relativePath: snapshot.relativePath ?? (path.relative(workspaceRoot, filePath) || path.basename(filePath)),
+    changeSummary: snapshot.changeSummary ?? (snapshot.existedBefore ? 'restore previous file contents' : 'remove created file'),
+    promptSnippet: normalizeSnippet(snapshot.promptSnippet),
+    checkpointLabel: normalizeSnippet(snapshot.checkpointLabel) || normalizeSnippet(snapshot.promptSnippet),
+  }
+}
+
+function toEntry(snapshot: RewindSnapshot): RewindEntry {
+  return {
+    id: snapshot.id!,
+    workspaceRoot: snapshot.workspaceRoot,
+    filePath: snapshot.filePath,
+    relativePath: snapshot.relativePath!,
+    existedBefore: snapshot.existedBefore,
+    previousContent: snapshot.previousContent,
+    changeSummary: snapshot.changeSummary!,
+    createdAt: snapshot.createdAt,
+    sessionId: snapshot.sessionId,
+    turnId: snapshot.turnId,
+    messageRole: snapshot.messageRole,
+    promptSnippet: snapshot.promptSnippet ?? '',
+    checkpointLabel: snapshot.checkpointLabel ?? snapshot.promptSnippet ?? 'Untitled checkpoint',
+  }
+}
+
+function stableSnapshotId(workspaceRoot: string, filePath: string, createdAt: string): string {
+  const rel = path.relative(workspaceRoot, filePath) || path.basename(filePath)
+  return `${createdAt}:${rel}`.replaceAll('\\', '/')
+}
+
+function isSnapshotWithinScope(snapshot: RewindSnapshot, scopeRoot: string): boolean {
+  if (path.resolve(snapshot.workspaceRoot) === scopeRoot) return true
+  const relative = path.relative(scopeRoot, path.resolve(snapshot.filePath))
+  return relative !== '' && !relative.startsWith('..') && !path.isAbsolute(relative)
+}
+
+function isIdentityMarkdownSnapshot(snapshot: RewindSnapshot): boolean {
+  const relativePath = (snapshot.relativePath ?? '').replaceAll('\\', '/').toLowerCase()
+  const basename = path.basename(snapshot.filePath).toLowerCase()
+  if (relativePath.startsWith('identity-vault/') && IDENTITY_MARKDOWN_FILES.has(basename)) return true
+
+  const continuityRoot = path.resolve(getConfigDir(), 'continuity')
+  const relativeToContinuity = path.relative(continuityRoot, path.resolve(snapshot.filePath))
+  return (
+    relativeToContinuity !== '' &&
+    !relativeToContinuity.startsWith('..') &&
+    !path.isAbsolute(relativeToContinuity) &&
+    IDENTITY_MARKDOWN_FILES.has(basename)
+  )
+}
+
+const IDENTITY_MARKDOWN_FILES = new Set(['soul.md', 'memory.md', 'skills.json'])
+
+function normalizeSnippet(input?: string): string {
+  const normalized = (input ?? '').replace(/\s+/g, ' ').trim()
+  if (!normalized) return ''
+  return normalized.length <= 120 ? normalized : `${normalized.slice(0, 117)}...`
+}

package/src/storage/secrets.ts

@@ -0,0 +1,181 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import os from 'node:os'
+import crypto from 'node:crypto'
+import { getConfigDir, ensureConfigDir, type ProviderId } from './config.js'
+import { atomicWriteText } from './atomicWrite.js'
+
+const KEYTAR_SERVICE = 'ethagent'
+
+type Keytar = {
+  getPassword: (service: string, account: string) => Promise<string | null>
+  setPassword: (service: string, account: string, password: string) => Promise<void>
+  deletePassword: (service: string, account: string) => Promise<boolean>
+}
+
+let keytarCache: Keytar | null | undefined
+
+async function loadKeytar(): Promise<Keytar | null> {
+  if (keytarCache !== undefined) return keytarCache
+  try {
+    const modulePath: string = 'keytar'
+    const mod = (await import(modulePath)) as { default?: Keytar } & Partial<Keytar>
+    const api = mod.default ?? (mod as Keytar)
+    if (typeof api.getPassword !== 'function'
+      || typeof api.setPassword !== 'function'
+      || typeof api.deletePassword !== 'function') {
+      throw new Error('keytar module shape unexpected')
+    }
+    await api.getPassword(KEYTAR_SERVICE, '__ethagent_probe__')
+    keytarCache = api
+    return api
+  } catch {
+    keytarCache = null
+    return null
+  }
+}
+
+function saltPath(): string { return path.join(getConfigDir(), '.salt') }
+function keysPath(): string { return path.join(getConfigDir(), 'keys.enc') }
+
+async function atomicWrite(file: string, data: string, mode = 0o600): Promise<void> {
+  await atomicWriteText(file, data, { mode })
+}
+
+async function loadSalt(): Promise<Buffer> {
+  await ensureConfigDir()
+  try {
+    const b64 = await fs.readFile(saltPath(), 'utf8')
+    return Buffer.from(b64.trim(), 'base64')
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code !== 'ENOENT') throw err
+    const salt = crypto.randomBytes(32)
+    await atomicWrite(saltPath(), salt.toString('base64'))
+    return salt
+  }
+}
+
+async function deriveKey(): Promise<Buffer> {
+  const salt = await loadSalt()
+  const material = `${os.hostname()}::${os.userInfo().username}`
+  return await new Promise<Buffer>((resolve, reject) => {
+    crypto.scrypt(material, salt, 32, (err, key) => {
+      if (err) reject(err)
+      else resolve(key)
+    })
+  })
+}
+
+async function readEncryptedFile(): Promise<Record<string, string>> {
+  try {
+    const raw = await fs.readFile(keysPath(), 'utf8')
+    const parsed = JSON.parse(raw) as unknown
+    if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+      const result: Record<string, string> = {}
+      for (const [k, v] of Object.entries(parsed)) {
+        if (typeof v === 'string') result[k] = v
+      }
+      return result
+    }
+    return {}
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code === 'ENOENT') return {}
+    return {}
+  }
+}
+
+async function writeEncryptedFile(entries: Record<string, string>): Promise<void> {
+  await ensureConfigDir()
+  await atomicWrite(keysPath(), JSON.stringify(entries, null, 2))
+}
+
+function encryptValue(key: Buffer, plaintext: string): string {
+  const iv = crypto.randomBytes(12)
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv)
+  const enc = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()])
+  const authTag = cipher.getAuthTag()
+  return Buffer.concat([iv, authTag, enc]).toString('base64')
+}
+
+function decryptValue(key: Buffer, payload: string): string | null {
+  try {
+    const buf = Buffer.from(payload, 'base64')
+    if (buf.length < 12 + 16 + 1) return null
+    const iv = buf.subarray(0, 12)
+    const authTag = buf.subarray(12, 28)
+    const ct = buf.subarray(28)
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv)
+    decipher.setAuthTag(authTag)
+    const dec = Buffer.concat([decipher.update(ct), decipher.final()])
+    return dec.toString('utf8')
+  } catch {
+    return null
+  }
+}
+
+export type KeyBackend = 'keyring' | 'encrypted-file'
+
+export async function getSecret(account: string): Promise<string | null> {
+  const keytar = await loadKeytar()
+  if (keytar) {
+    const v = await keytar.getPassword(KEYTAR_SERVICE, account)
+    return v ?? null
+  }
+  const file = await readEncryptedFile()
+  const payload = file[account]
+  if (!payload) return null
+  const key = await deriveKey()
+  return decryptValue(key, payload)
+}
+
+export async function setSecret(account: string, value: string): Promise<KeyBackend> {
+  const trimmed = value.trim()
+  if (!trimmed) throw new Error('secret value is empty')
+  const keytar = await loadKeytar()
+  if (keytar) {
+    await keytar.setPassword(KEYTAR_SERVICE, account, trimmed)
+    return 'keyring'
+  }
+  const [key, file] = await Promise.all([deriveKey(), readEncryptedFile()])
+  file[account] = encryptValue(key, trimmed)
+  await writeEncryptedFile(file)
+  return 'encrypted-file'
+}
+
+export async function rmSecret(account: string): Promise<void> {
+  const keytar = await loadKeytar()
+  if (keytar) {
+    await keytar.deletePassword(KEYTAR_SERVICE, account)
+    return
+  }
+  const file = await readEncryptedFile()
+  if (account in file) {
+    delete file[account]
+    await writeEncryptedFile(file)
+  }
+}
+
+export async function hasSecret(account: string): Promise<boolean> {
+  const value = await getSecret(account)
+  return value !== null && value.length > 0
+}
+
+export async function whichBackend(): Promise<KeyBackend> {
+  return (await loadKeytar()) ? 'keyring' : 'encrypted-file'
+}
+
+export function getKey(provider: ProviderId): Promise<string | null> {
+  return getSecret(provider)
+}
+
+export function setKey(provider: ProviderId, value: string): Promise<KeyBackend> {
+  return setSecret(provider, value)
+}
+
+export function rmKey(provider: ProviderId): Promise<void> {
+  return rmSecret(provider)
+}
+
+export function hasKey(provider: ProviderId): Promise<boolean> {
+  return hasSecret(provider)
+}

package/src/storage/sessionExport.ts

@@ -0,0 +1,49 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { getConfigDir } from './config.js'
+import type { SessionMessage } from './sessions.js'
+
+export function getExportsDir(): string {
+  return path.join(getConfigDir(), 'exports')
+}
+
+export async function exportSessionMarkdown(
+  id: string,
+  messages: SessionMessage[],
+  meta: { model: string; provider: string },
+): Promise<string> {
+  await fs.mkdir(getExportsDir(), { recursive: true })
+  const file = path.join(getExportsDir(), `${id}.md`)
+
+  const userTurns = messages.filter(m => m.role === 'user').length
+  const lines: string[] = []
+  lines.push('---')
+  lines.push(`session: ${id}`)
+  lines.push(`provider: ${meta.provider}`)
+  lines.push(`model: ${meta.model}`)
+  lines.push(`turns: ${userTurns}`)
+  lines.push(`exportedAt: ${new Date().toISOString()}`)
+  lines.push('---')
+  lines.push('')
+  for (const m of messages) {
+    if (m.role === 'system') continue
+    const header =
+      m.role === 'user'
+        ? '## user'
+        : m.role === 'assistant'
+          ? '## assistant'
+          : m.role === 'tool_use'
+            ? `## tool use · ${m.name}`
+            : `## tool result · ${m.name}`
+    lines.push(`${header}  <sub>${m.createdAt}</sub>`)
+    lines.push('')
+    if (m.role === 'tool_use') {
+      lines.push(JSON.stringify(m.input, null, 2))
+    } else {
+      lines.push(m.content)
+    }
+    lines.push('')
+  }
+  await fs.writeFile(file, lines.join('\n'), { mode: 0o600 })
+  return file
+}