groove-dev 0.17.8 → 0.18.0

package/CLAUDE.md

@@ -195,10 +195,3 @@ Fully functional multi-agent orchestration system. Tested end-to-end: planner
 - Remote access (--host 0.0.0.0 + token auth)
 - Semantic degradation detection
 - Distribution: demo video, HN launch, Twitter content
-
-<!-- GROOVE:START -->
-## GROOVE Orchestration (auto-injected)
-Active agents: 0
-See AGENTS_REGISTRY.md for full agent state.
-**Memory policy:** Ignore auto-memory. Do not read or write MEMORY.md. GROOVE manages all context.
-<!-- GROOVE:END -->

package/node_modules/@groove-dev/daemon/google-oauth.json

@@ -0,0 +1,5 @@
+{
+  "client_id": "",
+  "client_secret": "",
+  "_comment": "Fill in with your Google Cloud OAuth Desktop App credentials. One-time setup — all Google integrations (Gmail, Calendar, Drive) use these."
+}

package/node_modules/@groove-dev/daemon/integrations-registry.json

@@ -338,26 +338,6 @@
     "ratingCount": 0,
     "verified": "community"
   },
-  {
-    "id": "filesystem",
-    "name": "Filesystem",
-    "description": "Read, write, search, and manage files on the local filesystem",
-    "category": "developer",
-    "icon": "folder",
-    "tags": ["files", "filesystem", "local", "storage"],
-    "roles": ["backend", "fullstack", "devops"],
-    "npmPackage": "@modelcontextprotocol/server-filesystem",
-    "transport": "stdio",
-    "command": "npx",
-    "args": ["-y", "@modelcontextprotocol/server-filesystem"],
-    "authType": "none",
-    "envKeys": [],
-    "featured": false,
-    "downloads": 0,
-    "rating": 0,
-    "ratingCount": 0,
-    "verified": "mcp-official"
-  },
   {
     "id": "google-maps",
     "name": "Google Maps",
@@ -385,25 +365,5 @@
     "rating": 0,
     "ratingCount": 0,
     "verified": "mcp-official"
-  },
-  {
-    "id": "sqlite",
-    "name": "SQLite",
-    "description": "Query and manage SQLite databases, inspect schemas, run SQL",
-    "category": "database",
-    "icon": "database",
-    "tags": ["sql", "database", "local", "lightweight"],
-    "roles": ["analyst", "backend"],
-    "npmPackage": "mcp-sqlite",
-    "transport": "stdio",
-    "command": "npx",
-    "args": ["-y", "mcp-sqlite"],
-    "authType": "none",
-    "envKeys": [],
-    "featured": false,
-    "downloads": 0,
-    "rating": 0,
-    "ratingCount": 0,
-    "verified": "mcp-official"
   }
 ]

package/node_modules/@groove-dev/daemon/src/api.js

@@ -5,8 +5,9 @@ import express from 'express';
 import { resolve, dirname } from 'path';
 import { fileURLToPath } from 'url';
 import { existsSync, readFileSync, readdirSync, statSync, writeFileSync, mkdirSync, unlinkSync, renameSync, rmSync, createReadStream } from 'fs';
+import { spawn as cpSpawn } from 'child_process';
 import { lookup as mimeLookup } from './mimetypes.js';
-import { listProviders } from './providers/index.js';
+import { listProviders, getProvider } from './providers/index.js';
 import { validateAgentConfig } from './validate.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -351,6 +352,67 @@ export function createApi(app, daemon) {
     });
   });
 
+  // Plan chat — direct API (fast, sub-second) when API key available, CLI fallback otherwise
+  const PLAN_SYSTEM = `You are the planning assistant built into Groove's spawn panel. The user is configuring an AI agent right now — they're looking at a form with role selection, file scope, skills, integrations, effort level, and a task prompt. Your conversation will be synthesized into the agent's task prompt when they click "Generate Prompt."
+
+Your job: help them think through what the agent should do, then craft a clear plan. Be direct and practical. Don't ask how they'll feed input to agents or what tools to use — they're already inside Groove doing it. Focus on the TASK itself.
+
+What you know about the system:
+- The user is in the spawn panel, configuring an agent before launching it
+- The left panel has: role picker, directory, permissions, effort, integrations, skills, schedule
+- When done planning, "Generate Prompt" synthesizes this chat into the agent's task prompt
+- Agents are Claude Code instances with full terminal/file access in the specified directory
+- Agents can read/write files, run commands, use MCP integrations (Slack, GitHub, etc.)
+- The journalist system prevents cold starts during context rotation — agents don't lose context
+
+Keep responses concise. Help them think, don't lecture them about the system they built.`;
+
+  app.post('/api/journalist/query', async (req, res) => {
+    try {
+      const { prompt } = req.body || {};
+      if (!prompt) return res.status(400).json({ error: 'prompt is required' });
+
+      // Fast path: direct Anthropic API call (sub-second)
+      const apiKey = daemon.credentials.getKey('anthropic-api');
+      if (apiKey) {
+        const apiRes = await fetch('https://api.anthropic.com/v1/messages', {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'x-api-key': apiKey,
+            'anthropic-version': '2023-06-01',
+          },
+          body: JSON.stringify({
+            model: 'claude-haiku-4-5-20251001',
+            max_tokens: 1024,
+            system: PLAN_SYSTEM,
+            messages: [{ role: 'user', content: prompt }],
+          }),
+        });
+        const data = await apiRes.json();
+        if (data.content?.[0]?.text) {
+          return res.json({ response: data.content[0].text, mode: 'fast' });
+        }
+        if (data.error) {
+          return res.status(400).json({ error: data.error.message || 'API error' });
+        }
+      }
+
+      // Slow path: CLI fallback for subscription auth (~10s)
+      const fullPrompt = `${PLAN_SYSTEM}\n\n${prompt}`;
+      const response = await daemon.journalist.callHeadless(fullPrompt);
+      res.json({ response, mode: 'cli' });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  // Check if Anthropic API key is configured
+  app.get('/api/anthropic-key/status', (req, res) => {
+    const hasKey = !!daemon.credentials.getKey('anthropic-api');
+    res.json({ configured: hasKey });
+  });
+
   // Trigger journalist cycle manually
   app.post('/api/journalist/cycle', async (req, res) => {
     try {
@@ -507,11 +569,13 @@ export function createApi(app, daemon) {
   // Parameterized :id routes (after specific routes above)
 
   app.post('/api/integrations/:id/authenticate', (req, res) => {
+    console.log(`[Groove:API] POST /api/integrations/${req.params.id}/authenticate`);
     try {
       const handle = daemon.integrations.authenticate(req.params.id);
+      console.log(`[Groove:API] Authenticate started, PID: ${handle.pid}`);
       res.json({ ok: true, pid: handle.pid });
-      // Auto-cleanup tracked by the handle timeout
     } catch (err) {
+      console.log(`[Groove:API] Authenticate error: ${err.message}`);
       res.status(400).json({ error: err.message });
     }
   });
@@ -740,6 +804,11 @@ export function createApi(app, daemon) {
 
   const IGNORED_NAMES = new Set(['.git', 'node_modules', '.DS_Store', '.groove', '__pycache__', '.next', '.cache', 'dist', 'coverage']);
 
+  // Editor root directory — defaults to projectDir but can be changed at runtime
+  let editorRootDir = daemon.projectDir;
+
+  function getEditorRoot() { return editorRootDir; }
+
   function validateFilePath(relPath, projectDir) {
     if (!relPath || typeof relPath !== 'string') return { error: 'path is required' };
     if (relPath.startsWith('/') || relPath.includes('..') || relPath.includes('\0')) {
@@ -750,6 +819,27 @@ export function createApi(app, daemon) {
     return { fullPath };
   }
 
+  // Get/set the editor working directory
+  app.get('/api/files/root', (req, res) => {
+    res.json({ root: editorRootDir });
+  });
+
+  app.post('/api/files/root', (req, res) => {
+    const { root } = req.body || {};
+    if (!root || typeof root !== 'string') return res.status(400).json({ error: 'root path is required' });
+    // Must be absolute and exist
+    if (!root.startsWith('/')) return res.status(400).json({ error: 'root must be an absolute path' });
+    if (root.includes('\0') || root.includes('..')) return res.status(400).json({ error: 'Invalid path' });
+    if (!existsSync(root)) return res.status(404).json({ error: 'Directory not found' });
+    try {
+      const stat = statSync(root);
+      if (!stat.isDirectory()) return res.status(400).json({ error: 'Path is not a directory' });
+    } catch { return res.status(400).json({ error: 'Cannot access directory' }); }
+    editorRootDir = root;
+    daemon.audit.log('editor.root.set', { root });
+    res.json({ ok: true, root: editorRootDir });
+  });
+
   // File tree — returns dirs + files for a given path
   app.get('/api/files/tree', (req, res) => {
     const relPath = req.query.path || '';
@@ -759,8 +849,9 @@ export function createApi(app, daemon) {
       return res.status(400).json({ error: 'Invalid path' });
     }
 
-    const fullPath = relPath ? resolve(daemon.projectDir, relPath) : daemon.projectDir;
-    if (!fullPath.startsWith(daemon.projectDir)) {
+    const rootDir = getEditorRoot();
+    const fullPath = relPath ? resolve(rootDir, relPath) : rootDir;
+    if (!fullPath.startsWith(rootDir)) {
       return res.status(400).json({ error: 'Path outside project' });
     }
     if (!existsSync(fullPath)) {
@@ -810,7 +901,7 @@ export function createApi(app, daemon) {
 
   // Read file contents
   app.get('/api/files/read', (req, res) => {
-    const result = validateFilePath(req.query.path, daemon.projectDir);
+    const result = validateFilePath(req.query.path, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (!existsSync(result.fullPath)) {
@@ -846,7 +937,7 @@ export function createApi(app, daemon) {
   // Write file contents
   app.post('/api/files/write', (req, res) => {
     const { path: relPath, content } = req.body;
-    const result = validateFilePath(relPath, daemon.projectDir);
+    const result = validateFilePath(relPath, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (typeof content !== 'string') {
@@ -868,7 +959,7 @@ export function createApi(app, daemon) {
   // Create a new file
   app.post('/api/files/create', (req, res) => {
     const { path: relPath, content = '' } = req.body;
-    const result = validateFilePath(relPath, daemon.projectDir);
+    const result = validateFilePath(relPath, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (existsSync(result.fullPath)) {
@@ -893,7 +984,7 @@ export function createApi(app, daemon) {
   // Create a new directory
   app.post('/api/files/mkdir', (req, res) => {
     const { path: relPath } = req.body;
-    const result = validateFilePath(relPath, daemon.projectDir);
+    const result = validateFilePath(relPath, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (existsSync(result.fullPath)) {
@@ -912,7 +1003,7 @@ export function createApi(app, daemon) {
   // Delete a file or directory
   app.delete('/api/files/delete', (req, res) => {
     const relPath = req.query.path || req.body?.path;
-    const result = validateFilePath(relPath, daemon.projectDir);
+    const result = validateFilePath(relPath, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (!existsSync(result.fullPath)) {
@@ -936,9 +1027,9 @@ export function createApi(app, daemon) {
   // Rename / move a file or directory
   app.post('/api/files/rename', (req, res) => {
     const { oldPath, newPath } = req.body;
-    const oldResult = validateFilePath(oldPath, daemon.projectDir);
+    const oldResult = validateFilePath(oldPath, getEditorRoot());
     if (oldResult.error) return res.status(400).json({ error: oldResult.error });
-    const newResult = validateFilePath(newPath, daemon.projectDir);
+    const newResult = validateFilePath(newPath, getEditorRoot());
     if (newResult.error) return res.status(400).json({ error: newResult.error });
 
     if (!existsSync(oldResult.fullPath)) {
@@ -962,7 +1053,7 @@ export function createApi(app, daemon) {
 
   // Serve raw file (images, video, etc.)
   app.get('/api/files/raw', (req, res) => {
-    const result = validateFilePath(req.query.path, daemon.projectDir);
+    const result = validateFilePath(req.query.path, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (!existsSync(result.fullPath)) {

package/node_modules/@groove-dev/daemon/src/integrations.js

@@ -380,10 +380,8 @@ export class IntegrationStore {
     if (!entry) throw new Error(`Integration not found: ${integrationId}`);
     if (entry.authType !== 'oauth-google') throw new Error('Integration does not use OAuth');
 
-    // Check if user has provided their own Google OAuth client (stored globally)
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
       throw new Error('Google OAuth not configured. Set up your Google Cloud project first.');
     }
 
@@ -392,7 +390,7 @@ export class IntegrationStore {
     const scopes = entry.oauthScopes || [];
 
     const params = new URLSearchParams({
-      client_id: clientId,
+      client_id: creds.clientId,
       redirect_uri: redirectUri,
       response_type: 'code',
       scope: scopes.join(' '),
@@ -408,11 +406,11 @@ export class IntegrationStore {
    * Handle OAuth callback — exchange code for tokens.
    */
   async handleOAuthCallback(code, integrationId) {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
       throw new Error('Google OAuth credentials not found');
     }
+    const { clientId, clientSecret } = creds;
 
     const port = this.daemon.port || 31415;
     const redirectUri = `http://localhost:${port}/api/integrations/oauth/callback`;
@@ -451,10 +449,32 @@ export class IntegrationStore {
   /**
    * Check if Google OAuth is configured (user has set up their Cloud project).
    */
+  /**
+   * Get Google OAuth credentials from user config OR bundled defaults.
+   * User-configured credentials take priority over bundled defaults.
+   */
+  _getGoogleOAuthCredentials() {
+    // 1. Check user-configured credentials (encrypted store)
+    let clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
+    let clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
+    if (clientId && clientSecret) return { clientId, clientSecret, source: 'user' };
+
+    // 2. Check bundled defaults (shipped with Groove)
+    try {
+      const defaultsPath = resolve(__dirname, '../google-oauth.json');
+      if (existsSync(defaultsPath)) {
+        const defaults = JSON.parse(readFileSync(defaultsPath, 'utf8'));
+        if (defaults.client_id && defaults.client_secret) {
+          return { clientId: defaults.client_id, clientSecret: defaults.client_secret, source: 'bundled' };
+        }
+      }
+    } catch { /* no bundled defaults */ }
+
+    return null;
+  }
+
   isGoogleOAuthConfigured() {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    return !!(clientId && clientSecret);
+    return !!this._getGoogleOAuthCredentials();
   }
 
   /**
@@ -467,14 +487,18 @@ export class IntegrationStore {
     const entry = this.registry.find((s) => s.id === integrationId);
     if (!entry) throw new Error(`Integration not found: ${integrationId}`);
 
+    console.log(`[Groove:Integrations] authenticate(${integrationId}) — authType: ${entry.authType}`);
+
     // For google-autoauth integrations, write the gcp-oauth.keys.json file
     // that the MCP server expects before it can start the OAuth browser flow
     if (entry.authType === 'google-autoauth') {
+      console.log(`[Groove:Integrations] Writing gcp-oauth.keys.json for ${integrationId}`);
       this._writeGoogleOAuthKeys(entry);
     }
 
     const command = entry.command || 'npx';
     const args = entry.args || ['-y', entry.npmPackage];
+    console.log(`[Groove:Integrations] Spawning: ${command} ${args.join(' ')}`);
 
     // Build env with any configured credentials
     const env = {};
@@ -491,6 +515,8 @@ export class IntegrationStore {
       detached: false,
     });
 
+    console.log(`[Groove:Integrations] Process spawned, PID: ${proc.pid}`);
+
     // Send MCP handshake to initialize the server — this triggers auth
     const initMsg = JSON.stringify({
       jsonrpc: '2.0', id: 1, method: 'initialize',
@@ -507,28 +533,38 @@ export class IntegrationStore {
       jsonrpc: '2.0', method: 'notifications/initialized',
     });
 
-    // Wait a moment for npx to download + start, then send handshake
     proc.stdout.on('data', (chunk) => {
       const text = chunk.toString();
+      console.log(`[Groove:Integrations] MCP stdout: ${text.slice(0, 200)}`);
       // After initialize response, send initialized notification + tools/list
       if (text.includes('"id":1') || text.includes('"id": 1')) {
+        console.log('[Groove:Integrations] Got initialize response, sending initialized + tools/list');
         proc.stdin.write(initializedNotif + '\n');
         setTimeout(() => proc.stdin.write(listToolsMsg + '\n'), 500);
       }
     });
 
+    proc.on('error', (err) => {
+      console.log(`[Groove:Integrations] Process error: ${err.message}`);
+    });
+
+    proc.on('exit', (code, signal) => {
+      console.log(`[Groove:Integrations] Process exited: code=${code} signal=${signal}`);
+      clearTimeout(timeout);
+    });
+
     // Send initialize after a brief delay for npx startup
     setTimeout(() => {
-      try { proc.stdin.write(initMsg + '\n'); } catch { /* process may have exited */ }
+      console.log('[Groove:Integrations] Sending MCP initialize message');
+      try { proc.stdin.write(initMsg + '\n'); } catch (e) { console.log('[Groove:Integrations] stdin write failed:', e.message); }
     }, 3000);
 
-    // Auto-kill after 2 minutes (auth should complete well before that)
+    // Auto-kill after 2 minutes
     const timeout = setTimeout(() => {
+      console.log('[Groove:Integrations] Auth timeout — killing process');
       try { proc.kill('SIGTERM'); } catch { /* ignore */ }
     }, 120_000);
 
-    proc.on('exit', () => clearTimeout(timeout));
-
     this.daemon.audit.log('integration.authenticate', { id: integrationId });
 
     return {
@@ -543,11 +579,11 @@ export class IntegrationStore {
    * before they can open the browser for user consent.
    */
   _writeGoogleOAuthKeys(entry) {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
-      throw new Error('Google OAuth not configured. Click "Sign in with Google" to set up your Google Cloud credentials first.');
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
+      throw new Error('Google OAuth not configured. Set up your Google Cloud credentials first.');
     }
+    const { clientId, clientSecret } = creds;
 
     const keysContent = JSON.stringify({
       installed: {
@@ -567,6 +603,9 @@ export class IntegrationStore {
       mkdirSync(dirPath, { recursive: true });
       const keysPath = resolve(dirPath, 'gcp-oauth.keys.json');
       writeFileSync(keysPath, keysContent, { mode: 0o600 });
+      console.log(`[Groove:Integrations] Wrote OAuth keys to: ${keysPath}`);
+    } else {
+      console.log(`[Groove:Integrations] WARNING: No oauthKeysDir for ${entry.id}`);
     }
   }
 

package/node_modules/@groove-dev/daemon/src/providers/claude-code.js

@@ -48,6 +48,10 @@ export class ClaudeCodeProvider extends Provider {
       args.push('--model', agent.model);
     }
 
+    if (agent.effort) {
+      args.push('--effort', agent.effort);
+    }
+
     // Pass the initial prompt as positional arg (includes GROOVE context)
     const fullPrompt = this.buildFullPrompt(agent);
     if (fullPrompt) {

package/node_modules/@groove-dev/gui/.groove/codebase-index.json

@@ -0,0 +1,64 @@
+{
+  "projectName": "gui",
+  "scannedAt": "2026-04-08T01:26:36.485Z",
+  "stats": {
+    "totalFiles": 32,
+    "totalDirs": 5,
+    "treeDepth": 4
+  },
+  "workspaces": [],
+  "keyFiles": [
+    "package.json"
+  ],
+  "tree": [
+    {
+      "path": ".",
+      "depth": 0,
+      "dirs": 2,
+      "files": 3,
+      "children": [
+        "public",
+        "src"
+      ]
+    },
+    {
+      "path": "public",
+      "depth": 1,
+      "dirs": 0,
+      "files": 3,
+      "children": []
+    },
+    {
+      "path": "src",
+      "depth": 1,
+      "dirs": 3,
+      "files": 3,
+      "children": [
+        "components",
+        "stores",
+        "views"
+      ]
+    },
+    {
+      "path": "src/components",
+      "depth": 2,
+      "dirs": 0,
+      "files": 15,
+      "children": []
+    },
+    {
+      "path": "src/stores",
+      "depth": 2,
+      "dirs": 0,
+      "files": 1,
+      "children": []
+    },
+    {
+      "path": "src/views",
+      "depth": 2,
+      "dirs": 0,
+      "files": 7,
+      "children": []
+    }
+  ]
+}

package/node_modules/@groove-dev/gui/.groove/config.json

@@ -0,0 +1,10 @@
+{
+  "version": "0.1.0",
+  "port": 31415,
+  "journalistInterval": 120,
+  "rotationThreshold": 0.75,
+  "autoRotation": true,
+  "qcThreshold": 4,
+  "maxAgents": 10,
+  "defaultProvider": "claude-code"
+}

package/node_modules/@groove-dev/gui/.groove/coordination.md

@@ -0,0 +1,5 @@
+# GROOVE Coordination
+
+*Agents write their intent here before shared/destructive actions.*
+
+<!-- No active operations -->

package/node_modules/@groove-dev/gui/.groove/daemon.host

@@ -0,0 +1 @@
+127.0.0.1

package/node_modules/@groove-dev/gui/.groove/daemon.pid

@@ -0,0 +1 @@
+13629

package/node_modules/@groove-dev/gui/.groove/daemon.port

@@ -0,0 +1 @@
+31416

package/node_modules/@groove-dev/gui/.groove/federation/identity.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIDgv9qJFjRft4Jh4sUoIe1GtmtckzOSsVvbi8WNRdSwf
+-----END PRIVATE KEY-----

package/node_modules/@groove-dev/gui/.groove/federation/identity.pub

@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAHZ3D0IChsPmavZorg3hwhdMZN4W3Q0geH9TR5NVMnI0=
+-----END PUBLIC KEY-----

package/node_modules/@groove-dev/gui/.groove/integrations/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "groove-integrations",
+  "version": "1.0.0",
+  "private": true,
+  "description": "MCP server packages managed by Groove"
+}

package/node_modules/@groove-dev/gui/.groove/state.json

@@ -0,0 +1,3 @@
+{
+  "agents": []
+}