groove-dev 0.27.77 → 0.27.78

package/moe-training/client/consent.js

@@ -0,0 +1,96 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+import Database from 'better-sqlite3';
+import { randomUUID } from 'node:crypto';
+import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { CURRENT_CONSENT_VERSION } from '../shared/constants.js';
+
+export class ConsentManager {
+  constructor(dbPath) {
+    this._dbPath = dbPath || join(homedir(), '.groove', 'consent.db');
+    const dir = this._dbPath.replace(/[/\\][^/\\]+$/, '');
+    if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+    this._db = new Database(this._dbPath);
+    this._db.pragma('journal_mode = WAL');
+    this._db.exec(`
+      CREATE TABLE IF NOT EXISTS consent_history (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        user_id TEXT NOT NULL,
+        opted_in INTEGER NOT NULL,
+        consent_version TEXT NOT NULL,
+        metadata TEXT,
+        created_at TEXT NOT NULL DEFAULT (datetime('now'))
+      )
+    `);
+  }
+
+  recordConsent(userId, optedIn, consentVersion, metadata) {
+    this._db.prepare(
+      'INSERT INTO consent_history (user_id, opted_in, consent_version, metadata) VALUES (?, ?, ?, ?)'
+    ).run(userId, optedIn ? 1 : 0, consentVersion, metadata ? JSON.stringify(metadata) : null);
+  }
+
+  isOptedIn(userId) {
+    const row = this._db.prepare(
+      'SELECT opted_in, consent_version FROM consent_history WHERE user_id = ? ORDER BY id DESC LIMIT 1'
+    ).get(userId);
+    if (!row) return false;
+    if (row.consent_version !== CURRENT_CONSENT_VERSION) return false;
+    return row.opted_in === 1;
+  }
+
+  revokeConsent(userId) {
+    this.recordConsent(userId, false, CURRENT_CONSENT_VERSION);
+  }
+
+  getOptedInCount() {
+    const row = this._db.prepare(`
+      SELECT COUNT(DISTINCT user_id) as cnt FROM consent_history ch1
+      WHERE opted_in = 1
+        AND consent_version = ?
+        AND id = (SELECT MAX(id) FROM consent_history ch2 WHERE ch2.user_id = ch1.user_id)
+    `).get(CURRENT_CONSENT_VERSION);
+    return row?.cnt || 0;
+  }
+
+  getConsentHistory(userId) {
+    const rows = this._db.prepare(
+      'SELECT * FROM consent_history WHERE user_id = ? ORDER BY id ASC'
+    ).all(userId);
+    return rows.map((r) => ({
+      ...r,
+      opted_in: r.opted_in === 1,
+      metadata: r.metadata ? JSON.parse(r.metadata) : null,
+    }));
+  }
+
+  close() {
+    this._db.close();
+  }
+
+  static getOrCreateUserId(userIdPath) {
+    const filePath = userIdPath || join(homedir(), '.groove', 'user_id');
+    const dir = filePath.replace(/[/\\][^/\\]+$/, '');
+    if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+    if (existsSync(filePath)) {
+      return readFileSync(filePath, 'utf-8').trim();
+    }
+    const uid = randomUUID().replace(/-/g, '');
+    writeFileSync(filePath, uid, { mode: 0o600 });
+    return uid;
+  }
+
+  static isCaptureEnabled(userIdPath, dbPath) {
+    const filePath = userIdPath || join(homedir(), '.groove', 'user_id');
+    if (!existsSync(filePath)) return false;
+    const userId = readFileSync(filePath, 'utf-8').trim();
+    const manager = new ConsentManager(dbPath);
+    try {
+      return manager.isOptedIn(userId);
+    } finally {
+      manager.close();
+    }
+  }
+}

package/moe-training/client/envelope-builder.js

@@ -0,0 +1,56 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+import { randomUUID } from 'node:crypto';
+import { CHUNK_SIZE } from '../shared/constants.js';
+
+export class EnvelopeBuilder {
+  constructor(sessionId, contributorId, metadata) {
+    this._sessionId = sessionId;
+    this._contributorId = contributorId;
+    this._metadata = metadata;
+    this._buffer = [];
+    this._chunkSequence = 0;
+  }
+
+  addStep(step) {
+    if (step.content && typeof step.content === 'string' && step.content.length > 10_000) {
+      step.content = step.content.slice(0, 10_000);
+    }
+    if (typeof step.token_count === 'number' && step.token_count > 100_000) {
+      step.token_count = 100_000;
+    }
+    this._buffer.push(step);
+    if (this._buffer.length >= CHUNK_SIZE) {
+      return this._buildEnvelope();
+    }
+    return null;
+  }
+
+  flush() {
+    if (this._buffer.length === 0) return null;
+    return this._buildEnvelope();
+  }
+
+  buildSessionClose(outcome) {
+    return {
+      envelope_id: `env_${randomUUID()}`,
+      session_id: this._sessionId,
+      type: 'SESSION_CLOSE',
+      attestation: { session_hmac: '', sequence: 0, app_version_hash: '' },
+      outcome,
+    };
+  }
+
+  _buildEnvelope() {
+    const envelope = {
+      envelope_id: `env_${randomUUID()}`,
+      session_id: this._sessionId,
+      chunk_sequence: this._chunkSequence++,
+      contributor_id: this._contributorId,
+      attestation: { session_hmac: '', sequence: 0, app_version_hash: '' },
+      metadata: { ...this._metadata },
+      trajectory_log: this._buffer.splice(0),
+    };
+    return envelope;
+  }
+}

package/moe-training/client/index.js

@@ -0,0 +1,10 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+export { TrajectoryCapture } from './trajectory-capture.js';
+export { ConsentManager } from './consent.js';
+export { PIIScrubber } from './scrubber.js';
+export { SessionAttestation } from './session-attestation.js';
+export { TransmissionQueue } from './transmission-queue.js';
+export { EnvelopeBuilder } from './envelope-builder.js';
+export { StepClassifier } from './step-classifier.js';
+export { getParser } from './parsers/index.js';

package/moe-training/client/parsers/claude-code.js

@@ -0,0 +1,110 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+import { OBSERVATION_TRUNCATE_HEAD, OBSERVATION_TRUNCATE_TAIL } from '../../shared/constants.js';
+
+function truncateObservation(text) {
+  if (!text || typeof text !== 'string') return text;
+  const lines = text.split('\n');
+  if (lines.length <= OBSERVATION_TRUNCATE_HEAD + OBSERVATION_TRUNCATE_TAIL) return text;
+  const head = lines.slice(0, OBSERVATION_TRUNCATE_HEAD);
+  const tail = lines.slice(-OBSERVATION_TRUNCATE_TAIL);
+  const omitted = lines.length - OBSERVATION_TRUNCATE_HEAD - OBSERVATION_TRUNCATE_TAIL;
+  return [...head, `[... ${omitted} lines omitted ...]`, ...tail].join('\n');
+}
+
+export class ClaudeCodeParser {
+  constructor() {
+    this._pendingToolUse = new Map();
+  }
+
+  parseEvent(jsonEvent) {
+    if (!jsonEvent || !jsonEvent.type) return null;
+
+    if (jsonEvent.type === 'assistant') {
+      const contentBlocks = jsonEvent.message?.content;
+      if (!Array.isArray(contentBlocks)) return null;
+
+      const results = [];
+      for (const block of contentBlocks) {
+        if (block.type === 'text') {
+          results.push({
+            type: 'thought',
+            content: block.text || '',
+            token_count: jsonEvent.message?.usage?.output_tokens || 0,
+          });
+        } else if (block.type === 'tool_use') {
+          this._pendingToolUse.set(block.id, block);
+          results.push({
+            type: 'action',
+            tool: block.name,
+            arguments: block.input,
+            content: `Using ${block.name}`,
+          });
+        } else if (block.type === 'tool_result') {
+          const toolUse = this._pendingToolUse.get(block.tool_use_id);
+          if (toolUse) this._pendingToolUse.delete(block.tool_use_id);
+
+          const resultContent = Array.isArray(block.content)
+            ? block.content.map((c) => c.text || '').join('\n')
+            : (typeof block.content === 'string' ? block.content : '');
+
+          if (block.is_error) {
+            results.push({ type: 'error', content: resultContent, is_error: true });
+          } else {
+            results.push({
+              type: 'observation',
+              content: truncateObservation(resultContent),
+              is_error: false,
+            });
+          }
+        }
+      }
+
+      return results.length === 1 ? results[0] : results.length > 1 ? results : null;
+    }
+
+    if (jsonEvent.type === 'result') {
+      return {
+        type: 'resolution',
+        content: typeof jsonEvent.result === 'string' ? jsonEvent.result : JSON.stringify(jsonEvent.result),
+        token_count: jsonEvent.total_tokens_used || 0,
+      };
+    }
+
+    return null;
+  }
+
+  extractTokens(jsonEvent) {
+    if (!jsonEvent) return null;
+    if (jsonEvent.type === 'assistant') {
+      const usage = jsonEvent.message?.usage;
+      if (!usage) return null;
+      return {
+        input: usage.input_tokens || 0,
+        output: usage.output_tokens || 0,
+        cacheRead: usage.cache_read_input_tokens || 0,
+        cacheCreation: usage.cache_creation_input_tokens || 0,
+      };
+    }
+    if (jsonEvent.type === 'result') {
+      return {
+        input: jsonEvent.total_input_tokens || 0,
+        output: jsonEvent.total_output_tokens || 0,
+        cacheRead: 0,
+        cacheCreation: 0,
+      };
+    }
+    return null;
+  }
+
+  extractSessionId(jsonEvent) {
+    return jsonEvent?.session_id || null;
+  }
+
+  extractModel(jsonEvent) {
+    if (jsonEvent?.type === 'assistant') {
+      return jsonEvent.message?.model || null;
+    }
+    return null;
+  }
+}

package/moe-training/client/parsers/codex.js

@@ -0,0 +1,80 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+export class CodexParser {
+  constructor() {
+    this._sessionId = null;
+  }
+
+  parseEvent(jsonEvent) {
+    if (!jsonEvent || !jsonEvent.type) return null;
+
+    switch (jsonEvent.type) {
+      case 'thread.started': {
+        this._sessionId = jsonEvent.thread_id || null;
+        return null;
+      }
+
+      case 'item.started': {
+        const item = jsonEvent.item || {};
+        if (item.type === 'agent_message') {
+          return { type: 'thought', content: item.text || '' };
+        }
+        if (item.type === 'command_execution') {
+          return { type: 'action', tool: 'command_execution', arguments: { command: item.command }, content: `Executing: ${item.command || ''}` };
+        }
+        if (item.type === 'file_edit' || item.type === 'file_write') {
+          return { type: 'action', tool: item.type, arguments: { path: item.path || item.file || '' }, content: `${item.type}: ${item.path || item.file || ''}` };
+        }
+        if (item.type === 'file_read') {
+          return { type: 'action', tool: 'file_read', arguments: { path: item.path || item.file || '' }, content: `Reading: ${item.path || item.file || ''}` };
+        }
+        return null;
+      }
+
+      case 'item.completed': {
+        const item = jsonEvent.item || {};
+        if (item.type === 'agent_message') {
+          return { type: 'thought', content: item.text || '' };
+        }
+        if (item.type === 'command_execution') {
+          const output = (item.aggregated_output || '').slice(0, 2000);
+          if (item.exit_code !== 0) {
+            return { type: 'error', content: output || `Exit code: ${item.exit_code}` };
+          }
+          return { type: 'observation', content: output };
+        }
+        if (item.type === 'file_edit' || item.type === 'file_write' || item.type === 'file_read') {
+          const output = (item.output || item.content || '').slice(0, 2000);
+          return { type: 'observation', content: output };
+        }
+        return null;
+      }
+
+      case 'turn.completed': {
+        return { type: 'resolution', content: '' };
+      }
+
+      default:
+        return null;
+    }
+  }
+
+  extractTokens(jsonEvent) {
+    if (!jsonEvent) return null;
+    const usage = jsonEvent.usage || jsonEvent.item?.usage;
+    if (!usage) return null;
+    return {
+      input: usage.input_tokens || 0,
+      output: usage.output_tokens || 0,
+      cacheRead: 0,
+      cacheCreation: 0,
+    };
+  }
+
+  extractSessionId(jsonEvent) {
+    if (jsonEvent?.type === 'thread.started') {
+      return jsonEvent.thread_id || null;
+    }
+    return null;
+  }
+}

package/moe-training/client/parsers/gemini.js

@@ -0,0 +1,80 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+export class GeminiParser {
+  constructor() {
+    this._sessionId = null;
+  }
+
+  parseEvent(jsonEvent) {
+    if (!jsonEvent || !jsonEvent.type) return null;
+
+    switch (jsonEvent.type) {
+      case 'agent_start': {
+        this._sessionId = jsonEvent.streamId || null;
+        return null;
+      }
+
+      case 'message': {
+        if (jsonEvent.role === 'user') return null;
+        const raw = jsonEvent.content;
+        const parts = Array.isArray(raw) ? raw : (typeof raw === 'string' ? [{ text: raw }] : raw ? [raw] : []);
+
+        for (const part of parts) {
+          if (part.type === 'thought') {
+            return { type: 'thought', content: part.thought || part.text || '' };
+          }
+        }
+
+        const text = parts.map((p) => p.text || '').filter(Boolean).join('\n');
+        if (text) {
+          return { type: 'thought', content: text };
+        }
+        return null;
+      }
+
+      case 'tool_request': {
+        return {
+          type: 'action',
+          tool: jsonEvent.name || 'Tool',
+          arguments: jsonEvent.args || {},
+          content: `Using ${jsonEvent.name || 'Tool'}`,
+        };
+      }
+
+      case 'tool_response': {
+        const rawContent = jsonEvent.content;
+        const contentParts = Array.isArray(rawContent) ? rawContent : (typeof rawContent === 'string' ? [{ text: rawContent }] : rawContent ? [rawContent] : []);
+        const content = contentParts.map((p) => p.text || '').join('').slice(0, 2000);
+        return { type: 'observation', content };
+      }
+
+      case 'error': {
+        return { type: 'error', content: jsonEvent.message || 'Unknown error' };
+      }
+
+      case 'agent_end': {
+        return { type: 'resolution', content: '' };
+      }
+
+      default:
+        return null;
+    }
+  }
+
+  extractTokens(jsonEvent) {
+    if (!jsonEvent || jsonEvent.type !== 'usage') return null;
+    return {
+      input: jsonEvent.inputTokens || 0,
+      output: jsonEvent.outputTokens || 0,
+      cacheRead: jsonEvent.cachedTokens || 0,
+      cacheCreation: 0,
+    };
+  }
+
+  extractSessionId(jsonEvent) {
+    if (jsonEvent?.type === 'agent_start') {
+      return jsonEvent.streamId || null;
+    }
+    return null;
+  }
+}

package/moe-training/client/parsers/grok.js

@@ -0,0 +1,16 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+export class GrokParser {
+  // TODO: Grok agentic CLI not yet available. Wire up when headless CLI is built.
+  parseEvent(_jsonEvent) {
+    return null;
+  }
+
+  extractTokens(_jsonEvent) {
+    return null;
+  }
+
+  extractSessionId(_jsonEvent) {
+    return null;
+  }
+}

package/moe-training/client/parsers/index.js

@@ -0,0 +1,20 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+import { SUPPORTED_PROVIDERS } from '../../shared/constants.js';
+import { ClaudeCodeParser } from './claude-code.js';
+import { CodexParser } from './codex.js';
+import { GeminiParser } from './gemini.js';
+import { GrokParser } from './grok.js';
+
+const constructors = {
+  'claude-code': ClaudeCodeParser,
+  'codex': CodexParser,
+  'gemini': GeminiParser,
+  'grok': GrokParser,
+};
+
+export function getParser(providerName) {
+  if (!SUPPORTED_PROVIDERS.includes(providerName)) return null;
+  const Ctor = constructors[providerName];
+  return Ctor ? new Ctor() : null;
+}

package/moe-training/client/scrubber.js

@@ -0,0 +1,126 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+function luhnCheck(digits) {
+  let sum = 0;
+  let alt = false;
+  for (let i = digits.length - 1; i >= 0; i--) {
+    let n = parseInt(digits[i], 10);
+    if (alt) {
+      n *= 2;
+      if (n > 9) n -= 9;
+    }
+    sum += n;
+    alt = !alt;
+  }
+  return sum % 10 === 0;
+}
+
+export class PIIScrubber {
+  constructor() {
+    this._patterns = [
+      {
+        name: 'pem_private_key',
+        regex: /-----BEGIN[A-Z ]*PRIVATE KEY-----[\s\S]*?-----END[A-Z ]*PRIVATE KEY-----/g,
+        replacement: '[PRIVATE_KEY]',
+      },
+      {
+        name: 'aws_key',
+        regex: /AKIA[0-9A-Z]{16}/g,
+        replacement: '[AWS_KEY]',
+      },
+      {
+        name: 'jwt_token',
+        regex: /eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g,
+        replacement: '[API_KEY]',
+      },
+      {
+        name: 'bearer_token',
+        regex: /Bearer\s+[A-Za-z0-9._~+/\-]+=*/g,
+        replacement: '[API_KEY]',
+      },
+      {
+        name: 'sk_pk_key',
+        regex: /(?:sk|pk)_[a-zA-Z0-9_]{20,}/g,
+        replacement: '[API_KEY]',
+      },
+      {
+        name: 'credit_card',
+        regex: /\b(\d{4})[- ]?(\d{4})[- ]?(\d{4})[- ]?(\d{4})\b/g,
+        replacement: null, // handled in scrub() with Luhn
+      },
+      {
+        name: 'ssn',
+        regex: /\b\d{3}-\d{2}-\d{4}\b/g,
+        replacement: '[SSN]',
+      },
+      {
+        name: 'email',
+        regex: /[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/g,
+        replacement: '[EMAIL]',
+      },
+      {
+        name: 'email_urlencoded',
+        regex: /[a-zA-Z0-9._%+-]+%40[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,
+        replacement: '[EMAIL]',
+      },
+      {
+        name: 'ipv6',
+        regex: /(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|::(?:[fF]{4}:)?(?:\d{1,3}\.){3}\d{1,3}|::1?\b/g,
+        replacement: '[IP]',
+      },
+      {
+        name: 'ipv4',
+        regex: /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/g,
+        replacement: '[IP]',
+      },
+      {
+        name: 'intl_phone',
+        regex: /\+\d{1,3}[\s.-]?\(?\d{1,4}\)?[\s.-]?\d{2,4}[\s.-]?\d{2,4}(?:[\s.-]?\d{1,4})?/g,
+        replacement: '[PHONE]',
+      },
+      {
+        name: 'phone',
+        regex: /(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b/g,
+        replacement: '[PHONE]',
+      },
+      {
+        name: 'url_with_secret',
+        regex: /https?:\/\/[^\s]*[?&](?:token|key|secret|password|api_key|apikey|access_token|auth)=[^\s&]*/gi,
+        replacement: '[REDACTED_URL]',
+      },
+      {
+        name: 'long_hex',
+        regex: /\b[0-9a-fA-F]{40,}\b/g,
+        replacement: '[API_KEY]',
+      },
+      {
+        name: 'home_path',
+        regex: /(?:\/Users\/[^\s]+|\/home\/[^\s]+|C:\\Users\\[^\s]+)/g,
+        replacement: '[FILE_PATH]',
+      },
+      {
+        name: 'base64_secret',
+        regex: /(?<![A-Za-z0-9+/])[A-Za-z0-9+/]{40,}={0,2}(?![A-Za-z0-9+/])/g,
+        replacement: '[API_KEY]',
+      },
+    ];
+  }
+
+  scrub(text) {
+    if (!text || typeof text !== 'string') return text;
+    let result = text;
+
+    for (const pattern of this._patterns) {
+      if (pattern.name === 'credit_card') {
+        result = result.replace(pattern.regex, (match, g1, g2, g3, g4) => {
+          const digits = (g1 + g2 + g3 + g4);
+          return luhnCheck(digits) ? '[CREDIT_CARD]' : match;
+        });
+      } else {
+        result = result.replace(pattern.regex, pattern.replacement);
+      }
+    }
+
+    return result;
+  }
+}