ideaco 1.1.5

package/src/core/utils/json-parse.js

@@ -0,0 +1,188 @@
+/**
+ * Robust JSON parser for LLM / Web Agent output.
+ *
+ * LLM（尤其是 ChatGPT web 版）返回的 "JSON" 经常包含各种脏字符：
+ * - Markdown 代码块包裹 (```json ... ```)
+ * - Smart quotes（"" → ""）
+ * - BOM / 零宽空格等不可见字符
+ * - JSON 前后有额外的文字说明
+ * - 值中未转义的换行符
+ * - 尾逗号 (trailing comma)
+ *
+ * 本模块提供统一的解析入口，避免在业务代码中重复编写 fallback 链。
+ */
+
+/**
+ * 清理 LLM 输出中常见的脏字符，使其更容易被 JSON.parse 解析。
+ * @param {string} raw
+ * @returns {string}
+ */
+function sanitize(raw) {
+  let s = raw;
+
+  // 1. 移除 BOM 和常见零宽字符
+  s = s.replace(/[\uFEFF\u200B\u200C\u200D\u2060]/g, '');
+
+  // 2. Smart quotes → ASCII quotes
+  s = s.replace(/[\u201C\u201D\u201E\u201F\u2033\u2036]/g, '"');  // ""„‟ → "
+  s = s.replace(/[\u2018\u2019\u201A\u201B\u2032\u2035]/g, "'");  // '' → '
+
+  // 3. 全角冒号 → 半角（JSON key-value 分隔符）
+  // 仅在明显的 JSON key 上下文中替换，避免误伤内容
+  // "key"：value → "key":value
+  s = s.replace(/"(\s*)：(\s*)/g, '"$1:$2');
+
+  return s;
+}
+
+/**
+ * 尝试从原始字符串中提取并解析 JSON 对象。
+ *
+ * 解析策略（按优先级）：
+ * 1. 直接 JSON.parse
+ * 2. 去除 markdown code fence 后解析
+ * 3. 提取第一个 ```json ... ``` 或 ``` ... ``` 块
+ * 4. 提取最外层的 { ... } 子串
+ * 5. 修复尾逗号后重试
+ *
+ * @param {string} raw - LLM / Web Agent 的原始输出
+ * @param {object} [options]
+ * @param {boolean} [options.allowArray=false] - 是否允许顶层是数组
+ * @returns {object|Array} 解析后的 JSON 对象
+ * @throws {Error} 如果所有策略均失败
+ */
+export function robustJSONParse(raw, options = {}) {
+  if (!raw || typeof raw !== 'string') {
+    throw new Error('robustJSONParse: input is empty or not a string');
+  }
+
+  const allowArray = options.allowArray ?? false;
+  const cleaned = sanitize(raw);
+
+  // 判断是否为有效的 JSON 值（对象，或可选的数组）
+  const isValid = (v) => {
+    if (v === null || v === undefined) return false;
+    if (typeof v === 'object' && !Array.isArray(v)) return true;
+    if (allowArray && Array.isArray(v)) return true;
+    return false;
+  };
+
+  // ── Strategy 1: 直接解析 ──
+  try {
+    const result = JSON.parse(cleaned);
+    if (isValid(result)) return result;
+  } catch {}
+
+  // ── Strategy 2: 去除外层 markdown fence ──
+  {
+    const tick = '`';
+    const fence = tick + tick + tick;
+    let stripped = cleaned.trim();
+    // 可能有多层 fence
+    for (let i = 0; i < 2; i++) {
+      if (stripped.startsWith(fence)) {
+        // 移除开头 fence（含可选的语言标签）和结尾 fence
+        stripped = stripped.replace(new RegExp('^' + fence.replace(/`/g, '\\`') + '[a-zA-Z]*\\s*\\n?'), '');
+        stripped = stripped.replace(new RegExp('\\n?\\s*' + fence.replace(/`/g, '\\`') + '\\s*$'), '');
+      }
+    }
+    if (stripped !== cleaned.trim()) {
+      try {
+        const result = JSON.parse(stripped.trim());
+        if (isValid(result)) return result;
+      } catch {}
+    }
+  }
+
+  // ── Strategy 3: 提取 code block 内容 ──
+  {
+    const codeBlockMatch = cleaned.match(/```(?:json)?\s*\n?([\s\S]*?)\n?\s*```/);
+    if (codeBlockMatch) {
+      try {
+        const result = JSON.parse(codeBlockMatch[1].trim());
+        if (isValid(result)) return result;
+      } catch {}
+      // code block 内容可能也有脏字符，递归尝试提取 {...}
+      try {
+        const inner = codeBlockMatch[1].trim();
+        const start = inner.indexOf('{');
+        const end = inner.lastIndexOf('}');
+        if (start !== -1 && end > start) {
+          const result = JSON.parse(inner.substring(start, end + 1));
+          if (isValid(result)) return result;
+        }
+      } catch {}
+    }
+  }
+
+  // ── Strategy 4: 提取最外层 { ... } ──
+  {
+    const start = cleaned.indexOf('{');
+    const end = cleaned.lastIndexOf('}');
+    if (start !== -1 && end > start) {
+      const candidate = cleaned.substring(start, end + 1);
+      try {
+        const result = JSON.parse(candidate);
+        if (isValid(result)) return result;
+      } catch {}
+
+      // ── Strategy 5: 修复尾逗号 ──
+      try {
+        const fixed = candidate.replace(/,\s*([\]}])/g, '$1');
+        const result = JSON.parse(fixed);
+        if (isValid(result)) return result;
+      } catch {}
+
+      // ── Strategy 6: 修复值中未转义的换行 ──
+      try {
+        // 将 JSON 字符串值内的真实换行替换为 \\n
+        const fixedNewlines = candidate.replace(
+          /"(?:[^"\\]|\\.)*"/g,
+          (match) => match.replace(/\n/g, '\\n').replace(/\r/g, '\\r').replace(/\t/g, '\\t')
+        );
+        const result = JSON.parse(fixedNewlines);
+        if (isValid(result)) return result;
+      } catch {}
+
+      // ── Strategy 7: 修复尾逗号 + 换行一起 ──
+      try {
+        let fixed = candidate.replace(/,\s*([\]}])/g, '$1');
+        fixed = fixed.replace(
+          /"(?:[^"\\]|\\.)*"/g,
+          (match) => match.replace(/\n/g, '\\n').replace(/\r/g, '\\r').replace(/\t/g, '\\t')
+        );
+        const result = JSON.parse(fixed);
+        if (isValid(result)) return result;
+      } catch {}
+    }
+  }
+
+  // ── Strategy 8: 允许数组时，提取 [ ... ] ──
+  if (allowArray) {
+    const start = cleaned.indexOf('[');
+    const end = cleaned.lastIndexOf(']');
+    if (start !== -1 && end > start) {
+      try {
+        const result = JSON.parse(cleaned.substring(start, end + 1));
+        if (Array.isArray(result)) return result;
+      } catch {}
+    }
+  }
+
+  // 全部失败
+  throw new Error(`robustJSONParse: Cannot extract valid JSON from LLM output (length=${raw.length}, preview="${raw.substring(0, 120)}")`);
+}
+
+/**
+ * 安全版本 — 解析失败不抛异常，返回 null。
+ * @param {string} raw
+ * @param {object} [options]
+ * @returns {object|Array|null}
+ */
+export function safeJSONParse(raw, options = {}) {
+  try {
+    return robustJSONParse(raw, options);
+  } catch {
+    return null;
+  }
+}

package/src/core/workspace.js

@@ -0,0 +1,239 @@
+/**
+ * Workspace Manager
+ * 
+ * Each department/project has its own independent working directory
+ * Agents perform file operations within their respective workspaces
+ */
+import fs from 'fs/promises';
+import { existsSync, mkdirSync } from 'fs';
+import path from 'path';
+import { WORKSPACE_DIR } from '../lib/paths.js';
+
+export class WorkspaceManager {
+  constructor(rootDir = WORKSPACE_DIR) {
+    this.rootDir = rootDir;
+    if (!existsSync(rootDir)) {
+      mkdirSync(rootDir, { recursive: true });
+    }
+  }
+
+  /**
+   * Create a workspace for a department
+   * @param {string} departmentId - Department ID
+   * @param {string} departmentName - Department name (used for directory naming)
+   * @returns {string} Workspace path
+   */
+  createDepartmentWorkspace(departmentId, departmentName) {
+    // Use a safe directory name
+    const safeName = departmentName.replace(/[^a-zA-Z0-9\u4e00-\u9fff_-]/g, '_');
+    const dirName = `${safeName}_${departmentId.slice(0, 8)}`;
+    const wsPath = path.join(this.rootDir, dirName);
+
+    if (!existsSync(wsPath)) {
+      mkdirSync(wsPath, { recursive: true });
+    }
+
+    return wsPath;
+  }
+
+  /**
+   * Get the file tree under a department workspace
+   */
+  async getFileTree(wsPath, relativeTo = null) {
+    const basePath = relativeTo || wsPath;
+    const entries = [];
+
+    try {
+      const items = await fs.readdir(wsPath, { withFileTypes: true });
+      for (const item of items) {
+        const fullPath = path.join(wsPath, item.name);
+        const relPath = path.relative(basePath, fullPath);
+
+        if (item.isDirectory()) {
+          const children = await this.getFileTree(fullPath, basePath);
+          entries.push({
+            name: item.name,
+            path: relPath,
+            type: 'directory',
+            children,
+          });
+        } else {
+          const stat = await fs.stat(fullPath);
+          entries.push({
+            name: item.name,
+            path: relPath,
+            type: 'file',
+            size: stat.size,
+            modifiedAt: stat.mtime,
+          });
+        }
+      }
+    } catch (error) {
+      // Return empty if directory does not exist
+    }
+
+    return entries;
+  }
+
+  /**
+   * Get shallow (one-level) listing of a directory within the workspace
+   * @param {string} wsPath - Workspace root path
+   * @param {string} subPath - Relative sub-directory path (empty string for root)
+   */
+  async getShallowFileTree(wsPath, subPath = '') {
+    const targetDir = subPath ? path.join(wsPath, subPath) : wsPath;
+    const resolved = path.resolve(targetDir);
+
+    // Security check
+    if (!resolved.startsWith(path.resolve(wsPath))) {
+      throw new Error('Path is outside workspace boundary');
+    }
+
+    const entries = [];
+    try {
+      const items = await fs.readdir(targetDir, { withFileTypes: true });
+      for (const item of items) {
+        const fullPath = path.join(targetDir, item.name);
+        const relPath = path.relative(wsPath, fullPath);
+
+        if (item.isDirectory()) {
+          entries.push({
+            name: item.name,
+            path: relPath,
+            type: 'directory',
+          });
+        } else {
+          const stat = await fs.stat(fullPath);
+          entries.push({
+            name: item.name,
+            path: relPath,
+            type: 'file',
+            size: stat.size,
+            modifiedAt: stat.mtime,
+          });
+        }
+      }
+    } catch (error) {
+      // Return empty if directory does not exist
+    }
+
+    return entries;
+  }
+
+  /**
+   * Read a file within the workspace
+   * Automatically attempts to fix permission issues
+   */
+  async readFile(wsPath, filePath) {
+    const fullPath = path.join(wsPath, filePath);
+    const resolved = path.resolve(fullPath);
+
+    // Security check
+    if (!resolved.startsWith(path.resolve(wsPath))) {
+      throw new Error('Path is outside workspace boundary');
+    }
+
+    try {
+      return await fs.readFile(resolved, 'utf-8');
+    } catch (err) {
+      if (err.code === 'EACCES' || err.code === 'EPERM') {
+        // Auto-fix: try to grant read permission and retry
+        try {
+          await fs.chmod(resolved, 0o644);
+          console.log(`[workspace] Auto-fixed permission for: ${resolved}`);
+          return await fs.readFile(resolved, 'utf-8');
+        } catch (chmodErr) {
+          // chmod itself failed — re-throw with clear message
+          const error = new Error(
+            `Permission denied reading "${filePath}". Auto-fix failed. ` +
+            `Try running: chmod -R a+r "${path.resolve(wsPath)}"`
+          );
+          error.code = 'EACCES';
+          throw error;
+        }
+      }
+      throw err;
+    }
+  }
+
+  /**
+   * Get workspace statistics
+   */
+  async getStats(wsPath) {
+    let fileCount = 0;
+    let totalSize = 0;
+
+    async function walk(dir) {
+      try {
+        const items = await fs.readdir(dir, { withFileTypes: true });
+        for (const item of items) {
+          const fullPath = path.join(dir, item.name);
+          if (item.isDirectory()) {
+            await walk(fullPath);
+          } else {
+            fileCount++;
+            const stat = await fs.stat(fullPath);
+            totalSize += stat.size;
+          }
+        }
+      } catch { /* ignore */ }
+    }
+
+    await walk(wsPath);
+    return { fileCount, totalSize };
+  }
+
+  /**
+   * Take a snapshot of all files in a workspace (path → mtime mapping)
+   * Used for detecting file changes after CLI execution
+   * @param {string} wsPath - Workspace root path
+   * @returns {Map<string, number>} Map of relative path → mtime timestamp
+   */
+  async takeSnapshot(wsPath) {
+    const snapshot = new Map();
+    async function walk(dir) {
+      try {
+        const items = await fs.readdir(dir, { withFileTypes: true });
+        for (const item of items) {
+          const fullPath = path.join(dir, item.name);
+          if (item.isDirectory()) {
+            // Skip common non-project directories
+            if (item.name === 'node_modules' || item.name === '.git' || item.name === '__pycache__') continue;
+            await walk(fullPath);
+          } else {
+            const stat = await fs.stat(fullPath);
+            snapshot.set(path.relative(wsPath, fullPath), stat.mtimeMs);
+          }
+        }
+      } catch { /* ignore unreadable dirs */ }
+    }
+    await walk(wsPath);
+    return snapshot;
+  }
+
+  /**
+   * Diff two snapshots to find created/modified files
+   * @param {Map<string, number>} before - Snapshot before execution
+   * @param {Map<string, number>} after - Snapshot after execution
+   * @returns {{ created: string[], modified: string[] }}
+   */
+  diffSnapshots(before, after) {
+    const created = [];
+    const modified = [];
+    for (const [filePath, mtime] of after) {
+      if (!before.has(filePath)) {
+        created.push(filePath);
+      } else if (before.get(filePath) !== mtime) {
+        modified.push(filePath);
+      }
+    }
+    return { created, modified };
+  }
+
+  /**
+   * Get root workspace path
+   */
+  getRootDir() {
+    return this.rootDir;
+  }
+}

package/src/lib/api-i18n.js

@@ -0,0 +1,211 @@
+/**
+ * Server-side i18n utility for API routes.
+ *
+ * Reads the Accept-Language header (or a custom X-App-Lang header set by the
+ * frontend) and returns a translator function `t(key, params?)` that resolves
+ * keys from the same locale files used by the client.
+ *
+ * Usage in a route handler:
+ *   import { getApiT } from '@/lib/api-i18n';
+ *
+ *   export async function GET(request) {
+ *     const t = getApiT(request);
+ *     const company = getCompany();
+ *     if (!company) return NextResponse.json({ error: t('api.noCompany') }, { status: 400 });
+ *     ...
+ *   }
+ *
+ * Keys live under the `api` namespace in every locale file.
+ *
+ * Edge case handling:
+ * - null / undefined request          → falls back to DEFAULT_LANG ('en')
+ * - request without .headers          → falls back to DEFAULT_LANG
+ * - empty, whitespace-only, or '*' X-App-Lang header → falls back to Accept-Language / DEFAULT_LANG
+ * - malformed Accept-Language value   → skips invalid segments and falls back to DEFAULT_LANG
+ * - unsupported / unknown language    → falls back to DEFAULT_LANG
+ * - missing translation key in lang   → falls back to DEFAULT_LANG translation
+ * - missing translation key in DEFAULT_LANG → returns the key itself (graceful degradation)
+ * - getTForLang with invalid lang arg → falls back to DEFAULT_LANG
+ * - any exception in resolveLanguage  → caught and DEFAULT_LANG returned
+ */
+
+import en from '@/locales/en';
+import zh from '@/locales/zh';
+import ja from '@/locales/ja';
+import ko from '@/locales/ko';
+import es from '@/locales/es';
+import fr from '@/locales/fr';
+import de from '@/locales/de';
+
+const translations = { en, zh, ja, ko, es, fr, de };
+const DEFAULT_LANG = 'en';
+
+/** Supported language codes */
+const SUPPORTED = new Set(Object.keys(translations));
+
+/**
+ * Sanitise a raw language tag token into a bare 2-3 letter code.
+ * Returns null when the token is empty, whitespace-only, or '*'.
+ *
+ * @param {string} raw  e.g. "zh-CN", "en", "*", " ", ""
+ * @returns {string|null}
+ */
+function sanitiseLangToken(raw) {
+  if (!raw || typeof raw !== 'string') return null;
+  const trimmed = raw.trim();
+  // '*' means "any language" — not useful for lookup
+  if (!trimmed || trimmed === '*') return null;
+  // Strip region tag: "zh-CN" → "zh", "en-US" → "en"
+  return trimmed.toLowerCase().split('-')[0] || null;
+}
+
+/**
+ * Parse the best matching language from an Accept-Language header value.
+ * Falls back to DEFAULT_LANG when nothing matches.
+ *
+ * Handles malformed input gracefully:
+ *   - throws never; always returns a valid supported code
+ *   - skips empty segments, bare quality-value tokens, and unknown codes
+ *
+ * @param {string|null} acceptLanguage  Value of the Accept-Language header
+ * @param {string|null} appLang         Value of the X-App-Lang header (higher priority)
+ * @returns {string} language code (always a member of SUPPORTED)
+ */
+function resolveLanguage(acceptLanguage, appLang) {
+  try {
+    // Explicit app-lang header has the highest priority (sent by the SPA)
+    if (appLang) {
+      const code = sanitiseLangToken(appLang);
+      if (code && SUPPORTED.has(code)) return code;
+      // appLang present but invalid/unsupported — fall through to Accept-Language
+    }
+
+    if (!acceptLanguage || typeof acceptLanguage !== 'string') return DEFAULT_LANG;
+
+    // Parse Accept-Language: "zh-CN,zh;q=0.9,en;q=0.8"
+    // Segments are comma-separated; each may carry a quality value after ';'
+    const parts = acceptLanguage.split(',');
+    for (const part of parts) {
+      if (!part) continue;
+      // Strip the quality value: "zh-CN;q=0.9" → "zh-CN"
+      const [langTag] = part.trim().split(';');
+      const code = sanitiseLangToken(langTag);
+      if (code && SUPPORTED.has(code)) return code;
+    }
+  } catch (_) {
+    // Safety net: any unexpected error during header parsing → use default
+  }
+
+  return DEFAULT_LANG;
+}
+
+/**
+ * Resolve a dot-notated path inside a nested object.
+ * @param {object} obj
+ * @param {string} path  e.g. "api.noCompany"
+ * @returns {string|undefined}
+ */
+function getNestedValue(obj, path) {
+  if (!obj || typeof path !== 'string') return undefined;
+  return path.split('.').reduce((o, k) => (o != null && typeof o === 'object' ? o[k] : undefined), obj);
+}
+
+/**
+ * Create a translator function for the given language code.
+ *
+ * Resolution order:
+ *   1. translations[lang][key]
+ *   2. translations[DEFAULT_LANG][key]  (en fallback)
+ *   3. key itself                       (last-resort graceful degradation)
+ *
+ * @param {string} lang
+ * @returns {(key: string, params?: Record<string, string|number>) => string}
+ */
+function createTranslator(lang) {
+  // Guard: if somehow lang is not in SUPPORTED, default to 'en'
+  const resolvedLang = SUPPORTED.has(lang) ? lang : DEFAULT_LANG;
+
+  return function t(key, params) {
+    // Graceful key handling: non-string key returns empty string
+    if (typeof key !== 'string' || !key) return '';
+
+    let str = getNestedValue(translations[resolvedLang], key);
+
+    // Fallback 1: english translation
+    if (str == null || str === '') {
+      str = getNestedValue(translations[DEFAULT_LANG], key);
+    }
+
+    // Fallback 2: return the key itself so callers always get a non-empty string
+    if (str == null || str === '') {
+      str = key;
+    }
+
+    // Parameter substitution: replace {param} placeholders
+    if (params && typeof str === 'string' && typeof params === 'object') {
+      try {
+        Object.entries(params).forEach(([k, v]) => {
+          str = str.replace(new RegExp(`\\{${k}\\}`, 'g'), String(v ?? ''));
+        });
+      } catch (_) {
+        // If params substitution fails for any reason, return unsubstituted string
+      }
+    }
+
+    return typeof str === 'string' ? str : key;
+  };
+}
+
+/**
+ * Build a translator from a Next.js Request object.
+ *
+ * Safe to call with null/undefined (returns English translator).
+ * Safe to call when request.headers is absent or non-standard.
+ *
+ * @param {Request|null|undefined} request  Next.js request (may be null/undefined)
+ * @returns {(key: string, params?: object) => string}
+ */
+export function getApiT(request) {
+  // No request (e.g. GET routes that don't receive a request arg)
+  if (!request) return createTranslator(DEFAULT_LANG);
+
+  try {
+    // Defensively read headers — request.headers may be absent or non-standard
+    const getHeader = request.headers?.get?.bind(request.headers);
+    const acceptLanguage = typeof getHeader === 'function'
+      ? (getHeader('accept-language') ?? null)
+      : null;
+    const appLang = typeof getHeader === 'function'
+      ? (getHeader('x-app-lang') ?? null)
+      : null;
+
+    const lang = resolveLanguage(acceptLanguage, appLang);
+    return createTranslator(lang);
+  } catch (_) {
+    // If anything unexpected happens during header reading, fall back to English
+    return createTranslator(DEFAULT_LANG);
+  }
+}
+
+/**
+ * Convenience: return translator for a specific language code directly.
+ * Useful in background/async contexts where the original Request is unavailable.
+ *
+ * Always safe — any invalid, null, undefined, or unsupported lang falls back to DEFAULT_LANG.
+ *
+ * @param {string|null|undefined} lang
+ * @returns {(key: string, params?: object) => string}
+ */
+export function getTForLang(lang) {
+  // Sanitise: coerce to string, strip region tag, check support
+  let code = DEFAULT_LANG;
+  try {
+    const sanitised = sanitiseLangToken(String(lang ?? ''));
+    if (sanitised && SUPPORTED.has(sanitised)) {
+      code = sanitised;
+    }
+  } catch (_) {
+    // Fallback to DEFAULT_LANG on any error
+  }
+  return createTranslator(code);
+}