lazyclaw 3.88.0 → 3.99.4

package/providers/claude_cli.mjs

@@ -0,0 +1,221 @@
+// Claude subscription provider (no API key).
+//
+// Spawns the local `claude` CLI binary that ships with Claude Code and
+// streams the JSON event format it emits with:
+//
+//   claude -p "<prompt>" --output-format stream-json
+//          --include-partial-messages --verbose [--model opus|sonnet|haiku]
+//
+// The user's authentication is whatever `claude` is already logged in
+// with — i.e. an Anthropic Pro / Max / Team subscription session — so
+// no API key is needed and no key shows up in the lazyclaw config.
+//
+// Why this is a separate provider from ./anthropic.mjs:
+// - anthropic.mjs talks to api.anthropic.com directly and requires
+//   `sk-ant-` keys (pay-per-token).
+// - claude_cli.mjs delegates auth + billing entirely to the `claude`
+//   CLI's already-established session (Pro/Max subscription quota).
+// Both can coexist; users pick at onboard time.
+
+import { spawn } from 'node:child_process';
+import { spawnSandboxed } from '../sandbox.mjs';
+
+class AbortError extends Error {
+  constructor(message = 'aborted') {
+    super(message);
+    this.name = 'AbortError';
+    this.code = 'ABORT';
+  }
+}
+
+class CliMissingError extends Error {
+  constructor() {
+    super('claude CLI not found in PATH — install Claude Code or use the anthropic provider');
+    this.name = 'ClaudeCliMissingError';
+    this.code = 'CLI_MISSING';
+  }
+}
+
+class CliExitError extends Error {
+  constructor(code, signal, stderr) {
+    super(`claude CLI exited ${code ?? signal}: ${String(stderr).slice(0, 400)}`);
+    this.name = 'ClaudeCliExitError';
+    this.code = 'CLI_EXIT';
+    this.exitCode = code;
+    this.signal = signal;
+    this.stderr = stderr;
+  }
+}
+
+// Map canonical Anthropic model ids and friendly aliases to the short
+// form `claude --model` actually accepts. The Python dashboard ran into
+// the same issue (FF1) — passing the full id silently hangs the CLI.
+const _CLI_MODEL_ALIASES = {
+  'claude-opus-4-7':      'opus',
+  'claude-opus-4-6':      'opus',
+  'claude-sonnet-4-6':    'sonnet',
+  'claude-sonnet-4-5':    'sonnet',
+  'claude-haiku-4-5':     'haiku',
+  'claude-haiku-4-5-20251001': 'haiku',
+  opus: 'opus',
+  sonnet: 'sonnet',
+  haiku: 'haiku',
+};
+
+function resolveModelAlias(model) {
+  if (!model) return '';
+  const lower = String(model).toLowerCase();
+  return _CLI_MODEL_ALIASES[lower] ?? '';
+}
+
+// Flatten the chat-style messages array into a single -p prompt the
+// CLI accepts. Mirrors how the dashboard formats Claude turns when it
+// has no native multi-turn channel.
+function buildPrompt(messages, system) {
+  const parts = [];
+  if (system) parts.push(`[System instructions: ${system}]`);
+  for (const m of messages) {
+    if (!m || !m.content) continue;
+    if (m.role === 'system' && !system) parts.push(`[System instructions: ${m.content}]`);
+    else if (m.role === 'user') parts.push(`User: ${m.content}`);
+    else if (m.role === 'assistant') parts.push(`Assistant: ${m.content}`);
+  }
+  // Trailing "Assistant:" cue so the CLI continues the conversation.
+  return parts.length ? parts.join('\n') + '\n\nAssistant:' : '';
+}
+
+// Walk the partial-message JSON stream and pull text deltas out. The
+// `claude` CLI emits one JSON object per line; the shapes we care about:
+//   { type: 'stream_event', event: { type: 'content_block_delta',
+//     delta: { type: 'text_delta', text: '...' } } }
+//   { type: 'result', usage: {...}, total_cost_usd: ... }
+function extractTextDelta(obj) {
+  if (!obj || typeof obj !== 'object') return '';
+  if (obj.type !== 'stream_event') return '';
+  const ev = obj.event || {};
+  if (ev.type === 'content_block_delta') {
+    const d = ev.delta || {};
+    if (d.type === 'text_delta' && typeof d.text === 'string') return d.text;
+  }
+  return '';
+}
+
+export const claudeCliProvider = {
+  name: 'claude-cli',
+  /**
+   * @param {Array<{role:string,content:string}>} messages
+   * @param {{
+   *   model?: string,
+   *   system?: string,
+   *   signal?: AbortSignal,
+   *   bin?: string,           // override the resolved binary (tests)
+   *   cwd?: string,           // working dir for the subprocess
+   *   onUsage?: (u: object) => void,
+   * }} opts
+   */
+  async *sendMessage(messages, opts = {}) {
+    const bin = opts.bin || 'claude';
+    const prompt = buildPrompt(messages, opts.system || messages.find(m => m.role === 'system')?.content);
+    if (!prompt) return;
+
+    const args = [
+      '-p', prompt,
+      '--output-format', 'stream-json',
+      '--include-partial-messages',
+      '--verbose',
+    ];
+    const modelAlias = resolveModelAlias(opts.model);
+    if (modelAlias) args.push('--model', modelAlias);
+
+    if (opts.signal?.aborted) throw new AbortError('aborted before spawn');
+
+    let proc;
+    try {
+      // opts.sandbox (parsed by parseSandboxSpec) routes the spawn
+      // through `docker run` instead of running `claude` on the
+      // host. spawnSandboxed is a no-op when sandbox is null, so
+      // the un-sandboxed path stays bit-identical to before.
+      proc = spawnSandboxed(opts.sandbox || null, bin, args, {
+        cwd: opts.cwd || process.cwd(),
+        stdio: ['ignore', 'pipe', 'pipe'],
+      });
+    } catch (err) {
+      // ENOENT means the binary isn't on PATH. Surface a clearer error
+      // than the raw spawn failure so onboard / doctor can hint at
+      // "install Claude Code or pick a different provider".
+      if (err && err.code === 'ENOENT') throw new CliMissingError();
+      throw err;
+    }
+
+    const onAbort = () => {
+      try { proc.kill('SIGTERM'); } catch (_) { /* ignore */ }
+    };
+    if (opts.signal) opts.signal.addEventListener('abort', onAbort);
+
+    let stderr = '';
+    proc.stderr.setEncoding('utf8');
+    proc.stderr.on('data', (chunk) => { stderr += chunk; });
+
+    // The stdout protocol is newline-delimited JSON. We buffer partial
+    // lines across chunks (shapes can straddle a single read).
+    proc.stdout.setEncoding('utf8');
+    let buffer = '';
+    let exitInfo = null;
+    const exitPromise = new Promise((resolve) => {
+      proc.on('close', (code, signal) => {
+        exitInfo = { code, signal };
+        resolve();
+      });
+    });
+
+    try {
+      for await (const chunk of proc.stdout) {
+        if (opts.signal?.aborted) throw new AbortError('aborted mid-stream');
+        buffer += chunk;
+        let nl;
+        while ((nl = buffer.indexOf('\n')) >= 0) {
+          const line = buffer.slice(0, nl).trim();
+          buffer = buffer.slice(nl + 1);
+          if (!line) continue;
+          let obj;
+          try { obj = JSON.parse(line); } catch { continue; }
+          const text = extractTextDelta(obj);
+          if (text) yield text;
+          if (obj?.type === 'result') {
+            // Last event of a successful run carries usage + cost.
+            if (typeof opts.onUsage === 'function') {
+              try {
+                opts.onUsage({
+                  inputTokens:  obj.usage?.input_tokens || 0,
+                  outputTokens: obj.usage?.output_tokens || 0,
+                  totalCostUsd: obj.total_cost_usd || 0,
+                });
+              } catch (_) { /* never fail the stream on usage callback */ }
+            }
+          }
+        }
+      }
+      // Drain trailing buffered line.
+      if (buffer.trim()) {
+        try {
+          const obj = JSON.parse(buffer.trim());
+          const text = extractTextDelta(obj);
+          if (text) yield text;
+        } catch (_) { /* incomplete tail — drop */ }
+      }
+      await exitPromise;
+      if (exitInfo && exitInfo.code !== 0 && !opts.signal?.aborted) {
+        throw new CliExitError(exitInfo.code, exitInfo.signal, stderr);
+      }
+    } finally {
+      if (opts.signal) opts.signal.removeEventListener('abort', onAbort);
+      // Make sure we don't leave a runaway subprocess if the consumer
+      // bailed mid-iteration without explicit abort.
+      if (!proc.killed && exitInfo === null) {
+        try { proc.kill('SIGTERM'); } catch (_) { /* ignore */ }
+      }
+    }
+  },
+};
+
+export { CliMissingError, CliExitError, AbortError, resolveModelAlias, buildPrompt };

package/providers/registry.mjs

@@ -11,6 +11,7 @@ import { anthropicProvider } from './anthropic.mjs';
 import { openaiProvider } from './openai.mjs';
 import { ollamaProvider } from './ollama.mjs';
 import { geminiProvider } from './gemini.mjs';
+import { claudeCliProvider } from './claude_cli.mjs';
 
 /**
  * @typedef {{ role: 'user'|'assistant'|'system', content: string }} ChatMessage
@@ -47,14 +48,17 @@ export const mockProvider = {
   },
 };
 
-export { anthropicProvider, openaiProvider, ollamaProvider, geminiProvider };
+export { anthropicProvider, openaiProvider, ollamaProvider, geminiProvider, claudeCliProvider };
 
 export const PROVIDERS = {
   mock: mockProvider,
+  // claude-cli (subscription-backed, no API key) listed before
+  // anthropic so first-time onboarding surfaces it as the default.
+  'claude-cli': claudeCliProvider,
   anthropic: anthropicProvider,
   openai: openaiProvider,
-  ollama: ollamaProvider,
   gemini: geminiProvider,
+  ollama: ollamaProvider,
 };
 
 // Static metadata for `lazyclaw providers list/info`. Kept next to PROVIDERS
@@ -67,14 +71,37 @@ export const PROVIDER_INFO = {
     defaultModel: null,
     suggestedModels: [],
   },
+  'claude-cli': {
+    name: 'claude-cli',
+    requiresApiKey: false,
+    docs: 'Anthropic via the local `claude` CLI (Pro / Max subscription). No API key — auth flows through whatever account `claude` is logged in with. Requires Claude Code installed.',
+    endpoint: 'subprocess: claude -p',
+    defaultModel: 'claude-opus-4-7',
+    suggestedModels: [
+      'claude-opus-4-7',
+      'claude-sonnet-4-6',
+      'claude-haiku-4-5',
+      'opus',
+      'sonnet',
+      'haiku',
+    ],
+  },
   anthropic: {
     name: 'anthropic',
     requiresApiKey: true,
     keyPrefix: 'sk-ant-',
-    docs: 'Anthropic Messages API. Supports streaming + extended thinking.',
+    docs: 'Anthropic Messages API (pay-per-token, requires sk-ant- key). Supports streaming + extended thinking. For subscription billing, use the `claude-cli` provider instead.',
     endpoint: 'https://api.anthropic.com/v1/messages',
     defaultModel: 'claude-opus-4-7',
-    suggestedModels: ['claude-opus-4-7', 'claude-sonnet-4-6', 'claude-haiku-4-5-20251001'],
+    suggestedModels: [
+      'claude-opus-4-7',
+      'claude-opus-4-6',
+      'claude-sonnet-4-6',
+      'claude-sonnet-4-5',
+      'claude-haiku-4-5',
+      'claude-3-5-sonnet-20241022',
+      'claude-3-5-haiku-20241022',
+    ],
   },
   openai: {
     name: 'openai',
@@ -83,23 +110,53 @@ export const PROVIDER_INFO = {
     docs: 'OpenAI Chat Completions API. Streaming via SSE with [DONE] terminator.',
     endpoint: 'https://api.openai.com/v1/chat/completions',
     defaultModel: 'gpt-4.1',
-    suggestedModels: ['gpt-4.1', 'gpt-4o', 'gpt-4o-mini'],
-  },
-  ollama: {
-    name: 'ollama',
-    requiresApiKey: false,
-    docs: 'Local Ollama daemon. Streams newline-delimited JSON from /api/chat. No auth — defaults to 127.0.0.1:11434, override via OLLAMA_HOST or opts.baseUrl.',
-    endpoint: 'http://127.0.0.1:11434/api/chat',
-    defaultModel: 'llama3.1',
-    suggestedModels: ['llama3.1', 'llama3.2', 'mistral', 'qwen2.5-coder'],
+    suggestedModels: [
+      'gpt-5',
+      'gpt-5-codex',
+      'gpt-4.1',
+      'gpt-4.1-mini',
+      'gpt-4o',
+      'gpt-4o-mini',
+      'o3-pro',
+      'o4-mini',
+      'o1',
+      'o1-mini',
+    ],
   },
   gemini: {
     name: 'gemini',
     requiresApiKey: true,
     docs: 'Google Generative Language API (Gemini). SSE streaming via :streamGenerateContent?alt=sse. Auth via ?key= query param.',
     endpoint: 'https://generativelanguage.googleapis.com/v1/models/{model}:streamGenerateContent',
-    defaultModel: 'gemini-1.5-pro',
-    suggestedModels: ['gemini-1.5-pro', 'gemini-1.5-flash', 'gemini-2.0-flash'],
+    defaultModel: 'gemini-2.5-pro',
+    suggestedModels: [
+      'gemini-2.5-pro',
+      'gemini-2.5-flash',
+      'gemini-2.0-flash',
+      'gemini-2.0-flash-thinking-exp',
+      'gemini-1.5-pro',
+      'gemini-1.5-flash',
+    ],
+  },
+  ollama: {
+    name: 'ollama',
+    requiresApiKey: false,
+    docs: 'Local Ollama daemon. Streams newline-delimited JSON from /api/chat. No auth — defaults to 127.0.0.1:11434, override via OLLAMA_HOST or opts.baseUrl. Available models depend on what you have pulled locally (`ollama list`).',
+    endpoint: 'http://127.0.0.1:11434/api/chat',
+    defaultModel: 'llama3.1',
+    suggestedModels: [
+      'llama3.1',
+      'llama3.2',
+      'llama3.3',
+      'qwen2.5-coder',
+      'qwen3.5',
+      'mistral',
+      'mistral-nemo',
+      'codellama',
+      'deepseek-coder-v2',
+      'phi3',
+      'gemma2',
+    ],
   },
 };
 

package/sandbox.mjs

@@ -0,0 +1,127 @@
+// Sandbox — wrap a child process in a Docker container.
+//
+// `lazyclaw chat --sandbox docker:<image>` (or the equivalent on
+// `agent`) routes the underlying `claude` CLI invocation through
+//
+//   docker run --rm -i --network=<net> \
+//              -v <cwd>:<cwd> -w <cwd> \
+//              -e <pass-through env vars> \
+//              <image> claude -p ...
+//
+// instead of running `claude` directly on the host. Two reasons:
+//
+// 1. Filesystem confinement. The default --workdir mount only
+//    exposes the current working directory; tools that try to
+//    chdir into $HOME or read /etc see an empty container fs.
+// 2. Network policy. By default we set --network=none so the
+//    sandboxed agent cannot reach the public internet — useful
+//    when handing it untrusted prompts. Pass `--network host` /
+//    `bridge` via flags when the workflow needs outbound access
+//    (e.g. it has to call an API).
+//
+// Caveats — call out so users aren't surprised:
+//
+// - The user's `claude` login lives in $HOME/.claude/. The sandbox
+//   doesn't expose $HOME by default, so the wrapped CLI can't see
+//   that auth and will prompt for login. To run sandboxed under
+//   the user's existing subscription, mount $HOME/.claude:
+//
+//     lazyclaw chat --sandbox docker:node:20 \
+//                   --sandbox-mount "$HOME/.claude:/root/.claude:ro"
+//
+// - Sandboxing only applies when the picked provider goes through
+//   a subprocess (currently `claude-cli`). API providers
+//   (anthropic / openai / gemini) hit the network from
+//   *lazyclaw's* process, not a child — sandboxing them is a
+//   no-op and we surface a warning.
+
+import { spawn } from 'node:child_process';
+
+class SandboxError extends Error {
+  constructor(message, code) {
+    super(message);
+    this.name = 'SandboxError';
+    this.code = code || 'SANDBOX_ERR';
+  }
+}
+
+/**
+ * Parse a `--sandbox` flag. Accepts:
+ *   docker:<image>           — Docker with default policy
+ *   docker:<image>?<args>     — query-string-style overrides
+ *   off | none | -            — explicit "no sandbox"
+ *
+ * Returns null when sandboxing is off, or
+ * { kind: 'docker', image, network, mounts: string[], envPassthrough: string[] }.
+ */
+export function parseSandboxSpec(spec, flags = {}) {
+  if (!spec || /^(off|none|-)$/i.test(String(spec))) return null;
+  const m = String(spec).match(/^([a-z]+):(.+)$/i);
+  if (!m) throw new SandboxError(`bad sandbox spec "${spec}" — expected "docker:<image>"`, 'SANDBOX_BAD_SPEC');
+  const [, kind, rest] = m;
+  if (kind.toLowerCase() !== 'docker') {
+    throw new SandboxError(`unsupported sandbox kind "${kind}" — only "docker" is implemented`, 'SANDBOX_UNSUPPORTED');
+  }
+  return {
+    kind: 'docker',
+    image: rest.trim(),
+    // Default to --network=none for safety. Override via:
+    //   --sandbox-network host   (or bridge / a named network)
+    network: flags['sandbox-network'] || 'none',
+    // --sandbox-mount can repeat; cli.parseArgs collects repeats
+    // into an array.
+    mounts: arrayify(flags['sandbox-mount']),
+    envPassthrough: arrayify(flags['sandbox-env']),
+  };
+}
+
+function arrayify(v) {
+  if (v === undefined || v === null) return [];
+  return Array.isArray(v) ? v : [String(v)];
+}
+
+/**
+ * Build the docker run argv that wraps a child invocation. The
+ * caller hands us the original [bin, ...args] they were going to
+ * spawn; we return [docker, ...dockerArgs] that puts the same
+ * thing inside the container.
+ */
+export function buildDockerArgs(spec, [bin, ...binArgs], opts = {}) {
+  if (!spec || spec.kind !== 'docker') {
+    throw new SandboxError('buildDockerArgs requires a docker spec', 'SANDBOX_BAD_SPEC');
+  }
+  const cwd = opts.cwd || process.cwd();
+  const args = [
+    'run', '--rm', '-i',
+    '--network', spec.network || 'none',
+    '-v', `${cwd}:${cwd}`,
+    '-w', cwd,
+  ];
+  for (const mount of spec.mounts) {
+    if (!mount.includes(':')) {
+      throw new SandboxError(`bad mount "${mount}" — expected host:container[:mode]`, 'SANDBOX_BAD_MOUNT');
+    }
+    args.push('-v', mount);
+  }
+  for (const envName of spec.envPassthrough) {
+    args.push('-e', envName);
+  }
+  args.push(spec.image, bin, ...binArgs);
+  return args;
+}
+
+/**
+ * Spawn `bin` with `args` either bare (no sandbox) or under the
+ * docker wrapper. Returns the child process; the caller drives
+ * stdio and handles exit. Mirrors `child_process.spawn`'s shape.
+ */
+export function spawnSandboxed(spec, bin, args, spawnOpts = {}) {
+  if (!spec) return spawn(bin, args, spawnOpts);
+  if (spec.kind !== 'docker') {
+    throw new SandboxError(`unsupported kind "${spec.kind}"`, 'SANDBOX_UNSUPPORTED');
+  }
+  const dockerArgs = buildDockerArgs(spec, [bin, ...args], { cwd: spawnOpts.cwd });
+  return spawn('docker', dockerArgs, spawnOpts);
+}
+
+export { SandboxError };