linco-connect 1.0.0

package/src/config.js

@@ -0,0 +1,371 @@
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { execFileSync } = require('child_process');
+
+const TIMEOUT = 10 * 60 * 1000;
+const CONFIG_DIR = path.join(os.homedir(), '.linco');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const DEFAULT_AGENT_WS_URLS = {
+  claude: 'wss://chat.ddjf.info/socket/ai/claude',
+  codex: 'wss://chat.ddjf.info/socket/ai/codex',
+};
+const DEFAULT_LINCO_WS_URL = DEFAULT_AGENT_WS_URLS.claude;
+function getConfigDir() {
+  return stringFromEnv('LINCO_HOME', CONFIG_DIR);
+}
+
+function getConfigFile(configDir = getConfigDir()) {
+  return path.join(configDir, 'config.json');
+}
+
+const DEFAULT_UNSAFE_ATTACHMENT_EXTENSIONS = [
+  '.exe',
+  '.msi',
+  '.dll',
+  '.com',
+  '.scr',
+  '.bat',
+  '.cmd',
+  '.ps1',
+  '.vbs',
+  '.hta',
+  '.lnk',
+  '.url',
+  '.reg',
+  '.cpl',
+];
+
+function pathCandidatesFromEnv() {
+  return (process.env.PATH || '')
+    .split(path.delimiter)
+    .filter(Boolean)
+    .flatMap(dir => [
+      path.join(dir, 'bash.exe'),
+      path.join(dir, '..', 'bin', 'bash.exe'),
+      path.join(dir, '..', 'usr', 'bin', 'bash.exe'),
+    ]);
+}
+
+function pathCandidatesFromWhere(command) {
+  try {
+    return execFileSync('where.exe', [command], {
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore'],
+      windowsHide: true,
+    })
+      .split(/\r?\n/)
+      .map(line => line.trim())
+      .filter(Boolean);
+  } catch {
+    return [];
+  }
+}
+
+function resolveCommand(command) {
+  if (!command) return command;
+  if (path.isAbsolute(command) && fs.existsSync(command)) return command;
+  if (process.platform !== 'win32') return command;
+
+  const ext = path.extname(command);
+  // On Windows, prefer executable shim variants first — npm installs
+  // produce .cmd files that handle spawning Node CLI packages.
+  const names = ext
+    ? [command]
+    : [`${command}.cmd`, `${command}.exe`, `${command}.bat`, command];
+  for (const name of names) {
+    for (const candidate of pathCandidatesFromWhere(name)) {
+      if (fs.existsSync(candidate)) return candidate;
+    }
+  }
+  return command;
+}
+
+function gitBashCandidates() {
+  const programFiles = [process.env.ProgramFiles, process.env['ProgramFiles(x86)']].filter(Boolean);
+  const localAppData = process.env.LOCALAPPDATA;
+  const candidates = [
+    ...programFiles.flatMap(dir => [
+      path.join(dir, 'Git', 'bin', 'bash.exe'),
+      path.join(dir, 'Git', 'usr', 'bin', 'bash.exe'),
+    ]),
+    localAppData && path.join(localAppData, 'Programs', 'Git', 'bin', 'bash.exe'),
+    localAppData && path.join(localAppData, 'Programs', 'Git', 'usr', 'bin', 'bash.exe'),
+    'C:\\Program Files\\Git\\bin\\bash.exe',
+    'C:\\Program Files\\Git\\usr\\bin\\bash.exe',
+    'D:\\Program Files\\Git\\bin\\bash.exe',
+    'D:\\Program Files\\Git\\usr\\bin\\bash.exe',
+    ...pathCandidatesFromEnv(),
+    ...pathCandidatesFromWhere('bash.exe'),
+    ...pathCandidatesFromWhere('git-bash.exe')
+      .flatMap(file => [
+        path.join(path.dirname(file), '..', 'bin', 'bash.exe'),
+        path.join(path.dirname(file), '..', 'usr', 'bin', 'bash.exe'),
+      ]),
+    ...pathCandidatesFromWhere('git.exe')
+      .flatMap(file => [
+        path.join(path.dirname(file), 'bash.exe'),
+        path.join(path.dirname(file), '..', 'bin', 'bash.exe'),
+        path.join(path.dirname(file), '..', 'usr', 'bin', 'bash.exe'),
+      ]),
+  ];
+
+  return [...new Set(candidates.filter(Boolean).map(candidate => path.normalize(candidate)))];
+}
+
+function findGitBash(userConfig = {}) {
+  if (process.platform !== 'win32') return null;
+
+  if (process.env.CLAUDE_CODE_GIT_BASH_PATH) {
+    return process.env.CLAUDE_CODE_GIT_BASH_PATH;
+  }
+
+  if (userConfig.gitBashPath) {
+    return userConfig.gitBashPath;
+  }
+
+  for (const candidate of gitBashCandidates()) {
+    if (fs.existsSync(candidate)) return candidate;
+  }
+
+  return null;
+}
+
+function ensureDir(dir) {
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+}
+
+function numberFromEnv(name, fallback) {
+  const value = Number(process.env[name]);
+  return Number.isFinite(value) && value > 0 ? value : fallback;
+}
+
+function listFromEnv(name, fallback) {
+  const value = process.env[name];
+  if (!value) return fallback;
+  return value
+    .split(',')
+    .map(item => item.trim().toLowerCase())
+    .filter(Boolean)
+    .map(item => item.startsWith('.') ? item : `.${item}`);
+}
+
+function parseToken(value) {
+  if (!value) return { appId: '', appSecret: '' };
+  const separator = value.indexOf(':');
+  if (separator < 0) return { appId: value.trim(), appSecret: '' };
+  return {
+    appId: value.slice(0, separator).trim(),
+    appSecret: value.slice(separator + 1).trim(),
+  };
+}
+
+function readUserConfig(configFile = getConfigFile()) {
+  if (!fs.existsSync(configFile)) return {};
+
+  try {
+    return JSON.parse(fs.readFileSync(configFile, 'utf8'));
+  } catch (err) {
+    throw new Error(`配置文件读取失败: ${configFile}
+${err.message}`);
+  }
+}
+
+function saveUserConfig(config, configFile = getConfigFile()) {
+  ensureDir(path.dirname(configFile));
+  fs.writeFileSync(configFile, `${JSON.stringify(config, null, 2)}
+`);
+}
+
+function updateUserConfig(updater, configFile = getConfigFile()) {
+  const current = readUserConfig(configFile);
+  const next = updater({ ...current }) || current;
+  saveUserConfig(next, configFile);
+  return next;
+}
+
+function selectedChannelConfig(userConfig) {
+  const channel = process.env.LINCO_CHANNEL || userConfig.defaultChannel || 'linco';
+  const agentType = process.env.LINCO_AGENT || userConfig.defaultAgent || 'claude';
+  const channelConfig = userConfig.channels?.[channel];
+  const agentConfig = channelConfig?.agents?.[agentType];
+  const account = process.env.LINCO_ACCOUNT || agentConfig?.defaultAccount || 'default';
+  const accountConfig = agentConfig?.accounts?.[account];
+
+  return {
+    channel,
+    agentType,
+    account,
+    ...(accountConfig || {}),
+  };
+}
+
+function stringFromEnv(name, fallback = '') {
+  return process.env[name] || fallback || '';
+}
+
+function booleanFromEnv(name, fallback = false) {
+  const value = process.env[name];
+  if (value == null || value === '') return !!fallback;
+  return ['1', 'true', 'yes', 'on'].includes(String(value).trim().toLowerCase());
+}
+
+function selectedImEnabled(userConfig, imConfig) {
+  return booleanFromEnv('LINCO_IM_ENABLED', imConfig.enabled === true || userConfig.im?.enabled === true);
+}
+
+function localImEnabled(userConfig) {
+  return booleanFromEnv('LINCO_LOCAL_IM_ENABLED', userConfig.localWeb?.imEnabled === true);
+}
+
+function hasOwn(object, key) {
+  return Object.prototype.hasOwnProperty.call(object || {}, key);
+}
+
+function agentConfigFromChannels(userConfig, agentType) {
+  const channels = userConfig.channels || {};
+  for (const channelKey of Object.keys(channels)) {
+    const agents = channels[channelKey]?.agents || {};
+    if (agents[agentType]) return agents[agentType];
+  }
+  return null;
+}
+
+function agentConfig(userConfig, imConfig, agentType, defaults = {}) {
+  const configured = userConfig.agents?.[agentType] || {};
+  const hasAgentEnabled = hasOwn(configured, 'enabled');
+  const hasLegacyEnabled = agentType === 'claude' && (
+    hasOwn(imConfig, 'enabled') ||
+    hasOwn(userConfig.im, 'enabled') ||
+    process.env.LINCO_IM_ENABLED != null
+  );
+  const legacyEnabled = agentType === 'claude'
+    ? selectedImEnabled(userConfig, imConfig)
+    : false;
+  const channelAgentConfig = agentConfigFromChannels(userConfig, agentType);
+  const channelAccountEnabled = channelAgentConfig && Object.values(channelAgentConfig.accounts || {}).some(
+    account => account.enabled === true
+  );
+  const defaultEnabled = agentType === 'claude' && !hasAgentEnabled && !hasLegacyEnabled;
+  const enabledFallback = hasAgentEnabled ? configured.enabled === true : legacyEnabled || defaultEnabled || channelAccountEnabled;
+  const enabled = booleanFromEnv(`LINCO_${agentType.toUpperCase()}_ENABLED`, enabledFallback);
+  const binEnv = `LINCO_${agentType.toUpperCase()}_BIN`;
+  const wsEnv = `LINCO_${agentType.toUpperCase()}_WS_URL`;
+
+  return {
+    type: agentType,
+    enabled,
+    bin: resolveCommand(stringFromEnv(binEnv, configured.bin || defaults.bin)),
+    wsUrl: stringFromEnv(wsEnv, configured.wsUrl || defaults.wsUrl),
+    mode: stringFromEnv(`LINCO_${agentType.toUpperCase()}_MODE`, configured.mode || defaults.mode),
+    model: stringFromEnv(`LINCO_${agentType.toUpperCase()}_MODEL`, configured.model || defaults.model),
+  };
+}
+
+function defaultAccountFromChannels(userConfig, agentType) {
+  const channels = userConfig.channels || {};
+  for (const channelKey of Object.keys(channels)) {
+    const agents = channels[channelKey]?.agents || {};
+    const agent = agents[agentType];
+    if (agent) {
+      const accountKey = agent.defaultAccount || 'default';
+      return agent.accounts?.[accountKey] || {};
+    }
+  }
+  return {};
+}
+
+function loadConfig(rootDir) {
+  const configFile = getConfigFile();
+  const userConfig = readUserConfig(configFile);
+  const imConfig = selectedChannelConfig(userConfig);
+  const gitBashPath = findGitBash(userConfig);
+  const gitBashEnv = gitBashPath ? gitBashPath.replace(/\\/g, '/') : null;
+  const tokenConfig = parseToken(process.env.LINCO_TOKEN || imConfig.token);
+  const lincoHome = stringFromEnv('LINCO_HOME', userConfig.lincoHome || path.join(os.homedir(), '.linco'));
+  const sessionsDir = stringFromEnv('LINCO_SESSIONS_DIR', userConfig.sessionsDir || path.join(lincoHome, 'sessions'));
+  const accountAgentType = imConfig.agentType;
+  const codexAccountConfig = defaultAccountFromChannels(userConfig, 'codex');
+  const agents = {
+    claude: agentConfig(userConfig, imConfig, 'claude', {
+      bin: stringFromEnv('CLAUDE_BIN', userConfig.claudeBin || 'claude'),
+      wsUrl: stringFromEnv('LINCO_WS_URL', imConfig.wsUrl || DEFAULT_AGENT_WS_URLS.claude),
+    }),
+    codex: agentConfig(userConfig, imConfig, 'codex', {
+      bin: stringFromEnv('CODEX_BIN', userConfig.codexBin || codexAccountConfig.bin || 'codex'),
+      wsUrl: codexAccountConfig.wsUrl || DEFAULT_AGENT_WS_URLS.codex,
+    }),
+  };
+  const accountAgent = agents[accountAgentType];
+  const imEnabled = selectedImEnabled(userConfig, imConfig) || (accountAgent && accountAgent.enabled);
+
+  return {
+    logLevel: stringFromEnv('LOG_LEVEL', userConfig.logLevel || 'info'),
+    port: stringFromEnv('PORT', userConfig.port || 3000),
+    host: stringFromEnv('HOST', userConfig.host || '127.0.0.1'),
+    lincoHome,
+    sessionsDir,
+    publicDir: path.join(rootDir, 'public'),
+    timeout: TIMEOUT,
+    gitBashPath,
+    gitBashEnv,
+    agents,
+    defaultLocalAgent: stringFromEnv('LINCO_LOCAL_AGENT', userConfig.defaultLocalAgent || accountAgentType),
+    claudeBin: agents.claude.bin,
+    claudeAddRuntimeDir: process.env.CLAUDE_ADD_LINCO_RUNTIME_DIR === '0' ? false : userConfig.claudeAddRuntimeDir !== false,
+    systemPrompt: stringFromEnv('CLAUDE_SYSTEM_PROMPT', userConfig.systemPrompt || '请使用用户输入的语言进行回复，并采用markdown格式进行格式化输出'),
+    maxWsPayloadBytes: numberFromEnv('MAX_WS_PAYLOAD_BYTES', userConfig.maxWsPayloadBytes || 350 * 1024 * 1024),
+    maxAttachmentBytes: numberFromEnv('MAX_ATTACHMENT_BYTES', userConfig.maxAttachmentBytes || 50 * 1024 * 1024),
+    maxTotalAttachmentBytes: numberFromEnv('MAX_TOTAL_ATTACHMENT_BYTES', userConfig.maxTotalAttachmentBytes || 250 * 1024 * 1024),
+    maxAttachmentCount: numberFromEnv('MAX_ATTACHMENT_COUNT', userConfig.maxAttachmentCount || 50),
+    maxMessageQueue: numberFromEnv('MAX_MESSAGE_QUEUE', userConfig.maxMessageQueue || 10),
+    attachmentsDirName: stringFromEnv('ATTACHMENTS_DIR_NAME', userConfig.attachmentsDirName || 'attachments'),
+    outboxDirName: stringFromEnv('OUTBOX_DIR_NAME', userConfig.outboxDirName || 'outbox'),
+    maxOutgoingAttachmentBytes: numberFromEnv('MAX_OUTGOING_ATTACHMENT_BYTES', userConfig.maxOutgoingAttachmentBytes || 50 * 1024 * 1024),
+    allowUnsafeAttachments: process.env.ALLOW_UNSAFE_ATTACHMENTS === '1' || userConfig.allowUnsafeAttachments === true,
+    unsafeAttachmentExtensions: listFromEnv('UNSAFE_ATTACHMENT_EXTENSIONS', userConfig.unsafeAttachmentExtensions || DEFAULT_UNSAFE_ATTACHMENT_EXTENSIONS),
+    gracefulShutdownMs: numberFromEnv('CLAUDE_GRACEFUL_SHUTDOWN_MS', userConfig.gracefulShutdownMs || 3000),
+    configFile,
+    localWeb: {
+      ...(userConfig.localWeb || {}),
+      imEnabled: localImEnabled(userConfig),
+    },
+    logsDir: path.join(lincoHome, 'logs'),
+    im: {
+      enabled: imEnabled,
+      channel: imConfig.channel,
+      account: imConfig.account,
+      agentId: stringFromEnv('LINCO_AGENT_ID', imConfig.agentId || userConfig.im?.agentId || 'main'),
+      appId: stringFromEnv('LINCO_APP_ID', tokenConfig.appId || imConfig.appId),
+      appSecret: stringFromEnv('LINCO_APP_SECRET', tokenConfig.appSecret || imConfig.appSecret),
+      wsUrl: accountAgent ? accountAgent.wsUrl : agents.claude.wsUrl,
+      reconnectMinMs: numberFromEnv('LINCO_IM_RECONNECT_MIN_MS', imConfig.reconnectMinMs || userConfig.im?.reconnectMinMs || 1000),
+      reconnectMaxMs: numberFromEnv('LINCO_IM_RECONNECT_MAX_MS', imConfig.reconnectMaxMs || userConfig.im?.reconnectMaxMs || 30000),
+      heartbeatMs: numberFromEnv('LINCO_IM_HEARTBEAT_MS', imConfig.heartbeatMs || userConfig.im?.heartbeatMs || 30000),
+      connectTimeoutMs: numberFromEnv('LINCO_IM_CONNECT_TIMEOUT_MS', imConfig.connectTimeoutMs || userConfig.im?.connectTimeoutMs || 15000),
+      idleSessionMs: numberFromEnv('LINCO_IM_IDLE_SESSION_MS', imConfig.idleSessionMs || userConfig.im?.idleSessionMs || 30 * 60 * 1000),
+      maxPendingEvents: numberFromEnv('LINCO_IM_MAX_PENDING_EVENTS', imConfig.maxPendingEvents || userConfig.im?.maxPendingEvents || 500),
+      allowInsecureWs: booleanFromEnv('LINCO_IM_ALLOW_INSECURE_WS', imConfig.allowInsecureWs === true || userConfig.im?.allowInsecureWs === true),
+    },
+  };
+}
+
+module.exports = {
+  CONFIG_DIR,
+  CONFIG_FILE,
+  DEFAULT_AGENT_WS_URLS,
+  DEFAULT_LINCO_WS_URL,
+  DEFAULT_UNSAFE_ATTACHMENT_EXTENSIONS,
+  ensureDir,
+  findGitBash,
+  getConfigDir,
+  getConfigFile,
+  loadConfig,
+  parseToken,
+  readUserConfig,
+  resolveCommand,
+  saveUserConfig,
+  updateUserConfig,
+};

package/src/danger.js

@@ -0,0 +1,21 @@
+const DANGEROUS_PATTERNS = [
+  /\brm\s+-rf?\b/i,
+  /\bsudo\b/i,
+  /\bchmod\s+777\b/i,
+  /\bcurl.*\|.*sh\b/i,
+  /\bwget.*-O.*\|\s*sh\b/i,
+  /\b>\/dev\/sd[a-z]\b/i,
+  /\bdd\s+if=/i,
+  /\bmkfs\./i,
+  /\b:(){ :|:& };:\b/i,
+];
+
+function isDangerousCommand(text) {
+  if (typeof text !== 'string') return false;
+  return DANGEROUS_PATTERNS.some(pattern => pattern.test(text));
+}
+
+module.exports = {
+  DANGEROUS_PATTERNS,
+  isDangerousCommand,
+};

package/src/httpStatic.js

@@ -0,0 +1,166 @@
+const http = require('http');
+const fs = require('fs');
+const path = require('path');
+const { getOutgoingAttachment } = require('./outgoingAttachmentHandler');
+const { isLocalRequestAuthorized } = require('./localAuth');
+
+const mimeTypes = {
+  '.html': 'text/html; charset=utf-8',
+  '.js': 'application/javascript',
+  '.css': 'text/css',
+  '.json': 'application/json',
+  '.svg': 'image/svg+xml',
+};
+
+function createStaticServer(config) {
+  return http.createServer((req, res) => {
+    const url = new URL(req.url, 'http://localhost');
+
+    if (!isLocalRequestAuthorized(req, config, url)) {
+      return rejectUnauthorized(res);
+    }
+
+    if (url.pathname === '/api/client-config') {
+      return handleClientConfigRequest(req, res, config);
+    }
+
+    if (url.pathname.startsWith('/api/session/')) {
+      return handleApiRequest(url, res, config);
+    }
+
+    const requestPath = url.pathname === '/' ? '/index.html' : url.pathname;
+    let relativePath;
+
+    try {
+      relativePath = decodeURIComponent(requestPath).replace(/^\/+/, '');
+    } catch {
+      res.writeHead(400);
+      return res.end('Bad request');
+    }
+
+    const fullPath = path.resolve(config.publicDir, relativePath);
+
+    if (!fullPath.startsWith(path.resolve(config.publicDir) + path.sep)) {
+      res.writeHead(403);
+      return res.end('Forbidden');
+    }
+
+    const ext = path.extname(fullPath);
+
+    fs.readFile(fullPath, (err, data) => {
+      if (err) {
+        res.writeHead(404);
+        return res.end('Not found');
+      }
+      res.writeHead(200, { 'Content-Type': mimeTypes[ext] || 'text/plain' });
+      res.end(data);
+    });
+  });
+}
+
+function rejectUnauthorized(res) {
+  res.writeHead(401, {
+    'Content-Type': 'text/plain; charset=utf-8',
+    'Cache-Control': 'no-store',
+  });
+  res.end('未授权访问本地测试页，请使用 linco start 输出的本地测试地址打开。');
+}
+
+function handleClientConfigRequest(req, res, config) {
+  let wsUrl;
+  try {
+    wsUrl = buildClientWebSocketUrl(req, config);
+  } catch {
+    res.writeHead(500, { 'Content-Type': 'application/json; charset=utf-8' });
+    return res.end(JSON.stringify({ error: 'Invalid WebSocket configuration' }));
+  }
+
+  const body = JSON.stringify({
+    wsUrl,
+    account: config.im?.account || '',
+    configured: Boolean(config.im?.appId && config.im?.appSecret),
+    defaultLocalAgent: config.defaultLocalAgent || 'claude',
+    localImEnabled: config.localWeb?.imEnabled === true,
+    agents: localAgentOptions(config),
+  });
+
+  res.writeHead(200, {
+    'Content-Type': 'application/json; charset=utf-8',
+    'Cache-Control': 'no-store',
+  });
+  res.end(body);
+}
+
+function buildClientWebSocketUrl(req, config) {
+  const wsUrl = new URL(defaultWebSocketUrl(req));
+
+  if (config.localWeb?.token) wsUrl.searchParams.set('localToken', config.localWeb.token);
+
+  return wsUrl.toString();
+}
+
+function localAgentOptions(config) {
+  const agents = config.agents || {};
+  return ['claude', 'codex']
+    .filter(type => agents[type])
+    .map(type => ({
+      type,
+      label: type === 'claude' ? 'Claude Code' : type === 'codex' ? 'Codex' : type,
+      enabled: agents[type]?.enabled === true,
+    }));
+}
+
+function defaultWebSocketUrl(req) {
+  const forwardedProto = req.headers['x-forwarded-proto'];
+  const requestProto = Array.isArray(forwardedProto) ? forwardedProto[0] : forwardedProto;
+  const firstProto = String(requestProto || '').split(',')[0].trim();
+  const protocol = firstProto === 'https' ? 'wss:' : 'ws:';
+  const host = req.headers.host || 'localhost';
+  return `${protocol}//${host}`;
+}
+
+function handleApiRequest(url, res, config) {
+  const match = url.pathname.match(/^\/api\/session\/([^/]+)\/outgoing\/([^/]+)$/);
+  if (!match) {
+    res.writeHead(404);
+    return res.end('Not found');
+  }
+
+  const sessionId = safeDecode(match[1]);
+  const fileId = safeDecode(match[2]);
+  if (!sessionId || !fileId || sessionId.length > 256 || !config.activeSessions) {
+    res.writeHead(404);
+    return res.end('Not found');
+  }
+
+  const file = getOutgoingAttachment(config.activeSessions, sessionId, fileId, config, url.searchParams.get('agentType'));
+  if (!file) {
+    res.writeHead(404);
+    return res.end('Not found');
+  }
+
+  const disposition = file.kind === 'image' ? 'inline' : 'attachment';
+  res.writeHead(200, {
+    'Content-Type': file.mimeType || 'application/octet-stream',
+    'Content-Length': file.size,
+    'Content-Disposition': `${disposition}; filename*=UTF-8''${encodeRFC5987(file.name)}`,
+    'X-Content-Type-Options': 'nosniff',
+  });
+  fs.createReadStream(file.path).pipe(res);
+}
+
+function safeDecode(value) {
+  try {
+    return decodeURIComponent(value);
+  } catch {
+    return '';
+  }
+}
+
+function encodeRFC5987(value) {
+  return encodeURIComponent(value).replace(/['()*]/g, char => `%${char.charCodeAt(0).toString(16).toUpperCase()}`);
+}
+
+module.exports = {
+  createStaticServer,
+};