metame-cli 1.4.34 → 1.5.1

package/scripts/daemon-task-scheduler.js

@@ -189,6 +189,7 @@ function createTaskScheduler(deps) {
     recordTokens,
     buildProfilePreamble,
     getDaemonProviderEnv,
+    getDistillModel,
     log,
     physiologicalHeartbeat,
     isUserIdle,
@@ -198,12 +199,31 @@ function createTaskScheduler(deps) {
     skillEvolution,
   } = deps;
 
-  // On Windows, .cmd files need shell to spawn; use COMSPEC to avoid conda PATH issues
+  // Max characters from precondition context to inject into prompts (prevents token bombs)
+  const MAX_PRECONDITION_CHARS = 4000;
+
+  // On Windows, resolve .cmd → actual Node.js entry to avoid cmd.exe flash
+  function _resolveNodeEntry(cmdPath) {
+    try {
+      const content = require('fs').readFileSync(cmdPath, 'utf8');
+      const m = content.match(/"([^"]+\.js)"\s*%\*\s*$/m);
+      if (m) {
+        const entry = m[1].replace(/%dp0%/gi, require('path').dirname(cmdPath) + require('path').sep);
+        if (require('fs').existsSync(entry)) return entry;
+      }
+    } catch { /* ignore */ }
+    return null;
+  }
+
   function spawn(cmd, args, options) {
-    if (process.platform === 'win32' && cmd === CLAUDE_BIN) {
-      return _spawn(cmd, args, { ...options, shell: process.env.COMSPEC || true });
+    if (process.platform !== 'win32') return _spawn(cmd, args, options);
+    const lowerCmd = String(cmd || '').toLowerCase();
+    if (lowerCmd.endsWith('.cmd') || lowerCmd.endsWith('.bat') || lowerCmd === 'claude' || lowerCmd === 'codex') {
+      const entry = _resolveNodeEntry(cmd);
+      if (entry) return _spawn(process.execPath, [entry, ...args], { ...options, windowsHide: true });
+      return _spawn(cmd, args, { ...options, shell: process.env.COMSPEC || true, windowsHide: true });
     }
-    return _spawn(cmd, args, options);
+    return _spawn(cmd, args, { ...options, windowsHide: true });
   }
 
   function checkPrecondition(task) {
@@ -212,31 +232,31 @@ function createTaskScheduler(deps) {
     try {
       let cmd = task.precondition;
 
-      // Cross-platform: expand ~ to HOME and handle `test -s` (Unix-only) via Node.js
+      // Cross-platform: expand ~ to HOME and handle `test -s` via Node.js
       cmd = cmd.replace(/^~|(?<=\s)~/g, HOME);
-      if (IS_WIN) {
-        // `test -s <file>` checks file exists and is non-empty — do it in JS
-        const testMatch = cmd.match(/^test\s+-s\s+(.+)$/);
-        if (testMatch) {
-          const filePath = testMatch[1].trim().replace(/["']/g, '');
-          const fs = require('fs');
-          try {
-            const stat = fs.statSync(filePath);
-            if (stat.size > 0) {
-              const content = fs.readFileSync(filePath, 'utf8').trim();
-              log('INFO', `Precondition passed for ${task.name} (${content.split('\n').length} lines)`);
-              return { pass: true, context: content };
-            }
-          } catch { /* file doesn't exist */ }
-          log('INFO', `Precondition failed for ${task.name}: file empty or missing`);
-          return { pass: false, context: '' };
-        }
+      // Handle `test -s <file>` natively in JS on ALL platforms.
+      // Shell `test -s` produces no stdout on success, which previously
+      // caused the empty-output check below to incorrectly skip the task.
+      const testMatch = cmd.match(/^test\s+-s\s+(.+)$/);
+      if (testMatch) {
+        const filePath = testMatch[1].trim().replace(/["']/g, '');
+        const fs = require('fs');
+        try {
+          const content = fs.readFileSync(filePath, 'utf8').trim();
+          if (content.length > 0) {
+            log('INFO', `Precondition passed for ${task.name} (${content.split('\n').length} lines)`);
+            return { pass: true, context: content };
+          }
+        } catch { /* file doesn't exist or unreadable */ }
+        log('INFO', `Precondition failed for ${task.name}: file empty or missing`);
+        return { pass: false, context: '' };
       }
 
       const output = execSync(cmd, {
         encoding: 'utf8',
         timeout: 15000,
         maxBuffer: 64 * 1024,
+        ...(process.platform === 'win32' ? { windowsHide: true } : {}),
       }).trim();
 
       if (!output) {
@@ -351,17 +371,33 @@ function createTaskScheduler(deps) {
           timeout: resolveTimeoutMs(task.timeout, 120),
           maxBuffer: 1024 * 1024,
           env: scriptEnv,
+          ...(process.platform === 'win32' ? { windowsHide: true } : {}),
         }).trim();
 
+        // Parse token report from script stdout: last line matching __TOKENS__:<number>
+        // Scripts that call LLM APIs should print this before exiting.
+        // Fallback: estimate from output length (rough, but better than 0).
+        let scriptTokens = 0;
+        const tokenMatch = output.match(/__TOKENS__:(\d+)/);
+        if (tokenMatch) {
+          scriptTokens = Number(tokenMatch[1]);
+        } else if (output.length > 100) {
+          // Conservative estimate for scripts that don't self-report
+          scriptTokens = Math.ceil(output.length / 4);
+        }
+        if (scriptTokens > 0) {
+          recordTokens(state, scriptTokens, { category: classifyTaskUsage(task) });
+        }
+
         state.tasks[task.name] = {
           last_run: new Date().toISOString(),
           status: 'success',
           output_preview: output.slice(0, 200),
         };
         saveState(state);
-        if (output) log('INFO', `Script task ${task.name} completed: ${output.slice(0, 300)}`);
+        if (output) log('INFO', `Script task ${task.name} completed (${scriptTokens} tokens): ${output.slice(0, 300)}`);
         else log('INFO', `Script task ${task.name} completed`);
-        return { success: true, output, tokens: 0 };
+        return { success: true, output, tokens: scriptTokens };
       } catch (e) {
         log('ERROR', `Script task ${task.name} failed: ${e.message}`);
         state.tasks[task.name] = {
@@ -375,11 +411,14 @@ function createTaskScheduler(deps) {
     }
 
     const preamble = buildProfilePreamble();
-    const model = normalizeModel(task.model || 'haiku');
-    // If precondition returned context data, append it to the prompt
+    const model = normalizeModel(task.model || getDistillModel());
+    // If precondition returned context data, append it to the prompt (truncated to prevent token bombs)
     let taskPrompt = task.prompt;
     if (precheck.context) {
-      taskPrompt += `\n\n以下是相关原始数据:\n\`\`\`\n${precheck.context}\n\`\`\``;
+      const ctx = precheck.context.length > MAX_PRECONDITION_CHARS
+        ? precheck.context.slice(0, MAX_PRECONDITION_CHARS) + '\n... (truncated)'
+        : precheck.context;
+      taskPrompt += `\n\n以下是相关原始数据:\n\`\`\`\n${ctx}\n\`\`\``;
     }
     const fullPrompt = preamble + taskPrompt;
 
@@ -550,7 +589,9 @@ function createTaskScheduler(deps) {
     const steps = task.steps || [];
     if (steps.length === 0) return { success: false, error: 'No steps defined', output: '' };
 
-    const model = normalizeModel(task.model || 'sonnet');
+    // Workflow tasks match the user's session model setting (same quality as interactive)
+    const sessionModel = (config && config.daemon && config.daemon.model) || 'sonnet';
+    const model = normalizeModel(task.model || sessionModel);
     const cwd = task.cwd ? task.cwd.replace(/^~/, HOME) : HOME;
     const sessionId = crypto.randomUUID();
     const outputs = [];
@@ -569,7 +610,12 @@ function createTaskScheduler(deps) {
     for (let i = 0; i < steps.length; i++) {
       const step = steps[i];
       let prompt = (step.skill ? `/${step.skill} ` : '') + (step.prompt || '');
-      if (i === 0 && precheck.context) prompt += `\n\n相关数据:\n\`\`\`\n${precheck.context}\n\`\`\``;
+      if (i === 0 && precheck.context) {
+        const ctx = precheck.context.length > MAX_PRECONDITION_CHARS
+          ? precheck.context.slice(0, MAX_PRECONDITION_CHARS) + '\n... (truncated)'
+          : precheck.context;
+        prompt += `\n\n相关数据:\n\`\`\`\n${ctx}\n\`\`\``;
+      }
       const args = ['-p', '--model', model, '--dangerously-skip-permissions'];
       for (const tool of allowed) args.push('--allowedTools', tool);
       if (mcpConfig) args.push('--mcp-config', mcpConfig);
@@ -583,12 +629,14 @@ function createTaskScheduler(deps) {
           timeout: resolveTimeoutMs(step.timeout, 300),
           maxBuffer: 5 * 1024 * 1024,
           cwd,
+          ...(process.platform === 'win32' ? { windowsHide: true } : {}),
           env: {
             ...process.env,
             ...getDaemonProviderEnv(),
             CLAUDECODE: undefined,
             METAME_INTERNAL_PROMPT: '1',
           },
+          ...(process.platform === 'win32' ? { shell: process.env.COMSPEC || true, windowsHide: true } : {}),
         }).trim();
         const tk = Math.ceil((prompt.length + output.length) / 4);
         totalTokens += tk;
@@ -634,11 +682,22 @@ function createTaskScheduler(deps) {
     return found || null;
   }
 
-  function startHeartbeat(config, notifyFn) {
+  function startHeartbeat(config, notifyFn, notifyPersonalFn) {
     const { all: tasks } = getAllTasks(config);
 
     const enabledTasks = tasks.filter(t => t.enabled !== false);
     const checkIntervalSec = (config.daemon && config.daemon.heartbeat_check_interval) || 60;
+
+    // Helper: compute next run time, falling back to 2-tick backoff on error.
+    function safeNextRun(taskName, schedule, now) {
+      try {
+        return { next: nextRunAfter(schedule, now), failed: false };
+      } catch (e) {
+        log('ERROR', `nextRunAfter failed for "${taskName}": ${e.message}`);
+        return { next: now + checkIntervalSec * 2 * 1000, failed: true };
+      }
+    }
+
     const taskSchedules = new Map();
     const runnableTasks = [];
     for (const task of enabledTasks) {
@@ -671,7 +730,25 @@ function createTaskScheduler(deps) {
     // Tracks tasks currently running (prevents concurrent runs of the same task)
     const runningTasks = new Set();
 
+    // Wake detection: if tick interval far exceeds expected, system likely slept (macOS lid close).
+    // Use 5min floor to avoid false triggers from CPU load spikes or GC pauses.
+    let lastTickTime = Date.now();
+    const WAKE_THRESHOLD = Math.max(checkIntervalSec * 3 * 1000, 5 * 60 * 1000);
+
     const timer = setInterval(() => {
+      const tickNow = Date.now();
+      const tickElapsed = tickNow - lastTickTime;
+      lastTickTime = tickNow;
+
+      if (tickElapsed > WAKE_THRESHOLD) {
+        log('FATAL', `[WAKE-DETECT] System resumed after ${Math.round(tickElapsed / 1000)}s sleep — restarting daemon to rebuild connections`);
+        const st = loadState();
+        st.wake_restart = new Date().toISOString();
+        st.wake_sleep_seconds = Math.round(tickElapsed / 1000);
+        saveState(st);
+        process.exit(1); // caffeinate will restart us with fresh connections
+      }
+
       // ① Physiological heartbeat (zero token, pure awareness)
       physiologicalHeartbeat(config);
 
@@ -703,24 +780,14 @@ function createTaskScheduler(deps) {
 
           if (runningTasks.has(task.name)) {
             // Task is still running; skip this cycle and keep full interval cadence.
-            try {
-              nextRun[task.name] = nextRunAfter(schedule, currentTime);
-            } catch (schedErr) {
-              nextRun[task.name] = currentTime + checkIntervalSec * 2 * 1000;
-              log('ERROR', `nextRunAfter (running guard) failed for "${task.name}": ${schedErr.message}`);
-            }
+            nextRun[task.name] = safeNextRun(task.name, schedule, currentTime).next;
             log('WARN', `Task ${task.name} still running — skipping this interval`);
             continue;
           }
 
-          try {
-            nextRun[task.name] = nextRunAfter(schedule, currentTime);
-          } catch (schedErr) {
-            // If next-run calculation fails, back off by at least 2 ticks to prevent infinite loop
-            nextRun[task.name] = currentTime + checkIntervalSec * 2 * 1000;
-            log('ERROR', `nextRunAfter failed for "${task.name}": ${schedErr.message} — backing off`);
-            continue;
-          }
+          const { next: nextRunTime, failed: schedFailed } = safeNextRun(task.name, schedule, currentTime);
+          nextRun[task.name] = nextRunTime;
+          if (schedFailed) continue; // back off, skip execution this cycle
           runningTasks.add(task.name);
           // executeTask now returns a Promise (async, non-blocking, process-group kill)
           Promise.resolve(executeTask(task, config))
@@ -743,13 +810,20 @@ function createTaskScheduler(deps) {
       }
 
       // Skill evolution: check queue and notify user of actionable items
-      if (skillEvolution) {
+      // Can be disabled via daemon.yaml: skill_evolution_notify: false
+      const skillEvolutionNotifyEnabled = !config.daemon || config.daemon.skill_evolution_notify !== false;
+      if (skillEvolution && skillEvolutionNotifyEnabled) {
         try {
           const notifications = skillEvolution.checkEvolutionQueue();
           for (const item of notifications) {
             let msg = '';
             const idHint = item.id ? `\nID: \`${item.id}\`` : '';
-            if (item.type === 'skill_gap') {
+            if (item.type === 'workflow_proposal') {
+              msg = `🔄 *工作流技能建议*\n检测到重复工作流: ${item.search_hint || item.reason}`;
+              if (item.tools_signature && item.tools_signature.length) msg += `\n工具: ${item.tools_signature.join(', ')}`;
+              if (item.example_prompt) msg += `\n示例: "${item.example_prompt}"`;
+              if (item.evidence_count) msg += `\n出现次数: ${item.evidence_count}`;
+            } else if (item.type === 'skill_gap') {
               msg = `🧬 *技能缺口检测*\n${item.reason}`;
               if (item.search_hint) msg += `\n搜索建议: \`${item.search_hint}\``;
             } else if (item.type === 'skill_fix') {
@@ -757,9 +831,14 @@ function createTaskScheduler(deps) {
             } else if (item.type === 'user_complaint') {
               msg = `⚠️ *技能反馈*\n技能 \`${item.skill_name}\` 收到用户反馈\n${item.reason}`;
             }
-            if (msg && item.id) msg += `${idHint}\n处理: \`/skill-evo done ${item.id}\` 或 \`/skill-evo dismiss ${item.id}\``;
-            else if (msg) msg += idHint;
-            if (msg && notifyFn) notifyFn(msg);
+            if (msg && item.id && item.type === 'workflow_proposal') {
+              msg += `${idHint}\n处理: \`/skill-evo approve ${item.id}\` 或 \`/skill-evo dismiss ${item.id}\``;
+            } else if (msg && item.id) {
+              msg += `${idHint}\n处理: \`/skill-evo done ${item.id}\` 或 \`/skill-evo dismiss ${item.id}\``;
+            } else if (msg) msg += idHint;
+            // Skill notifications go only to personal chats, not agent group chats
+            const skillNotifyFn = notifyPersonalFn || notifyFn;
+            if (msg && skillNotifyFn) skillNotifyFn(msg);
           }
         } catch (e) { log('WARN', `Skill evolution queue check failed: ${e.message}`); }
       }
@@ -780,6 +859,7 @@ function createTaskScheduler(deps) {
 
 module.exports = {
   createTaskScheduler,
+  normalizeModel,
   _private: {
     parseAtTime,
     parseDays,

package/scripts/daemon-user-acl.js

@@ -166,7 +166,7 @@ const ACTION_GROUPS = {
 const ROLE_DEFAULT_ACTIONS = {
   admin:   Object.keys(ACTION_GROUPS),       // 全部权限
   member:  ['query'],                         // 默认只能问答
-  stranger: [],                               // 无系统权限，但允许基础问答由 askClaude readOnly 处理
+  stranger: ['query'],                        // 仅基础问答（只读）
 };
 
 // 不可赋予 member 的 admin 专属 action
@@ -182,6 +182,16 @@ const ADMIN_ONLY_ACTIONS = new Set(['system', 'agent', 'config', 'admin_acl']);
  */
 function resolveUserCtx(senderId, config) {
   const userData = loadUsers();
+  // Per-platform bootstrap: Feishu open_id starts with "ou_", Telegram IDs are numeric.
+  const allUsers = userData && userData.users ? userData.users : {};
+  const isFeishuId = senderId && senderId.startsWith('ou_');
+  const isTelegramId = senderId && /^\d+$/.test(senderId);
+  const hasPlatformAdmin = isFeishuId
+    ? Object.keys(allUsers).some(id => id.startsWith('ou_'))
+    : isTelegramId
+      ? Object.keys(allUsers).some(id => /^\d+$/.test(id))
+      : Object.keys(allUsers).length > 0;
+  const hasConfiguredUsers = hasPlatformAdmin;
 
   let role, name, allowedActions;
 
@@ -213,9 +223,25 @@ function resolveUserCtx(senderId, config) {
         name = senderId.slice(-6);
         allowedActions = ROLE_DEFAULT_ACTIONS.admin;
       } else {
-        role = userData.default_role || 'stranger';
-        name = senderId.slice(-6);
-        allowedActions = ROLE_DEFAULT_ACTIONS[role] || [];
+        if (!hasConfiguredUsers) {
+          // Bootstrap only once: persist the first seen sender as admin.
+          const next = {
+            default_role: userData.default_role || 'stranger',
+            users: { ...(userData.users || {}) },
+          };
+          next.users[senderId] = {
+            role: 'admin',
+            name: senderId.slice(-6),
+          };
+          try { saveUsers(next); } catch { /* non-fatal: fallback to in-memory role */ }
+          role = 'admin';
+          name = senderId.slice(-6);
+          allowedActions = ROLE_DEFAULT_ACTIONS.admin;
+        } else {
+          role = userData.default_role || 'stranger';
+          name = senderId.slice(-6);
+          allowedActions = ROLE_DEFAULT_ACTIONS[role] || [];
+        }
       }
     }
   }
@@ -313,7 +339,7 @@ function handleUserCommand(text, userCtx) {
 
   if (sub === 'add') {
     // /user add <open_id> <role> [name...]
-    const [, , , uid, role, ...nameParts] = args;
+    const [, , uid, role, ...nameParts] = args;
     if (!uid || !role) return { handled: true, reply: '用法: /user add <open_id> <role> [name]' };
     // [S2] open_id 格式校验
     if (!isValidOpenId(uid)) return { handled: true, reply: '❌ open_id 格式不合法（应为 10-64 位字母数字下划线）' };
@@ -328,7 +354,7 @@ function handleUserCommand(text, userCtx) {
   }
 
   if (sub === 'role') {
-    const [, , , uid, role] = args;
+    const [, , uid, role] = args;
     if (!uid || !role) return { handled: true, reply: '用法: /user role <open_id> <role>' };
     if (!isValidOpenId(uid)) return { handled: true, reply: '❌ open_id 格式不合法' };
     if (!['admin', 'member', 'stranger'].includes(role)) {
@@ -343,7 +369,7 @@ function handleUserCommand(text, userCtx) {
   }
 
   if (sub === 'grant') {
-    const [, , , uid, action] = args;
+    const [, , uid, action] = args;
     if (!uid || !action) return { handled: true, reply: '用法: /user grant <open_id> <action>' };
     if (!isValidOpenId(uid)) return { handled: true, reply: '❌ open_id 格式不合法' };
     if (ADMIN_ONLY_ACTIONS.has(action)) {
@@ -364,7 +390,7 @@ function handleUserCommand(text, userCtx) {
   }
 
   if (sub === 'revoke') {
-    const [, , , uid, action] = args;
+    const [, , uid, action] = args;
     if (!uid || !action) return { handled: true, reply: '用法: /user revoke <open_id> <action>' };
     if (!isValidOpenId(uid)) return { handled: true, reply: '❌ open_id 格式不合法' };
     const data = loadUsers();
@@ -376,7 +402,7 @@ function handleUserCommand(text, userCtx) {
   }
 
   if (sub === 'remove') {
-    const [, , , uid] = args;
+    const [, , uid] = args;
     if (!uid) return { handled: true, reply: '用法: /user remove <open_id>' };
     if (!isValidOpenId(uid)) return { handled: true, reply: '❌ open_id 格式不合法' };
     const data = loadUsers();