miladyai 2.0.0-alpha.27

package/dist/cli/program/register.tui.js

@@ -0,0 +1,163 @@
+import { theme } from "../../terminal/theme.js";
+import { formatDocsLink } from "../../terminal/links.js";
+import { runCommandWithRuntime } from "../cli-utils.js";
+
+//#region src/cli/program/register.tui.ts
+const defaultRuntime = {
+	error: console.error,
+	exit: process.exit
+};
+function normalizeApiBaseUrl(value) {
+	return value.trim().replace(/\/+$/, "");
+}
+async function fetchJsonWithTimeout(url, timeoutMs = 1200, headers) {
+	const controller = new AbortController();
+	const timer = setTimeout(() => controller.abort(), timeoutMs);
+	try {
+		const res = await fetch(url, {
+			method: "GET",
+			signal: controller.signal,
+			headers
+		});
+		let body = null;
+		try {
+			body = await res.json();
+		} catch {
+			body = null;
+		}
+		return {
+			ok: res.ok,
+			status: res.status,
+			body
+		};
+	} catch {
+		return {
+			ok: false,
+			status: 0,
+			body: null
+		};
+	} finally {
+		clearTimeout(timer);
+	}
+}
+function getMiladyApiProbeHeaders(includeAuth) {
+	if (!includeAuth) return void 0;
+	const token = process.env.MILADY_API_TOKEN?.trim();
+	if (!token) return void 0;
+	return { Authorization: `Bearer ${token}` };
+}
+async function probeMiladyApi(baseUrl, includeAuth = false) {
+	const headers = getMiladyApiProbeHeaders(includeAuth);
+	const statusRes = await fetchJsonWithTimeout(`${baseUrl}/api/status`, 1200, headers);
+	const reachable = statusRes.status !== 0 && statusRes.status !== 404;
+	if (!reachable) return {
+		baseUrl,
+		reachable: false,
+		runtimeState: null,
+		onboardingComplete: null,
+		pluginCount: null,
+		authDenied: false
+	};
+	const statusBody = statusRes.body && typeof statusRes.body === "object" ? statusRes.body : null;
+	const runtimeState = typeof statusBody?.state === "string" ? statusBody.state : null;
+	const conversationsRes = await fetchJsonWithTimeout(`${baseUrl}/api/conversations`, 1200, headers);
+	const onboardingRes = await fetchJsonWithTimeout(`${baseUrl}/api/onboarding/status`, 1200, headers);
+	const onboardingBody = onboardingRes.body && typeof onboardingRes.body === "object" ? onboardingRes.body : null;
+	const onboardingComplete = typeof onboardingBody?.complete === "boolean" ? onboardingBody.complete : null;
+	const pluginsRes = await fetchJsonWithTimeout(`${baseUrl}/api/plugins`, 1200, headers);
+	const pluginsBody = pluginsRes.body && typeof pluginsRes.body === "object" ? pluginsRes.body : null;
+	return {
+		baseUrl,
+		reachable,
+		runtimeState,
+		onboardingComplete,
+		pluginCount: Array.isArray(pluginsBody?.plugins) ? pluginsBody.plugins.length : null,
+		authDenied: [statusRes.status, conversationsRes.status].some((status) => status === 401 || status === 403)
+	};
+}
+async function resolveTuiApiBaseUrl(cliValue) {
+	const explicit = cliValue?.trim();
+	if (explicit) return {
+		baseUrl: normalizeApiBaseUrl(explicit),
+		source: "cli",
+		reachableCandidateCount: 1
+	};
+	const envValue = process.env.MILADY_API_BASE_URL?.trim() || process.env.MILADY_API_BASE?.trim();
+	if (envValue) return {
+		baseUrl: normalizeApiBaseUrl(envValue),
+		source: "env",
+		reachableCandidateCount: 1
+	};
+	const candidates = [
+		process.env.MILADY_PORT?.trim() ? `http://127.0.0.1:${process.env.MILADY_PORT.trim()}` : null,
+		"http://127.0.0.1:31337",
+		"http://127.0.0.1:2138"
+	].filter((candidate) => Boolean(candidate));
+	const normalizedCandidates = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const candidate of candidates) {
+		const normalized = normalizeApiBaseUrl(candidate);
+		if (seen.has(normalized)) continue;
+		seen.add(normalized);
+		normalizedCandidates.push(normalized);
+	}
+	const probes = [];
+	for (const candidate of normalizedCandidates) probes.push(await probeMiladyApi(candidate, false));
+	const reachableCandidateCount = probes.filter((probe) => probe.reachable).length;
+	const ready = probes.find((probe) => probe.reachable && !probe.authDenied && probe.runtimeState === "running" && probe.onboardingComplete === true && (probe.pluginCount ?? 0) > 0);
+	if (ready) return {
+		baseUrl: ready.baseUrl,
+		source: "auto",
+		reachableCandidateCount
+	};
+	const onboarded = probes.find((probe) => probe.reachable && !probe.authDenied && probe.runtimeState === "running" && probe.onboardingComplete === true);
+	if (onboarded) return {
+		baseUrl: onboarded.baseUrl,
+		source: "auto",
+		reachableCandidateCount
+	};
+	const reachable = probes.find((probe) => probe.reachable);
+	if (reachable) return {
+		baseUrl: reachable.baseUrl,
+		source: "auto",
+		reachableCandidateCount
+	};
+	return null;
+}
+async function tuiAction(options) {
+	await runCommandWithRuntime(defaultRuntime, async () => {
+		const { launchTUI } = await import("../../tui/index.js");
+		if (options.localRuntime) {
+			const { bootElizaRuntime } = await import("../../runtime/eliza.js");
+			await launchTUI(await bootElizaRuntime({ requireConfig: true }), { modelOverride: options.model });
+			return;
+		}
+		const resolvedApi = await resolveTuiApiBaseUrl(options.apiBaseUrl);
+		if (!resolvedApi) throw new Error("No Milady API runtime detected. Start frontend/API first, pass --api-base-url, or use --local-runtime.");
+		const apiBaseUrl = resolvedApi.baseUrl;
+		const hasToken = Boolean(process.env.MILADY_API_TOKEN?.trim());
+		const includeAuthProbe = resolvedApi.source !== "auto" || resolvedApi.reachableCandidateCount === 1;
+		const suppressApiTokenForwarding = hasToken && resolvedApi.source === "auto" && resolvedApi.reachableCandidateCount > 1;
+		const probe = await probeMiladyApi(apiBaseUrl, includeAuthProbe);
+		if (!probe.reachable) throw new Error(`Could not reach Milady API runtime at ${apiBaseUrl}. Check port and network connectivity.`);
+		if (probe.authDenied) {
+			if (!hasToken) throw new Error(`Milady API runtime at ${apiBaseUrl} requires authentication. Set MILADY_API_TOKEN and retry.`);
+			if (suppressApiTokenForwarding) throw new Error(`Milady API runtime at ${apiBaseUrl} requires authentication, but multiple local API candidates were detected. For token safety, auto-discovery does not send MILADY_API_TOKEN to all ports. Re-run with --api-base-url ${apiBaseUrl} to opt in explicitly.`);
+			throw new Error(`Milady API runtime at ${apiBaseUrl} rejected MILADY_API_TOKEN (401/403). Verify token scope/value and retry.`);
+		}
+		if (probe.runtimeState !== "running") throw new Error(`Milady API runtime at ${apiBaseUrl} is not ready (state=${probe.runtimeState ?? "unknown"}). Wait for runtime startup to complete and resolve backend errors in frontend logs.`);
+		if (probe.onboardingComplete === false) throw new Error(`Milady API runtime at ${apiBaseUrl} is not onboarded yet (complete=false). Complete onboarding in the frontend for this runtime.`);
+		if (probe.pluginCount === 0) throw new Error(`Milady API runtime at ${apiBaseUrl} has no model/provider plugins loaded. Configure a provider in onboarding first.`);
+		await launchTUI(null, {
+			modelOverride: options.model,
+			apiBaseUrl,
+			apiToken: suppressApiTokenForwarding ? null : void 0
+		});
+	});
+}
+function registerTuiCommand(program) {
+	program.command("tui", { isDefault: true }).description("Start Milady with the interactive TUI").option("-m, --model <model>", "Model to use (e.g. anthropic/claude-sonnet-4-20250514)").option("--api-base-url <url>", "API runtime base URL (default: env vars, then auto-detect 31337/2138)").option("--local-runtime", "Boot a standalone local runtime (advanced; API mode is default)").addHelpText("after", () => `\n${theme.muted("Docs:")} ${formatDocsLink("/tui", "docs.milady.ai/tui")}\n${theme.muted("Default mode:")} API runtime mode (shared with frontend).\n${theme.muted("API auth:")} Set MILADY_API_TOKEN when the API/websocket server requires auth.\n`).action(tuiAction);
+}
+
+//#endregion
+export { registerTuiCommand };

package/dist/cli/program/register.update.js

@@ -0,0 +1,154 @@
+import { CLI_VERSION } from "../version.js";
+import { theme } from "../../terminal/theme.js";
+
+//#region src/cli/program/register.update.ts
+const ALL_CHANNELS = [
+	"stable",
+	"beta",
+	"nightly"
+];
+const CHANNEL_LABELS = {
+	stable: theme.success,
+	beta: theme.warn,
+	nightly: theme.accent
+};
+const CHANNEL_DESCRIPTIONS = {
+	stable: "Production-ready releases. Recommended for most users.",
+	beta: "Release candidates. May contain minor issues.",
+	nightly: "Latest development builds. May be unstable."
+};
+function channelLabel(ch) {
+	return CHANNEL_LABELS[ch](ch);
+}
+function parseChannelOrExit(raw) {
+	if (ALL_CHANNELS.includes(raw)) return raw;
+	console.error(theme.error(`Invalid channel "${raw}". Valid channels: ${ALL_CHANNELS.join(", ")}`));
+	process.exit(1);
+}
+async function updateAction(opts) {
+	const { loadMiladyConfig, saveMiladyConfig } = await import("../../config/config.js");
+	const { checkForUpdate, resolveChannel } = await import("../../services/update-checker.js");
+	const { detectInstallMethod, performUpdate } = await import("../../services/self-updater.js");
+	const config = loadMiladyConfig();
+	let newChannel;
+	if (opts.channel) {
+		newChannel = parseChannelOrExit(opts.channel);
+		const oldChannel = resolveChannel(config.update);
+		if (newChannel !== oldChannel) {
+			saveMiladyConfig({
+				...config,
+				update: {
+					...config.update,
+					channel: newChannel,
+					lastCheckAt: void 0,
+					lastCheckVersion: void 0
+				}
+			});
+			console.log(`\nRelease channel changed: ${channelLabel(oldChannel)} -> ${channelLabel(newChannel)}`);
+			console.log(theme.muted(`  ${CHANNEL_DESCRIPTIONS[newChannel]}\n`));
+		}
+	}
+	const effectiveChannel = newChannel ?? resolveChannel(config.update);
+	console.log(`\n${theme.heading("Milady Update")}  ${theme.muted(`(channel: ${effectiveChannel})`)}`);
+	console.log(theme.muted(`Current version: ${CLI_VERSION}\n`));
+	console.log("Checking for updates...\n");
+	const result = await checkForUpdate({ force: opts.force ?? !!newChannel });
+	if (result.error) {
+		console.error(theme.warn(`  ${result.error}\n`));
+		if (!opts.check) process.exit(1);
+		return;
+	}
+	if (!result.updateAvailable) {
+		console.log(theme.success(`  Already up to date! (${CLI_VERSION} is the latest on ${effectiveChannel})\n`));
+		return;
+	}
+	console.log(`  ${theme.accent("Update available:")} ${CLI_VERSION} -> ${theme.success(result.latestVersion ?? "unknown")}`);
+	console.log(theme.muted(`  Channel: ${effectiveChannel} | dist-tag: ${result.distTag}\n`));
+	if (opts.check) {
+		console.log(theme.muted("  Run `milady update` to install the update.\n"));
+		return;
+	}
+	const method = detectInstallMethod();
+	if (method === "local-dev") {
+		console.log(theme.warn("  Local development install detected. Use `git pull` to update.\n"));
+		return;
+	}
+	console.log(theme.muted(`  Install method: ${method}`));
+	console.log("  Installing update...\n");
+	const updateResult = await performUpdate(CLI_VERSION, effectiveChannel, method);
+	if (!updateResult.success) {
+		console.error(theme.error(`\n  Update failed: ${updateResult.error}\n`));
+		console.log(theme.muted(`  Command: ${updateResult.command}\n  You can try running it manually.\n`));
+		process.exit(1);
+	}
+	if (updateResult.newVersion) console.log(theme.success(`\n  Updated successfully! ${CLI_VERSION} -> ${updateResult.newVersion}`));
+	else {
+		console.log(theme.success("\n  Update command completed successfully."));
+		console.log(theme.warn(`  Could not verify the new version. Expected: ${result.latestVersion ?? "unknown"}`));
+	}
+	console.log(theme.muted("  Restart milady for the new version to take effect.\n"));
+}
+async function statusAction() {
+	const { loadMiladyConfig } = await import("../../config/config.js");
+	const { resolveChannel, fetchAllChannelVersions } = await import("../../services/update-checker.js");
+	const { detectInstallMethod } = await import("../../services/self-updater.js");
+	console.log(`\n${theme.heading("Version Status")}\n`);
+	const config = loadMiladyConfig();
+	const channel = resolveChannel(config.update);
+	console.log(`  Installed:  ${theme.accent(CLI_VERSION)}`);
+	console.log(`  Channel:    ${channelLabel(channel)}`);
+	console.log(`  Install:    ${theme.muted(detectInstallMethod())}`);
+	console.log(`\n${theme.heading("Available Versions")}\n`);
+	console.log("  Fetching from npm registry...\n");
+	const versions = await fetchAllChannelVersions();
+	for (const ch of ALL_CHANNELS) {
+		const ver = versions[ch] ?? theme.muted("(not published)");
+		const marker = ch === channel ? theme.accent(" <-- current") : "";
+		console.log(`  ${channelLabel(ch).padEnd(22)} ${ver}${marker}`);
+	}
+	if (config.update?.lastCheckAt) console.log(`\n  ${theme.muted(`Last checked: ${new Date(config.update.lastCheckAt).toLocaleString()}`)}`);
+	console.log();
+}
+async function channelAction(channelArg) {
+	const { loadMiladyConfig, saveMiladyConfig } = await import("../../config/config.js");
+	const { resolveChannel } = await import("../../services/update-checker.js");
+	const config = loadMiladyConfig();
+	const current = resolveChannel(config.update);
+	if (!channelArg) {
+		console.log(`\n${theme.heading("Release Channel")}\n`);
+		console.log(`  Current: ${channelLabel(current)}`);
+		console.log(theme.muted(`  ${CHANNEL_DESCRIPTIONS[current]}\n`));
+		console.log("  Available channels:");
+		for (const ch of ALL_CHANNELS) {
+			const marker = ch === current ? theme.accent(" (active)") : "";
+			console.log(`    ${channelLabel(ch)}${marker}  ${theme.muted(CHANNEL_DESCRIPTIONS[ch])}`);
+		}
+		console.log(`\n  ${theme.muted("Switch with: milady update channel <stable|beta|nightly>")}\n`);
+		return;
+	}
+	const newChannel = parseChannelOrExit(channelArg);
+	if (newChannel === current) {
+		console.log(`\n  Already on ${channelLabel(current)} channel. No change needed.\n`);
+		return;
+	}
+	saveMiladyConfig({
+		...config,
+		update: {
+			...config.update,
+			channel: newChannel,
+			lastCheckAt: void 0,
+			lastCheckVersion: void 0
+		}
+	});
+	console.log(`\n  Channel changed: ${channelLabel(current)} -> ${channelLabel(newChannel)}`);
+	console.log(theme.muted(`  ${CHANNEL_DESCRIPTIONS[newChannel]}`));
+	console.log(`\n  ${theme.muted("Run `milady update` to fetch the latest version from this channel.")}\n`);
+}
+function registerUpdateCommand(program) {
+	const updateCmd = program.command("update").description("Check for and install updates").option("-c, --channel <channel>", "Switch release channel (stable, beta, nightly)").option("--check", "Check for updates without installing").option("--force", "Force update check (bypass interval cache)").action(updateAction);
+	updateCmd.command("status").description("Show current version and available updates across all channels").action(statusAction);
+	updateCmd.command("channel [channel]").description("View or change the release channel").action(channelAction);
+}
+
+//#endregion
+export { registerUpdateCommand };

package/dist/cli/program.js

@@ -0,0 +1,3 @@
+import { buildProgram } from "./program/build-program.js";
+
+export { buildProgram };

package/dist/cli/run-main.js

@@ -0,0 +1,37 @@
+import { getPrimaryCommand, hasHelpOrVersion } from "./argv.js";
+import { registerSubCliByName } from "./program/register.subclis.js";
+import process from "node:process";
+
+//#region src/cli/run-main.ts
+async function loadDotEnv() {
+	try {
+		const { config } = await import("dotenv");
+		config({ quiet: true });
+	} catch (err) {
+		if (err.code !== "MODULE_NOT_FOUND" && err.code !== "ERR_MODULE_NOT_FOUND") throw err;
+	}
+}
+function formatUncaughtError(error) {
+	if (error instanceof Error) return error.stack ?? error.message;
+	return String(error);
+}
+async function runCli(argv = process.argv) {
+	await loadDotEnv();
+	if (!process.env.ZAI_API_KEY?.trim() && process.env.Z_AI_API_KEY?.trim()) process.env.ZAI_API_KEY = process.env.Z_AI_API_KEY;
+	const { buildProgram } = await import("./program.js");
+	const program = buildProgram();
+	process.on("unhandledRejection", (reason) => {
+		console.error("[milady] Unhandled rejection:", formatUncaughtError(reason));
+		process.exit(1);
+	});
+	process.on("uncaughtException", (error) => {
+		console.error("[milady] Uncaught exception:", formatUncaughtError(error));
+		process.exit(1);
+	});
+	const primary = getPrimaryCommand(argv);
+	if (primary && !hasHelpOrVersion(argv)) await registerSubCliByName(program, primary);
+	await program.parseAsync(argv);
+}
+
+//#endregion
+export { runCli };

package/dist/cli/version.js

@@ -0,0 +1,7 @@
+import { resolveMiladyVersion } from "../version-resolver.js";
+
+//#region src/cli/version.ts
+const CLI_VERSION = resolveMiladyVersion(import.meta.url);
+
+//#endregion
+export { CLI_VERSION };

package/dist/cloud/validate-url.js

@@ -0,0 +1,93 @@
+import { normalizeHostLike, normalizeIpForPolicy } from "../security/network-policy.js";
+import net from "node:net";
+import { promisify } from "node:util";
+import dns from "node:dns";
+
+//#region src/cloud/validate-url.ts
+/**
+* Cloud base URL validation to prevent SSRF.
+*
+* Enforces HTTPS and blocks base URLs that resolve to internal/metadata ranges.
+*/
+const dnsLookupAll = promisify(dns.lookup);
+const BLOCKED_IPV4_CIDRS = [
+	cidrV4("0.0.0.0", 8),
+	cidrV4("10.0.0.0", 8),
+	cidrV4("172.16.0.0", 12),
+	cidrV4("192.168.0.0", 16),
+	cidrV4("100.64.0.0", 10),
+	cidrV4("127.0.0.0", 8),
+	cidrV4("169.254.0.0", 16),
+	cidrV4("192.0.0.0", 24),
+	cidrV4("198.18.0.0", 15),
+	cidrV4("192.0.2.0", 24),
+	cidrV4("198.51.100.0", 24),
+	cidrV4("203.0.113.0", 24),
+	cidrV4("224.0.0.0", 4),
+	cidrV4("240.0.0.0", 4)
+];
+function cidrV4(base, prefix) {
+	const parsed = parseIpv4ToInt(base);
+	if (parsed === null) throw new Error(`Invalid CIDR base IPv4 address: ${base}`);
+	const shift = 32 - prefix;
+	const mask = shift === 32 ? 0 : 4294967295 << shift >>> 0;
+	return {
+		base: parsed & mask,
+		mask
+	};
+}
+function parseIpv4ToInt(ip) {
+	const parts = ip.split(".");
+	if (parts.length !== 4) return null;
+	let value = 0;
+	for (const part of parts) {
+		if (!/^\d{1,3}$/.test(part)) return null;
+		const octet = Number.parseInt(part, 10);
+		if (!Number.isInteger(octet) || octet < 0 || octet > 255) return null;
+		value = value << 8 | octet;
+	}
+	return value >>> 0;
+}
+function isBlockedIpv4(ip) {
+	const asInt = parseIpv4ToInt(ip);
+	if (asInt === null) return true;
+	return BLOCKED_IPV4_CIDRS.some((cidr) => (asInt & cidr.mask) === cidr.base);
+}
+function isBlockedIpv6(ip) {
+	const normalized = ip.toLowerCase();
+	return normalized === "::" || normalized === "::1" || /^fe[89ab][0-9a-f]:/.test(normalized) || /^f[cd][0-9a-f]{2}:/i.test(normalized) || normalized.startsWith("ff");
+}
+function isBlockedIp(ip) {
+	const normalized = normalizeIpForPolicy(ip);
+	const family = net.isIP(normalized);
+	if (family === 4) return isBlockedIpv4(normalized);
+	if (family === 6) return isBlockedIpv6(normalized);
+	return false;
+}
+async function validateCloudBaseUrl(rawUrl) {
+	let parsed;
+	try {
+		parsed = new URL(rawUrl);
+	} catch {
+		return `Invalid cloud base URL: "${rawUrl}"`;
+	}
+	if (parsed.protocol !== "https:") return `Cloud base URL must use HTTPS, got "${parsed.protocol}" in "${rawUrl}"`;
+	const hostname = normalizeHostLike(parsed.hostname);
+	if (!hostname) return `Invalid cloud base URL: "${rawUrl}"`;
+	if (hostname === "localhost" || hostname.endsWith(".localhost") || hostname.endsWith(".local")) return `Cloud base URL "${rawUrl}" points to a blocked local hostname.`;
+	if (isBlockedIp(hostname)) return `Cloud base URL "${rawUrl}" points to a blocked address.`;
+	try {
+		const results = await dnsLookupAll(hostname, { all: true });
+		const addresses = Array.isArray(results) ? results : [results];
+		for (const entry of addresses) {
+			const ip = typeof entry === "string" ? entry : entry.address;
+			if (isBlockedIp(ip)) return `Cloud base URL "${rawUrl}" resolves to ${ip}, which is a blocked internal/metadata address.`;
+		}
+	} catch {
+		return `Cloud base URL "${rawUrl}" could not be resolved via DNS.`;
+	}
+	return null;
+}
+
+//#endregion
+export { validateCloudBaseUrl };