nemoris 0.1.0

package/src/runtime/tui-server.js

@@ -0,0 +1,411 @@
+import fs from "node:fs";
+import net from "node:net";
+import os from "node:os";
+import path from "node:path";
+import { TelegramInboundHandler, resolveStatusModel } from "./telegram-inbound.js";
+
+const SESSION_PREFIX = "tui";
+const SESSION_REGISTRY = new Map();
+const SOCKET_STATE = new WeakMap();
+let nextJobCounter = 1;
+
+function safeUnlink(filePath) {
+  try {
+    fs.unlinkSync(filePath);
+  } catch (error) {
+    if (error?.code !== "ENOENT") throw error;
+  }
+}
+
+function normalizeText(value) {
+  return typeof value === "string" ? value : String(value ?? "");
+}
+
+function writeNdjson(socket, payload) {
+  if (!socket || socket.destroyed || !socket.writable) {
+    return false;
+  }
+  socket.write(`${JSON.stringify(payload)}\n`);
+  return true;
+}
+
+function resolveRequestedAgent(runtime, requestedAgent, fallbackAgent) {
+  const configuredAgents = new Set(Object.keys(runtime?.agents || {}));
+  if (requestedAgent && configuredAgents.has(requestedAgent)) {
+    return requestedAgent;
+  }
+  if (fallbackAgent && configuredAgents.has(fallbackAgent)) {
+    return fallbackAgent;
+  }
+  const firstConfigured = configuredAgents.values().next().value;
+  return firstConfigured || requestedAgent || fallbackAgent || "main";
+}
+
+function resolveApprovalId(gate, payload = {}) {
+  if (payload.approvalId) {
+    return String(payload.approvalId);
+  }
+  if (!payload.jobId) {
+    return null;
+  }
+  const pending = gate.getPending().find((entry) => entry.jobId === payload.jobId);
+  return pending?.approvalId || null;
+}
+
+export function resolveTuiSocketPath(stateRoot) {
+  if (process.platform === "win32") {
+    return "\\\\.\\pipe\\nemoris-daemon";
+  }
+  return path.join(stateRoot, "daemon.sock");
+}
+
+export function buildTuiSessionKey(sessionId) {
+  return `${SESSION_PREFIX}:${sessionId}`;
+}
+
+export function registerTuiSession(sessionKey, socket, meta = {}) {
+  const existing = SESSION_REGISTRY.get(sessionKey);
+  if (existing?.socket && existing.socket !== socket) {
+    existing.socket.destroy();
+  }
+  SESSION_REGISTRY.set(sessionKey, { socket, meta });
+  SOCKET_STATE.set(socket, { sessionKey, ...meta });
+}
+
+export function unregisterTuiSession(socket) {
+  const state = SOCKET_STATE.get(socket);
+  if (!state?.sessionKey) {
+    return;
+  }
+  const current = SESSION_REGISTRY.get(state.sessionKey);
+  if (current?.socket === socket) {
+    SESSION_REGISTRY.delete(state.sessionKey);
+  }
+  SOCKET_STATE.delete(socket);
+}
+
+export function getRegisteredTuiSession(sessionKey) {
+  return SESSION_REGISTRY.get(sessionKey) || null;
+}
+
+export function sendTuiEvent(sessionKey, payload) {
+  const entry = SESSION_REGISTRY.get(sessionKey);
+  if (!entry) {
+    return false;
+  }
+  return writeNdjson(entry.socket, payload);
+}
+
+export function resetTuiSessionRegistry() {
+  for (const { socket } of SESSION_REGISTRY.values()) {
+    if (socket && !socket.destroyed) {
+      socket.destroy();
+    }
+  }
+  SESSION_REGISTRY.clear();
+}
+
+export class TuiServer {
+  constructor({
+    stateStore,
+    stateRoot,
+    runtime,
+    contextLedger = null,
+    execApprovalGate = null,
+    logger = console,
+  } = {}) {
+    this.stateStore = stateStore;
+    this.stateRoot = stateRoot;
+    this.runtime = runtime || {};
+    this.contextLedger = contextLedger;
+    this.execApprovalGate = execApprovalGate || null;
+    this.logger = logger;
+    this.server = null;
+    this.socketPath = resolveTuiSocketPath(stateRoot);
+    this.defaultAgent = resolveRequestedAgent(
+      runtime,
+      runtime?.runtime?.telegram?.defaultAgent,
+      "main",
+    );
+    const agentNames = Object.fromEntries(
+      Object.entries(runtime?.agents || {}).map(([agentId, config]) => [agentId, config?.name || agentId]),
+    );
+    this.commandHandler = new TelegramInboundHandler({
+      stateStore,
+      telegramConfig: {
+        defaultAgent: this.defaultAgent,
+        operatorChatId: "",
+        authorizedChatIds: [],
+        pollingMode: false,
+        sessionLabelPrefix: SESSION_PREFIX,
+      },
+      availablePeers: Object.keys(runtime?.agents || {}),
+      contextLedger,
+      agentNames,
+      routerConfig: runtime?.router || null,
+      agentConfigs: runtime?.agents || null,
+      execApprovalGate,
+      logger,
+    });
+  }
+
+  setExecApprovalGate(execApprovalGate) {
+    this.execApprovalGate = execApprovalGate || null;
+    this.commandHandler._execApprovalGate = execApprovalGate || null;
+  }
+
+  async start() {
+    if (this.server) {
+      return { socketPath: this.socketPath };
+    }
+    if (process.platform !== "win32") {
+      safeUnlink(this.socketPath);
+    }
+    this.server = net.createServer((socket) => this._handleConnection(socket));
+    await new Promise((resolve, reject) => {
+      const onError = (error) => {
+        this.server?.off("listening", onListening);
+        reject(error);
+      };
+      const onListening = () => {
+        this.server?.off("error", onError);
+        resolve();
+      };
+      this.server.once("error", onError);
+      this.server.once("listening", onListening);
+      this.server.listen(this.socketPath);
+    });
+    return { socketPath: this.socketPath };
+  }
+
+  async close() {
+    if (!this.server) {
+      return;
+    }
+    const server = this.server;
+    this.server = null;
+    await new Promise((resolve) => server.close(() => resolve()));
+    if (process.platform !== "win32") {
+      safeUnlink(this.socketPath);
+    }
+  }
+
+  async buildStatusPayload(sessionKey) {
+    const session = this.stateStore.getChatSession(sessionKey);
+    const usage = this.stateStore.db?.prepare(`
+      SELECT
+        COALESCE(SUM(tokens_in + tokens_out), 0) as tokens,
+        COALESCE(SUM(cost_usd), 0) as cost
+      FROM usage_log
+      WHERE session_id = ?
+    `).get(sessionKey) || { tokens: 0, cost: 0 };
+    return {
+      type: "status",
+      sessionKey,
+      agent: session?.agent_id || this.defaultAgent,
+      model: resolveStatusModel(session, {
+        routerConfig: this.runtime?.router || null,
+        agentConfigs: this.runtime?.agents || null,
+      }) || "default",
+      tokens: usage.tokens || 0,
+      cost: usage.cost || 0,
+      connected: true,
+    };
+  }
+
+  _handleConnection(socket) {
+    socket.setEncoding("utf8");
+    let buffer = "";
+
+    socket.on("data", async (chunk) => {
+      buffer += chunk;
+      const lines = buffer.split("\n");
+      buffer = lines.pop() || "";
+      for (const rawLine of lines) {
+        const line = rawLine.trim();
+        if (!line) continue;
+        let payload;
+        try {
+          payload = JSON.parse(line);
+        } catch {
+          this._send(socket, { type: "error", message: "Invalid JSON payload.", code: "INVALID_JSON" });
+          continue;
+        }
+        try {
+          await this._handlePayload(socket, payload);
+        } catch (error) {
+          this.logger.error?.(`[tui-server] ${error.message}`);
+          this._send(socket, { type: "error", message: error.message, code: "TUI_SERVER_ERROR" });
+        }
+      }
+    });
+
+    socket.on("close", () => unregisterTuiSession(socket));
+    socket.on("error", () => unregisterTuiSession(socket));
+  }
+
+  _send(socket, payload) {
+    writeNdjson(socket, payload);
+  }
+
+  _getSessionKey(socket) {
+    return SOCKET_STATE.get(socket)?.sessionKey || null;
+  }
+
+  _ensureSession(sessionKey, payload = {}) {
+    let session = this.stateStore.getChatSession(sessionKey);
+    const requestedAgent = resolveRequestedAgent(this.runtime, payload.agent, session?.agent_id || this.defaultAgent);
+
+    if (!session) {
+      this.stateStore.bindChatSession({
+        chatId: sessionKey,
+        agentId: requestedAgent,
+        boundBy: "default",
+      });
+      session = this.stateStore.getChatSession(sessionKey);
+    } else if (payload.agent && session.agent_id !== requestedAgent) {
+      this.stateStore.bindChatSession({
+        chatId: sessionKey,
+        agentId: requestedAgent,
+        boundBy: "user",
+      });
+      session = this.stateStore.getChatSession(sessionKey);
+    }
+
+    if (payload.model !== undefined) {
+      this.stateStore.db.prepare("UPDATE chat_sessions SET model_override = ? WHERE chat_id = ?")
+        .run(payload.model || null, sessionKey);
+      session = this.stateStore.getChatSession(sessionKey);
+    }
+
+    return session;
+  }
+
+  async _handlePayload(socket, payload) {
+    switch (payload?.type) {
+      case "hello":
+        await this._handleHello(socket, payload);
+        return;
+      case "user_message":
+        await this._handleText(socket, normalizeText(payload.text), payload);
+        return;
+      case "slash_command":
+        await this._handleText(socket, normalizeText(payload.command || payload.text), { ...payload, forceSlash: true });
+        return;
+      case "approval":
+        await this._handleApproval(socket, payload);
+        return;
+      case "abort":
+        await this._handleAbort(socket);
+        return;
+      case "ping":
+        this._send(socket, { type: "pong" });
+        return;
+      default:
+        this._send(socket, { type: "error", message: `Unsupported message type ${payload?.type || "(missing)"}.`, code: "UNSUPPORTED_TYPE" });
+    }
+  }
+
+  async _handleHello(socket, payload) {
+    const sessionId = normalizeText(payload.sessionId || `${process.pid}-${Date.now()}`);
+    const sessionKey = buildTuiSessionKey(sessionId);
+    registerTuiSession(sessionKey, socket, { sessionId });
+    this._ensureSession(sessionKey, payload);
+    this._send(socket, await this.buildStatusPayload(sessionKey));
+  }
+
+  async _handleText(socket, text, payload = {}) {
+    const sessionKey = this._getSessionKey(socket);
+    if (!sessionKey) {
+      this._send(socket, { type: "error", message: "Session not initialized. Send a hello payload first.", code: "SESSION_REQUIRED" });
+      return;
+    }
+
+    const cleanText = text.trim();
+    if (!cleanText) {
+      return;
+    }
+
+    const session = this._ensureSession(sessionKey, payload);
+    const shouldRouteAsSlash = payload.forceSlash || cleanText.startsWith("/");
+    if (shouldRouteAsSlash) {
+      const commandText = cleanText.startsWith("/") ? cleanText : `/${cleanText}`;
+      const commandResult = await this.commandHandler._handleCommand(commandText, sessionKey);
+      if (commandResult) {
+        this._send(socket, {
+          type: "agent_response",
+          text: commandResult.reply,
+          command: commandResult.command,
+          jobId: null,
+        });
+        this._send(socket, await this.buildStatusPayload(sessionKey));
+        return;
+      }
+    }
+
+    const available = session?.agent_id && this.runtime?.agents?.[session.agent_id];
+    if (!available) {
+      this._send(socket, { type: "error", message: `Agent ${session?.agent_id || "unknown"} is not available.`, code: "AGENT_UNAVAILABLE" });
+      return;
+    }
+
+    const jobId = `tui-${Date.now()}-${nextJobCounter++}`;
+    this.stateStore.enqueueInteractiveJob({
+      jobId,
+      agentId: session.agent_id,
+      input: cleanText,
+      source: SESSION_PREFIX,
+      chatId: sessionKey,
+    });
+    this._send(socket, {
+      type: "status",
+      ...(await this.buildStatusPayload(sessionKey)),
+      queued: true,
+      jobId,
+    });
+  }
+
+  async _handleApproval(socket, payload) {
+    const gate = this.commandHandler.getExecApprovalGate();
+    const approvalId = resolveApprovalId(gate, payload);
+    const approved = String(payload.action || "approve").toLowerCase() !== "deny";
+    const sessionKey = this._getSessionKey(socket);
+    if (!approvalId) {
+      this._send(socket, {
+        type: "agent_response",
+        text: "No pending approval found for this request.",
+        command: approved ? "exec_approve" : "exec_deny",
+      });
+      return;
+    }
+    const resolved = gate.resolve(approvalId, approved, SESSION_PREFIX);
+    this._send(socket, {
+      type: "agent_response",
+      text: resolved
+        ? `${approved ? "Approved" : "Denied"} exec action ${approvalId}.`
+        : `No pending approval found with ID ${approvalId}.`,
+      command: approved ? "exec_approve" : "exec_deny",
+    });
+    if (sessionKey) {
+      this._send(socket, await this.buildStatusPayload(sessionKey));
+    }
+  }
+
+  async _handleAbort(socket) {
+    const sessionKey = this._getSessionKey(socket);
+    if (!sessionKey) {
+      this._send(socket, { type: "error", message: "Session not initialized.", code: "SESSION_REQUIRED" });
+      return;
+    }
+    const result = await this.commandHandler._handleCommand("/stop", sessionKey);
+    if (result) {
+      this._send(socket, {
+        type: "agent_response",
+        text: result.reply,
+        command: result.command,
+        jobId: null,
+      });
+      this._send(socket, await this.buildStatusPayload(sessionKey));
+    }
+  }
+}

package/src/runtime/ulid.js

@@ -0,0 +1,44 @@
+import { randomBytes } from "node:crypto";
+
+const ENCODING = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+
+let lastTime = 0;
+let lastRandom = new Uint8Array(10);
+
+export function ulid() {
+  let now = Date.now();
+  if (now === lastTime) {
+    // Increment random component for monotonicity within same millisecond
+    for (let i = 9; i >= 0; i--) {
+      if (lastRandom[i] < 255) { lastRandom[i]++; break; }
+      lastRandom[i] = 0;
+    }
+  } else {
+    lastTime = now;
+    randomBytes(10).copy(lastRandom);
+  }
+
+  let str = "";
+  // Encode 48-bit timestamp → 10 Crockford Base32 chars
+  for (let i = 9; i >= 0; i--) {
+    str = ENCODING[now & 31] + str;
+    now = Math.floor(now / 32);
+  }
+  // Encode 80-bit random → 16 Crockford Base32 chars
+  // Process as two 40-bit halves, each → 8 chars
+  const rand = lastRandom;
+  for (let half = 0; half < 2; half++) {
+    const off = half * 5;
+    const hi = (rand[off] << 12) | (rand[off + 1] << 4) | (rand[off + 2] >> 4);
+    const lo = ((rand[off + 2] & 0xF) << 16) | (rand[off + 3] << 8) | rand[off + 4];
+    str += ENCODING[(hi >> 15) & 31];
+    str += ENCODING[(hi >> 10) & 31];
+    str += ENCODING[(hi >> 5) & 31];
+    str += ENCODING[hi & 31];
+    str += ENCODING[(lo >> 15) & 31];
+    str += ENCODING[(lo >> 10) & 31];
+    str += ENCODING[(lo >> 5) & 31];
+    str += ENCODING[lo & 31];
+  }
+  return str;
+}

package/src/security/ssrf-check.js

@@ -0,0 +1,197 @@
+import net from "node:net";
+import { lookup } from "node:dns/promises";
+
+const IPV4_BITS = 32;
+const IPV6_BITS = 128;
+const BLOCKED_HOSTNAME_RE = /^(localhost|localhost\.localdomain|local|internal)$/i;
+const LOOPBACK_HOSTNAME_RE = /^(localhost|localhost\.localdomain)$/i;
+
+const BLOCKED_IPV4_RANGES = [
+  rangeFromPrefix("0.0.0.0", 8, IPV4_BITS),
+  rangeFromPrefix("10.0.0.0", 8, IPV4_BITS),
+  rangeFromPrefix("100.64.0.0", 10, IPV4_BITS),
+  rangeFromPrefix("127.0.0.0", 8, IPV4_BITS),
+  rangeFromPrefix("169.254.0.0", 16, IPV4_BITS),
+  rangeFromPrefix("172.16.0.0", 12, IPV4_BITS),
+  rangeFromPrefix("192.168.0.0", 16, IPV4_BITS),
+  rangeFromPrefix("198.18.0.0", 15, IPV4_BITS),
+];
+
+const LOOPBACK_IPV4_RANGES = [
+  rangeFromPrefix("127.0.0.0", 8, IPV4_BITS),
+];
+
+const BLOCKED_IPV6_RANGES = [
+  rangeFromPrefix("::", 128, IPV6_BITS),
+  rangeFromPrefix("::1", 128, IPV6_BITS),
+  rangeFromPrefix("fc00::", 7, IPV6_BITS),
+  rangeFromPrefix("fe80::", 10, IPV6_BITS),
+  rangeFromPrefix("ff00::", 8, IPV6_BITS),
+];
+
+const LOOPBACK_IPV6_RANGES = [
+  rangeFromPrefix("::1", 128, IPV6_BITS),
+];
+
+export const OUTBOUND_ADDRESS_POLICY = {
+  BLOCK_PRIVATE: "block-private",
+  REQUIRE_LOOPBACK: "require-loopback",
+};
+
+function normaliseAddress(address) {
+  if (typeof address !== "string") return "";
+  if (address.startsWith("[") && address.endsWith("]")) {
+    return address.slice(1, -1);
+  }
+  return address;
+}
+
+function ipv4ToBigInt(address) {
+  return normaliseAddress(address)
+    .split(".")
+    .reduce((value, octet) => (value << 8n) + BigInt(Number(octet)), 0n);
+}
+
+function expandEmbeddedIpv4(address) {
+  if (!address.includes(".")) return address;
+  const lastColon = address.lastIndexOf(":");
+  const ipv4Value = ipv4ToBigInt(address.slice(lastColon + 1));
+  const upper = Number((ipv4Value >> 16n) & 0xffffn).toString(16);
+  const lower = Number(ipv4Value & 0xffffn).toString(16);
+  return `${address.slice(0, lastColon)}:${upper}:${lower}`;
+}
+
+function ipv6ToBigInt(address) {
+  const expanded = expandEmbeddedIpv4(normaliseAddress(address).toLowerCase());
+  const hasCompression = expanded.includes("::");
+  const [head, tail = ""] = expanded.split("::");
+  const headParts = head ? head.split(":").filter(Boolean) : [];
+  const tailParts = tail ? tail.split(":").filter(Boolean) : [];
+  const missingParts = hasCompression ? 8 - (headParts.length + tailParts.length) : 0;
+  const parts = hasCompression
+    ? [...headParts, ...Array(missingParts).fill("0"), ...tailParts]
+    : expanded.split(":");
+
+  if (parts.length !== 8) {
+    throw new Error(`Invalid IPv6 address: ${address}`);
+  }
+
+  return parts.reduce((value, part) => (value << 16n) + BigInt(parseInt(part || "0", 16)), 0n);
+}
+
+function rangeFromPrefix(address, prefixLength, totalBits) {
+  const rawValue = totalBits === IPV4_BITS ? ipv4ToBigInt(address) : ipv6ToBigInt(address);
+  const shift = BigInt(totalBits - prefixLength);
+  const maxValue = (1n << BigInt(totalBits)) - 1n;
+  const mask = shift === 0n ? maxValue : maxValue ^ ((1n << shift) - 1n);
+  const start = rawValue & mask;
+  const end = start | (maxValue ^ mask);
+  return { start, end };
+}
+
+function isAddressInRanges(address, ranges) {
+  const normalised = normaliseAddress(address);
+  const family = net.isIP(normalised);
+  if (family === 4) {
+    const value = ipv4ToBigInt(normalised);
+    return ranges.some((range) => value >= range.start && value <= range.end);
+  }
+  if (family === 6) {
+    const value = ipv6ToBigInt(normalised);
+    return ranges.some((range) => value >= range.start && value <= range.end);
+  }
+  return false;
+}
+
+export function isBlockedIpAddress(address) {
+  return isAddressInRanges(address, BLOCKED_IPV4_RANGES.concat(BLOCKED_IPV6_RANGES));
+}
+
+export function isLoopbackIpAddress(address) {
+  return isAddressInRanges(address, LOOPBACK_IPV4_RANGES.concat(LOOPBACK_IPV6_RANGES));
+}
+
+function policyRejectsHostname(hostname, { addressPolicy, allowLoopbackAddresses }) {
+  if (addressPolicy === OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK) {
+    return !LOOPBACK_HOSTNAME_RE.test(hostname);
+  }
+  if (allowLoopbackAddresses && LOOPBACK_HOSTNAME_RE.test(hostname)) {
+    return false;
+  }
+  return BLOCKED_HOSTNAME_RE.test(hostname);
+}
+
+function policyRejectsAddress(address, { addressPolicy, allowLoopbackAddresses }) {
+  if (addressPolicy === OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK) {
+    return !isLoopbackIpAddress(address);
+  }
+  if (allowLoopbackAddresses && isLoopbackIpAddress(address)) {
+    return false;
+  }
+  return isBlockedIpAddress(address);
+}
+
+export async function inspectOutboundUrl(rawUrl, {
+  lookupImpl = lookup,
+  allowedProtocols = ["http:", "https:"],
+  invalidUrlMessage = "Invalid URL.",
+  invalidProtocolMessage = "Only http:// and https:// URLs are allowed.",
+  privateAddressMessage = "Target resolves to a private/reserved IP address.",
+  loopbackOnlyMessage = "Target must resolve to a loopback address.",
+  addressPolicy = OUTBOUND_ADDRESS_POLICY.BLOCK_PRIVATE,
+  allowLoopbackAddresses = false,
+} = {}) {
+  let parsedUrl;
+  try {
+    parsedUrl = rawUrl instanceof URL ? rawUrl : new URL(rawUrl);
+  } catch {
+    return { ok: false, reason: invalidUrlMessage };
+  }
+
+  if (!allowedProtocols.includes(parsedUrl.protocol)) {
+    return { ok: false, reason: invalidProtocolMessage, parsedUrl };
+  }
+
+  const hostname = parsedUrl.hostname;
+  if (!hostname) {
+    return {
+      ok: false,
+      reason: addressPolicy === OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK ? loopbackOnlyMessage : privateAddressMessage,
+      parsedUrl
+    };
+  }
+
+  if (policyRejectsHostname(hostname, { addressPolicy, allowLoopbackAddresses })) {
+    return {
+      ok: false,
+      reason: addressPolicy === OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK ? loopbackOnlyMessage : privateAddressMessage,
+      parsedUrl
+    };
+  }
+
+  if (net.isIP(normaliseAddress(hostname)) && policyRejectsAddress(hostname, { addressPolicy, allowLoopbackAddresses })) {
+    return {
+      ok: false,
+      reason: addressPolicy === OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK ? loopbackOnlyMessage : privateAddressMessage,
+      parsedUrl
+    };
+  }
+
+  try {
+    const addresses = await lookupImpl(normaliseAddress(hostname), { all: true, verbatim: true });
+    if (addressPolicy === OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK) {
+      if (!addresses.length || addresses.some(({ address }) => !isLoopbackIpAddress(address))) {
+        return { ok: false, reason: loopbackOnlyMessage, parsedUrl };
+      }
+    } else if (addresses.some(({ address }) => policyRejectsAddress(address, { addressPolicy, allowLoopbackAddresses }))) {
+      return { ok: false, reason: privateAddressMessage, parsedUrl };
+    }
+  } catch {
+    if (addressPolicy === OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK) {
+      return { ok: false, reason: loopbackOnlyMessage, parsedUrl };
+    }
+    // Allow downstream fetch errors to surface if DNS resolution fails here.
+  }
+
+  return { ok: true, parsedUrl };
+}