opencode-immune 1.0.20 → 1.0.22

package/dist/plugin.js

@@ -5,6 +5,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const promises_1 = require("fs/promises");
 const path_1 = require("path");
+const crypto_1 = require("crypto");
+const os_1 = require("os");
+const child_process_1 = require("child_process");
 function createState(input) {
     return {
         input,
@@ -440,6 +443,275 @@ async function parseTasksFile(directory) {
     }
 }
 // ═══════════════════════════════════════════════════════════════════════════════
+// HARNESS SYNC — auto-update opencode.json / prompts / rules from GitHub Release
+// ═══════════════════════════════════════════════════════════════════════════════
+const HARNESS_VERSION_FILE = ".harness-version";
+const HARNESS_TOKEN_ENV = "OPENCODE_IMMUNE_TOKEN";
+// Default harness repo — override via OPENCODE_IMMUNE_HARNESS_REPO env or .env
+const DEFAULT_HARNESS_REPO = "gendoor/opencode-immune-harness";
+/**
+ * Parse a .env file and return key-value pairs.
+ * Supports KEY=VALUE, KEY="VALUE", KEY='VALUE', comments (#), empty lines.
+ */
+async function parseDotEnv(filePath) {
+    const result = {};
+    try {
+        const content = await (0, promises_1.readFile)(filePath, "utf-8");
+        for (const line of content.split("\n")) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith("#"))
+                continue;
+            const eqIndex = trimmed.indexOf("=");
+            if (eqIndex === -1)
+                continue;
+            const key = trimmed.slice(0, eqIndex).trim();
+            let value = trimmed.slice(eqIndex + 1).trim();
+            // Strip surrounding quotes
+            if ((value.startsWith('"') && value.endsWith('"')) ||
+                (value.startsWith("'") && value.endsWith("'"))) {
+                value = value.slice(1, -1);
+            }
+            result[key] = value;
+        }
+    }
+    catch {
+        // .env doesn't exist — that's fine
+    }
+    return result;
+}
+/**
+ * Resolve a config value with priority chain:
+ *   1. process.env (shell-level override)
+ *   2. .env in project root (per-project)
+ *   3. ~/.config/opencode-immune/.env (global, shared across all projects)
+ */
+async function resolveEnvValue(directory, key) {
+    // 1. process.env takes priority
+    if (process.env[key])
+        return process.env[key];
+    // 2. Per-project .env
+    const projectEnv = await parseDotEnv((0, path_1.join)(directory, ".env"));
+    if (projectEnv[key])
+        return projectEnv[key];
+    // 3. Global config
+    const home = process.env.HOME || process.env.USERPROFILE || "";
+    if (home) {
+        const globalEnv = await parseDotEnv((0, path_1.join)(home, ".config", "opencode-immune", ".env"));
+        if (globalEnv[key])
+            return globalEnv[key];
+    }
+    return undefined;
+}
+/**
+ * Fetch latest release info from the harness GitHub repo.
+ * Returns null if token is missing, network fails, or no release found.
+ */
+async function fetchLatestHarnessRelease(repo, token) {
+    try {
+        const url = `https://api.github.com/repos/${repo}/releases/latest`;
+        const resp = await fetch(url, {
+            headers: {
+                Authorization: `Bearer ${token}`,
+                Accept: "application/vnd.github+json",
+                "X-GitHub-Api-Version": "2022-11-28",
+            },
+        });
+        if (!resp.ok) {
+            if (resp.status === 404) {
+                console.log(`[opencode-immune] Harness sync: no releases found in ${repo}`);
+            }
+            else {
+                console.warn(`[opencode-immune] Harness sync: GitHub API returned ${resp.status} ${resp.statusText}`);
+            }
+            return null;
+        }
+        const data = (await resp.json());
+        const tagName = data.tag_name;
+        if (!tagName)
+            return null;
+        // Find the harness.tar.gz asset
+        const asset = data.assets?.find((a) => a.name === "harness.tar.gz");
+        if (!asset) {
+            console.warn(`[opencode-immune] Harness sync: release ${tagName} has no harness.tar.gz asset`);
+            return null;
+        }
+        return {
+            tagName,
+            // Use the API URL (not browser_download_url) so auth header works
+            assetUrl: asset.url,
+        };
+    }
+    catch (err) {
+        console.warn(`[opencode-immune] Harness sync: failed to fetch release info:`, err instanceof Error ? err.message : String(err));
+        return null;
+    }
+}
+/**
+ * Read the currently installed harness version from .opencode/.harness-version.
+ * Returns null if file doesn't exist.
+ */
+async function readLocalHarnessVersion(directory) {
+    try {
+        const versionPath = (0, path_1.join)(directory, ".opencode", HARNESS_VERSION_FILE);
+        const content = await (0, promises_1.readFile)(versionPath, "utf-8");
+        return content.trim() || null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Download a GitHub release asset (tar.gz) using the API URL with auth.
+ * Returns the path to the downloaded temp file.
+ */
+async function downloadHarnessAsset(assetUrl, token) {
+    const resp = await fetch(assetUrl, {
+        headers: {
+            Authorization: `Bearer ${token}`,
+            Accept: "application/octet-stream",
+            "X-GitHub-Api-Version": "2022-11-28",
+        },
+        redirect: "follow",
+    });
+    if (!resp.ok) {
+        throw new Error(`Download failed: ${resp.status} ${resp.statusText}`);
+    }
+    const buffer = Buffer.from(await resp.arrayBuffer());
+    const tempPath = (0, path_1.join)((0, os_1.tmpdir)(), `harness-${Date.now()}.tar.gz`);
+    await (0, promises_1.writeFile)(tempPath, buffer);
+    return tempPath;
+}
+/**
+ * Extract tar.gz to a temporary directory.
+ * Returns the path to the temp extraction directory.
+ */
+function extractTarGz(archivePath, destDir) {
+    return new Promise((resolve, reject) => {
+        (0, child_process_1.execFile)("tar", ["xzf", archivePath, "-C", destDir], (err) => {
+            if (err)
+                reject(err);
+            else
+                resolve();
+        });
+    });
+}
+/**
+ * Recursively copy all files from src to dest, creating directories as needed.
+ * Overwrites existing files.
+ */
+async function copyDirRecursive(src, dest) {
+    const entries = await (0, promises_1.readdir)(src, { withFileTypes: true });
+    await (0, promises_1.mkdir)(dest, { recursive: true });
+    for (const entry of entries) {
+        const srcPath = (0, path_1.join)(src, entry.name);
+        const destPath = (0, path_1.join)(dest, entry.name);
+        if (entry.isDirectory()) {
+            await copyDirRecursive(srcPath, destPath);
+        }
+        else {
+            await (0, promises_1.mkdir)((0, path_1.dirname)(destPath), { recursive: true });
+            await (0, promises_1.copyFile)(srcPath, destPath);
+        }
+    }
+}
+/**
+ * Compute SHA-256 hash of a file. Returns empty string if file doesn't exist.
+ */
+async function fileHash(filePath) {
+    try {
+        const content = await (0, promises_1.readFile)(filePath);
+        return (0, crypto_1.createHash)("sha256").update(content).digest("hex");
+    }
+    catch {
+        return "";
+    }
+}
+/**
+ * Main harness sync function. Called once during plugin initialization.
+ *
+ * Flow:
+ * 1. Read OPENCODE_IMMUNE_TOKEN from env — skip if missing
+ * 2. Fetch latest release from harness repo
+ * 3. Compare tag with local .harness-version — skip if same
+ * 4. Download tar.gz asset
+ * 5. Extract to temp dir
+ * 6. Hash opencode.json before overwrite
+ * 7. Copy files to project root (overwrite)
+ * 8. Write new .harness-version
+ * 9. Hash opencode.json after — warn if changed (restart needed)
+ * 10. Cleanup temp files
+ */
+async function syncHarness(state) {
+    const token = await resolveEnvValue(state.input.directory, HARNESS_TOKEN_ENV);
+    if (!token) {
+        // No token — graceful degradation, no sync
+        return;
+    }
+    const repo = (await resolveEnvValue(state.input.directory, "OPENCODE_IMMUNE_HARNESS_REPO"))
+        || DEFAULT_HARNESS_REPO;
+    try {
+        // 1. Fetch latest release
+        const release = await fetchLatestHarnessRelease(repo, token);
+        if (!release)
+            return;
+        // 2. Compare versions
+        const localVersion = await readLocalHarnessVersion(state.input.directory);
+        if (localVersion === release.tagName) {
+            console.log(`[opencode-immune] Harness sync: already up to date (${release.tagName})`);
+            return;
+        }
+        console.log(`[opencode-immune] Harness sync: updating ${localVersion ?? "(none)"} → ${release.tagName}`);
+        // 3. Hash opencode.json before update
+        const configPath = (0, path_1.join)(state.input.directory, "opencode.json");
+        const hashBefore = await fileHash(configPath);
+        // 4. Download asset
+        const archivePath = await downloadHarnessAsset(release.assetUrl, token);
+        // 5. Extract to temp dir
+        const extractDir = (0, path_1.join)((0, os_1.tmpdir)(), `harness-extract-${Date.now()}`);
+        await (0, promises_1.mkdir)(extractDir, { recursive: true });
+        try {
+            await extractTarGz(archivePath, extractDir);
+            // 6. Copy extracted files to project root
+            // The archive contains: opencode.json, .opencode/prompts/**, rules/**, .gitignore, .opencode/.gitignore
+            await copyDirRecursive(extractDir, state.input.directory);
+            // 7. Write version marker
+            const versionDir = (0, path_1.join)(state.input.directory, ".opencode");
+            await (0, promises_1.mkdir)(versionDir, { recursive: true });
+            await (0, promises_1.writeFile)((0, path_1.join)(versionDir, HARNESS_VERSION_FILE), release.tagName + "\n", "utf-8");
+            // 8. Check if opencode.json changed
+            const hashAfter = await fileHash(configPath);
+            if (hashBefore && hashAfter && hashBefore !== hashAfter) {
+                console.warn(`[opencode-immune] ⚠ Harness sync: opencode.json was updated. ` +
+                    `Please restart opencode for the new agent configuration to take effect.`);
+            }
+            console.log(`[opencode-immune] Harness sync: successfully updated to ${release.tagName}`);
+            await writeDiagnosticLog(state, "harness-sync:success", {
+                from: localVersion,
+                to: release.tagName,
+                configChanged: hashBefore !== hashAfter,
+            });
+        }
+        finally {
+            // 9. Cleanup temp files
+            try {
+                await (0, promises_1.unlink)(archivePath);
+            }
+            catch { /* ignore */ }
+            try {
+                await (0, promises_1.rm)(extractDir, { recursive: true, force: true });
+            }
+            catch { /* ignore */ }
+        }
+    }
+    catch (err) {
+        // Sync failure must never prevent plugin from working
+        console.warn(`[opencode-immune] Harness sync failed:`, err instanceof Error ? err.message : String(err));
+        await writeDiagnosticLog(state, "harness-sync:error", {
+            error: err instanceof Error ? err.message : String(err),
+        });
+    }
+}
+// ═══════════════════════════════════════════════════════════════════════════════
 // HOOK 1: TODO ENFORCER
 // ═══════════════════════════════════════════════════════════════════════════════
 /**
@@ -914,9 +1186,12 @@ const ALL_CYCLES_COMPLETE_MARKER = "0-ULTRAWORK: ALL_CYCLES_COMPLETE";
 /**
  * experimental.text.complete: scans completed assistant text for signal markers.
  *
- * PRE_COMMIT → executes /commit via client.session.command()
- * CYCLE_COMPLETE → creates a new session and sends bootstrap prompt
- * ALL_CYCLES_COMPLETE → clears ultrawork marker
+ * KEY INSIGHT: text.complete fires per text-part, not per message.
+ * PRE_COMMIT and CYCLE_COMPLETE are in DIFFERENT text parts.
+ * Therefore CYCLE_COMPLETE handler must be self-contained:
+ * it always runs /commit first, then creates a new session.
+ *
+ * ALL_CYCLES_COMPLETE → clears ultrawork marker, no new session.
  */
 function createTextCompleteHandler(state) {
     return async (input, output) => {
@@ -927,33 +1202,51 @@ function createTextCompleteHandler(state) {
         // ── ALL_CYCLES_COMPLETE: clear ultrawork marker ──
         if (text.includes(ALL_CYCLES_COMPLETE_MARKER)) {
             await clearUltraworkMarker(state);
-            console.log("[opencode-immune] Multi-Cycle: ALL_CYCLES_COMPLETE detected in text.complete, ultrawork marker cleared.");
+            console.log("[opencode-immune] Multi-Cycle: ALL_CYCLES_COMPLETE detected, marker cleared.");
+            return;
         }
-        // ── PRE_COMMIT: execute /commit ──
-        if (text.includes(PRE_COMMIT_MARKER) && !state.commitPending && sessionID) {
-            state.commitPending = true;
-            console.log("[opencode-immune] Multi-Cycle: PRE_COMMIT detected in text.complete, executing /commit...");
-            setTimeout(async () => {
+        // ── PRE_COMMIT only (without CYCLE_COMPLETE in same part): run commit ──
+        if (text.includes(PRE_COMMIT_MARKER) && !text.includes(CYCLE_COMPLETE_MARKER)) {
+            if (!state.commitPending && sessionID) {
+                state.commitPending = true;
+                console.log("[opencode-immune] Multi-Cycle: PRE_COMMIT detected (standalone), executing /commit...");
                 try {
                     await state.input.client.session.command({
-                        body: {
-                            command: "/commit",
-                            arguments: "",
-                        },
+                        body: { command: "/commit", arguments: "" },
                         path: { id: sessionID },
                     });
-                    console.log("[opencode-immune] Multi-Cycle: /commit executed successfully.");
+                    console.log("[opencode-immune] Multi-Cycle: /commit completed (standalone).");
                 }
                 catch (err) {
-                    console.error("[opencode-immune] Multi-Cycle: /commit failed:", err);
+                    console.error("[opencode-immune] Multi-Cycle: /commit failed (standalone):", err);
                 }
                 finally {
                     state.commitPending = false;
                 }
-            }, 2_000);
+            }
+            return;
         }
-        // ── CYCLE_COMPLETE: create new session ──
+        // ── CYCLE_COMPLETE: self-contained sequence: commit → new session ──
         if (text.includes(CYCLE_COMPLETE_MARKER)) {
+            // Step 1: Always commit first (CYCLE_COMPLETE implies end of cycle)
+            if (sessionID && !state.commitPending) {
+                state.commitPending = true;
+                console.log("[opencode-immune] Multi-Cycle: CYCLE_COMPLETE detected, running /commit first...");
+                try {
+                    await state.input.client.session.command({
+                        body: { command: "/commit", arguments: "" },
+                        path: { id: sessionID },
+                    });
+                    console.log("[opencode-immune] Multi-Cycle: /commit completed before new cycle.");
+                }
+                catch (err) {
+                    console.error("[opencode-immune] Multi-Cycle: /commit failed (continuing anyway):", err);
+                }
+                finally {
+                    state.commitPending = false;
+                }
+            }
+            // Step 2: Create new session
             state.cycleCount++;
             if (state.cycleCount >= MAX_CYCLES) {
                 console.log(`[opencode-immune] Multi-Cycle: MAX_CYCLES (${MAX_CYCLES}) reached. Not creating new session.`);
@@ -962,42 +1255,38 @@ function createTextCompleteHandler(state) {
             }
             const taskMatch = text.match(NEXT_TASK_PATTERN);
             const nextTask = taskMatch?.[1]?.trim() ?? "Continue processing task backlog";
-            console.log(`[opencode-immune] Multi-Cycle: CYCLE_COMPLETE detected in text.complete (cycle ${state.cycleCount}/${MAX_CYCLES}). ` +
-                `Creating new session for: "${nextTask}"`);
-            // Delay to let commit finish
-            setTimeout(async () => {
-                try {
-                    const createResult = await state.input.client.session.create({
-                        body: {
-                            title: `Ultrawork Cycle ${state.cycleCount + 1}`,
-                        },
-                    });
-                    const newSessionData = createResult?.data;
-                    const newSessionID = newSessionData?.id;
-                    if (!newSessionID) {
-                        console.error("[opencode-immune] Multi-Cycle: Failed to create new session — no session ID returned.");
-                        return;
-                    }
-                    console.log(`[opencode-immune] Multi-Cycle: New session created: ${newSessionID}`);
-                    await addManagedUltraworkSession(state, newSessionID);
-                    await state.input.client.session.promptAsync({
-                        body: {
-                            agent: ULTRAWORK_AGENT,
-                            parts: [
-                                {
-                                    type: "text",
-                                    text: `[AUTO-CYCLE] Continue processing task backlog. Read memory-bank/tasks.md and memory-bank/backlog.md, pick the next pending task, and run the full pipeline.`,
-                                },
-                            ],
-                        },
-                        path: { id: newSessionID },
-                    });
-                    console.log(`[opencode-immune] Multi-Cycle: Bootstrap prompt sent to new session ${newSessionID}`);
-                }
-                catch (err) {
-                    console.error("[opencode-immune] Multi-Cycle: Failed to create new session or send prompt:", err);
+            console.log(`[opencode-immune] Multi-Cycle: Creating new session (cycle ${state.cycleCount}/${MAX_CYCLES}) for: "${nextTask}"`);
+            try {
+                const createResult = await state.input.client.session.create({
+                    body: {
+                        title: `Ultrawork Cycle ${state.cycleCount + 1}`,
+                    },
+                });
+                const newSessionData = createResult?.data;
+                const newSessionID = newSessionData?.id;
+                if (!newSessionID) {
+                    console.error("[opencode-immune] Multi-Cycle: Failed to create new session — no ID returned.");
+                    return;
                 }
-            }, 8_000);
+                console.log(`[opencode-immune] Multi-Cycle: New session created: ${newSessionID}`);
+                await addManagedUltraworkSession(state, newSessionID);
+                await state.input.client.session.promptAsync({
+                    body: {
+                        agent: ULTRAWORK_AGENT,
+                        parts: [
+                            {
+                                type: "text",
+                                text: `[AUTO-CYCLE] Continue processing task backlog. Read memory-bank/tasks.md and memory-bank/backlog.md, pick the next pending task, and run the full pipeline.`,
+                            },
+                        ],
+                    },
+                    path: { id: newSessionID },
+                });
+                console.log(`[opencode-immune] Multi-Cycle: Bootstrap prompt sent to ${newSessionID}`);
+            }
+            catch (err) {
+                console.error("[opencode-immune] Multi-Cycle: Failed to create session or send prompt:", err);
+            }
         }
     };
 }
@@ -1048,6 +1337,12 @@ function createMultiCycleHandler(state) {
 // ═══════════════════════════════════════════════════════════════════════════════
 async function server(input) {
     const state = createState(input);
+    // ── Harness auto-sync (non-blocking, fire-and-forget) ──
+    // Runs in background so it doesn't delay plugin initialization.
+    // If sync fails, plugin continues normally with existing config.
+    syncHarness(state).catch((err) => {
+        console.warn(`[opencode-immune] Harness sync background error:`, err instanceof Error ? err.message : String(err));
+    });
     // Eagerly load recovery context at plugin init so it's available
     // for the very first system.transform call (before chat.params fires).
     const markerActive = await isUltraworkMarkerActive(state);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-immune",
-  "version": "1.0.20",
+  "version": "1.0.22",
   "description": "OpenCode plugin: session recovery, auto-retry, multi-cycle automation, context monitoring",
   "exports": {
     "./server": "./dist/plugin.js"