pairling 0.0.1 → 0.1.0

package/payload/mac/companiond/terminal_screen_backend.py

@@ -0,0 +1,332 @@
+from __future__ import annotations
+
+import hashlib
+import importlib.util
+import json
+import os
+import re
+from dataclasses import dataclass
+from typing import Any, Protocol
+
+
+PENDING_INPUT_PARSER_VERSION = "terminal_pending_input_v2_2026_06_08"
+
+
+@dataclass(frozen=True)
+class TerminalCell:
+    text: str
+    width: int = 1
+    fg: str = "default"
+    bg: str = "default"
+    bold: bool = False
+    italic: bool = False
+    underline: bool = False
+    inverse: bool = False
+    link_id: str | None = None
+
+
+@dataclass(frozen=True)
+class TerminalRow:
+    index: int
+    cells: tuple[TerminalCell, ...]
+    wrapped: bool = False
+    dirty_generation: int = 0
+
+
+@dataclass(frozen=True)
+class TerminalCursor:
+    row: int | None
+    column: int | None
+    visible: bool = True
+    style: str = "block"
+
+
+def detect_terminal_pending_input(rows: list[str]) -> dict[str, Any] | None:
+    choice_re = re.compile(r"^\s*(?P<selected>[>›]?)\s*(?P<id>\d+)[.)]\s+(?P<body>.+?)\s*$")
+    choices: list[dict[str, Any]] = []
+    prompt = ""
+    for idx, row in enumerate(rows):
+        match = choice_re.match(row)
+        if not match:
+            continue
+        body = match.group("body").strip()
+        label = body
+        description = ""
+        split = re.split(r"\s{2,}", body, maxsplit=1)
+        if len(split) == 2:
+            label, description = split[0].strip(), split[1].strip()
+        choices.append({
+            "id": match.group("id"),
+            "label": label,
+            "description": description,
+            "selected": bool(match.group("selected")),
+        })
+        if not prompt:
+            for prev in reversed(rows[:idx]):
+                prev = prev.strip()
+                if prev:
+                    prompt = prev
+                    break
+
+    lowered = "\n".join(rows).lower()
+    update_prompt = next((row.strip() for row in rows if "update available" in row.lower()), "")
+    if update_prompt:
+        return {
+            "state": "maintenance_update",
+            "confidence": "high" if choices else "medium",
+            "prompt": update_prompt,
+            "kind": "codex_update",
+            "choices": choices,
+        }
+
+    if len(choices) >= 2:
+        return {
+            "state": "awaiting_selection",
+            "confidence": "high",
+            "prompt": prompt,
+            "choices": choices,
+        }
+
+    if "press enter" in lowered or "confirm" in lowered:
+        return {
+            "state": "awaiting_confirmation",
+            "confidence": "medium",
+            "prompt": next((r.strip() for r in rows if r.strip()), ""),
+            "choices": [],
+        }
+
+    text_prompt_markers = (
+        "enter new goal",
+        "new goal",
+        "what should the goal be",
+        "type your response",
+        "resume from",
+    )
+    for row in rows:
+        stripped = row.strip()
+        lowered_row = stripped.lower()
+        if not stripped:
+            continue
+        if any(marker in lowered_row for marker in text_prompt_markers) or (
+            stripped.endswith(":") and any(marker in lowered for marker in ("goal", "resume", "prompt"))
+        ):
+            return {
+                "state": "awaiting_text",
+                "confidence": "medium",
+                "prompt": stripped,
+                "choices": [],
+            }
+    return None
+
+
+@dataclass(frozen=True)
+class TerminalScreenState:
+    rows: int
+    columns: int
+    generation: int
+    raw_offset: int
+    source: str
+    backend: str
+    title: str | None
+    alternate_screen: bool
+    cursor: TerminalCursor
+    visible_rows: tuple[TerminalRow, ...]
+    dirty_row_indexes: tuple[int, ...]
+    capabilities: tuple[str, ...]
+    pending_input: dict[str, Any] | None = None
+    pending_input_detection: dict[str, Any] | None = None
+    degraded_reason: str | None = None
+    links: dict[str, str] | None = None
+
+
+class TerminalScreenBackend(Protocol):
+    def feed(self, data: bytes, *, raw_offset: int) -> TerminalScreenState:
+        ...
+
+    def resize(self, rows: int, columns: int) -> TerminalScreenState:
+        ...
+
+    def snapshot(self) -> TerminalScreenState:
+        ...
+
+    def dirty_delta(self, *, since_generation: int) -> TerminalScreenState | None:
+        ...
+
+
+class VTScreenBackend:
+    def __init__(self, screen: Any, *, source: str = "broker_vt", backend: str = "pty_broker") -> None:
+        self.screen = screen
+        self.source = source
+        self.backend = backend
+        self.generation = 0
+        self.raw_offset = 0
+        self._dirty_row_indexes: tuple[int, ...] = tuple(range(int(getattr(screen, "rows", 0) or 0)))
+
+    def feed(self, data: bytes, *, raw_offset: int) -> TerminalScreenState:
+        self.screen.feed(data)
+        self.generation += 1
+        self.raw_offset = max(self.raw_offset, int(raw_offset or 0))
+        self._dirty_row_indexes = tuple(range(int(getattr(self.screen, "rows", 0) or 0)))
+        return self.snapshot()
+
+    def resize(self, rows: int, columns: int) -> TerminalScreenState:
+        if hasattr(self.screen, "resize"):
+            self.screen.resize(rows, columns)
+        self.generation += 1
+        self._dirty_row_indexes = tuple(range(int(getattr(self.screen, "rows", rows) or rows)))
+        return self.snapshot()
+
+    def snapshot(self) -> TerminalScreenState:
+        if hasattr(self.screen, "cell_rows"):
+            cell_rows = self.screen.cell_rows()
+            text_rows = ["".join(str(cell.get("text", "")) for cell in row).rstrip() for row in cell_rows]
+            row_count = int(getattr(self.screen, "rows", len(cell_rows)) or len(cell_rows))
+            visible_rows = tuple(
+                TerminalRow(
+                    index=index,
+                    cells=tuple(TerminalCell(**cell) for cell in row),
+                    wrapped=bool(getattr(self.screen, "wrapped", [False] * len(cell_rows))[index]),
+                    dirty_generation=self.generation,
+                )
+                for index, row in enumerate(cell_rows)
+            )
+        else:
+            rows = list(self.screen.text_rows())
+            text_rows = rows
+            row_count = int(getattr(self.screen, "rows", len(rows)) or len(rows))
+            visible_rows = tuple(
+                TerminalRow(
+                    index=index,
+                    cells=tuple(TerminalCell(text=ch) for ch in row),
+                    wrapped=False,
+                    dirty_generation=self.generation,
+                )
+                for index, row in enumerate(rows)
+            )
+        capabilities = ["cells", "attributes", "cursor", "dirty_rows", "raw_offset", "control_receipts"]
+        if getattr(self.screen, "title", None):
+            capabilities.append("title")
+        if getattr(self.screen, "links", None):
+            capabilities.append("links")
+        if getattr(self.screen, "alternate_screen", False):
+            capabilities.append("alternate_screen")
+        cursor = TerminalCursor(
+            row=getattr(self.screen, "cursor_row", None),
+            column=getattr(self.screen, "cursor_col", None),
+            visible=True,
+        )
+        pending_input = detect_terminal_pending_input(text_rows)
+        pending_detection = {
+            "status": "ran",
+            "parser_version": PENDING_INPUT_PARSER_VERSION,
+            "surface": "v2",
+            "confidence": pending_input.get("confidence") if pending_input else None,
+            "reason": None,
+        }
+        return TerminalScreenState(
+            rows=row_count,
+            columns=int(getattr(self.screen, "columns", 0) or 0),
+            generation=self.generation,
+            raw_offset=self.raw_offset,
+            source=self.source,
+            backend=self.backend,
+            title=getattr(self.screen, "title", None),
+            alternate_screen=bool(getattr(self.screen, "alternate_screen", False)),
+            cursor=cursor,
+            visible_rows=visible_rows,
+            dirty_row_indexes=self._dirty_row_indexes,
+            capabilities=tuple(dict.fromkeys(capabilities)),
+            pending_input=pending_input,
+            pending_input_detection=pending_detection,
+            links=dict(getattr(self.screen, "links", {}) or {}),
+        )
+
+    def dirty_delta(self, *, since_generation: int) -> TerminalScreenState | None:
+        if self.generation <= int(since_generation or 0):
+            return None
+        return self.snapshot()
+
+
+class DegradedTerminalScreenBackend:
+    def __init__(self, fallback: TerminalScreenBackend, *, reason: str, requested_backend: str) -> None:
+        self.fallback = fallback
+        self.reason = reason
+        self.requested_backend = requested_backend
+
+    @property
+    def generation(self) -> int:
+        return int(getattr(self.fallback, "generation", 0) or 0)
+
+    @property
+    def raw_offset(self) -> int:
+        return int(getattr(self.fallback, "raw_offset", 0) or 0)
+
+    def feed(self, data: bytes, *, raw_offset: int) -> TerminalScreenState:
+        return self._degrade(self.fallback.feed(data, raw_offset=raw_offset))
+
+    def resize(self, rows: int, columns: int) -> TerminalScreenState:
+        return self._degrade(self.fallback.resize(rows, columns))
+
+    def snapshot(self) -> TerminalScreenState:
+        return self._degrade(self.fallback.snapshot())
+
+    def dirty_delta(self, *, since_generation: int) -> TerminalScreenState | None:
+        state = self.fallback.dirty_delta(since_generation=since_generation)
+        return self._degrade(state) if state is not None else None
+
+    def _degrade(self, state: TerminalScreenState) -> TerminalScreenState:
+        return TerminalScreenState(
+            rows=state.rows,
+            columns=state.columns,
+            generation=state.generation,
+            raw_offset=state.raw_offset,
+            source=state.source,
+            backend=state.backend,
+            title=state.title,
+            alternate_screen=state.alternate_screen,
+            cursor=state.cursor,
+            visible_rows=state.visible_rows,
+            dirty_row_indexes=state.dirty_row_indexes,
+            capabilities=state.capabilities,
+            pending_input=state.pending_input,
+            pending_input_detection=state.pending_input_detection,
+            degraded_reason=self.reason,
+            links=state.links,
+        )
+
+
+class PyteScreenBackend:
+    def __init__(self, *, rows: int, columns: int, source: str = "broker_vt", backend: str = "pyte") -> None:
+        if importlib.util.find_spec("pyte") is None or importlib.util.find_spec("wcwidth") is None:
+            raise RuntimeError("parser_backend_unavailable")
+        raise NotImplementedError("pyte backend is not selected until packaging proof exists")
+
+
+def create_terminal_screen_backend(screen: Any, *, backend_name: str | None = None) -> TerminalScreenBackend:
+    requested = (backend_name or os.environ.get("PAIRLING_TERMINAL_BACKEND") or "vt").strip().lower()
+    fallback = VTScreenBackend(screen)
+    if requested in {"", "vt", "vtscreen", "pty_broker"}:
+        return fallback
+    if requested == "pyte":
+        try:
+            return PyteScreenBackend(
+                rows=int(getattr(screen, "rows", 30) or 30),
+                columns=int(getattr(screen, "columns", 120) or 120),
+            )
+        except (RuntimeError, NotImplementedError):
+            return DegradedTerminalScreenBackend(
+                fallback,
+                reason="parser_backend_unavailable",
+                requested_backend="pyte",
+            )
+    return DegradedTerminalScreenBackend(
+        fallback,
+        reason="parser_backend_unavailable",
+        requested_backend=requested,
+    )
+
+
+def semantic_hash(material: dict[str, Any]) -> str:
+    return "sha256:" + hashlib.sha256(
+        json.dumps(material, sort_keys=True, separators=(",", ":")).encode("utf-8")
+    ).hexdigest()

package/payload/mac/companiond/terminal_text_sanitizer.py

@@ -0,0 +1,54 @@
+from __future__ import annotations
+
+
+TERMINAL_TEXT_MAX_CHARS = 8000
+TERMINAL_TEXT_SUBMIT_MAX_CHARS = 2000
+_BRACKETED_PASTE_START = "\x1b[200~"
+_BRACKETED_PASTE_END = "\x1b[201~"
+_BIDI_CONTROL_CODES = {
+    0x061C,  # Arabic Letter Mark
+    0x200E,  # Left-to-Right Mark
+    0x200F,  # Right-to-Left Mark
+    *range(0x202A, 0x202F),  # bidi embedding/override/pop controls
+    *range(0x2066, 0x206A),  # bidi isolate/pop controls
+}
+
+
+def terminal_text_rejection_reason(text: str, *, allow_newline: bool) -> tuple[str, str] | None:
+    if _BRACKETED_PASTE_START in text or _BRACKETED_PASTE_END in text:
+        return "bracketed_paste_delimiter", "bracketed paste delimiters are not accepted from clients"
+    for ch in text:
+        code = ord(ch)
+        if ch == "\n":
+            if allow_newline:
+                continue
+            return "multi_line_text", "terminal text must be single-line"
+        if ch == "\t" and allow_newline:
+            continue
+        if code == 0x1B:
+            return "escape_not_allowed", "ESC is not accepted in terminal text"
+        if code in _BIDI_CONTROL_CODES:
+            return "bidi_control_not_allowed", "Unicode bidi controls are not accepted in terminal text"
+        if code < 0x20:
+            return "c0_not_allowed", "C0 control characters are not accepted in terminal text"
+        if code == 0x7F or 0x80 <= code <= 0x9F:
+            return "c1_or_del_not_allowed", "DEL and C1 control characters are not accepted in terminal text"
+    return None
+
+
+def sanitize_terminal_text_input(
+    text: str,
+    *,
+    allow_newline: bool,
+    max_chars: int,
+) -> tuple[str | None, dict | None]:
+    rejection = terminal_text_rejection_reason(text, allow_newline=allow_newline)
+    if rejection:
+        code, message = rejection
+        return None, {"code": code, "message": message, "status": 400}
+    cleaned = text.strip()
+    if not cleaned:
+        return None, {"code": "empty_text", "message": "terminal text cannot be empty", "status": 400}
+    if len(cleaned) > max_chars:
+        return None, {"code": "text_too_long", "message": f"terminal text exceeds {max_chars} chars", "status": 413}
+    return cleaned, None

package/payload/mac/companiond/workstate_feed_contract.py

@@ -0,0 +1,108 @@
+"""Read-only workstate feed contract for the Pairling Mac daemon."""
+
+from __future__ import annotations
+
+import json
+import os
+import subprocess
+from pathlib import Path
+from typing import Mapping
+
+
+DEFAULT_SINCE = "0000-01-01T00:00:00.000Z"
+DEFAULT_LIMIT = 50
+DEFAULT_MAX_LIMIT = 200
+DEFAULT_ORGANIZER_BIN = str(Path.home() / "projects" / "metal-perception-memory-substrate" / "organizer")
+DEFAULT_ORGANIZER_CONFIG = str(Path.home() / "projects" / "metal-perception-memory-substrate" / "organizer.yaml")
+
+
+class WorkstateFeedError(ValueError):
+    pass
+
+
+def _env(env: Mapping[str, str] | None) -> Mapping[str, str]:
+    return os.environ if env is None else env
+
+
+def workstate_feed_max_limit(env: Mapping[str, str] | None = None) -> int:
+    current_env = _env(env)
+    try:
+        value = int(current_env.get("COMPANION_WORKSTATE_FEED_MAX_LIMIT", str(DEFAULT_MAX_LIMIT)))
+    except ValueError:
+        return DEFAULT_MAX_LIMIT
+    return max(1, min(value, 1000))
+
+
+def organizer_bin(env: Mapping[str, str] | None = None) -> str:
+    return _env(env).get("WORKSTATE_ORGANIZER_BIN") or DEFAULT_ORGANIZER_BIN
+
+
+def organizer_config(env: Mapping[str, str] | None = None) -> str:
+    return _env(env).get("WORKSTATE_ORGANIZER_CONFIG") or DEFAULT_ORGANIZER_CONFIG
+
+
+def build_workstate_feed_command(
+    run: str | Path,
+    since: str = DEFAULT_SINCE,
+    limit: int = DEFAULT_LIMIT,
+    event_types: list[str] | None = None,
+    *,
+    organizer: str | None = None,
+    config: str | None = None,
+    env: Mapping[str, str] | None = None,
+) -> list[str]:
+    if not str(run).strip():
+        raise WorkstateFeedError("run is required")
+    if limit <= 0:
+        raise WorkstateFeedError("limit must be positive")
+
+    current_limit = min(limit, workstate_feed_max_limit(env))
+    command = [
+        organizer or organizer_bin(env),
+        "--config",
+        config or organizer_config(env),
+        "workstate",
+        "feed",
+        "--run",
+        str(run),
+        "--since",
+        since,
+        "--limit",
+        str(current_limit),
+        "--json",
+    ]
+    for event_type in event_types or []:
+        if not event_type or len(event_type) > 120:
+            raise WorkstateFeedError("event type must be a non-empty bounded string")
+        command.extend(["--type", event_type])
+    return command
+
+
+def fetch_workstate_feed(
+    run: str | Path,
+    since: str = DEFAULT_SINCE,
+    limit: int = DEFAULT_LIMIT,
+    event_types: list[str] | None = None,
+    *,
+    timeout_seconds: float = 5.0,
+    env: Mapping[str, str] | None = None,
+) -> dict:
+    command = build_workstate_feed_command(run, since=since, limit=limit, event_types=event_types, env=env)
+    try:
+        completed = subprocess.run(command, capture_output=True, text=True, timeout=timeout_seconds, check=False)
+    except OSError as exc:
+        raise WorkstateFeedError(f"could not execute workstate feed adapter: {exc}") from exc
+    except subprocess.TimeoutExpired as exc:
+        raise WorkstateFeedError("workstate feed adapter timed out") from exc
+    if completed.returncode != 0:
+        detail = (completed.stderr or completed.stdout or "").strip()[:500]
+        raise WorkstateFeedError(f"workstate feed adapter failed: {detail}")
+    try:
+        payload = json.loads(completed.stdout)
+    except json.JSONDecodeError as exc:
+        raise WorkstateFeedError("workstate feed adapter returned invalid JSON") from exc
+    if payload.get("feed") != "workstate.readonly.v1" or payload.get("read_only") is not True:
+        raise WorkstateFeedError("workstate feed adapter returned an unexpected contract")
+    payload["consumer"] = "pairling"
+    payload["adapter"] = "pairling.workstate_feed"
+    return payload

package/payload/mac/connectd/cmd/pairling-connectd/auth_open_test.go

@@ -0,0 +1,116 @@
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"dev.pairling/connectd/internal/status"
+)
+
+func TestAuthOpenEndpointOpensStoredURLWithoutReturningIt(t *testing.T) {
+	store := status.NewStore("pairling-inst-test")
+	rawAuthURL := "https://login.tailscale.com/a/secret-auth-token?next=pairling"
+	store.SetAuthPending("approve at " + rawAuthURL)
+
+	originalOpenAuthURL := openAuthURL
+	defer func() { openAuthURL = originalOpenAuthURL }()
+	var openedURL string
+	openAuthURL = func(rawURL string) error {
+		openedURL = rawURL
+		return nil
+	}
+
+	req := httptest.NewRequest(http.MethodPost, "/auth/open", nil)
+	req.RemoteAddr = "127.0.0.1:54321"
+	rec := httptest.NewRecorder()
+	handleAuthOpen(rec, req, store)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
+	}
+	if openedURL != rawAuthURL {
+		t.Fatalf("opened URL = %q, want raw in-memory auth URL", openedURL)
+	}
+	if strings.Contains(rec.Body.String(), "secret-auth-token") || strings.Contains(rec.Body.String(), "login.tailscale.com/a/") {
+		t.Fatalf("auth/open response leaked auth URL: %s", rec.Body.String())
+	}
+	var body map[string]any
+	if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
+		t.Fatal(err)
+	}
+	if body["ok"] != true || body["opened"] != true || body["auth_url_present"] != true {
+		t.Fatalf("bad auth/open response: %+v", body)
+	}
+}
+
+func TestAuthOpenEndpointRequiresLoopbackAndPost(t *testing.T) {
+	store := status.NewStore("pairling-inst-test")
+	store.SetAuthPending("approve at https://login.tailscale.com/a/example-token")
+
+	for _, tc := range []struct {
+		name       string
+		method     string
+		remoteAddr string
+		wantStatus int
+	}{
+		{name: "get denied", method: http.MethodGet, remoteAddr: "127.0.0.1:54321", wantStatus: http.StatusMethodNotAllowed},
+		{name: "non loopback denied", method: http.MethodPost, remoteAddr: "192.0.2.10:54321", wantStatus: http.StatusForbidden},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			req := httptest.NewRequest(tc.method, "/auth/open", nil)
+			req.RemoteAddr = tc.remoteAddr
+			rec := httptest.NewRecorder()
+			handleAuthOpen(rec, req, store)
+			if rec.Code != tc.wantStatus {
+				t.Fatalf("status = %d, want %d", rec.Code, tc.wantStatus)
+			}
+		})
+	}
+}
+
+func TestAuthOpenEndpointReturnsSafeUnavailableError(t *testing.T) {
+	store := status.NewStore("pairling-inst-test")
+
+	req := httptest.NewRequest(http.MethodPost, "/auth/open", nil)
+	req.RemoteAddr = "127.0.0.1:54321"
+	rec := httptest.NewRecorder()
+	handleAuthOpen(rec, req, store)
+
+	if rec.Code != http.StatusConflict {
+		t.Fatalf("status = %d, want 409", rec.Code)
+	}
+	if strings.Contains(rec.Body.String(), "login.tailscale.com/a/") {
+		t.Fatalf("unavailable response leaked auth URL: %s", rec.Body.String())
+	}
+}
+
+func TestAuthOpenEndpointDoesNotOpenInvalidAuthURL(t *testing.T) {
+	store := status.NewStore("pairling-inst-test")
+	store.SetAuthPending("approve at http://login.tailscale.com/a/not-secure")
+
+	originalOpenAuthURL := openAuthURL
+	defer func() { openAuthURL = originalOpenAuthURL }()
+	opened := false
+	openAuthURL = func(rawURL string) error {
+		opened = true
+		return nil
+	}
+
+	req := httptest.NewRequest(http.MethodPost, "/auth/open", nil)
+	req.RemoteAddr = "127.0.0.1:54321"
+	rec := httptest.NewRecorder()
+	handleAuthOpen(rec, req, store)
+
+	if rec.Code != http.StatusConflict {
+		t.Fatalf("status = %d, want 409", rec.Code)
+	}
+	if opened {
+		t.Fatal("invalid auth URL was opened")
+	}
+	if strings.Contains(rec.Body.String(), "not-secure") || strings.Contains(rec.Body.String(), "login.tailscale.com/a/") {
+		t.Fatalf("invalid URL response leaked auth URL: %s", rec.Body.String())
+	}
+}