pi-oracle 0.7.4 → 0.7.6

package/extensions/oracle/lib/config.ts

@@ -8,6 +8,15 @@ import { existsSync, readFileSync } from "node:fs";
 import { homedir } from "node:os";
 import { getAgentDir } from "@earendil-works/pi-coding-agent";
 import { isAbsolute, join, normalize } from "node:path";
+import {
+  assertNotKnownBrowserUserDataPath,
+  chromeUserAgentPlatformToken,
+  chromiumKeychainSupportedOnPlatform,
+  defaultCloneStrategyForPlatform,
+  detectDefaultBrowserProfileSource,
+  detectDefaultLinuxChromeExecutablePath,
+  sweetCookieSafeStoragePasswordScrubbedEnv,
+} from "../shared/browser-profile-helpers.mjs";
 import { getProjectId } from "./runtime.js";
 
 export const ORACLE_PROVIDERS = ["chatgpt", "grok"] as const;
@@ -225,7 +234,6 @@ export type OracleCloneStrategy = (typeof CLONE_STRATEGIES)[number];
 const ALLOWED_CHATGPT_ORIGINS = new Set(["https://chatgpt.com", "https://chat.openai.com"]);
 const PROJECT_OVERRIDE_KEYS = new Set(["defaults", "worker", "poller", "artifacts", "cleanup"]);
 const DEFAULT_MAC_CHROME_EXECUTABLE = "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome";
-const DEFAULT_MAC_CHROME_USER_DATA_DIR = join(homedir(), "Library", "Application Support", "Google", "Chrome");
 
 export interface OracleConfig {
   defaults: {
@@ -274,37 +282,36 @@ export interface OracleConfig {
 }
 
 function detectDefaultChromeExecutablePath(): string | undefined {
-  return existsSync(DEFAULT_MAC_CHROME_EXECUTABLE) ? DEFAULT_MAC_CHROME_EXECUTABLE : undefined;
+  if (process.platform === "darwin") {
+    return existsSync(DEFAULT_MAC_CHROME_EXECUTABLE) ? DEFAULT_MAC_CHROME_EXECUTABLE : undefined;
+  }
+  if (process.platform === "linux") {
+    return detectDefaultLinuxChromeExecutablePath();
+  }
+  return undefined;
 }
 
 function detectDefaultChromeUserAgent(executablePath: string | undefined): string | undefined {
   if (!executablePath) return undefined;
+  // Linux executable discovery is PATH-based, so avoid executing that discovered
+  // binary during config module initialization just to derive a user agent.
+  if (process.platform === "linux") return undefined;
+  const platformToken = chromeUserAgentPlatformToken(process.platform);
+  if (!platformToken) return undefined;
   try {
-    const versionOutput = execFileSync(executablePath, ["--version"], { encoding: "utf8" }).trim();
+    const versionOutput = execFileSync(executablePath, ["--version"], { encoding: "utf8", env: sweetCookieSafeStoragePasswordScrubbedEnv() }).trim();
     const versionMatch = versionOutput.match(/(\d+\.\d+\.\d+\.\d+)/);
     if (!versionMatch) return undefined;
-    return `Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${versionMatch[1]} Safari/537.36`;
+    return `Mozilla/5.0 (${platformToken}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${versionMatch[1]} Safari/537.36`;
   } catch {
     return undefined;
   }
 }
 
-function detectDefaultChromeProfileName(): string {
-  const localStatePath = join(DEFAULT_MAC_CHROME_USER_DATA_DIR, "Local State");
-  if (!existsSync(localStatePath)) return "Default";
-  try {
-    const localState = JSON.parse(readFileSync(localStatePath, "utf8")) as { profile?: { last_used?: string } };
-    const lastUsed = localState?.profile?.last_used;
-    return typeof lastUsed === "string" && lastUsed.trim() ? lastUsed.trim() : "Default";
-  } catch {
-    return "Default";
-  }
-}
-
 const detectedChromeExecutablePath = detectDefaultChromeExecutablePath();
 const detectedChromeUserAgent = detectDefaultChromeUserAgent(detectedChromeExecutablePath);
 const agentExtensionsDir = join(getAgentDir(), "extensions");
-const detectedChromeProfileName = detectDefaultChromeProfileName();
+const detectedChromeProfileName = detectDefaultBrowserProfileSource(process.platform);
 
 export interface OracleConfigLoadDetails {
   agentDir: string;
@@ -367,7 +374,7 @@ export const DEFAULT_CONFIG: OracleConfig = {
     authSeedProfileDir: join(agentExtensionsDir, "oracle-auth-seed-profile"),
     runtimeProfilesDir: join(agentExtensionsDir, "oracle-runtime-profiles"),
     maxConcurrentJobs: 2,
-    cloneStrategy: "apfs-clone",
+    cloneStrategy: defaultCloneStrategyForPlatform(process.platform),
     chatUrl: "https://chatgpt.com/",
     authUrl: "https://chatgpt.com/auth/login",
     runMode: "headless",
@@ -452,18 +459,28 @@ function expectAbsoluteNormalizedPath(value: unknown, path: string): string {
   return normalize(expanded);
 }
 
-function expectSafeProfilePath(pathValue: string, path: string): string {
+function expectSafeProfilePath(
+  pathValue: string,
+  path: string,
+  cookieSources?: { chromeProfile?: string; chromeCookiePath?: string },
+): string {
   if (pathValue === "/" || pathValue === homedir()) {
     throw new Error(`Invalid oracle config: ${path} points to an unsafe directory`);
   }
-  if (pathValue === DEFAULT_MAC_CHROME_USER_DATA_DIR || pathValue.startsWith(`${DEFAULT_MAC_CHROME_USER_DATA_DIR}/`)) {
-    throw new Error(`Invalid oracle config: ${path} must not point into the real Chrome user-data directory`);
+  try {
+    assertNotKnownBrowserUserDataPath(pathValue, `Invalid oracle config: ${path}`, { cookieSources });
+  } catch (error) {
+    throw new Error(error instanceof Error ? error.message : String(error));
   }
   return pathValue;
 }
 
-function expectSafeProfileDir(value: unknown, path: string): string {
-  return expectSafeProfilePath(expectAbsoluteNormalizedPath(value, path), path);
+function expectSafeProfileDir(
+  value: unknown,
+  path: string,
+  cookieSources?: { chromeProfile?: string; chromeCookiePath?: string },
+): string {
+  return expectSafeProfilePath(expectAbsoluteNormalizedPath(value, path), path, cookieSources);
 }
 
 function expectBoolean(value: unknown, path: string): boolean {
@@ -584,17 +601,26 @@ function validateOracleConfig(value: unknown): OracleConfig {
   const artifacts = expectObject(root.artifacts, "artifacts");
   const cleanup = expectObject(root.cleanup, "cleanup");
 
-  const authSeedProfileDir = expectSafeProfileDir(browser.authSeedProfileDir, "browser.authSeedProfileDir");
-  const runtimeProfilesDir = expectSafeProfileDir(browser.runtimeProfilesDir, "browser.runtimeProfilesDir");
+  const chromeProfile = expectString(auth.chromeProfile, "auth.chromeProfile");
+  const chromeCookiePath = expectOptionalAbsoluteNormalizedPath(auth.chromeCookiePath, "auth.chromeCookiePath");
+  const cookieSources = { chromeProfile, chromeCookiePath };
+  const authSeedProfileDir = expectSafeProfileDir(browser.authSeedProfileDir, "browser.authSeedProfileDir", cookieSources);
+  const runtimeProfilesDir = expectSafeProfileDir(browser.runtimeProfilesDir, "browser.runtimeProfilesDir", cookieSources);
   if (runtimeProfilesDir === authSeedProfileDir || runtimeProfilesDir.startsWith(`${authSeedProfileDir}/`)) {
     throw new Error("Invalid oracle config: browser.runtimeProfilesDir must be separate from browser.authSeedProfileDir");
   }
 
-  const chromeCookiePath = expectOptionalAbsoluteNormalizedPath(auth.chromeCookiePath, "auth.chromeCookiePath");
   const chromiumKeychain = expectOptionalChromiumKeychain(auth.chromiumKeychain, "auth.chromiumKeychain");
   if (chromiumKeychain !== undefined && chromeCookiePath === undefined) {
     throw new Error("Invalid oracle config: auth.chromiumKeychain requires auth.chromeCookiePath");
   }
+  if (chromiumKeychain !== undefined && !chromiumKeychainSupportedOnPlatform(process.platform)) {
+    throw new Error(
+      "Invalid oracle config: auth.chromiumKeychain is macOS-only. " +
+        "On Linux, set auth.chromeCookiePath/auth.chromeProfile without auth.chromiumKeychain and use @steipete/sweet-cookie's " +
+        "SWEET_COOKIE_LINUX_KEYRING, SWEET_COOKIE_CHROME_SAFE_STORAGE_PASSWORD, or SWEET_COOKIE_BRAVE_SAFE_STORAGE_PASSWORD options for encrypted Chromium cookies.",
+    );
+  }
 
   return {
     defaults: {
@@ -618,7 +644,7 @@ function validateOracleConfig(value: unknown): OracleConfig {
     auth: {
       pollMs: expectInteger(auth.pollMs, "auth.pollMs", 100),
       bootstrapTimeoutMs: expectInteger(auth.bootstrapTimeoutMs, "auth.bootstrapTimeoutMs", 1000),
-      chromeProfile: expectString(auth.chromeProfile, "auth.chromeProfile"),
+      chromeProfile,
       chromeCookiePath,
       chromiumKeychain,
     },

package/extensions/oracle/lib/jobs.ts

@@ -197,9 +197,12 @@ export interface OracleRuntimeAllocation {
   seedGeneration?: string;
 }
 
+function hasSessionFileAccessor(value: unknown): value is { getSessionFile: () => string | undefined } {
+  return typeof value === "object" && value !== null && "getSessionFile" in value && typeof value.getSessionFile === "function";
+}
+
 export function getSessionFile(ctx: ExtensionContext): string | undefined {
-  const manager = ctx.sessionManager as unknown as { getSessionFile?: () => string | undefined };
-  return manager.getSessionFile?.();
+  return hasSessionFileAccessor(ctx.sessionManager) ? ctx.sessionManager.getSessionFile() : undefined;
 }
 
 export function getOracleJobsDir(): string {
@@ -989,13 +992,14 @@ export function resolveArchiveInputs(cwd: string, files: string[]): { absolute:
       throw new Error("Archive input must use '.' exactly for a whole-repo archive");
     }
     const absolute = resolve(cwd, file);
-    if (absolute === cwd && file !== ".") {
+    const relativeFromCwd = relativePath(cwd, absolute);
+    if (relativeFromCwd === "" && file !== ".") {
       throw new Error("Archive input must use '.' exactly for a whole-repo archive");
     }
-    const relative = absolute.startsWith(`${cwd}/`) ? absolute.slice(cwd.length + 1) : absolute === cwd ? "." : "";
-    if (!relative) {
+    if (relativeFromCwd && (relativeFromCwd === ".." || relativeFromCwd.startsWith(`..${sep}`) || isAbsolute(relativeFromCwd))) {
       throw new Error(`Archive input must be inside the project cwd: ${file}`);
     }
+    const relative = relativeFromCwd === "" ? "." : relativeFromCwd.split(sep).join("/");
     if (!existsSync(absolute)) {
       throw new Error(`Archive input does not exist: ${file}`);
     }

package/extensions/oracle/lib/poller.ts

@@ -165,6 +165,7 @@ function getJobCountsForSession(sessionFile: string | undefined, cwd: string): {
 }
 
 function refreshOracleStatusSnapshot(snapshot: OraclePollerContextSnapshot): void {
+  if (!snapshot.hasUI) return;
   if (!snapshot.sessionFile) {
     snapshot.ui.setStatus("oracle", snapshot.ui.theme.fg("accent", "oracle: unavailable"));
     return;

package/extensions/oracle/lib/runtime.ts

@@ -6,8 +6,9 @@
 import { randomUUID } from "node:crypto";
 import { spawn } from "node:child_process";
 import { constants as fsConstants, existsSync, realpathSync, readFileSync } from "node:fs";
-import { access, mkdir, readFile, rm, stat, writeFile } from "node:fs/promises";
+import { access, cp as copyDirectory, mkdir, readFile, rm, stat, writeFile } from "node:fs/promises";
 import { delimiter, dirname, join } from "node:path";
+import { assertNotKnownBrowserUserDataPath, sweetCookieSafeStoragePasswordScrubbedEnv } from "../shared/browser-profile-helpers.mjs";
 import { jobBlocksAdmission } from "../shared/job-coordination-helpers.mjs";
 import { isTrackedProcessAlive } from "../shared/process-helpers.mjs";
 import type { OracleConfig } from "./config.js";
@@ -21,16 +22,44 @@ const AGENT_BROWSER_BIN = [process.env.AGENT_BROWSER_PATH, "/opt/homebrew/bin/ag
 ) || "agent-browser";
 const PROFILE_CLONE_TIMEOUT_MS = 120_000;
 const ORACLE_SUBPROCESS_KILL_GRACE_MS = 2_000;
+
+function killProcessTree(child: ReturnType<typeof spawn>): void {
+  if (process.platform === "win32" && child.pid) {
+    spawn("taskkill", ["/pid", String(child.pid), "/t", "/f"], { stdio: "ignore", windowsHide: true })
+      .on("error", () => undefined);
+    return;
+  }
+  child.kill("SIGTERM");
+}
+
+function killProcess(child: ReturnType<typeof spawn>): void {
+  if (process.platform === "win32" && child.pid) {
+    spawn("taskkill", ["/pid", String(child.pid), "/f"], { stdio: "ignore", windowsHide: true })
+      .on("error", () => undefined);
+    return;
+  }
+  child.kill("SIGKILL");
+}
 const WORKSPACE_ROOT_MARKERS = [
   ".pi/extensions/oracle.json",
   ".pi",
   "AGENTS.md",
 ] as const;
-const REQUIRED_ORACLE_DEPENDENCIES = [
-  { name: "agent-browser", command: AGENT_BROWSER_BIN },
-  { name: "tar", command: "tar" },
-  { name: "zstd", command: "zstd" },
-] as const;
+function cpCommand(): string {
+  return process.env.PI_ORACLE_CP_PATH?.trim() || "cp";
+}
+
+function requiredOracleDependencies(config: OracleConfig): Array<{ name: string; command: string }> {
+  const dependencies = [
+    { name: "agent-browser", command: AGENT_BROWSER_BIN },
+    { name: "tar", command: "tar" },
+    { name: "zstd", command: "zstd" },
+  ];
+  if (config.browser.cloneStrategy === "apfs-clone" && process.platform === "darwin") {
+    dependencies.push({ name: "cp", command: cpCommand() });
+  }
+  return dependencies;
+}
 
 export interface OracleRuntimeLeaseMetadata {
   jobId: string;
@@ -152,30 +181,61 @@ function missingLocalDependencyMessage(name: string): string {
   return `Oracle prerequisite not found on PATH: ${name}. Install ${name} and retry.`;
 }
 
+function unsafeOracleProfilePathMessage(label: string, path: string, error: unknown): string {
+  const message = error instanceof Error ? error.message : String(error);
+  return `Oracle ${label} path is unsafe: ${path}. ${message}`;
+}
+
+function assertSafeOracleProfilePath(
+  path: string,
+  label: "auth seed profile" | "runtime profile" | "runtime profiles",
+  config?: OracleConfig,
+): void {
+  try {
+    assertNotKnownBrowserUserDataPath(path, `Oracle ${label}`, {
+      cookieSources: config ? { chromeProfile: config.auth.chromeProfile, chromeCookiePath: config.auth.chromeCookiePath } : undefined,
+    });
+  } catch (error) {
+    throw new Error(unsafeOracleProfilePathMessage(label, path, error));
+  }
+}
+
 function unwritableOracleDirectoryMessage(label: "runtime profiles" | "jobs", path: string): string {
   return `Oracle ${label} directory is not writable: ${path}. Fix its permissions or configure a writable path, then retry.`;
 }
 
+async function isExecutableFile(path: string): Promise<boolean> {
+  try {
+    const stats = await stat(path);
+    if (!stats.isFile()) return false;
+    await access(path, fsConstants.X_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function executableNameCandidates(command: string): string[] {
+  if (process.platform !== "win32" || /\.[^\\/]+$/.test(command)) return [command];
+  const extensions = (process.env.PATHEXT || ".COM;.EXE;.BAT;.CMD;.PS1").split(";").filter(Boolean);
+  return [command, ...extensions.map((extension) => `${command}${extension.toLowerCase()}`), ...extensions.map((extension) => `${command}${extension.toUpperCase()}`)];
+}
+
 async function resolveExecutableOnPath(command: string): Promise<string | undefined> {
   if (!command) return undefined;
-  if (command.includes("/")) {
-    try {
-      await access(command, fsConstants.X_OK);
-      return command;
-    } catch {
-      return undefined;
+  if (command.includes("/") || command.includes("\\")) {
+    for (const candidate of executableNameCandidates(command)) {
+      if (await isExecutableFile(candidate)) return candidate;
     }
+    return undefined;
   }
 
   const pathValue = process.env.PATH ?? "";
   for (const segment of pathValue.split(delimiter)) {
     if (!segment) continue;
-    const candidate = join(segment, command);
-    try {
-      await access(candidate, fsConstants.X_OK);
-      return candidate;
-    } catch {
-      continue;
+    for (const name of executableNameCandidates(command)) {
+      const candidate = join(segment, name);
+      if (await isExecutableFile(candidate)) return candidate;
     }
   }
   return undefined;
@@ -235,6 +295,7 @@ async function assertWritableDirectory(path: string, label: "runtime profiles" |
 
 export async function assertOracleAuthSeedProfileReady(config: OracleConfig): Promise<void> {
   const seedDir = config.browser.authSeedProfileDir;
+  assertSafeOracleProfilePath(seedDir, "auth seed profile", config);
   let seedStats;
   try {
     seedStats = await stat(seedDir);
@@ -257,9 +318,10 @@ export async function assertOracleAuthSeedProfileReady(config: OracleConfig): Pr
 }
 
 export async function assertOracleSubmitPrerequisites(config: OracleConfig): Promise<void> {
+  assertSafeOracleProfilePath(config.browser.runtimeProfilesDir, "runtime profiles", config);
   await assertOracleAuthSeedProfileReady(config);
   await assertConfiguredBrowserExecutableReady(config.browser.executablePath);
-  for (const dependency of REQUIRED_ORACLE_DEPENDENCIES) {
+  for (const dependency of requiredOracleDependencies(config)) {
     await assertRequiredLocalDependencyReady(dependency.name, dependency.command);
   }
   await assertWritableDirectory(config.browser.runtimeProfilesDir, "runtime profiles");
@@ -379,7 +441,7 @@ export async function releaseConversationLease(conversationId: string | undefine
 }
 
 function profileCloneArgs(config: OracleConfig, sourceDir: string, destinationDir: string): string[] {
-  if (config.browser.cloneStrategy === "apfs-clone") {
+  if (config.browser.cloneStrategy === "apfs-clone" && process.platform === "darwin") {
     return ["-cR", sourceDir, destinationDir];
   }
   return ["-R", sourceDir, destinationDir];
@@ -387,7 +449,7 @@ function profileCloneArgs(config: OracleConfig, sourceDir: string, destinationDi
 
 async function spawnCp(args: string[], options?: { timeoutMs?: number }): Promise<void> {
   await new Promise<void>((resolve, reject) => {
-    const child = spawn("cp", args, { stdio: ["ignore", "pipe", "pipe"] });
+    const child = spawn(cpCommand(), args, { env: sweetCookieSafeStoragePasswordScrubbedEnv(), stdio: ["ignore", "pipe", "pipe"], shell: process.platform === "win32" });
     let stderr = "";
     let timedOut = false;
     let killTimer: NodeJS.Timeout | undefined;
@@ -401,9 +463,9 @@ async function spawnCp(args: string[], options?: { timeoutMs?: number }): Promis
     if ((options?.timeoutMs ?? 0) > 0) {
       killTimer = setTimeout(() => {
         timedOut = true;
-        child.kill("SIGTERM");
+        killProcessTree(child);
         killGraceTimer = setTimeout(() => {
-          child.kill("SIGKILL");
+          killProcess(child);
         }, ORACLE_SUBPROCESS_KILL_GRACE_MS);
         killGraceTimer.unref?.();
       }, options?.timeoutMs);
@@ -445,11 +507,16 @@ export async function cloneSeedProfileToRuntime(
 ): Promise<string | undefined> {
   const seedDir = config.browser.authSeedProfileDir;
   await assertOracleAuthSeedProfileReady(config);
+  assertSafeOracleProfilePath(runtimeProfileDir, "runtime profile", config);
 
   await withAuthLock({ runtimeProfileDir, seedDir }, async () => {
     await rm(runtimeProfileDir, { recursive: true, force: true }).catch(() => undefined);
     await mkdir(dirname(runtimeProfileDir), { recursive: true, mode: 0o700 }).catch(() => undefined);
-    await spawnCp(profileCloneArgs(config, seedDir, runtimeProfileDir), { timeoutMs: options?.cpTimeoutMs ?? PROFILE_CLONE_TIMEOUT_MS });
+    if (config.browser.cloneStrategy === "apfs-clone" && process.platform === "darwin") {
+      await spawnCp(profileCloneArgs(config, seedDir, runtimeProfileDir), { timeoutMs: options?.cpTimeoutMs ?? PROFILE_CLONE_TIMEOUT_MS });
+    } else {
+      await copyDirectory(seedDir, runtimeProfileDir, { recursive: true, force: true, verbatimSymlinks: true });
+    }
     await removeChromiumProcessSingletonArtifacts(runtimeProfileDir);
   });
 
@@ -465,7 +532,7 @@ export interface OracleCleanupReport {
 
 async function closeRuntimeBrowserSession(runtimeSessionName: string): Promise<string | undefined> {
   return new Promise<string | undefined>((resolve) => {
-    const child = spawn(AGENT_BROWSER_BIN, ["--session", runtimeSessionName, "close"], { stdio: "ignore" });
+    const child = spawn(AGENT_BROWSER_BIN, ["--session", runtimeSessionName, "close"], { env: sweetCookieSafeStoragePasswordScrubbedEnv(), stdio: "ignore", shell: process.platform === "win32" });
     let settled = false;
     let timeout: NodeJS.Timeout | undefined;
     let timedOut = false;
@@ -479,15 +546,21 @@ async function closeRuntimeBrowserSession(runtimeSessionName: string): Promise<s
 
     timeout = setTimeout(() => {
       timedOut = true;
-      child.kill("SIGTERM");
+      killProcessTree(child);
       setTimeout(() => {
-        child.kill("SIGKILL");
+        killProcess(child);
         finish(`Timed out closing agent-browser session ${runtimeSessionName} after ${AGENT_BROWSER_CLOSE_TIMEOUT_MS}ms`);
       }, 2_000).unref?.();
     }, AGENT_BROWSER_CLOSE_TIMEOUT_MS);
     timeout.unref?.();
 
-    child.on("error", (error) => finish(`Failed to close agent-browser session ${runtimeSessionName}: ${error.message}`));
+    child.on("error", (error: NodeJS.ErrnoException) => {
+      if (error.code === "ENOENT") {
+        finish();
+        return;
+      }
+      finish(`Failed to close agent-browser session ${runtimeSessionName}: ${error.message}`);
+    });
     child.on("close", (code) => {
       if (timedOut || code === 0) finish();
       else finish(`agent-browser close exited with code ${code} for session ${runtimeSessionName}`);
@@ -510,9 +583,12 @@ export async function cleanupRuntimeArtifacts(runtime: {
   }
   if (runtime.runtimeProfileDir) {
     report.attempted.push("runtimeProfileDir");
-    await rm(runtime.runtimeProfileDir, { recursive: true, force: true }).catch((error: Error) => {
-      report.warnings.push(`Failed to remove runtime profile ${runtime.runtimeProfileDir}: ${error.message}`);
-    });
+    try {
+      assertSafeOracleProfilePath(runtime.runtimeProfileDir, "runtime profile");
+      await rm(runtime.runtimeProfileDir, { recursive: true, force: true });
+    } catch (error) {
+      report.warnings.push(`Failed to remove runtime profile ${runtime.runtimeProfileDir}: ${error instanceof Error ? error.message : String(error)}`);
+    }
   }
   if (runtime.conversationId) {
     report.attempted.push("conversationLease");
@@ -529,4 +605,3 @@ export async function cleanupRuntimeArtifacts(runtime: {
 
   return report;
 }
-