pikiloop 0.4.0

package/dist/core/secrets/store.js

@@ -0,0 +1,63 @@
+/**
+ * OS keychain access — lazy import of @napi-rs/keyring (optional dep).
+ * If keychain is unavailable, callers fall back to inline-seal.
+ */
+import { KEYCHAIN_SERVICE } from './ref.js';
+let keyringModule; // undefined = not tried, null = failed
+async function loadKeyring() {
+    if (keyringModule !== undefined)
+        return keyringModule;
+    try {
+        // Optional dep — tsc can't see it without the package installed; use a
+        // dynamic, untyped import so the build succeeds with or without it.
+        const importer = new Function('m', 'return import(m)');
+        const mod = await importer('@napi-rs/keyring');
+        keyringModule = mod;
+    }
+    catch {
+        keyringModule = null;
+    }
+    return keyringModule;
+}
+/** Reset the cached module — used by tests. */
+export function _resetKeychainCache() {
+    keyringModule = undefined;
+}
+export async function isKeychainAvailable() {
+    return (await loadKeyring()) !== null;
+}
+export async function readKeychain(account) {
+    const mod = await loadKeyring();
+    if (!mod)
+        throw new Error('OS keychain unavailable (install @napi-rs/keyring)');
+    try {
+        const entry = new mod.Entry(KEYCHAIN_SERVICE, account);
+        const value = entry.getPassword();
+        return typeof value === 'string' && value.length > 0 ? value : null;
+    }
+    catch (e) {
+        // keyring-rs returns NoEntry as an error — treat as missing
+        if (/NoEntry|no.such|not.found/i.test(e?.message || ''))
+            return null;
+        throw e;
+    }
+}
+export async function writeKeychain(account, value) {
+    const mod = await loadKeyring();
+    if (!mod)
+        throw new Error('OS keychain unavailable (install @napi-rs/keyring)');
+    const entry = new mod.Entry(KEYCHAIN_SERVICE, account);
+    entry.setPassword(value);
+}
+export async function deleteKeychain(account) {
+    const mod = await loadKeyring();
+    if (!mod)
+        return false;
+    try {
+        const entry = new mod.Entry(KEYCHAIN_SERVICE, account);
+        return !!entry.deletePassword();
+    }
+    catch {
+        return false;
+    }
+}

package/dist/core/utils.js

@@ -0,0 +1,233 @@
+/**
+ * Pure utility functions shared across all layers. No filesystem side effects, no state dependencies.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { whichSync as platformWhichSync } from './platform.js';
+/**
+ * If `dir` has a .gitignore, ignore managed `.pikiloop` state without hiding
+ * `.pikiloop/skills`, which may be committed as project skills.
+ */
+export function ensureGitignore(dir) {
+    try {
+        const gi = path.join(dir, '.gitignore');
+        if (!fs.existsSync(gi))
+            return;
+        const managedLines = [
+            '.pikiloop/*',
+            '!.pikiloop/skills/',
+            '!.pikiloop/skills/**',
+        ];
+        const legacyLines = new Set([
+            '.pikiloop/',
+            '.claude/skills/',
+            '.agents/skills/',
+        ]);
+        const rawLines = fs.readFileSync(gi, 'utf8').split(/\r?\n/);
+        const normalized = rawLines.filter(line => {
+            const trimmed = line.trim();
+            return trimmed && !managedLines.includes(trimmed) && !legacyLines.has(trimmed);
+        });
+        const next = [...normalized, ...managedLines, ''].join('\n');
+        const current = fs.readFileSync(gi, 'utf8');
+        if (current === next)
+            return;
+        fs.writeFileSync(gi, next);
+    }
+    catch { /* best-effort */ }
+}
+export function envBool(name, def) {
+    const raw = process.env[name];
+    if (raw == null)
+        return def;
+    return ['1', 'true', 'yes', 'on'].includes(raw.trim().toLowerCase());
+}
+export function envString(name, def) {
+    const raw = process.env[name];
+    if (raw == null)
+        return def;
+    const trimmed = raw.trim();
+    return trimmed || def;
+}
+export function envInt(name, def) {
+    const raw = process.env[name];
+    if (raw == null || raw.trim() === '')
+        return def;
+    const n = parseInt(raw, 10);
+    return Number.isNaN(n) ? def : n;
+}
+export function shellSplit(str) {
+    const args = [];
+    let cur = '', inS = false, inD = false;
+    for (const ch of str) {
+        if (ch === "'" && !inD) {
+            inS = !inS;
+            continue;
+        }
+        if (ch === '"' && !inS) {
+            inD = !inD;
+            continue;
+        }
+        if (ch === ' ' && !inS && !inD) {
+            if (cur) {
+                args.push(cur);
+                cur = '';
+            }
+            continue;
+        }
+        cur += ch;
+    }
+    if (cur)
+        args.push(cur);
+    return args;
+}
+export const whichSync = platformWhichSync;
+/**
+ * Strip ANSI terminal control sequences from a string. Covers the families
+ * pikiloop runs into when scraping PTY screens (cursor positioning, SGR
+ * colour / bold / italic, OSC titles, plus orphaned ESC bytes):
+ *
+ *   CSI:  ESC [ ...                — colours, cursor moves, line clears
+ *   OSC:  ESC ] ... (BEL | ESC \)  — set window title, hyperlinks
+ *   Other: ESC <single char>       — single-char escapes (RIS, IND, …)
+ *
+ * Some IM channels strip the raw ESC byte but pass through the trailing
+ * `[3G` / `[1m` / `[38;2;…m` payload, which is how the user ends up seeing
+ * "[3G你把" in Feishu. The regex matches with-or-without the leading ESC so
+ * already-mangled output still gets cleaned. The leading-bracket fallback is
+ * conservative — it only fires for known control verbs (digits/`;` then a
+ * SGR/cursor letter), so legitimate text like "[3 second timeout]" survives.
+ */
+export function stripAnsiEscapes(input) {
+    if (!input)
+        return input;
+    // Drop OSC (operating system command) sequences first so their payload
+    // doesn't confuse the CSI matcher.
+    let out = input.replace(/\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)/g, '');
+    // CSI with the leading ESC byte — match any final byte, even param-less
+    // (e.g. `\x1b[A` cursor-up, `\x1b[m` reset SGR). The ESC byte unambiguously
+    // signals a control sequence so we can be liberal here.
+    out = out.replace(/\x1b\[[0-9;?]*[A-Za-z]/g, '');
+    // CSI without the ESC byte (some IM channels strip the raw \x1b but pass
+    // through the `[3G` / `[38;2;…m` payload). Require at least one digit /
+    // semicolon in the params so legitimate text like "see [issue #42]" or
+    // "[3 second timeout]" doesn't get nibbled.
+    out = out.replace(/\[[0-9;?]+[A-Za-z]/g, '');
+    // Any remaining ESC + single byte (RIS, IND, NEL, …).
+    out = out.replace(/\x1b[@-Z\\-_]/g, '');
+    return out;
+}
+export function fmtTokens(n) {
+    if (n == null)
+        return '-';
+    return n >= 1000 ? `${(n / 1000).toFixed(1)}k` : String(n);
+}
+export function fmtUptime(ms) {
+    const s = Math.floor(ms / 1000);
+    if (s < 60)
+        return `${s}s`;
+    const m = Math.floor(s / 60);
+    if (m < 60)
+        return `${m}m ${s % 60}s`;
+    const h = Math.floor(m / 60);
+    if (h < 24)
+        return `${h}h ${m % 60}m`;
+    const d = Math.floor(h / 24);
+    return `${d}d ${h % 24}h`;
+}
+export function fmtBytes(bytes) {
+    if (bytes < 1024)
+        return `${bytes}B`;
+    if (bytes < 1024 * 1024)
+        return `${(bytes / 1024).toFixed(0)}KB`;
+    if (bytes < 1024 * 1024 * 1024)
+        return `${(bytes / 1024 / 1024).toFixed(1)}MB`;
+    if (bytes < 1024 * 1024 * 1024 * 1024)
+        return `${(bytes / 1024 / 1024 / 1024).toFixed(1)}GB`;
+    return `${(bytes / 1024 / 1024 / 1024 / 1024).toFixed(1)}TB`;
+}
+export function parseAllowedChatIds(raw) {
+    const ids = new Set();
+    for (const t of raw.split(',')) {
+        const v = t.trim();
+        if (!v)
+            continue;
+        const n = parseInt(v, 10);
+        // If the string is purely numeric, store as number for backward compat (Telegram).
+        // Otherwise store as string (Feishu, Discord, etc.).
+        if (!Number.isNaN(n) && String(n) === v)
+            ids.add(n);
+        else if (v)
+            ids.add(v);
+    }
+    return ids;
+}
+export function listSubdirs(dirPath) {
+    try {
+        return fs.readdirSync(dirPath)
+            .filter(name => {
+            if (name.startsWith('.'))
+                return false;
+            try {
+                return fs.statSync(path.join(dirPath, name)).isDirectory();
+            }
+            catch {
+                return false;
+            }
+        })
+            .sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()));
+    }
+    catch {
+        return [];
+    }
+}
+export function extractThinkingTail(text, maxLines = 10) {
+    const normalized = text.replace(/\r\n?/g, '\n').trim();
+    if (!normalized)
+        return '';
+    const lines = normalized
+        .split('\n')
+        .map(line => line.trimEnd())
+        .filter(line => line.trim());
+    if (lines.length > maxLines)
+        return lines.slice(-maxLines).join('\n').trim();
+    return normalized;
+}
+export function formatThinkingForDisplay(text, maxChars = 1600) {
+    let display = extractThinkingTail(text);
+    if (display.length > maxChars)
+        display = '...\n' + display.slice(-maxChars);
+    return display;
+}
+export function buildPrompt(text, files) {
+    if (!files.length)
+        return text;
+    return `${text || 'Please analyze this.'}\n\n[Files: ${files.map(f => path.basename(f)).join(', ')}]`;
+}
+/** Race a promise against a timeout, resolving with `fallback` on timeout or rejection. */
+export function withTimeoutFallback(promise, timeoutMs, fallback) {
+    return new Promise(resolve => {
+        let settled = false;
+        const timer = setTimeout(() => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(fallback);
+        }, timeoutMs);
+        promise
+            .then(result => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            resolve(result);
+        })
+            .catch(() => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            resolve(fallback);
+        });
+    });
+}

package/dist/core/version.js

@@ -0,0 +1,15 @@
+/**
+ * Reads the package version from package.json at startup.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+const packageJsonPath = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '../../package.json');
+function readPackageVersion() {
+    const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
+    const version = typeof pkg.version === 'string' ? pkg.version.trim() : '';
+    if (!version)
+        throw new Error(`Missing version in ${packageJsonPath}`);
+    return version;
+}
+export const VERSION = readPackageVersion();

package/dist/dashboard/platform.js

@@ -0,0 +1,219 @@
+/**
+ * Platform detection helpers.
+ *
+ * macOS permission checks, terminal detection, JXA scripts, and other OS-level utilities.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import { execFileSync, execSync } from 'node:child_process';
+import { DASHBOARD_PERMISSION_TIMEOUTS, DASHBOARD_PERMISSION_CACHE_TTL_MS, } from '../core/constants.js';
+// ---------------------------------------------------------------------------
+// Permission pane URLs (macOS)
+// ---------------------------------------------------------------------------
+const permissionPaneUrls = {
+    screenRecording: 'x-apple.systempreferences:com.apple.preference.security?Privacy_ScreenCapture',
+    fullDiskAccess: 'x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles',
+};
+// ---------------------------------------------------------------------------
+// JXA helpers
+// ---------------------------------------------------------------------------
+function runJxa(script, timeout = DASHBOARD_PERMISSION_TIMEOUTS.jxaDefault) {
+    try {
+        return String(execFileSync('osascript', ['-l', 'JavaScript', '-e', script], { encoding: 'utf8', timeout })).trim().toLowerCase();
+    }
+    catch {
+        return null;
+    }
+}
+function checkScreenRecordingPermission() {
+    const screenshotPath = path.join(os.tmpdir(), `.pikiloop_perm_test_${process.pid}_${Date.now()}.png`);
+    try {
+        execFileSync('screencapture', ['-x', screenshotPath], { stdio: 'ignore', timeout: DASHBOARD_PERMISSION_TIMEOUTS.screenRecordingProbe });
+        return true;
+    }
+    catch { }
+    finally {
+        try {
+            fs.rmSync(screenshotPath, { force: true });
+        }
+        catch { }
+    }
+    const output = runJxa('ObjC.bindFunction("CGPreflightScreenCaptureAccess", ["bool", []]); console.log($.CGPreflightScreenCaptureAccess());', DASHBOARD_PERMISSION_TIMEOUTS.screenRecordingPreflight);
+    if (output == null)
+        return null;
+    return output === 'true';
+}
+function requestScreenRecordingPermission() {
+    return runJxa('ObjC.bindFunction("CGRequestScreenCaptureAccess", ["bool", []]); console.log($.CGRequestScreenCaptureAccess());', DASHBOARD_PERMISSION_TIMEOUTS.screenRecordingRequest) !== null;
+}
+function openPermissionSettings(permission) {
+    const pane = permissionPaneUrls[permission];
+    if (!pane)
+        return false;
+    try {
+        execFileSync('open', [pane], { stdio: 'ignore', timeout: DASHBOARD_PERMISSION_TIMEOUTS.openSystemPreferences });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// ---------------------------------------------------------------------------
+// Permission checks
+// ---------------------------------------------------------------------------
+export function checkPermissions() {
+    const r = {};
+    if (process.platform !== 'darwin') {
+        r.screenRecording = { granted: true, checkable: false, detail: 'N/A' };
+        r.fullDiskAccess = { granted: true, checkable: false, detail: 'N/A' };
+        return r;
+    }
+    const screenRecordingGranted = checkScreenRecordingPermission();
+    r.screenRecording = {
+        granted: screenRecordingGranted === true,
+        checkable: true,
+        detail: screenRecordingGranted === true ? '已授权' : '未授权',
+    };
+    try {
+        execSync(`ls "${os.homedir()}/Library/Mail" 2>/dev/null`, { timeout: 3000 });
+        r.fullDiskAccess = { granted: true, checkable: true, detail: '已授权' };
+    }
+    catch {
+        r.fullDiskAccess = { granted: false, checkable: true, detail: '未授权' };
+    }
+    return r;
+}
+// ---------------------------------------------------------------------------
+// Cached probes for the polling dashboard
+// ---------------------------------------------------------------------------
+// `/api/state` is polled (~1.5s while a channel validates) and both probes below
+// spawn subprocesses — checkPermissions() runs screencapture + an `ls` shell,
+// detectHostTerminalApp() runs a `ps` process-tree walk — so they must never run
+// per request. The host terminal is fixed for the process lifetime; permission
+// grants change rarely, so a short TTL is plenty and requestPermission()
+// invalidates the cache so a user-driven grant surfaces on the next poll.
+let permissionsCache = null;
+let hostTerminalAppCache = null;
+export function getPermissionsStatus() {
+    if (permissionsCache && Date.now() - permissionsCache.at < DASHBOARD_PERMISSION_CACHE_TTL_MS) {
+        return permissionsCache.value;
+    }
+    const value = checkPermissions();
+    permissionsCache = { at: Date.now(), value };
+    return value;
+}
+export function getHostTerminalApp() {
+    if (!hostTerminalAppCache)
+        hostTerminalAppCache = { value: detectHostTerminalApp() };
+    return hostTerminalAppCache.value;
+}
+export function requestPermission(permission) {
+    permissionsCache = null; // a request can change grant state — force the next poll to re-probe
+    if (process.platform !== 'darwin') {
+        return {
+            ok: false,
+            action: 'unsupported',
+            granted: true,
+            requiresManualGrant: false,
+            error: 'Permission requests are only supported on macOS.',
+        };
+    }
+    const current = checkPermissions()[permission];
+    if (current?.granted) {
+        return {
+            ok: true,
+            action: 'already_granted',
+            granted: true,
+            requiresManualGrant: false,
+        };
+    }
+    if (permission === 'screenRecording') {
+        const prompted = requestScreenRecordingPermission();
+        if (!prompted) {
+            const openedSettings = openPermissionSettings(permission);
+            return openedSettings
+                ? { ok: true, action: 'opened_settings', granted: false, requiresManualGrant: true }
+                : { ok: false, action: 'unsupported', granted: false, requiresManualGrant: true, error: 'Failed to trigger Screen Recording permission request.' };
+        }
+        return {
+            ok: true,
+            action: 'prompted',
+            granted: !!checkPermissions().screenRecording?.granted,
+            requiresManualGrant: true,
+        };
+    }
+    if (permission === 'fullDiskAccess') {
+        const openedSettings = openPermissionSettings(permission);
+        return openedSettings
+            ? { ok: true, action: 'opened_settings', granted: false, requiresManualGrant: true }
+            : { ok: false, action: 'unsupported', granted: false, requiresManualGrant: true, error: 'Failed to open Full Disk Access settings.' };
+    }
+    return { ok: false, action: 'unsupported', granted: false, requiresManualGrant: true, error: 'Unknown permission.' };
+}
+export function isValidPermissionKey(value) {
+    return value in permissionPaneUrls;
+}
+// ---------------------------------------------------------------------------
+// Terminal detection
+// ---------------------------------------------------------------------------
+/** Walk the process tree upward to find the host terminal / IDE that launched pikiloop. Works on macOS and Linux. */
+export function detectHostTerminalApp() {
+    if (process.platform !== 'darwin' && process.platform !== 'linux')
+        return null;
+    try {
+        // Patterns to match in the comm/exe name (case-insensitive on Linux where names vary)
+        // macOS: Terminal, iTerm2, Warp; Linux: gnome-terminal, konsole, xfce4-terminal, xterm, tilix, foot, sakura, terminology
+        // Cross-platform: Alacritty, kitty, WezTerm, Hyper, VS Code, Cursor, Windsurf
+        const patterns = [
+            'Terminal', 'iTerm', 'Warp',
+            'Alacritty', 'alacritty', 'kitty', 'WezTerm', 'wezterm', 'Hyper',
+            'Code', 'Cursor', 'Windsurf',
+            'konsole', 'xfce4-terminal', 'xterm', 'tilix', 'foot', 'sakura', 'terminology', 'tmux', 'screen',
+        ];
+        const caseList = patterns.map(p => `*${p}*`).join('|');
+        const output = execSync(`pid=${process.pid} ; while [ "$pid" != "1" ] && [ -n "$pid" ]; do pid=$(ps -o ppid= -p "$pid" 2>/dev/null | tr -d ' '); comm=$(ps -o comm= -p "$pid" 2>/dev/null); case "$comm" in ${caseList}) echo "$comm"; exit 0;; esac; done`, { encoding: 'utf8', timeout: DASHBOARD_PERMISSION_TIMEOUTS.detectTerminal, shell: '/bin/sh' }).trim();
+        if (!output)
+            return null;
+        const base = path.basename(output);
+        // Map comm name → human-readable display name
+        const nameMap = [
+            // macOS
+            ['iTerm', 'iTerm2'],
+            ['Code Helper', 'VS Code'],
+            ['Cursor Helper', 'Cursor'],
+            ['Windsurf Helper', 'Windsurf'],
+            // Cross-platform IDE wrappers (Linux uses "code" binary directly)
+            ['code', 'VS Code'],
+            ['cursor', 'Cursor'],
+            ['windsurf', 'Windsurf'],
+            // Terminal emulators
+            ['gnome-terminal', 'GNOME Terminal'],
+            ['xfce4-terminal', 'Xfce Terminal'],
+            ['Terminal', 'Terminal'],
+            ['Warp', 'Warp'],
+            ['Alacritty', 'Alacritty'],
+            ['alacritty', 'Alacritty'],
+            ['kitty', 'kitty'],
+            ['WezTerm', 'WezTerm'],
+            ['wezterm', 'WezTerm'],
+            ['Hyper', 'Hyper'],
+            ['konsole', 'Konsole'],
+            ['xterm', 'xterm'],
+            ['tilix', 'Tilix'],
+            ['foot', 'foot'],
+            ['sakura', 'Sakura'],
+            ['terminology', 'Terminology'],
+            ['tmux', 'tmux'],
+            ['screen', 'screen'],
+        ];
+        for (const [key, name] of nameMap) {
+            if (base.includes(key))
+                return name;
+        }
+        return base;
+    }
+    catch {
+        return null;
+    }
+}