polygram 0.1.0

package/lib/db.js

@@ -0,0 +1,291 @@
+/**
+ * Bridge DB client. Wraps better-sqlite3 with the ops the bridge + skill need.
+ * Synchronous (better-sqlite3). DB errors are caught by callers so the bridge
+ * never drops messages because of transcript failures.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const Database = require('better-sqlite3');
+
+const SCHEMA_VERSION = 4;
+
+function open(dbPath) {
+  const db = new Database(dbPath);
+  db.pragma('journal_mode = WAL');
+  db.pragma('busy_timeout = 5000');
+  db.pragma('foreign_keys = ON');
+  runMigrations(db, path.join(__dirname, '..', 'migrations'));
+  return wrap(db);
+}
+
+function runMigrations(db, migrationsDir) {
+  const files = fs.readdirSync(migrationsDir)
+    .filter((f) => f.endsWith('.sql'))
+    .sort();
+
+  const currentPre = db.pragma('user_version', { simple: true });
+  if (currentPre >= SCHEMA_VERSION) return;
+
+  for (const file of files) {
+    const n = parseInt(file.slice(0, 3), 10);
+    if (Number.isNaN(n)) continue;
+    const sql = fs.readFileSync(path.join(migrationsDir, file), 'utf8');
+    // BEGIN IMMEDIATE acquires the write lock up-front, preventing two
+    // processes from both reading user_version=N and both attempting to
+    // apply migration N+1. The second migrator hits SQLITE_BUSY beyond
+    // busy_timeout and errors cleanly instead of corrupting state.
+    db.exec('BEGIN IMMEDIATE');
+    try {
+      // Re-read inside the transaction so we skip anything another process
+      // just committed (check-and-set semantics).
+      const current = db.pragma('user_version', { simple: true });
+      if (n <= current) {
+        db.exec('COMMIT');
+        continue;
+      }
+      console.log(`[db] applying migration ${file}`);
+      db.exec(sql);
+      db.pragma(`user_version = ${n}`);
+      db.exec('COMMIT');
+    } catch (err) {
+      try { db.exec('ROLLBACK'); } catch {}
+      throw new Error(`migration ${file} failed: ${err.message}`);
+    }
+  }
+}
+
+function wrap(db) {
+  const insertMessageStmt = db.prepare(`
+    INSERT INTO messages (
+      chat_id, thread_id, msg_id, user, user_id, text, reply_to_id,
+      direction, source, bot_name, attachments_json, session_id,
+      model, effort, turn_id, status, error, cost_usd, ts
+    ) VALUES (
+      @chat_id, @thread_id, @msg_id, @user, @user_id, @text, @reply_to_id,
+      @direction, @source, @bot_name, @attachments_json, @session_id,
+      @model, @effort, @turn_id, @status, @error, @cost_usd, @ts
+    )
+    ON CONFLICT(chat_id, msg_id) DO UPDATE SET
+      text = excluded.text,
+      edited_ts = excluded.ts
+  `);
+
+  const insertOutboundPendingStmt = db.prepare(`
+    INSERT INTO messages (
+      chat_id, thread_id, user, text, direction, source, bot_name,
+      turn_id, session_id, status, ts, msg_id
+    ) VALUES (
+      @chat_id, @thread_id, @user, @text, 'out', @source, @bot_name,
+      @turn_id, @session_id, 'pending', @ts, @pending_id
+    )
+  `);
+
+  const markOutboundSentStmt = db.prepare(`
+    UPDATE messages SET msg_id = @msg_id, status = 'sent', ts = @ts
+    WHERE id = @id
+  `);
+
+  const markOutboundFailedStmt = db.prepare(`
+    UPDATE messages SET status = 'failed', error = @error
+    WHERE id = @id
+  `);
+
+  const upsertSessionStmt = db.prepare(`
+    INSERT INTO sessions (
+      session_key, chat_id, thread_id, claude_session_id,
+      agent, cwd, model, effort, created_ts, last_active_ts
+    ) VALUES (
+      @session_key, @chat_id, @thread_id, @claude_session_id,
+      @agent, @cwd, @model, @effort, @ts, @ts
+    )
+    ON CONFLICT(session_key) DO UPDATE SET
+      chat_id = excluded.chat_id,
+      thread_id = excluded.thread_id,
+      claude_session_id = excluded.claude_session_id,
+      agent = excluded.agent,
+      cwd = excluded.cwd,
+      model = excluded.model,
+      effort = excluded.effort,
+      last_active_ts = excluded.last_active_ts
+  `);
+
+  const getSessionStmt = db.prepare(`SELECT * FROM sessions WHERE session_key = ?`);
+  const touchSessionStmt = db.prepare(`UPDATE sessions SET last_active_ts = ? WHERE session_key = ?`);
+  const clearSessionIdStmt = db.prepare(`DELETE FROM sessions WHERE session_key = ?`);
+
+  const getMessageStmt = db.prepare(`
+    SELECT * FROM messages WHERE chat_id = ? AND msg_id = ?
+    ORDER BY id DESC LIMIT 1
+  `);
+
+  const setMessageTextStmt = db.prepare(`
+    UPDATE messages
+       SET text = @text,
+           attachments_json = COALESCE(@attachments_json, attachments_json)
+     WHERE chat_id = @chat_id AND msg_id = @msg_id
+  `);
+
+  const logChatMigrationStmt = db.prepare(`
+    INSERT OR REPLACE INTO chat_migrations (old_chat_id, new_chat_id, migrated_ts)
+    VALUES (?, ?, ?)
+  `);
+
+  const resolveChatIdStmt = db.prepare(`
+    SELECT new_chat_id FROM chat_migrations WHERE old_chat_id = ?
+  `);
+
+  const logEventStmt = db.prepare(`
+    INSERT INTO events (ts, chat_id, kind, detail_json)
+    VALUES (?, ?, ?, ?)
+  `);
+
+  const logConfigChangeStmt = db.prepare(`
+    INSERT INTO config_changes (
+      chat_id, thread_id, field, old_value, new_value,
+      user_id, user, source, ts
+    ) VALUES (
+      @chat_id, @thread_id, @field, @old_value, @new_value,
+      @user_id, @user, @source, @ts
+    )
+  `);
+
+  const markStalePendingStmt = db.prepare(`
+    UPDATE messages SET status = 'failed', error = 'crashed-mid-send'
+    WHERE status = 'pending' AND ts < ?
+  `);
+  const markStalePendingForBotStmt = db.prepare(`
+    UPDATE messages SET status = 'failed', error = 'crashed-mid-send'
+    WHERE status = 'pending' AND ts < ? AND bot_name = ?
+  `);
+
+  return {
+    raw: db,
+
+    insertMessage(row) {
+      return insertMessageStmt.run({
+        chat_id: String(row.chat_id),
+        thread_id: row.thread_id ? String(row.thread_id) : null,
+        msg_id: row.msg_id,
+        user: row.user || null,
+        user_id: row.user_id || null,
+        text: row.text || '',
+        reply_to_id: row.reply_to_id || null,
+        direction: row.direction || 'in',
+        source: row.source || 'bridge',
+        bot_name: row.bot_name || null,
+        attachments_json: row.attachments_json || null,
+        session_id: row.session_id || null,
+        model: row.model || null,
+        effort: row.effort || null,
+        turn_id: row.turn_id || null,
+        status: row.status || 'received',
+        error: row.error || null,
+        cost_usd: row.cost_usd ?? null,
+        ts: row.ts || Date.now(),
+      });
+    },
+
+    insertOutboundPending(row) {
+      return insertOutboundPendingStmt.run({
+        chat_id: String(row.chat_id),
+        thread_id: row.thread_id ? String(row.thread_id) : null,
+        user: row.user || null,
+        text: row.text || '',
+        source: row.source || 'bridge',
+        bot_name: row.bot_name || null,
+        turn_id: row.turn_id || null,
+        session_id: row.session_id || null,
+        ts: row.ts || Date.now(),
+        pending_id: row.pending_id,
+      });
+    },
+
+    markOutboundSent(id, { msg_id, ts }) {
+      return markOutboundSentStmt.run({ id, msg_id, ts: ts || Date.now() });
+    },
+
+    markOutboundFailed(id, err) {
+      return markOutboundFailedStmt.run({ id, error: String(err).slice(0, 500) });
+    },
+
+    upsertSession(row) {
+      return upsertSessionStmt.run({
+        session_key: row.session_key,
+        chat_id: String(row.chat_id),
+        thread_id: row.thread_id ? String(row.thread_id) : null,
+        claude_session_id: row.claude_session_id,
+        agent: row.agent || null,
+        cwd: row.cwd || null,
+        model: row.model || null,
+        effort: row.effort || null,
+        ts: row.ts || Date.now(),
+      });
+    },
+
+    getSession(sessionKey) {
+      return getSessionStmt.get(sessionKey);
+    },
+
+    touchSession(sessionKey, ts = Date.now()) {
+      return touchSessionStmt.run(ts, sessionKey);
+    },
+
+    clearSessionId(sessionKey) {
+      return clearSessionIdStmt.run(sessionKey);
+    },
+
+    getMessage(chatId, msgId) {
+      return getMessageStmt.get(String(chatId), msgId);
+    },
+
+    setMessageText({ chat_id, msg_id, text, attachments_json = null }) {
+      return setMessageTextStmt.run({
+        chat_id: String(chat_id),
+        msg_id,
+        text: text ?? '',
+        attachments_json,
+      });
+    },
+
+    logChatMigration(oldChatId, newChatId, ts = Date.now()) {
+      return logChatMigrationStmt.run(String(oldChatId), String(newChatId), ts);
+    },
+
+    resolveChatId(chatId) {
+      const row = resolveChatIdStmt.get(String(chatId));
+      return row?.new_chat_id || String(chatId);
+    },
+
+    logEvent(kind, { chat_id = null, ...detail } = {}) {
+      return logEventStmt.run(
+        Date.now(),
+        chat_id ? String(chat_id) : null,
+        kind,
+        Object.keys(detail).length ? JSON.stringify(detail) : null,
+      );
+    },
+
+    logConfigChange(row) {
+      return logConfigChangeStmt.run({
+        chat_id: String(row.chat_id),
+        thread_id: row.thread_id ? String(row.thread_id) : null,
+        field: row.field,
+        old_value: row.old_value ?? null,
+        new_value: row.new_value,
+        user_id: row.user_id || null,
+        user: row.user || null,
+        source: row.source || 'command',
+        ts: row.ts || Date.now(),
+      });
+    },
+
+    markStalePending(olderThanMs = 60_000, botName = null) {
+      const cutoff = Date.now() - olderThanMs;
+      if (botName) return markStalePendingForBotStmt.run(cutoff, botName);
+      return markStalePendingStmt.run(cutoff);
+    },
+  };
+}
+
+module.exports = { open };

package/lib/history.js

@@ -0,0 +1,149 @@
+/**
+ * Read-only query helpers against the bridge transcript DB.
+ *
+ * All functions take an opened DB wrapper (from `lib/db.js` or a read-only
+ * handle). Bot-scope isolation is enforced here: pass `allowedChatIds` and
+ * no result will leak outside that list.
+ */
+
+const HARD_LIMIT = 500;
+
+function clampLimit(limit, defaultLimit = 20) {
+  const n = Number(limit) || defaultLimit;
+  if (n < 1) return 1;
+  if (n > HARD_LIMIT) return HARD_LIMIT;
+  return Math.floor(n);
+}
+
+function parseSinceMs(since) {
+  if (!since) return null;
+  const m = String(since).match(/^(\d+)\s*(h|d|m)?$/i);
+  if (!m) return null;
+  const n = parseInt(m[1], 10);
+  const unit = (m[2] || 'd').toLowerCase();
+  const ms = unit === 'h' ? 3_600_000 : unit === 'm' ? 60_000 : 86_400_000;
+  return n * ms;
+}
+
+// Scope semantics:
+//   allowedChatIds === null        → scope disabled (admin/global)
+//   allowedChatIds === []          → deny all (bot owns no chats yet)
+//   allowedChatIds === [id, ...]   → restrict to those chats
+// Empty array must NOT be conflated with null, or a newly-configured bot
+// with no chats yet would see the entire transcript.
+function withChatScope(sql, params, allowedChatIds, column = 'chat_id') {
+  if (allowedChatIds === null || allowedChatIds === undefined) return { sql, params };
+  const joiner = /where/i.test(sql) ? ' AND' : ' WHERE';
+  if (allowedChatIds.length === 0) {
+    return { sql: `${sql}${joiner} 1=0`, params };
+  }
+  const placeholders = allowedChatIds.map(() => '?').join(',');
+  return {
+    sql: `${sql}${joiner} ${column} IN (${placeholders})`,
+    params: [...params, ...allowedChatIds.map(String)],
+  };
+}
+
+/**
+ * FTS5 input sanitizer. Wraps each whitespace-separated token in double
+ * quotes so special operators (AND/OR/NEAR/*) become literals.
+ */
+function fts5Escape(query) {
+  return String(query || '')
+    .split(/\s+/)
+    .filter(Boolean)
+    .map((t) => '"' + t.replace(/"/g, '""') + '"')
+    .join(' ');
+}
+
+function recent(db, { chatId, threadId = null, limit = 20, since = null, includeOutbound = true, allowedChatIds = null } = {}) {
+  const clamped = clampLimit(limit);
+  let sql = 'SELECT * FROM messages WHERE chat_id = ?';
+  const params = [String(chatId)];
+  if (threadId) { sql += ' AND thread_id = ?'; params.push(String(threadId)); }
+  if (!includeOutbound) sql += ` AND direction = 'in'`;
+  const sinceMs = parseSinceMs(since);
+  if (sinceMs) { sql += ' AND ts >= ?'; params.push(Date.now() - sinceMs); }
+  const scoped = withChatScope(sql, params, allowedChatIds);
+  scoped.sql += ' ORDER BY ts DESC LIMIT ?';
+  return db.raw.prepare(scoped.sql).all(...scoped.params, clamped).reverse();
+}
+
+function around(db, { chatId, msgId, before = 5, after = 5, allowedChatIds = null } = {}) {
+  const chat = String(chatId);
+  if (allowedChatIds && !allowedChatIds.map(String).includes(chat)) return [];
+  const anchor = db.raw.prepare('SELECT * FROM messages WHERE chat_id = ? AND msg_id = ? ORDER BY id DESC LIMIT 1').get(chat, msgId);
+  if (!anchor) return [];
+  const b = Math.min(Math.max(0, Number(before) || 0), HARD_LIMIT);
+  const a = Math.min(Math.max(0, Number(after) || 0), HARD_LIMIT);
+  const beforeRows = db.raw.prepare('SELECT * FROM messages WHERE chat_id = ? AND ts < ? ORDER BY ts DESC LIMIT ?').all(chat, anchor.ts, b).reverse();
+  const afterRows = db.raw.prepare('SELECT * FROM messages WHERE chat_id = ? AND ts > ? ORDER BY ts ASC LIMIT ?').all(chat, anchor.ts, a);
+  return [...beforeRows, anchor, ...afterRows];
+}
+
+function search(db, { query, chatId = null, threadId = null, user = null, days = null, limit = 20, allowedChatIds = null } = {}) {
+  const q = fts5Escape(query);
+  if (!q) return [];
+  const clamped = clampLimit(limit);
+  let sql = `
+    SELECT m.* FROM messages_fts
+    JOIN messages m ON m.id = messages_fts.rowid
+    WHERE messages_fts MATCH ?
+  `;
+  const params = [q];
+  if (chatId) { sql += ' AND m.chat_id = ?'; params.push(String(chatId)); }
+  if (threadId) { sql += ' AND m.thread_id = ?'; params.push(String(threadId)); }
+  if (user) { sql += ' AND m.user LIKE ?'; params.push(`%${user}%`); }
+  if (days) { sql += ' AND m.ts >= ?'; params.push(Date.now() - days * 86_400_000); }
+  const scoped = withChatScope(sql, params, allowedChatIds, 'm.chat_id');
+  scoped.sql += ' ORDER BY m.ts DESC LIMIT ?';
+  return db.raw.prepare(scoped.sql).all(...scoped.params, clamped);
+}
+
+function byUser(db, { user, chatId = null, threadId = null, days = 7, limit = 50, allowedChatIds = null } = {}) {
+  const clamped = clampLimit(limit, 50);
+  let sql = 'SELECT * FROM messages WHERE user LIKE ?';
+  const params = [`%${user}%`];
+  if (chatId) { sql += ' AND chat_id = ?'; params.push(String(chatId)); }
+  if (threadId) { sql += ' AND thread_id = ?'; params.push(String(threadId)); }
+  if (days) { sql += ' AND ts >= ?'; params.push(Date.now() - days * 86_400_000); }
+  const scoped = withChatScope(sql, params, allowedChatIds);
+  scoped.sql += ' ORDER BY ts DESC LIMIT ?';
+  return db.raw.prepare(scoped.sql).all(...scoped.params, clamped);
+}
+
+function getMsg(db, { msgId, chatId = null, allowedChatIds = null } = {}) {
+  let sql = 'SELECT * FROM messages WHERE msg_id = ?';
+  const params = [msgId];
+  if (chatId) { sql += ' AND chat_id = ?'; params.push(String(chatId)); }
+  const scoped = withChatScope(sql, params, allowedChatIds);
+  scoped.sql += ' ORDER BY id DESC LIMIT 1';
+  return db.raw.prepare(scoped.sql).get(...scoped.params) || null;
+}
+
+function stats(db, { chatId = null, threadId = null, days = 7, allowedChatIds = null } = {}) {
+  const sinceTs = Date.now() - days * 86_400_000;
+  let sql = `SELECT user, direction, COUNT(*) AS count FROM messages WHERE ts >= ?`;
+  const params = [sinceTs];
+  if (chatId) { sql += ' AND chat_id = ?'; params.push(String(chatId)); }
+  if (threadId) { sql += ' AND thread_id = ?'; params.push(String(threadId)); }
+  const scoped = withChatScope(sql, params, allowedChatIds);
+  scoped.sql += ' GROUP BY user, direction ORDER BY count DESC';
+  return db.raw.prepare(scoped.sql).all(...scoped.params);
+}
+
+function formatPretty(rows) {
+  return rows.map((r) => {
+    const d = new Date(r.ts);
+    const hhmm = `${String(d.getHours()).padStart(2, '0')}:${String(d.getMinutes()).padStart(2, '0')}`;
+    const who = r.direction === 'out' ? `[bot:${r.bot_name || '?'}]` : (r.user || '?');
+    const text = (r.text || '').replace(/\s+/g, ' ').slice(0, 200);
+    return `[${hhmm}] ${who}: ${text} (msg ${r.msg_id})`;
+  }).join('\n');
+}
+
+module.exports = {
+  recent, around, search, byUser, getMsg, stats,
+  formatPretty, fts5Escape, parseSinceMs, clampLimit,
+  HARD_LIMIT,
+};

package/lib/inbox.js

@@ -0,0 +1,34 @@
+/**
+ * Inbox on-disk helpers.
+ *
+ * `sweepInbox(dir, maxAgeMs)` deletes files under each chat subdir whose
+ * mtime is older than `maxAgeMs`. Called on bridge boot so a long-running
+ * bridge doesn't accumulate every file a user has ever sent.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+function sweepInbox(dir, maxAgeMs) {
+  if (!fs.existsSync(dir)) return { swept: 0, bytes: 0 };
+  const cutoff = Date.now() - maxAgeMs;
+  let swept = 0;
+  let bytes = 0;
+  for (const chatDir of fs.readdirSync(dir)) {
+    const full = path.join(dir, chatDir);
+    let stat;
+    try { stat = fs.statSync(full); } catch { continue; }
+    if (!stat.isDirectory()) continue;
+    for (const f of fs.readdirSync(full)) {
+      const p = path.join(full, f);
+      let s;
+      try { s = fs.statSync(p); } catch { continue; }
+      if (s.isFile() && s.mtimeMs < cutoff) {
+        try { fs.unlinkSync(p); swept++; bytes += s.size; } catch {}
+      }
+    }
+  }
+  return { swept, bytes };
+}
+
+module.exports = { sweepInbox };

package/lib/ipc-client.js

@@ -0,0 +1,114 @@
+/**
+ * Client for the bridge's unix socket IPC.
+ *
+ * One-shot request-reply: open connection, write one JSON line, read one
+ * JSON line, close. Used by the approval hook script (and, eventually,
+ * cron bridge callers).
+ */
+
+const net = require('net');
+const fs = require('fs');
+
+const DEFAULT_CONNECT_TIMEOUT_MS = 5_000;
+const DEFAULT_CALL_TIMEOUT_MS = 5 * 60 * 1000;
+
+function socketPathFor(botName) {
+  return `/tmp/polygram-${botName}.sock`;
+}
+
+function secretPathFor(botName) {
+  return `/tmp/polygram-${botName}.secret`;
+}
+
+/**
+ * Read the IPC secret for a bot. Prefers BRIDGE_IPC_SECRET env var (set by
+ * the bridge when spawning Claude subprocesses) over the file (used by
+ * cron and external callers that aren't bridge children). Missing secret
+ * is not an error — caller decides whether to send it.
+ */
+function readSecret(botName) {
+  if (process.env.BRIDGE_IPC_SECRET) return process.env.BRIDGE_IPC_SECRET;
+  try { return fs.readFileSync(secretPathFor(botName), 'utf8').trim(); }
+  catch { return null; }
+}
+
+function call({
+  path, op, payload = {}, id = null, secret = null,
+  connectTimeoutMs = DEFAULT_CONNECT_TIMEOUT_MS,
+  callTimeoutMs = DEFAULT_CALL_TIMEOUT_MS,
+}) {
+  return new Promise((resolve, reject) => {
+    const sock = net.createConnection({ path });
+    let resolved = false;
+    const finish = (err, res) => {
+      if (resolved) return;
+      resolved = true;
+      try { sock.destroy(); } catch {}
+      clearTimeout(connectTimer);
+      clearTimeout(callTimer);
+      if (err) reject(err); else resolve(res);
+    };
+
+    const connectTimer = setTimeout(
+      () => finish(new Error(`connect timeout after ${connectTimeoutMs}ms: ${path}`)),
+      connectTimeoutMs,
+    );
+    const callTimer = setTimeout(
+      () => finish(new Error(`call timeout after ${callTimeoutMs}ms`)),
+      callTimeoutMs,
+    );
+
+    let buf = '';
+    sock.on('connect', () => {
+      clearTimeout(connectTimer);
+      const envelope = { op, id, ...payload };
+      if (secret) envelope.secret = secret;
+      sock.write(JSON.stringify(envelope) + '\n');
+    });
+    sock.on('data', (chunk) => {
+      buf += chunk.toString('utf8');
+      const nl = buf.indexOf('\n');
+      if (nl === -1) return;
+      const line = buf.slice(0, nl);
+      try {
+        finish(null, JSON.parse(line));
+      } catch (err) {
+        finish(new Error(`bad json reply: ${err.message}`));
+      }
+    });
+    sock.on('error', (err) => finish(err));
+    sock.on('close', () => {
+      if (!resolved) finish(new Error('socket closed without reply'));
+    });
+  });
+}
+
+/**
+ * Convenience: send a Telegram message (or other allowed method) via the
+ * owning bot's IPC socket. Cron's preferred replacement for talking to
+ * `lib/telegram.js` directly.
+ *
+ * On failure returns { ok: false, error }. Callers should surface the error
+ * to their own monitoring — silently eating it is how cron outages go unnoticed.
+ */
+async function tell(bot, method, params = {}, opts = {}) {
+  const path = opts.path || socketPathFor(bot);
+  const secret = opts.secret !== undefined ? opts.secret : readSecret(bot);
+  const res = await call({
+    path,
+    op: 'send',
+    id: opts.id || null,
+    secret,
+    payload: { method, params, source: opts.source || `cron:${process.argv[1]?.split('/').pop() || 'unknown'}` },
+    connectTimeoutMs: opts.connectTimeoutMs,
+    callTimeoutMs: opts.callTimeoutMs,
+  });
+  if (!res.ok) {
+    const err = new Error(`bridge IPC: ${res.error || 'unknown error'}`);
+    err.cause = res;
+    throw err;
+  }
+  return res.result;
+}
+
+module.exports = { call, tell, socketPathFor, secretPathFor, readSecret };