sandtable 0.3.1 → 0.4.0

package/dashboard/dashboard.html

@@ -285,10 +285,12 @@ body.filter-active #left{border-right-color:#d5dce6}
     <div id="tree-tabs">
       <button class="on" data-c="all">全部</button>
       <button data-c="roadmap">路线图</button>
+      <button data-c="todo">待办</button>
       <button data-c="decision">决策</button>
       <button data-c="spec">规格</button>
       <button data-c="convention">纪律</button>
       <button data-c="ops">运维</button>
+
       <button data-c="archive">档案</button>
     </div>
     <div id="tree"></div>
@@ -358,9 +360,9 @@ function toggleTagCat(cn){
   if(expandedTagCats[cn]){expandedTagCats[cn]=false}else{expandedTagCats[cn]=true}
   renderTagBar();
 }
-var CLABEL = {roadmap:'路线图与进度',decision:'决策记录',spec:'业务规格',convention:'协作纪律',ops:'运维与基建',archive:'历史档案',template:'工具模板',unknown:'未分类'};
-var PRIMARY = {roadmap:1,decision:1};
-var ETYPE = {phase:'roadmap',milestone:'roadmap',task:'roadmap',subtask:'roadmap',roadmap:'roadmap',backlog:'roadmap',conclusion:'roadmap',decision:'decision',refactor:'decision',spec:'spec',intent:'spec',prompt:'spec',convention:'convention',agent:'ops',runbook:'ops',journal:'archive',handover:'archive',plan_doc:'archive',template:'template'};
+var CLABEL = {roadmap:'路线图与进度',todo:'待办清单',decision:'决策记录',spec:'业务规格',convention:'协作纪律',ops:'运维与基建',archive:'历史档案',template:'工具模板',unknown:'未分类'};
+var PRIMARY = {roadmap:1,decision:1,todo:1};
+var ETYPE = {phase:'roadmap',milestone:'roadmap',task:'roadmap',subtask:'roadmap',roadmap:'roadmap',backlog:'todo',todo:'todo',conclusion:'roadmap',decision:'decision',refactor:'decision',spec:'spec',intent:'spec',prompt:'spec',convention:'convention',agent:'ops',runbook:'ops',optimization:'roadmap',journal:'archive',handover:'archive',plan_doc:'archive',template:'template'};
 function normCat(c){if(!c)return'unknown';var m={conventions:'convention',specs:'spec',decisions:'decision',plans:'roadmap',journals:'archive',journal:'archive'};return m[c]||c}
 function normTg(tg){if(!tg||tg==='archived')return'past';return tg}
 

package/harness/install-hooks.sh

@@ -1,17 +1,53 @@
 #!/bin/sh
 # Install sandtable git hooks into the current repo
-# Usage: sh harness/install-hooks.sh [project-root]
+# Usage: sh harness/install-hooks.sh [project-root] [--force]
+
+ROOT=""
+FORCE=0
+for arg in "$@"; do
+  case "$arg" in
+    --force) FORCE=1 ;;
+    *) ROOT="$arg" ;;
+  esac
+done
+ROOT="${ROOT:-$(pwd)}"
 
-ROOT="${1:-$(pwd)}"
 HOOKS_DIR="$ROOT/.git/hooks"
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 
 if [ ! -d "$HOOKS_DIR" ]; then
   echo "Error: not a git repository (no .git/hooks)"
   exit 1
 fi
 
-cp harness/post-commit "$HOOKS_DIR/post-commit.sandtable"
-cp harness/post-merge "$HOOKS_DIR/post-merge.sandtable"
+# ---- Conflict detection: check for existing non-sandtable hooks ----
+CONFLICTS=""
+for hook in post-commit post-merge; do
+  HOOK_PATH="$HOOKS_DIR/$hook"
+  if [ -f "$HOOK_PATH" ] && ! grep -q "sandtable" "$HOOK_PATH" 2>/dev/null; then
+    CONFLICTS="$CONFLICTS $hook"
+  fi
+done
+
+if [ -n "$CONFLICTS" ] && [ "$FORCE" != "1" ]; then
+  echo "Error: 已有非 sandtable hook 存在:$CONFLICTS"
+  echo ""
+  echo "sandtable 不会覆盖已有 hook，以免破坏其他工具链。选项："
+  echo "  1. 手动合并: 在现有 hook 末尾添加以下行："
+  echo "     sh .git/hooks/<hook>.sandtable"
+  echo "  2. 强制覆盖: sh $(basename "$0") --force"
+  echo ""
+  echo "已有 hook 内容预览:"
+  for hook in $CONFLICTS; do
+    echo "  --- $hook ---"
+    sed 's/^/  | /' "$HOOKS_DIR/$hook"
+    echo "  -------------"
+  done
+  exit 1
+fi
+
+cp "$SCRIPT_DIR/post-commit" "$HOOKS_DIR/post-commit.sandtable"
+cp "$SCRIPT_DIR/post-merge" "$HOOKS_DIR/post-merge.sandtable"
 chmod +x "$HOOKS_DIR/post-commit.sandtable"
 chmod +x "$HOOKS_DIR/post-merge.sandtable"
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sandtable",
-  "version": "0.3.1",
+  "version": "0.4.0",
   "description": "AI 编程项目可视化指挥面板 — 双视图 dashboard，多源数据融合",
   "main": "src/cli/sandtable.js",
   "bin": {

package/server.js

@@ -5,6 +5,26 @@ const path = require('path');
 const ROOT = path.resolve(__dirname);
 const PORT = parseInt(process.env.PORT || process.argv[2], 10) || 5199;
 
+// Parse --host and --token from CLI args (safe by default: 127.0.0.1)
+let HOST = '127.0.0.1';
+let TOKEN = '';
+for (let i = 0; i < process.argv.length; i++) {
+  if (process.argv[i] === '--host' && process.argv[i + 1] && !process.argv[i + 1].startsWith('--')) {
+    HOST = process.argv[i + 1];
+    i++;
+  } else if (process.argv[i] === '--token') {
+    if (process.argv[i + 1] && !process.argv[i + 1].startsWith('--')) {
+      TOKEN = process.argv[i + 1];
+      i++;
+    } else {
+      TOKEN = require('crypto').randomBytes(16).toString('hex');
+    }
+  }
+}
+if ((HOST === '0.0.0.0' || HOST === '::') && !TOKEN) {
+  TOKEN = require('crypto').randomBytes(16).toString('hex');
+}
+
 const MIME = {
   '.html': 'text/html; charset=utf-8',
   '.css': 'text/css; charset=utf-8',
@@ -31,6 +51,27 @@ function isAllowed(filePath) {
 }
 
 http.createServer((req, res) => {
+  // Token authentication (when binding to public interface)
+  if (TOKEN) {
+    let qIdx = req.url.indexOf('?');
+    let hasToken = false;
+    if (qIdx !== -1) {
+      let qs = req.url.substring(qIdx + 1);
+      let pairs = qs.split('&');
+      for (let pi = 0; pi < pairs.length; pi++) {
+        let kv = pairs[pi].split('=');
+        if (decodeURIComponent(kv[0]) === 'token' && kv[1] === TOKEN) {
+          hasToken = true;
+          break;
+        }
+      }
+    }
+    if (!hasToken) {
+      res.writeHead(401, { 'Content-Type': 'text/plain; charset=utf-8' });
+      return res.end('401 Unauthorized — 请在 URL 后添加 ?token=' + TOKEN);
+    }
+  }
+
   let url = req.url === '/' ? '/dashboard/dashboard.html' : req.url;
   url = url.replace(/^\/(css|js)\//, '/dashboard/$1/');
 
@@ -54,7 +95,8 @@ http.createServer((req, res) => {
     res.writeHead(500, { 'Content-Type': 'text/plain' });
     res.end('500: ' + e.message);
   }
-}).listen(PORT, () => {
-  console.log('Sandtable: http://localhost:' + PORT);
+}).listen(PORT, HOST, () => {
+  console.log('Sandtable: http://' + HOST + ':' + PORT);
+  if (TOKEN) console.log('Token: ' + TOKEN + '  (访问需携带 ?token=' + TOKEN + ')');
   console.log('Project:', ROOT);
 });

package/src/cli/sandtable.js

@@ -8,7 +8,7 @@ const { exec } = require('child_process');
 const { scan } = require('../scanner/scan');
 const { build, EVENT_TYPES, classifyEventPriority } = require('../builder/build');
 
-const VERSION = '0.3.1';
+const VERSION = '0.4.0';
 const command = process.argv[2] || 'help';
 const root = process.argv[3] || process.cwd();
 
@@ -279,6 +279,79 @@ function removeFromMainDoc(filePath, dryRun) {
   return true;
 }
 
+// ---- appendToGitignore: 自动追加 sandtable 条目到 .gitignore ----
+// 使用 # sandtable:begin/end 标记包裹，uninstall 时精确擦除
+function appendToGitignore(projectRoot, dryRun) {
+  var gitignorePath = path.join(projectRoot, '.gitignore');
+  var beginMark = '# sandtable:begin';
+  var endMark = '# sandtable:end';
+  var existing = '';
+  if (fs.existsSync(gitignorePath)) {
+    existing = fs.readFileSync(gitignorePath, 'utf-8');
+    if (existing.indexOf(beginMark) !== -1) {
+      if (!dryRun) console.log('  - .gitignore 已有 sandtable 标记，跳过');
+      return false;
+    }
+  }
+
+  var block = [
+    '',
+    beginMark,
+    '# Sandtable 自动生成条目 — 请勿手动编辑此块',
+    'data/',
+    '.sandtable/token-log.jsonl',
+    '.sandtable/audit.log',
+    '.sandtable/.token',
+    endMark,
+    '',
+  ].join('\n');
+
+  if (dryRun) {
+    console.log('  [DRY-RUN] 将追加到 .gitignore:');
+    console.log('  --- diff ---');
+    console.log('  + ' + block.replace(/\n/g, '\n  + '));
+    console.log('  --- end ---');
+    return true;
+  }
+
+  writeWithBackup(gitignorePath, existing + block);
+  return true;
+}
+
+// ---- removeFromGitignore: uninstall 时擦除 sandtable gitignore 块 ----
+function removeFromGitignore(projectRoot, dryRun) {
+  var gitignorePath = path.join(projectRoot, '.gitignore');
+  var beginMark = '# sandtable:begin';
+  var endMark = '# sandtable:end';
+
+  if (!fs.existsSync(gitignorePath)) return false;
+
+  var content = fs.readFileSync(gitignorePath, 'utf-8');
+  var beginIdx = content.indexOf(beginMark);
+  var endIdx = content.indexOf(endMark);
+
+  if (beginIdx === -1 || endIdx === -1) return false;
+
+  var beforeBegin = content.lastIndexOf('\n', beginIdx);
+  if (beforeBegin === -1) beforeBegin = 0;
+
+  var afterEnd = endIdx + endMark.length;
+  if (content[afterEnd] === '\n') afterEnd++;
+  if (content[afterEnd] === '\n') afterEnd++; // consume trailing blank line
+
+  if (dryRun) {
+    console.log('  [DRY-RUN] 将从 .gitignore 移除 sandtable 块:');
+    console.log('  --- to remove ---');
+    console.log(content.substring(beforeBegin, afterEnd).replace(/^/gm, '  - '));
+    console.log('  --- end ---');
+    return true;
+  }
+
+  var cleaned = content.substring(0, beforeBegin) + content.substring(afterEnd);
+  writeWithBackup(gitignorePath, cleaned);
+  return true;
+}
+
 // ---- writeClaudeCodeHook: 创建 SessionStart 强提醒 hook ----
 function writeClaudeCodeHook(projectRoot, lang) {
   var hooksDir = path.join(projectRoot, '.claude', 'hooks');
@@ -432,7 +505,7 @@ function initCommand(projectRoot, applyMode, lang, hooksMode, injectAgentsMd) {
 
   // 2. Write .sandtable/config.json
   var config = {
-    version: '0.3.1',
+    version: '0.4.0',
     createdAt: new Date().toISOString(),
     projectRoot: projectRoot,
     paths: {
@@ -510,6 +583,13 @@ function initCommand(projectRoot, applyMode, lang, hooksMode, injectAgentsMd) {
     console.log('  ✓ 安装 SessionStart 强提醒 hook → .claude/hooks/sandtable-reminder.sh');
   }
 
+  // 8. Append sandtable entries to .gitignore (auto, always)
+  var gitignoreDryRun = !applyMode;
+  appendToGitignore(projectRoot, gitignoreDryRun);
+  if (applyMode && fs.existsSync(path.join(projectRoot, '.gitignore'))) {
+    console.log('  ✓ 追加 sandtable 条目至 .gitignore');
+  }
+
   console.log('');
   console.log('✓ 初始化完成。运行 sandtable build 生成数据，然后 sandtable serve 查看仪表盘。');
 
@@ -592,7 +672,9 @@ function enableWatchMode(projectRoot) {
   }
 }
 
-function startServer(projectRoot, port, openBrowser, watchMode) {
+function startServer(projectRoot, port, openBrowser, watchMode, host, token) {
+  host = host || '127.0.0.1';
+  token = token || '';
   const MIME = {
     '.html': 'text/html; charset=utf-8',
     '.css': 'text/css; charset=utf-8',
@@ -629,6 +711,27 @@ function startServer(projectRoot, port, openBrowser, watchMode) {
   }
 
   http.createServer(function(req, res) {
+    // Token authentication (when binding to public interface)
+    if (token) {
+      var qIdx = req.url.indexOf('?');
+      var hasToken = false;
+      if (qIdx !== -1) {
+        var qs = req.url.substring(qIdx + 1);
+        var pairs = qs.split('&');
+        for (var pi = 0; pi < pairs.length; pi++) {
+          var kv = pairs[pi].split('=');
+          if (decodeURIComponent(kv[0]) === 'token' && kv[1] === token) {
+            hasToken = true;
+            break;
+          }
+        }
+      }
+      if (!hasToken) {
+        res.writeHead(401, { 'Content-Type': 'text/plain; charset=utf-8' });
+        return res.end('401 Unauthorized — 请在 URL 后添加 ?token=' + token);
+      }
+    }
+
     var url = req.url === '/' ? '/dashboard/dashboard.html' : req.url;
     url = url.replace(/^\/(css|js)\//, '/dashboard/$1/');
 
@@ -666,9 +769,12 @@ function startServer(projectRoot, port, openBrowser, watchMode) {
       res.writeHead(500, { 'Content-Type': 'text/plain' });
       res.end('500: ' + e.message);
     }
-  }).listen(port, function() {
-    console.log('Sandtable v' + VERSION + ' — http://localhost:' + port);
+  }).listen(port, host, function() {
+    console.log('Sandtable v' + VERSION + ' — http://' + host + ':' + port);
     console.log('Project: ' + projectRoot);
+    if (token) {
+      console.log('Token: ' + token + '  (访问需携带 ?token=' + token + ')');
+    }
 
     if (watchMode) enableWatchMode(projectRoot);
 
@@ -731,7 +837,40 @@ switch (command) {
   case 'serve': {
     var port = parseInt(process.argv[3], 10) || 5199;
     var watchMode = process.argv.indexOf('--watch') !== -1;
-    startServer(process.cwd(), port, true, watchMode);
+
+    // Parse --host (default: 127.0.0.1, safe by default)
+    var hostIdx = process.argv.indexOf('--host');
+    var host = '127.0.0.1';
+    if (hostIdx !== -1 && process.argv[hostIdx + 1] && process.argv[hostIdx + 1].indexOf('--') !== 0) {
+      host = process.argv[hostIdx + 1];
+    }
+
+    // Parse --token (required when binding to 0.0.0.0)
+    var tokenIdx = process.argv.indexOf('--token');
+    var token = '';
+    var tokenPath = path.join(process.cwd(), '.sandtable', '.token');
+    if (tokenIdx !== -1) {
+      var nextArg = process.argv[tokenIdx + 1];
+      if (nextArg && nextArg.indexOf('--') !== 0) {
+        token = nextArg;
+        // Persist user-provided token
+        try { fs.writeFileSync(tokenPath, token, 'utf-8'); } catch(e) {}
+      } else {
+        token = require('crypto').randomBytes(16).toString('hex');
+        try { fs.writeFileSync(tokenPath, token, 'utf-8'); } catch(e) {}
+      }
+    }
+    if ((host === '0.0.0.0' || host === '::') && !token) {
+      // Try to load persisted token first
+      try { if (fs.existsSync(tokenPath)) token = fs.readFileSync(tokenPath, 'utf-8').trim(); } catch(e) {}
+      if (!token) {
+        token = require('crypto').randomBytes(16).toString('hex');
+        try { fs.writeFileSync(tokenPath, token, 'utf-8'); } catch(e) {}
+      }
+      console.log('⚠ 绑定 ' + host + ' 将暴露服务到网络，token: ' + token);
+    }
+
+    startServer(process.cwd(), port, true, watchMode, host, token);
     break;
   }
       case 'event-log': {
@@ -902,7 +1041,9 @@ switch (command) {
 
       var slugName = TYPE_SLUG_NAMES[typeId] || '';
       console.log('event-log: [' + event.priority + '] ' + event.type + ' — ' + title + (threadId ? ' (thread: ' + threadId + ')' : ''));
-      console.log('  (提示: 位置参数已弃用，下次推荐: --type ' + slugName + ' --title "...")');
+      if (!isNamedMode) {
+        console.log('  (提示: 位置参数已弃用，下次推荐: --type ' + slugName + ' --title "...")');
+      }
 
       // --tokens-in + --tokens-out: auto-log token usage
       if (tokensIn > 0 || tokensOut > 0) {
@@ -1060,6 +1201,18 @@ case 'token-log': {
       console.log('主文档中未找到 sandtable 注入标记。');
     }
 
+    // Check for sandtable gitignore block
+    var gitignorePath = path.join(projectRoot, '.gitignore');
+    if (fs.existsSync(gitignorePath)) {
+      var giContent = fs.readFileSync(gitignorePath, 'utf-8');
+      if (giContent.indexOf('# sandtable:begin') !== -1) {
+        if (dryRun) {
+          console.log('');
+          removeFromGitignore(projectRoot, true);
+        }
+      }
+    }
+
     if (dryRun) {
       console.log('');
       console.log('以上为 dry-run 预览。要实际删除，请运行:');
@@ -1067,6 +1220,7 @@ case 'token-log': {
       console.log('');
       console.log('注意：');
       console.log('  - sandtable 注入标记 (<!-- sandtable:begin/end -->) 可被 uninstall --apply 精确擦除');
+      console.log('  - .gitignore 中 sandtable 条目 (# sandtable:begin/end) 也会被移除');
       console.log('  - 如果你在 AGENTS.md/CLAUDE.md 中手动添加了其他 sandtable 内容，请自行删除');
       break;
     }
@@ -1080,6 +1234,10 @@ case 'token-log': {
       }
     }
 
+    // --apply: remove sandtable gitignore block
+    var giRemoved = removeFromGitignore(projectRoot, false);
+    if (giRemoved) console.log('  ✓ 从 .gitignore 移除 sandtable 条目');
+
     // --apply: delete files
     console.log('');
     console.log('正在删除...');
@@ -1132,7 +1290,7 @@ case 'token-log': {
     console.log('  sandtable init       [--apply] [--lang zh|en]  扫描环境 + 准备规则文件');
     console.log('  sandtable scan       [projectRoot]             扫描文档目录');
     console.log('  sandtable build      [projectRoot]             生成 data/*.json');
-    console.log('  sandtable serve      [port] [--watch]          启动服务 + 打开浏览器');
+    console.log('  sandtable serve      [port] [--watch] [--host <ip>] [--token <token>]  启动服务 + 打开浏览器');
     console.log('  sandtable summarize  [projectRoot]             列出缺少摘要块的文件');
     console.log('  sandtable event-log  <typeId> <title> [...]    记录人机协同事件');
     console.log('  sandtable token-log  <skill> <in> <out> [...]  追加 token 消耗日志');

package/src/scanner/scan.js

@@ -45,10 +45,10 @@ const PRIMARY_TYPES = new Set([
 ]);
 
 // ---- MECE display categories (PM 6 大分类 + template) ----
-// §10 libero PM 视角：路线图(在做什么)/决策(为什么)/规格(长什么样)/协作(怎么协作)/运维(跑在哪)/档案(走过什么路)
+// §10 libero PM 视角 — 9 大分类
 // Primary-only 类别 (roadmap, decision) 不出现在 filterType checkbox 中
 const DISPLAY_CATEGORIES = {
-  roadmap:    { label: '路线图与进度', elementTypes: ['phase', 'milestone', 'task', 'subtask', 'roadmap', 'backlog'] },
+  roadmap:    { label: '路线图与进度', elementTypes: ['phase', 'milestone', 'task', 'subtask', 'roadmap', 'backlog', 'optimization', 'todo'] },
   decision:   { label: '决策记录',     elementTypes: ['decision', 'refactor'] },
   spec:       { label: '业务规格',     elementTypes: ['spec', 'intent', 'prompt'] },
   convention: { label: '协作纪律',     elementTypes: ['convention'] },
@@ -58,7 +58,7 @@ const DISPLAY_CATEGORIES = {
 };
 
 // Primary-only categories (all elementTypes in these categories are kind=primary, show always)
-const PRIMARY_CATEGORIES = new Set(['roadmap', 'decision']);
+const PRIMARY_CATEGORIES = new Set(['roadmap', 'decision', 'todo']);
 
 function normalizeCategory(elementType) {
   for (const [cat, def] of Object.entries(DISPLAY_CATEGORIES)) {