sanook-cli 0.5.5 → 0.5.8

package/dist/config.js

@@ -4,9 +4,12 @@ import { join } from 'node:path';
 import { appHomePath, appProjectPath, BRAND } from './brand.js';
 import { projectRoot, projectTrustStatus } from './trust.js';
 import { registerPricing } from './cost.js';
-export const CONFIG_DIR = appHomePath();
-const CONFIG_PATH = join(CONFIG_DIR, 'config.json');
-const AUTH_PATH = join(CONFIG_DIR, 'auth.json'); // API keys (chmod 0600)
+export function configHomeDir() {
+    return appHomePath();
+}
+function authPath() {
+    return join(configHomeDir(), 'auth.json');
+}
 const AUTH_ENV_VAR_RE = /^[A-Za-z_][A-Za-z0-9_]*$/;
 const RESERVED_AUTH_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
 const PricingKeySchema = z.string().regex(/^[^:\s]+:\S+$/, 'key ต้องเป็น provider:model');
@@ -29,6 +32,11 @@ export const ConfigSchema = z.object({
     permissionMode: z.enum(['auto', 'ask']).default('ask'),
     // path ของ second-brain workspace ที่ scaffold ไว้ (sanook brain) — optional
     brainPath: z.string().optional(),
+    // เก็บบทสนทนาเต็ม (prompt + คำตอบ AI ทุก turn) ลง vault Sessions/*-chat.md — opt-in (vault โตไว)
+    brainTranscript: z.boolean().optional().catch(undefined),
+    // auto-maintenance: consolidate memory+vault อัตโนมัติ (รายสัปดาห์ตอน startup) + distill session → memory.
+    // default on (undefined = on); ตั้ง false เพื่อปิด หรือ env SANOOK_DISABLE_AUTO_MAINTAIN=1
+    autoMaintain: z.boolean().optional().catch(undefined),
     // pricing override/extension per "provider:model" → ทำให้ budget cap ใช้ได้กับ model ที่ยังไม่มีในตาราง
     pricing: PricingOverrideSchema.optional(),
     // ── token/cost tuning (ดู agentTuning) — .catch กันค่า config.json ผิดทำ boot พัง (agentTuning อ่าน raw + coerce เองด้วย) ──
@@ -102,6 +110,9 @@ export async function agentTuning() {
     return { cacheTtl, thinkingBudget, compaction, contextCompression, summaryModel };
 }
 const warnedBadConfigKeys = new Set();
+function globalConfigPath() {
+    return join(configHomeDir(), 'config.json');
+}
 /**
  * Validate the merged config, but degrade gracefully: a malformed strict field (bad model/maxSteps/
  * permissionMode/budgetUsd/pricing in a hand-edited config.json) is dropped to its default with a
@@ -153,7 +164,7 @@ function sanitizeUntrustedProjectConfig(cfg) {
  * (config flat — shallow merge พอ; strip undefined ใน overrides กัน override ทับ default)
  */
 export async function loadConfig(overrides = {}, cwd = process.cwd()) {
-    const global = await readJson(CONFIG_PATH);
+    const global = await readJson(globalConfigPath());
     const root = await projectRoot(cwd);
     const projectRaw = await readJson(appProjectPath(root, 'config.json'));
     const trust = await projectTrustStatus(root);
@@ -207,7 +218,7 @@ export function parsePricingOverride(raw) {
 /** ครั้งแรกที่รัน (ยังไม่มี global config) → ต้องทำ setup wizard */
 export async function isFirstRun() {
     try {
-        await readFile(CONFIG_PATH, 'utf8');
+        await readFile(globalConfigPath(), 'utf8');
         return false;
     }
     catch {
@@ -216,32 +227,32 @@ export async function isFirstRun() {
 }
 /** บันทึก global config (model/provider/locale ที่เลือกตอน setup) */
 export async function saveGlobalConfig(cfg) {
-    await mkdir(CONFIG_DIR, { recursive: true });
-    const existing = await readJson(CONFIG_PATH);
-    await writeFile(CONFIG_PATH, `${JSON.stringify({ ...existing, ...cfg }, null, 2)}\n`, { mode: 0o600 });
-    await chmod(CONFIG_PATH, 0o600).catch(() => { });
+    await mkdir(configHomeDir(), { recursive: true });
+    const existing = await readJson(globalConfigPath());
+    await writeFile(globalConfigPath(), `${JSON.stringify({ ...existing, ...cfg }, null, 2)}\n`, { mode: 0o600 });
+    await chmod(globalConfigPath(), 0o600).catch(() => { });
 }
 /** บันทึก path ของ second-brain workspace ลง global config (merge — ไม่ทับ field อื่น) */
 export async function saveBrainPath(path) {
-    await mkdir(CONFIG_DIR, { recursive: true });
-    const existing = await readJson(CONFIG_PATH);
-    await writeFile(CONFIG_PATH, `${JSON.stringify({ ...existing, brainPath: path }, null, 2)}\n`, { mode: 0o600 });
-    await chmod(CONFIG_PATH, 0o600).catch(() => { });
+    await mkdir(configHomeDir(), { recursive: true });
+    const existing = await readJson(globalConfigPath());
+    await writeFile(globalConfigPath(), `${JSON.stringify({ ...existing, brainPath: path }, null, 2)}\n`, { mode: 0o600 });
+    await chmod(globalConfigPath(), 0o600).catch(() => { });
 }
 /** อ่าน config.json ดิบ (ไม่ apply default/schema) — สำหรับ `sanook config` */
 export async function readGlobalConfigRaw() {
-    return readJson(CONFIG_PATH);
+    return readJson(globalConfigPath());
 }
 /** path ของ auth.json (ใช้โชว์ใน CLI เท่านั้น; ห้าม print raw secret) */
 export function authConfigPath() {
-    return AUTH_PATH;
+    return authPath();
 }
 function isSafeAuthEnvVarName(name) {
     return AUTH_ENV_VAR_RE.test(name) && !RESERVED_AUTH_KEYS.has(name);
 }
 /** อ่าน auth.json ดิบแบบกรองเฉพาะ string values — caller ต้อง redact ก่อนโชว์ */
 export async function readStoredAuthRaw() {
-    const raw = await readJson(AUTH_PATH);
+    const raw = await readJson(authPath());
     const auth = {};
     for (const [k, v] of Object.entries(raw)) {
         if (isSafeAuthEnvVarName(k) && typeof v === 'string')
@@ -251,44 +262,44 @@ export async function readStoredAuthRaw() {
 }
 /** merge patch ลง config.json (สำหรับ `sanook config set`) */
 export async function patchGlobalConfig(patch) {
-    await mkdir(CONFIG_DIR, { recursive: true });
-    const existing = await readJson(CONFIG_PATH);
-    await writeFile(CONFIG_PATH, `${JSON.stringify({ ...existing, ...patch }, null, 2)}\n`, { mode: 0o600 });
-    await chmod(CONFIG_PATH, 0o600).catch(() => { });
+    await mkdir(configHomeDir(), { recursive: true });
+    const existing = await readJson(globalConfigPath());
+    await writeFile(globalConfigPath(), `${JSON.stringify({ ...existing, ...patch }, null, 2)}\n`, { mode: 0o600 });
+    await chmod(globalConfigPath(), 0o600).catch(() => { });
 }
 /** บันทึก API key ลง ~/.sanook/auth.json (chmod 0600) + set env ทันทีสำหรับ session นี้ */
 export async function saveKey(envVar, key) {
     if (!isSafeAuthEnvVarName(envVar))
         throw new Error(`env var ไม่ถูกต้อง: ${envVar}`);
-    await mkdir(CONFIG_DIR, { recursive: true });
+    await mkdir(configHomeDir(), { recursive: true });
     const auth = await readStoredAuthRaw();
     auth[envVar] = key;
-    await writeFile(AUTH_PATH, `${JSON.stringify(auth, null, 2)}\n`, { mode: 0o600 });
-    await chmod(AUTH_PATH, 0o600); // เจ้าของอ่าน/เขียนเท่านั้น
+    await writeFile(authPath(), `${JSON.stringify(auth, null, 2)}\n`, { mode: 0o600 });
+    await chmod(authPath(), 0o600); // เจ้าของอ่าน/เขียนเท่านั้น
     process.env[envVar] = key;
 }
 /** ลบ key ที่ Sanook เก็บไว้ใน auth.json (ไม่แตะ env จริงของ shell ภายนอก) */
 export async function removeStoredKey(envVar) {
     if (!isSafeAuthEnvVarName(envVar))
         return false;
-    await mkdir(CONFIG_DIR, { recursive: true });
+    await mkdir(configHomeDir(), { recursive: true });
     const auth = await readStoredAuthRaw();
     if (!Object.prototype.hasOwnProperty.call(auth, envVar))
         return false;
     delete auth[envVar];
-    await writeFile(AUTH_PATH, `${JSON.stringify(auth, null, 2)}\n`, { mode: 0o600 });
-    await chmod(AUTH_PATH, 0o600).catch(() => { });
+    await writeFile(authPath(), `${JSON.stringify(auth, null, 2)}\n`, { mode: 0o600 });
+    await chmod(authPath(), 0o600).catch(() => { });
     delete process.env[envVar];
     return true;
 }
 /** ล้าง auth.json ที่ Sanook เก็บไว้ทั้งหมด */
 export async function clearStoredAuth() {
-    await mkdir(CONFIG_DIR, { recursive: true });
+    await mkdir(configHomeDir(), { recursive: true });
     const auth = await readStoredAuthRaw();
     for (const envVar of Object.keys(auth))
         delete process.env[envVar];
-    await writeFile(AUTH_PATH, '{}\n', { mode: 0o600 });
-    await chmod(AUTH_PATH, 0o600).catch(() => { });
+    await writeFile(authPath(), '{}\n', { mode: 0o600 });
+    await chmod(authPath(), 0o600).catch(() => { });
 }
 /** โหลด key จาก auth.json เข้า env ตอน boot (ไม่ override env ที่ตั้งไว้แล้ว) */
 export async function loadKeysIntoEnv() {

package/dist/cost.js

@@ -12,6 +12,14 @@ export const PRICING = {
     'openai:gpt-5.5': { input: 1.25, output: 10, cacheWrite: 1.25, cacheRead: 0.125 },
     'openai:gpt-5.4-mini': { input: 0.25, output: 2, cacheWrite: 0.25, cacheRead: 0.025 },
     'openai:gpt-5.3-codex': { input: 1.25, output: 10, cacheWrite: 1.25, cacheRead: 0.125 },
+    // OpenAI Codex delegate (ChatGPT plan — token counts are real; cost is estimated from API list price)
+    'codex:gpt-5.5': { input: 1.25, output: 10, cacheWrite: 1.25, cacheRead: 0.125 },
+    'codex:gpt-5.4': { input: 2.5, output: 15, cacheWrite: 2.5, cacheRead: 0.25 },
+    'codex:gpt-5.4-mini': { input: 0.25, output: 2, cacheWrite: 0.25, cacheRead: 0.025 },
+    'codex:gpt-5.3-codex': { input: 1.25, output: 10, cacheWrite: 1.25, cacheRead: 0.125 },
+    'codex:gpt-5.2-codex': { input: 1.25, output: 10, cacheWrite: 1.25, cacheRead: 0.125 },
+    'codex:gpt-5-codex': { input: 1.25, output: 10, cacheWrite: 1.25, cacheRead: 0.125 },
+    'codex:gpt-5.3-codex-spark': { input: 0.25, output: 2, cacheWrite: 0.25, cacheRead: 0.025 },
     // Google Gemini (≤200k context tier)
     'google:gemini-2.5-pro': { input: 1.25, output: 10, cacheWrite: 1.25, cacheRead: 0.31 },
     'google:gemini-2.5-flash': { input: 0.3, output: 2.5, cacheWrite: 0.3, cacheRead: 0.075 },
@@ -147,4 +155,16 @@ export class CostMeter {
         const budget = this.budgetUsd != null ? ` / budget $${this.budgetUsd}` : '';
         return `tokens: ${total} (in ${this.inTok} · out ${this.outTok} · cache-read ${this.cacheReadTok} · cache-write ${this.cacheWriteTok}) · cost ${cost}${budget}`;
     }
+    snapshot() {
+        return {
+            specKey: this.specKey,
+            inputTokens: this.inTok,
+            outputTokens: this.outTok,
+            cacheReadTokens: this.cacheReadTok,
+            cacheWriteTokens: this.cacheWriteTok,
+            totalTokens: this.inTok + this.outTok + this.cacheReadTok + this.cacheWriteTok,
+            costUsd: this.spent,
+            hasPricing: this.hasPricing,
+        };
+    }
 }

package/dist/dashboard/api-helpers.js

@@ -1,5 +1,5 @@
 import { readFile, readdir, stat } from 'node:fs/promises';
-import { join, resolve, relative } from 'node:path';
+import { join, resolve, relative, isAbsolute } from 'node:path';
 import { homedir } from 'node:os';
 import { appHomePath, BRAND } from '../brand.js';
 import { loadConfig } from '../config.js';
@@ -54,12 +54,21 @@ export async function dashboardLogsTail(maxLines = 200) {
 function safeRoot(root) {
     return resolve(root);
 }
+/**
+ * True only if `target` is the root itself or strictly inside it. Uses path.relative (not startsWith)
+ * so a sibling dir sharing the root's name-prefix (e.g. .sanook-secrets vs .sanook) and absolute-path
+ * escapes are both rejected — prevents directory traversal in the dashboard file API.
+ */
+function isWithin(target, root) {
+    const rel = relative(safeRoot(root), target);
+    return !rel.startsWith('..') && !isAbsolute(rel);
+}
 export async function dashboardListFiles(subpath = '') {
     const config = await loadConfig({});
     const roots = [appHomePath(), config.brainPath ? resolve(config.brainPath) : null].filter(Boolean);
     const root = safeRoot(roots[0] ?? appHomePath());
     const target = safeRoot(join(root, subpath.replace(/^\/+/, '')));
-    if (!target.startsWith(root) && !roots.some((r) => target.startsWith(safeRoot(r)))) {
+    if (!roots.some((r) => isWithin(target, r))) {
         throw new Error('path not allowed');
     }
     const entries = await readdir(target, { withFileTypes: true });
@@ -75,7 +84,7 @@ export async function dashboardReadFile(subpath) {
     const config = await loadConfig({});
     const allowedRoots = [appHomePath(), config.brainPath ? resolve(config.brainPath) : null].filter(Boolean);
     const target = safeRoot(subpath.startsWith('/') ? subpath : join(appHomePath(), subpath));
-    if (!allowedRoots.some((root) => target.startsWith(safeRoot(root))))
+    if (!allowedRoots.some((root) => isWithin(target, root)))
         throw new Error('path not allowed');
     const info = await stat(target);
     if (!info.isFile())
@@ -85,3 +94,103 @@ export async function dashboardReadFile(subpath) {
     const content = await readFile(target, 'utf8');
     return { path: relative(homedir(), target) || target, content };
 }
+export async function dashboardSkills() {
+    const { loadSkills } = await import('../skills.js');
+    const { loadLedger } = await import('../self-improve.js');
+    const [skills, ledger] = await Promise.all([loadSkills(), loadLedger().catch(() => ({ families: [] }))]);
+    const autoNames = new Set((ledger.families ?? []).map((f) => f.skillName).filter((n) => Boolean(n)));
+    return {
+        skills: skills.map((s) => ({
+            name: s.name,
+            description: s.description,
+            whenToUse: s.whenToUse ?? null,
+            auto: autoNames.has(s.name),
+        })),
+    };
+}
+export async function dashboardMemory() {
+    const { loadStore, activeFacts } = await import('../memory-store.js');
+    const config = await loadConfig({});
+    const store = await loadStore();
+    const facts = activeFacts(store)
+        .slice()
+        .sort((a, b) => b.lastAccessed - a.lastAccessed)
+        .map((f) => ({
+        id: f.id,
+        text: f.text,
+        noteType: f.noteType,
+        trust: f.trust,
+        tier: f.tier,
+        importance: Math.round(f.importance * 100) / 100,
+        created: f.created,
+        lastAccessed: f.lastAccessed,
+        accessCount: f.accessCount,
+    }));
+    return { facts, brainPath: config.brainPath ?? null };
+}
+// ---- Usage / cost ledger ---------------------------------------------------
+export async function dashboardUsage() {
+    const { loadUsageEvents, aggregateUsageEvents } = await import('../usage-ledger.js');
+    const events = await loadUsageEvents();
+    const daily = aggregateUsageEvents(events, 'daily').slice(-30);
+    const totals = events.reduce((acc, e) => {
+        acc.turns += 1;
+        acc.inputTokens += e.inputTokens;
+        acc.outputTokens += e.outputTokens;
+        acc.totalTokens += e.inputTokens + e.outputTokens + e.cacheReadTokens + e.cacheWriteTokens;
+        acc.costUsd += e.costUsd ?? 0;
+        return acc;
+    }, { turns: 0, inputTokens: 0, outputTokens: 0, totalTokens: 0, costUsd: 0 });
+    return { totals, daily };
+}
+// ---- Install commands (multi-platform) -------------------------------------
+export {} from '../install-info.js';
+import { dashboardInstallPayload } from '../install-info.js';
+export function dashboardInstall() {
+    return dashboardInstallPayload();
+}
+export async function dashboardPersona() {
+    const { loadPersonaAnswers } = await import('../memory.js');
+    const { PERSONA_QUESTIONS } = await import('../persona.js');
+    const { BRAND } = await import('../brand.js');
+    const config = await loadConfig({});
+    const brainPath = config.brainPath ?? null;
+    const answers = await loadPersonaAnswers();
+    const rows = PERSONA_QUESTIONS.map((q) => {
+        const v = (answers[q.id] ?? '').trim();
+        return {
+            id: q.id,
+            label: q.label,
+            value: v,
+            display: v ? (q.type === 'select' ? (q.options?.find((o) => o.value === v)?.label ?? v) : v) : '—',
+        };
+    });
+    const hasProfile = rows.some((r) => r.value);
+    const profilePath = brainPath ? `${brainPath}/Shared/User-Persona/persona.md` : null;
+    return {
+        brainPath,
+        profilePath,
+        rows,
+        hasProfile,
+        cliCommand: `${BRAND.cliName} persona`,
+    };
+}
+export async function dashboardSelfImprove() {
+    const { loadLedger } = await import('../self-improve.js');
+    const { selfImproveEnabled, selfImproveThreshold } = await import('../brand.js');
+    const ledger = await loadLedger();
+    const families = (ledger.families ?? [])
+        .slice()
+        .sort((a, b) => b.lastSeen - a.lastSeen)
+        .map((f) => ({
+        sig: f.sig,
+        terms: f.terms,
+        sample: f.samples[f.samples.length - 1] ?? '',
+        count: f.count,
+        skillCreated: f.skillCreated,
+        skillName: f.skillName,
+        firstSeen: f.firstSeen,
+        lastSeen: f.lastSeen,
+    }));
+    return { enabled: selfImproveEnabled(), threshold: selfImproveThreshold(), families };
+}

package/dist/dashboard/server.js

@@ -29,6 +29,17 @@ function json(res, status, body) {
     res.writeHead(status, { 'Content-Type': 'application/json; charset=utf-8' });
     res.end(`${JSON.stringify(body)}\n`);
 }
+async function packageVersion() {
+    if (process.env.npm_package_version)
+        return process.env.npm_package_version;
+    try {
+        const pkg = JSON.parse(await readFile(new URL('../../package.json', import.meta.url), 'utf8'));
+        return typeof pkg.version === 'string' && pkg.version ? pkg.version : 'dev';
+    }
+    catch {
+        return 'dev';
+    }
+}
 async function handleApi(req, res, pathname) {
     if (req.method === 'GET' && pathname === '/api/status') {
         const config = await loadConfig({});
@@ -36,7 +47,7 @@ async function handleApi(req, res, pathname) {
         json(res, 200, {
             product: 'Sanook Dashboard',
             cli: BRAND.cliName,
-            version: process.env.npm_package_version ?? 'dev',
+            version: await packageVersion(),
             model: config.model,
             locale: config.locale,
             brainPath: config.brainPath ?? null,
@@ -91,6 +102,53 @@ async function handleApi(req, res, pathname) {
         json(res, 200, await dashboardListFiles(sub));
         return true;
     }
+    if (req.method === 'GET' && pathname === '/api/skills') {
+        const { dashboardSkills } = await import('./api-helpers.js');
+        json(res, 200, await dashboardSkills());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/memory') {
+        const { dashboardMemory } = await import('./api-helpers.js');
+        json(res, 200, await dashboardMemory());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/usage') {
+        const { dashboardUsage } = await import('./api-helpers.js');
+        json(res, 200, await dashboardUsage());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/self-improve') {
+        const { dashboardSelfImprove } = await import('./api-helpers.js');
+        json(res, 200, await dashboardSelfImprove());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/install') {
+        const { dashboardInstall } = await import('./api-helpers.js');
+        json(res, 200, dashboardInstall());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/persona') {
+        const { dashboardPersona } = await import('./api-helpers.js');
+        json(res, 200, await dashboardPersona());
+        return true;
+    }
+    if (req.method === 'POST' && pathname === '/api/terminal/run') {
+        const { handleTerminalRun } = await import('./terminal.js');
+        await handleTerminalRun(req, res);
+        return true;
+    }
+    if (req.method === 'POST' && pathname === '/api/terminal/reset') {
+        const url = new URL(req.url ?? '/', 'http://local');
+        const { resetTerminalSession } = await import('./terminal.js');
+        resetTerminalSession(url.searchParams.get('session') ?? 'web');
+        json(res, 200, { ok: true });
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/terminal/shell-status') {
+        const { shellStatus } = await import('./terminal.js');
+        json(res, 200, await shellStatus());
+        return true;
+    }
     if (req.method === 'GET' && pathname === '/api/chat/status') {
         json(res, 200, {
             hint: `Use ${BRAND.cliName} in terminal, or start ${BRAND.cliName} serve for HTTP chat`,
@@ -146,6 +204,22 @@ async function serveStatic(res, staticDir, pathname) {
         }
     }
 }
+async function serveInstallScript(res, pathname) {
+    if (pathname !== '/install.sh' && pathname !== '/install.ps1')
+        return false;
+    const root = join(fileURLToPath(new URL('.', import.meta.url)), '..', '..');
+    const name = pathname === '/install.sh' ? 'install.sh' : 'install.ps1';
+    try {
+        const body = await readFile(join(root, 'scripts', name), 'utf8');
+        res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8', 'Cache-Control': 'public, max-age=300' });
+        res.end(body);
+    }
+    catch {
+        res.writeHead(404);
+        res.end('install script not found');
+    }
+    return true;
+}
 export async function startDashboardServer(opts = {}) {
     const port = opts.port ?? 9119;
     const host = opts.host ?? '127.0.0.1';
@@ -161,6 +235,8 @@ export async function startDashboardServer(opts = {}) {
                 json(res, 404, { error: 'not found' });
                 return;
             }
+            if (req.method === 'GET' && (await serveInstallScript(res, url.pathname)))
+                return;
             await serveStatic(res, staticDir, url.pathname);
         }
         catch (e) {
@@ -171,6 +247,14 @@ export async function startDashboardServer(opts = {}) {
         server.once('error', reject);
         server.listen(port, host, () => resolve());
     });
+    // raw shell over ws (no-op if node-pty/ws not installed)
+    try {
+        const { attachShell } = await import('./terminal.js');
+        await attachShell(server);
+    }
+    catch {
+        /* optional */
+    }
     log(`Sanook Dashboard — http://${host}:${port}`);
     return () => server.close();
 }