sanook-cli 0.5.7 → 0.5.8

package/dist/dashboard/api-helpers.js

@@ -1,5 +1,5 @@
 import { readFile, readdir, stat } from 'node:fs/promises';
-import { join, resolve, relative } from 'node:path';
+import { join, resolve, relative, isAbsolute } from 'node:path';
 import { homedir } from 'node:os';
 import { appHomePath, BRAND } from '../brand.js';
 import { loadConfig } from '../config.js';
@@ -54,12 +54,21 @@ export async function dashboardLogsTail(maxLines = 200) {
 function safeRoot(root) {
     return resolve(root);
 }
+/**
+ * True only if `target` is the root itself or strictly inside it. Uses path.relative (not startsWith)
+ * so a sibling dir sharing the root's name-prefix (e.g. .sanook-secrets vs .sanook) and absolute-path
+ * escapes are both rejected — prevents directory traversal in the dashboard file API.
+ */
+function isWithin(target, root) {
+    const rel = relative(safeRoot(root), target);
+    return !rel.startsWith('..') && !isAbsolute(rel);
+}
 export async function dashboardListFiles(subpath = '') {
     const config = await loadConfig({});
     const roots = [appHomePath(), config.brainPath ? resolve(config.brainPath) : null].filter(Boolean);
     const root = safeRoot(roots[0] ?? appHomePath());
     const target = safeRoot(join(root, subpath.replace(/^\/+/, '')));
-    if (!target.startsWith(root) && !roots.some((r) => target.startsWith(safeRoot(r)))) {
+    if (!roots.some((r) => isWithin(target, r))) {
         throw new Error('path not allowed');
     }
     const entries = await readdir(target, { withFileTypes: true });
@@ -75,7 +84,7 @@ export async function dashboardReadFile(subpath) {
     const config = await loadConfig({});
     const allowedRoots = [appHomePath(), config.brainPath ? resolve(config.brainPath) : null].filter(Boolean);
     const target = safeRoot(subpath.startsWith('/') ? subpath : join(appHomePath(), subpath));
-    if (!allowedRoots.some((root) => target.startsWith(safeRoot(root))))
+    if (!allowedRoots.some((root) => isWithin(target, root)))
         throw new Error('path not allowed');
     const info = await stat(target);
     if (!info.isFile())
@@ -85,3 +94,103 @@ export async function dashboardReadFile(subpath) {
     const content = await readFile(target, 'utf8');
     return { path: relative(homedir(), target) || target, content };
 }
+export async function dashboardSkills() {
+    const { loadSkills } = await import('../skills.js');
+    const { loadLedger } = await import('../self-improve.js');
+    const [skills, ledger] = await Promise.all([loadSkills(), loadLedger().catch(() => ({ families: [] }))]);
+    const autoNames = new Set((ledger.families ?? []).map((f) => f.skillName).filter((n) => Boolean(n)));
+    return {
+        skills: skills.map((s) => ({
+            name: s.name,
+            description: s.description,
+            whenToUse: s.whenToUse ?? null,
+            auto: autoNames.has(s.name),
+        })),
+    };
+}
+export async function dashboardMemory() {
+    const { loadStore, activeFacts } = await import('../memory-store.js');
+    const config = await loadConfig({});
+    const store = await loadStore();
+    const facts = activeFacts(store)
+        .slice()
+        .sort((a, b) => b.lastAccessed - a.lastAccessed)
+        .map((f) => ({
+        id: f.id,
+        text: f.text,
+        noteType: f.noteType,
+        trust: f.trust,
+        tier: f.tier,
+        importance: Math.round(f.importance * 100) / 100,
+        created: f.created,
+        lastAccessed: f.lastAccessed,
+        accessCount: f.accessCount,
+    }));
+    return { facts, brainPath: config.brainPath ?? null };
+}
+// ---- Usage / cost ledger ---------------------------------------------------
+export async function dashboardUsage() {
+    const { loadUsageEvents, aggregateUsageEvents } = await import('../usage-ledger.js');
+    const events = await loadUsageEvents();
+    const daily = aggregateUsageEvents(events, 'daily').slice(-30);
+    const totals = events.reduce((acc, e) => {
+        acc.turns += 1;
+        acc.inputTokens += e.inputTokens;
+        acc.outputTokens += e.outputTokens;
+        acc.totalTokens += e.inputTokens + e.outputTokens + e.cacheReadTokens + e.cacheWriteTokens;
+        acc.costUsd += e.costUsd ?? 0;
+        return acc;
+    }, { turns: 0, inputTokens: 0, outputTokens: 0, totalTokens: 0, costUsd: 0 });
+    return { totals, daily };
+}
+// ---- Install commands (multi-platform) -------------------------------------
+export {} from '../install-info.js';
+import { dashboardInstallPayload } from '../install-info.js';
+export function dashboardInstall() {
+    return dashboardInstallPayload();
+}
+export async function dashboardPersona() {
+    const { loadPersonaAnswers } = await import('../memory.js');
+    const { PERSONA_QUESTIONS } = await import('../persona.js');
+    const { BRAND } = await import('../brand.js');
+    const config = await loadConfig({});
+    const brainPath = config.brainPath ?? null;
+    const answers = await loadPersonaAnswers();
+    const rows = PERSONA_QUESTIONS.map((q) => {
+        const v = (answers[q.id] ?? '').trim();
+        return {
+            id: q.id,
+            label: q.label,
+            value: v,
+            display: v ? (q.type === 'select' ? (q.options?.find((o) => o.value === v)?.label ?? v) : v) : '—',
+        };
+    });
+    const hasProfile = rows.some((r) => r.value);
+    const profilePath = brainPath ? `${brainPath}/Shared/User-Persona/persona.md` : null;
+    return {
+        brainPath,
+        profilePath,
+        rows,
+        hasProfile,
+        cliCommand: `${BRAND.cliName} persona`,
+    };
+}
+export async function dashboardSelfImprove() {
+    const { loadLedger } = await import('../self-improve.js');
+    const { selfImproveEnabled, selfImproveThreshold } = await import('../brand.js');
+    const ledger = await loadLedger();
+    const families = (ledger.families ?? [])
+        .slice()
+        .sort((a, b) => b.lastSeen - a.lastSeen)
+        .map((f) => ({
+        sig: f.sig,
+        terms: f.terms,
+        sample: f.samples[f.samples.length - 1] ?? '',
+        count: f.count,
+        skillCreated: f.skillCreated,
+        skillName: f.skillName,
+        firstSeen: f.firstSeen,
+        lastSeen: f.lastSeen,
+    }));
+    return { enabled: selfImproveEnabled(), threshold: selfImproveThreshold(), families };
+}

package/dist/dashboard/server.js

@@ -29,6 +29,17 @@ function json(res, status, body) {
     res.writeHead(status, { 'Content-Type': 'application/json; charset=utf-8' });
     res.end(`${JSON.stringify(body)}\n`);
 }
+async function packageVersion() {
+    if (process.env.npm_package_version)
+        return process.env.npm_package_version;
+    try {
+        const pkg = JSON.parse(await readFile(new URL('../../package.json', import.meta.url), 'utf8'));
+        return typeof pkg.version === 'string' && pkg.version ? pkg.version : 'dev';
+    }
+    catch {
+        return 'dev';
+    }
+}
 async function handleApi(req, res, pathname) {
     if (req.method === 'GET' && pathname === '/api/status') {
         const config = await loadConfig({});
@@ -36,7 +47,7 @@ async function handleApi(req, res, pathname) {
         json(res, 200, {
             product: 'Sanook Dashboard',
             cli: BRAND.cliName,
-            version: process.env.npm_package_version ?? 'dev',
+            version: await packageVersion(),
             model: config.model,
             locale: config.locale,
             brainPath: config.brainPath ?? null,
@@ -91,6 +102,53 @@ async function handleApi(req, res, pathname) {
         json(res, 200, await dashboardListFiles(sub));
         return true;
     }
+    if (req.method === 'GET' && pathname === '/api/skills') {
+        const { dashboardSkills } = await import('./api-helpers.js');
+        json(res, 200, await dashboardSkills());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/memory') {
+        const { dashboardMemory } = await import('./api-helpers.js');
+        json(res, 200, await dashboardMemory());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/usage') {
+        const { dashboardUsage } = await import('./api-helpers.js');
+        json(res, 200, await dashboardUsage());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/self-improve') {
+        const { dashboardSelfImprove } = await import('./api-helpers.js');
+        json(res, 200, await dashboardSelfImprove());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/install') {
+        const { dashboardInstall } = await import('./api-helpers.js');
+        json(res, 200, dashboardInstall());
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/persona') {
+        const { dashboardPersona } = await import('./api-helpers.js');
+        json(res, 200, await dashboardPersona());
+        return true;
+    }
+    if (req.method === 'POST' && pathname === '/api/terminal/run') {
+        const { handleTerminalRun } = await import('./terminal.js');
+        await handleTerminalRun(req, res);
+        return true;
+    }
+    if (req.method === 'POST' && pathname === '/api/terminal/reset') {
+        const url = new URL(req.url ?? '/', 'http://local');
+        const { resetTerminalSession } = await import('./terminal.js');
+        resetTerminalSession(url.searchParams.get('session') ?? 'web');
+        json(res, 200, { ok: true });
+        return true;
+    }
+    if (req.method === 'GET' && pathname === '/api/terminal/shell-status') {
+        const { shellStatus } = await import('./terminal.js');
+        json(res, 200, await shellStatus());
+        return true;
+    }
     if (req.method === 'GET' && pathname === '/api/chat/status') {
         json(res, 200, {
             hint: `Use ${BRAND.cliName} in terminal, or start ${BRAND.cliName} serve for HTTP chat`,
@@ -146,6 +204,22 @@ async function serveStatic(res, staticDir, pathname) {
         }
     }
 }
+async function serveInstallScript(res, pathname) {
+    if (pathname !== '/install.sh' && pathname !== '/install.ps1')
+        return false;
+    const root = join(fileURLToPath(new URL('.', import.meta.url)), '..', '..');
+    const name = pathname === '/install.sh' ? 'install.sh' : 'install.ps1';
+    try {
+        const body = await readFile(join(root, 'scripts', name), 'utf8');
+        res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8', 'Cache-Control': 'public, max-age=300' });
+        res.end(body);
+    }
+    catch {
+        res.writeHead(404);
+        res.end('install script not found');
+    }
+    return true;
+}
 export async function startDashboardServer(opts = {}) {
     const port = opts.port ?? 9119;
     const host = opts.host ?? '127.0.0.1';
@@ -161,6 +235,8 @@ export async function startDashboardServer(opts = {}) {
                 json(res, 404, { error: 'not found' });
                 return;
             }
+            if (req.method === 'GET' && (await serveInstallScript(res, url.pathname)))
+                return;
             await serveStatic(res, staticDir, url.pathname);
         }
         catch (e) {
@@ -171,6 +247,14 @@ export async function startDashboardServer(opts = {}) {
         server.once('error', reject);
         server.listen(port, host, () => resolve());
     });
+    // raw shell over ws (no-op if node-pty/ws not installed)
+    try {
+        const { attachShell } = await import('./terminal.js');
+        await attachShell(server);
+    }
+    catch {
+        /* optional */
+    }
     log(`Sanook Dashboard — http://${host}:${port}`);
     return () => server.close();
 }