sema-cli 0.1.0

package/experiments/spike-shell-stream/mac-agent/agent.js

@@ -0,0 +1,450 @@
+const pty = require("node-pty-prebuilt-multiarch");
+const os = require("node:os");
+const { execSync } = require("node:child_process");
+const { analyze } = require("./analyzer");
+const { importPrivateKey, importPublicKey, deriveSharedSecret, deriveAesKey, encrypt, decrypt, computeFingerprint, generateKeyPair, exportPublicKey } = require("../shared/crypto");
+
+const RELAY_URL = process.env.RELAY_URL || "ws://127.0.0.1:8787/ws";
+const SESSION_ID = process.env.SESSION_ID;
+const SESSION_TOKEN = process.env.SESSION_TOKEN;
+const SHELL = process.env.SHELL || "/bin/zsh";
+const CLI_COMMAND = process.env.CLI_COMMAND || "";
+const INITIAL_COLS = Number(process.env.COLS || 80);
+const INITIAL_ROWS = Number(process.env.ROWS || 24);
+const RECONNECT_MS = 1000;
+const IDLE_TIMEOUT_MS = 3000;
+const BUFFER_MAX = 4096;
+
+// E2E encryption keys (passed from CLI via env vars)
+const MAC_PRIVATE_KEY = process.env.MAC_PRIVATE_KEY;
+const MAC_PUBLIC_KEY = process.env.MAC_PUBLIC_KEY;
+let privateKey = null;
+
+if (MAC_PRIVATE_KEY && MAC_PUBLIC_KEY) {
+  try {
+    privateKey = importPrivateKey(MAC_PRIVATE_KEY);
+    console.log("[mac-agent] E2E encryption enabled");
+  } catch (err) {
+    console.error("[mac-agent] Warning: failed to import private key, E2E disabled:", err.message);
+  }
+} else {
+  console.log("[mac-agent] E2E encryption disabled (no keys provided)");
+}
+
+// Per-device encryption state
+const mobileKeys = new Map(); // deviceId → AES key (Buffer)
+const mobilePendingKeys = new Map(); // deviceId → { oldKey, fingerprint, ttl }
+const preKeyOutputBuffer = []; // output buffered before any key exchange
+const PRE_KEY_MAX = 128;
+
+// Terminal DA response patterns to filter from mobile input.
+// The mobile's xterm.js auto-responds to DA queries from tmux/zsh —
+// these must not reach the pty as shell input.
+const DA_RESPONSE = /^\x1b\[\??[0-9;]*[a-zA-Z]$/;
+
+// Validate required session parameters
+if (!SESSION_ID || !SESSION_TOKEN) {
+  console.error("[mac-agent] Error: SESSION_ID and SESSION_TOKEN are required.");
+  console.error("[mac-agent] These are provided by the Sema CLI (npm run start -- <command>).");
+  console.error("[mac-agent] Or set them manually: SESSION_ID=<id> SESSION_TOKEN=<token> node agent.js");
+  process.exit(1);
+}
+
+const TMUX_NAME = `sema-${SESSION_ID}`;
+
+// Alert state machine: idle → analyze → smart_alert (or skip)
+let idleTimer = null;
+let alertSent = false;
+let lastAlertKey = null;
+let outputBuffer = "";
+
+let ws = null;
+let connected = false;
+const pendingOutput = [];
+
+function tmuxSessionExists() {
+  try {
+    execSync(`tmux has-session -t ${TMUX_NAME} 2>/dev/null`);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function ensureTmuxSession() {
+  if (tmuxSessionExists()) {
+    console.log(`[mac-agent] tmux session "${TMUX_NAME}" exists, will reattach`);
+    return;
+  }
+  const cmd = CLI_COMMAND || SHELL;
+  execSync(
+    `tmux new-session -d -s ${TMUX_NAME} -x ${INITIAL_COLS} -y ${INITIAL_ROWS} ${JSON.stringify(cmd)}`,
+    {
+      env: { ...process.env, TERM: "xterm-256color", SEMA_SESSION_ID: SESSION_ID },
+    },
+  );
+  console.log(`[mac-agent] created tmux session "${TMUX_NAME}" running: ${cmd}`);
+}
+
+ensureTmuxSession();
+
+const ptyProcess = pty.spawn("tmux", ["attach-session", "-t", TMUX_NAME], {
+  name: "xterm-256color",
+  cols: INITIAL_COLS,
+  rows: INITIAL_ROWS,
+  cwd: process.cwd(),
+  env: { ...process.env, TERM: "xterm-256color" },
+});
+
+function relayUrl() {
+  const url = new URL(RELAY_URL);
+  url.searchParams.set("role", "mac");
+  url.searchParams.set("sessionId", SESSION_ID);
+  url.searchParams.set("sessionToken", SESSION_TOKEN);
+  return url.toString();
+}
+
+function send(message) {
+  const data = JSON.stringify(message);
+  if (connected && ws && ws.readyState === WebSocket.OPEN) {
+    ws.send(data);
+    return;
+  }
+  if (message.type === "output" || message.type === "alert" || message.type === "smart_alert") pendingOutput.push(data);
+}
+
+function flushPendingOutput() {
+  while (pendingOutput.length && ws && ws.readyState === WebSocket.OPEN) {
+    ws.send(pendingOutput.shift());
+  }
+}
+
+/**
+ * Decrypt a message from a specific device, trying current key first,
+ * then falling back to pending old key (during key rotation).
+ * @returns {string|null} decrypted plaintext or null on failure
+ */
+function decryptFromDevice(deviceId, encrypted) {
+  const currentKey = mobileKeys.get(deviceId);
+  if (currentKey) {
+    try { return decrypt(encrypted, currentKey); } catch {}
+  }
+  const pending = mobilePendingKeys.get(deviceId);
+  if (pending?.oldKey) {
+    try { return decrypt(encrypted, pending.oldKey); } catch {}
+  }
+  return null;
+}
+
+function connect() {
+  ws = new WebSocket(relayUrl());
+
+  ws.addEventListener("open", () => {
+    connected = true;
+    console.log(`[mac-agent] connected session=${SESSION_ID}`);
+    send({
+      type: "output",
+      sessionId: SESSION_ID,
+      data: `\r\n\x1b[1;32m[Sema Mac Agent connected on ${os.hostname()}]\x1b[0m\r\n`,
+    });
+    flushPendingOutput();
+  });
+
+  ws.addEventListener("message", (event) => {
+    try {
+      const message = JSON.parse(event.data);
+
+      // Key exchange: mobile sends its public key
+      if (message.type === "key_exchange") {
+        if (!privateKey) {
+          console.error("[mac-agent] key_exchange received but E2E is disabled");
+          return;
+        }
+        try {
+          const peerPublicKey = importPublicKey(message.publicKey);
+
+          // Phase 1: Derive initial shared secret (K_old)
+          const sharedSecret = deriveSharedSecret(privateKey, peerPublicKey);
+          const aesKey = deriveAesKey(sharedSecret);
+
+          // Send encrypted key_ack with K_old
+          const ackPayload = encrypt(JSON.stringify({ type: "key_ack" }), aesKey);
+          send({
+            type: "key_ack",
+            sessionId: SESSION_ID,
+            deviceId: message.deviceId,
+            ...ackPayload,
+          });
+
+          // Phase 2: Generate ephemeral keypair for this device (forward secrecy)
+          const ephKeyPair = generateKeyPair();
+          const ephSharedSecret = deriveSharedSecret(ephKeyPair.privateKey, peerPublicKey);
+          const ephAesKey = deriveAesKey(ephSharedSecret);
+          const ephFingerprint = computeFingerprint(ephSharedSecret);
+
+          // Send key_rotation encrypted with K_old (protects ephemeral public key)
+          const ephPubB64 = exportPublicKey(ephKeyPair.publicKey);
+          const rotPayload = encrypt(JSON.stringify({
+            type: "key_rotation",
+            publicKey: ephPubB64,
+          }), aesKey);
+          send({
+            type: "key_rotation",
+            sessionId: SESSION_ID,
+            deviceId: message.deviceId,
+            ...rotPayload,
+          });
+
+          // Store: new key for subsequent traffic, old key pending rot_ack
+          mobileKeys.set(message.deviceId, ephAesKey);
+          const ttl = setTimeout(() => {
+            mobilePendingKeys.delete(message.deviceId);
+            console.log(`[mac-agent] key rotation timeout: device=${message.deviceId}`);
+          }, 30_000);
+          mobilePendingKeys.set(message.deviceId, { oldKey: aesKey, fingerprint: ephFingerprint, ttl });
+
+          // Display fingerprint in terminal for user verification
+          console.log(`[mac-agent] 🔐 Fingerprint for device ${message.deviceId.slice(0, 8)}: ${ephFingerprint}`);
+
+          // Flush pre-key buffer to this device (encrypted with new key)
+          for (const buffered of preKeyOutputBuffer) {
+            const plaintext = JSON.stringify({ type: "output", data: buffered });
+            const enc = encrypt(plaintext, ephAesKey);
+            send({
+              type: "output",
+              sessionId: SESSION_ID,
+              deviceId: message.deviceId,
+              ...enc,
+            });
+          }
+        } catch (err) {
+          console.error("[mac-agent] key exchange failed:", err.message);
+        }
+        return;
+      }
+
+      // Key rotation ack: mobile confirms it has the new key (must be encrypted)
+      if (message.type === "key_rot_ack") {
+        if (!message.deviceId || !message.iv || !message.ct || !message.tag) {
+          console.error("[mac-agent] key_rot_ack missing encryption fields, rejected");
+          return;
+        }
+        const plaintext = decryptFromDevice(message.deviceId, {
+          iv: message.iv, ct: message.ct, tag: message.tag,
+        });
+        if (!plaintext) {
+          console.error("[mac-agent] key_rot_ack decryption failed, rejected");
+          return;
+        }
+        const pending = mobilePendingKeys.get(message.deviceId);
+        if (pending) {
+          clearTimeout(pending.ttl);
+          mobilePendingKeys.delete(message.deviceId);
+        }
+        console.log(`[mac-agent] key rotation complete: device=${message.deviceId}`);
+        return;
+      }
+
+      // Device revoked: drop key for this device
+      if (message.type === "device_revoked") {
+        mobileKeys.delete(message.deviceId);
+        console.log(`[mac-agent] device revoked: ${message.deviceId}`);
+        return;
+      }
+
+      // Encrypted input
+      if (message.type === "input") {
+        // Try to decrypt if E2E is enabled and deviceId is present
+        if (privateKey && message.deviceId && message.iv && message.ct && message.tag) {
+          const plaintext = decryptFromDevice(message.deviceId, {
+            iv: message.iv, ct: message.ct, tag: message.tag,
+          });
+          if (!plaintext) {
+            console.error("[mac-agent] input decryption failed: no matching key");
+            return;
+          }
+          try {
+            const decrypted = JSON.parse(plaintext);
+            const input = decrypted.data || "";
+            if (input && !DA_RESPONSE.test(input)) {
+              ptyProcess.write(input);
+            }
+          } catch (err) {
+            console.error("[mac-agent] input parse failed:", err.message);
+          }
+          return;
+        }
+
+        // Plaintext fallback (no E2E)
+        const input = message.data || "";
+        if (input && !DA_RESPONSE.test(input)) {
+          ptyProcess.write(input);
+        }
+        return;
+      }
+
+      // Encrypted resize
+      if (message.type === "resize") {
+        if (privateKey && message.deviceId && message.iv && message.ct && message.tag) {
+          const plaintext = decryptFromDevice(message.deviceId, {
+            iv: message.iv, ct: message.ct, tag: message.tag,
+          });
+          if (!plaintext) return;
+          try {
+            const decrypted = JSON.parse(plaintext);
+            const cols = Number(decrypted.cols) || INITIAL_COLS;
+            const rows = Number(decrypted.rows) || INITIAL_ROWS;
+            ptyProcess.resize(cols, rows);
+            console.log(`[mac-agent] resized to ${cols}x${rows}`);
+          } catch (err) {
+            console.error("[mac-agent] resize parse failed:", err.message);
+          }
+          return;
+        }
+
+        // Plaintext fallback
+        const cols = Number(message.cols) || INITIAL_COLS;
+        const rows = Number(message.rows) || INITIAL_ROWS;
+        ptyProcess.resize(cols, rows);
+        console.log(`[mac-agent] resized to ${cols}x${rows}`);
+        return;
+      }
+    } catch (error) {
+      console.error("[mac-agent] invalid relay message");
+    }
+  });
+
+  ws.addEventListener("close", () => {
+    if (connected) console.log("[mac-agent] disconnected, retrying...");
+    connected = false;
+    // Keep device keys — mobile reconnect will trigger new key_exchange
+    // Old keys retained for potential key_rotation with re-exchanged devices
+    setTimeout(connect, RECONNECT_MS);
+  });
+
+  ws.addEventListener("error", () => {
+    connected = false;
+  });
+}
+
+function onIdle() {
+  if (alertSent) return;
+  alertSent = true;
+
+  const result = analyze(outputBuffer);
+
+  if (result && result.confidence >= 0.7) {
+    // Dedup: skip if same question was already alerted
+    const alertKey = `${result.kind}:${result.question}`;
+    if (alertKey === lastAlertKey) {
+      console.log(`[mac-agent] duplicate alert, skipping`);
+      return;
+    }
+    lastAlertKey = alertKey;
+
+    console.log(`[mac-agent] smart alert: ${result.kind} (${result.confidence})`);
+
+    const alertMessage = {
+      type: "smart_alert",
+      sessionId: SESSION_ID,
+      kind: result.kind,
+      question: result.question,
+      options: result.options,
+      context: result.context,
+      confidence: result.confidence,
+    };
+
+    // E2E: encrypt for each device
+    if (privateKey && mobileKeys.size > 0) {
+      for (const [deviceId, aesKey] of mobileKeys) {
+        try {
+          const plaintext = JSON.stringify(alertMessage);
+          const enc = encrypt(plaintext, aesKey);
+          send({
+            type: "smart_alert",
+            sessionId: SESSION_ID,
+            deviceId,
+            ...enc,
+          });
+        } catch (err) {
+          console.error(`[mac-agent] smart_alert encrypt failed:`, err.message);
+        }
+      }
+    } else {
+      // Plaintext mode
+      send(alertMessage);
+    }
+  } else {
+    // Quality gate: unrecognized idle → no notification
+    console.log(`[mac-agent] idle, no pattern matched — skipping alert`);
+  }
+}
+
+ptyProcess.onData((data) => {
+  // E2E: encrypt output for each connected device
+  if (privateKey && mobileKeys.size > 0) {
+    for (const [deviceId, aesKey] of mobileKeys) {
+      try {
+        const plaintext = JSON.stringify({ type: "output", data });
+        const enc = encrypt(plaintext, aesKey);
+        send({
+          type: "output",
+          sessionId: SESSION_ID,
+          deviceId,
+          ...enc,
+        });
+      } catch (err) {
+        console.error(`[mac-agent] encrypt failed for device ${deviceId}:`, err.message);
+      }
+    }
+  } else if (privateKey) {
+    // E2E enabled but no devices connected yet — buffer
+    if (preKeyOutputBuffer.length < PRE_KEY_MAX) {
+      preKeyOutputBuffer.push(data);
+    }
+  } else {
+    // Plaintext mode: send directly
+    send({
+      type: "output",
+      sessionId: SESSION_ID,
+      data,
+    });
+  }
+
+  // Accumulate output buffer for semantic analysis
+  outputBuffer += data;
+  if (outputBuffer.length > BUFFER_MAX) {
+    outputBuffer = outputBuffer.slice(outputBuffer.length - BUFFER_MAX);
+  }
+
+  // Reset alert state on new output
+  alertSent = false;
+  lastAlertKey = null;
+  clearTimeout(idleTimer);
+
+  // Start idle timer — if no output for IDLE_TIMEOUT_MS, analyze
+  idleTimer = setTimeout(onIdle, IDLE_TIMEOUT_MS);
+});
+
+ptyProcess.onExit(({ exitCode }) => {
+  send({
+    type: "output",
+    sessionId: SESSION_ID,
+    data: `\r\n\x1b[1;31m[Sema detached from tmux session]\x1b[0m\r\n`,
+  });
+  process.exit(exitCode || 0);
+});
+
+process.on("SIGINT", () => {
+  ptyProcess.kill();
+  process.exit(0);
+});
+
+process.on("SIGTERM", () => {
+  ptyProcess.kill();
+  process.exit(0);
+});
+
+const modeLabel = CLI_COMMAND ? `cli=${CLI_COMMAND}` : `shell=${SHELL}`;
+console.log(`[mac-agent] tmux=${TMUX_NAME} ${modeLabel} session=${SESSION_ID} size=${INITIAL_COLS}x${INITIAL_ROWS}`);
+connect();

package/experiments/spike-shell-stream/mac-agent/analyzer.js

@@ -0,0 +1,189 @@
+"use strict";
+
+// --- ANSI stripping ---
+
+function stripAnsi(str) {
+  return str
+    .replace(/\x1b\[[0-9;]*[a-zA-Z]/g, "") // CSI sequences (colors, cursor, etc.)
+    .replace(/\x1b\][^\x07]*\x07/g, "") // OSC sequences (title, etc.)
+    .replace(/\x1b[()][AB012]/g, "") // charset select
+    .replace(/\x1b[=>]/g, "") // keypad mode
+    .replace(/\x1b\[\?[0-9;]*[hl]/g, "") // private mode set/reset
+    .replace(/[\x00-\x08\x0b\x0c\x0e-\x1f]/g, "") // control chars (keep \t\n\r)
+    .replace(/\r/g, "") // CR (keep LF only)
+    .trimEnd();
+}
+
+// --- Pattern matchers ---
+
+const YESNO_RE = /[\(\[]\s*[yYnN]\s*\/\s*[yYnN]\s*[\)\]]/;
+
+function matchYesNo(clean, lines) {
+  if (!YESNO_RE.test(clean)) return null;
+
+  // Find the last non-empty line containing the y/n pattern
+  let questionLine = "";
+  let questionIdx = -1;
+  for (let i = lines.length - 1; i >= 0; i--) {
+    if (YESNO_RE.test(lines[i])) {
+      questionLine = lines[i].trim();
+      questionIdx = i;
+      break;
+    }
+  }
+  if (!questionLine) return null;
+
+  // Context: 2-3 lines before the question
+  const contextLines = lines.slice(Math.max(0, questionIdx - 3), questionIdx);
+  const context = contextLines.join("\n").slice(0, 300);
+
+  return {
+    kind: "yesno",
+    question: questionLine.slice(0, 200),
+    options: [
+      { label: "Yes", data: "y\n" },
+      { label: "No", data: "n\n" },
+    ],
+    context,
+    confidence: 0.9,
+  };
+}
+
+const CHOICE_LINE_RE = /^\s*\d+[\.\)]\s+.+/;
+
+function matchChoice(lines) {
+  // Find consecutive lines matching numbered choice pattern
+  const choiceIndices = [];
+  for (let i = 0; i < lines.length; i++) {
+    if (CHOICE_LINE_RE.test(lines[i])) {
+      choiceIndices.push(i);
+    }
+  }
+
+  // Need at least 2 choice lines
+  if (choiceIndices.length < 2) return null;
+
+  // Check that at least some are consecutive (within 1 line gap)
+  let consecutiveCount = 1;
+  let maxConsecutive = 1;
+  for (let i = 1; i < choiceIndices.length; i++) {
+    if (choiceIndices[i] - choiceIndices[i - 1] <= 2) {
+      consecutiveCount++;
+      maxConsecutive = Math.max(maxConsecutive, consecutiveCount);
+    } else {
+      consecutiveCount = 1;
+    }
+  }
+  if (maxConsecutive < 2) return null;
+
+  // Extract options
+  const options = [];
+  for (const idx of choiceIndices) {
+    const line = lines[idx].trim();
+    const numMatch = line.match(/^\s*(\d+)/);
+    if (numMatch) {
+      options.push({
+        label: line.slice(0, 60),
+        data: numMatch[1] + "\n",
+      });
+    }
+  }
+
+  // Add "Other" option for custom input
+  options.push({ label: "Other", data: "" });
+
+  // Question: last non-choice line before the choices
+  const firstChoiceIdx = choiceIndices[0];
+  let question = "";
+  for (let i = firstChoiceIdx - 1; i >= 0; i--) {
+    if (!CHOICE_LINE_RE.test(lines[i]) && lines[i].trim()) {
+      question = lines[i].trim();
+      break;
+    }
+  }
+
+  // Context: lines before the question
+  const contextStart = Math.max(0, firstChoiceIdx - 4);
+  const contextEnd = firstChoiceIdx;
+  const contextLines = lines.slice(contextStart, contextEnd).filter(
+    (l) => l.trim() && !CHOICE_LINE_RE.test(l)
+  );
+  const context = contextLines.join("\n").slice(0, 300);
+
+  return {
+    kind: "choice",
+    question: question.slice(0, 200) || "Select an option",
+    options,
+    context,
+    confidence: 0.8,
+  };
+}
+
+const ERROR_PATTERNS = [
+  /^\s*Error[: ]/i,
+  /\bfailed\b/i,
+  /permission denied/i,
+  /\bENOENT\b/,
+  /command not found/i,
+  /exit(?:ed)? with (?:code|status) [1-9]/,
+  /[✗✘❌]/,
+];
+
+const ERROR_EXCLUSIONS = [
+  /0\s*errors?/i,
+  /no\s+error/i,
+  /error\s*(?:rate|count).*[:=]\s*0/i,
+  /\bsuccess\b/i,
+];
+
+function isErrorLine(line) {
+  // Check exclusions first
+  for (const excl of ERROR_EXCLUSIONS) {
+    if (excl.test(line)) return false;
+  }
+  // Check positive patterns
+  for (const pat of ERROR_PATTERNS) {
+    if (pat.test(line)) return true;
+  }
+  return false;
+}
+
+function matchError(lines) {
+  // Scan from bottom up — find the last error line
+  for (let i = lines.length - 1; i >= 0; i--) {
+    if (isErrorLine(lines[i])) {
+      const question = lines[i].trim().slice(0, 200);
+
+      // Context: 2 lines before
+      const contextLines = lines.slice(Math.max(0, i - 2), i);
+      const context = contextLines.join("\n").slice(0, 300);
+
+      return {
+        kind: "error",
+        question,
+        options: [{ label: "Acknowledge", data: "\r" }],
+        context,
+        confidence: 0.7,
+      };
+    }
+  }
+  return null;
+}
+
+// --- Main analyze function ---
+
+function analyze(rawOutput) {
+  if (!rawOutput || !rawOutput.trim()) return null;
+
+  // Unified truncation at entry — 512 chars from the tail
+  const tail = rawOutput.slice(-512);
+  const clean = stripAnsi(tail);
+  const lines = clean.split("\n").filter((l) => l.trim());
+
+  if (lines.length === 0) return null;
+
+  // Match order: most specific → most general
+  return matchYesNo(clean, lines) || matchChoice(lines) || matchError(lines);
+}
+
+module.exports = { analyze, stripAnsi };