sentinelayer-cli 0.6.2 → 0.8.1

package/src/config/service.js

@@ -1,184 +1,184 @@
-import process from "node:process";
-import path from "node:path";
-
-import { getConfigPaths } from "./paths.js";
-import { ensureConfigFile, readConfigFile, writeConfigFile } from "./io.js";
-import { CONFIG_KEYS, configSchema } from "./schema.js";
-
-const ENV_MAPPING = Object.freeze({
-  SENTINELAYER_API_URL: "apiUrl",
-  SENTINELAYER_WEB_URL: "webUrl",
-  SENTINELAYER_TOKEN: "sentinelayerToken",
-  SENTINELAYER_POLICY_PACK: "defaultPolicyPack",
-  OPENAI_API_KEY: "openaiApiKey",
-  ANTHROPIC_API_KEY: "anthropicApiKey",
-  GOOGLE_API_KEY: "googleApiKey",
-});
-
-const WRITABLE_SCOPES = new Set(["global", "project"]);
-const LAYER_SCOPES = new Set(["global", "project", "env", "resolved"]);
-
-function normalizeKey(key) {
-  const normalized = String(key || "").trim();
-  if (!CONFIG_KEYS.includes(normalized)) {
-    throw new Error(`Unknown config key '${normalized}'. Allowed keys: ${CONFIG_KEYS.join(", ")}`);
-  }
-  return normalized;
-}
-
-function normalizeValueForKey(key, value) {
-  const payload = { [key]: value };
-  const parsed = configSchema.partial().parse(payload);
-  return parsed[key];
-}
-
-function buildEnvLayer(env) {
-  const layer = {};
-  for (const [envVar, key] of Object.entries(ENV_MAPPING)) {
-    if (envVar in env) {
-      const value = normalizeValueForKey(key, env[envVar]);
-      if (value !== undefined) {
-        layer[key] = value;
-      }
-    }
-  }
-  return layer;
-}
-
-function mergeLayers(...layers) {
-  return layers.reduce((accumulator, layer) => {
-    for (const [key, value] of Object.entries(layer || {})) {
-      if (value !== undefined) {
-        accumulator[key] = value;
-      }
-    }
-    return accumulator;
-  }, {});
-}
-
-function normalizeLayerScope(scope, { allowResolved = true } = {}) {
-  const normalized = String(scope || "resolved").trim();
-  if (!allowResolved && normalized === "resolved") {
-    throw new Error("Resolved scope is read-only. Use global or project.");
-  }
-  if (!LAYER_SCOPES.has(normalized)) {
-    throw new Error(`Invalid scope '${normalized}'. Use global, project, env, or resolved.`);
-  }
-  return normalized;
-}
-
-export async function loadConfig({ cwd = process.cwd(), env = process.env, homeDir } = {}) {
-  const paths = getConfigPaths({ cwd, homeDir });
-  const [globalConfig, projectConfig] = await Promise.all([
-    readConfigFile(paths.global),
-    readConfigFile(paths.project),
-  ]);
-
-  const envConfig = buildEnvLayer(env);
-  const resolved = configSchema.parse(mergeLayers(globalConfig, projectConfig, envConfig));
-
-  return {
-    paths,
-    layers: {
-      global: globalConfig,
-      project: projectConfig,
-      env: envConfig,
-    },
-    resolved,
-  };
-}
-
-export function getLayer(config, scope) {
-  const normalized = normalizeLayerScope(scope);
-  if (normalized === "resolved") {
-    return config.resolved;
-  }
-  return config.layers[normalized] || {};
-}
-
-export function findConfigSource(config, key) {
-  const normalizedKey = normalizeKey(key);
-  if (Object.prototype.hasOwnProperty.call(config.layers.env, normalizedKey)) {
-    return "env";
-  }
-  if (Object.prototype.hasOwnProperty.call(config.layers.project, normalizedKey)) {
-    return "project";
-  }
-  if (Object.prototype.hasOwnProperty.call(config.layers.global, normalizedKey)) {
-    return "global";
-  }
-  return null;
-}
-
-export async function setConfigValue({
-  key,
-  value,
-  scope = "project",
-  cwd = process.cwd(),
-  homeDir,
-} = {}) {
-  const normalizedScope = normalizeLayerScope(scope, { allowResolved: false });
-  if (!WRITABLE_SCOPES.has(normalizedScope)) {
-    throw new Error(`Cannot write scope '${normalizedScope}'. Use global or project.`);
-  }
-
-  const normalizedKey = normalizeKey(key);
-  const normalizedValue = normalizeValueForKey(normalizedKey, value);
-
-  const paths = getConfigPaths({ cwd, homeDir });
-  const targetPath = paths[normalizedScope];
-  const current = await readConfigFile(targetPath);
-  const next = {
-    ...current,
-    [normalizedKey]: normalizedValue,
-  };
-
-  await writeConfigFile(targetPath, next);
-
-  return {
-    scope: normalizedScope,
-    path: targetPath,
-    key: normalizedKey,
-    value: normalizedValue,
-  };
-}
-
-export async function ensureEditableConfigPath({ scope = "project", cwd = process.cwd(), homeDir } = {}) {
-  const normalizedScope = normalizeLayerScope(scope, { allowResolved: false });
-  if (!WRITABLE_SCOPES.has(normalizedScope)) {
-    throw new Error(`Cannot edit scope '${normalizedScope}'. Use global or project.`);
-  }
-
-  const paths = getConfigPaths({ cwd, homeDir });
-  const targetPath = paths[normalizedScope];
-  await ensureConfigFile(targetPath);
-
-  return {
-    scope: normalizedScope,
-    path: targetPath,
-  };
-}
-
-export function listConfigKeys() {
-  return [...CONFIG_KEYS];
-}
-
-export async function resolveOutputRoot({
-  cwd = process.cwd(),
-  outputDirOverride = "",
-  env = process.env,
-  homeDir,
-} = {}) {
-  const overrideValue = String(outputDirOverride || "").trim();
-  if (overrideValue) {
-    return path.resolve(cwd, overrideValue);
-  }
-
-  const config = await loadConfig({ cwd, env, homeDir });
-  const configuredOutputDir = String(config.resolved.outputDir || "").trim();
-  if (configuredOutputDir) {
-    return path.resolve(cwd, configuredOutputDir);
-  }
-
-  return path.resolve(cwd, ".sentinelayer");
-}
+import process from "node:process";
+import path from "node:path";
+
+import { getConfigPaths } from "./paths.js";
+import { ensureConfigFile, readConfigFile, writeConfigFile } from "./io.js";
+import { CONFIG_KEYS, configSchema } from "./schema.js";
+
+const ENV_MAPPING = Object.freeze({
+  SENTINELAYER_API_URL: "apiUrl",
+  SENTINELAYER_WEB_URL: "webUrl",
+  SENTINELAYER_TOKEN: "sentinelayerToken",
+  SENTINELAYER_POLICY_PACK: "defaultPolicyPack",
+  OPENAI_API_KEY: "openaiApiKey",
+  ANTHROPIC_API_KEY: "anthropicApiKey",
+  GOOGLE_API_KEY: "googleApiKey",
+});
+
+const WRITABLE_SCOPES = new Set(["global", "project"]);
+const LAYER_SCOPES = new Set(["global", "project", "env", "resolved"]);
+
+function normalizeKey(key) {
+  const normalized = String(key || "").trim();
+  if (!CONFIG_KEYS.includes(normalized)) {
+    throw new Error(`Unknown config key '${normalized}'. Allowed keys: ${CONFIG_KEYS.join(", ")}`);
+  }
+  return normalized;
+}
+
+function normalizeValueForKey(key, value) {
+  const payload = { [key]: value };
+  const parsed = configSchema.partial().parse(payload);
+  return parsed[key];
+}
+
+function buildEnvLayer(env) {
+  const layer = {};
+  for (const [envVar, key] of Object.entries(ENV_MAPPING)) {
+    if (envVar in env) {
+      const value = normalizeValueForKey(key, env[envVar]);
+      if (value !== undefined) {
+        layer[key] = value;
+      }
+    }
+  }
+  return layer;
+}
+
+function mergeLayers(...layers) {
+  return layers.reduce((accumulator, layer) => {
+    for (const [key, value] of Object.entries(layer || {})) {
+      if (value !== undefined) {
+        accumulator[key] = value;
+      }
+    }
+    return accumulator;
+  }, {});
+}
+
+function normalizeLayerScope(scope, { allowResolved = true } = {}) {
+  const normalized = String(scope || "resolved").trim();
+  if (!allowResolved && normalized === "resolved") {
+    throw new Error("Resolved scope is read-only. Use global or project.");
+  }
+  if (!LAYER_SCOPES.has(normalized)) {
+    throw new Error(`Invalid scope '${normalized}'. Use global, project, env, or resolved.`);
+  }
+  return normalized;
+}
+
+export async function loadConfig({ cwd = process.cwd(), env = process.env, homeDir } = {}) {
+  const paths = getConfigPaths({ cwd, homeDir });
+  const [globalConfig, projectConfig] = await Promise.all([
+    readConfigFile(paths.global),
+    readConfigFile(paths.project),
+  ]);
+
+  const envConfig = buildEnvLayer(env);
+  const resolved = configSchema.parse(mergeLayers(globalConfig, projectConfig, envConfig));
+
+  return {
+    paths,
+    layers: {
+      global: globalConfig,
+      project: projectConfig,
+      env: envConfig,
+    },
+    resolved,
+  };
+}
+
+export function getLayer(config, scope) {
+  const normalized = normalizeLayerScope(scope);
+  if (normalized === "resolved") {
+    return config.resolved;
+  }
+  return config.layers[normalized] || {};
+}
+
+export function findConfigSource(config, key) {
+  const normalizedKey = normalizeKey(key);
+  if (Object.prototype.hasOwnProperty.call(config.layers.env, normalizedKey)) {
+    return "env";
+  }
+  if (Object.prototype.hasOwnProperty.call(config.layers.project, normalizedKey)) {
+    return "project";
+  }
+  if (Object.prototype.hasOwnProperty.call(config.layers.global, normalizedKey)) {
+    return "global";
+  }
+  return null;
+}
+
+export async function setConfigValue({
+  key,
+  value,
+  scope = "project",
+  cwd = process.cwd(),
+  homeDir,
+} = {}) {
+  const normalizedScope = normalizeLayerScope(scope, { allowResolved: false });
+  if (!WRITABLE_SCOPES.has(normalizedScope)) {
+    throw new Error(`Cannot write scope '${normalizedScope}'. Use global or project.`);
+  }
+
+  const normalizedKey = normalizeKey(key);
+  const normalizedValue = normalizeValueForKey(normalizedKey, value);
+
+  const paths = getConfigPaths({ cwd, homeDir });
+  const targetPath = paths[normalizedScope];
+  const current = await readConfigFile(targetPath);
+  const next = {
+    ...current,
+    [normalizedKey]: normalizedValue,
+  };
+
+  await writeConfigFile(targetPath, next);
+
+  return {
+    scope: normalizedScope,
+    path: targetPath,
+    key: normalizedKey,
+    value: normalizedValue,
+  };
+}
+
+export async function ensureEditableConfigPath({ scope = "project", cwd = process.cwd(), homeDir } = {}) {
+  const normalizedScope = normalizeLayerScope(scope, { allowResolved: false });
+  if (!WRITABLE_SCOPES.has(normalizedScope)) {
+    throw new Error(`Cannot edit scope '${normalizedScope}'. Use global or project.`);
+  }
+
+  const paths = getConfigPaths({ cwd, homeDir });
+  const targetPath = paths[normalizedScope];
+  await ensureConfigFile(targetPath);
+
+  return {
+    scope: normalizedScope,
+    path: targetPath,
+  };
+}
+
+export function listConfigKeys() {
+  return [...CONFIG_KEYS];
+}
+
+export async function resolveOutputRoot({
+  cwd = process.cwd(),
+  outputDirOverride = "",
+  env = process.env,
+  homeDir,
+} = {}) {
+  const overrideValue = String(outputDirOverride || "").trim();
+  if (overrideValue) {
+    return path.resolve(cwd, overrideValue);
+  }
+
+  const config = await loadConfig({ cwd, env, homeDir });
+  const configuredOutputDir = String(config.resolved.outputDir || "").trim();
+  if (configuredOutputDir) {
+    return path.resolve(cwd, configuredOutputDir);
+  }
+
+  return path.resolve(cwd, ".sentinelayer");
+}

package/src/coord/events-log.js

@@ -0,0 +1,141 @@
+// Append-only event log for the handshake primitive (#A9, spec §5.6).
+//
+// Every state transition — lock_granted, lock_denied, lock_renewed,
+// lock_preempted, lock_released, lock_expired, deadlock_broken, wait_recorded
+// — is written to .sentinel/events.jsonl. The log is the source of truth
+// for replay / audit; callers should never mutate it in place.
+//
+// We serialize writes with a directory-mkdir mutex so concurrent personas on
+// the same filesystem (workers + Omar Gate runner) don't interleave bytes.
+
+import fsp from "node:fs/promises";
+import path from "node:path";
+import process from "node:process";
+import { setTimeout as sleep } from "node:timers/promises";
+
+import {
+  resolveEventsLockPath,
+  resolveEventsPath,
+  resolveSentinelDir,
+} from "./paths.js";
+
+const EVENTS_LOCK_TIMEOUT_MS = 5000;
+const EVENTS_LOCK_STALE_MS = 30_000;
+const EVENTS_LOCK_POLL_MS = 25;
+
+const KNOWN_EVENT_TYPES = new Set([
+  "lock_granted",
+  "lock_renewed",
+  "lock_denied",
+  "lock_preempted",
+  "lock_released",
+  "lock_expired",
+  "wait_recorded",
+  "wait_cleared",
+  "deadlock_broken",
+]);
+
+async function acquireEventsLock(
+  lockPath,
+  { timeoutMs = EVENTS_LOCK_TIMEOUT_MS, staleMs = EVENTS_LOCK_STALE_MS, pollMs = EVENTS_LOCK_POLL_MS } = {}
+) {
+  const start = Date.now();
+  while (true) {
+    try {
+      await fsp.mkdir(lockPath);
+      return;
+    } catch (err) {
+      const code = err && typeof err === "object" ? err.code : "";
+      if (code !== "EEXIST" && code !== "EPERM" && code !== "EACCES") {
+        throw err;
+      }
+      try {
+        const stat = await fsp.stat(lockPath);
+        const ageMs = Date.now() - Number(stat.mtimeMs || 0);
+        if (Number.isFinite(ageMs) && ageMs > staleMs) {
+          await fsp.rm(lockPath, { recursive: true, force: true });
+          continue;
+        }
+      } catch {
+        // Stat race — loop back.
+      }
+      if (Date.now() - start >= timeoutMs) {
+        throw new Error("Timed out waiting for .sentinel/events.jsonl lock.");
+      }
+      await sleep(pollMs);
+    }
+  }
+}
+
+async function releaseEventsLock(lockPath) {
+  await fsp.rm(lockPath, { recursive: true, force: true }).catch(() => {});
+}
+
+function stripUndefined(record) {
+  const out = {};
+  for (const [key, value] of Object.entries(record || {})) {
+    if (value !== undefined) {
+      out[key] = value;
+    }
+  }
+  return out;
+}
+
+export async function appendEvent(event, { targetPath = process.cwd() } = {}) {
+  const type = String(event?.type || "").trim();
+  if (!type) {
+    throw new Error("event.type is required.");
+  }
+  if (!KNOWN_EVENT_TYPES.has(type)) {
+    throw new Error(`Unknown handshake event type: ${type}`);
+  }
+
+  const sentinelDir = resolveSentinelDir({ targetPath });
+  await fsp.mkdir(sentinelDir, { recursive: true });
+
+  const record = stripUndefined({
+    schemaVersion: "1.0.0",
+    type,
+    ts: event.ts || new Date().toISOString(),
+    ...event,
+  });
+
+  const eventsPath = resolveEventsPath({ targetPath });
+  const lockPath = resolveEventsLockPath({ targetPath });
+
+  await acquireEventsLock(lockPath);
+  try {
+    await fsp.appendFile(eventsPath, `${JSON.stringify(record)}\n`, "utf-8");
+  } finally {
+    await releaseEventsLock(lockPath);
+  }
+  return record;
+}
+
+export async function readEvents({ targetPath = process.cwd() } = {}) {
+  const eventsPath = resolveEventsPath({ targetPath });
+  let raw;
+  try {
+    raw = await fsp.readFile(eventsPath, "utf-8");
+  } catch (err) {
+    if (err && typeof err === "object" && err.code === "ENOENT") {
+      return [];
+    }
+    throw err;
+  }
+  const events = [];
+  for (const line of raw.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) {
+      continue;
+    }
+    try {
+      events.push(JSON.parse(trimmed));
+    } catch {
+      // Corrupt row — skip rather than fail the caller.
+    }
+  }
+  return events;
+}
+
+export { KNOWN_EVENT_TYPES };