sootsim 0.1.83 → 0.1.85

package/src/auth/shared-session.ts

@@ -0,0 +1,199 @@
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  rmSync,
+  writeFileSync,
+} from 'node:fs'
+import { dirname, join, resolve } from 'node:path'
+import { electronUserDataDir } from '../home-paths'
+
+export type SharedDesktopAuthTeamSummary = {
+  id: string
+  name: string
+  role: 'owner' | 'member'
+  githubOrg: string | null
+}
+
+export type SharedDesktopAuthUser = {
+  id: string
+  name?: string
+  email?: string
+  image?: string
+  teams?: SharedDesktopAuthTeamSummary[]
+}
+
+export type SharedDesktopAuthSession = {
+  version: 1
+  token: string
+  user: SharedDesktopAuthUser | null
+  origin: string
+  source: 'cli' | 'electron' | 'browser' | 'unknown'
+  updatedAt: string
+  validatedAt?: string
+}
+
+const SESSION_VERSION = 1 as const
+const SESSION_FILE_ENV = 'SOOTSIM_SHARED_AUTH_FILE'
+const DEFAULT_ORIGIN = 'https://sootbean.com'
+
+function getBaseDir() {
+  const explicit = process.env[SESSION_FILE_ENV]
+  if (explicit?.trim()) {
+    return dirname(resolve(explicit))
+  }
+  return electronUserDataDir()
+}
+
+export function getSharedDesktopAuthFilePath() {
+  const explicit = process.env[SESSION_FILE_ENV]
+  if (explicit?.trim()) return resolve(explicit)
+  return join(getBaseDir(), 'desktop-auth.json')
+}
+
+function normalizeUser(input: unknown): SharedDesktopAuthUser | null {
+  if (!input || typeof input !== 'object') return null
+  const value = input as Record<string, unknown>
+  if (typeof value.id !== 'string' || !value.id.trim()) return null
+  return {
+    id: value.id.trim(),
+    name: typeof value.name === 'string' ? value.name : undefined,
+    email: typeof value.email === 'string' ? value.email : undefined,
+    image: typeof value.image === 'string' ? value.image : undefined,
+    teams: Array.isArray(value.teams)
+      ? value.teams
+          .map((team): SharedDesktopAuthTeamSummary | null => {
+            if (!team || typeof team !== 'object') return null
+            const t = team as Record<string, unknown>
+            if (typeof t.id !== 'string' || typeof t.name !== 'string') return null
+            return {
+              id: t.id,
+              name: t.name,
+              role: t.role === 'owner' ? 'owner' : 'member',
+              githubOrg: typeof t.githubOrg === 'string' ? t.githubOrg : null,
+            }
+          })
+          .filter((team): team is SharedDesktopAuthTeamSummary => !!team)
+      : undefined,
+  }
+}
+
+function normalizeSession(input: unknown): SharedDesktopAuthSession | null {
+  if (!input || typeof input !== 'object') return null
+  const value = input as Record<string, unknown>
+  if (value.version !== SESSION_VERSION) return null
+  if (typeof value.token !== 'string' || !value.token.trim()) return null
+  const origin =
+    typeof value.origin === 'string' && value.origin.trim()
+      ? value.origin.trim()
+      : DEFAULT_ORIGIN
+  const source =
+    value.source === 'cli' ||
+    value.source === 'electron' ||
+    value.source === 'browser' ||
+    value.source === 'unknown'
+      ? value.source
+      : 'unknown'
+  const updatedAt =
+    typeof value.updatedAt === 'string' && value.updatedAt
+      ? value.updatedAt
+      : new Date().toISOString()
+  const validatedAt =
+    typeof value.validatedAt === 'string' && value.validatedAt
+      ? value.validatedAt
+      : undefined
+
+  return {
+    version: SESSION_VERSION,
+    token: value.token.trim(),
+    user: normalizeUser(value.user),
+    origin,
+    source,
+    updatedAt,
+    validatedAt,
+  }
+}
+
+export function readSharedDesktopAuthSession(): SharedDesktopAuthSession | null {
+  const filepath = getSharedDesktopAuthFilePath()
+  if (!existsSync(filepath)) return null
+
+  try {
+    const parsed = JSON.parse(readFileSync(filepath, 'utf8')) as unknown
+    const normalized = normalizeSession(parsed)
+    if (!normalized) {
+      rmSync(filepath, { force: true })
+      return null
+    }
+    return normalized
+  } catch {
+    rmSync(filepath, { force: true })
+    return null
+  }
+}
+
+export function writeSharedDesktopAuthSession(
+  session: Omit<SharedDesktopAuthSession, 'version' | 'updatedAt'> & {
+    updatedAt?: string
+  },
+) {
+  const filepath = getSharedDesktopAuthFilePath()
+  mkdirSync(dirname(filepath), { recursive: true })
+  const normalized: SharedDesktopAuthSession = {
+    version: SESSION_VERSION,
+    token: session.token.trim(),
+    user: session.user ? normalizeUser(session.user) : null,
+    origin: session.origin?.trim() || DEFAULT_ORIGIN,
+    source: session.source,
+    updatedAt: session.updatedAt || new Date().toISOString(),
+    validatedAt: session.validatedAt,
+  }
+  writeFileSync(filepath, JSON.stringify(normalized, null, 2) + '\n')
+  try {
+    chmodSync(filepath, 0o600)
+  } catch {
+    // best-effort only
+  }
+  return normalized
+}
+
+export function clearSharedDesktopAuthSession() {
+  rmSync(getSharedDesktopAuthFilePath(), { force: true })
+}
+
+export async function refreshSharedDesktopAuthSession(
+  originOverride?: string,
+): Promise<SharedDesktopAuthSession | null> {
+  const current = readSharedDesktopAuthSession()
+  if (!current?.token) return null
+
+  const origin = originOverride || current.origin || DEFAULT_ORIGIN
+
+  try {
+    const res = await fetch(`${origin.replace(/\/$/, '')}/api/auth/me`, {
+      headers: { authorization: `Bearer ${current.token}` },
+    })
+    if (res.status === 401) {
+      clearSharedDesktopAuthSession()
+      return null
+    }
+    if (!res.ok) return current
+
+    const data = (await res.json()) as { user?: SharedDesktopAuthUser | null }
+    if (!data.user?.id) {
+      clearSharedDesktopAuthSession()
+      return null
+    }
+
+    return writeSharedDesktopAuthSession({
+      token: current.token,
+      user: data.user,
+      origin,
+      source: current.source,
+      validatedAt: new Date().toISOString(),
+    })
+  } catch {
+    return current
+  }
+}

package/src/backend-origin.ts

@@ -0,0 +1,49 @@
+const DEFAULT_SOOT_BACKEND_ORIGIN = 'https://sootbean.com'
+
+function normalizeHostname(hostname: string): string {
+  return hostname.replace(/^\[|\]$/g, '').toLowerCase()
+}
+
+export function isLoopbackHost(hostname: string): boolean {
+  const normalized = normalizeHostname(hostname)
+  return (
+    normalized === 'localhost' ||
+    normalized.endsWith('.localhost') ||
+    normalized === '0.0.0.0' ||
+    normalized === '::1' ||
+    /^127(?:\.\d{1,3}){3}$/.test(normalized)
+  )
+}
+
+export function isSootBackendHost(hostname: string): boolean {
+  const normalized = normalizeHostname(hostname)
+  return (
+    isLoopbackHost(normalized) ||
+    normalized === 'sootbean.com' ||
+    normalized.endsWith('.sootbean.com')
+  )
+}
+
+export function isSootBackendOrigin(origin: string): boolean {
+  try {
+    return isSootBackendHost(new URL(origin).hostname)
+  } catch {
+    return false
+  }
+}
+
+export function resolveSootBackendOrigin(currentOrigin?: string | null): string {
+  const origin = currentOrigin?.trim()
+  if (!origin) return DEFAULT_SOOT_BACKEND_ORIGIN
+
+  try {
+    const parsed = new URL(origin)
+    if (isLoopbackHost(parsed.hostname) || isSootBackendHost(parsed.hostname)) {
+      return parsed.origin
+    }
+  } catch {}
+
+  return DEFAULT_SOOT_BACKEND_ORIGIN
+}
+
+export { DEFAULT_SOOT_BACKEND_ORIGIN }

package/src/beta.ts

@@ -0,0 +1,21 @@
+// public beta flag + copy. single source of truth for the badge that
+// appears on the CLI banner, electron title, shell rail pill, and the
+// download page. flip IS_BETA to false when 1.0 ships and the badge
+// disappears everywhere automatically.
+//
+// see plans/sootsim-public-beta.md for the rollout plan.
+
+export const IS_BETA = true
+
+export const BETA_VERSION_TARGET = '1.0.0'
+
+// short label — used on the rail pill, electron title, etc.
+export const BETA_LABEL = 'public beta'
+
+// one-line tagline — used in the CLI banner + privacy disclosures.
+export const BETA_TAGLINE = `${BETA_LABEL} · free until ${BETA_VERSION_TARGET}`
+
+// what we ask for in return — kept here so the onboarding flow, the
+// privacy page, and any future surface render the same words.
+export const BETA_ASK_HEADLINE =
+  'free for everyone until 1.0 — we send anonymous error and dependency data while you use it'

package/src/bridge-constants.ts

@@ -0,0 +1,10 @@
+// canonical bridge port for sootsim's WebSocket connection between the CLI
+// and the running engine. matches main — kept in a single module so CLI,
+// dev plugin, and runtime agree on the same value.
+export const DEFAULT_SOOTSIM_BRIDGE_PORT = 7668
+
+// private websocket close code used when the daemon intentionally closes a
+// sim. browser clients treat it as terminal and skip their normal reconnect
+// loop; playwright-owned sims use it to close their hosting context.
+export const SOOTSIM_BRIDGE_SIM_CLOSE_CODE = 4001
+export const SOOTSIM_BRIDGE_SIM_CLOSE_REASON = 'sootsim close'

package/src/cli-constants.ts

@@ -0,0 +1 @@
+export const DEFAULT_SOOTSIM_SHELL_URL = 'http://localhost:5173/'

package/src/cli-version.ts

@@ -0,0 +1,30 @@
+// sootsim CLI version — the `sootsim` npm package version. resolved once
+// and cached. shared by `--version`, `--help`, the `upgrade` command, the
+// startup flow, and the bridge-host (which injects it into the served
+// runtime html as window.__sootsimCliVersion).
+
+import { readFileSync } from 'node:fs'
+import { fileURLToPath } from 'node:url'
+
+let cached: string | null = null
+
+export function getCliVersion(): string {
+  if (cached != null) return cached
+  // prefer package resolution (works for npm/global installs); fall back to
+  // the package.json next to this module's source for repo / bundled runs.
+  const candidates: Array<() => string> = [
+    () => fileURLToPath(import.meta.resolve('sootsim/package.json')),
+    () => fileURLToPath(new URL('../package.json', import.meta.url)),
+  ]
+  for (const resolve of candidates) {
+    try {
+      const version = JSON.parse(readFileSync(resolve(), 'utf8')).version
+      if (typeof version === 'string' && version) {
+        cached = version
+        return cached
+      }
+    } catch {}
+  }
+  cached = '0.0.0'
+  return cached
+}

package/src/codex-client.ts

@@ -0,0 +1,215 @@
+// minimal client for `codex app-server` — a long-lived child process that
+// speaks line-delimited JSON-RPC 2.0 over stdio.
+//
+// scope: just the subset sootsim needs for the attached-projects agent
+// wrapper. each connection owns exactly one spawned app-server child; caller
+// is responsible for lifecycle. bidirectional: client can issue requests +
+// receive server-initiated notifications. we treat every method we don't
+// recognize as an observable event that we pass straight to the handler map.
+
+import { spawn, type ChildProcessWithoutNullStreams } from 'node:child_process'
+import readline from 'node:readline'
+
+export interface CodexClientOptions {
+  /** resolved path to the codex binary (via `which codex` or user override). */
+  bin: string
+  /** working directory for the spawned process. defaults to process.cwd(). */
+  cwd?: string
+  /** extra environment overrides forwarded to the child. */
+  env?: Record<string, string | undefined>
+}
+
+export type CodexNotificationHandler = (params: unknown) => void
+
+export interface CodexClient {
+  /** promise that resolves when the child exits. use to await shutdown. */
+  readonly exited: Promise<{ code: number | null; signal: NodeJS.Signals | null }>
+  /** register a handler for a server-sent notification method. returns
+   *  a dispose fn. multiple handlers per method are allowed. */
+  on(method: string, handler: CodexNotificationHandler): () => void
+  /** send a JSON-RPC request and await its response. rejects on error
+   *  response or child death. */
+  request<TResult = unknown>(method: string, params?: unknown): Promise<TResult>
+  /** send a JSON-RPC notification (no id, no response). */
+  notify(method: string, params?: unknown): void
+  /** close stdin (graceful shutdown), then SIGTERM after timeout. */
+  shutdown(timeoutMs?: number): Promise<void>
+  /** force-kill immediately. */
+  kill(signal?: NodeJS.Signals): void
+}
+
+interface JsonRpcResponse {
+  jsonrpc?: '2.0'
+  id?: number | string | null
+  result?: unknown
+  error?: { code: number; message: string; data?: unknown }
+  method?: string
+  params?: unknown
+}
+
+export class CodexRpcError extends Error {
+  code: number
+  data: unknown
+  constructor(message: string, code: number, data?: unknown) {
+    super(message)
+    this.name = 'CodexRpcError'
+    this.code = code
+    this.data = data
+  }
+}
+
+export function spawnCodexClient(options: CodexClientOptions): CodexClient {
+  const child: ChildProcessWithoutNullStreams = spawn(options.bin, ['app-server'], {
+    cwd: options.cwd,
+    env: { ...process.env, ...options.env },
+    stdio: ['pipe', 'pipe', 'pipe'],
+  })
+
+  const pending = new Map<
+    number,
+    {
+      resolve: (value: unknown) => void
+      reject: (err: unknown) => void
+      method: string
+    }
+  >()
+  const handlers = new Map<string, Set<CodexNotificationHandler>>()
+  let nextId = 1
+  let closed = false
+
+  const exited = new Promise<{
+    code: number | null
+    signal: NodeJS.Signals | null
+  }>((resolve) => {
+    child.on('exit', (code, signal) => {
+      closed = true
+      const err = new Error(
+        `codex app-server exited (code=${code}, signal=${signal ?? ''})`,
+      )
+      for (const { reject } of pending.values()) reject(err)
+      pending.clear()
+      resolve({ code, signal })
+    })
+  })
+
+  // stdout carries JSON-RPC messages, one per line.
+  const rl = readline.createInterface({ input: child.stdout, crlfDelay: Infinity })
+  rl.on('line', (line) => {
+    const trimmed = line.trim()
+    if (!trimmed) return
+    let msg: JsonRpcResponse
+    try {
+      msg = JSON.parse(trimmed) as JsonRpcResponse
+    } catch {
+      // app-server occasionally emits non-JSON warnings; ignore.
+      return
+    }
+    if (msg.id != null && (msg.result !== undefined || msg.error !== undefined)) {
+      const idNum = typeof msg.id === 'string' ? Number(msg.id) : msg.id
+      const entry = idNum != null ? pending.get(idNum) : undefined
+      if (!entry) return
+      pending.delete(idNum!)
+      if (msg.error) {
+        entry.reject(new CodexRpcError(msg.error.message, msg.error.code, msg.error.data))
+      } else {
+        entry.resolve(msg.result)
+      }
+      return
+    }
+    if (msg.method) {
+      const set = handlers.get(msg.method)
+      if (!set) return
+      for (const h of set) {
+        try {
+          h(msg.params)
+        } catch (err) {
+          // a buggy handler must not kill the bridge, but it MUST be visible —
+          // silent swallowing turned a notification-handler typo into a
+          // "nothing happens" bug once already.
+          console.error(
+            `[codex-client] handler for "${msg.method}" threw:`,
+            err instanceof Error ? (err.stack ?? err.message) : err,
+          )
+        }
+      }
+    }
+  })
+
+  // stderr is diagnostic only; surfaced via the "stderr" notification channel
+  // so callers can forward it into transcripts if they want.
+  child.stderr.setEncoding('utf8')
+  child.stderr.on('data', (chunk: string) => {
+    const set = handlers.get('__stderr__')
+    if (!set) return
+    for (const h of set) {
+      try {
+        h({ text: chunk })
+      } catch {}
+    }
+  })
+
+  function write(msg: unknown): void {
+    if (closed) return
+    try {
+      child.stdin.write(JSON.stringify(msg) + '\n')
+    } catch {
+      // if stdin has been closed, subsequent writes will throw; ignore.
+    }
+  }
+
+  return {
+    exited,
+    on(method, handler) {
+      let set = handlers.get(method)
+      if (!set) {
+        set = new Set()
+        handlers.set(method, set)
+      }
+      set.add(handler)
+      return () => {
+        set?.delete(handler)
+      }
+    },
+    request<TResult>(method: string, params?: unknown): Promise<TResult> {
+      if (closed) {
+        return Promise.reject(new Error(`codex app-server closed; cannot call ${method}`))
+      }
+      const id = nextId++
+      return new Promise<TResult>((resolve, reject) => {
+        pending.set(id, {
+          resolve: (v) => resolve(v as TResult),
+          reject,
+          method,
+        })
+        write({ jsonrpc: '2.0', id, method, params })
+      })
+    },
+    notify(method, params) {
+      write({ jsonrpc: '2.0', method, params })
+    },
+    async shutdown(timeoutMs = 1500) {
+      if (closed) return
+      try {
+        child.stdin.end()
+      } catch {}
+      const t = setTimeout(() => {
+        if (!closed) {
+          try {
+            child.kill('SIGTERM')
+          } catch {}
+        }
+      }, timeoutMs)
+      try {
+        await exited
+      } finally {
+        clearTimeout(t)
+      }
+    },
+    kill(signal = 'SIGTERM') {
+      if (closed) return
+      try {
+        child.kill(signal)
+      } catch {}
+    },
+  }
+}

package/src/config.ts

@@ -0,0 +1,110 @@
+// sootsim.config.ts — per-app module resolution, turbo modules, env, state, and settings.
+//
+// usage:
+//   import { defineConfig } from 'sootsim/config'
+//   export default defineConfig({ modules: { ... }, env: { ... } })
+
+export type ModuleResolution =
+  | 'noop' // empty module
+  | false // disable builtin stub, use original
+  | { use: string } // redirect to existing compat stub
+  | { file: string } // resolve to a file relative to the config
+  | { inline: Record<string, any> } // inline stub object
+
+export type NativeModuleResolution = ModuleResolution | Record<string, any> // direct native module object for non-url configs
+
+export interface SootSimConfig<
+  Settings extends Record<string, any> = Record<string, any>,
+> {
+  modules?: Record<string, ModuleResolution>
+  turboModules?: Record<string, NativeModuleResolution>
+  nativeModules?: Record<string, NativeModuleResolution>
+  env?: Record<string, string>
+  settings?: Partial<Settings>
+  initialState?: {
+    authenticated?: boolean
+    locale?: string
+    colorScheme?: 'light' | 'dark' | 'auto'
+    featureFlags?: Record<string, boolean | string | number>
+    [key: string]: any
+  }
+}
+
+export const SOOTSIM_CONFIG_QUERY_PARAM = 'sootsimConfig'
+
+export function defineConfig<Settings extends Record<string, any> = Record<string, any>>(
+  config: SootSimConfig<Settings>,
+): SootSimConfig<Settings> {
+  return config
+}
+
+function hasOwnKeys(value: Record<string, unknown> | undefined): boolean {
+  return !!value && Object.keys(value).length > 0
+}
+
+export function hasSootSimConfig<
+  Settings extends Record<string, any> = Record<string, any>,
+>(config?: SootSimConfig<Settings> | null): config is SootSimConfig<Settings> {
+  if (!config) return false
+  return (
+    hasOwnKeys(config.modules as Record<string, unknown> | undefined) ||
+    hasOwnKeys(config.turboModules as Record<string, unknown> | undefined) ||
+    hasOwnKeys(config.nativeModules as Record<string, unknown> | undefined) ||
+    hasOwnKeys(config.env as Record<string, unknown> | undefined) ||
+    hasOwnKeys(config.settings as Record<string, unknown> | undefined) ||
+    hasOwnKeys(config.initialState as Record<string, unknown> | undefined)
+  )
+}
+
+export function mergeSootSimConfig<
+  Settings extends Record<string, any> = Record<string, any>,
+>(
+  base?: SootSimConfig<Settings> | null,
+  override?: SootSimConfig<Settings> | null,
+): SootSimConfig<Settings> | undefined {
+  if (!hasSootSimConfig(base) && !hasSootSimConfig(override)) return undefined
+  if (!hasSootSimConfig(base)) return override ? { ...override } : undefined
+  if (!hasSootSimConfig(override)) return base ? { ...base } : undefined
+
+  return {
+    modules: { ...(base.modules || {}), ...(override.modules || {}) },
+    turboModules: { ...(base.turboModules || {}), ...(override.turboModules || {}) },
+    nativeModules: {
+      ...(base.nativeModules || {}),
+      ...(override.nativeModules || {}),
+    },
+    env: { ...(base.env || {}), ...(override.env || {}) },
+    settings: {
+      ...(base.settings || {}),
+      ...(override.settings || {}),
+    } as Partial<Settings>,
+    initialState: { ...(base.initialState || {}), ...(override.initialState || {}) },
+  }
+}
+
+export function readSootSimConfigFromSearchParams<
+  Settings extends Record<string, any> = Record<string, any>,
+>(searchParams: URLSearchParams): SootSimConfig<Settings> | undefined {
+  const raw = searchParams.get(SOOTSIM_CONFIG_QUERY_PARAM)
+  if (!raw) return undefined
+  try {
+    const parsed = JSON.parse(raw) as SootSimConfig<Settings>
+    return hasSootSimConfig(parsed) ? parsed : undefined
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error)
+    console.warn(`[sootsim] invalid ${SOOTSIM_CONFIG_QUERY_PARAM}: ${message}`)
+    return undefined
+  }
+}
+
+export function applySootSimConfigToUrl<
+  Settings extends Record<string, any> = Record<string, any>,
+>(url: string, config?: SootSimConfig<Settings> | null): string {
+  const parsed = new URL(url)
+  if (hasSootSimConfig(config)) {
+    parsed.searchParams.set(SOOTSIM_CONFIG_QUERY_PARAM, JSON.stringify(config))
+  } else {
+    parsed.searchParams.delete(SOOTSIM_CONFIG_QUERY_PARAM)
+  }
+  return parsed.toString()
+}