npm - sparkecoder - Versions diffs - 0.1.118 → 0.1.120 - Mend

sparkecoder 0.1.118 → 0.1.120

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/dist/cli.js CHANGED Viewed

@@ -1160,7 +1160,7 @@ function loadConfig(configPath, workingDirectory) {
     ...config,
     server: {
       port: config.server.port,
-      host: config.server.host ?? "127.0.0.1",
+      host: config.server.host ?? "0.0.0.0",
       publicUrl: config.server.publicUrl
     },
     resolvedWorkingDirectory,
@@ -1327,7 +1327,7 @@ function createDefaultConfig() {
     },
     server: {
       port: 3141,
-      host: "127.0.0.1"
+      host: "0.0.0.0"
     },
     databasePath: "./sparkecoder.db"
   };
@@ -8545,9 +8545,50 @@ function isSlackConfigured() {
 function getSlackSigningSecret() {
   return readSlackConfig()?.signingSecret ?? null;
 }
+function getSlackBotToken() {
+  return readSlackConfig()?.botToken ?? null;
+}
 function getDefaultOrchestratorName() {
   return readSlackConfig()?.defaultOrchestratorName ?? null;
 }
+function getCachedSlackSelfIdentity() {
+  const cfg = readSlackConfig();
+  if (!cfg) return null;
+  if (cachedSelf && cachedSelf.token === cfg.botToken) return cachedSelf.identity;
+  return null;
+}
+async function ensureSlackSelfIdentity() {
+  const cfg = readSlackConfig();
+  if (!cfg) return null;
+  if (cachedSelf && cachedSelf.token === cfg.botToken) return cachedSelf.identity;
+  if (selfInflight) return selfInflight;
+  selfInflight = (async () => {
+    try {
+      const res = await fetch("https://slack.com/api/auth.test", {
+        method: "POST",
+        headers: { Authorization: `Bearer ${cfg.botToken}` }
+      });
+      const data = await res.json().catch(() => ({}));
+      if (!data?.ok) {
+        console.warn(`[slack] auth.test failed: ${data?.error || `HTTP ${res.status}`}`);
+        return null;
+      }
+      const identity = {
+        botUserId: String(data.user_id || ""),
+        botId: String(data.bot_id || ""),
+        teamId: data.team_id ? String(data.team_id) : void 0
+      };
+      cachedSelf = { token: cfg.botToken, identity };
+      return identity;
+    } catch (err) {
+      console.warn("[slack] auth.test error:", err?.message || err);
+      return null;
+    } finally {
+      selfInflight = null;
+    }
+  })();
+  return selfInflight;
+}
 function getSlackAllowlistPolicy() {
   try {
     const cfg = getConfig();
@@ -8561,6 +8602,62 @@ function getSlackAllowlistPolicy() {
     return { allowedUsers: [], allowedChannels: [], allowDmsFromAnyone: true };
   }
 }
+async function fetchSlackUserName(userId) {
+  const token = getSlackBotToken();
+  if (!token) return null;
+  try {
+    const res = await fetch(`https://slack.com/api/users.info?user=${encodeURIComponent(userId)}`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    const data = await res.json().catch(() => ({}));
+    if (!data?.ok) {
+      console.warn(`[slack] users.info(${userId}) failed: ${data?.error || `HTTP ${res.status}`}`);
+      return null;
+    }
+    const profile = data.user?.profile || {};
+    const name = profile.display_name_normalized || profile.display_name || profile.real_name_normalized || profile.real_name || data.user?.real_name || data.user?.name || null;
+    return name ? String(name) : null;
+  } catch (err) {
+    console.warn(`[slack] users.info(${userId}) error:`, err?.message || err);
+    return null;
+  }
+}
+async function resolveSlackUserName(userId) {
+  if (!userId) return null;
+  const now = Date.now();
+  const hit = userNameCache.get(userId);
+  if (hit && hit.expiresAt > now) return hit.name;
+  const inflight = userInflight.get(userId);
+  if (inflight) return inflight;
+  const p = (async () => {
+    const name = await fetchSlackUserName(userId);
+    userNameCache.set(userId, {
+      name,
+      expiresAt: now + (name ? USER_TTL_MS : USER_FAIL_TTL_MS)
+    });
+    userInflight.delete(userId);
+    return name;
+  })();
+  userInflight.set(userId, p);
+  return p;
+}
+async function normalizeSlackMentions(text) {
+  if (!text) return text;
+  const userMentionRe = /<@([UW][A-Z0-9]+)(?:\|([^>]+))?>/g;
+  const userIds = /* @__PURE__ */ new Set();
+  for (const m of text.matchAll(userMentionRe)) {
+    if (!m[2]) userIds.add(m[1]);
+  }
+  if (userIds.size > 0) {
+    await Promise.all([...userIds].map((id) => resolveSlackUserName(id)));
+  }
+  return text.replace(userMentionRe, (_full, id, label) => {
+    if (label) return `${label} <@${id}>`;
+    const cached = userNameCache.get(id);
+    const name = cached?.name;
+    return name ? `${name} <@${id}>` : `<@${id}>`;
+  });
+}
 function getSlackDeniedReplyPolicy() {
   try {
     const cfg = getConfig();
@@ -8573,11 +8670,17 @@ function getSlackDeniedReplyPolicy() {
     return { enabled: true, template: DEFAULT_DENIED_TEMPLATE };
   }
 }
-var DEFAULT_DENIED_TEMPLATE;
+var cachedSelf, selfInflight, USER_TTL_MS, USER_FAIL_TTL_MS, userNameCache, userInflight, DEFAULT_DENIED_TEMPLATE;
 var init_client3 = __esm({
   "src/integrations/slack/client.ts"() {
     "use strict";
     init_config();
+    cachedSelf = null;
+    selfInflight = null;
+    USER_TTL_MS = 60 * 60 * 1e3;
+    USER_FAIL_TTL_MS = 5 * 60 * 1e3;
+    userNameCache = /* @__PURE__ */ new Map();
+    userInflight = /* @__PURE__ */ new Map();
     DEFAULT_DENIED_TEMPLATE = "Sorry, you don't have permission to use this bot. (Contact the bot owner if you think this is a mistake.)";
   }
 });
@@ -8592,21 +8695,36 @@ function markThreadOwned(channel, threadTs) {
 function isThreadOwned(channel, threadTs) {
   return ownedThreads.has(threadKey(channel, threadTs));
 }
-function stripMention(text) {
-  return String(text || "").replace(/<@[^>]+>/g, "").trim();
+function isSelfAuthored(event, self) {
+  if (!self) return true;
+  if (self.botId && event.bot_id && event.bot_id === self.botId) return true;
+  if (self.botUserId && event.user && event.user === self.botUserId) return true;
+  return false;
 }
-function slackEventToInboundResult(event) {
+function slackEventToInboundResult(event, opts = {}) {
   if (!event) return { event: null, dropReason: "empty_text" };
-  if (event.bot_id) return { event: null, dropReason: "bot_message" };
-  if (event.type === "message" && event.subtype && IGNORED_MESSAGE_SUBTYPES.has(event.subtype)) {
+  const self = opts.self ?? getCachedSlackSelfIdentity();
+  const isBotAuthored = !!event.bot_id || event.type === "message" && event.subtype === "bot_message";
+  if (isBotAuthored && isSelfAuthored(event, self)) {
     return { event: null, dropReason: "bot_message" };
   }
+  if (event.type === "message" && event.subtype && IGNORED_MESSAGE_SUBTYPES.has(event.subtype)) {
+    return { event: null, dropReason: "ignored_subtype" };
+  }
   const isDm = event.type === "message" && event.channel_type === "im";
   const isThreadReply = event.type === "message" && !isDm && typeof event.thread_ts === "string" && event.thread_ts !== event.ts;
+  const isNonThreadChannelMsg = event.type === "message" && !isDm && !isThreadReply && (event.channel_type === "channel" || event.channel_type === "group" || event.channel_type === "mpim" || // Some payload shapes omit channel_type for channel messages.
+  typeof event.channel === "string");
   if (event.type !== "app_mention" && !isDm && !isThreadReply) {
+    if (isNonThreadChannelMsg) {
+      return { event: null, dropReason: "non_thread_channel_msg" };
+    }
+    if (event.type !== "message") {
+      return { event: null, dropReason: "non_message_event" };
+    }
     return { event: null, dropReason: "unsupported_type" };
   }
-  const text = event.type === "app_mention" ? stripMention(event.text) : (event.text ?? "").trim();
+  const text = (event.text ?? "").trim();
   if (!text) return { event: null, dropReason: "empty_text" };
   const policy = getSlackAllowlistPolicy();
   const userAllowlistActive = policy.allowedUsers.length > 0;
@@ -8674,7 +8792,6 @@ var init_slack = __esm({
       }
     };
     IGNORED_MESSAGE_SUBTYPES = /* @__PURE__ */ new Set([
-      "bot_message",
       "message_changed",
       "message_deleted",
       "channel_join",
@@ -14576,16 +14693,18 @@ init_webhook_events();
 init_inbox();
 var recentlyHandled = /* @__PURE__ */ new Map();
 var MAX_RECENT = 1e3;
-function alreadyHandled(channel, ts) {
+function wasHandled(channel, ts) {
   if (!channel || !ts) return false;
+  return recentlyHandled.has(`${channel}\u241F${ts}`);
+}
+function markHandled(channel, ts) {
+  if (!channel || !ts) return;
   const key2 = `${channel}\u241F${ts}`;
-  if (recentlyHandled.has(key2)) return true;
   recentlyHandled.set(key2, Date.now());
   if (recentlyHandled.size > MAX_RECENT) {
     const oldest = recentlyHandled.keys().next().value;
     if (oldest) recentlyHandled.delete(oldest);
   }
-  return false;
 }
 var slack = new Hono6();
 slack.post("/events", async (c) => {
@@ -14622,11 +14741,12 @@ slack.post("/events", async (c) => {
       textSnippet: typeof ev.text === "string" ? ev.text : void 0,
       meta: { ts: ev.ts, thread_ts: ev.thread_ts, team: ev.team, event_subtype: ev.subtype }
     });
-    if (alreadyHandled(ev.channel, ev.ts)) {
+    if (wasHandled(ev.channel, ev.ts)) {
       updateEvent(auditId, { status: "dropped", dropReason: "duplicate_delivery" });
       return c.json({ ok: true });
     }
-    const { event: inbound, dropReason } = slackEventToInboundResult(ev);
+    const self = await ensureSlackSelfIdentity();
+    const { event: inbound, dropReason } = slackEventToInboundResult(ev, { self });
     if (inbound) {
       const isThreadReply = ev.type === "message" && ev.channel_type !== "im" && typeof ev.thread_ts === "string" && ev.thread_ts !== ev.ts;
       if (isThreadReply) {
@@ -14645,7 +14765,18 @@ slack.post("/events", async (c) => {
       }
       const orchestratorId = await findOrCreateOrchestratorId();
       if (orchestratorId) {
+        inbound.content = await normalizeSlackMentions(inbound.content);
+        if (ev.user) {
+          const speakerName = await resolveSlackUserName(ev.user);
+          if (speakerName) {
+            inbound.content = inbound.content.replace(
+              `user=${ev.user}`,
+              `user=${speakerName} <@${ev.user}>`
+            );
+          }
+        }
         pushToInbox(orchestratorId, inbound);
+        markHandled(ev.channel, ev.ts);
         updateEvent(auditId, { status: "routed", sessionId: orchestratorId });
       } else {
         updateEvent(auditId, { status: "error", error: "no orchestrator session available" });
@@ -15696,13 +15827,15 @@ async function startServer(options = {}) {
     if (!options.quiet) console.warn(`[scheduler] start skipped: ${err.message}`);
   }
   const port = options.port || config.server.port;
-  const host = options.host || config.server.host || "0.0.0.0";
+  const envHost = process.env.SPARKECODER_API_HOST || process.env.SPARKECODER_HOST;
+  const host = envHost || options.host || config.server.host || "0.0.0.0";
+  const hostSource = envHost ? process.env.SPARKECODER_API_HOST ? "env SPARKECODER_API_HOST" : "env SPARKECODER_HOST" : options.host ? "--host flag" : config.server.host ? "config.server.host" : "default";
   const publicUrl = options.publicUrl || config.server.publicUrl;
   const app = await createApp({ quiet: options.quiet });
   if (!options.quiet) {
     console.log(`
 \u{1F680} SparkECoder API Server`);
-    console.log(`   \u2192 Running at http://${host}:${port}`);
+    console.log(`   \u2192 Binding to ${host}:${port} (source: ${hostSource})`);
     if (publicUrl) {
       console.log(`   \u2192 Public URL: ${publicUrl}`);
     }
@@ -15711,10 +15844,22 @@ async function startServer(options = {}) {
     console.log(`   \u2192 OpenAPI spec: http://${host}:${port}/openapi.json
 `);
   }
+  if (host === "127.0.0.1" || host === "localhost") {
+    console.log(`[sparkecoder] \u26A0 API bound to ${host} only \u2014 not reachable from outside the machine.`);
+    console.log(`[sparkecoder]   For tunnels/reverse proxies (Modal/Fly/Docker), set --host 0.0.0.0 or SPARKECODER_API_HOST=0.0.0.0.`);
+  }
   serverInstance = serve({
     fetch: app.fetch,
     port,
     hostname: host
+  }, (info) => {
+    const actual = `${info.address}:${info.port}`;
+    const requested = `${host}:${port}`;
+    if (info.address === "127.0.0.1" && host !== "127.0.0.1" && host !== "localhost") {
+      console.warn(`[sparkecoder] \u2717 API listener bound to ${actual} but ${requested} was requested. External requests will be refused.`);
+    } else {
+      console.log(`[sparkecoder] \u2713 API listening on ${actual}`);
+    }
   });
   let webPort;
   let webStarted;
@@ -16782,7 +16927,7 @@ var program = new Command();
 program.name("sparkecoder").description("AI coding agent - just type sparkecoder to start chatting").version(getCliVersion()).option("-s, --session <id>", "Resume an existing session").option("-n, --name <name>", "Name for the new session").option("-m, --model <model>", "Model to use").option("-w, --working-dir <path>", "Working directory").option("-c, --config <path>", "Path to config file").option("-p, --port <port>", "Server port", "3141").option("-H, --host <host>", "Server host", "127.0.0.1").option("--no-auto-start", "Do not auto-start server if not running").option("--web-port <port>", "Web UI port", "6969").option("--no-web", "Do not start web UI when auto-starting server").option("--public-url <url>", "Public URL for web UI to connect to API (for Docker/remote access)").option("-v, --verbose", "Enable verbose logging for web server").option("--dangerously-skip-approvals", "Auto-approve all tool calls (no confirmation prompts)").action(async (options) => {
   await runChat(options);
 });
-program.command("server").description("Start the SparkECoder server (API + Web UI)").option("-p, --port <port>", "API server port", "3141").option("-h, --host <host>", "Server host", "127.0.0.1").option("-c, --config <path>", "Path to config file").option("-w, --working-dir <path>", "Working directory").option("--web-port <port>", "Web UI port", "6969").option("--no-web", "Do not start web UI").option("--public-url <url>", "Public URL for web UI to connect to API (for Docker/remote access)").option("-v, --verbose", "Enable verbose logging for web server").option("--setup-secret <secret>", "Setup secret (or short-lived JWT) used for /auth/register and /tunnels when the remote server has SETUP_SECRET configured. Equivalent to setting SPARKECODER_SETUP_SECRET env.").action(async (options) => {
+program.command("server").description("Start the SparkECoder server (API + Web UI)").option("-p, --port <port>", "API server port", "3141").option("-h, --host <host>", "Server bind address (use 127.0.0.1 to restrict to loopback). Overridable via SPARKECODER_API_HOST / SPARKECODER_HOST env.", "0.0.0.0").option("-c, --config <path>", "Path to config file").option("-w, --working-dir <path>", "Working directory").option("--web-port <port>", "Web UI port", "6969").option("--no-web", "Do not start web UI").option("--public-url <url>", "Public URL for web UI to connect to API (for Docker/remote access)").option("-v, --verbose", "Enable verbose logging for web server").option("--setup-secret <secret>", "Setup secret (or short-lived JWT) used for /auth/register and /tunnels when the remote server has SETUP_SECRET configured. Equivalent to setting SPARKECODER_SETUP_SECRET env.").action(async (options) => {
   if (options.setupSecret) {
     process.env.SPARKECODER_SETUP_SECRET = options.setupSecret;
     if (!process.env.SPARKECODER_TUNNEL_SECRET) {