staklink 0.4.9 → 0.4.11

package/dist/proxy-server.cjs

@@ -60768,6 +60768,102 @@ async function NewRepo(url3) {
   }
   return new Repo(repoLocation);
 }
+function buildAuthenticatedUrl(remoteUrl, credentials) {
+  let url3 = remoteUrl;
+  switch (credentials.provider) {
+    case "github":
+      url3 = url3.replace(
+        "https://github.com/",
+        `https://${credentials.auth_data.token}@github.com/`
+      ).replace(
+        /https:\/\/.*@github\.com\//,
+        `https://${credentials.auth_data.token}@github.com/`
+      );
+      if (url3.startsWith("git@github.com:")) {
+        const repoPath = url3.replace("git@github.com:", "").replace(/\.git$/, "");
+        url3 = `https://${credentials.auth_data.token}@github.com/${repoPath}.git`;
+      }
+      break;
+    case "gitlab":
+      url3 = url3.replace(
+        "https://gitlab.com/",
+        `https://oauth2:${credentials.auth_data.token}@gitlab.com/`
+      ).replace(
+        /https:\/\/.*@gitlab\.com\//,
+        `https://oauth2:${credentials.auth_data.token}@gitlab.com/`
+      );
+      if (url3.startsWith("git@gitlab.com:")) {
+        const repoPath = url3.replace("git@gitlab.com:", "").replace(/\.git$/, "");
+        url3 = `https://oauth2:${credentials.auth_data.token}@gitlab.com/${repoPath}.git`;
+      }
+      break;
+    case "bitbucket":
+      url3 = url3.replace(
+        "https://bitbucket.org/",
+        `https://${credentials.auth_data.username}:${credentials.auth_data.token}@bitbucket.org/`
+      ).replace(
+        /https:\/\/.*@bitbucket\.org\//,
+        `https://${credentials.auth_data.username}:${credentials.auth_data.token}@bitbucket.org/`
+      );
+      if (url3.startsWith("git@bitbucket.org:")) {
+        const repoPath = url3.replace("git@bitbucket.org:", "").replace(/\.git$/, "");
+        url3 = `https://${credentials.auth_data.username}:${credentials.auth_data.token}@bitbucket.org/${repoPath}.git`;
+      }
+      break;
+  }
+  return url3;
+}
+async function setupGlobalGitCredentials(repoCwd, credentials) {
+  const run = (cmd) => exec4(cmd, {
+    cwd: repoCwd,
+    env: { ...process.env, GIT_TERMINAL_PROMPT: "0" }
+  });
+  const { stdout: origUrl } = await run(
+    "git config --get remote.origin.url"
+  );
+  let origName = null;
+  let origEmail = null;
+  try {
+    origName = (await run("git config --global user.name")).stdout.trim();
+  } catch {
+  }
+  try {
+    origEmail = (await run("git config --global user.email")).stdout.trim();
+  } catch {
+  }
+  const authUrl = buildAuthenticatedUrl(origUrl.trim(), credentials);
+  await run(`git remote set-url origin "${authUrl}"`);
+  await run(
+    `git config --global user.name "${credentials.auth_data.username}"`
+  );
+  await run(
+    `git config --global user.email "${credentials.auth_data.username}@users.noreply.github.com"`
+  );
+  const env2 = {
+    GH_TOKEN: credentials.auth_data.token,
+    GITHUB_TOKEN: credentials.auth_data.token
+  };
+  const teardown = async () => {
+    try {
+      await run(`git remote set-url origin "${origUrl.trim()}"`);
+      if (origName) {
+        await run(`git config --global user.name "${origName}"`);
+      } else {
+        await run("git config --global --unset user.name").catch(() => {
+        });
+      }
+      if (origEmail) {
+        await run(`git config --global user.email "${origEmail}"`);
+      } else {
+        await run("git config --global --unset user.email").catch(() => {
+        });
+      }
+    } catch (e) {
+      error("Error tearing down global git credentials:", e);
+    }
+  };
+  return { env: env2, teardown };
+}
 
 // src/proxy/sse.ts
 var SSEManager = class {
@@ -60814,7 +60910,7 @@ var SSEManager = class {
 var sseManager = new SSEManager();
 
 // src/proxy/version.ts
-var VERSION = "0.4.9";
+var VERSION = "0.4.11";
 
 // node_modules/uuid/dist/esm/stringify.js
 var byteToHex = [];
@@ -137544,7 +137640,9 @@ async function runAgent({
   createGooseConfig(searchApiKey);
   const env2 = goose_env(apiKey, model);
   console.log("RUN goose with env", env2);
-  const cleanPrompt = sanitizeShellArg(prompt);
+  const safePrompt = prompt.startsWith("-") ? `
+${prompt}` : prompt;
+  const cleanPrompt = sanitizeShellArg(safePrompt);
   let system = SYSTEM_CORE;
   system += system_prompt ? sanitizeShellArg(system_prompt) + "\n\n" : "";
   system += SYSTEM_SUFFIX;
@@ -139220,7 +139318,17 @@ var makeRepairPrompt = (podConfigPath, history, initialPrompt) => {
   
 The config files can be read at ${podConfigPath}. You must find out how to edit the pm2.config.js and the docker-compose.yaml in order to get the project to run successfully (there is also a Dockerfile which may also be changed if absolutely needed). Remember that you may need to add or alter env vars in the pm2.config.js file. Focus on the frontend app defined in the pm2 config file, don't worry about other services unless they are needed to run the frontend. For example, if its a next.js app, you can read the package.json to see what SHOULD be in the pm2 "script" command or the special install/build/etc commands. REMEMBER: this is a development environment, so the pm2 script should be something like "npm run dev" or something similar... we want to default to whatever start script is best for development (like whatever has hot-reload etc). If its a simple backend api project, then thats fine to be defined as the "frontend". If there really is no public-facing frontend or api, then STILL INCLUDE A pm2 service called "frontend", which can just be this dummy server: "npx -y hell0-w0rld". Its important that we have at least SOMETHING running as the "frontend" so we can verify that the pod is running smoothly!
 
-IMPORTANT: You may be in a multi-repo workspace! If so, make sure the "cwd" field for each appin the pm2.config.js specifies different paths to each repo! Like "/workspaces/repo1", "/workspaces/repo2", etc.
+If this is an Android project, prefer Android conventions:
+- The frontend pm2 service can use a placeholder script (for example, "echo android-frontend") and do real setup via env commands.
+- Set PORT to "8000" (screen stream port).
+- Use PRE_START_COMMAND to ensure adb is ready (for example, "adb wait-for-device").
+- Use INSTALL_COMMAND/BUILD_COMMAND for dependency fetch + APK build (for example, "./gradlew dependencies" and "./gradlew assembleDebug").
+- Use POST_START_COMMAND to install/launch the app when needed.
+- Set REBUILD_COMMAND to APK build command and RESTART to "true" so code updates trigger rebuild/reinstall flow.
+- Derive package/activity from AndroidManifest or Gradle config when launching with adb shell am start.
+- Use ghcr.io/stakwork/staklink-android:latest as the base image in Dockerfile.
+
+IMPORTANT: You may be in a multi-repo workspace! If so, make sure the "cwd" field for each app in the pm2.config.js specifies different paths to each repo! Like "/workspaces/repo1", "/workspaces/repo2", etc.
 
 This project is currently running a remote code-server instance. Docker is optional, but may be used. The docker-compose file has already been started. You can use the regular docker commands (docker ps, docker logs, etc) to inspect the running containers.
 
@@ -141400,10 +141508,12 @@ ${diff.trim()}`);
         }
       }
     }
-    const response = { success: true, commits, branches };
+    const hasPrErrors = Object.keys(prErrors).length > 0;
+    const success3 = !(createPR && hasPrErrors);
+    const response = { success: success3, commits, branches };
     if (createPR) {
       response.prs = prs;
-      if (Object.keys(prErrors).length > 0) {
+      if (hasPrErrors) {
         response.prErrors = prErrors;
       }
     }
@@ -141513,6 +141623,152 @@ async function handleCreateRepo(req, res) {
     });
   }
 }
+function buildPushPrompt(opts) {
+  const lines = [
+    `You are in the git repo at: ${opts.repoPath}`,
+    "",
+    "Perform the following git operations. If any step fails, diagnose the problem and fix it (resolve merge conflicts, pull and rebase, etc). Be resilient - the goal is to get code pushed successfully.",
+    "",
+    "1. Check the current branch. If you are on main or master, create a new feature branch and switch to it. Otherwise stay on the current branch.",
+    "2. Check git status. If there are uncommitted changes, stage them (git add .) and commit with a short descriptive message. If everything is already committed, skip this step.",
+    "3. Push the current branch to origin. If the push is rejected (non-fast-forward, remote has new work, etc), pull with rebase and try again. If there are merge conflicts during rebase, resolve them sensibly and continue."
+  ];
+  if (opts.createPR) {
+    let step = 4;
+    lines.push(
+      `${step}. Create a pull request from the current branch to "${opts.baseBranch}" using the gh CLI. The PR title should be derived from the commit message. If a PR already exists for this branch, skip creation.`
+    );
+    if (opts.label) {
+      step++;
+      lines.push(
+        `${step}. Add the label "${opts.label}" to the PR.`
+      );
+    }
+    step++;
+    lines.push(
+      `${step}. Ensure the PR branch is up to date with "${opts.baseBranch}". Run: git fetch origin ${opts.baseBranch} && git merge origin/${opts.baseBranch}. If there are conflicts, resolve them, commit, and push again. This is equivalent to GitHub's "Update branch" button.`
+    );
+    if (opts.autoMerge) {
+      step++;
+      lines.push(
+        `${step}. Enable auto-merge (squash) on the PR using: gh pr merge <number> --auto --squash --delete-branch`
+      );
+    }
+  }
+  lines.push(
+    "",
+    "IMPORTANT:",
+    "- Do NOT ask for confirmation. Just do it.",
+    "- If push fails, try pulling with rebase first. If that fails with conflicts, resolve them and continue.",
+    "- Output the PR URL if you created one.",
+    "- Output the branch name you ended up on.",
+    "- Output the commit hash after pushing."
+  );
+  return lines.join("\n");
+}
+async function handleAgentPush(req, res) {
+  const request_id = startReq();
+  try {
+    const code = req.body;
+    const repos = getReposWithChangedFiles(code);
+    const createPR = req.query.pr === "true";
+    const autoMerge = req.query.automerge === "true";
+    const label = req.query.label;
+    if (!repos.length) {
+      finishReq(request_id, {
+        success: true,
+        commits: [],
+        branches: {}
+      });
+      res.json({ request_id, status: "pending" });
+      return;
+    }
+    if (!code.git_credentials?.auth_data?.token) {
+      failReq(request_id, new Error("git_credentials with token required"));
+      res.json({ request_id, status: "pending" });
+      return;
+    }
+    const apiKey = code.apiKey || process.env.ANTHROPIC_API_KEY || "";
+    (async () => {
+      const results = { commits: [], prs: {}, branches: {} };
+      for (const r of repos) {
+        const repo = await NewRepo(r.url);
+        const repoPath = repo.printcwd();
+        const repoName = getRepoNameFromUrl(r.url);
+        const baseBranch = r.base_branch || "main";
+        const { env: credEnv, teardown } = await setupGlobalGitCredentials(
+          repoPath,
+          code.git_credentials
+        );
+        try {
+          const prompt = buildPushPrompt({
+            repoPath,
+            createPR,
+            autoMerge,
+            label,
+            baseBranch
+          });
+          log(`=> agent/push prompt for ${repoName}:
+${prompt}`);
+          const prevGhToken = process.env.GH_TOKEN;
+          const prevGithubToken = process.env.GITHUB_TOKEN;
+          process.env.GH_TOKEN = credEnv.GH_TOKEN;
+          process.env.GITHUB_TOKEN = credEnv.GITHUB_TOKEN;
+          const agentFn = chooseAgent("goose");
+          let result;
+          try {
+            result = await agentFn({
+              prompt,
+              apiKey,
+              cwd: repoPath,
+              session: code.session,
+              model: code.model
+            });
+          } finally {
+            if (prevGhToken !== void 0) {
+              process.env.GH_TOKEN = prevGhToken;
+            } else {
+              delete process.env.GH_TOKEN;
+            }
+            if (prevGithubToken !== void 0) {
+              process.env.GITHUB_TOKEN = prevGithubToken;
+            } else {
+              delete process.env.GITHUB_TOKEN;
+            }
+          }
+          const output = typeof result === "string" ? result : result.output;
+          results.commits.push(output);
+          const branchMatch = output.match(
+            /(?:on branch|switched to|branch)\s+[`'"]?([^\s`'"]+)/i
+          );
+          if (branchMatch) {
+            results.branches[repoName] = branchMatch[1];
+          }
+          const prMatch = output.match(
+            /https:\/\/github\.com\/[^\s]+\/pull\/\d+/
+          );
+          if (prMatch) {
+            results.prs[repoName] = prMatch[0];
+          }
+        } finally {
+          await teardown();
+        }
+      }
+      finishReq(request_id, {
+        success: true,
+        ...results
+      });
+    })().catch((error88) => {
+      error("agent/push error:", error88);
+      failReq(request_id, error88);
+    });
+    res.json({ request_id, status: "pending" });
+  } catch (e) {
+    error("agent/push setup error:", e);
+    failReq(request_id, e);
+    res.json({ request_id, status: "pending" });
+  }
+}
 
 // src/proxy/code_actions.ts
 var fs14 = __toESM(require("fs/promises"), 1);
@@ -142251,6 +142507,35 @@ async function startProxyServer() {
     }
     clearInterval(keepAliveInterval);
   });
+  app.get("/ide-auth", async (req, res) => {
+    const fallback = () => res.redirect(302, "/");
+    try {
+      const { token, expires } = req.query;
+      const password = process.env.CODE_SERVER_PASSWORD;
+      const port = process.env.CODE_SERVER_PORT || "8444";
+      if (!token || !expires || !password) return fallback();
+      const expiresNum = parseInt(expires, 10);
+      if (isNaN(expiresNum) || Math.floor(Date.now() / 1e3) > expiresNum) return fallback();
+      const crypto3 = await import("crypto");
+      const expected = crypto3.createHmac("sha256", password).update(`ide-auth:${expires}`).digest("hex");
+      const tA = Buffer.from(token);
+      const tB = Buffer.from(expected);
+      if (tA.length !== tB.length || !crypto3.timingSafeEqual(tA, tB)) return fallback();
+      const loginRes = await fetch(`http://localhost:${port}/login`, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({ password }).toString(),
+        redirect: "manual"
+      });
+      const setCookieHeader = loginRes.headers.get("set-cookie") || "";
+      const keyMatch = setCookieHeader.match(/(?:^|,)\s*key=([^;,]+)/);
+      if (!keyMatch) return fallback();
+      res.setHeader("Set-Cookie", `key=${keyMatch[1]}; Path=/; SameSite=Lax; HttpOnly`);
+      res.redirect(302, "/");
+    } catch {
+      fallback();
+    }
+  });
   app.use(requireAuth);
   app.post("/session", async (req, res) => {
     const { sessionId, webhookUrl, apiKey, searchApiKey, model, agent } = req.body;
@@ -142307,6 +142592,10 @@ async function startProxyServer() {
       system: req.body.system
     }))
   );
+  app.post("/agent/push", async (req, res) => {
+    log("===> POST /agent/push");
+    await handleAgentPush(req, res);
+  });
   app.post(
     "/repair",
     createAsyncAgentHandler(

package/dist/staklink-cli.cjs

@@ -10987,7 +10987,7 @@ var glob = Object.assign(glob_, {
 glob.glob = glob;
 
 // src/proxy/version.ts
-var VERSION = "0.4.9";
+var VERSION = "0.4.11";
 
 // src/deps.ts
 var import_child_process = require("child_process");

package/package.json

@@ -2,7 +2,7 @@
   "name": "staklink",
   "displayName": "staklink",
   "description": "staklink process manager",
-  "version": "0.4.9",
+  "version": "0.4.11",
   "type": "module",
   "publisher": "stakwork",
   "engines": {
@@ -108,6 +108,7 @@
     "ask-gemini": "ts-node ./src/scripts/ask-gemini.ts",
     "test-git": "ts-node ./src/test/test-git.ts",
     "test-pm2": "ts-node ./src/test/test-pm2.ts",
+    "test-ide-auth": "npx tsx ./src/test/test-ide-auth.ts",
     "try-parse": "ts-node ./src/scripts/try-parse.ts",
     "try-gemini": "ts-node ./src/try/try-gemini.ts",
     "try-cc": "ts-node ./src/try/try-cc.ts",