teleportation-cli 1.4.4 → 1.5.0

package/.gemini/hooks/before_tool.mjs

@@ -0,0 +1,276 @@
+#!/usr/bin/env node
+/**
+ * Gemini CLI BeforeTool Hook
+ * 
+ * This hook executes BEFORE any tool runs in Gemini CLI.
+ * It mirrors the Claude Code pre_tool_use hook for Teleportation.
+ */
+
+import { stdin, stdout, exit, env } from 'node:process';
+import { appendFileSync } from 'node:fs';
+import { fileURLToPath } from 'url';
+import { dirname } from 'path';
+import { loadConfig } from './shared/config.mjs';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+// Security: Max input size to prevent memory exhaustion
+const MAX_INPUT_SIZE = 10 * 1024 * 1024; // 10MB
+
+// Read all stdin
+const readStdin = () => new Promise((resolve, reject) => {
+  let data = '';
+  stdin.setEncoding('utf8');
+  stdin.on('data', chunk => {
+    data += chunk;
+    if (data.length > MAX_INPUT_SIZE) {
+      reject(new Error('Input too large'));
+    }
+  });
+  stdin.on('end', () => resolve(data));
+  stdin.on('error', reject);
+});
+
+// Sleep helper
+const sleep = (ms) => new Promise(r => setTimeout(r, ms));
+
+// Logging
+const hookLogFile = env.TELEPORTATION_HOOK_LOG || '/tmp/teleportation-gemini-hook.log';
+const log = (msg) => {
+  const timestamp = new Date().toISOString();
+  const logMsg = `[${timestamp}] [gemini:before_tool] ${msg}\n`;
+  try {
+    appendFileSync(hookLogFile, logMsg);
+  } catch (e) {
+    // Silently ignore
+  }
+};
+
+// Fetch JSON helper
+const fetchJson = async (url, opts) => {
+  const res = await fetch(url, opts);
+  if (!res.ok) throw new Error(`HTTP ${res.status}`);
+  return res.json();
+};
+
+// Safe tools that can be auto-approved (read-only operations)
+const SAFE_TOOLS = new Set([
+  'read_file',
+  'list_directory',
+  'search_files',
+  'grep_search',
+  'file_search',
+  'web_search',
+  'web_fetch',
+  'get_file_info',
+]);
+
+// Safe shell commands (read-only)
+const SAFE_SHELL_COMMANDS = [
+  /^git\s+(status|log|diff|show|branch|remote|config\s+--get)/,
+  /^ls(\s|$)/,
+  /^pwd(\s|$)/,
+  /^cat\s/,
+  /^head\s/,
+  /^tail\s/,
+  /^wc\s/,
+  /^echo\s/,
+  /^which\s/,
+  /^type\s/,
+  /^file\s/,
+  /^stat\s/,
+];
+
+function isSafeTool(toolName, toolInput) {
+  // Check if tool is in safe list
+  if (SAFE_TOOLS.has(toolName.toLowerCase())) {
+    return true;
+  }
+
+  // Check shell commands
+  if (toolName === 'run_shell_command' || toolName === 'bash' || toolName === 'shell') {
+    const command = toolInput?.command || toolInput?.cmd || '';
+    
+    // Security: Check for command chaining/injection patterns
+    if (/[;&|`$()]/.test(command)) {
+      return false;
+    }
+    
+    // Security: Check for redirects that could overwrite files
+    if (/[><]/.test(command)) {
+      return false;
+    }
+    
+    // Only allow if matches a safe pattern
+    for (const pattern of SAFE_SHELL_COMMANDS) {
+      if (pattern.test(command)) {
+        return true;
+      }
+    }
+  }
+
+  return false;
+}
+
+// Output decision to Gemini CLI
+function outputDecision(action, reason = '') {
+  const decision = { action, reason };
+  stdout.write(JSON.stringify(decision));
+  log(`Decision: ${action} - ${reason}`);
+}
+
+(async () => {
+  log('=== BeforeTool hook invoked ===');
+
+  try {
+    const raw = await readStdin();
+    let input;
+    try {
+      input = JSON.parse(raw || '{}');
+    } catch (e) {
+      log(`Invalid JSON input: ${e.message}`);
+      outputDecision('ALLOW', 'Invalid input, allowing by default');
+      return exit(0);
+    }
+
+    const { tool_name, tool_input, session_id } = input;
+    const teleportSessionId = env.TELEPORTATION_SESSION_ID || session_id || 'unknown';
+    log(`Tool: ${tool_name}, Session (input): ${session_id}, TeleportSession: ${teleportSessionId}`);
+
+    // Load config from shared module
+    const config = await loadConfig(log);
+    const RELAY_API_URL = config.relayApiUrl;
+    const RELAY_API_KEY = config.relayApiKey;
+
+    log(`Using Relay: ${RELAY_API_URL}`);
+
+    // If no relay configured, allow all (local-only mode)
+    if (!RELAY_API_URL || !RELAY_API_KEY) {
+      log('No relay configured, allowing tool');
+      outputDecision('ALLOW', 'No relay configured');
+      return exit(0);
+    }
+
+    // Check if tool is safe (auto-approve)
+    if (isSafeTool(tool_name, tool_input)) {
+      log(`Safe tool ${tool_name}, auto-approving`);
+      outputDecision('ALLOW', 'Safe tool auto-approved');
+      return exit(0);
+    }
+
+    // Check if user is away (should use remote approval)
+    let isAway = false;
+    try {
+      const stateUrl = `${RELAY_API_URL}/api/sessions/${teleportSessionId}/daemon-state`;
+      log(`Checking away status at: ${stateUrl}`);
+      
+      const response = await fetch(stateUrl, {
+        headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` },
+        signal: AbortSignal.timeout(5000),
+      });
+      
+      if (response.ok) {
+        const state = await response.json();
+        isAway = !!state.is_away;
+        log(`Session away status: ${isAway}`);
+      } else {
+        log(`Away check failed: HTTP ${response.status}`);
+      }
+    } catch (e) {
+      log(`Could not check away status: ${e.message}`);
+      // If we can't check, assume user is present
+    }
+
+    // If user is present, ask them locally
+    if (!isAway) {
+      log('User is present, asking locally');
+      outputDecision('ASK_USER', 'User is present');
+      return exit(0);
+    }
+
+    // User is away - create remote approval request
+    log('User is away, creating remote approval request');
+
+    const approvalPayload = {
+      session_id: teleportSessionId,
+      tool_name,
+      tool_input,
+      status: 'pending',
+      source: 'gemini-cli',
+      meta: {
+        cwd: process.cwd(),
+        timestamp: Date.now(),
+      },
+    };
+
+    let approvalId;
+    try {
+      const approval = await fetchJson(`${RELAY_API_URL}/api/approvals`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${RELAY_API_KEY}`,
+        },
+        body: JSON.stringify(approvalPayload),
+        signal: AbortSignal.timeout(10000),
+      });
+      approvalId = approval.id;
+      log(`Created approval request: ${approvalId}`);
+    } catch (e) {
+      log(`Failed to create approval: ${e.message}`);
+      // If relay is down, allow (fail-safe for autonomous operation)
+      outputDecision('ALLOW', 'Relay unavailable, auto-approved');
+      return exit(0);
+    }
+
+    // Poll for approval decision
+    // Handle environment variable with proper parsing and bounds
+    const POLL_TIMEOUT_MS = Math.max(5000, Math.min(3600000, 
+      parseInt(env.GEMINI_APPROVAL_TIMEOUT_MS || '60000', 10) || 60000
+    ));
+    const POLL_INTERVAL_MS = Math.max(100, Math.min(30000, 
+      parseInt(env.GEMINI_POLL_INTERVAL_MS || '2000', 10) || 2000
+    ));
+    
+    log(`Polling for approval: timeout=${POLL_TIMEOUT_MS}ms, interval=${POLL_INTERVAL_MS}ms`);
+    
+    const startTime = Date.now();
+
+    while (Date.now() - startTime < POLL_TIMEOUT_MS) {
+      try {
+        const status = await fetchJson(`${RELAY_API_URL}/api/approvals/${approvalId}`, {
+          headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` },
+          signal: AbortSignal.timeout(5000),
+        });
+
+        if (status.status === 'allowed') {
+          log(`Approval ${approvalId} allowed`);
+          outputDecision('ALLOW', 'Remote approval granted');
+          return exit(0);
+        } else if (status.status === 'denied') {
+          log(`Approval ${approvalId} denied`);
+          outputDecision('DENY', 'Remote approval denied');
+          return exit(0);
+        }
+
+        // Still pending, wait and poll again
+        await sleep(POLL_INTERVAL_MS);
+      } catch (e) {
+        log(`Poll error: ${e.message}`);
+        await sleep(POLL_INTERVAL_MS);
+      }
+    }
+
+    // Timeout - let daemon handle it
+    log(`Approval timeout, handing off to daemon`);
+    outputDecision('DENY', 'Approval timeout - daemon will handle');
+    return exit(0);
+
+  } catch (e) {
+    log(`Hook error: ${e.message}`);
+    // On error, allow (fail-safe)
+    outputDecision('ALLOW', `Error: ${e.message}`);
+    return exit(0);
+  }
+})();

package/.gemini/hooks/session_end.mjs

@@ -0,0 +1,158 @@
+#!/usr/bin/env node
+/**
+ * Gemini CLI SessionEnd Hook
+ * 
+ * This hook executes when a Gemini CLI session ends.
+ * It mirrors the Claude Code session_end hook for Teleportation.
+ */
+
+import { stdin, stdout, exit, env } from 'node:process';
+import { appendFileSync, existsSync } from 'node:fs';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+import { homedir, tmpdir } from 'node:os';
+import { loadConfig } from './shared/config.mjs';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+// Security: Session ID validation to prevent command injection
+const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+// Security: Max input size to prevent memory exhaustion
+const MAX_INPUT_SIZE = 10 * 1024 * 1024; // 10MB
+
+// Read all stdin
+const readStdin = () => new Promise((resolve, reject) => {
+  let data = '';
+  stdin.setEncoding('utf8');
+  stdin.on('data', chunk => {
+    data += chunk;
+    if (data.length > MAX_INPUT_SIZE) {
+      reject(new Error('Input too large'));
+    }
+  });
+  stdin.on('end', () => resolve(data));
+  stdin.on('error', reject);
+});
+
+// Logging
+const hookLogFile = env.TELEPORTATION_HOOK_LOG || '/tmp/teleportation-gemini-hook.log';
+const log = (msg) => {
+  const timestamp = new Date().toISOString();
+  const logMsg = `[${timestamp}] [gemini:session_end] ${msg}\n`;
+  try {
+    appendFileSync(hookLogFile, logMsg);
+  } catch (e) {
+    // Silently ignore
+  }
+};
+
+(async () => {
+  log('=== SessionEnd hook invoked ===');
+
+  try {
+    const raw = await readStdin();
+    let input;
+    try {
+      input = JSON.parse(raw || '{}');
+    } catch (e) {
+      log(`Invalid JSON input: ${e.message}`);
+      return exit(0);
+    }
+
+    const { session_id, reason, stats } = input;
+    const teleportSessionId = env.TELEPORTATION_SESSION_ID || session_id || 'unknown';
+    
+    log(`Session: ${teleportSessionId}, Reason: ${reason}`);
+
+    // Load config from shared module
+    const config = await loadConfig(log);
+    const RELAY_API_URL = config.relayApiUrl;
+    const RELAY_API_KEY = config.relayApiKey;
+
+    // NOTE: Heartbeat processes are no longer spawned per-session.
+    // The daemon handles heartbeats inline (PRD-0025 migration).
+
+    // If no relay configured, just exit
+    if (!RELAY_API_URL || !RELAY_API_KEY) {
+      log('No relay configured, exiting');
+      return exit(0);
+    }
+
+    // Log session end to timeline
+    const timelineEvent = {
+      session_id: teleportSessionId,
+      type: 'session_ended',
+      data: {
+        reason: reason || 'normal_exit',
+        stats: stats || {},
+        timestamp: Date.now()
+      },
+      source: 'gemini-cli',
+      timestamp: Date.now(),
+    };
+
+    try {
+      await fetch(`${RELAY_API_URL}/api/timeline`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${RELAY_API_KEY}`,
+        },
+        body: JSON.stringify(timelineEvent),
+        signal: AbortSignal.timeout(5000),
+      });
+      log(`Session end logged to timeline`);
+    } catch (e) {
+      log(`Failed to log session end: ${e.message}`);
+    }
+
+    // Update session state
+    try {
+      await fetch(`${RELAY_API_URL}/api/sessions/${teleportSessionId}/daemon-state`, {
+        method: 'PATCH',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${RELAY_API_KEY}`
+        },
+        body: JSON.stringify({
+          status: 'stopped',
+          is_away: false,
+          stopped_reason: 'session_end'
+        }),
+        signal: AbortSignal.timeout(2000)
+      });
+    } catch (e) {}
+
+    // Unregister from local daemon
+    const DAEMON_PORT = env.TELEPORTATION_DAEMON_PORT || '3050';
+    try {
+      await fetch(`http://localhost:${DAEMON_PORT}/sessions/deregister`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ session_id: teleportSessionId }),
+        signal: AbortSignal.timeout(2000),
+      });
+      log(`Session unregistered from daemon`);
+    } catch (e) {}
+
+    // Deregister session with relay API
+    try {
+      await fetch(`${RELAY_API_URL}/api/sessions/deregister`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${RELAY_API_KEY}`
+        },
+        body: JSON.stringify({ session_id: teleportSessionId })
+      });
+    } catch (e) {}
+
+    stdout.write('{}');
+    return exit(0);
+
+  } catch (e) {
+    log(`Hook error: ${e.message}`);
+    return exit(0);
+  }
+})();

package/.gemini/hooks/session_start.mjs

@@ -0,0 +1,193 @@
+#!/usr/bin/env node
+/**
+ * Gemini CLI SessionStart Hook
+ * 
+ * This hook executes when a Gemini CLI session starts.
+ * It mirrors the Claude Code session_start hook for Teleportation.
+ */
+
+import { stdin, stdout, exit, env } from 'node:process';
+import * as fs from 'node:fs';
+import { appendFileSync, existsSync } from 'node:fs';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+import { homedir } from 'os';
+import { randomUUID } from 'node:crypto';
+import { loadConfig } from './shared/config.mjs';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+// Security: Max input size to prevent memory exhaustion
+const MAX_INPUT_SIZE = 10 * 1024 * 1024; // 10MB
+
+// Read all stdin
+const readStdin = () => new Promise((resolve, reject) => {
+  let data = '';
+  stdin.setEncoding('utf8');
+  stdin.on('data', chunk => {
+    data += chunk;
+    if (data.length > MAX_INPUT_SIZE) {
+      reject(new Error('Input too large'));
+    }
+  });
+  stdin.on('end', () => resolve(data));
+  stdin.on('error', reject);
+});
+
+// Logging
+const hookLogFile = env.TELEPORTATION_HOOK_LOG || '/tmp/teleportation-gemini-hook.log';
+const log = (msg) => {
+  const timestamp = new Date().toISOString();
+  const logMsg = `[${timestamp}] [gemini:session_start] ${msg}\n`;
+  try {
+    appendFileSync(hookLogFile, logMsg);
+  } catch (e) {
+    // Silently ignore
+  }
+};
+
+// Lazy-load metadata extraction
+let extractSessionMetadata = null;
+async function getSessionMetadata(cwd) {
+  if (!extractSessionMetadata) {
+    const possiblePaths = [
+      join(__dirname, '..', '..', 'lib', 'session', 'metadata.js'),
+      join(homedir(), '.teleportation', 'lib', 'session', 'metadata.js'),
+    ];
+
+    for (const path of possiblePaths) {
+      try {
+        const mod = await import('file://' + path);
+        extractSessionMetadata = mod.extractSessionMetadata;
+        break;
+      } catch (e) {
+        // Try next path
+      }
+    }
+  }
+
+  if (!extractSessionMetadata) return { cwd };
+
+  try {
+    return await extractSessionMetadata(cwd);
+  } catch (e) {
+    return { cwd };
+  }
+}
+
+/**
+ * Spawn the heartbeat background process
+ * NOTE: Heartbeat processes are no longer spawned per-session.
+ * The daemon handles heartbeats inline (PRD-0025 migration).
+ * This function is kept as a no-op for backward compatibility.
+ */
+function spawnHeartbeat(sessionId, config) {
+  // No-op: daemon handles heartbeats inline now
+  return;
+  }
+}
+
+(async () => {
+  log('=== SessionStart hook invoked ===');
+
+  try {
+    const raw = await readStdin();
+    let input;
+    try {
+      input = JSON.parse(raw || '{}');
+    } catch (e) {
+      log(`Invalid JSON input: ${e.message}`);
+      return exit(0);
+    }
+
+    const { session_id, model, cwd, owner_id } = input;
+    const workingDir = cwd || process.cwd();
+    
+    // Security: Use UUID instead of timestamp to prevent collisions
+    const teleportSessionId = env.TELEPORTATION_SESSION_ID || session_id || `gemini-${randomUUID().substring(0, 8)}`;
+    
+    log(`Session: ${teleportSessionId}, Model: ${model}, CWD: ${workingDir}`);
+
+    // Load config from shared module
+    const config = await loadConfig(log);
+    const RELAY_API_URL = config.relayApiUrl;
+    const RELAY_API_KEY = config.relayApiKey;
+
+    // If no relay configured, just log locally
+    if (!RELAY_API_URL || !RELAY_API_KEY) {
+      log('No relay configured, skipping session registration');
+      stdout.write(JSON.stringify({ session_id: teleportSessionId }));
+      return exit(0);
+    }
+
+    // Extract enhanced session metadata (Parity with Claude)
+    const meta = await getSessionMetadata(workingDir);
+    meta.session_id = teleportSessionId;
+    meta.gemini_session_id = session_id;
+    meta.current_model = model;
+
+    // Register session with relay
+    const sessionPayload = {
+      session_id: teleportSessionId,
+      meta: {
+        ...meta,
+        source: 'gemini-cli' // Ensure source is in meta for relay
+      },
+      owner_id: owner_id || null,
+      registered_at: Date.now(),
+    };
+
+    try {
+      await fetch(`${RELAY_API_URL}/api/sessions/register`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Authorization': `Bearer ${RELAY_API_KEY}`,
+        },
+        body: JSON.stringify(sessionPayload),
+        signal: AbortSignal.timeout(10000),
+      });
+      log(`Session ${teleportSessionId} registered with relay`);
+      
+      // Start heartbeat process
+      spawnHeartbeat(teleportSessionId, config);
+    } catch (e) {
+      log(`Failed to register session: ${e.message}`);
+    }
+
+    // Also register with local daemon if running
+    const DAEMON_PORT = env.TELEPORTATION_DAEMON_PORT || '3050';
+    try {
+      await fetch(`http://localhost:${DAEMON_PORT}/sessions/register`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          session_id: teleportSessionId,
+          gemini_session_id: session_id,
+          cwd: workingDir,
+          meta: {
+            ...meta,
+            source: 'gemini-cli' // Pass source to daemon too
+          }
+        }),
+        signal: AbortSignal.timeout(2000),
+      });
+      log(`Session registered with local daemon`);
+    } catch (e) {
+      log(`Daemon not available: ${e.message}`);
+    }
+
+    // Output session ID for Gemini CLI to use
+    stdout.write(JSON.stringify({
+      session_id: teleportSessionId,
+      registered: true,
+    }));
+    return exit(0);
+
+  } catch (e) {
+    log(`Hook error: ${e.message}`);
+    stdout.write('{}');
+    return exit(0);
+  }
+})();

package/.gemini/hooks/shared/config.mjs

@@ -0,0 +1,67 @@
+/**
+ * Shared configuration loader for Gemini hooks
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { env } from 'node:process';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { fileURLToPath } from 'node:url';
+import { dirname } from 'node:path';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+/**
+ * Load configuration for Gemini hooks
+ * Priority:
+ * 1. Environment variables
+ * 2. Claude's config-loader
+ * 3. Legacy config file (~/.teleportation-config.json)
+ */
+export async function loadConfig(log = () => {}) {
+  // Priority 1: Environment variables (Crucial for testing/overrides)
+  if (env.RELAY_API_URL && env.RELAY_API_KEY) {
+    return {
+      relayApiUrl: env.RELAY_API_URL,
+      relayApiKey: env.RELAY_API_KEY,
+      slackWebhookUrl: env.SLACK_WEBHOOK_URL || '',
+    };
+  }
+
+  // Priority 2: Claude's config-loader (Shared system config)
+  try {
+    // Shared module is in .gemini/hooks/shared/
+    // config-loader is in .claude/hooks/
+    const configLoaderPath = join(__dirname, '..', '..', '..', '.claude', 'hooks', 'config-loader.mjs');
+    if (existsSync(configLoaderPath)) {
+      const { loadConfig } = await import('file://' + configLoaderPath);
+      const config = await loadConfig();
+      if (config.relayApiUrl && config.relayApiKey) {
+        return config;
+      }
+    }
+  } catch (e) {
+    log(`Config loader failed: ${e.message}`);
+  }
+
+  // Priority 3: Legacy config file
+  const legacyConfigPath = join(homedir(), '.teleportation-config.json');
+  if (existsSync(legacyConfigPath)) {
+    try {
+      const config = JSON.parse(readFileSync(legacyConfigPath, 'utf8'));
+      return {
+        relayApiUrl: config.relay_api_url || '',
+        relayApiKey: config.relay_api_key || '',
+        slackWebhookUrl: config.slack_webhook_url || '',
+      };
+    } catch (e) {
+      log(`Legacy config failed: ${e.message}`);
+    }
+  }
+
+  return {
+    relayApiUrl: '',
+    relayApiKey: '',
+    slackWebhookUrl: '',
+  };
+}