triflux 10.35.2 → 10.36.0

package/bin/triflux.mjs

@@ -75,6 +75,7 @@ import {
   formatPsmuxUpdateGuidance,
   probePsmuxSupport,
 } from "../scripts/lib/psmux-info.mjs";
+import { main as stealthFetchMain } from "../scripts/lib/stealth-fetch.mjs";
 import {
   buildWindowsHubAutostartCommand,
   cleanupStaleSkills,
@@ -189,6 +190,11 @@ const CLI_COMMAND_SCHEMAS = Object.freeze({
       },
     ],
   },
+  "stealth-fetch": {
+    usage: "tfx stealth-fetch <url>",
+    description:
+      "cloakbrowser 기반 단일 URL fetch (http/https only, JSON stdout)",
+  },
   doctor: {
     usage:
       "tfx doctor [--fix] [--reset] [--audit] [--diagnose] [--purge-logs] [--dynamic-routing] [--cleanup-stale-hubs --dry-run|--apply] [--cleanup-stale-tmux --prefix tfx-* --age-min N --dry-run|--apply] [--json]",
@@ -6327,6 +6333,7 @@ ${updateNotice}
     ${DIM}  --reset${RESET}      ${GRAY}캐시 전체 초기화${RESET}
     ${DIM}  --json${RESET}       ${GRAY}구조화된 진단 결과 JSON 출력${RESET}
     ${WHITE_BRIGHT}tfx auto${RESET}       ${GRAY}tfx-auto 라우팅 결정 미리보기 (--cli codex|antigravity|claude)${RESET}
+    ${WHITE_BRIGHT}tfx stealth-fetch${RESET} ${GRAY}cloakbrowser 기반 URL fetch (JSON stdout)${RESET}
     ${WHITE_BRIGHT}tfx mcp${RESET}        ${GRAY}MCP registry 관리 (list/sync/add/remove)${RESET}
     ${WHITE_BRIGHT}tfx update${RESET}     ${GRAY}최신 안정 버전으로 업데이트${RESET}
     ${DIM}  --dev / dev${RESET}   ${GRAY}dev 태그로 업데이트${RESET}
@@ -7281,6 +7288,13 @@ async function main() {
         enableHubAutostart: cmdArgs.includes("--enable-hub-autostart"),
       });
       return;
+    case "stealth-fetch":
+      if (cmdArgs.some(isHelpArg)) {
+        printCommandHelp("stealth-fetch");
+        return;
+      }
+      await stealthFetchMain([process.argv[0], "stealth-fetch", ...cmdArgs]);
+      return;
     case "doctor": {
       if (cmdArgs.some(isHelpArg)) {
         printCommandHelp("doctor");

package/cto/collect.mjs

@@ -17,6 +17,7 @@ import { basename, dirname, join, relative } from "node:path";
 import { fileURLToPath } from "node:url";
 
 import { renderBrief } from "./brief.mjs";
+import { resolveLakeRootDir } from "./lake-root.mjs";
 
 const SCHEMA_VERSION = "cto-lake.v1";
 const SOURCE_REGISTRY = [
@@ -785,7 +786,7 @@ function hasFlag(args, flag) {
 }
 
 export async function runCollect(args = [], opts = {}) {
-  const rootDir = opts.rootDir || process.cwd();
+  const rootDir = opts.rootDir || resolveLakeRootDir(process.cwd());
   const lakeRoot = opts.lakeRoot || join(rootDir, ".triflux", "lake");
   const stdout = opts.stdout || process.stdout;
   const stderr = opts.stderr || process.stderr;

package/cto/dashboard.mjs

@@ -7,6 +7,8 @@ import {
 } from "node:fs";
 import { basename, dirname, join } from "node:path";
 
+import { resolveLakeRootDir } from "./lake-root.mjs";
+
 const DEFAULT_INTERVAL_MS = 60_000;
 
 function hasFlag(args, flag) {
@@ -360,7 +362,7 @@ async function renderOnce({ lakeRoot, stdout, stdoutHtml, renders }) {
 }
 
 export async function runDashboard(args = [], opts = {}) {
-  const rootDir = opts.rootDir || process.cwd();
+  const rootDir = opts.rootDir || resolveLakeRootDir(process.cwd());
   const lakeRoot = opts.lakeRoot || join(rootDir, ".triflux", "lake");
   const stdout = opts.stdout || process.stdout;
   const watch = opts.watch === true || hasFlag(args, "--watch");

package/cto/lake-root.mjs

@@ -0,0 +1,44 @@
+// cto/lake-root.mjs - resolve the git repo toplevel for the CTO lake.
+//
+// CTO lake (.triflux/lake/current.json) 는 repo 루트에 하나만 둔다. 그런데
+// runStatus/runCollect/runDashboard 는 process.cwd() 를 기본 rootDir 로 쓰므로,
+// repo 루트가 아닌 하위 폴더(예: packages/triflux)에서 `tfx cto` 를 부르면 lake
+// 를 못 찾아 "run tfx cto collect" 가 반복되고, collect 는 엉뚱한 하위 폴더에
+// 새 .triflux/lake 를 만든다. cwd 에서 `.git` 마커를 위로 탐색해 toplevel 로
+// 올려 이 불일치를 없앤다.
+//
+// git worktree 는 자체 `.git` 파일을 가지므로 worktree 루트에서 멈춘다 — lake
+// 격리(워크트리별 collect)가 그대로 유지된다. `.git` 을 못 찾으면 cwd 를 그대로
+// 반환해 기존 동작을 보존한다.
+
+import { existsSync as defaultExistsSync } from "node:fs";
+import { dirname, join, parse } from "node:path";
+
+const MAX_DEPTH = 64;
+
+/**
+ * cwd 에서 가장 가까운 git toplevel(`.git` 디렉토리 또는 파일이 있는 폴더)을
+ * 찾아 반환한다. 못 찾으면 cwd 를 그대로 돌려준다(기존 동작 보존).
+ *
+ * @param {string} cwd 시작 디렉토리(보통 process.cwd())
+ * @param {object} [opts]
+ * @param {(path: string) => boolean} [opts.existsSync] 테스트용 주입 seam
+ * @returns {string}
+ */
+export function resolveLakeRootDir(cwd, opts = {}) {
+  const exists = opts?.existsSync || defaultExistsSync;
+  // 비문자열(객체/숫자 등 truthy 포함) 또는 빈 문자열이면 항상 "" 를 반환해
+  // @returns {string} 계약을 지킨다 — truthy 비문자열을 그대로 누설하지 않는다.
+  if (typeof cwd !== "string" || !cwd) return "";
+
+  let dir = cwd;
+  const { root } = parse(dir);
+  for (let depth = 0; depth < MAX_DEPTH; depth++) {
+    if (exists(join(dir, ".git"))) return dir;
+    if (dir === root) break;
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return cwd;
+}

package/cto/status.mjs

@@ -2,6 +2,8 @@ import { existsSync, readFileSync } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
 
+import { resolveLakeRootDir } from "./lake-root.mjs";
+
 const SCHEMA_VERSION = "cto-lake.v1";
 const SYNAPSE_TIMEOUT_MS = 1500;
 
@@ -304,7 +306,7 @@ function renderHumanStatus(status) {
 }
 
 export async function runStatus(args = [], opts = {}) {
-  const rootDir = opts.rootDir || process.cwd();
+  const rootDir = opts.rootDir || resolveLakeRootDir(process.cwd());
   const lakeRoot = opts.lakeRoot || join(rootDir, ".triflux", "lake");
   const stdout = opts.stdout || process.stdout;
   const jsonOut = opts.json === true || hasFlag(args, "--json");

package/hub/team/cto-auto-collect.mjs

@@ -1,6 +1,8 @@
 import { existsSync, statSync } from "node:fs";
 import { join } from "node:path";
 
+import { resolveLakeRootDir } from "../../cto/lake-root.mjs";
+
 const DEFAULT_DEBOUNCE_MS = 120_000;
 const OFF_VALUES = new Set(["0", "false", "off", "no"]);
 
@@ -45,7 +47,7 @@ export function createCtoAutoCollector(opts = {}) {
     const cwd = typeof session?.cwd === "string" ? session.cwd : "";
     const worktree =
       typeof session?.worktreePath === "string" ? session.worktreePath : "";
-    const projectRoot = worktree || cwd;
+    const projectRoot = resolveLakeRootDir(worktree || cwd);
     if (!projectRoot)
       return { triggered: false, reason: "missing-project-root" };
 
@@ -61,11 +63,19 @@ export function createCtoAutoCollector(opts = {}) {
         { sessionId, err: String(error?.message || error) },
         "cto.auto_collect.query_failed",
       );
-      return { triggered: false, reason: "query-failed" };
-    }
-    if (!Array.isArray(peers) || peers.length < 1) {
-      return { triggered: false, reason: "no-peers" };
+      // peer 조회 실패는 collect 를 막지 않는다 — peer 정보는 이제 라벨 용도뿐이라
+      // registry 일시 장애에도 solo 로 진행해 collect 회복력을 유지한다.
+      peers = [];
     }
+    // 단일 세션(peer 0개)도 허용한다 — 사용자 선택. peer 유무와 무관하게
+    // 아래 debounce + fresh-lake 게이트가 collect 빈도를 제어한다.
+    //
+    // 주의: peerCount 는 best-effort 라벨이다. querySessions 는 raw
+    // cwd/worktreePath 로 매칭하지만 projectRoot 는 resolved git toplevel 이라,
+    // 같은 repo 의 다른 하위 폴더 세션은 peer 로 안 잡혀 triggered-solo 로 보고될
+    // 수 있다. 즉 라벨은 repo-scoped 가 아니라 exact-cwd-scoped 다 — 향후 peer
+    // 기반 로직을 이 라벨 위에 다시 올릴 때 주의한다.
+    const peerCount = Array.isArray(peers) ? peers.length : 0;
 
     const currentTime = now();
     const last = lastCollectMs.get(projectRoot) || 0;
@@ -92,9 +102,9 @@ export function createCtoAutoCollector(opts = {}) {
     inFlight.add(promise);
     return {
       triggered: true,
-      reason: "triggered",
+      reason: peerCount > 0 ? "triggered" : "triggered-solo",
       projectRoot,
-      peerCount: peers.length,
+      peerCount,
     };
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "triflux",
-  "version": "10.35.2",
+  "version": "10.36.0",
   "description": "CLI-first multi-model orchestrator for Claude Code — route tasks to Codex, Antigravity, and Claude",
   "type": "module",
   "bin": {
@@ -23,6 +23,10 @@
     "@triflux/remote": "^10.25.0",
     "tree-kill": "^1.2.2"
   },
+  "optionalDependencies": {
+    "cloakbrowser": "^0.3.31",
+    "playwright-core": "^1.53.0"
+  },
   "files": [
     "bin",
     "tui",

package/scripts/lib/stealth-fetch.mjs

@@ -0,0 +1,176 @@
+#!/usr/bin/env node
+// SSRF boundary: stealthFetch only accepts http: and https: URLs. It does not
+// guard private IPs, metadata hosts such as 169.254.x.x, or localhost; callers
+// must treat the URL as already inside their trust boundary.
+
+import { pathToFileURL } from "node:url";
+
+export class CloakBrowserUnavailableError extends Error {}
+
+const DEFAULT_TIMEOUT_MS = 30_000;
+const DEFAULT_WAIT_UNTIL = "load";
+const SUPPORTED_PLATFORMS = new Set([
+  "linux:x64",
+  "linux:arm64",
+  "darwin:x64",
+  "darwin:arm64",
+  "win32:x64",
+]);
+const EXIT_CODES = {
+  not_installed: 3,
+  unsupported_platform: 4,
+  runtime_error: 5,
+  blocked_scheme: 6,
+};
+
+function isSupportedPlatform(platform, arch) {
+  return SUPPORTED_PLATFORMS.has(`${platform}:${arch}`);
+}
+
+function isModuleNotFound(error) {
+  return (
+    error?.code === "ERR_MODULE_NOT_FOUND" || error?.code === "MODULE_NOT_FOUND"
+  );
+}
+
+function htmlToText(html) {
+  return String(html || "")
+    .replace(/<script\b[^>]*>[\s\S]*?<\/script>/giu, " ")
+    .replace(/<style\b[^>]*>[\s\S]*?<\/style>/giu, " ")
+    .replace(/<[^>]+>/gu, " ")
+    .replace(/&nbsp;/giu, " ")
+    .replace(/&amp;/giu, "&")
+    .replace(/&lt;/giu, "<")
+    .replace(/&gt;/giu, ">")
+    .replace(/&quot;/giu, '"')
+    .replace(/&#39;/gu, "'")
+    .replace(/\s+/gu, " ")
+    .trim();
+}
+
+function responseStatus(response) {
+  if (!response) return null;
+  if (typeof response.status === "function") return response.status();
+  return response.status ?? null;
+}
+
+function responseUrl(response, fallbackUrl) {
+  if (!response) return fallbackUrl;
+  if (typeof response.url === "function") return response.url();
+  return response.url ?? fallbackUrl;
+}
+
+function parseAllowedFetchUrl(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return { ok: false, scheme: null };
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    return { ok: false, scheme: parsed.protocol };
+  }
+  return { ok: true, href: parsed.href };
+}
+
+async function closeBrowser(browser) {
+  if (!browser || typeof browser.close !== "function") return;
+  try {
+    await browser.close();
+  } catch {
+    // best effort: fetch callers only need the primary result signal
+  }
+}
+
+export async function stealthFetch(url, opts = {}) {
+  const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const waitUntil = opts.waitUntil ?? DEFAULT_WAIT_UNTIL;
+  const loadCloakBrowser = opts._import ?? (() => import("cloakbrowser"));
+  const platform = opts._platform ?? process.platform;
+  const arch = opts._arch ?? process.arch;
+
+  if (!isSupportedPlatform(platform, arch)) {
+    return {
+      ok: false,
+      reason: "unsupported_platform",
+      platform,
+      arch,
+    };
+  }
+
+  const parsedUrl = parseAllowedFetchUrl(url);
+  if (!parsedUrl.ok) {
+    return {
+      ok: false,
+      reason: "blocked_scheme",
+      scheme: parsedUrl.scheme,
+    };
+  }
+
+  let cloakbrowser;
+  try {
+    cloakbrowser = await loadCloakBrowser();
+  } catch (error) {
+    if (isModuleNotFound(error)) return { ok: false, reason: "not_installed" };
+    return { ok: false, reason: "runtime_error", error: String(error) };
+  }
+
+  let browser;
+  try {
+    const launch = cloakbrowser?.launch;
+    if (typeof launch !== "function") {
+      throw new CloakBrowserUnavailableError("cloakbrowser launch unavailable");
+    }
+    browser = await launch();
+    const page = await browser.newPage();
+    const response = await page.goto(parsedUrl.href, {
+      waitUntil,
+      timeout: timeoutMs,
+    });
+    const html = await page.content();
+    return {
+      ok: true,
+      engine: "cloakbrowser",
+      url: parsedUrl.href,
+      finalUrl: responseUrl(response, parsedUrl.href),
+      status: responseStatus(response),
+      html,
+      text: htmlToText(html),
+    };
+  } catch (error) {
+    return { ok: false, reason: "runtime_error", error: String(error) };
+  } finally {
+    await closeBrowser(browser);
+  }
+}
+
+export function exitCodeFor(result) {
+  return EXIT_CODES[result?.reason] ?? 5;
+}
+
+export async function main(argv = process.argv) {
+  const url = argv[2];
+  if (!url) {
+    console.error("usage: stealth-fetch <url>");
+    process.exitCode = 2;
+    return;
+  }
+
+  const result = await stealthFetch(url);
+  if (result.ok) {
+    console.log(JSON.stringify(result));
+    process.exitCode = 0;
+    return;
+  }
+
+  console.error(`[stealth-fetch] 폴백: ${result.reason}`);
+  console.log(JSON.stringify(result));
+  process.exitCode = exitCodeFor(result);
+}
+
+if (
+  process.argv[1] &&
+  import.meta.url === pathToFileURL(process.argv[1]).href
+) {
+  await main();
+}

package/scripts/setup.mjs

@@ -18,6 +18,7 @@ import {
   unlinkSync,
   writeFileSync,
 } from "fs";
+import { createRequire } from "module";
 import { homedir } from "os";
 import { dirname, join, relative, resolve } from "path";
 import { fileURLToPath } from "url";
@@ -32,6 +33,7 @@ import { addPluginRootFallbackToCommand } from "./lib/doctor-env-checks.mjs";
 import { cleanupTmpFiles } from "./tmp-cleanup.mjs";
 
 const PLUGIN_ROOT = dirname(dirname(fileURLToPath(import.meta.url)));
+const require = createRequire(import.meta.url);
 // Windows 에서 os.homedir() 가 USERPROFILE 만 보고 process.env.HOME swap 을
 // 무시하기 때문에, integration test 가 fixture 격리한 spawn child 에서도
 // production ~/.codex/config.toml 을 건드릴 수 있다. (#193 회귀)
@@ -698,6 +700,90 @@ function isProtectedCodexConfigMutationEnv(env = process.env) {
   );
 }
 
+function isProtectedCloakBrowserInstallEnv(env = process.env) {
+  return (
+    env.NODE_ENV === "test" ||
+    env.CI === "true" ||
+    env.TFX_TEST === "1" ||
+    Boolean(env.TRIFLUX_TEST_HOME) ||
+    Boolean(env.TEST_LOCK_PID) ||
+    Boolean(env.NODE_TEST_CONTEXT) ||
+    Boolean(env.NODE_TEST_WORKER_ID) ||
+    env.TFX_SKIP_CLOAKBROWSER_SETUP === "1"
+  );
+}
+
+function isCloakBrowserSupportedPlatform(platform, arch) {
+  return (
+    (platform === "linux" && (arch === "x64" || arch === "arm64")) ||
+    (platform === "darwin" && (arch === "x64" || arch === "arm64")) ||
+    (platform === "win32" && arch === "x64")
+  );
+}
+
+function ensureCloakBrowser({
+  env = process.env,
+  platform = process.platform,
+  arch = process.arch,
+  requireResolve = require.resolve,
+  execFileSyncFn = execFileSync,
+  warn = (message) => console.warn(message),
+} = {}) {
+  if (isProtectedCloakBrowserInstallEnv(env)) {
+    return {
+      ok: true,
+      installed: false,
+      skipped: true,
+      reason: "protected-env",
+    };
+  }
+
+  if (!isCloakBrowserSupportedPlatform(platform, arch)) {
+    warn(
+      `[setup] cloakbrowser optional setup skipped: unsupported_platform (${platform}/${arch})`,
+    );
+    return {
+      ok: true,
+      installed: false,
+      skipped: true,
+      reason: "unsupported_platform",
+    };
+  }
+
+  try {
+    requireResolve("cloakbrowser", { paths: [PLUGIN_ROOT] });
+    return { ok: true, installed: true, skipped: false, reason: "installed" };
+  } catch {
+    // CloakBrowser downloads its browser binary lazily on first launch; there is
+    // no separate browser install command to run here.
+  }
+
+  try {
+    execFileSyncFn(
+      "npm",
+      ["install", "--no-save", "cloakbrowser", "playwright-core"],
+      {
+        cwd: PLUGIN_ROOT,
+        stdio: "ignore",
+        env,
+        timeout: 120_000,
+      },
+    );
+    return { ok: true, installed: true, skipped: false, reason: "installed" };
+  } catch (error) {
+    warn(
+      `[setup] cloakbrowser optional setup failed: ${_normalizeErrorMessage(error)}`,
+    );
+    return {
+      ok: false,
+      installed: false,
+      skipped: false,
+      reason: "install_failed",
+      error: _normalizeErrorMessage(error),
+    };
+  }
+}
+
 /**
  * Codex config.json에 tfx-hub MCP 서버 엔트리를 보장한다.
  * @param {{ mcpUrl: string, createIfMissing?: boolean, enabled?: boolean }} opts
@@ -1404,6 +1490,7 @@ export {
   DEPRECATED_SKILLS,
   detectDevMode,
   ensureAgyHooks,
+  ensureCloakBrowser,
   ensureCodexHooks,
   ensureCodexHubServerConfig,
   ensureCodexProfiles,
@@ -1490,6 +1577,15 @@ export async function runDeferred(stdinData) {
       result.action === "updated" ||
       result.action === "removed",
   ).length;
+  const cloakBrowserResult = ensureCloakBrowser({
+    warn: (message) => io.log(`  \x1b[33m⚠\x1b[0m ${message}`),
+  });
+  if (
+    cloakBrowserResult.reason === "installed" &&
+    cloakBrowserResult.installed
+  ) {
+    io.log("  \x1b[32m✓\x1b[0m cloakbrowser optional backend ready");
+  }
   if (pkgVersion && marker?.version === pkgVersion && !isForce) {
     if (claudeRoutingChangedCount > 0) {
       io.log(

package/skills/tfx-research/SKILL.md

@@ -123,6 +123,13 @@ AskUserQuestion:
   5. URL 콘텐츠 추출
 ```
 
+## URL 콘텐츠 수집 (stealth-first)
+
+Quick 모드 Step 1.5 에서 `5. URL 콘텐츠 추출` 을 선택했거나 Deep 모드에서 소스 URL 본문이 필요하면:
+1. 기본 경로로 먼저 `node scripts/lib/stealth-fetch.mjs <url>` 를 실행한다.
+2. exit 0 이면 stdout JSON 의 `html` 또는 `text` 를 URL 본문 근거로 사용한다.
+3. exit 3/4/5 이면 stderr/stdout 의 reason 을 확인하고 `stealth-fetch 폴백: <이유>` 1줄 경고 후 기존 폴백을 사용한다: WebFetch → Tavily extract → Exa fetch.
+
 ### Step 2: Antigravity Google Search 위임
 
 ```