triflux 10.7.0 → 10.7.1

package/hooks/safety-guard.mjs

@@ -69,6 +69,7 @@ const WT_DIRECT_BLOCK_MESSAGE =
 
 // ── SSH+PowerShell bash 문법 차단 ────────────────────────────
 // 원격 기본 셸이 PowerShell인 호스트에 bash redirect/glob을 보내면 오동작
+// macOS/Linux 대상 SSH에는 bash 문법이 정상이므로 hosts.json OS를 확인한다.
 const BASH_SYNTAX_IN_SSH = [
   /2>\/dev\/null/, // 2>/dev/null → PowerShell에서 Out-File C:\dev\null
   />\s*\/dev\/null/, // >/dev/null
@@ -82,6 +83,48 @@ const SSH_POWERSHELL_HINT =
   "원격 셸이 PowerShell입니다. bash 문법 직접 전달 금지. scp + pwsh -File 패턴 사용. " +
   "2>/dev/null → 2>$null, $() → $(), export → $env:, source → . (dot-source)";
 
+/** hosts.json에서 Windows 호스트 식별자 집합을 구축한다. */
+function getWindowsHostIds() {
+  const ids = new Set();
+  try {
+    const paths = [
+      join(process.cwd(), "references", "hosts.json"),
+      join(process.cwd(), "packages", "triflux", "references", "hosts.json"),
+    ];
+    let hostsConfig = null;
+    for (const p of paths) {
+      if (existsSync(p)) {
+        hostsConfig = JSON.parse(readFileSync(p, "utf8"));
+        break;
+      }
+    }
+    if (!hostsConfig?.hosts) return ids;
+    for (const [name, cfg] of Object.entries(hostsConfig.hosts)) {
+      if (cfg.os !== "windows") continue;
+      ids.add(name);
+      if (cfg.tailscale?.ip) ids.add(cfg.tailscale.ip);
+      if (cfg.tailscale?.dns) ids.add(cfg.tailscale.dns);
+      if (cfg.ssh_user) {
+        ids.add(`${cfg.ssh_user}@${name}`);
+        if (cfg.tailscale?.ip) ids.add(`${cfg.ssh_user}@${cfg.tailscale.ip}`);
+      }
+    }
+  } catch {
+    // hosts.json 로드 실패 시 빈 집합 → 차단 안 함 (POSIX 기본)
+  }
+  return ids;
+}
+
+/** SSH 명령의 대상이 Windows 호스트인지 판별한다. */
+function isSshTargetWindows(command) {
+  const winIds = getWindowsHostIds();
+  if (winIds.size === 0) return false; // Windows 호스트 없으면 POSIX 가정
+  for (const id of winIds) {
+    if (command.includes(id)) return true;
+  }
+  return false;
+}
+
 // ── 경고 규칙 ──────────────────────────────────────────────
 const WARN_RULES = [
   {
@@ -248,10 +291,9 @@ function main() {
     }
   }
 
-  // 0.5. SSH → PowerShell 호스트에 bash 문법 전달 차단
-  // 세그먼트 시작 위치에서 ssh 명령인 경우만 (문자열/코드 안의 ssh는 무시)
-  if (hasSegmentInvocation(command, [/^\s*ssh\s+/i])) {
-    // 세그먼트 분리 후 ssh로 시작하는 세그먼트의 payload만 검사
+  // 0.5. SSH → Windows(PowerShell) 호스트에만 bash 문법 전달 차단
+  // macOS/Linux 대상은 bash/zsh이므로 허용. hosts.json OS로 판별.
+  if (hasSegmentInvocation(command, [/^\s*ssh\s+/i]) && isSshTargetWindows(command)) {
     const segments = command.split(/\s*(?:&&|;|\|\||\|)\s*/);
     for (const seg of segments) {
       const sshMatch = seg.trim().match(/^ssh\s+\S+\s+(.*)/s);

package/hooks/session-start-fast.mjs

@@ -11,11 +11,12 @@
 // external source 훅 (session-vault 등)은 여전히 execFile로 실행된다.
 
 import { dirname, join } from "node:path";
-import { fileURLToPath } from "node:url";
+import { fileURLToPath, pathToFileURL } from "node:url";
 import { createModuleLogger } from "../scripts/lib/logger.mjs";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const SCRIPTS = join(__dirname, "..", "scripts");
+const importMod = (p) => import(pathToFileURL(p).href);
 
 const log = createModuleLogger("session-start-fast");
 
@@ -31,7 +32,7 @@ async function runBlocking(stdinData) {
   // 1. setup.runCritical — 환경 초기화 필수
   try {
     const t0 = performance.now();
-    const setup = await import(join(SCRIPTS, "setup.mjs"));
+    const setup = await importMod(join(SCRIPTS, "setup.mjs"));
     const result = await setup.runCritical(stdinData);
     const dur = performance.now() - t0;
     timings.push({ hook: "setup.critical", dur_ms: Math.round(dur) });
@@ -45,7 +46,7 @@ async function runBlocking(stdinData) {
   // 2. mcp-safety-guard.run — EPERM 방지
   try {
     const t0 = performance.now();
-    const guard = await import(join(SCRIPTS, "mcp-safety-guard.mjs"));
+    const guard = await importMod(join(SCRIPTS, "mcp-safety-guard.mjs"));
     guard.run();
     const dur = performance.now() - t0;
     timings.push({ hook: "mcp-safety-guard", dur_ms: Math.round(dur) });
@@ -67,21 +68,21 @@ function runDeferred(stdinData) {
     {
       name: "hub-ensure",
       fn: async () => {
-        const mod = await import(join(SCRIPTS, "hub-ensure.mjs"));
+        const mod = await importMod(join(SCRIPTS, "hub-ensure.mjs"));
         return mod.run(stdinData);
       },
     },
     {
       name: "mcp-gateway-ensure",
       fn: async () => {
-        const mod = await import(join(SCRIPTS, "mcp-gateway-ensure.mjs"));
+        const mod = await importMod(join(SCRIPTS, "mcp-gateway-ensure.mjs"));
         return mod.run(stdinData);
       },
     },
     {
       name: "setup.deferred",
       fn: async () => {
-        const mod = await import(join(SCRIPTS, "setup.mjs"));
+        const mod = await importMod(join(SCRIPTS, "setup.mjs"));
         return mod.runDeferred(stdinData);
       },
     },
@@ -107,7 +108,7 @@ function runDeferred(stdinData) {
  */
 function runBackground(stdinData) {
   // preflight-cache
-  import(join(SCRIPTS, "preflight-cache.mjs"))
+  importMod(join(SCRIPTS, "preflight-cache.mjs"))
     .then((mod) => mod.run(stdinData))
     .catch(() => {}); // 완전 무시
 

package/hub/team/remote-session.mjs

@@ -78,9 +78,16 @@ function normalizePosixProbeEnv(parsed) {
   return Object.freeze({
     claudePath:
       !parsed.claude || parsed.claude === "notfound" ? null : parsed.claude,
+    codexPath:
+      !parsed.codex || parsed.codex === "notfound" ? null : parsed.codex,
+    geminiPath:
+      !parsed.gemini || parsed.gemini === "notfound" ? null : parsed.gemini,
     home: parsed.home,
     os,
     shell: parsed.shell === "zsh" ? "zsh" : "bash",
+    node: parsed.node || null,
+    cores: parsed.cores ? Number(parsed.cores) : null,
+    ramGb: parsed.ram_gb ? Number(parsed.ram_gb) : null,
   });
 }
 
@@ -111,10 +118,16 @@ function probeRemoteEnvViaPwsh(host) {
 
 function probeRemoteEnvViaPosix(host) {
   const script = [
+    "export PATH=/opt/homebrew/bin:/opt/homebrew/sbin:$HOME/.local/bin:$PATH",
     "echo shell=$(basename $SHELL)",
     "echo home=$HOME",
     "command -v claude >/dev/null 2>&1 && echo claude=$(command -v claude) || echo claude=notfound",
+    "command -v codex >/dev/null 2>&1 && echo codex=$(command -v codex) || echo codex=notfound",
+    "command -v gemini >/dev/null 2>&1 && echo gemini=$(command -v gemini) || echo gemini=notfound",
     "echo os=$(uname -s | tr A-Z a-z)",
+    "node --version 2>/dev/null && echo node=$(node --version) || echo node=notfound",
+    // darwin: sysctl, linux: nproc + /proc/meminfo
+    "if [ $(uname -s) = Darwin ]; then echo cores=$(sysctl -n hw.ncpu); echo ram_gb=$(($(sysctl -n hw.memsize) / 1073741824)); else echo cores=$(nproc 2>/dev/null || echo 0); echo ram_gb=$(($(grep MemTotal /proc/meminfo 2>/dev/null | awk '{print $2}') / 1048576)); fi",
   ].join("\n");
 
   try {

package/hub/team/swarm-planner.mjs

@@ -15,6 +15,7 @@
 //       multi-line prompt text
 
 import { readFileSync } from "node:fs";
+import { selectHostForCapability } from "../lib/ssh-command.mjs";
 
 /** Shard schema defaults */
 const SHARD_DEFAULTS = Object.freeze({
@@ -260,6 +261,10 @@ export function planSwarm(prdPath, opts = {}) {
     throw new Error(`Dependency cycle detected: ${cycles[0].join(" → ")}`);
   }
 
+  // Auto-remote suggestion: PRD에 host 미지정 shard가 있고,
+  // hosts.json에 가용 원격 호스트가 있으면 제안 데이터를 생성한다.
+  const remoteSuggestion = buildRemoteSuggestion(shards, opts.repoRoot);
+
   return Object.freeze({
     shards: Object.freeze(shards.map((s) => Object.freeze({ ...s }))),
     leaseMap,
@@ -267,5 +272,74 @@ export function planSwarm(prdPath, opts = {}) {
     mergeOrder,
     conflicts,
     criticalShards: shards.filter((s) => s.critical).map((s) => s.name),
+    remoteSuggestion,
+  });
+}
+
+/**
+ * PRD shard에 host가 없고 원격 호스트가 가용하면 분배 제안을 생성한다.
+ * 실제 AskUserQuestion 호출은 스킬(tfx-swarm)에서 수행. 여기는 데이터만.
+ * @param {Shard[]} shards
+ * @param {string} [repoRoot]
+ * @returns {object|null} 제안 데이터 또는 null (제안 없음)
+ */
+function buildRemoteSuggestion(shards, repoRoot) {
+  const localShards = shards.filter((s) => !s.host);
+  if (localShards.length === 0) return null; // 모든 shard에 host 지정됨
+
+  // 각 shard의 agent에 대해 가용 원격 호스트 조회
+  const agentTypes = [...new Set(localShards.map((s) => s.agent))];
+  const availableHosts = [];
+
+  for (const agent of agentTypes) {
+    try {
+      const hosts = selectHostForCapability(agent, repoRoot);
+      for (const h of hosts) {
+        if (!availableHosts.find((ah) => ah.name === h.name)) {
+          availableHosts.push(h);
+        }
+      }
+    } catch {
+      // hosts.json 없거나 파싱 실패 → 무시
+    }
+  }
+
+  if (availableHosts.length === 0) return null;
+
+  // 분배 제안: 로컬 shard 중 절반(내림)을 원격에 배치
+  const remoteCount = Math.min(
+    Math.floor(localShards.length / 2),
+    availableHosts.length,
+  );
+  if (remoteCount === 0) return null;
+
+  // 의존성 없는 shard를 우선 원격 후보로 선택
+  const candidates = localShards
+    .filter((s) => s.depends.length === 0)
+    .concat(localShards.filter((s) => s.depends.length > 0));
+
+  const suggested = [];
+  for (let i = 0; i < remoteCount && i < candidates.length; i++) {
+    const shard = candidates[i];
+    const host = availableHosts[i % availableHosts.length];
+    suggested.push({
+      shardName: shard.name,
+      host: host.name,
+      hostDescription: host.config.description,
+      specs: host.specs,
+    });
+  }
+
+  return Object.freeze({
+    localCount: localShards.length - remoteCount,
+    remoteCount,
+    totalShards: shards.length,
+    availableHosts: availableHosts.map((h) => ({
+      name: h.name,
+      description: h.config.description,
+      specs: h.specs,
+      capabilities: h.config.capabilities,
+    })),
+    suggested: Object.freeze(suggested),
   });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "triflux",
-  "version": "10.7.0",
+  "version": "10.7.1",
   "description": "CLI-first multi-model orchestrator for Claude Code — route tasks to Codex, Gemini, and Claude",
   "type": "module",
   "bin": {