upfynai-code 2.9.1 → 2.9.3

package/src/permissions.js

@@ -1,140 +0,0 @@
-/**
- * Permission-Gated Tool Execution
- * Ported from opencode-ai/opencode internal/permission/permission.go
- *
- * Splits relay actions into safe (auto-approve) and dangerous (require browser approval).
- * Permission requests are sent to the server → browser, and we wait for the response.
- */
-
-// Safe actions — auto-approved, read-only (opencode pattern: tools without permission flag)
-const SAFE_ACTIONS = new Set([
-  'file-read',
-  'file-tree',
-  'browse-dirs',
-  'validate-path',
-  'detect-agents',
-]);
-
-// Dangerous actions — require user approval (opencode pattern: tools with permission flag)
-const DANGEROUS_ACTIONS = new Set([
-  'shell-command',
-  'file-write',
-  'create-folder',
-  'git-operation',
-]);
-
-// Safe shell command prefixes — auto-approved even within shell-command
-// (opencode pattern: safe bash commands bypass permission)
-const SAFE_SHELL_PREFIXES = [
-  'ls', 'dir', 'pwd', 'echo', 'cat', 'head', 'tail', 'wc',
-  'git status', 'git log', 'git diff', 'git branch', 'git remote',
-  'node --version', 'npm --version', 'python --version',
-  'which', 'where', 'type', 'whoami', 'hostname',
-  'date', 'uptime', 'df', 'free',
-];
-
-// Pending permission requests: requestId → { resolve }
-const pendingPermissions = new Map();
-
-/**
- * Check if an action needs user permission.
- * @param {string} action - Relay action type
- * @param {object} payload - Action payload
- * @returns {boolean}
- */
-export function needsPermission(action, payload) {
-  if (SAFE_ACTIONS.has(action)) return false;
-  if (!DANGEROUS_ACTIONS.has(action)) return false; // unknown actions handled elsewhere
-
-  // Shell commands: check if it's a safe read-only command
-  if (action === 'shell-command' && payload?.command) {
-    const cmd = payload.command.trim().toLowerCase();
-    if (SAFE_SHELL_PREFIXES.some(prefix => cmd.startsWith(prefix))) {
-      return false;
-    }
-  }
-
-  return true;
-}
-
-/**
- * Request permission from the browser via the relay WebSocket.
- * Blocks until the user approves or denies.
- *
- * @param {WebSocket} ws - Relay WebSocket connection
- * @param {string} requestId - Relay request ID
- * @param {string} action - Action being requested
- * @param {object} payload - Action payload
- * @param {number} timeoutMs - Timeout for waiting (default 60s)
- * @returns {Promise<boolean>} - true if approved, false if denied
- */
-export function requestPermission(ws, requestId, action, payload, timeoutMs = 60000) {
-  return new Promise((resolve) => {
-    const permId = `perm-${requestId}`;
-
-    const timeout = setTimeout(() => {
-      pendingPermissions.delete(permId);
-      resolve(false); // Timeout = deny
-    }, timeoutMs);
-
-    pendingPermissions.set(permId, {
-      resolve: (approved) => {
-        clearTimeout(timeout);
-        pendingPermissions.delete(permId);
-        resolve(approved);
-      },
-    });
-
-    // Send permission request to server → browser
-    ws.send(JSON.stringify({
-      type: 'relay-permission-request',
-      requestId,
-      permissionId: permId,
-      action,
-      description: describeAction(action, payload),
-      payload: sanitizePayload(action, payload),
-    }));
-  });
-}
-
-/**
- * Handle a permission response from the server.
- * @param {object} data - { permissionId, approved }
- */
-export function handlePermissionResponse(data) {
-  const pending = pendingPermissions.get(data.permissionId);
-  if (pending) {
-    pending.resolve(Boolean(data.approved));
-  }
-}
-
-/**
- * Generate a human-readable description of the action.
- */
-function describeAction(action, payload) {
-  switch (action) {
-    case 'shell-command':
-      return `Execute command: ${payload?.command || '(unknown)'}`;
-    case 'file-write':
-      return `Write to file: ${payload?.filePath || '(unknown)'}`;
-    case 'create-folder':
-      return `Create folder: ${payload?.folderPath || '(unknown)'}`;
-    case 'git-operation':
-      return `Run git: ${payload?.gitCommand || '(unknown)'}`;
-    default:
-      return `${action}: ${JSON.stringify(payload || {}).slice(0, 200)}`;
-  }
-}
-
-/**
- * Sanitize payload for display — remove large content fields.
- */
-function sanitizePayload(action, payload) {
-  if (!payload) return {};
-  const safe = { ...payload };
-  // Don't send file content to browser for permission display
-  if (safe.content && safe.content.length > 500) {
-    safe.content = safe.content.slice(0, 500) + `... (${safe.content.length} chars total)`;
-  }
-  return safe;
-}

package/src/persistent-shell.js

@@ -1,261 +0,0 @@
-/**
- * Persistent Shell Singleton
- * Ported from opencode-ai/opencode internal/llm/tools/shell/shell.go
- *
- * Maintains a single long-running shell process across commands.
- * - Commands are queued and executed sequentially
- * - Environment and cwd persist between commands
- * - Child processes can be killed on abort
- * - Shell respawns automatically if it dies
- */
-import { spawn, execSync } from 'child_process';
-import os from 'os';
-import path from 'path';
-import { promises as fs } from 'fs';
-
-let shellInstance = null;
-
-/**
- * Get or create the persistent shell singleton.
- * @param {string} workingDir - Initial working directory
- * @returns {PersistentShell}
- */
-export function getPersistentShell(workingDir) {
-  if (!shellInstance || !shellInstance.isAlive) {
-    shellInstance = new PersistentShell(workingDir || os.homedir());
-  }
-  return shellInstance;
-}
-
-class PersistentShell {
-  constructor(cwd) {
-    this.cwd = cwd;
-    this.isAlive = false;
-    this.commandQueue = [];
-    this.processing = false;
-    this.proc = null;
-    this.stdin = null;
-    this._start();
-  }
-
-  _start() {
-    const isWin = process.platform === 'win32';
-    const shellPath = isWin
-      ? process.env.COMSPEC || 'cmd.exe'
-      : process.env.SHELL || '/bin/bash';
-    const shellArgs = isWin ? ['/Q'] : ['-l'];
-
-    this.proc = spawn(shellPath, shellArgs, {
-      cwd: this.cwd,
-      env: { ...process.env, GIT_EDITOR: 'true' },
-      stdio: ['pipe', 'pipe', 'pipe'],
-      shell: false,
-    });
-
-    this.stdin = this.proc.stdin;
-    this.isAlive = true;
-
-    this.proc.on('close', () => {
-      this.isAlive = false;
-      // Reject any queued commands
-      for (const queued of this.commandQueue) {
-        queued.reject(new Error('Shell process died'));
-      }
-      this.commandQueue = [];
-    });
-
-    this.proc.on('error', () => {
-      this.isAlive = false;
-    });
-  }
-
-  /**
-   * Execute a command in the persistent shell.
-   * Queued and executed sequentially (opencode pattern: commandQueue channel).
-   *
-   * @param {string} command - Shell command to execute
-   * @param {object} opts - { timeoutMs, abortSignal }
-   * @returns {Promise<{ stdout, stderr, exitCode, interrupted, cwd }>}
-   */
-  exec(command, opts = {}) {
-    return new Promise((resolve, reject) => {
-      this.commandQueue.push({ command, opts, resolve, reject });
-      this._processNext();
-    });
-  }
-
-  async _processNext() {
-    if (this.processing || this.commandQueue.length === 0) return;
-    this.processing = true;
-
-    const { command, opts, resolve, reject } = this.commandQueue.shift();
-
-    try {
-      const result = await this._execCommand(command, opts);
-      resolve(result);
-    } catch (err) {
-      reject(err);
-    } finally {
-      this.processing = false;
-      // Process next in queue
-      if (this.commandQueue.length > 0) {
-        this._processNext();
-      }
-    }
-  }
-
-  async _execCommand(command, { timeoutMs = 60000, abortSignal } = {}) {
-    if (!this.isAlive) {
-      throw new Error('Shell is not alive');
-    }
-
-    const isWin = process.platform === 'win32';
-    const tmpDir = os.tmpdir();
-    const ts = Date.now() + '-' + Math.random().toString(36).slice(2, 8);
-    const stdoutFile = path.join(tmpDir, `uc-stdout-${ts}`);
-    const stderrFile = path.join(tmpDir, `uc-stderr-${ts}`);
-    const statusFile = path.join(tmpDir, `uc-status-${ts}`);
-    const cwdFile = path.join(tmpDir, `uc-cwd-${ts}`);
-
-    try {
-      // Build the shell command that redirects output to temp files
-      // Exact same pattern as opencode's shell.go execCommand
-      let fullCommand;
-      if (isWin) {
-        // Windows cmd.exe variant
-        fullCommand = [
-          `${command} > "${stdoutFile}" 2> "${stderrFile}"`,
-          `echo %ERRORLEVEL% > "${statusFile}"`,
-          `cd > "${cwdFile}"`,
-        ].join(' & ');
-      } else {
-        // Unix bash variant (identical to opencode)
-        const escaped = command.replace(/'/g, "'\\''");
-        fullCommand = [
-          `eval '${escaped}' < /dev/null > '${stdoutFile}' 2> '${stderrFile}'`,
-          `EXEC_EXIT_CODE=$?`,
-          `pwd > '${cwdFile}'`,
-          `echo $EXEC_EXIT_CODE > '${statusFile}'`,
-        ].join('\n');
-      }
-
-      this.stdin.write(fullCommand + '\n');
-
-      // Poll for status file (same polling pattern as opencode)
-      let interrupted = false;
-      const startTime = Date.now();
-
-      await new Promise((done, fail) => {
-        const poll = setInterval(async () => {
-          // Check abort
-          if (abortSignal?.aborted) {
-            this.killChildren();
-            interrupted = true;
-            clearInterval(poll);
-            done();
-            return;
-          }
-
-          // Check timeout
-          if (timeoutMs > 0 && Date.now() - startTime > timeoutMs) {
-            this.killChildren();
-            interrupted = true;
-            clearInterval(poll);
-            done();
-            return;
-          }
-
-          // Check if status file exists and has content
-          try {
-            const stat = await fs.stat(statusFile);
-            if (stat.size > 0) {
-              clearInterval(poll);
-              done();
-            }
-          } catch {
-            // File doesn't exist yet
-          }
-        }, 50);
-      });
-
-      // Read results from temp files
-      const stdout = await this._readFileOrEmpty(stdoutFile);
-      const stderr = await this._readFileOrEmpty(stderrFile);
-      const exitCodeStr = await this._readFileOrEmpty(statusFile);
-      const newCwd = await this._readFileOrEmpty(cwdFile);
-
-      let exitCode = 0;
-      if (exitCodeStr.trim()) {
-        exitCode = parseInt(exitCodeStr.trim(), 10) || 0;
-      } else if (interrupted) {
-        exitCode = 143;
-      }
-
-      if (newCwd.trim()) {
-        this.cwd = newCwd.trim();
-      }
-
-      return {
-        stdout: stdout,
-        stderr: interrupted ? stderr + '\nCommand execution timed out or was interrupted' : stderr,
-        exitCode,
-        interrupted,
-        cwd: this.cwd,
-      };
-    } finally {
-      // Cleanup temp files
-      await Promise.all([
-        fs.unlink(stdoutFile).catch(() => {}),
-        fs.unlink(stderrFile).catch(() => {}),
-        fs.unlink(statusFile).catch(() => {}),
-        fs.unlink(cwdFile).catch(() => {}),
-      ]);
-    }
-  }
-
-  /**
-   * Kill child processes of the shell (opencode pattern: killChildren).
-   * On Unix: pgrep -P <pid> → SIGTERM each child.
-   * On Windows: taskkill /PID /T.
-   */
-  killChildren() {
-    if (!this.proc?.pid) return;
-    try {
-      if (process.platform === 'win32') {
-        execSync(`taskkill /PID ${this.proc.pid} /T /F`, { stdio: 'ignore', timeout: 5000 });
-        // Respawn since taskkill kills the parent too on Windows
-        this._start();
-      } else {
-        const output = execSync(`pgrep -P ${this.proc.pid}`, { encoding: 'utf8', timeout: 5000 });
-        for (const line of output.split('\n')) {
-          const pid = parseInt(line.trim(), 10);
-          if (pid > 0) {
-            try { process.kill(pid, 'SIGTERM'); } catch { /* already dead */ }
-          }
-        }
-      }
-    } catch {
-      // pgrep/taskkill failed — no children to kill
-    }
-  }
-
-  /**
-   * Close the persistent shell.
-   */
-  close() {
-    if (!this.isAlive) return;
-    try {
-      this.stdin.write('exit\n');
-      this.proc.kill('SIGTERM');
-    } catch { /* ignore */ }
-    this.isAlive = false;
-  }
-
-  async _readFileOrEmpty(filePath) {
-    try {
-      return await fs.readFile(filePath, 'utf8');
-    } catch {
-      return '';
-    }
-  }
-}

package/src/server.js

@@ -1,54 +0,0 @@
-import { fileURLToPath } from 'url';
-import { dirname, join } from 'path';
-import { existsSync } from 'fs';
-import express from 'express';
-import { createProxyMiddleware } from 'http-proxy-middleware';
-import open from 'open';
-import chalk from 'chalk';
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const DIST_DIR = join(__dirname, '..', 'dist');
-
-export async function startServer(port, serverUrl, token) {
-  if (!existsSync(DIST_DIR)) {
-    console.log(chalk.red('\n  Error: No built frontend found at dist/.'));
-    console.log(chalk.dim('  Run the build-frontend script first, or use the default mode (no --local flag).\n'));
-    process.exit(1);
-  }
-
-  const app = express();
-
-  // Proxy API calls to the remote Vercel backend
-  app.use('/api', createProxyMiddleware({
-    target: serverUrl,
-    changeOrigin: true,
-    headers: {
-      Authorization: `Bearer ${token}`,
-    },
-  }));
-
-  // Serve the built React frontend
-  app.use(express.static(DIST_DIR));
-
-  // SPA fallback — serve index.html for all non-API, non-static routes
-  app.get('*', (req, res) => {
-    res.sendFile(join(DIST_DIR, 'index.html'));
-  });
-
-  return new Promise((resolve) => {
-    const server = app.listen(port, async () => {
-      const url = `http://localhost:${port}?token=${encodeURIComponent(token)}`;
-      console.log(chalk.green(`\n  Local server running at ${chalk.bold(`http://localhost:${port}`)}`));
-      console.log(chalk.dim('  API proxy active. Press Ctrl+C to stop.\n'));
-      await open(url);
-      resolve(server);
-    });
-
-    const shutdown = () => {
-      console.log(chalk.dim('\n  Shutting down...'));
-      server.close(() => process.exit(0));
-    };
-    process.on('SIGINT', shutdown);
-    process.on('SIGTERM', shutdown);
-  });
-}