whale-code 6.4.0

package/dist/cli/services/agent-worker-base.d.ts

@@ -0,0 +1,97 @@
+/**
+ * Agent Worker Base — shared utilities for subagent.ts and teammate.ts
+ *
+ * Extracts the common plumbing:
+ * - API calling (auth, build request, call proxy, collect stream, convert response)
+ * - Tool execution with loop detection, truncation, and result formatting
+ * - Token tracking
+ *
+ * Both subagent and teammate keep their own types, system prompts, and lifecycle logic.
+ * This module provides composable functions, NOT a class hierarchy.
+ */
+import type Anthropic from "@anthropic-ai/sdk";
+import { LoopDetector } from "../../shared/agent-core.js";
+import type { ContextProfile, StreamResult } from "../../shared/types.js";
+/** Unified response from an API call — used by both subagent and teammate */
+export interface AgentAPIResponse {
+    content: Anthropic.ContentBlock[];
+    usage: {
+        input_tokens: number;
+        output_tokens: number;
+    };
+    stop_reason: string;
+}
+/** Options for callAgentAPI */
+export interface AgentAPIOptions {
+    modelId: string;
+    contextProfile: ContextProfile;
+    systemPrompt: string;
+    messages: Anthropic.MessageParam[];
+    tools: Anthropic.Tool[];
+    thinkingEnabled?: boolean;
+    maxOutputTokens?: number;
+    timeoutMs?: number;
+    /** If true, add cache_control to last tool */
+    cacheLastTool?: boolean;
+}
+/** Result of executing a single tool */
+export interface ToolExecResult {
+    success: boolean;
+    output: string;
+}
+/** Callbacks for tool execution progress */
+export interface ToolExecCallbacks {
+    onToolStart?: (toolName: string, input: Record<string, unknown>) => void;
+    onToolEnd?: (toolName: string, success: boolean, durationMs: number) => void;
+}
+/** Options for executeToolBlocks */
+export interface ExecuteToolBlocksOptions {
+    toolBlocks: Anthropic.ToolUseBlock[];
+    loopDetector: LoopDetector;
+    callbacks?: ToolExecCallbacks;
+    /** Additional tool executor for domain-specific tools (e.g., team tools) */
+    customExecutor?: (name: string, input: Record<string, unknown>) => Promise<ToolExecResult | null>;
+    /** Max chars per tool result (default 30_000) */
+    maxToolResultChars?: number;
+    /** Timeout per tool call in ms (no timeout if not set) */
+    toolTimeoutMs?: number;
+}
+/** Result of executing all tool blocks in a turn */
+export interface ToolBlocksResult {
+    toolResults: Anthropic.ToolResultBlockParam[];
+    toolsUsed: string[];
+    /** Set by custom executor if a domain event occurred (e.g., team task completed) */
+    customSignals: Record<string, unknown>;
+}
+/**
+ * Convert a StreamResult (from SSE collector) to the AgentAPIResponse format
+ * that both subagent and teammate expect.
+ *
+ * Subagent includes thinking blocks; teammate does not (thinkingEnabled=false).
+ */
+export declare function streamResultToResponse(result: StreamResult, includeThinking: boolean): AgentAPIResponse;
+/**
+ * Call the server proxy API, collect the SSE stream, and return a typed response.
+ * Handles auth, request building, caching setup, and stream collection.
+ */
+export declare function callAgentAPI(opts: AgentAPIOptions): Promise<AgentAPIResponse>;
+/**
+ * Execute an array of tool use blocks, handling:
+ * - Loop detection (via LoopDetector)
+ * - Routing to local, server, or custom executor
+ * - Result truncation to maxToolResultChars
+ * - Optional per-tool timeout
+ *
+ * Returns tool results ready to append to messages, plus metadata.
+ */
+export declare function executeToolBlocks(opts: ExecuteToolBlocksOptions): Promise<ToolBlocksResult>;
+/** Extract text blocks from a response */
+export declare function extractTextBlocks(content: Anthropic.ContentBlock[]): Anthropic.TextBlock[];
+/** Extract tool use blocks from a response */
+export declare function extractToolUseBlocks(content: Anthropic.ContentBlock[]): Anthropic.ToolUseBlock[];
+/** Get combined text from all text blocks */
+export declare function getResponseText(content: Anthropic.ContentBlock[]): string;
+/** Yield to event loop to prevent blocking (microtask resolution) */
+export declare function yieldToEventLoop(): Promise<void>;
+/** Longer yield for UI-critical moments (before long API calls, ~1 frame at 60fps) */
+export declare function yieldForRender(): Promise<void>;

package/dist/cli/services/agent-worker-base.js

@@ -0,0 +1,220 @@
+/**
+ * Agent Worker Base — shared utilities for subagent.ts and teammate.ts
+ *
+ * Extracts the common plumbing:
+ * - API calling (auth, build request, call proxy, collect stream, convert response)
+ * - Tool execution with loop detection, truncation, and result formatting
+ * - Token tracking
+ *
+ * Both subagent and teammate keep their own types, system prompts, and lifecycle logic.
+ * This module provides composable functions, NOT a class hierarchy.
+ */
+import { getProxyUrl, resolveConfig } from "./config-store.js";
+import { getValidToken, refreshSession } from "./auth-service.js";
+import { parseSSEStream, collectStreamResult } from "../../shared/sse-parser.js";
+import { callServerProxy, buildAPIRequest, buildSystemBlocks, } from "../../shared/api-client.js";
+import { isLocalTool, executeLocalTool, } from "./local-tools.js";
+import { isServerTool, executeServerTool, } from "./server-tools.js";
+// ============================================================================
+// LONG-RUNNING TOOL TIMEOUT (mirrors tool-dispatch.ts)
+// ============================================================================
+/** Tools that spawn workers/subprocesses and need much longer than 2 min */
+const LONG_RUNNING_TOOL_TIMEOUT_MS = 10 * 60 * 1000; // 10 minutes
+const LONG_RUNNING_TOOLS = new Set(["team_create", "task", "delegate_task"]);
+// ============================================================================
+// API CLIENT — unified proxy caller
+// ============================================================================
+/**
+ * Convert a StreamResult (from SSE collector) to the AgentAPIResponse format
+ * that both subagent and teammate expect.
+ *
+ * Subagent includes thinking blocks; teammate does not (thinkingEnabled=false).
+ */
+export function streamResultToResponse(result, includeThinking) {
+    const content = [];
+    if (includeThinking) {
+        for (const tb of result.thinkingBlocks) {
+            content.push({
+                type: "thinking",
+                thinking: tb.thinking,
+                signature: tb.signature,
+            });
+        }
+    }
+    if (result.text) {
+        content.push({ type: "text", text: result.text });
+    }
+    for (const tu of result.toolUseBlocks) {
+        content.push({
+            type: "tool_use",
+            id: tu.id,
+            name: tu.name,
+            input: tu.input,
+        });
+    }
+    return {
+        content,
+        usage: {
+            input_tokens: result.usage.inputTokens,
+            output_tokens: result.usage.outputTokens,
+        },
+        stop_reason: result.stopReason,
+    };
+}
+/**
+ * Call the server proxy API, collect the SSE stream, and return a typed response.
+ * Handles auth, request building, caching setup, and stream collection.
+ */
+export async function callAgentAPI(opts) {
+    const token = await getValidToken();
+    if (!token)
+        throw new Error("No API key available. Run `whale login`.");
+    const apiConfig = buildAPIRequest({
+        model: opts.modelId,
+        contextProfile: opts.contextProfile,
+        thinkingEnabled: opts.thinkingEnabled ?? false,
+        maxOutputTokens: opts.maxOutputTokens,
+    });
+    // Optionally add cache_control to last tool
+    let tools;
+    if (opts.cacheLastTool && opts.tools.length > 0) {
+        tools = [
+            ...opts.tools.slice(0, -1),
+            { ...opts.tools[opts.tools.length - 1], cache_control: { type: "ephemeral" } },
+        ];
+    }
+    else {
+        tools = [...opts.tools];
+    }
+    const system = buildSystemBlocks(opts.systemPrompt);
+    const { storeId } = resolveConfig();
+    const stream = await callServerProxy({
+        proxyUrl: getProxyUrl(),
+        token,
+        model: opts.modelId,
+        system,
+        messages: opts.messages,
+        tools,
+        apiConfig,
+        storeId: storeId || undefined,
+        ...(opts.timeoutMs ? { timeoutMs: opts.timeoutMs } : {}),
+        onTokenRefresh: async () => {
+            const result = await refreshSession();
+            return result.success ? result.config.access_token : null;
+        },
+    });
+    const result = await collectStreamResult(parseSSEStream(stream));
+    return streamResultToResponse(result, opts.thinkingEnabled ?? false);
+}
+// ============================================================================
+// TOOL EXECUTION — shared loop with detection, routing, and truncation
+// ============================================================================
+/**
+ * Execute an array of tool use blocks, handling:
+ * - Loop detection (via LoopDetector)
+ * - Routing to local, server, or custom executor
+ * - Result truncation to maxToolResultChars
+ * - Optional per-tool timeout
+ *
+ * Returns tool results ready to append to messages, plus metadata.
+ */
+export async function executeToolBlocks(opts) {
+    const { toolBlocks, loopDetector, callbacks, customExecutor, maxToolResultChars = 30_000, toolTimeoutMs, } = opts;
+    const toolResults = [];
+    const toolsUsed = [];
+    const customSignals = {};
+    async function executeSingle(tu) {
+        // Circuit breaker check
+        const loopCheck = loopDetector.recordCall(tu.name, tu.input);
+        if (loopCheck.blocked) {
+            return {
+                type: "tool_result",
+                tool_use_id: tu.id,
+                content: JSON.stringify({ error: loopCheck.reason }),
+            };
+        }
+        callbacks?.onToolStart?.(tu.name, tu.input);
+        const toolStart = Date.now();
+        let result;
+        try {
+            const executeOne = async () => {
+                if (customExecutor) {
+                    const customResult = await customExecutor(tu.name, tu.input);
+                    if (customResult !== null)
+                        return customResult;
+                }
+                if (isLocalTool(tu.name)) {
+                    return await executeLocalTool(tu.name, tu.input);
+                }
+                else if (isServerTool(tu.name)) {
+                    return await executeServerTool(tu.name, tu.input);
+                }
+                else {
+                    return { success: false, output: `Unknown tool: ${tu.name}` };
+                }
+            };
+            if (toolTimeoutMs) {
+                const effectiveTimeout = LONG_RUNNING_TOOLS.has(tu.name)
+                    ? Math.max(toolTimeoutMs, LONG_RUNNING_TOOL_TIMEOUT_MS)
+                    : toolTimeoutMs;
+                result = await Promise.race([
+                    executeOne(),
+                    new Promise((_, reject) => setTimeout(() => reject(new Error(`Tool ${tu.name} timed out after ${effectiveTimeout / 1000}s`)), effectiveTimeout)),
+                ]);
+            }
+            else {
+                result = await executeOne();
+            }
+        }
+        catch (toolErr) {
+            result = { success: false, output: `Tool execution error: ${toolErr.message || String(toolErr)}` };
+        }
+        const toolDuration = Date.now() - toolStart;
+        loopDetector.recordResult(tu.name, result.success, tu.input);
+        callbacks?.onToolEnd?.(tu.name, result.success, toolDuration);
+        if (!toolsUsed.includes(tu.name)) {
+            toolsUsed.push(tu.name);
+        }
+        let contentStr = JSON.stringify(result.success ? result.output : { error: result.output });
+        if (contentStr.length > maxToolResultChars) {
+            contentStr =
+                contentStr.slice(0, maxToolResultChars) +
+                    `\n\n... (truncated — ${contentStr.length.toLocaleString()} chars total)`;
+        }
+        return {
+            type: "tool_result",
+            tool_use_id: tu.id,
+            content: contentStr,
+        };
+    }
+    // Execute all tool calls in parallel — the model already determined these are independent
+    const batchResults = await Promise.all(toolBlocks.map(tu => executeSingle(tu)));
+    toolResults.push(...batchResults);
+    return { toolResults, toolsUsed, customSignals };
+}
+// ============================================================================
+// CONTENT BLOCK HELPERS
+// ============================================================================
+/** Extract text blocks from a response */
+export function extractTextBlocks(content) {
+    return content.filter((b) => b.type === "text");
+}
+/** Extract tool use blocks from a response */
+export function extractToolUseBlocks(content) {
+    return content.filter((b) => b.type === "tool_use");
+}
+/** Get combined text from all text blocks */
+export function getResponseText(content) {
+    return extractTextBlocks(content).map((b) => b.text).join("\n");
+}
+// ============================================================================
+// YIELD HELPERS — prevent blocking the event loop during long agent loops
+// ============================================================================
+/** Yield to event loop to prevent blocking (microtask resolution) */
+export function yieldToEventLoop() {
+    return new Promise((resolve) => setTimeout(resolve, 0));
+}
+/** Longer yield for UI-critical moments (before long API calls, ~1 frame at 60fps) */
+export function yieldForRender() {
+    return new Promise((resolve) => setTimeout(resolve, 16));
+}

package/dist/cli/services/auth-service.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Auth Service — Supabase email/password auth with token management
+ *
+ * Same Supabase project as the macOS app. Users login with their
+ * SwagManager credentials; the CLI stores JWT tokens locally.
+ */
+import { type SupabaseClient } from "@supabase/supabase-js";
+import { type SwagManagerConfig } from "./config-store.js";
+declare const SUPABASE_URL = "https://uaednwpxursknmwdeejn.supabase.co";
+declare const SUPABASE_ANON_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InVhZWRud3B4dXJza25td2RlZWpuIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjA5OTcyMzMsImV4cCI6MjA3NjU3MzIzM30.N8jPwlyCBB5KJB5I-XaK6m-mq88rSR445AWFJJmwRCg";
+export { SUPABASE_URL, SUPABASE_ANON_KEY };
+export declare function createAuthenticatedClient(accessToken: string): SupabaseClient;
+export interface AuthResult {
+    success: boolean;
+    error?: string;
+    config?: SwagManagerConfig;
+}
+export interface StoreInfo {
+    id: string;
+    name: string;
+    slug?: string;
+}
+export declare function signIn(email: string, password: string): Promise<AuthResult>;
+export declare function signUp(email: string, password: string): Promise<AuthResult>;
+export declare function refreshSession(): Promise<AuthResult>;
+export declare function getValidToken(): Promise<string | null>;
+export declare function signOut(): void;
+export declare function getStoresForUser(accessToken: string, _userId: string): Promise<StoreInfo[]>;
+export declare function selectStore(storeId: string, storeName: string): void;
+export declare function isLoggedIn(): boolean;

package/dist/cli/services/auth-service.js

@@ -0,0 +1,160 @@
+/**
+ * Auth Service — Supabase email/password auth with token management
+ *
+ * Same Supabase project as the macOS app. Users login with their
+ * SwagManager credentials; the CLI stores JWT tokens locally.
+ */
+import { createClient } from "@supabase/supabase-js";
+import { loadConfig, saveConfig, clearConfig, updateConfig } from "./config-store.js";
+// Public credentials (same as SupabaseConfig.swift)
+const SUPABASE_URL = "https://uaednwpxursknmwdeejn.supabase.co";
+const SUPABASE_ANON_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InVhZWRud3B4dXJza25td2RlZWpuIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjA5OTcyMzMsImV4cCI6MjA3NjU3MzIzM30.N8jPwlyCBB5KJB5I-XaK6m-mq88rSR445AWFJJmwRCg";
+export { SUPABASE_URL, SUPABASE_ANON_KEY };
+// Create a bare Supabase client (no stored session)
+function createAnonClient() {
+    return createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
+        auth: { persistSession: false, autoRefreshToken: false },
+    });
+}
+// Create a Supabase client authenticated with a user's JWT
+export function createAuthenticatedClient(accessToken) {
+    return createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
+        auth: { persistSession: false, autoRefreshToken: false },
+        global: { headers: { Authorization: `Bearer ${accessToken}` } },
+    });
+}
+// Sign in with email/password
+export async function signIn(email, password) {
+    const client = createAnonClient();
+    const { data, error } = await client.auth.signInWithPassword({ email, password });
+    if (error)
+        return { success: false, error: error.message };
+    if (!data.session)
+        return { success: false, error: "No session returned" };
+    const config = {
+        access_token: data.session.access_token,
+        refresh_token: data.session.refresh_token,
+        user_id: data.user.id,
+        email: data.user.email || email,
+        expires_at: data.session.expires_at,
+    };
+    // Try to extract store from JWT user_metadata first (most reliable)
+    const meta = data.user.user_metadata;
+    if (meta?.vendor_id) {
+        config.store_id = meta.vendor_id;
+        config.store_name = meta.store_name || undefined;
+    }
+    // If no store from metadata, try querying
+    if (!config.store_id) {
+        const stores = await getStoresForUser(config.access_token, data.user.id);
+        if (stores.length === 1) {
+            config.store_id = stores[0].id;
+            config.store_name = stores[0].name;
+        }
+    }
+    saveConfig(config);
+    return { success: true, config };
+}
+// Sign up with email/password
+export async function signUp(email, password) {
+    const client = createAnonClient();
+    const { data, error } = await client.auth.signUp({ email, password });
+    if (error)
+        return { success: false, error: error.message };
+    if (!data.session) {
+        return { success: true, error: "Check your email to confirm your account" };
+    }
+    const config = {
+        access_token: data.session.access_token,
+        refresh_token: data.session.refresh_token,
+        user_id: data.user.id,
+        email: data.user.email || email,
+        expires_at: data.session.expires_at,
+    };
+    saveConfig(config);
+    return { success: true, config };
+}
+// Refresh an expired session
+export async function refreshSession() {
+    const config = loadConfig();
+    if (!config.refresh_token)
+        return { success: false, error: "Not logged in" };
+    const client = createAnonClient();
+    const { data, error } = await client.auth.refreshSession({
+        refresh_token: config.refresh_token,
+    });
+    if (error) {
+        clearConfig();
+        return { success: false, error: `Session expired: ${error.message}` };
+    }
+    if (!data.session) {
+        clearConfig();
+        return { success: false, error: "Could not refresh session" };
+    }
+    const updated = {
+        ...config,
+        access_token: data.session.access_token,
+        refresh_token: data.session.refresh_token,
+        expires_at: data.session.expires_at,
+    };
+    saveConfig(updated);
+    return { success: true, config: updated };
+}
+// Get a valid access token, auto-refreshing if needed
+export async function getValidToken() {
+    const config = loadConfig();
+    if (!config.access_token)
+        return null;
+    // Check if token is expired (with 5-min buffer)
+    // If expires_at is missing, force a refresh to be safe
+    const now = Math.floor(Date.now() / 1000);
+    if (!config.expires_at || config.expires_at - 300 < now) {
+        const result = await refreshSession();
+        if (!result.success)
+            return null;
+        return result.config.access_token;
+    }
+    return config.access_token;
+}
+// Sign out — clear stored tokens
+export function signOut() {
+    clearConfig();
+}
+// Get stores for the authenticated user
+// RLS on the stores table filters to only stores the user has access to,
+// same as the Swift app does: client.from("stores").select()
+export async function getStoresForUser(accessToken, _userId) {
+    const client = createAuthenticatedClient(accessToken);
+    // Let RLS filter — same pattern as the macOS app (SupabaseService.fetchStores)
+    const { data: stores, error } = await client
+        .from("stores")
+        .select("id, store_name, slug")
+        .limit(20);
+    if (error) {
+        // Fallback: try via the users table (auth_user_id column, not id)
+        const { data: userData } = await client
+            .from("users")
+            .select("store_id")
+            .eq("auth_user_id", _userId)
+            .single();
+        if (userData?.store_id) {
+            const { data: store } = await client
+                .from("stores")
+                .select("id, store_name, slug")
+                .eq("id", userData.store_id)
+                .single();
+            return store ? [{ id: store.id, name: store.store_name, slug: store.slug }] : [];
+        }
+        return [];
+    }
+    return (stores || []).map((s) => ({ id: s.id, name: s.store_name, slug: s.slug }));
+}
+// Select a store and save to config
+export function selectStore(storeId, storeName) {
+    updateConfig({ store_id: storeId, store_name: storeName });
+}
+// Check if logged in (has auth tokens)
+export function isLoggedIn() {
+    const config = loadConfig();
+    return !!(config.access_token && config.refresh_token);
+}

package/dist/cli/services/background-processes.d.ts

@@ -0,0 +1,126 @@
+/**
+ * Background Process Management — Claude Code-style async shell execution
+ *
+ * Enables running long-running processes (dev servers, watchers, builds)
+ * without blocking the agent loop.
+ *
+ * Tools:
+ * - run_command with run_in_background: true
+ * - bash_output: Read output from running/completed process
+ * - kill_shell: Terminate a background process
+ */
+import { ChildProcess } from "child_process";
+export interface BackgroundProcess {
+    id: string;
+    command: string;
+    cwd: string;
+    startedAt: Date;
+    status: "running" | "completed" | "failed" | "killed";
+    exitCode?: number;
+    outputBuffer: string[];
+    errorBuffer: string[];
+    process: ChildProcess | null;
+    lastReadIndex: number;
+    lastErrorReadIndex: number;
+}
+export interface ProcessOutput {
+    id: string;
+    status: BackgroundProcess["status"];
+    newOutput: string;
+    newErrors: string;
+    exitCode?: number;
+}
+export declare function spawnBackground(command: string, options?: {
+    cwd?: string;
+    timeout?: number;
+    description?: string;
+}): Promise<{
+    id: string;
+    message: string;
+    status: "running" | "failed";
+}>;
+export declare function readProcessOutput(id: string, options?: {
+    filter?: string;
+}): ProcessOutput | {
+    error: string;
+};
+export declare function killProcess(id: string): {
+    success: boolean;
+    message: string;
+};
+export declare function listProcesses(): Array<{
+    id: string;
+    pid: number | undefined;
+    command: string;
+    status: BackgroundProcess["status"];
+    startedAt: string;
+    runtime: string;
+    outputLines: number;
+    errorLines: number;
+}>;
+interface BackgroundAgent {
+    id: string;
+    type: string;
+    outputFile: string;
+    startTime: number;
+    status: "running" | "completed" | "failed";
+}
+export declare function registerBackgroundAgent(id: string, type: string, outputFile: string): void;
+export declare function getAgentStatus(id: string): BackgroundAgent | null;
+export declare function markAgentDone(id: string, success: boolean): void;
+export declare function readAgentOutput(id: string): {
+    status: string;
+    output: string;
+} | null;
+export declare function listBackgroundAgents(): BackgroundAgent[];
+export declare function stopBackgroundAgent(id: string): {
+    success: boolean;
+    message: string;
+};
+export declare const BACKGROUND_TOOL_DEFINITIONS: ({
+    name: string;
+    description: string;
+    input_schema: {
+        type: string;
+        properties: {
+            bash_id: {
+                type: string;
+                description: string;
+            };
+            filter: {
+                type: string;
+                description: string;
+            };
+            shell_id?: undefined;
+        };
+        required: string[];
+    };
+} | {
+    name: string;
+    description: string;
+    input_schema: {
+        type: string;
+        properties: {
+            shell_id: {
+                type: string;
+                description: string;
+            };
+            bash_id?: undefined;
+            filter?: undefined;
+        };
+        required: string[];
+    };
+} | {
+    name: string;
+    description: string;
+    input_schema: {
+        type: string;
+        properties: {
+            bash_id?: undefined;
+            filter?: undefined;
+            shell_id?: undefined;
+        };
+        required: never[];
+    };
+})[];
+export {};