wispy-cli 0.9.0 → 1.1.1

package/core/engine.mjs

@@ -21,6 +21,8 @@ import { SessionManager } from "./session.mjs";
 import { MCPManager, ensureDefaultMcpConfig } from "./mcp.mjs";
 import { MemoryManager } from "./memory.mjs";
 import { SubAgentManager } from "./subagents.mjs";
+import { PermissionManager } from "./permissions.mjs";
+import { AuditLog, EVENT_TYPES } from "./audit.mjs";
 
 const MAX_TOOL_ROUNDS = 10;
 const MAX_CONTEXT_CHARS = 40_000;
@@ -34,6 +36,8 @@ export class WispyEngine {
     this.mcpManager = new MCPManager(config.mcpConfigPath ?? MCP_CONFIG_PATH);
     this.memory = new MemoryManager(WISPY_DIR);
     this.subagents = new SubAgentManager(this, this.sessions);
+    this.permissions = new PermissionManager(config.permissions ?? {});
+    this.audit = new AuditLog(WISPY_DIR);
     this._initialized = false;
     this._activeWorkstream = config.workstream
       ?? process.env.WISPY_WORKSTREAM
@@ -63,6 +67,9 @@ export class WispyEngine {
     // Register memory tools
     this._registerMemoryTools();
 
+    // Register node tools
+    this._registerNodeTools();
+
     // Initialize MCP
     if (!opts.skipMcp) {
       await ensureDefaultMcpConfig(this.mcpManager.configPath);
@@ -88,22 +95,40 @@ export class WispyEngine {
    * @returns {object} { role: "assistant", content: string, usage? }
    */
   async processMessage(sessionId, userMessage, opts = {}) {
-    if (!this._initialized) await this.init();
+    if (!this._initialized) {
+      const initResult = await this.init(opts);
+      if (!initResult && !opts.allowNoProvider) {
+        return {
+          role: "assistant",
+          content: "⚠️ No AI provider configured. Set GOOGLE_AI_KEY, ANTHROPIC_API_KEY, OPENAI_API_KEY, or another provider key.",
+          sessionId: null,
+          error: "NO_PROVIDER",
+        };
+      }
+    }
 
     // Get or create session
     let session;
-    if (sessionId) {
-      session = this.sessions.get(sessionId) ?? await this.sessions.load(sessionId);
-      if (!session) {
-        // Create new session with given ID context
+    try {
+      if (sessionId) {
+        session = this.sessions.get(sessionId) ?? await this.sessions.load(sessionId);
+        if (!session) {
+          session = this.sessions.create({ workstream: opts.workstream ?? this._activeWorkstream });
+        }
+      } else {
         session = this.sessions.create({ workstream: opts.workstream ?? this._activeWorkstream });
       }
-    } else {
+    } catch (err) {
       session = this.sessions.create({ workstream: opts.workstream ?? this._activeWorkstream });
     }
 
     // Build messages array for the provider
-    const systemPrompt = opts.systemPrompt ?? await this._buildSystemPrompt(userMessage);
+    let systemPrompt;
+    try {
+      systemPrompt = opts.systemPrompt ?? await this._buildSystemPrompt(userMessage);
+    } catch {
+      systemPrompt = "You are Wispy 🌿 — a helpful AI assistant in the terminal.";
+    }
 
     // Initialize messages with system prompt if empty
     let messages;
@@ -123,11 +148,37 @@ export class WispyEngine {
     messages.push({ role: "user", content: userMessage });
     this.sessions.addMessage(session.id, { role: "user", content: userMessage });
 
-    // Run agentic loop
-    const responseText = await this._agentLoop(messages, session, opts);
+    // Audit: log incoming message
+    this.audit.log({
+      type: EVENT_TYPES.MESSAGE_RECEIVED,
+      sessionId: session.id,
+      content: userMessage.slice(0, 500),
+    }).catch(() => {});
+
+    // Run agentic loop with error handling
+    let responseText;
+    try {
+      responseText = await this._agentLoop(messages, session, opts);
+    } catch (err) {
+      responseText = this._friendlyError(err);
+      this.audit.log({
+        type: EVENT_TYPES.ERROR,
+        sessionId: session.id,
+        message: err.message,
+      }).catch(() => {});
+    }
+
+    // Audit: log outgoing response
+    this.audit.log({
+      type: EVENT_TYPES.MESSAGE_SENT,
+      sessionId: session.id,
+      content: responseText.slice(0, 500),
+    }).catch(() => {});
 
     // Add assistant message to session
-    this.sessions.addMessage(session.id, { role: "assistant", content: responseText });
+    try {
+      this.sessions.addMessage(session.id, { role: "assistant", content: responseText });
+    } catch { /* ignore */ }
 
     // Save session (async, don't await unless needed)
     if (!opts.noSave) {
@@ -138,10 +189,36 @@ export class WispyEngine {
       role: "assistant",
       content: responseText,
       sessionId: session.id,
-      usage: { ...this.providers.sessionTokens },
+      usage: { ...(this.providers.sessionTokens ?? {}) },
     };
   }
 
+  /**
+   * Convert a provider error to a user-friendly message.
+   */
+  _friendlyError(err) {
+    const msg = err?.message ?? String(err);
+    if (msg.includes("401") || msg.toLowerCase().includes("api key") || msg.toLowerCase().includes("unauthorized")) {
+      return "⚠️ Invalid or missing API key. Check your provider credentials.";
+    }
+    if (msg.includes("429") || msg.toLowerCase().includes("rate limit")) {
+      return "⚠️ Rate limit reached. Please wait a moment and try again.";
+    }
+    if (msg.includes("timeout") || msg.toLowerCase().includes("timed out")) {
+      return "⚠️ Request timed out. The AI provider took too long to respond.";
+    }
+    if (msg.toLowerCase().includes("network") || msg.includes("ENOTFOUND") || msg.includes("ECONNREFUSED")) {
+      return "⚠️ Network error. Check your internet connection and try again.";
+    }
+    if (msg.toLowerCase().includes("no provider") || msg.toLowerCase().includes("not configured")) {
+      return "⚠️ No AI provider configured. Set an API key to get started.";
+    }
+    if (process.env.WISPY_DEBUG) {
+      return `⚠️ Error: ${msg}`;
+    }
+    return `⚠️ Something went wrong. Run with WISPY_DEBUG=1 for details. (${msg.slice(0, 80)})`;
+  }
+
   /**
    * Process tool calls manually.
    * @param {Array} toolCalls - Array of { name, args }
@@ -180,7 +257,22 @@ export class WispyEngine {
       for (const call of result.calls) {
         if (opts.onToolCall) opts.onToolCall(call.name, call.args);
 
-        const toolResult = await this._executeTool(call.name, call.args, messages, session, opts);
+        let toolResult;
+        try {
+          // Enforce 60s timeout on individual tool calls
+          const TOOL_TIMEOUT_MS = opts.toolTimeoutMs ?? 60_000;
+          toolResult = await Promise.race([
+            this._executeTool(call.name, call.args, messages, session, opts),
+            new Promise((_, reject) =>
+              setTimeout(() => reject(new Error(`Tool '${call.name}' timed out after ${TOOL_TIMEOUT_MS}ms`)), TOOL_TIMEOUT_MS)
+            ),
+          ]);
+        } catch (err) {
+          toolResult = { error: err.message, success: false };
+          if (process.env.WISPY_DEBUG) {
+            console.error(`[wispy] Tool '${call.name}' error: ${err.message}`);
+          }
+        }
 
         if (opts.onToolResult) opts.onToolResult(call.name, toolResult);
 
@@ -200,6 +292,71 @@ export class WispyEngine {
    * Execute a tool, handling engine-level tools (spawn_agent, etc.) specially.
    */
   async _executeTool(name, args, messages, session, opts) {
+    // ── Permission check ─────────────────────────────────────────────────────
+    const permResult = await this.permissions.check(name, args, { session });
+    const permLevel = permResult.level ?? "auto";
+
+    if (!permResult.allowed) {
+      const reason = permResult.reason ?? "Permission denied";
+      this.audit.log({
+        type: EVENT_TYPES.APPROVAL_DENIED,
+        sessionId: session?.id,
+        tool: name,
+        args,
+      }).catch(() => {});
+      return { success: false, error: reason, denied: true };
+    }
+
+    if (permResult.needsApproval && permResult.approved) {
+      this.audit.log({
+        type: EVENT_TYPES.APPROVAL_GRANTED,
+        sessionId: session?.id,
+        tool: name,
+        args,
+      }).catch(() => {});
+    }
+
+    // ── Audit: log tool call ──────────────────────────────────────────────────
+    const callStart = Date.now();
+    this.audit.log({
+      type: EVENT_TYPES.TOOL_CALL,
+      sessionId: session?.id,
+      tool: name,
+      args,
+      permissionLevel: permLevel,
+    }).catch(() => {});
+
+    // ── Execute ───────────────────────────────────────────────────────────────
+    let result;
+    try {
+      result = await this._executeToolInner(name, args, messages, session, opts);
+    } catch (err) {
+      this.audit.log({
+        type: EVENT_TYPES.ERROR,
+        sessionId: session?.id,
+        tool: name,
+        message: err.message,
+        duration: Date.now() - callStart,
+      }).catch(() => {});
+      throw err;
+    }
+
+    // ── Audit: log tool result ────────────────────────────────────────────────
+    this.audit.log({
+      type: EVENT_TYPES.TOOL_RESULT,
+      sessionId: session?.id,
+      tool: name,
+      result: JSON.stringify(result).slice(0, 500),
+      duration: Date.now() - callStart,
+    }).catch(() => {});
+
+    return result;
+  }
+
+  /**
+   * Internal tool dispatch (after permissions/audit).
+   */
+  async _executeToolInner(name, args, messages, session, opts) {
     // Engine-level tools that need conversation context
     switch (name) {
       case "spawn_agent":
@@ -239,6 +396,13 @@ export class WispyEngine {
         return this._toolKillSubagent(args);
       case "steer_subagent":
         return this._toolSteerSubagent(args);
+      // Node tools (v1.1)
+      case "node_list":
+        return this._toolNodeList();
+      case "node_status":
+        return this._toolNodeStatus();
+      case "node_execute":
+        return this._toolNodeExecute(args);
       default:
         return this.tools.execute(name, args);
     }
@@ -463,6 +627,13 @@ export class WispyEngine {
       onNotify: parentOpts?.onSubagentNotify ?? null,
     });
 
+    this.audit.log({
+      type: EVENT_TYPES.SUBAGENT_SPAWNED,
+      agentId: agent.id,
+      label: agent.label,
+      task: args.task?.slice(0, 200),
+    }).catch(() => {});
+
     return {
       success: true,
       id: agent.id,
@@ -780,6 +951,60 @@ export class WispyEngine {
     }
   }
 
+  // ── Node tools (v1.1) ────────────────────────────────────────────────────────
+
+  _registerNodeTools() {
+    const nodeTools = [
+      {
+        name: "node_list",
+        description: "List all registered remote nodes.",
+        parameters: { type: "object", properties: {}, required: [] },
+      },
+      {
+        name: "node_status",
+        description: "Ping all nodes and check their status.",
+        parameters: { type: "object", properties: {}, required: [] },
+      },
+      {
+        name: "node_execute",
+        description: "Execute a command on a specific remote node.",
+        parameters: {
+          type: "object",
+          properties: {
+            node_id: { type: "string", description: "Node ID to execute on" },
+            command: { type: "object", description: "Command to execute on the node" },
+          },
+          required: ["node_id", "command"],
+        },
+      },
+    ];
+    for (const tool of nodeTools) {
+      this.tools._definitions.set(tool.name, tool);
+    }
+  }
+
+  async _toolNodeList() {
+    if (!this.nodes) return { success: false, error: "Node manager not initialized" };
+    const list = await this.nodes.list();
+    return { success: true, nodes: list };
+  }
+
+  async _toolNodeStatus() {
+    if (!this.nodes) return { success: false, error: "Node manager not initialized" };
+    const statuses = await this.nodes.status();
+    return { success: true, statuses };
+  }
+
+  async _toolNodeExecute(args) {
+    if (!this.nodes) return { success: false, error: "Node manager not initialized" };
+    try {
+      const result = await this.nodes.send(args.node_id, args.command);
+      return { success: true, result };
+    } catch (err) {
+      return { success: false, error: err.message };
+    }
+  }
+
   // ── Cleanup ──────────────────────────────────────────────────────────────────
 
   destroy() {

package/core/index.mjs

@@ -13,3 +13,7 @@ export { loadConfig, saveConfig, detectProvider, PROVIDERS, WISPY_DIR, MCP_CONFI
 export { MemoryManager } from "./memory.mjs";
 export { CronManager } from "./cron.mjs";
 export { SubAgentManager, SubAgent } from "./subagents.mjs";
+export { PermissionManager, DEFAULT_POLICIES, BUILT_IN_SCOPES } from "./permissions.mjs";
+export { AuditLog, EVENT_TYPES, getAuditLog } from "./audit.mjs";
+export { WispyServer } from "./server.mjs";
+export { NodeManager, CAPABILITIES } from "./nodes.mjs";

package/core/nodes.mjs

@@ -0,0 +1,228 @@
+/**
+ * core/nodes.mjs — Local Node System for Wispy
+ *
+ * Allows pairing remote machines as "nodes" with specific capabilities.
+ */
+
+import path from "node:path";
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { randomBytes } from "node:crypto";
+
+import { WISPY_DIR } from "./config.mjs";
+
+const NODES_FILE = path.join(WISPY_DIR, "nodes.json");
+const PAIR_CODES_FILE = path.join(WISPY_DIR, "pair-codes.json");
+const PAIR_CODE_TTL_MS = 60 * 60 * 1000; // 1 hour
+
+export const CAPABILITIES = {
+  browser:       "Browser automation (Playwright/Puppeteer)",
+  filesystem:    "Local file access",
+  desktop:       "Desktop app control",
+  camera:        "Camera/screenshot",
+  notifications: "System notifications",
+  clipboard:     "Clipboard access",
+};
+
+export class NodeManager {
+  constructor(wispyDir = WISPY_DIR, server = null) {
+    this.wispyDir = wispyDir;
+    this.server = server;
+    this._nodesFile = path.join(wispyDir, "nodes.json");
+    this._pairCodesFile = path.join(wispyDir, "pair-codes.json");
+  }
+
+  // ── Storage ──────────────────────────────────────────────────────────────────
+
+  async _loadNodes() {
+    try {
+      return JSON.parse(await readFile(this._nodesFile, "utf8"));
+    } catch { return []; }
+  }
+
+  async _saveNodes(nodes) {
+    await mkdir(this.wispyDir, { recursive: true });
+    await writeFile(this._nodesFile, JSON.stringify(nodes, null, 2) + "\n", "utf8");
+  }
+
+  async _loadPairCodes() {
+    try {
+      return JSON.parse(await readFile(this._pairCodesFile, "utf8"));
+    } catch { return []; }
+  }
+
+  async _savePairCodes(codes) {
+    await mkdir(this.wispyDir, { recursive: true });
+    await writeFile(this._pairCodesFile, JSON.stringify(codes, null, 2) + "\n", "utf8");
+  }
+
+  // ── Registration ─────────────────────────────────────────────────────────────
+
+  /**
+   * Register a new node.
+   * @param {{ name, capabilities, host, port? }} node
+   * @returns {{ id, token }}
+   */
+  async register(node) {
+    const nodes = await this._loadNodes();
+    const id = `node-${randomBytes(6).toString("hex")}`;
+    const token = randomBytes(32).toString("hex");
+    const newNode = {
+      id,
+      name: node.name ?? id,
+      host: node.host ?? "localhost",
+      port: node.port ?? 18791,
+      token,
+      capabilities: node.capabilities ?? [],
+      registeredAt: new Date().toISOString(),
+      lastSeen: new Date().toISOString(),
+    };
+    nodes.push(newNode);
+    await this._saveNodes(nodes);
+    return { id, token };
+  }
+
+  /**
+   * Remove a node.
+   */
+  async remove(id) {
+    let nodes = await this._loadNodes();
+    const before = nodes.length;
+    nodes = nodes.filter(n => n.id !== id);
+    if (nodes.length === before) throw new Error(`Node not found: ${id}`);
+    await this._saveNodes(nodes);
+  }
+
+  /**
+   * List all registered nodes.
+   */
+  async list() {
+    return this._loadNodes();
+  }
+
+  /**
+   * Get a specific node.
+   */
+  async get(id) {
+    const nodes = await this._loadNodes();
+    return nodes.find(n => n.id === id) ?? null;
+  }
+
+  // ── Pairing ───────────────────────────────────────────────────────────────────
+
+  /**
+   * Generate a 6-digit pair code (expires in 1 hour).
+   */
+  async generatePairCode() {
+    const code = Math.floor(100000 + Math.random() * 900000).toString();
+    const codes = (await this._loadPairCodes()).filter(c =>
+      Date.now() - new Date(c.createdAt).getTime() < PAIR_CODE_TTL_MS
+    );
+    codes.push({
+      code,
+      createdAt: new Date().toISOString(),
+      expiresAt: new Date(Date.now() + PAIR_CODE_TTL_MS).toISOString(),
+    });
+    await this._savePairCodes(codes);
+    return code;
+  }
+
+  /**
+   * Confirm pairing with a code.
+   * @param {string} code - 6-digit code
+   * @param {{ name, capabilities, host, port? }} nodeInfo
+   * @returns {{ id, token }}
+   */
+  async confirmPair(code, nodeInfo) {
+    const codes = await this._loadPairCodes();
+    const match = codes.find(c =>
+      c.code === code &&
+      Date.now() - new Date(c.createdAt).getTime() < PAIR_CODE_TTL_MS
+    );
+    if (!match) throw new Error("Invalid or expired pair code.");
+
+    // Remove used code
+    const remaining = codes.filter(c => c.code !== code);
+    await this._savePairCodes(remaining);
+
+    return this.register(nodeInfo);
+  }
+
+  // ── Capability routing ────────────────────────────────────────────────────────
+
+  /**
+   * Find a node that supports the given capability.
+   * @param {string} capability
+   * @returns {Node|null}
+   */
+  async route(capability) {
+    const nodes = await this._loadNodes();
+    return nodes.find(n => n.capabilities.includes(capability)) ?? null;
+  }
+
+  // ── Communication ─────────────────────────────────────────────────────────────
+
+  /**
+   * Send a command to a node (HTTP).
+   */
+  async send(nodeId, command) {
+    const node = await this.get(nodeId);
+    if (!node) throw new Error(`Node not found: ${nodeId}`);
+
+    const url = `http://${node.host}:${node.port}/api/execute`;
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${node.token}`,
+      },
+      body: JSON.stringify(command),
+      signal: AbortSignal.timeout(30000),
+    });
+
+    if (!response.ok) throw new Error(`Node returned ${response.status}`);
+    return response.json();
+  }
+
+  // ── Status ────────────────────────────────────────────────────────────────────
+
+  /**
+   * Ping a node and measure latency.
+   */
+  async ping(nodeId) {
+    const node = await this.get(nodeId);
+    if (!node) return { alive: false, latency: null, error: "Node not found" };
+
+    const start = Date.now();
+    try {
+      const response = await fetch(`http://${node.host}:${node.port}/api/status`, {
+        signal: AbortSignal.timeout(5000),
+        headers: { "Authorization": `Bearer ${node.token}` },
+      });
+      const latency = Date.now() - start;
+      if (response.ok) {
+        // Update lastSeen
+        const nodes = await this._loadNodes();
+        const idx = nodes.findIndex(n => n.id === nodeId);
+        if (idx !== -1) {
+          nodes[idx].lastSeen = new Date().toISOString();
+          await this._saveNodes(nodes);
+        }
+        return { alive: true, latency, nodeId };
+      }
+      return { alive: false, latency, error: `HTTP ${response.status}`, nodeId };
+    } catch (err) {
+      return { alive: false, latency: null, error: err.message, nodeId };
+    }
+  }
+
+  /**
+   * Ping all nodes.
+   */
+  async status() {
+    const nodes = await this._loadNodes();
+    return Promise.all(nodes.map(async (node) => {
+      const pingResult = await this.ping(node.id);
+      return { ...node, ...pingResult };
+    }));
+  }
+}