wispy-cli 2.7.9 → 2.7.10

package/bin/wispy.mjs

@@ -49,6 +49,8 @@ Usage:
                                Manage configuration
   wispy model                  Show or change AI model
   wispy doctor                 Check system health
+  wispy browser [tabs|attach|navigate|screenshot|doctor]
+                               Browser control via local-browser-bridge
   wispy trust [level|log]      Security level & audit
   wispy ws [start-client|run-debug]
                                WebSocket operations
@@ -161,6 +163,27 @@ if (command === "doctor") {
     for (const c of checks) {
       console.log(`  ${c.ok ? "✓" : "✗"} ${c.name}`);
     }
+
+    // Browser bridge check
+    try {
+      const { BrowserBridge } = await import(join(rootDir, "core/browser.mjs"));
+      const bridge = new BrowserBridge();
+      const h = await bridge.health();
+      if (h?.ok || (!h?.error && h !== null)) {
+        const caps = await bridge.capabilities().catch(() => ({}));
+        const browsers = Array.isArray(caps?.browsers) ? caps.browsers : [];
+        const session = bridge._session;
+        const detail = browsers.length
+          ? `${browsers.join(", ")} available${session ? ", session active" : ""}`
+          : "running";
+        console.log(`  ✓ Browser bridge    ${detail}`);
+      } else {
+        console.log(`  ✗ Browser bridge    not running (start with: npx local-browser-bridge serve)`);
+      }
+    } catch {
+      console.log(`  ✗ Browser bridge    not running (start with: npx local-browser-bridge serve)`);
+    }
+
     console.log("");
 
     if (!provider?.key) {
@@ -175,6 +198,146 @@ if (command === "doctor") {
   process.exit(0);
 }
 
+// ── Browser ───────────────────────────────────────────────────────────────────
+
+if (command === "browser") {
+  try {
+    const { BrowserBridge } = await import(join(rootDir, "core/browser.mjs"));
+    const bridge = new BrowserBridge();
+    const sub = args[1];
+
+    if (!sub || sub === "status") {
+      // wispy browser — show status
+      const h = await bridge.health();
+      const status = bridge.status();
+      const running = h?.ok || (!h?.error && h !== null);
+      console.log(`\n  Browser Bridge`);
+      console.log(`  URL:      ${bridge.baseUrl}`);
+      console.log(`  Status:   ${running ? "✓ running" : "✗ not running"}`);
+      if (!running) {
+        console.log(`  Hint:     npx local-browser-bridge serve`);
+      } else {
+        const caps = await bridge.capabilities().catch(() => ({}));
+        if (caps?.browsers?.length) {
+          console.log(`  Browsers: ${caps.browsers.join(", ")}`);
+        }
+      }
+      if (status.session) {
+        console.log(`  Session:  ${status.session.id} (${status.session.browser ?? "unknown"})`);
+      } else {
+        console.log(`  Session:  none`);
+      }
+      console.log("");
+    } else if (sub === "tabs") {
+      // wispy browser tabs
+      const browser = args[2];
+      const result = await bridge.listTabs(browser);
+      if (result?.error) {
+        console.error(`  ✗ ${result.error}`);
+      } else {
+        const tabs = result?.tabs ?? result;
+        console.log(`\n  Open tabs:`);
+        if (Array.isArray(tabs)) {
+          for (const t of tabs) {
+            const title = t.title ?? t.name ?? "(no title)";
+            const url = t.url ?? "";
+            console.log(`    • ${title}${url ? `  —  ${url}` : ""}`);
+          }
+        } else {
+          console.log(JSON.stringify(tabs, null, 2));
+        }
+        console.log("");
+      }
+    } else if (sub === "attach") {
+      // wispy browser attach [browser]
+      const browser = args[2];
+      console.log(`\n  Attaching to ${browser ?? "best available browser"}...`);
+      let result;
+      if (browser) {
+        result = await bridge.attach(browser);
+      } else {
+        result = await bridge.autoAttach();
+      }
+      if (result?.error) {
+        console.error(`  ✗ ${result.error}`);
+      } else {
+        const id = result?.id ?? result?.sessionId ?? "?";
+        const br = result?.browser ?? browser ?? "unknown";
+        console.log(`  ✓ Attached (${br}, session: ${id})`);
+      }
+      console.log("");
+    } else if (sub === "navigate") {
+      // wispy browser navigate <url>
+      const url = args[2];
+      if (!url) { console.error("  Usage: wispy browser navigate <url>"); process.exit(1); }
+      console.log(`\n  Navigating to ${url}...`);
+      const result = await bridge.navigate(url);
+      if (result?.error) {
+        console.error(`  ✗ ${result.error}`);
+      } else {
+        console.log(`  ✓ Navigated`);
+      }
+      console.log("");
+    } else if (sub === "screenshot") {
+      // wispy browser screenshot
+      const result = await bridge.screenshot();
+      if (result?.error) {
+        console.error(`  ✗ ${result.error}`);
+      } else {
+        const data = result?.screenshot ?? result?.data;
+        if (data) {
+          console.log(`\n  Screenshot captured (${data.length} base64 chars)`);
+          // Optionally save to file
+          const outFile = args[2] ?? `wispy-screenshot-${Date.now()}.png`;
+          const buf = Buffer.from(data, "base64");
+          const { writeFile: wf } = await import("node:fs/promises");
+          await wf(outFile, buf);
+          console.log(`  Saved to: ${outFile}`);
+        } else {
+          console.log(`  Screenshot result:`, JSON.stringify(result, null, 2));
+        }
+        console.log("");
+      }
+    } else if (sub === "doctor") {
+      // wispy browser doctor — full diagnostics
+      console.log(`\n  Browser Bridge Diagnostics`);
+      console.log(`  URL: ${bridge.baseUrl}`);
+
+      const h = await bridge.health();
+      const running = h?.ok || (!h?.error && h !== null);
+      console.log(`  Health: ${running ? "✓ ok" : "✗ not running"}`);
+
+      if (running) {
+        const caps = await bridge.capabilities();
+        console.log(`\n  Capabilities:`);
+        console.log(JSON.stringify(caps, null, 2).split("\n").map(l => "    " + l).join("\n"));
+
+        const browsers = Array.isArray(caps?.browsers) ? caps.browsers : [];
+        for (const br of browsers) {
+          const diag = await bridge.diagnostics(br);
+          console.log(`\n  Diagnostics (${br}):`);
+          console.log(JSON.stringify(diag, null, 2).split("\n").map(l => "    " + l).join("\n"));
+        }
+
+        const sessions = await bridge.listSessions();
+        console.log(`\n  Sessions:`);
+        console.log(JSON.stringify(sessions, null, 2).split("\n").map(l => "    " + l).join("\n"));
+      } else {
+        console.log(`  Start with: npx local-browser-bridge serve`);
+      }
+      console.log("");
+    } else {
+      console.error(`  Unknown subcommand: ${sub}`);
+      console.log(`  Usage: wispy browser [status|tabs|attach|navigate <url>|screenshot|doctor]`);
+      process.exit(1);
+    }
+  } catch (err) {
+    console.error("Browser command error:", err.message);
+    process.exit(1);
+  }
+  process.exit(0);
+}
+
 // ── Trust ─────────────────────────────────────────────────────────────────────
 
 if (command === "trust") {

package/core/memory.mjs

@@ -6,6 +6,12 @@
  * - daily/YYYY-MM-DD.md — daily logs
  * - projects/<name>.md — project-specific memory
  * - user.md — user preferences/info
+ *
+ * v2.8+ enhancements:
+ * - getRelevantMemories() — keyword + recency scoring for context injection
+ * - autoExtractFacts() — auto-flush important facts from conversation
+ * - Fuzzy search with recency + frequency weighting
+ * - Access frequency tracking
  */
 
 import path from "node:path";
@@ -13,10 +19,14 @@ import { readFile, writeFile, appendFile, mkdir, readdir, unlink, stat } from "n
 
 const MAX_SEARCH_RESULTS = 20;
 const MAX_SNIPPET_CHARS = 200;
+// How many messages must accumulate before autoExtractFacts triggers
+const AUTO_EXTRACT_INTERVAL = 10;
 
 export class MemoryManager {
   constructor(wispyDir) {
     this.memoryDir = path.join(wispyDir, "memory");
+    // Frequency tracking: key → access count (in-memory only, resets per session)
+    this._accessFrequency = new Map();
   }
 
   /**
@@ -88,6 +98,8 @@ export class MemoryManager {
     const filePath = this._keyToPath(key);
     try {
       const content = await readFile(filePath, "utf8");
+      // Track access frequency
+      this._accessFrequency.set(key, (this._accessFrequency.get(key) ?? 0) + 1);
       return { key, content, path: filePath };
     } catch {
       return null;

package/core/secrets.mjs

@@ -0,0 +1,251 @@
+/**
+ * core/secrets.mjs — Secrets Manager for Wispy
+ *
+ * Resolution chain: env var → macOS Keychain → encrypted secrets.json → null
+ * Encryption: AES-256-GCM with machine-derived key (hostname + username)
+ * Scrubbing: never logs actual secret values
+ */
+
+import os from "node:os";
+import path from "node:path";
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { existsSync } from "node:fs";
+import { createHash, createCipheriv, createDecipheriv, randomBytes } from "node:crypto";
+
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32;
+const IV_LENGTH = 12;
+const TAG_LENGTH = 16;
+
+/**
+ * Derive a deterministic encryption key from machine identity.
+ * Uses hostname + username hash — not cryptographically perfect but
+ * provides at-rest protection from casual disk reads.
+ */
+function deriveMachineKey() {
+  const machineId = `${os.hostname()}::${os.userInfo().username}`;
+  return createHash("sha256").update(machineId).digest(); // 32 bytes
+}
+
+export class SecretsManager {
+  constructor(options = {}) {
+    this.wispyDir = options.wispyDir ?? path.join(os.homedir(), ".wispy");
+    this.secretsFile = path.join(this.wispyDir, "secrets.json");
+    this._cache = new Map();
+    this._machineKey = deriveMachineKey();
+  }
+
+  /**
+   * Resolution chain: env var → macOS Keychain → encrypted secrets.json → null
+   *
+   * @param {string} key - e.g. "OPENAI_API_KEY"
+   * @returns {Promise<string|null>}
+   */
+  async resolve(key) {
+    if (!key) return null;
+
+    // 1. In-memory cache
+    if (this._cache.has(key)) return this._cache.get(key);
+
+    // 2. Environment variable
+    if (process.env[key]) {
+      this._cache.set(key, process.env[key]);
+      return process.env[key];
+    }
+
+    // 3. macOS Keychain — try common service name patterns
+    const keychainValue = await this._fromKeychain(key, null);
+    if (keychainValue) {
+      this._cache.set(key, keychainValue);
+      return keychainValue;
+    }
+
+    // 4. Encrypted secrets.json
+    const stored = await this._fromSecretsFile(key);
+    if (stored) {
+      this._cache.set(key, stored);
+      return stored;
+    }
+
+    return null;
+  }
+
+  /**
+   * Store a secret (encrypts before writing to secrets.json)
+   */
+  async set(key, value) {
+    if (!key || value === undefined || value === null) {
+      throw new Error("key and value are required");
+    }
+
+    // Update cache
+    this._cache.set(key, value);
+
+    // Load existing secrets
+    const secrets = await this._loadSecretsFile();
+
+    // Encrypt and store
+    secrets[key] = this._encrypt(value);
+
+    await this._saveSecretsFile(secrets);
+    return { key, stored: true };
+  }
+
+  /**
+   * Delete a secret from cache + secrets.json
+   */
+  async delete(key) {
+    this._cache.delete(key);
+
+    const secrets = await this._loadSecretsFile();
+    if (!(key in secrets)) {
+      return { success: false, key, error: "Key not found" };
+    }
+
+    delete secrets[key];
+    await this._saveSecretsFile(secrets);
+    return { success: true, key };
+  }
+
+  /**
+   * List stored secret keys (not values)
+   */
+  async list() {
+    const secrets = await this._loadSecretsFile();
+    return Object.keys(secrets);
+  }
+
+  /**
+   * macOS Keychain integration
+   * Tries common wispy service names, then the key itself as service name
+   */
+  async _fromKeychain(service, account) {
+    if (process.platform !== "darwin") return null;
+
+    try {
+      const { execFile } = await import("node:child_process");
+      const { promisify } = await import("node:util");
+      const exec = promisify(execFile);
+
+      // Map common env var names to keychain service names
+      const serviceMap = {
+        OPENAI_API_KEY: "openai-api-key",
+        ANTHROPIC_API_KEY: "anthropic-api-key",
+        GOOGLE_AI_KEY: "google-ai-key",
+        GOOGLE_GENERATIVE_AI_KEY: "google-ai-key",
+        GEMINI_API_KEY: "google-ai-key",
+        GROQ_API_KEY: "groq-api-key",
+        DEEPSEEK_API_KEY: "deepseek-api-key",
+      };
+
+      const keychainService = serviceMap[service] ?? service.toLowerCase().replace(/_/g, "-");
+      const accounts = account ? [account] : ["wispy", "poropo"];
+
+      for (const acc of accounts) {
+        try {
+          const { stdout } = await exec(
+            "security",
+            ["find-generic-password", "-s", keychainService, "-a", acc, "-w"],
+            { timeout: 2000 }
+          );
+          const val = stdout.trim();
+          if (val) return val;
+        } catch { /* try next */ }
+      }
+
+      // Fallback: no account filter
+      try {
+        const { stdout } = await exec(
+          "security",
+          ["find-generic-password", "-s", keychainService, "-w"],
+          { timeout: 2000 }
+        );
+        const val = stdout.trim();
+        if (val) return val;
+      } catch { /* not found */ }
+    } catch { /* keychain unavailable */ }
+
+    return null;
+  }
+
+  // ── Encryption helpers ───────────────────────────────────────────────────────
+
+  /**
+   * Encrypt plaintext → base64 string (iv:tag:ciphertext)
+   */
+  _encrypt(plaintext) {
+    const iv = randomBytes(IV_LENGTH);
+    const cipher = createCipheriv(ALGORITHM, this._machineKey, iv);
+    const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    // Encode as hex parts joined by ":"
+    return `${iv.toString("hex")}:${tag.toString("hex")}:${encrypted.toString("hex")}`;
+  }
+
+  /**
+   * Decrypt iv:tag:ciphertext → plaintext string
+   */
+  _decrypt(ciphertext) {
+    const [ivHex, tagHex, encHex] = ciphertext.split(":");
+    if (!ivHex || !tagHex || !encHex) throw new Error("Invalid ciphertext format");
+
+    const iv = Buffer.from(ivHex, "hex");
+    const tag = Buffer.from(tagHex, "hex");
+    const enc = Buffer.from(encHex, "hex");
+
+    const decipher = createDecipheriv(ALGORITHM, this._machineKey, iv);
+    decipher.setAuthTag(tag);
+    return decipher.update(enc) + decipher.final("utf8");
+  }
+
+  // ── File helpers ─────────────────────────────────────────────────────────────
+
+  async _loadSecretsFile() {
+    try {
+      const raw = await readFile(this.secretsFile, "utf8");
+      return JSON.parse(raw);
+    } catch {
+      return {};
+    }
+  }
+
+  async _saveSecretsFile(secrets) {
+    await mkdir(this.wispyDir, { recursive: true });
+    await writeFile(this.secretsFile, JSON.stringify(secrets, null, 2) + "\n", "utf8");
+  }
+
+  async _fromSecretsFile(key) {
+    const secrets = await this._loadSecretsFile();
+    if (!(key in secrets)) return null;
+    try {
+      return this._decrypt(secrets[key]);
+    } catch {
+      return null; // Corrupted entry — skip
+    }
+  }
+
+  /**
+   * Scrub secret values from an object (for logging/audit)
+   * Replaces any value that looks like a key we know about with "***"
+   */
+  scrub(obj) {
+    if (typeof obj !== "object" || obj === null) return obj;
+    const knownKeys = new Set([...this._cache.keys()]);
+    const result = {};
+    for (const [k, v] of Object.entries(obj)) {
+      if (knownKeys.has(k) || /key|token|secret|password|credential/i.test(k)) {
+        result[k] = "***";
+      } else {
+        result[k] = v;
+      }
+    }
+    return result;
+  }
+}
+
+/** Singleton factory — reuse across modules */
+let _instance = null;
+export function getSecretsManager(options = {}) {
+  if (!_instance) _instance = new SecretsManager(options);
+  return _instance;
+}

package/core/tts.mjs

@@ -0,0 +1,194 @@
+/**
+ * core/tts.mjs — Text-to-Speech Manager for Wispy
+ *
+ * Auto-detects available TTS provider:
+ *   1. OpenAI TTS API (best quality, requires OPENAI_API_KEY)
+ *   2. macOS native `say` command (free, always available on macOS)
+ *
+ * Usage:
+ *   const tts = new TTSManager(secretsManager);
+ *   const result = await tts.speak("Hello world");
+ *   // result.path → audio file path
+ */
+
+import os from "node:os";
+import path from "node:path";
+import { writeFile } from "node:fs/promises";
+
+export class TTSManager {
+  constructor(secretsManager) {
+    this.secrets = secretsManager;
+    this._provider = null; // cached auto-detected provider
+  }
+
+  /**
+   * Auto-detect available TTS provider.
+   * Order: OpenAI (best quality) → macOS say (free) → null
+   */
+  async detectProvider() {
+    if (this._provider) return this._provider;
+
+    const openaiKey = await this.secrets.resolve("OPENAI_API_KEY");
+    if (openaiKey) {
+      this._provider = "openai";
+      return "openai";
+    }
+
+    if (process.platform === "darwin") {
+      this._provider = "macos";
+      return "macos";
+    }
+
+    return null;
+  }
+
+  /**
+   * Generate speech from text.
+   *
+   * @param {string} text - Text to speak
+   * @param {object} options
+   * @param {string} [options.provider] - "openai" | "macos" | "auto"
+   * @param {string} [options.voice] - Voice name
+   * @param {string} [options.model] - OpenAI TTS model
+   * @param {string} [options.format] - Output format (openai: mp3/opus/aac/flac, macos: aiff)
+   * @param {number} [options.rate] - Speech rate (macOS only)
+   * @returns {Promise<{provider, path, format, voice}|{error}>}
+   */
+  async speak(text, options = {}) {
+    const providerOpt = options.provider ?? "auto";
+    const provider = providerOpt === "auto"
+      ? await this.detectProvider()
+      : providerOpt;
+
+    switch (provider) {
+      case "openai":
+        return this._openaiTTS(text, options);
+      case "macos":
+        return this._macosTTS(text, options);
+      default:
+        return { error: "No TTS provider available. Set OPENAI_API_KEY or use macOS." };
+    }
+  }
+
+  /**
+   * OpenAI TTS API
+   * https://platform.openai.com/docs/api-reference/audio/createSpeech
+   */
+  async _openaiTTS(text, {
+    voice = "alloy",
+    model = "tts-1",
+    format = "mp3",
+  } = {}) {
+    const apiKey = await this.secrets.resolve("OPENAI_API_KEY");
+    if (!apiKey) {
+      return { error: "OPENAI_API_KEY not found" };
+    }
+
+    const response = await fetch("https://api.openai.com/v1/audio/speech", {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${apiKey}`,
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        model,
+        input: text,
+        voice,
+        response_format: format,
+      }),
+    });
+
+    if (!response.ok) {
+      const errText = await response.text().catch(() => "unknown error");
+      return { error: `OpenAI TTS failed: ${response.status} ${errText}` };
+    }
+
+    const buffer = Buffer.from(await response.arrayBuffer());
+    const outputPath = path.join(os.tmpdir(), `wispy-tts-${Date.now()}.${format}`);
+    await writeFile(outputPath, buffer);
+
+    return { provider: "openai", path: outputPath, format, voice };
+  }
+
+  /**
+   * macOS native TTS using `say` command
+   */
+  async _macosTTS(text, {
+    voice = "Samantha",
+    rate = 200,
+  } = {}) {
+    if (process.platform !== "darwin") {
+      return { error: "macOS TTS is only available on macOS" };
+    }
+
+    const outputPath = path.join(os.tmpdir(), `wispy-tts-${Date.now()}.aiff`);
+
+    const { execFile } = await import("node:child_process");
+    const { promisify } = await import("node:util");
+    const exec = promisify(execFile);
+
+    try {
+      await exec("say", ["-v", voice, "-r", String(rate), "-o", outputPath, text], {
+        timeout: 30000,
+      });
+    } catch (err) {
+      return { error: `macOS TTS failed: ${err.message}` };
+    }
+
+    return { provider: "macos", path: outputPath, format: "aiff", voice };
+  }
+
+  /**
+   * List available macOS voices
+   */
+  async listMacOSVoices() {
+    if (process.platform !== "darwin") return [];
+    try {
+      const { execFile } = await import("node:child_process");
+      const { promisify } = await import("node:util");
+      const exec = promisify(execFile);
+      const { stdout } = await exec("say", ["-v", "?"], { timeout: 5000 });
+      return stdout.trim().split("\n").map(line => {
+        const parts = line.trim().split(/\s+/);
+        return { name: parts[0], locale: parts[1] };
+      });
+    } catch {
+      return [];
+    }
+  }
+}
+
+/**
+ * Tool definition for ToolRegistry integration
+ */
+export const TTS_TOOL_DEFINITION = {
+  name: "text_to_speech",
+  description: "Convert text to speech audio file. Returns the path to the generated audio file.",
+  parameters: {
+    type: "object",
+    properties: {
+      text: {
+        type: "string",
+        description: "Text to convert to speech",
+      },
+      voice: {
+        type: "string",
+        description: "Voice name (openai: alloy/echo/fable/onyx/nova/shimmer, macos: Samantha/Alex/Victoria/etc)",
+      },
+      provider: {
+        type: "string",
+        enum: ["openai", "macos", "auto"],
+        description: "TTS provider to use (default: auto-detect)",
+      },
+      model: {
+        type: "string",
+        description: "TTS model (OpenAI only: tts-1 or tts-1-hd)",
+      },
+      rate: {
+        type: "number",
+        description: "Speech rate in words per minute (macOS only, default: 200)",
+      },
+    },
+    required: ["text"],
+  },
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wispy-cli",
-  "version": "2.7.9",
+  "version": "2.7.10",
   "description": "🌿 Wispy — AI workspace assistant with trustworthy execution (harness, receipts, approvals, diffs)",
   "license": "MIT",
   "author": "Minseo & Poropo",