work-ally 0.2.0-alpha.1

package/bridge/src/approval-rules.ts

@@ -0,0 +1,360 @@
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { logWarn } from './logger.ts';
+
+export type PrefixRuleDecision = 'allow' | 'prompt' | 'forbidden';
+export type CommandRuleSource = 'global' | 'assistant';
+export type CommandMatchForm = 'raw' | 'unwrapped';
+
+export interface CommandApprovalRule {
+  source: CommandRuleSource;
+  filePath: string;
+  lineNumber: number;
+  pattern: string[];
+  decision: PrefixRuleDecision;
+}
+
+export interface CommandApprovalRuleDirSummary {
+  source: CommandRuleSource;
+  dirPath: string;
+  exists: boolean;
+  fileCount: number;
+  ruleCount: number;
+}
+
+export interface CommandApprovalRuleset {
+  rules: CommandApprovalRule[];
+  global: CommandApprovalRuleDirSummary;
+  assistant: CommandApprovalRuleDirSummary | null;
+}
+
+export interface CommandApprovalRuleMatch {
+  rule: CommandApprovalRule;
+  commandForm: CommandMatchForm;
+}
+
+interface LoadCommandApprovalRulesOptions {
+  assistantCodexHome?: string | null;
+  globalCodexHome?: string | null;
+}
+
+const PREFIX_RULE_RE = /^prefix_rule\s*\(\s*pattern\s*=\s*(\[[\s\S]*\])\s*,\s*decision\s*=\s*"([a-z]+)"\s*\)\s*$/i;
+
+function resolveGlobalCodexHome(explicit?: string | null): string {
+  const normalized = String(explicit || '').trim();
+  if (normalized) {
+    return path.resolve(normalized);
+  }
+  return path.join(os.homedir(), '.codex');
+}
+
+function makeDirSummary(source: CommandRuleSource, dirPath: string): CommandApprovalRuleDirSummary {
+  return {
+    source,
+    dirPath,
+    exists: false,
+    fileCount: 0,
+    ruleCount: 0,
+  };
+}
+
+export function emptyCommandApprovalRuleset(options: LoadCommandApprovalRulesOptions = {}): CommandApprovalRuleset {
+  const globalDir = path.join(resolveGlobalCodexHome(options.globalCodexHome), 'rules');
+  const assistantCodexHome = String(options.assistantCodexHome || '').trim();
+  const assistantDir = assistantCodexHome ? path.join(path.resolve(assistantCodexHome), 'rules') : null;
+  return {
+    rules: [],
+    global: makeDirSummary('global', globalDir),
+    assistant: assistantDir ? makeDirSummary('assistant', assistantDir) : null,
+  };
+}
+
+function parsePrefixRuleLine(
+  line: string,
+  filePath: string,
+  lineNumber: number,
+  source: CommandRuleSource,
+): CommandApprovalRule | null {
+  const trimmed = line.trim();
+  if (!trimmed || trimmed.startsWith('#')) {
+    return null;
+  }
+
+  const match = trimmed.match(PREFIX_RULE_RE);
+  if (!match) {
+    logWarn('approval_rules', 'line_ignored', {
+      source,
+      filePath,
+      lineNumber,
+      reason: 'unsupported syntax',
+    });
+    return null;
+  }
+
+  const decision = String(match[2] || '').trim().toLowerCase();
+  if (decision !== 'allow' && decision !== 'prompt' && decision !== 'forbidden') {
+    logWarn('approval_rules', 'line_ignored', {
+      source,
+      filePath,
+      lineNumber,
+      reason: 'unsupported decision',
+      decision,
+    });
+    return null;
+  }
+
+  try {
+    const pattern = JSON.parse(match[1]);
+    if (!Array.isArray(pattern) || pattern.length === 0 || pattern.some((entry) => typeof entry !== 'string' || entry.length === 0)) {
+      throw new Error('pattern must be a non-empty string array');
+    }
+    return {
+      source,
+      filePath,
+      lineNumber,
+      pattern,
+      decision,
+    };
+  } catch (error) {
+    logWarn('approval_rules', 'line_ignored', {
+      source,
+      filePath,
+      lineNumber,
+      reason: error instanceof Error ? error.message : String(error),
+    });
+    return null;
+  }
+}
+
+function loadRulesFromDir(summary: CommandApprovalRuleDirSummary): CommandApprovalRule[] {
+  if (!fs.existsSync(summary.dirPath)) {
+    return [];
+  }
+  summary.exists = true;
+  const entries = fs.readdirSync(summary.dirPath, { withFileTypes: true });
+  const files = entries
+    .filter((entry) => entry.isFile() && entry.name.endsWith('.rules'))
+    .map((entry) => entry.name)
+    .sort((left, right) => left.localeCompare(right));
+  summary.fileCount = files.length;
+
+  const rules: CommandApprovalRule[] = [];
+  for (const name of files) {
+    const filePath = path.join(summary.dirPath, name);
+    const lines = fs.readFileSync(filePath, 'utf8').split(/\r?\n/);
+    for (let index = 0; index < lines.length; index += 1) {
+      const rule = parsePrefixRuleLine(lines[index], filePath, index + 1, summary.source);
+      if (rule) {
+        rules.push(rule);
+      }
+    }
+  }
+  summary.ruleCount = rules.length;
+  return rules;
+}
+
+export function loadCommandApprovalRules(options: LoadCommandApprovalRulesOptions = {}): CommandApprovalRuleset {
+  const ruleset = emptyCommandApprovalRuleset(options);
+  ruleset.rules = [
+    ...loadRulesFromDir(ruleset.global),
+    ...(ruleset.assistant ? loadRulesFromDir(ruleset.assistant) : []),
+  ];
+  return ruleset;
+}
+
+export function tokenizeShellCommand(command: string): string[] | null {
+  const tokens: string[] = [];
+  let current = '';
+  let quote: 'single' | 'double' | null = null;
+  let escaping = false;
+
+  const pushCurrent = () => {
+    if (!current) {
+      return;
+    }
+    tokens.push(current);
+    current = '';
+  };
+
+  for (let index = 0; index < command.length; index += 1) {
+    const char = command[index];
+    if (escaping) {
+      current += char;
+      escaping = false;
+      continue;
+    }
+
+    if (quote === 'single') {
+      if (char === "'") {
+        quote = null;
+        continue;
+      }
+      current += char;
+      continue;
+    }
+
+    if (quote === 'double') {
+      if (char === '"') {
+        quote = null;
+        continue;
+      }
+      if (char === '\\') {
+        const next = command[index + 1];
+        if (next === undefined) {
+          return null;
+        }
+        current += next;
+        index += 1;
+        continue;
+      }
+      current += char;
+      continue;
+    }
+
+    if (/\s/.test(char)) {
+      pushCurrent();
+      continue;
+    }
+    if (char === '\\') {
+      escaping = true;
+      continue;
+    }
+    if (char === "'") {
+      quote = 'single';
+      continue;
+    }
+    if (char === '"') {
+      quote = 'double';
+      continue;
+    }
+    current += char;
+  }
+
+  if (escaping || quote) {
+    return null;
+  }
+  pushCurrent();
+  return tokens;
+}
+
+export function unwrapShellApprovalCommand(command: string): string {
+  const trimmed = String(command || '').trim();
+  const match = trimmed.match(/^(?:\/bin\/)?(?:zsh|bash|sh)\s+-lc\s+(['"])([\s\S]*)\1$/i);
+  return (match?.[2] || trimmed).trim();
+}
+
+function hasUnsafeShellSyntax(command: string): boolean {
+  if (!command) {
+    return true;
+  }
+  return /&&|\|\||[|;<>`()]|<<|\$\(/.test(command);
+}
+
+function matchesPatternPrefix(pattern: string[], argv: string[]): boolean {
+  if (pattern.length > argv.length) {
+    return false;
+  }
+  return pattern.every((entry, index) => argv[index] === entry);
+}
+
+function matchRuleAgainstCommand(rule: CommandApprovalRule, command: string): CommandMatchForm | null {
+  const rawArgv = tokenizeShellCommand(command);
+  if (rawArgv && matchesPatternPrefix(rule.pattern, rawArgv)) {
+    return 'raw';
+  }
+
+  const unwrapped = unwrapShellApprovalCommand(command);
+  if (unwrapped === command || hasUnsafeShellSyntax(unwrapped)) {
+    return null;
+  }
+  const innerArgv = tokenizeShellCommand(unwrapped);
+  if (innerArgv && matchesPatternPrefix(rule.pattern, innerArgv)) {
+    return 'unwrapped';
+  }
+  return null;
+}
+
+function sourcePriority(source: CommandRuleSource): number {
+  return source === 'assistant' ? 2 : 1;
+}
+
+function decisionPriority(decision: PrefixRuleDecision): number {
+  if (decision === 'forbidden') {
+    return 3;
+  }
+  if (decision === 'prompt') {
+    return 2;
+  }
+  return 1;
+}
+
+export function findMatchingCommandApprovalRule(
+  ruleset: CommandApprovalRuleset,
+  command: string,
+): CommandApprovalRuleMatch | null {
+  const trimmed = String(command || '').trim();
+  if (!trimmed) {
+    return null;
+  }
+
+  const matches: CommandApprovalRuleMatch[] = [];
+  for (const rule of ruleset.rules) {
+    const commandForm = matchRuleAgainstCommand(rule, trimmed);
+    if (commandForm) {
+      matches.push({ rule, commandForm });
+    }
+  }
+
+  if (matches.length === 0) {
+    return null;
+  }
+
+  matches.sort((left, right) => {
+    const sourceDelta = sourcePriority(right.rule.source) - sourcePriority(left.rule.source);
+    if (sourceDelta !== 0) {
+      return sourceDelta;
+    }
+    const decisionDelta = decisionPriority(right.rule.decision) - decisionPriority(left.rule.decision);
+    if (decisionDelta !== 0) {
+      return decisionDelta;
+    }
+    const lengthDelta = right.rule.pattern.length - left.rule.pattern.length;
+    if (lengthDelta !== 0) {
+      return lengthDelta;
+    }
+    const pathDelta = left.rule.filePath.localeCompare(right.rule.filePath);
+    if (pathDelta !== 0) {
+      return pathDelta;
+    }
+    return left.rule.lineNumber - right.rule.lineNumber;
+  });
+
+  return matches[0] || null;
+}
+
+export function commandApprovalRuleLabel(match: CommandApprovalRuleMatch): string {
+  const fileName = path.basename(match.rule.filePath);
+  return `${match.rule.source}:${fileName}:${match.rule.lineNumber}`;
+}
+
+function formatDirSummary(summary: CommandApprovalRuleDirSummary, label: string): string {
+  const state = summary.exists
+    ? `${summary.fileCount} files / ${summary.ruleCount} rules`
+    : 'missing';
+  return `- ${label}: ${summary.dirPath} (${state})`;
+}
+
+export function formatCommandApprovalRulesStatusLines(ruleset: CommandApprovalRuleset): string[] {
+  const lines = [
+    '- load mode: startup snapshot; restart assistant to refresh global rule changes',
+    `- loaded rules: ${ruleset.rules.length}`,
+    formatDirSummary(ruleset.global, 'global rules'),
+  ];
+  if (ruleset.assistant) {
+    lines.push(formatDirSummary(ruleset.assistant, 'assistant-local rules'));
+  } else {
+    lines.push('- assistant-local rules: unavailable (assistant codex home not configured)');
+  }
+  return lines;
+}

package/bridge/src/channel-delivery.ts

@@ -0,0 +1,207 @@
+import path from 'node:path';
+import { logWarn } from './logger.ts';
+import { nowIso, readJsonFile, writeJsonFile } from './utils.ts';
+
+export type ChannelDeliveryIssueKind = 'permission_denied' | 'app_not_ready' | 'rate_limited';
+
+export interface ChannelDeliveryIssue {
+  channel: 'feishu';
+  kind: ChannelDeliveryIssueKind;
+  code?: string | null;
+  message: string;
+  guidance: string;
+  retryable: false;
+}
+
+export class ChannelDeliveryError extends Error {
+  readonly issue: ChannelDeliveryIssue;
+  readonly cause?: unknown;
+
+  constructor(issue: ChannelDeliveryIssue, cause?: unknown) {
+    super(issue.message);
+    this.name = 'ChannelDeliveryError';
+    this.issue = issue;
+    this.cause = cause;
+  }
+}
+
+function stringifyError(error: unknown): string {
+  if (error instanceof Error) {
+    return error.stack || error.message;
+  }
+  return String(error);
+}
+
+function joinDefined(values: Array<string | null | undefined>): string {
+  return values
+    .map((value) => String(value || '').trim())
+    .filter(Boolean)
+    .join(' ');
+}
+
+function feishuErrorCode(error: any): string | null {
+  const candidates = [
+    error?.response?.data?.code,
+    error?.code,
+  ];
+  for (const candidate of candidates) {
+    if (candidate === undefined || candidate === null || candidate === '') {
+      continue;
+    }
+    return String(candidate);
+  }
+  return null;
+}
+
+function feishuErrorText(error: any): string {
+  return joinDefined([
+    error?.response?.data?.msg,
+    error?.response?.data?.message,
+    error?.response?.data?.error?.message,
+    error?.message,
+    stringifyError(error),
+  ]);
+}
+
+export function classifyFeishuDeliveryIssue(error: unknown): ChannelDeliveryIssue | null {
+  const code = feishuErrorCode(error);
+  const text = feishuErrorText(error);
+
+  if (
+    code === '99991672'
+    || /scope(?:s)? is required/i.test(text)
+    || /应用尚未开通所需的应用身份权限/.test(text)
+    || /im:message:send(?:_as_bot)?/i.test(text)
+  ) {
+    return {
+      channel: 'feishu',
+      kind: 'permission_denied',
+      code,
+      retryable: false,
+      message: 'Feishu 当前没有发消息权限，bridge 会继续运行，但这条消息发不出去。',
+      guidance: '去飞书开放平台为当前应用开通发消息权限，并完成审核/发布后再重试。',
+    };
+  }
+
+  if (
+    /未发布|尚未发布|未上架|审核中|未审核/.test(text)
+    || /not (?:released|published|approved)/i.test(text)
+    || /under review/i.test(text)
+  ) {
+    return {
+      channel: 'feishu',
+      kind: 'app_not_ready',
+      code,
+      retryable: false,
+      message: 'Feishu 应用还没有完成审核发布，bridge 会继续运行，但这条消息发不出去。',
+      guidance: '先让机器人完成审核/发布，再恢复消息投递。',
+    };
+  }
+
+  if (
+    code === '230020'
+    || /chat rate limit/i.test(text)
+    || /frequency limit/i.test(text)
+  ) {
+    return {
+      channel: 'feishu',
+      kind: 'rate_limited',
+      code,
+      retryable: false,
+      message: 'Feishu 当前触发消息频控，bridge 会继续运行，但部分进度消息会被丢弃。',
+      guidance: '减少短时间内的系统/进度消息数量，避免把内部日志直接转发到会话里。',
+    };
+  }
+
+  return null;
+}
+
+export function normalizeChannelDeliveryError(channel: string, error: unknown): Error {
+  if (error instanceof ChannelDeliveryError) {
+    return error;
+  }
+  if (channel === 'feishu') {
+    const issue = classifyFeishuDeliveryIssue(error);
+    if (issue) {
+      return new ChannelDeliveryError(issue, error);
+    }
+  }
+  if (error instanceof Error) {
+    return error;
+  }
+  return new Error(String(error));
+}
+
+export function isNonFatalChannelDeliveryError(error: unknown): error is ChannelDeliveryError {
+  return error instanceof ChannelDeliveryError && error.issue.retryable === false;
+}
+
+function readBridgeHealthSnapshot(healthFile: string): Record<string, unknown> | null {
+  try {
+    const current = readJsonFile(healthFile, null);
+    if (!current || typeof current !== 'object') {
+      return null;
+    }
+    return current as Record<string, unknown>;
+  } catch (error) {
+    logWarn('channel_delivery', 'bridge_health_corrupted', {
+      healthFile,
+      error: error instanceof Error ? (error.stack || error.message) : String(error),
+    });
+    return {};
+  }
+}
+
+export function recordBridgeDeliveryIssue(runtimeDir: string, error: ChannelDeliveryError): void {
+  const healthFile = path.join(runtimeDir, 'bridge.health.json');
+  const current = readBridgeHealthSnapshot(healthFile);
+  if (!current || typeof current !== 'object') {
+    return;
+  }
+
+  writeJsonFile(healthFile, {
+    ...current,
+    delivery_status: 'unavailable',
+    delivery_channel: error.issue.channel,
+    delivery_error_kind: error.issue.kind,
+    delivery_error_code: error.issue.code || null,
+    delivery_message: error.issue.message,
+    delivery_guidance: error.issue.guidance,
+    delivery_updated_at: nowIso(),
+  });
+}
+
+export function clearBridgeDeliveryIssue(runtimeDir: string): void {
+  const healthFile = path.join(runtimeDir, 'bridge.health.json');
+  const current = readBridgeHealthSnapshot(healthFile);
+  if (!current || typeof current !== 'object') {
+    return;
+  }
+
+  const next = { ...current } as Record<string, unknown>;
+  delete next.delivery_status;
+  delete next.delivery_channel;
+  delete next.delivery_error_kind;
+  delete next.delivery_error_code;
+  delete next.delivery_message;
+  delete next.delivery_guidance;
+  delete next.delivery_updated_at;
+  writeJsonFile(healthFile, next);
+}
+
+export function describeChannelDeliveryIssue(error: ChannelDeliveryError): Record<string, unknown> {
+  return {
+    channel: error.issue.channel,
+    kind: error.issue.kind,
+    code: error.issue.code || null,
+    message: error.issue.message,
+    guidance: error.issue.guidance,
+  };
+}
+
+export function logNonFatalChannelDelivery(component: string, event: string, error: ChannelDeliveryError, meta: Record<string, unknown> = {}): void {
+  logWarn(component, event, {
+    ...meta,
+    ...describeChannelDeliveryIssue(error),
+  });
+}

package/bridge/src/channel-types.ts

@@ -0,0 +1,22 @@
+import type { ApprovalRequest, ConnectionLifecycleEvent, ConversationRef, InboundMessage, PendingUserInputRecord } from './types.ts';
+
+export type OutboundEnvelope =
+  | { type: 'ack_received'; conversationRef: ConversationRef; messageId: string; emoji?: string }
+  | { type: 'status_reply'; conversationRef: ConversationRef; text: string }
+  | { type: 'progress_update'; conversationRef: ConversationRef; text: string }
+  | { type: 'approval_requested'; conversationRef: ConversationRef; approval: ApprovalRequest; text: string }
+  | { type: 'user_input_requested'; conversationRef: ConversationRef; request: PendingUserInputRecord; text: string }
+  | { type: 'final_reply'; conversationRef: ConversationRef; text: string }
+  | { type: 'error_reply'; conversationRef: ConversationRef; text: string };
+
+export interface ChannelAdapter {
+  start(): Promise<void>;
+  stop(): Promise<void>;
+  send(outbound: OutboundEnvelope): Promise<void>;
+  onConnectionEvent?(listener: (event: ConnectionLifecycleEvent) => void): void;
+  offConnectionEvent?(listener: (event: ConnectionLifecycleEvent) => void): void;
+}
+
+export interface InboundHandler {
+  handleInbound(message: InboundMessage): Promise<void>;
+}

package/bridge/src/channels/fake/adapter.ts

@@ -0,0 +1,31 @@
+import type { ChannelAdapter, InboundHandler, OutboundEnvelope } from '../../channel-types.ts';
+import type { InboundMessage } from '../../types.ts';
+
+export class FakeChannelAdapter implements ChannelAdapter {
+  public readonly sent: OutboundEnvelope[] = [];
+  private started = false;
+  private readonly inboundHandler: InboundHandler;
+
+  constructor(inboundHandler: InboundHandler) {
+    this.inboundHandler = inboundHandler;
+  }
+
+  async start(): Promise<void> {
+    this.started = true;
+  }
+
+  async stop(): Promise<void> {
+    this.started = false;
+  }
+
+  async send(outbound: OutboundEnvelope): Promise<void> {
+    this.sent.push(outbound);
+  }
+
+  async inject(message: InboundMessage): Promise<void> {
+    if (!this.started) {
+      throw new Error('fake channel is not started');
+    }
+    await this.inboundHandler.handleInbound(message);
+  }
+}