--- install scripts ---
### postinstall
node scripts/postinstall.js
--- package/src/cli-entry.ts (excerpt) ---
#!/usr/bin/env node
/**
* Bolloon CLI 入口
*
* 使用方式:
* bolloon # 启动 GUI(Electron 或 Web)
* bolloon --cli # 启动命令行界面
* bolloon --read <file> # 读取文档
* bolloon --summarize <file> # 总结文档
* bolloon --web # 启动 Web UI
* bolloon --version # 显示版本
*/
import { spawn } from 'child_process';
import * as path from 'path';
import * as fs from 'fs';
const isWindows = process.platform === 'win32';
// ANSI 颜色
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const CYAN = '\x1b[36m';
const YELLOW = '\x1b[33m';
const GREEN = '\x1b[32m';
const MAGENTA = '\x1b[35m';
// 版本信息
const VERSION = '0.1.12';
function log(msg: string, color: string = RESET) {
console.log(`${color}${msg}${RESET}`);
}
function printBanner() {
console.log(`
${CYAN}${BOLD}
╔═══════════════════════════════════════════╗
║ �� Bolloon Agent ${VERSION} ║
║ P2P AI Document Processor ║
╚═══════════════════════════════════════════╝${RESET}
`);
}
function printHelp() {
console.log(`
${BOLD}用法:${RESET}
bolloon [选项] [命令] [参数]
${BOLD}选项:${RESET}
--gui, -g 启动图形界面 (Electron)
--web, -w 启动 Web UI (浏览器)
--cli, -c 启动命令行界面
--version, -v 显示版本信息
--help, -h 显示帮助信息
${BOLD}命令:${RESET}
bolloon --read <file> 读取文档
bolloon --summarize <file> 总结文档
bolloon --improve <file> <req> 改进文档
${BOLD}示例:${RESET}
bolloon # 启动图形界面
bo
--- package/src/electron.ts (excerpt) ---
/**
* Electron 主进程入口
*/
import { app, BrowserWindow, ipcMain, shell } from 'electron';
import * as path from 'path';
import * as fs from 'fs';
import { spawn, ChildProcess } from 'child_process';
const isDev = process.env.NODE_ENV === 'development' || !app.isPackaged;
// 日志文件路径
const userDataPath = app.getPath('userData');
const logPath = path.join(userDataPath, 'bolloon.log');
function log(msg: string) {
const ts = new Date().toISOString();
const line = `[${ts}] ${msg}\n`;
fs.appendFileSync(logPath, line);
console.log(msg);
}
log('Bolloon Electron 启动');
// 全局窗口引用
let mainWindow: BrowserWindow | null = null;
let webServerProcess: ChildProcess | null = null;
// 防止多个实例
const gotTheLock = app.requestSingleInstanceLock();
if (!gotTheLock) {
log('已有实例在运行,退出');
app.quit();
}
app.on('second-instance', () => {
if (mainWindow) {
if (mainWindow.isMinimized()) mainWindow.restore();
mainWindow.focus();
}
});
function startWebServer(port: number): Promise<void> {
return new Promise((resolve, reject) => {
const serverScript = path.join(__dirname, 'web', 'server.js');
log(`启动 Web 服务器进程: ${serverScript}`);
webServerProcess = spawn(process.execPath, [serverScript], {
env: {
...process.env,
NODE_ENV: 'production',
PORT: String(port),
ELECTRON_PORT: String(port),
},
stdio: ['ignore', 'pipe', 'pipe'],
});
let stdoutData = '';
let stderrData = '';
webServerProcess.stdout?.on('data'
--- package/src/index.ts (excerpt) ---
import {
HyperswarmCommunicator,
createHyperswarmCommunicator,
createTopic,
KeyManager,
AgentAuthManager,
AgentVerificationManager,
createVerificationManager,
type P2PMessage,
type P2PConnection,
} from '@diap/sdk';
import { irohTransport } from './network/iroh-transport.js';
import { HybridMessenger } from './network/hybrid-messenger.js';
import * as ed25519 from '@noble/ed25519';
import { sha512 } from '@noble/hashes/sha2.js';
import * as fs from 'fs/promises';
import * as path from 'path';
import { documentReader } from './documents/reader.js';
import { initMinimax } from './constraints/index.js';
import { createAgentSession } from './agents/pi-sdk.js';
import { createSubAgentManager } from './agents/subagent-manager.js';
import { getGlobalSharedContext } from './social/global-shared-context.js';
import { BollharnessIntegration, createBollharnessIntegration } from './bollharness-integration/index.js';
import * as readline from 'readline';
// 启动时自动检查更新已禁用 (改用 --update-check / --update-now 显式触发)
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const DIM = '\x1b[2m';
const CYAN = '\x1b[36m';
const GREEN = '\x1b[32m';
const YELLOW = '\x1b[33m';
const BLUE = '\x1b[34m';
const MAGENTA = '\x1b[35m';
const WHITE = '\x1b[37m';
const GRAY = '\x1b[90m';
const BG_WHITE = '\x1b[47m';
const BG_BLUE = '\x1b[44m';
const BLACK = '\x1b[30m';
const MOVE_UP = '\x1b[A';
const CLEAR_LINE = '\x1b[2K';
const HIDE_CURSOR = '\x1b[?25l';
const SHOW_CURSOR = '\x1b[?25h';
const s
--- dynamic destinations ---
→ api.minimaxi.com (via hostname-var)@0.1.25··AUTO-PUBLISHED·publisher: leoyoge
heuristic 55/100
static flags 11
llm malicious (0.95) via fast-track
install-scripts:postinstallnew-publisher:6dmature-packagereads-ai-api-keyschild-process-spawnreads-env-varsreads-seed-phraseclipboard-accessbase64-decodereads-homedirhex-decodehttp-to-public-ipsession-start-hookdest-via-hostname-var
→ Credential read (reads-ai-api-keys, reads-seed-phrase) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
// offending code· 3 files flaggedpatterns: 11
--- install scripts ---
### postinstall
node scripts/postinstall.js
--- package/src/cli-entry.ts (excerpt) ---
#!/usr/bin/env node
/**
* Bolloon CLI 入口
*
* 使用方式:
* bolloon # 启动 GUI(Electron 或 Web)
* bolloon --cli # 启动命令行界面
* bolloon --read <file> # 读取文档
* bolloon --summarize <file> # 总结文档
* bolloon --web # 启动 Web UI
* bolloon --version # 显示版本
*/
import { spawn } from 'child_process';
import * as path from 'path';
import * as fs from 'fs';
const isWindows = process.platform === 'win32';
// ANSI 颜色
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const CYAN = '\x1b[36m';
const YELLOW = '\x1b[33m';
const GREEN = '\x1b[32m';
const MAGENTA = '\x1b[35m';
// 版本信息
const VERSION = '0.1.12';
function log(msg: string, color: string = RESET) {
console.log(`${color}${msg}${RESET}`);
}
function printBanner() {
console.log(`
${CYAN}${BOLD}
╔═══════════════════════════════════════════╗
║ �� Bolloon Agent ${VERSION} ║
║ P2P AI Document Processor ║
╚═══════════════════════════════════════════╝${RESET}
`);
}
function printHelp() {
console.log(`
${BOLD}用法:${RESET}
bolloon [选项] [命令] [参数]
${BOLD}选项:${RESET}
--gui, -g 启动图形界面 (Electron)
--web, -w 启动 Web UI (浏览器)
--cli, -c 启动命令行界面
--version, -v 显示版本信息
--help, -h 显示帮助信息
${BOLD}命令:${RESET}
bolloon --read <file> 读取文档
bolloon --summarize <file> 总结文档
bolloon --improve <file> <req> 改进文档
${BOLD}示例:${RESET}
bolloon # 启动图形界面
bo
--- package/src/electron.ts (excerpt) ---
/**
* Electron 主进程入口
*/
import { app, BrowserWindow, ipcMain, shell } from 'electron';
import * as path from 'path';
import * as fs from 'fs';
import { spawn, ChildProcess } from 'child_process';
const isDev = process.env.NODE_ENV === 'development' || !app.isPackaged;
// 日志文件路径
const userDataPath = app.getPath('userData');
const logPath = path.join(userDataPath, 'bolloon.log');
function log(msg: string) {
const ts = new Date().toISOString();
const line = `[${ts}] ${msg}\n`;
fs.appendFileSync(logPath, line);
console.log(msg);
}
log('Bolloon Electron 启动');
// 全局窗口引用
let mainWindow: BrowserWindow | null = null;
let webServerProcess: ChildProcess | null = null;
// 防止多个实例
const gotTheLock = app.requestSingleInstanceLock();
if (!gotTheLock) {
log('已有实例在运行,退出');
app.quit();
}
app.on('second-instance', () => {
if (mainWindow) {
if (mainWindow.isMinimized()) mainWindow.restore();
mainWindow.focus();
}
});
function startWebServer(port: number): Promise<void> {
return new Promise((resolve, reject) => {
const serverScript = path.join(__dirname, 'web', 'server.js');
log(`启动 Web 服务器进程: ${serverScript}`);
webServerProcess = spawn(process.execPath, [serverScript], {
env: {
...process.env,
NODE_ENV: 'production',
PORT: String(port),
ELECTRON_PORT: String(port),
},
stdio: ['ignore', 'pipe', 'pipe'],
});
let stdoutData = '';
let stderrData = '';
webServerProcess.stdout?.on('data'
--- package/src/index.ts (excerpt) ---
import {
HyperswarmCommunicator,
createHyperswarmCommunicator,
createTopic,
KeyManager,
AgentAuthManager,
AgentVerificationManager,
createVerificationManager,
type P2PMessage,
type P2PConnection,
} from '@diap/sdk';
import { irohTransport } from './network/iroh-transport.js';
import { HybridMessenger } from './network/hybrid-messenger.js';
import * as ed25519 from '@noble/ed25519';
import { sha512 } from '@noble/hashes/sha2.js';
import * as fs from 'fs/promises';
import * as path from 'path';
import { documentReader } from './documents/reader.js';
import { initMinimax } from './constraints/index.js';
import { createAgentSession } from './agents/pi-sdk.js';
import { createSubAgentManager } from './agents/subagent-manager.js';
import { getGlobalSharedContext } from './social/global-shared-context.js';
import { BollharnessIntegration, createBollharnessIntegration } from './bollharness-integration/index.js';
import * as readline from 'readline';
// 启动时自动检查更新已禁用 (改用 --update-check / --update-now 显式触发)
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const DIM = '\x1b[2m';
const CYAN = '\x1b[36m';
const GREEN = '\x1b[32m';
const YELLOW = '\x1b[33m';
const BLUE = '\x1b[34m';
const MAGENTA = '\x1b[35m';
const WHITE = '\x1b[37m';
const GRAY = '\x1b[90m';
const BG_WHITE = '\x1b[47m';
const BG_BLUE = '\x1b[44m';
const BLACK = '\x1b[30m';
const MOVE_UP = '\x1b[A';
const CLEAR_LINE = '\x1b[2K';
const HIDE_CURSOR = '\x1b[?25l';
const SHOW_CURSOR = '\x1b[?25h';
const s
--- dynamic destinations ---
→ api.minimaxi.com (via hostname-var)@0.1.24··AUTO-PUBLISHED·publisher: leoyoge
heuristic 55/100
static flags 11
llm malicious (0.95) via fast-track
install-scripts:postinstallnew-publisher:5dmature-packagereads-ai-api-keyschild-process-spawnreads-env-varsreads-seed-phraseclipboard-accessbase64-decodereads-homedirhex-decodehttp-to-public-ipsession-start-hookdest-via-hostname-var
→ Credential read (reads-ai-api-keys, reads-seed-phrase) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
// offending code· 3 files flaggedpatterns: 11
--- install scripts ---
### postinstall
node scripts/postinstall.js
--- package/src/cli-entry.ts (excerpt) ---
#!/usr/bin/env node
/**
* Bolloon CLI 入口
*
* 使用方式:
* bolloon # 启动 GUI(Electron 或 Web)
* bolloon --cli # 启动命令行界面
* bolloon --read <file> # 读取文档
* bolloon --summarize <file> # 总结文档
* bolloon --web # 启动 Web UI
* bolloon --version # 显示版本
*/
import { spawn } from 'child_process';
import * as path from 'path';
import * as fs from 'fs';
const isWindows = process.platform === 'win32';
// ANSI 颜色
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const CYAN = '\x1b[36m';
const YELLOW = '\x1b[33m';
const GREEN = '\x1b[32m';
const MAGENTA = '\x1b[35m';
// 版本信息
const VERSION = '0.1.12';
function log(msg: string, color: string = RESET) {
console.log(`${color}${msg}${RESET}`);
}
function printBanner() {
console.log(`
${CYAN}${BOLD}
╔═══════════════════════════════════════════╗
║ �� Bolloon Agent ${VERSION} ║
║ P2P AI Document Processor ║
╚═══════════════════════════════════════════╝${RESET}
`);
}
function printHelp() {
console.log(`
${BOLD}用法:${RESET}
bolloon [选项] [命令] [参数]
${BOLD}选项:${RESET}
--gui, -g 启动图形界面 (Electron)
--web, -w 启动 Web UI (浏览器)
--cli, -c 启动命令行界面
--version, -v 显示版本信息
--help, -h 显示帮助信息
${BOLD}命令:${RESET}
bolloon --read <file> 读取文档
bolloon --summarize <file> 总结文档
bolloon --improve <file> <req> 改进文档
${BOLD}示例:${RESET}
bolloon # 启动图形界面
bo
--- package/src/electron.ts (excerpt) ---
/**
* Electron 主进程入口
*/
import { app, BrowserWindow, ipcMain, shell } from 'electron';
import * as path from 'path';
import * as fs from 'fs';
import { spawn, ChildProcess } from 'child_process';
const isDev = process.env.NODE_ENV === 'development' || !app.isPackaged;
// 日志文件路径
const userDataPath = app.getPath('userData');
const logPath = path.join(userDataPath, 'bolloon.log');
function log(msg: string) {
const ts = new Date().toISOString();
const line = `[${ts}] ${msg}\n`;
fs.appendFileSync(logPath, line);
console.log(msg);
}
log('Bolloon Electron 启动');
// 全局窗口引用
let mainWindow: BrowserWindow | null = null;
let webServerProcess: ChildProcess | null = null;
// 防止多个实例
const gotTheLock = app.requestSingleInstanceLock();
if (!gotTheLock) {
log('已有实例在运行,退出');
app.quit();
}
app.on('second-instance', () => {
if (mainWindow) {
if (mainWindow.isMinimized()) mainWindow.restore();
mainWindow.focus();
}
});
function startWebServer(port: number): Promise<void> {
return new Promise((resolve, reject) => {
const serverScript = path.join(__dirname, 'web', 'server.js');
log(`启动 Web 服务器进程: ${serverScript}`);
webServerProcess = spawn(process.execPath, [serverScript], {
env: {
...process.env,
NODE_ENV: 'production',
PORT: String(port),
ELECTRON_PORT: String(port),
},
stdio: ['ignore', 'pipe', 'pipe'],
});
let stdoutData = '';
let stderrData = '';
webServerProcess.stdout?.on('data'
--- package/src/index.ts (excerpt) ---
import {
HyperswarmCommunicator,
createHyperswarmCommunicator,
createTopic,
KeyManager,
AgentAuthManager,
AgentVerificationManager,
createVerificationManager,
type P2PMessage,
type P2PConnection,
} from '@diap/sdk';
import { irohTransport } from './network/iroh-transport.js';
import { HybridMessenger } from './network/hybrid-messenger.js';
import * as ed25519 from '@noble/ed25519';
import { sha512 } from '@noble/hashes/sha2.js';
import * as fs from 'fs/promises';
import * as path from 'path';
import { documentReader } from './documents/reader.js';
import { initMinimax } from './constraints/index.js';
import { createAgentSession } from './agents/pi-sdk.js';
import { createSubAgentManager } from './agents/subagent-manager.js';
import { getGlobalSharedContext } from './social/global-shared-context.js';
import { BollharnessIntegration, createBollharnessIntegration } from './bollharness-integration/index.js';
import * as readline from 'readline';
// 启动时自动检查更新已禁用 (改用 --update-check / --update-now 显式触发)
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const DIM = '\x1b[2m';
const CYAN = '\x1b[36m';
const GREEN = '\x1b[32m';
const YELLOW = '\x1b[33m';
const BLUE = '\x1b[34m';
const MAGENTA = '\x1b[35m';
const WHITE = '\x1b[37m';
const GRAY = '\x1b[90m';
const BG_WHITE = '\x1b[47m';
const BG_BLUE = '\x1b[44m';
const BLACK = '\x1b[30m';
const MOVE_UP = '\x1b[A';
const CLEAR_LINE = '\x1b[2K';
const HIDE_CURSOR = '\x1b[?25l';
const SHOW_CURSOR = '\x1b[?25h';
const s
--- dynamic destinations ---
→ api.minimaxi.com (via hostname-var)@0.1.22··AUTO-PUBLISHED·publisher: leoyoge
heuristic 67/100
static flags 11
llm malicious (0.95) via fast-track
install-scripts:postinstallnew-publisher:4dmature-packagepublisher-version-pump:7reads-ai-api-keyschild-process-spawnreads-env-varsreads-seed-phraseclipboard-accessreads-homedirhex-decodebase64-decodehttp-to-public-ipsession-start-hookdest-via-hostname-var
→ Credential read (reads-ai-api-keys, reads-seed-phrase) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
// offending code· 3 files flaggedpatterns: 11
--- install scripts ---
### postinstall
node scripts/postinstall.js
--- package/src/cli-entry.ts (excerpt) ---
#!/usr/bin/env node
/**
* Bolloon CLI 入口
*
* 使用方式:
* bolloon # 启动 GUI(Electron 或 Web)
* bolloon --cli # 启动命令行界面
* bolloon --read <file> # 读取文档
* bolloon --summarize <file> # 总结文档
* bolloon --web # 启动 Web UI
* bolloon --version # 显示版本
*/
import { spawn } from 'child_process';
import * as path from 'path';
import * as fs from 'fs';
const isWindows = process.platform === 'win32';
// ANSI 颜色
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const CYAN = '\x1b[36m';
const YELLOW = '\x1b[33m';
const GREEN = '\x1b[32m';
const MAGENTA = '\x1b[35m';
// 版本信息
const VERSION = '0.1.12';
function log(msg: string, color: string = RESET) {
console.log(`${color}${msg}${RESET}`);
}
function printBanner() {
console.log(`
${CYAN}${BOLD}
╔═══════════════════════════════════════════╗
║ �� Bolloon Agent ${VERSION} ║
║ P2P AI Document Processor ║
╚═══════════════════════════════════════════╝${RESET}
`);
}
function printHelp() {
console.log(`
${BOLD}用法:${RESET}
bolloon [选项] [命令] [参数]
${BOLD}选项:${RESET}
--gui, -g 启动图形界面 (Electron)
--web, -w 启动 Web UI (浏览器)
--cli, -c 启动命令行界面
--version, -v 显示版本信息
--help, -h 显示帮助信息
${BOLD}命令:${RESET}
bolloon --read <file> 读取文档
bolloon --summarize <file> 总结文档
bolloon --improve <file> <req> 改进文档
${BOLD}示例:${RESET}
bolloon # 启动图形界面
bo
--- package/src/electron.ts (excerpt) ---
/**
* Electron 主进程入口
*/
import { app, BrowserWindow, ipcMain, shell } from 'electron';
import * as path from 'path';
import * as fs from 'fs';
import { spawn, ChildProcess } from 'child_process';
const isDev = process.env.NODE_ENV === 'development' || !app.isPackaged;
// 日志文件路径
const userDataPath = app.getPath('userData');
const logPath = path.join(userDataPath, 'bolloon.log');
function log(msg: string) {
const ts = new Date().toISOString();
const line = `[${ts}] ${msg}\n`;
fs.appendFileSync(logPath, line);
console.log(msg);
}
log('Bolloon Electron 启动');
// 全局窗口引用
let mainWindow: BrowserWindow | null = null;
let webServerProcess: ChildProcess | null = null;
// 防止多个实例
const gotTheLock = app.requestSingleInstanceLock();
if (!gotTheLock) {
log('已有实例在运行,退出');
app.quit();
}
app.on('second-instance', () => {
if (mainWindow) {
if (mainWindow.isMinimized()) mainWindow.restore();
mainWindow.focus();
}
});
function startWebServer(port: number): Promise<void> {
return new Promise((resolve, reject) => {
const serverScript = path.join(__dirname, 'web', 'server.js');
log(`启动 Web 服务器进程: ${serverScript}`);
webServerProcess = spawn(process.execPath, [serverScript], {
env: {
...process.env,
NODE_ENV: 'production',
PORT: String(port),
ELECTRON_PORT: String(port),
},
stdio: ['ignore', 'pipe', 'pipe'],
});
let stdoutData = '';
let stderrData = '';
webServerProcess.stdout?.on('data'
--- package/src/index.ts (excerpt) ---
import {
HyperswarmCommunicator,
createHyperswarmCommunicator,
createTopic,
KeyManager,
AgentAuthManager,
AgentVerificationManager,
createVerificationManager,
type P2PMessage,
type P2PConnection,
} from '@diap/sdk';
import { irohTransport } from './network/iroh-transport.js';
import { HybridMessenger } from './network/hybrid-messenger.js';
import * as ed25519 from '@noble/ed25519';
import { sha512 } from '@noble/hashes/sha2.js';
import * as fs from 'fs/promises';
import * as path from 'path';
import { documentReader } from './documents/reader.js';
import { initMinimax } from './constraints/index.js';
import { createAgentSession } from './agents/pi-sdk.js';
import { createSubAgentManager } from './agents/subagent-manager.js';
import { getGlobalSharedContext } from './social/global-shared-context.js';
import { BollharnessIntegration, createBollharnessIntegration } from './bollharness-integration/index.js';
import * as readline from 'readline';
import { checkAndUpdate } from './utils/auto-update.js';
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const DIM = '\x1b[2m';
const CYAN = '\x1b[36m';
const GREEN = '\x1b[32m';
const YELLOW = '\x1b[33m';
const BLUE = '\x1b[34m';
const MAGENTA = '\x1b[35m';
const WHITE = '\x1b[37m';
const GRAY = '\x1b[90m';
const BG_WHITE = '\x1b[47m';
const BG_BLUE = '\x1b[44m';
const BLACK = '\x1b[30m';
const MOVE_UP = '\x1b[A';
const CLEAR_LINE = '\x1b[2K';
const HIDE_CURSOR = '\x1b[?25l';
const SHOW_CURSOR = '\x1b[?25h';
const s
--- dynamic destinations ---
→ api.minimaxi.com (via hostname-var)@0.1.19··AUTO-PUBLISHED·publisher: leoyoge
heuristic 85/100
static flags 10
llm malicious (0.95) via fast-track
install-scripts:postinstallpublish-burst:3new-publisher:4dmature-packagereads-ai-api-keyschild-process-spawnreads-env-varsclipboard-accessreads-homedirhex-decodebase64-decodehttp-to-public-ipsession-start-hookdest-via-hostname-var
→ Credential read (reads-ai-api-keys) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
// offending code· 3 files flaggedpatterns: 10
--- install scripts ---
### postinstall
node scripts/postinstall.js
--- package/src/cli-entry.ts (excerpt) ---
#!/usr/bin/env node
/**
* Bolloon CLI 入口
*
* 使用方式:
* bolloon # 启动 GUI(Electron 或 Web)
* bolloon --cli # 启动命令行界面
* bolloon --read <file> # 读取文档
* bolloon --summarize <file> # 总结文档
* bolloon --web # 启动 Web UI
* bolloon --version # 显示版本
*/
import { spawn } from 'child_process';
import * as path from 'path';
import * as fs from 'fs';
const isWindows = process.platform === 'win32';
// ANSI 颜色
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const CYAN = '\x1b[36m';
const YELLOW = '\x1b[33m';
const GREEN = '\x1b[32m';
const MAGENTA = '\x1b[35m';
// 版本信息
const VERSION = '0.1.12';
function log(msg: string, color: string = RESET) {
console.log(`${color}${msg}${RESET}`);
}
function printBanner() {
console.log(`
${CYAN}${BOLD}
╔═══════════════════════════════════════════╗
║ �� Bolloon Agent ${VERSION} ║
║ P2P AI Document Processor ║
╚═══════════════════════════════════════════╝${RESET}
`);
}
function printHelp() {
console.log(`
${BOLD}用法:${RESET}
bolloon [选项] [命令] [参数]
${BOLD}选项:${RESET}
--gui, -g 启动图形界面 (Electron)
--web, -w 启动 Web UI (浏览器)
--cli, -c 启动命令行界面
--version, -v 显示版本信息
--help, -h 显示帮助信息
${BOLD}命令:${RESET}
bolloon --read <file> 读取文档
bolloon --summarize <file> 总结文档
bolloon --improve <file> <req> 改进文档
${BOLD}示例:${RESET}
bolloon # 启动图形界面
bo
--- package/src/electron.ts (excerpt) ---
/**
* Electron 主进程入口
*/
import { app, BrowserWindow, ipcMain, shell } from 'electron';
import * as path from 'path';
import * as fs from 'fs';
import { spawn, ChildProcess } from 'child_process';
const isDev = process.env.NODE_ENV === 'development' || !app.isPackaged;
// 日志文件路径
const userDataPath = app.getPath('userData');
const logPath = path.join(userDataPath, 'bolloon.log');
function log(msg: string) {
const ts = new Date().toISOString();
const line = `[${ts}] ${msg}\n`;
fs.appendFileSync(logPath, line);
console.log(msg);
}
log('Bolloon Electron 启动');
// 全局窗口引用
let mainWindow: BrowserWindow | null = null;
let webServerProcess: ChildProcess | null = null;
// 防止多个实例
const gotTheLock = app.requestSingleInstanceLock();
if (!gotTheLock) {
log('已有实例在运行,退出');
app.quit();
}
app.on('second-instance', () => {
if (mainWindow) {
if (mainWindow.isMinimized()) mainWindow.restore();
mainWindow.focus();
}
});
function startWebServer(port: number): Promise<void> {
return new Promise((resolve, reject) => {
const serverScript = path.join(__dirname, 'web', 'server.js');
log(`启动 Web 服务器进程: ${serverScript}`);
webServerProcess = spawn(process.execPath, [serverScript], {
env: {
...process.env,
NODE_ENV: 'production',
PORT: String(port),
ELECTRON_PORT: String(port),
},
stdio: ['ignore', 'pipe', 'pipe'],
});
let stdoutData = '';
let stderrData = '';
webServerProcess.stdout?.on('data'
--- package/src/index.ts (excerpt) ---
import {
HyperswarmCommunicator,
createHyperswarmCommunicator,
createTopic,
KeyManager,
AgentAuthManager,
AgentVerificationManager,
createVerificationManager,
type P2PMessage,
type P2PConnection,
} from '@diap/sdk';
import { irohTransport } from './network/iroh-transport.js';
import { HybridMessenger } from './network/hybrid-messenger.js';
import * as ed25519 from '@noble/ed25519';
import { sha512 } from '@noble/hashes/sha2.js';
import * as fs from 'fs/promises';
import * as path from 'path';
import { documentReader } from './documents/reader.js';
import { initMinimax } from './constraints/index.js';
import { createAgentSession } from './agents/pi-sdk.js';
import { createSubAgentManager } from './agents/subagent-manager.js';
import { getGlobalSharedContext } from './social/global-shared-context.js';
import { BollharnessIntegration, createBollharnessIntegration } from './bollharness-integration/index.js';
import * as readline from 'readline';
import { checkAndUpdate } from './utils/auto-update.js';
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const DIM = '\x1b[2m';
const CYAN = '\x1b[36m';
const GREEN = '\x1b[32m';
const YELLOW = '\x1b[33m';
const BLUE = '\x1b[34m';
const MAGENTA = '\x1b[35m';
const WHITE = '\x1b[37m';
const GRAY = '\x1b[90m';
const BG_WHITE = '\x1b[47m';
const BG_BLUE = '\x1b[44m';
const BLACK = '\x1b[30m';
const MOVE_UP = '\x1b[A';
const CLEAR_LINE = '\x1b[2K';
const HIDE_CURSOR = '\x1b[?25l';
const SHOW_CURSOR = '\x1b[?25h';
const s
--- dynamic destinations ---
→ api.minimaxi.com (via hostname-var)@0.1.18··AUTO-PUBLISHED·publisher: leoyoge
heuristic 55/100
static flags 10
llm malicious (0.95) via fast-track
install-scripts:postinstallnew-publisher:4dmature-packagereads-ai-api-keyschild-process-spawnreads-env-varsclipboard-accessreads-homedirhex-decodebase64-decodehttp-to-public-ipsession-start-hookdest-via-hostname-var
→ Credential read (reads-ai-api-keys) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
// offending code· 3 files flaggedpatterns: 10
--- install scripts ---
### postinstall
node scripts/postinstall.js
--- package/src/cli-entry.ts (excerpt) ---
#!/usr/bin/env node
/**
* Bolloon CLI 入口
*
* 使用方式:
* bolloon # 启动 GUI(Electron 或 Web)
* bolloon --cli # 启动命令行界面
* bolloon --read <file> # 读取文档
* bolloon --summarize <file> # 总结文档
* bolloon --web # 启动 Web UI
* bolloon --version # 显示版本
*/
import { spawn } from 'child_process';
import * as path from 'path';
import * as fs from 'fs';
const isWindows = process.platform === 'win32';
// ANSI 颜色
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const CYAN = '\x1b[36m';
const YELLOW = '\x1b[33m';
const GREEN = '\x1b[32m';
const MAGENTA = '\x1b[35m';
// 版本信息
const VERSION = '0.1.12';
function log(msg: string, color: string = RESET) {
console.log(`${color}${msg}${RESET}`);
}
function printBanner() {
console.log(`
${CYAN}${BOLD}
╔═══════════════════════════════════════════╗
║ �� Bolloon Agent ${VERSION} ║
║ P2P AI Document Processor ║
╚═══════════════════════════════════════════╝${RESET}
`);
}
function printHelp() {
console.log(`
${BOLD}用法:${RESET}
bolloon [选项] [命令] [参数]
${BOLD}选项:${RESET}
--gui, -g 启动图形界面 (Electron)
--web, -w 启动 Web UI (浏览器)
--cli, -c 启动命令行界面
--version, -v 显示版本信息
--help, -h 显示帮助信息
${BOLD}命令:${RESET}
bolloon --read <file> 读取文档
bolloon --summarize <file> 总结文档
bolloon --improve <file> <req> 改进文档
${BOLD}示例:${RESET}
bolloon # 启动图形界面
bo
--- package/src/electron.ts (excerpt) ---
/**
* Electron 主进程入口
*/
import { app, BrowserWindow, ipcMain, shell } from 'electron';
import * as path from 'path';
import * as fs from 'fs';
import { spawn, ChildProcess } from 'child_process';
const isDev = process.env.NODE_ENV === 'development' || !app.isPackaged;
// 日志文件路径
const userDataPath = app.getPath('userData');
const logPath = path.join(userDataPath, 'bolloon.log');
function log(msg: string) {
const ts = new Date().toISOString();
const line = `[${ts}] ${msg}\n`;
fs.appendFileSync(logPath, line);
console.log(msg);
}
log('Bolloon Electron 启动');
// 全局窗口引用
let mainWindow: BrowserWindow | null = null;
let webServerProcess: ChildProcess | null = null;
// 防止多个实例
const gotTheLock = app.requestSingleInstanceLock();
if (!gotTheLock) {
log('已有实例在运行,退出');
app.quit();
}
app.on('second-instance', () => {
if (mainWindow) {
if (mainWindow.isMinimized()) mainWindow.restore();
mainWindow.focus();
}
});
function startWebServer(port: number): Promise<void> {
return new Promise((resolve, reject) => {
const serverScript = path.join(__dirname, 'web', 'server.js');
log(`启动 Web 服务器进程: ${serverScript}`);
webServerProcess = spawn(process.execPath, [serverScript], {
env: {
...process.env,
NODE_ENV: 'production',
PORT: String(port),
ELECTRON_PORT: String(port),
},
stdio: ['ignore', 'pipe', 'pipe'],
});
let stdoutData = '';
let stderrData = '';
webServerProcess.stdout?.on('data'
--- package/src/index.ts (excerpt) ---
import {
HyperswarmCommunicator,
createHyperswarmCommunicator,
createTopic,
KeyManager,
AgentAuthManager,
AgentVerificationManager,
createVerificationManager,
type P2PMessage,
type P2PConnection,
} from '@diap/sdk';
import { irohTransport } from './network/iroh-transport.js';
import { HybridMessenger } from './network/hybrid-messenger.js';
import * as ed25519 from '@noble/ed25519';
import { sha512 } from '@noble/hashes/sha2.js';
import * as fs from 'fs/promises';
import * as path from 'path';
import { documentReader } from './documents/reader.js';
import { initMinimax } from './constraints/index.js';
import { createAgentSession } from './agents/pi-sdk.js';
import { createSubAgentManager } from './agents/subagent-manager.js';
import { getGlobalSharedContext } from './social/global-shared-context.js';
import { BollharnessIntegration, createBollharnessIntegration } from './bollharness-integration/index.js';
import * as readline from 'readline';
import { checkAndUpdate } from './utils/auto-update.js';
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const DIM = '\x1b[2m';
const CYAN = '\x1b[36m';
const GREEN = '\x1b[32m';
const YELLOW = '\x1b[33m';
const BLUE = '\x1b[34m';
const MAGENTA = '\x1b[35m';
const WHITE = '\x1b[37m';
const GRAY = '\x1b[90m';
const BG_WHITE = '\x1b[47m';
const BG_BLUE = '\x1b[44m';
const BLACK = '\x1b[30m';
const MOVE_UP = '\x1b[A';
const CLEAR_LINE = '\x1b[2K';
const HIDE_CURSOR = '\x1b[?25l';
const SHOW_CURSOR = '\x1b[?25h';
const s
--- dynamic destinations ---
→ api.minimaxi.com (via hostname-var)@0.1.17··AUTO-PUBLISHED·publisher: leoyoge
heuristic 55/100
static flags 10
llm malicious (0.95) via fast-track
install-scripts:postinstallnew-publisher:4dmature-packagereads-ai-api-keyschild-process-spawnreads-env-varsclipboard-accessreads-homedirhex-decodebase64-decodehttp-to-public-ipsession-start-hookdest-via-hostname-var
→ Credential read (reads-ai-api-keys) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
// offending code· 3 files flaggedpatterns: 10
--- install scripts ---
### postinstall
node scripts/postinstall.js
--- package/src/cli-entry.ts (excerpt) ---
#!/usr/bin/env node
/**
* Bolloon CLI 入口
*
* 使用方式:
* bolloon # 启动 GUI(Electron 或 Web)
* bolloon --cli # 启动命令行界面
* bolloon --read <file> # 读取文档
* bolloon --summarize <file> # 总结文档
* bolloon --web # 启动 Web UI
* bolloon --version # 显示版本
*/
import { spawn } from 'child_process';
import * as path from 'path';
import * as fs from 'fs';
const isWindows = process.platform === 'win32';
// ANSI 颜色
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const CYAN = '\x1b[36m';
const YELLOW = '\x1b[33m';
const GREEN = '\x1b[32m';
const MAGENTA = '\x1b[35m';
// 版本信息
const VERSION = '0.1.12';
function log(msg: string, color: string = RESET) {
console.log(`${color}${msg}${RESET}`);
}
function printBanner() {
console.log(`
${CYAN}${BOLD}
╔═══════════════════════════════════════════╗
║ �� Bolloon Agent ${VERSION} ║
║ P2P AI Document Processor ║
╚═══════════════════════════════════════════╝${RESET}
`);
}
function printHelp() {
console.log(`
${BOLD}用法:${RESET}
bolloon [选项] [命令] [参数]
${BOLD}选项:${RESET}
--gui, -g 启动图形界面 (Electron)
--web, -w 启动 Web UI (浏览器)
--cli, -c 启动命令行界面
--version, -v 显示版本信息
--help, -h 显示帮助信息
${BOLD}命令:${RESET}
bolloon --read <file> 读取文档
bolloon --summarize <file> 总结文档
bolloon --improve <file> <req> 改进文档
${BOLD}示例:${RESET}
bolloon # 启动图形界面
bo
--- package/src/electron.ts (excerpt) ---
/**
* Electron 主进程入口
*/
import { app, BrowserWindow, ipcMain, shell } from 'electron';
import * as path from 'path';
import * as fs from 'fs';
import { spawn, ChildProcess } from 'child_process';
const isDev = process.env.NODE_ENV === 'development' || !app.isPackaged;
// 日志文件路径
const userDataPath = app.getPath('userData');
const logPath = path.join(userDataPath, 'bolloon.log');
function log(msg: string) {
const ts = new Date().toISOString();
const line = `[${ts}] ${msg}\n`;
fs.appendFileSync(logPath, line);
console.log(msg);
}
log('Bolloon Electron 启动');
// 全局窗口引用
let mainWindow: BrowserWindow | null = null;
let webServerProcess: ChildProcess | null = null;
// 防止多个实例
const gotTheLock = app.requestSingleInstanceLock();
if (!gotTheLock) {
log('已有实例在运行,退出');
app.quit();
}
app.on('second-instance', () => {
if (mainWindow) {
if (mainWindow.isMinimized()) mainWindow.restore();
mainWindow.focus();
}
});
function startWebServer(port: number): Promise<void> {
return new Promise((resolve, reject) => {
const serverScript = path.join(__dirname, 'web', 'server.js');
log(`启动 Web 服务器进程: ${serverScript}`);
webServerProcess = spawn(process.execPath, [serverScript], {
env: {
...process.env,
NODE_ENV: 'production',
PORT: String(port),
ELECTRON_PORT: String(port),
},
stdio: ['ignore', 'pipe', 'pipe'],
});
let stdoutData = '';
let stderrData = '';
webServerProcess.stdout?.on('data'
--- package/src/index.ts (excerpt) ---
import {
HyperswarmCommunicator,
createHyperswarmCommunicator,
createTopic,
KeyManager,
AgentAuthManager,
AgentVerificationManager,
createVerificationManager,
type P2PMessage,
type P2PConnection,
} from '@diap/sdk';
import { irohTransport } from './network/iroh-transport.js';
import { HybridMessenger } from './network/hybrid-messenger.js';
import * as ed25519 from '@noble/ed25519';
import { sha512 } from '@noble/hashes/sha2.js';
import * as fs from 'fs/promises';
import * as path from 'path';
import { documentReader } from './documents/reader.js';
import { initMinimax } from './constraints/index.js';
import { createAgentSession } from './agents/pi-sdk.js';
import { createSubAgentManager } from './agents/subagent-manager.js';
import { getGlobalSharedContext } from './social/global-shared-context.js';
import { BollharnessIntegration, createBollharnessIntegration } from './bollharness-integration/index.js';
import * as readline from 'readline';
import { checkAndUpdate } from './utils/auto-update.js';
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const DIM = '\x1b[2m';
const CYAN = '\x1b[36m';
const GREEN = '\x1b[32m';
const YELLOW = '\x1b[33m';
const BLUE = '\x1b[34m';
const MAGENTA = '\x1b[35m';
const WHITE = '\x1b[37m';
const GRAY = '\x1b[90m';
const BG_WHITE = '\x1b[47m';
const BG_BLUE = '\x1b[44m';
const BLACK = '\x1b[30m';
const MOVE_UP = '\x1b[A';
const CLEAR_LINE = '\x1b[2K';
const HIDE_CURSOR = '\x1b[?25l';
const SHOW_CURSOR = '\x1b[?25h';
const s
--- dynamic destinations ---
→ api.minimaxi.com (via hostname-var)@0.1.16··AUTO-PUBLISHED·publisher: leoyoge
heuristic 55/100
static flags 10
llm malicious (0.95) via fast-track
install-scripts:postinstallnew-publisher:4dmature-packagereads-ai-api-keyschild-process-spawnreads-env-varsclipboard-accessreads-homedirhex-decodebase64-decodehttp-to-public-ipsession-start-hookdest-via-hostname-var
→ Credential read (reads-ai-api-keys) paired with http-to-public-ip, dest-via-hostname-var destination — classic exfiltration signature.
// offending code· 3 files flaggedpatterns: 10
--- install scripts ---
### postinstall
node scripts/postinstall.js
--- package/src/cli-entry.ts (excerpt) ---
#!/usr/bin/env node
/**
* Bolloon CLI 入口
*
* 使用方式:
* bolloon # 启动 GUI(Electron 或 Web)
* bolloon --cli # 启动命令行界面
* bolloon --read <file> # 读取文档
* bolloon --summarize <file> # 总结文档
* bolloon --web # 启动 Web UI
* bolloon --version # 显示版本
*/
import { spawn } from 'child_process';
import * as path from 'path';
import * as fs from 'fs';
const isWindows = process.platform === 'win32';
// ANSI 颜色
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const CYAN = '\x1b[36m';
const YELLOW = '\x1b[33m';
const GREEN = '\x1b[32m';
const MAGENTA = '\x1b[35m';
// 版本信息
const VERSION = '0.1.12';
function log(msg: string, color: string = RESET) {
console.log(`${color}${msg}${RESET}`);
}
function printBanner() {
console.log(`
${CYAN}${BOLD}
╔═══════════════════════════════════════════╗
║ �� Bolloon Agent ${VERSION} ║
║ P2P AI Document Processor ║
╚═══════════════════════════════════════════╝${RESET}
`);
}
function printHelp() {
console.log(`
${BOLD}用法:${RESET}
bolloon [选项] [命令] [参数]
${BOLD}选项:${RESET}
--gui, -g 启动图形界面 (Electron)
--web, -w 启动 Web UI (浏览器)
--cli, -c 启动命令行界面
--version, -v 显示版本信息
--help, -h 显示帮助信息
${BOLD}命令:${RESET}
bolloon --read <file> 读取文档
bolloon --summarize <file> 总结文档
bolloon --improve <file> <req> 改进文档
${BOLD}示例:${RESET}
bolloon # 启动图形界面
bo
--- package/src/electron.ts (excerpt) ---
/**
* Electron 主进程入口
*/
import { app, BrowserWindow, ipcMain, shell } from 'electron';
import * as path from 'path';
import * as fs from 'fs';
import { spawn, ChildProcess } from 'child_process';
const isDev = process.env.NODE_ENV === 'development' || !app.isPackaged;
// 日志文件路径
const userDataPath = app.getPath('userData');
const logPath = path.join(userDataPath, 'bolloon.log');
function log(msg: string) {
const ts = new Date().toISOString();
const line = `[${ts}] ${msg}\n`;
fs.appendFileSync(logPath, line);
console.log(msg);
}
log('Bolloon Electron 启动');
// 全局窗口引用
let mainWindow: BrowserWindow | null = null;
let webServerProcess: ChildProcess | null = null;
// 防止多个实例
const gotTheLock = app.requestSingleInstanceLock();
if (!gotTheLock) {
log('已有实例在运行,退出');
app.quit();
}
app.on('second-instance', () => {
if (mainWindow) {
if (mainWindow.isMinimized()) mainWindow.restore();
mainWindow.focus();
}
});
function startWebServer(port: number): Promise<void> {
return new Promise((resolve, reject) => {
const serverScript = path.join(__dirname, 'web', 'server.js');
log(`启动 Web 服务器进程: ${serverScript}`);
webServerProcess = spawn(process.execPath, [serverScript], {
env: {
...process.env,
NODE_ENV: 'production',
PORT: String(port),
ELECTRON_PORT: String(port),
},
stdio: ['ignore', 'pipe', 'pipe'],
});
let stdoutData = '';
let stderrData = '';
webServerProcess.stdout?.on('data'
--- package/src/index.ts (excerpt) ---
import {
HyperswarmCommunicator,
createHyperswarmCommunicator,
createTopic,
KeyManager,
AgentAuthManager,
AgentVerificationManager,
createVerificationManager,
type P2PMessage,
type P2PConnection,
} from '@diap/sdk';
import { irohTransport } from './network/iroh-transport.js';
import { HybridMessenger } from './network/hybrid-messenger.js';
import * as ed25519 from '@noble/ed25519';
import { sha512 } from '@noble/hashes/sha2.js';
import * as fs from 'fs/promises';
import * as path from 'path';
import { documentReader } from './documents/reader.js';
import { initMinimax } from './constraints/index.js';
import { createAgentSession } from './agents/pi-sdk.js';
import { createSubAgentManager } from './agents/subagent-manager.js';
import { getGlobalSharedContext } from './social/global-shared-context.js';
import { BollharnessIntegration, createBollharnessIntegration } from './bollharness-integration/index.js';
import * as readline from 'readline';
import { checkAndUpdate } from './utils/auto-update.js';
const RESET = '\x1b[0m';
const BOLD = '\x1b[1m';
const DIM = '\x1b[2m';
const CYAN = '\x1b[36m';
const GREEN = '\x1b[32m';
const YELLOW = '\x1b[33m';
const BLUE = '\x1b[34m';
const MAGENTA = '\x1b[35m';
const WHITE = '\x1b[37m';
const GRAY = '\x1b[90m';
const BG_WHITE = '\x1b[47m';
const BG_BLUE = '\x1b[44m';
const BLACK = '\x1b[30m';
const MOVE_UP = '\x1b[A';
const CLEAR_LINE = '\x1b[2K';
const HIDE_CURSOR = '\x1b[?25l';
const SHOW_CURSOR = '\x1b[?25h';
const s
--- dynamic destinations ---
→ api.minimaxi.com (via hostname-var)