Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# Binaries
/hawk
bin/
# Ignore build output in bin/, but track committed source scripts like bin/buf.
bin/*
!bin/buf
hawk_bin
*.exe
*.dll
Expand Down
140 changes: 140 additions & 0 deletions bin/buf
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
#!/bin/sh
# Hermetic launcher for the `buf` CLI (bufbuild/buf).
#
# Purpose: hermetic proto codegen — no host `buf` dependency. The binary is
# SHA-pinned per (platform, arch), fetched from the official GitHub release,
# cached locally, and reused. Mirrors grok's `bin/protoc` dotslash launcher,
# which fetches a SHA-pinned protoc per platform. Unlike dotslash (which ships
# an artifact manifest checked into the repo), this resolves a single pinned
# version via env override and verifies a SHA-256 per triple.
#
# Version is pinned via BUF_VERSION (default below). Override the cache root
# with HAWK_BIN_DIR (mirrors grok's GROK_SHELL_RG_DOWNLOAD_BASE overridability
# for offline / mirrored CI):
#
# HAWK_BIN_DIR — base cache dir (default ~/.cache/hawk/bin)
# BUF_VERSION — override the pinned version
#
# Exit codes are from the underlying `buf` invocation; fetch failures exit 127.
#
# Source pattern: grok `bin/protoc`.
set -e

BUF_VERSION="${BUF_VERSION:-1.50.0}"

# ---------------------------------------------------------------------------
# SHA-256 checksums of the buf release tarballs, keyed by
# <os>_<arch> (os lowercased, arch as Go sees it: amd64/arm64).
# Verified against https://github.com/bufbuild/buf/releases/tag/v1.50.0
# sha256sum buf-Linux-x86_64.tar.gz buf-Linux-aarch64.tar.gz
# buf-Darwin-x86_64.tar.gz buf-Darwin-arm64.tar.gz
# ---------------------------------------------------------------------------
SHA256_darwin_arm64="c80f7f8a1d8ffd36c5db31a360c7e0b65c8cf671d60bd3c34e1558e54f84f4cc"
SHA256_darwin_amd64="fc64b4a16964d7ec49fb2d245159d57dbfb3dac947e2a86413f9685cf8de2ac5"
SHA256_linux_amd64="80c1211dfc4844499c6ddad341bb21206579883fd33cea0a2c40c82befd70602"
SHA256_linux_arm64="4c920c5f96eb99ad13eb6f25cf740fdb42963401faa267bee03fbd3e163730b2"

# Detect platform + arch the same way install.sh does.
OS=$(uname -s | tr '[:upper:]' '[:lower:]')
ARCH=$(uname -m)
case "$ARCH" in
x86_64) arch="amd64" ;;
aarch64) arch="arm64" ;;
arm64) arch="arm64" ;;
*)
echo "bin/buf: unsupported arch $ARCH" >&2
exit 127
;;
esac
case "$OS" in
darwin) triple="darwin_${arch}" ;;
linux) triple="linux_${arch}" ;;
*)
echo "bin/buf: unsupported OS $OS" >&2
exit 127
;;
esac

# The GitHub release asset name uses a capitalized OS and the arch spelling
# buf publishes (Darwin-arm64, Linux-aarch64), which differs from the
# cache-key triple above. Build it explicitly to avoid 404s.
# uname -m yields arm64 on macOS and aarch64 on Linux, so map each real
# (os, arch) pair to the asset name buf publishes.
case "$OS/$ARCH" in
darwin/x86_64) asset="Darwin-x86_64" ;;
darwin/arm64) asset="Darwin-arm64" ;;
linux/x86_64) asset="Linux-x86_64" ;;
linux/aarch64) asset="Linux-aarch64" ;;
*) asset="" ;;
esac
if [ -z "$asset" ]; then
echo "bin/buf: unsupported platform $OS/$ARCH" >&2
exit 127
fi

# Resolve the pinned checksum for this triple.
sha_var="SHA256_${triple}"
sha="$(eval echo "\${$sha_var}")"
case "$sha" in
SHA256_*) echo "bin/buf: placeholder checksum for $triple — set real $sha_var before use" >&2; exit 127 ;;
esac

# Cache the extracted binary so repeat invocations skip the network fetch.
XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/.cache}"
CACHE_BASE="${HAWK_BIN_DIR:-$XDG_CACHE_HOME/hawk/bin}"
CACHE_BIN="$CACHE_BASE/buf-${BUF_VERSION}-${triple}/bin/buf"

URL="https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-${asset}.tar.gz"

fetch_bin() {
tmp=$(mktemp -d)
trap 'rm -rf "$tmp"' EXIT
archive="$tmp/buf.tar.gz"
if command -v curl >/dev/null 2>&1; then
curl -fsSL --proto '=https' --tlsv1.2 "$URL" -o "$archive"
elif command -v wget >/dev/null 2>&1; then
wget -q "$URL" -O "$archive"
else
echo "bin/buf: need curl or wget" >&2
exit 127
fi

# Verify checksum before extraction.
if command -v sha256sum >/dev/null 2>&1; then
actual=$(sha256sum "$archive" | awk '{print $1}')
elif command -v shasum >/dev/null 2>&1; then
actual=$(shasum -a 256 "$archive" | awk '{print $1}')
else
echo "bin/buf: need sha256sum or shasum" >&2
exit 127
fi
if [ "$actual" != "$sha" ]; then
echo "bin/buf: checksum mismatch for $triple" >&2
echo " expected: $sha" >&2
echo " actual: $actual" >&2
exit 127
fi

# Extract the `buf` binary from the release tarball.
mkdir -p "$tmp/extract"
tar xzf "$archive" -C "$tmp/extract"
extracted="$(find "$tmp/extract" -type f -name buf -path '*bin*' | head -n1)"
if [ -z "$extracted" ]; then
# Fallback: release tgz root may be the binary directly in bin/.
extracted="$tmp/extract/bin/buf"
if [ ! -f "$extracted" ]; then
echo "bin/buf: could not locate buf binary in archive" >&2
exit 127
fi
fi

mkdir -p "$(dirname "$CACHE_BIN")"
chmod +x "$extracted"
mv -f "$extracted" "$CACHE_BIN"
}

if [ ! -f "$CACHE_BIN" ]; then
fetch_bin
fi

exec "$CACHE_BIN" "$@"
9 changes: 9 additions & 0 deletions cmd/chat_commands_util.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,3 +157,12 @@ func tasteStoreForSession() (*taste.Store, error) {
func stalenessFormatReport(rules []staleness.StaleRule) string {
return staleness.FormatReport(rules)
}

// truncatePromptPreview truncates a prompt to a preview string.
func truncatePromptPreview(s string, max int) string {
s = strings.TrimSpace(s)
if len(s) <= max {
return s
}
return s[:max] + "…"
}
Loading
Loading