@agent-e/server 1.6.10 → 1.6.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/AgentEServer-IXEWHDCG.mjs +7 -0
  2. package/dist/{chunk-MH5XTBNY.mjs → chunk-WUZUDVHX.mjs} +60 -49
  3. package/dist/chunk-WUZUDVHX.mjs.map +1 -0
  4. package/dist/cli.js +59 -48
  5. package/dist/cli.js.map +1 -1
  6. package/dist/cli.mjs +1 -1
  7. package/dist/index.js +59 -48
  8. package/dist/index.js.map +1 -1
  9. package/dist/index.mjs +2 -2
  10. package/package.json +2 -2
  11. package/dist/AgentEServer-WOYIMZWG.mjs +0 -7
  12. package/dist/chunk-MH5XTBNY.mjs.map +0 -1
  13. /package/dist/{AgentEServer-WOYIMZWG.mjs.map → AgentEServer-IXEWHDCG.mjs.map} +0 -0
package/dist/cli.js CHANGED
@@ -974,8 +974,17 @@ function setSecurityHeaders(res) {
974
974
  }
975
975
  function setCorsHeaders(res, allowedOrigin, requestOrigin) {
976
976
  setSecurityHeaders(res);
977
- const origin = allowedOrigin === "*" ? "*" : requestOrigin === allowedOrigin ? allowedOrigin : allowedOrigin;
978
- res.setHeader("Access-Control-Allow-Origin", origin);
977
+ let origin;
978
+ if (allowedOrigin === "*") {
979
+ origin = "*";
980
+ } else if (requestOrigin === void 0) {
981
+ origin = allowedOrigin;
982
+ } else {
983
+ origin = requestOrigin === allowedOrigin ? allowedOrigin : "";
984
+ }
985
+ if (origin) {
986
+ res.setHeader("Access-Control-Allow-Origin", origin);
987
+ }
979
988
  res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
980
989
  res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
981
990
  }
@@ -1024,8 +1033,10 @@ function createRouteHandler(server2) {
1024
1033
  const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
1025
1034
  const path = url.pathname;
1026
1035
  const method = req.method?.toUpperCase() ?? "GET";
1036
+ const reqOrigin = req.headers["origin"];
1037
+ const respond = (status, data) => json(res, status, data, cors, reqOrigin);
1027
1038
  if (method === "OPTIONS") {
1028
- setCorsHeaders(res, cors);
1039
+ setCorsHeaders(res, cors, reqOrigin);
1029
1040
  res.writeHead(204);
1030
1041
  res.end();
1031
1042
  return;
@@ -1033,7 +1044,7 @@ function createRouteHandler(server2) {
1033
1044
  try {
1034
1045
  if (path === "/tick" && method === "POST") {
1035
1046
  if (!checkAuth(req, apiKey)) {
1036
- json(res, 401, { error: "Unauthorized" }, cors);
1047
+ respond(401, { error: "Unauthorized" });
1037
1048
  return;
1038
1049
  }
1039
1050
  const body = await readBody(req);
@@ -1041,11 +1052,11 @@ function createRouteHandler(server2) {
1041
1052
  try {
1042
1053
  parsed = sanitizeJson(JSON.parse(body));
1043
1054
  } catch {
1044
- json(res, 400, { error: "Invalid JSON" }, cors);
1055
+ respond(400, { error: "Invalid JSON" });
1045
1056
  return;
1046
1057
  }
1047
1058
  if (!parsed || typeof parsed !== "object") {
1048
- json(res, 400, { error: "Body must be a JSON object" }, cors);
1059
+ respond(400, { error: "Body must be a JSON object" });
1049
1060
  return;
1050
1061
  }
1051
1062
  const payload = parsed;
@@ -1053,10 +1064,10 @@ function createRouteHandler(server2) {
1053
1064
  const events = payload["events"];
1054
1065
  const validation = server2.validateState ? (0, import_core.validateEconomyState)(state) : null;
1055
1066
  if (validation && !validation.valid) {
1056
- json(res, 400, {
1067
+ respond(400, {
1057
1068
  error: "invalid_state",
1058
1069
  validationErrors: validation.errors
1059
- }, cors);
1070
+ });
1060
1071
  return;
1061
1072
  }
1062
1073
  const result = await server2.processTick(
@@ -1064,7 +1075,7 @@ function createRouteHandler(server2) {
1064
1075
  Array.isArray(events) ? events : void 0
1065
1076
  );
1066
1077
  const warnings = validation?.warnings ?? [];
1067
- json(res, 200, {
1078
+ respond(200, {
1068
1079
  adjustments: result.adjustments,
1069
1080
  alerts: result.alerts.map((a) => ({
1070
1081
  principleId: a.principle.id,
@@ -1076,18 +1087,18 @@ function createRouteHandler(server2) {
1076
1087
  health: result.health,
1077
1088
  tick: result.tick,
1078
1089
  ...warnings.length > 0 ? { validationWarnings: warnings } : {}
1079
- }, cors);
1090
+ });
1080
1091
  return;
1081
1092
  }
1082
1093
  if (path === "/health" && method === "GET") {
1083
1094
  const agentE = server2.getAgentE();
1084
- json(res, 200, {
1095
+ respond(200, {
1085
1096
  health: agentE.getHealth(),
1086
1097
  tick: agentE.metrics.latest()?.tick ?? 0,
1087
1098
  mode: agentE.getMode(),
1088
1099
  activePlans: agentE.getActivePlans().length,
1089
1100
  uptime: server2.getUptime()
1090
- }, cors);
1101
+ });
1091
1102
  return;
1092
1103
  }
1093
1104
  if (path === "/decisions" && method === "GET") {
@@ -1099,19 +1110,19 @@ function createRouteHandler(server2) {
1099
1110
  if (sinceParam) {
1100
1111
  const since = parseInt(sinceParam, 10);
1101
1112
  if (Number.isNaN(since)) {
1102
- json(res, 400, { error: 'Invalid "since" parameter \u2014 must be a number' }, cors);
1113
+ respond(400, { error: 'Invalid "since" parameter \u2014 must be a number' });
1103
1114
  return;
1104
1115
  }
1105
1116
  decisions = agentE.getDecisions({ since });
1106
1117
  } else {
1107
1118
  decisions = agentE.log.latest(limit);
1108
1119
  }
1109
- json(res, 200, { decisions }, cors);
1120
+ respond(200, { decisions });
1110
1121
  return;
1111
1122
  }
1112
1123
  if (path === "/config" && method === "POST") {
1113
1124
  if (!checkAuth(req, apiKey)) {
1114
- json(res, 401, { error: "Unauthorized" }, cors);
1125
+ respond(401, { error: "Unauthorized" });
1115
1126
  return;
1116
1127
  }
1117
1128
  const body = await readBody(req);
@@ -1119,7 +1130,7 @@ function createRouteHandler(server2) {
1119
1130
  try {
1120
1131
  parsed = sanitizeJson(JSON.parse(body));
1121
1132
  } catch {
1122
- json(res, 400, { error: "Invalid JSON" }, cors);
1133
+ respond(400, { error: "Invalid JSON" });
1123
1134
  return;
1124
1135
  }
1125
1136
  const config = parsed;
@@ -1139,11 +1150,11 @@ function createRouteHandler(server2) {
1139
1150
  if (c && typeof c === "object" && typeof c["param"] === "string" && typeof c["min"] === "number" && typeof c["max"] === "number") {
1140
1151
  const constraint = c;
1141
1152
  if (!Number.isFinite(constraint.min) || !Number.isFinite(constraint.max)) {
1142
- json(res, 400, { error: "Constraint bounds must be finite numbers" }, cors);
1153
+ respond(400, { error: "Constraint bounds must be finite numbers" });
1143
1154
  return;
1144
1155
  }
1145
1156
  if (constraint.min > constraint.max) {
1146
- json(res, 400, { error: "Constraint min cannot exceed max" }, cors);
1157
+ respond(400, { error: "Constraint min cannot exceed max" });
1147
1158
  return;
1148
1159
  }
1149
1160
  validated.push(constraint);
@@ -1156,12 +1167,12 @@ function createRouteHandler(server2) {
1156
1167
  if (config["mode"] === "autonomous" || config["mode"] === "advisor") {
1157
1168
  server2.setMode(config["mode"]);
1158
1169
  }
1159
- json(res, 200, { ok: true }, cors);
1170
+ respond(200, { ok: true });
1160
1171
  return;
1161
1172
  }
1162
1173
  if (path === "/principles" && method === "GET") {
1163
1174
  const principles = server2.getAgentE().getPrinciples();
1164
- json(res, 200, {
1175
+ respond(200, {
1165
1176
  count: principles.length,
1166
1177
  principles: principles.map((p) => ({
1167
1178
  id: p.id,
@@ -1169,12 +1180,12 @@ function createRouteHandler(server2) {
1169
1180
  category: p.category,
1170
1181
  description: p.description
1171
1182
  }))
1172
- }, cors);
1183
+ });
1173
1184
  return;
1174
1185
  }
1175
1186
  if (path === "/diagnose" && method === "POST") {
1176
1187
  if (!checkAuth(req, apiKey)) {
1177
- json(res, 401, { error: "Unauthorized" }, cors);
1188
+ respond(401, { error: "Unauthorized" });
1178
1189
  return;
1179
1190
  }
1180
1191
  const body = await readBody(req);
@@ -1182,7 +1193,7 @@ function createRouteHandler(server2) {
1182
1193
  try {
1183
1194
  parsed = sanitizeJson(JSON.parse(body));
1184
1195
  } catch {
1185
- json(res, 400, { error: "Invalid JSON" }, cors);
1196
+ respond(400, { error: "Invalid JSON" });
1186
1197
  return;
1187
1198
  }
1188
1199
  const payload = parsed;
@@ -1190,12 +1201,12 @@ function createRouteHandler(server2) {
1190
1201
  if (server2.validateState) {
1191
1202
  const validation = (0, import_core.validateEconomyState)(state);
1192
1203
  if (!validation.valid) {
1193
- json(res, 400, { error: "invalid_state", validationErrors: validation.errors }, cors);
1204
+ respond(400, { error: "invalid_state", validationErrors: validation.errors });
1194
1205
  return;
1195
1206
  }
1196
1207
  }
1197
1208
  const result = server2.diagnoseOnly(state);
1198
- json(res, 200, {
1209
+ respond(200, {
1199
1210
  health: result.health,
1200
1211
  diagnoses: result.diagnoses.map((d) => ({
1201
1212
  principleId: d.principle.id,
@@ -1204,11 +1215,11 @@ function createRouteHandler(server2) {
1204
1215
  evidence: d.violation.evidence,
1205
1216
  suggestedAction: d.violation.suggestedAction
1206
1217
  }))
1207
- }, cors);
1218
+ });
1208
1219
  return;
1209
1220
  }
1210
1221
  if (path === "/" && method === "GET" && server2.serveDashboard) {
1211
- setCorsHeaders(res, cors);
1222
+ setCorsHeaders(res, cors, reqOrigin);
1212
1223
  res.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src 'self' ws: wss:; img-src 'self' data:");
1213
1224
  res.setHeader("Cache-Control", "public, max-age=60");
1214
1225
  res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
@@ -1219,7 +1230,7 @@ function createRouteHandler(server2) {
1219
1230
  const agentE = server2.getAgentE();
1220
1231
  const latest = agentE.store.latest();
1221
1232
  const history = agentE.store.recentHistory(100);
1222
- json(res, 200, { latest, history }, cors);
1233
+ respond(200, { latest, history });
1223
1234
  return;
1224
1235
  }
1225
1236
  if (path === "/metrics/personas" && method === "GET") {
@@ -1227,12 +1238,12 @@ function createRouteHandler(server2) {
1227
1238
  const latest = agentE.store.latest();
1228
1239
  const dist = latest.personaDistribution || {};
1229
1240
  const total = Object.values(dist).reduce((s, v) => s + v, 0);
1230
- json(res, 200, { distribution: dist, total }, cors);
1241
+ respond(200, { distribution: dist, total });
1231
1242
  return;
1232
1243
  }
1233
1244
  if (path === "/approve" && method === "POST") {
1234
1245
  if (!checkAuth(req, apiKey)) {
1235
- json(res, 401, { error: "Unauthorized" }, cors);
1246
+ respond(401, { error: "Unauthorized" });
1236
1247
  return;
1237
1248
  }
1238
1249
  const body = await readBody(req);
@@ -1240,42 +1251,42 @@ function createRouteHandler(server2) {
1240
1251
  try {
1241
1252
  parsed = sanitizeJson(JSON.parse(body));
1242
1253
  } catch {
1243
- json(res, 400, { error: "Invalid JSON" }, cors);
1254
+ respond(400, { error: "Invalid JSON" });
1244
1255
  return;
1245
1256
  }
1246
1257
  const payload = parsed;
1247
1258
  const decisionId = payload["decisionId"];
1248
1259
  if (!decisionId) {
1249
- json(res, 400, { error: "missing_decision_id" }, cors);
1260
+ respond(400, { error: "missing_decision_id" });
1250
1261
  return;
1251
1262
  }
1252
1263
  const agentE = server2.getAgentE();
1253
1264
  if (agentE.getMode() !== "advisor") {
1254
- json(res, 400, { error: "not_in_advisor_mode" }, cors);
1265
+ respond(400, { error: "not_in_advisor_mode" });
1255
1266
  return;
1256
1267
  }
1257
1268
  const entry = agentE.log.getById(decisionId);
1258
1269
  if (!entry) {
1259
- json(res, 404, { error: "decision_not_found" }, cors);
1270
+ respond(404, { error: "decision_not_found" });
1260
1271
  return;
1261
1272
  }
1262
1273
  if (entry.result !== "skipped_override") {
1263
- json(res, 409, { error: "decision_not_pending", currentResult: entry.result }, cors);
1274
+ respond(409, { error: "decision_not_pending", currentResult: entry.result });
1264
1275
  return;
1265
1276
  }
1266
1277
  await agentE.apply(entry.plan);
1267
1278
  agentE.log.updateResult(decisionId, "applied");
1268
1279
  server2.broadcast({ type: "advisor_action", action: "approved", decisionId });
1269
- json(res, 200, {
1280
+ respond(200, {
1270
1281
  ok: true,
1271
1282
  parameter: entry.plan.parameter,
1272
1283
  value: entry.plan.targetValue
1273
- }, cors);
1284
+ });
1274
1285
  return;
1275
1286
  }
1276
1287
  if (path === "/reject" && method === "POST") {
1277
1288
  if (!checkAuth(req, apiKey)) {
1278
- json(res, 401, { error: "Unauthorized" }, cors);
1289
+ respond(401, { error: "Unauthorized" });
1279
1290
  return;
1280
1291
  }
1281
1292
  const body = await readBody(req);
@@ -1283,49 +1294,49 @@ function createRouteHandler(server2) {
1283
1294
  try {
1284
1295
  parsed = sanitizeJson(JSON.parse(body));
1285
1296
  } catch {
1286
- json(res, 400, { error: "Invalid JSON" }, cors);
1297
+ respond(400, { error: "Invalid JSON" });
1287
1298
  return;
1288
1299
  }
1289
1300
  const payload = parsed;
1290
1301
  const decisionId = payload["decisionId"];
1291
1302
  const reason = payload["reason"] || void 0;
1292
1303
  if (!decisionId) {
1293
- json(res, 400, { error: "missing_decision_id" }, cors);
1304
+ respond(400, { error: "missing_decision_id" });
1294
1305
  return;
1295
1306
  }
1296
1307
  const agentE = server2.getAgentE();
1297
1308
  if (agentE.getMode() !== "advisor") {
1298
- json(res, 400, { error: "not_in_advisor_mode" }, cors);
1309
+ respond(400, { error: "not_in_advisor_mode" });
1299
1310
  return;
1300
1311
  }
1301
1312
  const entry = agentE.log.getById(decisionId);
1302
1313
  if (!entry) {
1303
- json(res, 404, { error: "decision_not_found" }, cors);
1314
+ respond(404, { error: "decision_not_found" });
1304
1315
  return;
1305
1316
  }
1306
1317
  if (entry.result !== "skipped_override") {
1307
- json(res, 409, { error: "decision_not_pending", currentResult: entry.result }, cors);
1318
+ respond(409, { error: "decision_not_pending", currentResult: entry.result });
1308
1319
  return;
1309
1320
  }
1310
1321
  agentE.log.updateResult(decisionId, "rejected", reason);
1311
1322
  server2.broadcast({ type: "advisor_action", action: "rejected", decisionId, reason });
1312
- json(res, 200, { ok: true, decisionId }, cors);
1323
+ respond(200, { ok: true, decisionId });
1313
1324
  return;
1314
1325
  }
1315
1326
  if (path === "/pending" && method === "GET") {
1316
1327
  const agentE = server2.getAgentE();
1317
1328
  const pending = agentE.log.query({ result: "skipped_override" });
1318
- json(res, 200, {
1329
+ respond(200, {
1319
1330
  mode: agentE.getMode(),
1320
1331
  pending,
1321
1332
  count: pending.length
1322
- }, cors);
1333
+ });
1323
1334
  return;
1324
1335
  }
1325
- json(res, 404, { error: "Not found" }, cors);
1336
+ respond(404, { error: "Not found" });
1326
1337
  } catch (err) {
1327
1338
  console.error("[AgentE Server] Unhandled route error:", err);
1328
- json(res, 500, { error: "Internal server error" }, cors);
1339
+ respond(500, { error: "Internal server error" });
1329
1340
  }
1330
1341
  };
1331
1342
  }