@agentmeshhq/agent 0.1.12 → 0.1.14

package/src/core/injector.ts

@@ -6,15 +6,38 @@ import type { InboxItem } from "./registry.js";
 import { sendKeys } from "./tmux.js";
 import type { WebSocketEvent } from "./websocket.js";
 
-export function injectStartupMessage(agentName: string, pendingCount: number): void {
+export function injectStartupMessage(
+  agentName: string,
+  pendingCount: number,
+  inboxItems?: InboxItem[],
+): void {
   if (pendingCount === 0) {
     const message = `[AgentMesh] Connected and ready. No pending items in inbox.`;
     sendKeys(agentName, message);
     return;
   }
 
-  const message = `[AgentMesh] Welcome back! You have ${pendingCount} pending handoff${pendingCount === 1 ? "" : "s"} in your inbox.
-Use agentmesh_check_inbox to see them, or agentmesh_accept_handoff to start working.`;
+  // Build detailed message with handoff info
+  let message = `[AgentMesh] Welcome back! You have ${pendingCount} pending handoff${pendingCount === 1 ? "" : "s"}.`;
+
+  if (inboxItems && inboxItems.length > 0) {
+    message += "\n\n--- PENDING HANDOFFS ---";
+    for (const item of inboxItems.slice(0, 3)) {
+      // Show up to 3
+      const fromName = item.from_agent?.display_name || item.from_agent_id || "Unknown";
+      message += `\n\nHandoff ID: ${item.id}`;
+      message += `\nFrom: ${fromName}`;
+      message += `\nScope: ${item.scope || "Not specified"}`;
+      message += `\nReason: ${item.reason || "Not specified"}`;
+    }
+    if (inboxItems.length > 3) {
+      message += `\n\n... and ${inboxItems.length - 3} more.`;
+    }
+    message += "\n\n--- END HANDOFFS ---";
+    message += "\n\nReview the handoff(s) above and begin work on the assigned task.";
+  } else {
+    message += "\nUse agentmesh_check_inbox to see them.";
+  }
 
   sendKeys(agentName, message);
 }
@@ -84,7 +107,7 @@ interface SlackFile {
 export function injectSlackMessage(
   agentName: string,
   event: WebSocketEvent,
-  context?: EventContext,
+  _context?: EventContext,
 ): void {
   const user = (event.user as string) || "unknown";
   const channel = (event.channel as string) || "unknown";

package/src/core/registry.ts

@@ -8,11 +8,17 @@ export interface RegisterOptions {
   agentName: string;
   model: string;
   capabilities?: string[];
+  restoreContext?: boolean;
 }
 
+export type ServerContext = Record<string, Record<string, unknown>>;
+
 export interface RegisterResult {
   agentId: string;
   token: string;
+  status?: "registered" | "re-registered";
+  context?: ServerContext;
+  assignments?: ProjectAssignment[];
 }
 
 export interface InboxItem {
@@ -42,6 +48,7 @@ export async function registerAgent(options: RegisterOptions): Promise<RegisterR
       model: options.model,
       capabilities: options.capabilities || ["coding", "review", "debugging"],
       workspace: options.workspace,
+      restore_context: options.restoreContext ?? true,
     }),
   });
 
@@ -57,7 +64,13 @@ export async function registerAgent(options: RegisterOptions): Promise<RegisterR
     throw new Error("No token in registration response");
   }
 
-  return { agentId, token };
+  return {
+    agentId,
+    token,
+    status: data.status,
+    context: data.context,
+    assignments: data.assignments,
+  };
 }
 
 export async function checkInbox(

package/src/core/runner.ts

@@ -120,11 +120,36 @@ export function validateOpenCodeModel(model: string): { valid: boolean; error?:
   };
 }
 
+// Common model aliases to their full OpenCode names
+const MODEL_ALIASES: Record<string, string> = {
+  "claude-sonnet-4": "anthropic/claude-sonnet-4-5",
+  "claude-sonnet-4-5": "anthropic/claude-sonnet-4-5",
+  "claude-opus-4": "anthropic/claude-opus-4-5",
+  "claude-opus-4-5": "anthropic/claude-opus-4-5",
+  "claude-haiku-4": "anthropic/claude-haiku-4-5",
+  "claude-haiku-4-5": "anthropic/claude-haiku-4-5",
+  "gpt-4o": "openai/gpt-4o",
+  "gpt-4": "openai/gpt-4",
+  o3: "openai/o3",
+  "o3-mini": "openai/o3-mini",
+  codex: "openai/codex",
+};
+
 /**
  * Normalizes a model name for OpenCode
- * e.g., "claude-sonnet-4" -> "anthropic/claude-sonnet-4" if that's what OpenCode expects
+ * e.g., "claude-sonnet-4" -> "anthropic/claude-sonnet-4-5" if that's what OpenCode expects
  */
 export function normalizeOpenCodeModel(model: string): string {
+  // Check hardcoded aliases first (works even if opencode not installed)
+  if (MODEL_ALIASES[model]) {
+    return MODEL_ALIASES[model];
+  }
+
+  // Already has provider prefix
+  if (model.includes("/")) {
+    return model;
+  }
+
   const models = getOpenCodeModels();
 
   // Direct match

package/src/core/sandbox.ts

@@ -0,0 +1,550 @@
+/**
+ * Docker Sandbox Runtime
+ *
+ * Provides containerized execution of agents with filesystem isolation.
+ * Each agent runs in its own container with only the allowed workspace mounted.
+ */
+
+import { type ChildProcess, execSync, spawn, spawnSync } from "node:child_process";
+import crypto from "node:crypto";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+export interface SandboxConfig {
+  /** Agent name (used for container naming) */
+  agentName: string;
+  /** Image to use for the container */
+  image: string;
+  /** Workspace path on host to mount */
+  workspacePath: string;
+  /** Container mount point for workspace (default: /workspace) */
+  containerWorkdir?: string;
+  /** CPU limit (e.g., "0.5" for half a CPU) */
+  cpuLimit?: string;
+  /** Memory limit (e.g., "512m", "1g") */
+  memoryLimit?: string;
+  /** Environment variables to pass to container */
+  env?: Record<string, string>;
+  /** Network mode (default: bridge) */
+  networkMode?: string;
+  /** Additional mounts (host:container format) */
+  additionalMounts?: string[];
+  /** Run opencode serve instead of TUI */
+  serveMode?: boolean;
+  /** Port for serve mode */
+  servePort?: number;
+  /** Custom command to run in container (overrides default) */
+  command?: string[];
+}
+
+export interface SandboxMountPolicy {
+  /** Paths that are allowed to be mounted */
+  allowedPaths: string[];
+  /** Paths that are explicitly denied (checked first) */
+  deniedPaths: string[];
+}
+
+// Default mount policy - deny sensitive paths
+const DEFAULT_DENY_PATHS = [
+  "~/.ssh",
+  "~/.gnupg",
+  "~/.aws",
+  "~/.config/gcloud",
+  "~/.kube",
+  "~/.docker",
+  "/etc/passwd",
+  "/etc/shadow",
+  "/etc/hosts",
+  "/var/run/docker.sock",
+];
+
+export class DockerSandbox {
+  private config: SandboxConfig;
+  private containerId: string | null = null;
+  private containerName: string;
+  private process: ChildProcess | null = null;
+
+  constructor(config: SandboxConfig) {
+    this.config = {
+      containerWorkdir: "/workspace",
+      cpuLimit: "1",
+      memoryLimit: "2g",
+      networkMode: "bridge",
+      ...config,
+    };
+    // Generate unique container name
+    const suffix = crypto.randomBytes(4).toString("hex");
+    this.containerName = `agentmesh-sandbox-${config.agentName}-${suffix}`;
+  }
+
+  /**
+   * Validates that the workspace path is allowed based on policy
+   */
+  validateMountPolicy(policy?: SandboxMountPolicy): void {
+    const workspacePath = this.expandPath(this.config.workspacePath);
+
+    // Check denied paths first
+    const deniedPaths = policy?.deniedPaths || DEFAULT_DENY_PATHS;
+    for (const denied of deniedPaths) {
+      const expandedDenied = this.expandPath(denied);
+      if (workspacePath.startsWith(expandedDenied) || workspacePath === expandedDenied) {
+        throw new Error(`Mount denied: ${workspacePath} matches denied path ${denied}`);
+      }
+    }
+
+    // Check allowed paths if specified
+    if (policy?.allowedPaths && policy.allowedPaths.length > 0) {
+      const isAllowed = policy.allowedPaths.some((allowed) => {
+        const expandedAllowed = this.expandPath(allowed);
+        return workspacePath.startsWith(expandedAllowed);
+      });
+      if (!isAllowed) {
+        throw new Error(`Mount denied: ${workspacePath} is not in allowed paths`);
+      }
+    }
+
+    // Verify path exists
+    if (!fs.existsSync(workspacePath)) {
+      throw new Error(`Workspace path does not exist: ${workspacePath}`);
+    }
+  }
+
+  /**
+   * Expands ~ to home directory
+   */
+  private expandPath(p: string): string {
+    if (p.startsWith("~")) {
+      return path.join(os.homedir(), p.slice(1));
+    }
+    return path.resolve(p);
+  }
+
+  /**
+   * Checks if Docker is available
+   */
+  static checkDockerAvailable(): boolean {
+    try {
+      const result = spawnSync("docker", ["--version"], {
+        encoding: "utf-8",
+        timeout: 5000,
+      });
+      return result.status === 0;
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Pulls the sandbox image if not present
+   */
+  async pullImage(): Promise<void> {
+    console.log(`Checking for image: ${this.config.image}`);
+
+    // Check if image exists locally
+    const result = spawnSync("docker", ["image", "inspect", this.config.image], {
+      encoding: "utf-8",
+    });
+
+    if (result.status === 0) {
+      console.log("Image found locally");
+      return;
+    }
+
+    console.log(`Pulling image: ${this.config.image}...`);
+    const pullResult = spawnSync("docker", ["pull", this.config.image], {
+      encoding: "utf-8",
+      stdio: "inherit",
+    });
+
+    if (pullResult.status !== 0) {
+      throw new Error(`Failed to pull image: ${this.config.image}`);
+    }
+  }
+
+  /**
+   * Creates and starts the sandbox container
+   */
+  async start(): Promise<string> {
+    // Validate mount policy
+    this.validateMountPolicy();
+
+    const workspacePath = this.expandPath(this.config.workspacePath);
+
+    // Build docker run arguments
+    const args: string[] = [
+      "run",
+      "-d", // Detached
+      "--name",
+      this.containerName,
+      "--hostname",
+      `sandbox-${this.config.agentName}`,
+
+      // Resource limits
+      "--cpus",
+      this.config.cpuLimit!,
+      "--memory",
+      this.config.memoryLimit!,
+
+      // Security: run as non-root
+      "--user",
+      "1000:1000",
+
+      // Network
+      "--network",
+      this.config.networkMode!,
+
+      // Mount workspace
+      "-v",
+      `${workspacePath}:${this.config.containerWorkdir}:rw`,
+
+      // Working directory
+      "-w",
+      this.config.containerWorkdir!,
+    ];
+
+    // Add environment variables
+    if (this.config.env) {
+      for (const [key, value] of Object.entries(this.config.env)) {
+        args.push("-e", `${key}=${value}`);
+      }
+    }
+
+    // Add additional mounts
+    if (this.config.additionalMounts) {
+      for (const mount of this.config.additionalMounts) {
+        args.push("-v", mount);
+      }
+    }
+
+    // Expose port for serve mode
+    if (this.config.serveMode && this.config.servePort) {
+      args.push("-p", `${this.config.servePort}:${this.config.servePort}`);
+    }
+
+    // Image and command
+    args.push(this.config.image);
+
+    // Command: custom command > serve mode > tail
+    if (this.config.command && this.config.command.length > 0) {
+      // Custom command (e.g., agentmesh start inside container)
+      args.push(...this.config.command);
+    } else if (this.config.serveMode) {
+      args.push(
+        "opencode",
+        "serve",
+        "--port",
+        String(this.config.servePort || 3001),
+        "--hostname",
+        "0.0.0.0",
+      );
+    } else {
+      // Keep container running for attach capability
+      args.push("tail", "-f", "/dev/null");
+    }
+
+    console.log(`Starting sandbox container: ${this.containerName}`);
+
+    const result = spawnSync("docker", args, {
+      encoding: "utf-8",
+    });
+
+    if (result.status !== 0) {
+      throw new Error(`Failed to start container: ${result.stderr || result.stdout}`);
+    }
+
+    this.containerId = result.stdout.trim();
+    console.log(`Container started: ${this.containerId.substring(0, 12)}`);
+
+    return this.containerId;
+  }
+
+  /**
+   * Executes a command in the running container
+   */
+  async exec(command: string[], options?: { interactive?: boolean }): Promise<string> {
+    if (!this.containerId && !this.containerName) {
+      throw new Error("Container not started");
+    }
+
+    const target = this.containerId || this.containerName;
+    const args = ["exec"];
+
+    if (options?.interactive) {
+      args.push("-it");
+    }
+
+    args.push(target, ...command);
+
+    const result = spawnSync("docker", args, {
+      encoding: "utf-8",
+      stdio: options?.interactive ? "inherit" : "pipe",
+    });
+
+    if (result.status !== 0 && !options?.interactive) {
+      throw new Error(`Exec failed: ${result.stderr || result.stdout}`);
+    }
+
+    return result.stdout || "";
+  }
+
+  /**
+   * Spawns opencode in the container (for non-serve mode)
+   */
+  async spawnOpencode(): Promise<ChildProcess> {
+    if (!this.containerId && !this.containerName) {
+      throw new Error("Container not started");
+    }
+
+    const target = this.containerId || this.containerName;
+
+    // Build environment args
+    const envArgs: string[] = [];
+    if (this.config.env) {
+      for (const [key, value] of Object.entries(this.config.env)) {
+        envArgs.push("-e", `${key}=${value}`);
+      }
+    }
+
+    this.process = spawn("docker", ["exec", "-it", ...envArgs, target, "opencode"], {
+      stdio: "inherit",
+    });
+
+    return this.process;
+  }
+
+  /**
+   * Attaches to the container's opencode process
+   */
+  attach(): void {
+    if (!this.containerId && !this.containerName) {
+      throw new Error("Container not started");
+    }
+
+    const target = this.containerId || this.containerName;
+
+    // Exec into container interactively
+    execSync(`docker exec -it ${target} opencode`, {
+      stdio: "inherit",
+    });
+  }
+
+  /**
+   * Gets container logs
+   */
+  getLogs(lines = 100): string {
+    if (!this.containerId && !this.containerName) {
+      throw new Error("Container not started");
+    }
+
+    const target = this.containerId || this.containerName;
+    const result = spawnSync("docker", ["logs", "--tail", String(lines), target], {
+      encoding: "utf-8",
+    });
+
+    return result.stdout + result.stderr;
+  }
+
+  /**
+   * Follows container logs
+   */
+  followLogs(): void {
+    if (!this.containerId && !this.containerName) {
+      throw new Error("Container not started");
+    }
+
+    const target = this.containerId || this.containerName;
+    execSync(`docker logs -f ${target}`, { stdio: "inherit" });
+  }
+
+  /**
+   * Checks if container is running
+   */
+  isRunning(): boolean {
+    if (!this.containerId && !this.containerName) {
+      return false;
+    }
+
+    const target = this.containerId || this.containerName;
+    const result = spawnSync("docker", ["inspect", "-f", "{{.State.Running}}", target], {
+      encoding: "utf-8",
+    });
+
+    return result.stdout.trim() === "true";
+  }
+
+  /**
+   * Gets container status
+   */
+  getStatus(): { running: boolean; status: string; health?: string } {
+    if (!this.containerId && !this.containerName) {
+      return { running: false, status: "not created" };
+    }
+
+    const target = this.containerId || this.containerName;
+    const result = spawnSync(
+      "docker",
+      ["inspect", "-f", "{{.State.Running}}|{{.State.Status}}|{{.State.Health.Status}}", target],
+      { encoding: "utf-8" },
+    );
+
+    if (result.status !== 0) {
+      return { running: false, status: "not found" };
+    }
+
+    const [running, status, health] = result.stdout.trim().split("|");
+    return {
+      running: running === "true",
+      status,
+      health: health || undefined,
+    };
+  }
+
+  /**
+   * Stops the container
+   */
+  async stop(): Promise<void> {
+    if (!this.containerId && !this.containerName) {
+      return;
+    }
+
+    const target = this.containerId || this.containerName;
+    console.log(`Stopping container: ${target}`);
+
+    spawnSync("docker", ["stop", "-t", "10", target], {
+      encoding: "utf-8",
+    });
+  }
+
+  /**
+   * Removes the container
+   */
+  async destroy(): Promise<void> {
+    if (!this.containerId && !this.containerName) {
+      return;
+    }
+
+    const target = this.containerId || this.containerName;
+    console.log(`Destroying container: ${target}`);
+
+    // Stop if running
+    await this.stop();
+
+    // Remove
+    spawnSync("docker", ["rm", "-f", target], {
+      encoding: "utf-8",
+    });
+
+    this.containerId = null;
+  }
+
+  /**
+   * Restarts the container (destroy + start)
+   * Returns the new container ID
+   */
+  async restart(): Promise<string> {
+    await this.destroy();
+
+    // Generate a new container name
+    const suffix = crypto.randomBytes(4).toString("hex");
+    this.containerName = `agentmesh-sandbox-${this.config.agentName}-${suffix}`;
+
+    return this.start();
+  }
+
+  /**
+   * Force removes any existing containers for this agent
+   */
+  static forceCleanup(agentName: string): number {
+    const result = spawnSync(
+      "docker",
+      ["ps", "-aq", "--filter", `name=agentmesh-sandbox-${agentName}-`],
+      { encoding: "utf-8" },
+    );
+
+    if (result.status !== 0 || !result.stdout.trim()) {
+      return 0;
+    }
+
+    const containers = result.stdout.trim().split("\n").filter(Boolean);
+
+    for (const containerId of containers) {
+      spawnSync("docker", ["rm", "-f", containerId], {
+        encoding: "utf-8",
+        timeout: 10000,
+      });
+    }
+
+    return containers.length;
+  }
+
+  /**
+   * Gets container name
+   */
+  getContainerName(): string {
+    return this.containerName;
+  }
+
+  /**
+   * Gets container ID
+   */
+  getContainerId(): string | null {
+    return this.containerId;
+  }
+
+  /**
+   * Finds existing sandbox container for an agent
+   */
+  static findExisting(agentName: string): string | null {
+    const result = spawnSync(
+      "docker",
+      [
+        "ps",
+        "-aq",
+        "--filter",
+        `name=agentmesh-sandbox-${agentName}-`,
+        "--filter",
+        "status=running",
+      ],
+      { encoding: "utf-8" },
+    );
+
+    const containerId = result.stdout.trim().split("\n")[0];
+    return containerId || null;
+  }
+
+  /**
+   * Lists all sandbox containers
+   */
+  static listAll(): Array<{
+    id: string;
+    name: string;
+    status: string;
+    image: string;
+  }> {
+    const result = spawnSync(
+      "docker",
+      [
+        "ps",
+        "-a",
+        "--filter",
+        "name=agentmesh-sandbox-",
+        "--format",
+        "{{.ID}}|{{.Names}}|{{.Status}}|{{.Image}}",
+      ],
+      { encoding: "utf-8" },
+    );
+
+    if (result.status !== 0 || !result.stdout.trim()) {
+      return [];
+    }
+
+    return result.stdout
+      .trim()
+      .split("\n")
+      .map((line) => {
+        const [id, name, status, image] = line.split("|");
+        return { id, name, status, image };
+      });
+  }
+}