@axiom-lattice/gateway 2.1.65 → 2.1.67

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axiom-lattice/gateway",
-  "version": "2.1.65",
+  "version": "2.1.67",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",

package/src/controllers/auth.ts

@@ -463,6 +463,23 @@ export class AuthController {
   }
 }
 
+export function extractUserFromAuthHeader(
+  authHeader: string | undefined
+): { id: string; tenantId?: string } | undefined {
+  if (!authHeader?.startsWith("Bearer ")) return undefined;
+  const token = authHeader.substring(7);
+  try {
+    const payload = JSON.parse(atob(token));
+    if (payload.exp && payload.exp < Date.now()) return undefined;
+    return {
+      id: payload.userId,
+      tenantId: payload.tenantId,
+    };
+  } catch {
+    return undefined;
+  }
+}
+
 export function registerAuthRoutes(
   app: FastifyInstance,
   config?: Partial<AuthConfig>
@@ -470,37 +487,14 @@ export function registerAuthRoutes(
   const controller = new AuthController(config);
 
   const authHook = async (request: FastifyRequest, reply: FastifyReply) => {
-    const authHeader = request.headers.authorization;
-
-    if (!authHeader || !authHeader.startsWith("Bearer ")) {
-      return reply.status(401).send({
-        success: false,
-        error: "Unauthorized - Missing or invalid token",
-      });
-    }
-
-    const token = authHeader.substring(7);
-
-    try {
-      const payload = JSON.parse(atob(token));
-
-      if (payload.exp && payload.exp < Date.now()) {
-        return reply.status(401).send({
-          success: false,
-          error: "Unauthorized - Token expired",
-        });
-      }
-
-      (request as any).user = {
-        id: payload.userId,
-        tenantId: payload.tenantId,
-      };
-    } catch {
+    const user = extractUserFromAuthHeader(request.headers.authorization);
+    if (!user) {
       return reply.status(401).send({
         success: false,
-        error: "Unauthorized - Invalid token",
+        error: "Unauthorized",
       });
     }
+    (request as any).user = user;
   };
 
   app.post("/api/auth/register", controller.register.bind(controller));

package/src/controllers/run.ts

@@ -10,6 +10,12 @@ import {
 } from "@axiom-lattice/core";
 import { MessageChunkTypes } from "@axiom-lattice/protocols";
 
+function getUserId(request: FastifyRequest): string | undefined {
+  const authUser = (request as any).user;
+  if (authUser?.id) return authUser.id;
+  return (request.headers["x-user-id"] as string) || undefined;
+}
+
 interface ResumeStreamRequest {
   thread_id: string;
   assistant_id: string
@@ -40,6 +46,12 @@ export const createRun = async (
     const workspace_id = request.headers["x-workspace-id"] as string;
     const project_id = request.headers["x-project-id"] as string;
     const x_request_id = (request.headers["x-request-id"] as string) || v4();
+    const user_id = getUserId(request);
+
+    // Merge user_id into custom_run_config for downstream propagation
+    const mergedConfig = user_id
+      ? { ...custom_run_config, user_id }
+      : custom_run_config;
 
     // Validate request
     if (!assistant_id) {
@@ -57,7 +69,7 @@ export const createRun = async (
       tenant_id,
       workspace_id,
       project_id,
-      custom_run_config,
+      custom_run_config: mergedConfig,
     });
 
 
@@ -83,7 +95,7 @@ export const createRun = async (
         const result = await agent.addMessage({
           input: messageInput,
           command,
-          custom_run_config,
+          custom_run_config: mergedConfig,
         }, mode as QueueMode);
 
         // const agentStatus = await agent.getRunStatus()
@@ -124,7 +136,7 @@ export const createRun = async (
       const result = await agent.invoke({
         input: { message: msg, ...restInputNonStream },
         command,
-        custom_run_config,
+        custom_run_config: mergedConfig,
       });
       reply.status(200).send({
         success: true,

package/src/controllers/workflow-tracking.ts

@@ -383,3 +383,87 @@ export async function getRunTasks(
     return reply.status(500).send({ success: false, message: "Failed to retrieve user tasks" });
   }
 }
+
+// 简化的 Inbox 任务回复接口
+interface ReplyInboxRequest {
+  runId: string;
+  answers: Array<{
+    questionIndex: number;
+    selectedOptions: string[];
+  }>;
+}
+
+export async function replyInboxTask(
+  request: FastifyRequest<{ Body: ReplyInboxRequest }>,
+  reply: FastifyReply
+): Promise<void> {
+  const { runId, answers } = request.body;
+  const tenantId = getTenantId(request);
+
+  try {
+    // 1. 获取 WorkflowRun 信息
+    const store = getTrackingStore();
+    if (!store) {
+      return reply.status(404).send({ 
+        success: false, 
+        message: "No workflow tracking store configured" 
+      });
+    }
+
+    const run = await store.getWorkflowRun(runId);
+    if (!run) {
+      return reply.status(404).send({ 
+        success: false, 
+        message: "Workflow run not found" 
+      });
+    }
+
+    // 2. 获取 Agent 实例
+    const agent = agentInstanceManager.getAgent({
+      assistant_id: run.assistantId,
+      thread_id: run.threadId,
+      tenant_id: tenantId,
+    });
+
+    // 3. 提交 resume 请求并确认没有报错
+    // addMessage 会触发 streaming 执行，但不会等待完整 workflow 完成
+    try {
+      await agent.addMessage({
+        input: { message: "Clarification answers submitted" },
+        command: {
+          resume: {
+            action: "submit",
+            data: { answers },
+            message: "Clarification answers submitted",
+          },
+        },
+      });
+    } catch (error) {
+      // resume 提交失败（如 thread 不在 interrupted 状态）
+      return reply.status(400).send({
+        success: false,
+        message: "Failed to resume workflow",
+        error: error instanceof Error ? error.message : String(error),
+      });
+    }
+
+    // 4. 立即返回成功（不等待 agent 执行完成）
+    return reply.status(200).send({
+      success: true,
+      message: "Resume request submitted successfully",
+      data: {
+        runId: run.id,
+        assistantId: run.assistantId,
+        threadId: run.threadId,
+        status: "resuming",
+      },
+    });
+
+  } catch (error) {
+    request.log.error(error, "Failed to reply inbox task");
+    return reply.status(500).send({ 
+      success: false, 
+      message: "Failed to submit resume request" 
+    });
+  }
+}

package/src/index.ts

@@ -7,6 +7,7 @@ import staticPlugin from "@fastify/static";
 import path from "path";
 import { fileURLToPath } from "url";
 import { registerLatticeRoutes } from "./routes";
+import { extractUserFromAuthHeader } from "./controllers/auth";
 import { configureSwagger } from "./swagger";
 import {
   setQueueServiceType,
@@ -20,7 +21,6 @@ import {
   sandboxLatticeManager,
   sqlDatabaseManager,
   getStoreLattice,
-  storeLatticeManager,
   agentInstanceManager,
   createSandboxProvider,
   type CreateSandboxProviderConfig,
@@ -90,21 +90,49 @@ app.addContentTypeParser('application/json', { parseAs: 'string' }, function (re
 });
 
 
+// Helper: extract single header value (Fastify headers can be string | string[])
+const getHeaderValue = (
+  header: string | string[] | undefined
+): string | undefined => {
+  if (Array.isArray(header)) {
+    return header[0];
+  }
+  return header;
+};
+
+// Routes that don't require authentication even when AUTH_REQUIRED=true
+const PUBLIC_ROUTES = ["/api/auth/login", "/api/auth/register", "/health"];
+
+// Global auth preHandler: extract user from Authorization header
+// When AUTH_REQUIRED=true, reject unauthenticated requests (except public routes)
+app.addHook("preHandler", async (request, reply) => {
+  const user = extractUserFromAuthHeader(request.headers.authorization);
+  if (user) {
+    (request as any).user = user;
+    return;
+  }
+
+  const authRequired = process.env.AUTH_REQUIRED === "true";
+  if (!authRequired) return;
+
+  // OPTIONS preflight should always pass
+  if (request.method === "OPTIONS") return;
+
+  // Public routes don't require authentication
+  if (PUBLIC_ROUTES.some((r) => request.url === r)) return;
+
+  return reply.status(401).send({
+    success: false,
+    error: "Unauthorized - Missing or invalid token",
+  });
+});
+
 // Add custom logging hooks
 app.addHook("onRequest", (request, reply, done) => {
-  // Convert headers to strings (Fastify headers can be string | string[])
-  const getHeaderValue = (
-    header: string | string[] | undefined
-  ): string | undefined => {
-    if (Array.isArray(header)) {
-      return header[0];
-    }
-    return header;
-  };
-
   const context = {
     "x-tenant-id": getHeaderValue(request.headers["x-tenant-id"]),
     "x-request-id": getHeaderValue(request.headers["x-request-id"]),
+    "x-user-id": getHeaderValue(request.headers["x-user-id"]),
   };
   // Update logger context for this request
   if (loggerLattice.updateContext) {
@@ -114,19 +142,10 @@ app.addHook("onRequest", (request, reply, done) => {
 });
 
 app.addHook("onResponse", (request, reply, done) => {
-  // Convert headers to strings (Fastify headers can be string | string[])
-  const getHeaderValue = (
-    header: string | string[] | undefined
-  ): string | undefined => {
-    if (Array.isArray(header)) {
-      return header[0];
-    }
-    return header;
-  };
-
   const context = {
     "x-tenant-id": getHeaderValue(request.headers["x-tenant-id"]),
     "x-request-id": getHeaderValue(request.headers["x-request-id"]),
+    "x-user-id": getHeaderValue(request.headers["x-user-id"]),
   };
   //loggerLattice.info(`${request.method} ${request.url} - ${reply.statusCode}`);
   done();
@@ -158,19 +177,10 @@ app.register(staticPlugin, {
 
 // Error handler
 app.setErrorHandler((error, request, reply) => {
-  // Convert headers to strings (Fastify headers can be string | string[])
-  const getHeaderValue = (
-    header: string | string[] | undefined
-  ): string | undefined => {
-    if (Array.isArray(header)) {
-      return header[0];
-    }
-    return header;
-  };
-
   const context = {
     "x-tenant-id": getHeaderValue(request.headers["x-tenant-id"]),
     "x-request-id": getHeaderValue(request.headers["x-request-id"]),
+    "x-user-id": getHeaderValue(request.headers["x-user-id"]),
   };
   logger.error(
     `请求错误: ${request.method} ${request.url} error:${error.message}`,
@@ -274,23 +284,6 @@ const start = async (config?: LatticeGatewayConfig) => {
       logger.info("Registered sandbox manager from env configuration");
     }
 
-    // Swap workflow tracking to PostgreSQL if DATABASE_URL is set
-    if (process.env.DATABASE_URL) {
-      try {
-        const { PostgreSQLWorkflowTrackingStore } = await import("@axiom-lattice/pg-stores");
-        const pgStore = new PostgreSQLWorkflowTrackingStore({
-          poolConfig: process.env.DATABASE_URL,
-        });
-        if (storeLatticeManager.hasLattice("default", "workflowTracking")) {
-          storeLatticeManager.removeLattice("default", "workflowTracking");
-        }
-        storeLatticeManager.registerLattice("default", "workflowTracking", pgStore);
-        logger.info("Workflow tracking store switched to PostgreSQL");
-      } catch (error) {
-        logger.warn("Failed to switch workflow tracking to PostgreSQL, keeping in-memory: " + (error instanceof Error ? error.message : String(error)));
-      }
-    }
-
     const target_port = config?.port || Number(process.env.PORT) || 4001;
 
     await app.listen({ port: target_port, host: "0.0.0.0" });

package/src/routes/index.ts

@@ -395,6 +395,11 @@ export const registerLatticeRoutes = (app: FastifyInstance): void => {
     Params: { runId: string };
   }>("/api/workflows/runs/:runId/tasks", workflowTrackingController.getRunTasks);
 
+  // 简化的 Inbox 任务回复接口（后台 streaming 执行，立即返回）
+  app.post<{
+    Body: { runId: string; answers: Array<{ questionIndex: number; selectedOptions: string[] }> };
+  }>("/api/workflows/inbox/reply", workflowTrackingController.replyInboxTask);
+
   // // Thread 状态查询路由
   // app.get("/api/threads/:thread_id/status", getThreadStatusHandler);
   // app.get("/api/assistants/:assistant_id/threads/status", getAgentThreadsHandler);