@bbigbang/core 0.1.0

package/dist/services/workspaceToolUploadMaterializer.js

@@ -0,0 +1,228 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { log } from '@bbigbang/runtime-acp';
+import { WorkspaceToolServiceError } from './workspaceToolErrors.js';
+import { isPlainRecord } from './workspaceToolExecutionUtils.js';
+const WORKSPACE_TOOL_ACTION_UPLOAD_MAX_BYTES = 5 * 1024 * 1024;
+export class WorkspaceToolUploadMaterializer {
+    deps;
+    constructor(deps) {
+        this.deps = deps;
+    }
+    async materializeFileActionParams(params) {
+        const fileFields = (params.action.paramsSchema ?? []).filter((field) => (field.input ?? 'text') === 'file');
+        if (fileFields.length === 0)
+            return params.actionParams;
+        const next = { ...params.actionParams };
+        for (const field of fileFields) {
+            if (!Object.prototype.hasOwnProperty.call(next, field.name))
+                continue;
+            const value = next[field.name];
+            if (field.multiple === true) {
+                if (!Array.isArray(value)) {
+                    throw new WorkspaceToolServiceError(`Parameter "${field.name}" must be an array of uploaded file refs.`, 400);
+                }
+                next[field.name] = await Promise.all(value.map((item, index) => this.materializeUploadedFileParam({
+                    fieldName: field.name,
+                    value: item,
+                    accept: field.accept,
+                    maxBytes: field.maxBytes,
+                    runId: params.runId,
+                    toolId: params.toolId,
+                    viewerUserId: params.viewerUserId,
+                    agentNodeId: params.agentNodeId,
+                    workspaceRoot: params.workspaceRoot,
+                    index,
+                })));
+            }
+            else {
+                next[field.name] = await this.materializeUploadedFileParam({
+                    fieldName: field.name,
+                    value,
+                    accept: field.accept,
+                    maxBytes: field.maxBytes,
+                    runId: params.runId,
+                    toolId: params.toolId,
+                    viewerUserId: params.viewerUserId,
+                    agentNodeId: params.agentNodeId,
+                    workspaceRoot: params.workspaceRoot,
+                    index: 0,
+                });
+            }
+        }
+        return next;
+    }
+    collectMaterializedUploadPaths(value) {
+        const paths = new Set();
+        const visit = (item) => {
+            if (Array.isArray(item)) {
+                for (const child of item)
+                    visit(child);
+                return;
+            }
+            if (!isPlainRecord(item))
+                return;
+            if (item.type === 'workspace_tool_upload') {
+                const candidate = typeof item.workspacePath === 'string'
+                    ? item.workspacePath
+                    : typeof item.path === 'string'
+                        ? item.path
+                        : '';
+                const normalized = joinWorkspaceRelativePath(candidate);
+                if (normalized.startsWith('.agent-tools-runtime/') && normalized.includes('/uploads/')) {
+                    paths.add(normalized);
+                }
+            }
+            for (const child of Object.values(item))
+                visit(child);
+        };
+        visit(value);
+        return [...paths];
+    }
+    async cleanupMaterializedUploadsIfUnrecorded(params) {
+        if (params.paths.length === 0 || this.deps.hasRunRow(params.runId))
+            return;
+        for (const relativePath of params.paths) {
+            try {
+                await this.deps.deleteWorkspaceFile(params.agentNodeId, params.workspaceRoot, relativePath);
+            }
+            catch (error) {
+                if (!String(error?.message ?? error).toLowerCase().includes('not found')) {
+                    log.warn('[workspace-tools] failed to cleanup unrecorded upload staging file', {
+                        runId: params.runId,
+                        relativePath,
+                        error: String(error?.message ?? error),
+                    });
+                }
+            }
+        }
+    }
+    async invokeWithMaterializedUploads(params, fn) {
+        try {
+            return await fn();
+        }
+        catch (error) {
+            await this.cleanupMaterializedUploadsIfUnrecorded({
+                runId: params.runId,
+                agentNodeId: params.agentNodeId,
+                workspaceRoot: params.workspaceRoot,
+                paths: params.stagedUploadPaths,
+            });
+            throw error;
+        }
+    }
+    async materializeUploadedFileParam(params) {
+        if (!isPlainRecord(params.value)) {
+            throw new WorkspaceToolServiceError(`Parameter "${params.fieldName}" must be an uploaded file ref.`, 400);
+        }
+        const assetId = normalizeUploadedAssetId(params.value.assetId)
+            ?? normalizeUploadedAssetId(params.value.attachmentId)
+            ?? normalizeUploadedAssetId(extractAttachmentIdFromUri(params.value.uri));
+        if (!assetId) {
+            throw new WorkspaceToolServiceError(`Parameter "${params.fieldName}" must reference an uploaded asset.`, 400);
+        }
+        const row = this.loadWorkspaceToolUploadAsset(assetId);
+        if (!row) {
+            throw new WorkspaceToolServiceError(`Uploaded asset "${assetId}" was not found.`, 404);
+        }
+        if (row.userId && row.userId !== params.viewerUserId && !this.deps.isAdminUser(params.viewerUserId)) {
+            throw new WorkspaceToolServiceError(`Uploaded asset "${assetId}" is not owned by the invoking user.`, 403);
+        }
+        if (!row.userId && !this.deps.isAdminUser(params.viewerUserId)) {
+            throw new WorkspaceToolServiceError(`Uploaded asset "${assetId}" is not available for tool action upload.`, 403);
+        }
+        if (!row.storagePath || !fs.existsSync(row.storagePath)) {
+            throw new WorkspaceToolServiceError(`Uploaded asset "${assetId}" is missing from storage.`, 404);
+        }
+        const maxBytes = params.maxBytes ?? WORKSPACE_TOOL_ACTION_UPLOAD_MAX_BYTES;
+        if (row.sizeBytes > maxBytes) {
+            throw new WorkspaceToolServiceError(`Parameter "${params.fieldName}" file exceeds ${maxBytes} bytes.`, 400);
+        }
+        const filename = row.originalFilename?.trim() || row.filename || 'upload.bin';
+        if (!uploadedAssetMatchesAccept({ accept: params.accept, filename, mimeType: row.mimeType })) {
+            throw new WorkspaceToolServiceError(`Parameter "${params.fieldName}" file does not match accepted type "${params.accept}".`, 400);
+        }
+        const safeFilename = sanitizeWorkspaceToolUploadFilename(filename);
+        const targetRelativePath = joinWorkspaceRelativePath('.agent-tools-runtime', params.toolId, 'uploads', params.runId, params.fieldName, `${String(params.index).padStart(3, '0')}-${assetId}--${safeFilename}`);
+        const fileBuffer = fs.readFileSync(row.storagePath);
+        await this.deps.writeWorkspaceFile(params.agentNodeId, params.workspaceRoot, targetRelativePath, fileBuffer.toString('base64'), 'overwrite', {
+            scaffold: false,
+            contentEncoding: 'base64',
+        });
+        return {
+            type: 'workspace_tool_upload',
+            assetId,
+            attachmentId: assetId,
+            filename,
+            sizeBytes: row.sizeBytes,
+            ...(row.mimeType ? { mimeType: row.mimeType } : {}),
+            ...(row.kind ? { kind: row.kind } : {}),
+            ...(row.scopeType ? { scopeType: row.scopeType } : {}),
+            ...(row.scopeId ? { scopeId: row.scopeId } : {}),
+            workspacePath: targetRelativePath,
+            path: targetRelativePath,
+            uri: `workspace:${targetRelativePath}`,
+        };
+    }
+    loadWorkspaceToolUploadAsset(assetId) {
+        return this.deps.db.prepare(`SELECT id,
+              filename,
+              original_filename as originalFilename,
+              mime_type as mimeType,
+              size_bytes as sizeBytes,
+              storage_path as storagePath,
+              user_id as userId,
+              kind,
+              scope_type as scopeType,
+              scope_id as scopeId
+         FROM attachments
+        WHERE id = ?`).get(assetId) ?? null;
+    }
+}
+export function joinWorkspaceRelativePath(...parts) {
+    return parts
+        .flatMap((part) => part.split('/'))
+        .filter((part) => part.length > 0 && part !== '.')
+        .join('/');
+}
+export function sanitizeWorkspaceToolUploadFilename(filename) {
+    const base = path.basename(filename).trim() || 'upload.bin';
+    return base
+        .replace(/[^A-Za-z0-9._-]+/g, '_')
+        .replace(/_+/g, '_')
+        .replace(/^_+|_+$/g, '')
+        || 'upload.bin';
+}
+export function normalizeUploadedAssetId(value) {
+    if (typeof value !== 'string')
+        return null;
+    const normalized = value.trim();
+    return /^[a-f0-9-]{36}$/i.test(normalized) ? normalized.toLowerCase() : null;
+}
+export function extractAttachmentIdFromUri(value) {
+    if (typeof value !== 'string')
+        return null;
+    const normalized = value.trim();
+    if (!normalized.startsWith('attachment:'))
+        return null;
+    return normalized.slice('attachment:'.length).trim();
+}
+export function uploadedAssetMatchesAccept(params) {
+    const acceptTokens = (params.accept ?? '')
+        .split(',')
+        .map((token) => token.trim().toLowerCase())
+        .filter(Boolean);
+    if (acceptTokens.length === 0)
+        return true;
+    const mimeType = (params.mimeType ?? '').trim().toLowerCase();
+    const filename = params.filename.trim().toLowerCase();
+    return acceptTokens.some((token) => {
+        if (token.startsWith('.'))
+            return filename.endsWith(token);
+        if (token.endsWith('/*')) {
+            const prefix = token.slice(0, -1);
+            return Boolean(mimeType) && mimeType.startsWith(prefix);
+        }
+        return Boolean(mimeType) && mimeType === token;
+    });
+}

package/dist/web/actionCardRoutes.js

@@ -0,0 +1,129 @@
+import { getUserChannelAccess, validateSession } from '../services/auth.js';
+import { ActionCardError, cancelActionCard, confirmActionCard, expireDueActionCards, getActionCardById, } from './actionCards.js';
+function getRequestUser(req, db) {
+    const authHeader = typeof req.headers.authorization === 'string' ? req.headers.authorization : '';
+    const token = authHeader.startsWith('Bearer ') ? authHeader.slice(7).trim() : '';
+    return token ? validateSession(db, token) : null;
+}
+function requireAdmin(req, reply, db) {
+    const user = getRequestUser(req, db);
+    if (!user) {
+        reply.code(401);
+        return null;
+    }
+    if (!user.isAdmin) {
+        reply.code(403);
+        return null;
+    }
+    return user;
+}
+function canUserActOnActionCard(db, user, card) {
+    if (user.isAdmin)
+        return true;
+    if (card.actionType !== 'channel:add_member' || !card.originChannelId)
+        return false;
+    const targetChannelId = typeof card.payload.channelId === 'string' ? card.payload.channelId.trim() : '';
+    if (!targetChannelId)
+        return false;
+    const allowedChannels = new Set(getUserChannelAccess(db, user.id));
+    return allowedChannels.has(card.originChannelId) && allowedChannels.has(targetChannelId);
+}
+function requireActionCardActor(req, reply, db, actionCardId) {
+    const user = getRequestUser(req, db);
+    if (!user) {
+        reply.code(401);
+        return null;
+    }
+    const card = getActionCardById(db, actionCardId);
+    if (!card) {
+        reply.code(404);
+        return null;
+    }
+    if (!canUserActOnActionCard(db, user, card)) {
+        reply.code(403);
+        return null;
+    }
+    return user;
+}
+function handleActionCardError(error, reply) {
+    const statusCode = error instanceof ActionCardError ? error.statusCode : 500;
+    reply.code(statusCode);
+    return {
+        error: String(error?.message ?? error),
+        ...(error instanceof ActionCardError && error.errorCode
+            ? { error_code: error.errorCode, errorCode: error.errorCode }
+            : {}),
+    };
+}
+function publicCard(card) {
+    return {
+        id: card.id,
+        actionCardId: card.id,
+        action_card_id: card.id,
+        actionType: card.actionType,
+        action_type: card.actionType,
+        payload: card.payload,
+        originConversationId: card.originConversationId,
+        origin_conversation_id: card.originConversationId,
+        proposerAgentId: card.proposerAgentId,
+        proposer_agent_id: card.proposerAgentId,
+        runId: card.runId,
+        run_id: card.runId,
+        turnId: card.turnId,
+        turn_id: card.turnId,
+        traceId: card.traceId,
+        trace_id: card.traceId,
+        reason: card.reason,
+        status: card.status,
+        expiresAt: card.expiresAt,
+        expires_at: card.expiresAt,
+        result: card.result,
+    };
+}
+export function registerActionCardRoutes(app, db, conversationManager, broadcastToChannel) {
+    app.get('/api/action-cards/:id', async (req, reply) => {
+        const user = requireAdmin(req, reply, db);
+        if (!user)
+            return { error: 'Admin access required' };
+        expireDueActionCards(db);
+        const card = getActionCardById(db, req.params.id);
+        if (!card) {
+            reply.code(404);
+            return { error: 'Action card not found', error_code: 'ACTION_CARD_NOT_FOUND', errorCode: 'ACTION_CARD_NOT_FOUND' };
+        }
+        return { ok: true, card: publicCard(card) };
+    });
+    app.post('/api/action-cards/:id/confirm', async (req, reply) => {
+        const user = requireActionCardActor(req, reply, db, req.params.id);
+        if (!user)
+            return { error: 'Action card access required' };
+        try {
+            return confirmActionCard(db, {
+                id: req.params.id,
+                confirmedBy: user.id,
+                confirmedByName: user.username,
+                conversationManager,
+                broadcastToChannel,
+            });
+        }
+        catch (error) {
+            return handleActionCardError(error, reply);
+        }
+    });
+    app.post('/api/action-cards/:id/cancel', async (req, reply) => {
+        const user = requireActionCardActor(req, reply, db, req.params.id);
+        if (!user)
+            return { error: 'Action card access required' };
+        try {
+            return cancelActionCard(db, {
+                id: req.params.id,
+                cancelledBy: user.id,
+                cancelledByName: user.username,
+                broadcastToChannel,
+            });
+        }
+        catch (error) {
+            return handleActionCardError(error, reply);
+        }
+    });
+}