npm - @codemation/host - Versions diffs - 0.7.0 → 0.9.0 - Mend

@codemation/host 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (164) hide show

package/src/hitl/InboxChannelResolver.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import { inject, injectable } from "@codemation/core";
+import type { InboxChannel, InboxChannelResolverSeam } from "@codemation/core";
+import { ControlPlaneInboxChannelToken, LocalInboxChannelToken } from "@codemation/core";
+import type { Logger } from "../application/logging/Logger";
+import type { PairingConfig } from "../pairing/pairing.types";
+import { PairingConfigToken } from "../pairing/PairingConfigToken";
+import { ServerLoggerFactory } from "../infrastructure/logging/ServerLoggerFactory";
+/**
+ * Resolves the correct `InboxChannel` for the current deployment mode.
+ *
+ * - Managed mode (PairingConfig present + CP channel registered): returns CP channel.
+ * - Otherwise: returns local channel.
+ * - If managed mode is detected but CP channel is not registered, falls back to local
+ *   and emits a warning (misconfiguration).
+ */
+@injectable()
+export class InboxChannelResolver implements InboxChannelResolverSeam {
+  private readonly logger: Logger;
+  constructor(
+    @inject(PairingConfigToken, { isOptional: true }) private readonly pairingConfig: PairingConfig | null,
+    @inject(LocalInboxChannelToken, { isOptional: true }) private readonly local: InboxChannel | null,
+    @inject(ControlPlaneInboxChannelToken, { isOptional: true }) private readonly cp: InboxChannel | null,
+    @inject(ServerLoggerFactory) loggerFactory: ServerLoggerFactory,
+  ) {
+    this.logger = loggerFactory.create("codemation.hitl.inbox");
+    if (pairingConfig && !cp) {
+      this.logger.warn(
+        "InboxChannelResolver: managed mode is active but no ControlPlaneInboxChannel is registered. " +
+          "Falling back to local inbox channel. Register a ControlPlaneInboxChannel to resolve this.",
+      );
+    }
+  }
+  resolve(): { channel: InboxChannel; workspaceId?: string } {
+    if (this.pairingConfig && this.cp) {
+      return { channel: this.cp, workspaceId: this.pairingConfig.workspaceId };
+    }
+    if (!this.local) {
+      throw new Error(
+        "InboxChannelResolver: no inbox channel is registered. " +
+          "Register a LocalInboxChannel or ControlPlaneInboxChannel.",
+      );
+    }
+    return { channel: this.local };
+  }
+}

package/src/hitl/LocalInboxChannel.ts ADDED Viewed

@@ -0,0 +1,37 @@
+import { createHash } from "node:crypto";
+import { inject, injectable } from "@codemation/core";
+import type { InboxChannel, InboxDeliverArgs, InboxDelivery } from "@codemation/core";
+import { ServerLoggerFactory } from "../infrastructure/logging/ServerLoggerFactory";
+import type { Logger } from "../application/logging/Logger";
+/**
+ * Local inbox channel for non-managed (dev) mode.
+ *
+ * `deliver` logs the pending task so developers without the UI can see the
+ * taskId / resumeUrl in the console, then returns an `InboxDelivery` where
+ * `inboxItemId === task.taskId`. The local channel has no separate inbox
+ * concept — the dev inbox UI queries `HumanTaskStore.findAllPending()` directly.
+ *
+ * Security (T4): The raw resume token is NOT logged. Only the first 8 hex characters of
+ * sha256(rawToken) are emitted as a fingerprint to enable log-correlation without leaking
+ * the workspace-bound authority token. The local dev inbox UI decides via
+ * POST /api/hitl/tasks/:taskId/decide (session-auth), so the token URL is not needed at
+ * the log level.
+ */
+@injectable()
+export class LocalInboxChannel implements InboxChannel {
+  readonly kind = "local" as const;
+  private readonly logger: Logger;
+  constructor(@inject(ServerLoggerFactory) loggerFactory: ServerLoggerFactory) {
+    this.logger = loggerFactory.create("codemation.hitl.local-inbox");
+  }
+  async deliver(args: InboxDeliverArgs): Promise<InboxDelivery> {
+    const tokenFingerprint = createHash("sha256").update(args.task.resumeUrl, "utf8").digest("hex").slice(0, 8);
+    this.logger.info(
+      `HITL task pending in local inbox — taskId=${args.task.taskId} title="${args.subject.title}" tokenFingerprint=${tokenFingerprint}`,
+    );
+    return { kind: "local", inboxItemId: args.task.taskId };
+  }
+}

package/src/index.ts CHANGED Viewed

@@ -13,6 +13,9 @@ export { CollectionSchemaSyncerHolder } from "./infrastructure/collections/Colle
 export { FrontendRuntime } from "./bootstrap/runtime/FrontendRuntime";
 export { WorkerRuntime } from "./bootstrap/runtime/WorkerRuntime";
 export { AppConfigFactory } from "./bootstrap/runtime/AppConfigFactory";
+export { HeadlessApiRuntime } from "./bootstrap/runtime/HeadlessApiRuntime";
+export { WorkflowWebsocketServerFactory } from "./presentation/websocket/WorkflowWebsocketServerFactory";
+export { HeadlessHttpServerFactory } from "./presentation/http/HeadlessHttpServerFactory";
 export { ApplicationTokens } from "./applicationTokens";
 export { workflow } from "@codemation/core-nodes";
 export { CodemationBootstrapRequest } from "./bootstrap/CodemationBootstrapRequest";

package/src/infrastructure/persistence/PrismaCredentialStore.ts CHANGED Viewed

@@ -46,6 +46,8 @@ export class PrismaCredentialStore implements CredentialStore {
           setupStatus: args.instance.setupStatus,
           createdAt: args.instance.createdAt,
           updatedAt: args.instance.updatedAt,
+          materialSource: args.instance.material.source,
+          materialRef: args.instance.material.ref,
         },
         update: {
           typeId: args.instance.typeId,
@@ -56,6 +58,8 @@ export class PrismaCredentialStore implements CredentialStore {
           tagsJson: JSON.stringify(args.instance.tags),
           setupStatus: args.instance.setupStatus,
           updatedAt: args.instance.updatedAt,
+          materialSource: args.instance.material.source,
+          materialRef: args.instance.material.ref,
         },
       });
       if (args.secretMaterial) {
@@ -323,6 +327,8 @@ export class PrismaCredentialStore implements CredentialStore {
       setupStatus: string;
       createdAt: string;
       updatedAt: string;
+      materialSource: string;
+      materialRef: string;
     }>,
   ): CredentialInstanceRecord {
     return {
@@ -336,6 +342,10 @@ export class PrismaCredentialStore implements CredentialStore {
       setupStatus: row.setupStatus as CredentialInstanceRecord["setupStatus"],
       createdAt: row.createdAt,
       updatedAt: row.updatedAt,
+      material: {
+        source: row.materialSource as CredentialInstanceRecord["material"]["source"],
+        ref: row.materialRef === "" ? row.instanceId : row.materialRef,
+      },
     };
   }

package/src/infrastructure/persistence/PrismaHmacNonceStore.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { inject, injectable } from "@codemation/core";
+import type { HmacNonceStore } from "../../pairing/HmacNonceStore";
+import { PrismaDatabaseClientToken, type PrismaDatabaseClient } from "./PrismaDatabaseClient";
+/**
+ * Durable HMAC nonce store backed by the Prisma database (T6 security fix).
+ *
+ * Uses an upsert with `create`+unique constraint to achieve atomic
+ * "insert if not exists": a Prisma unique-constraint violation means the nonce
+ * was already present (replay). Expired nonces are pruned inline on each call —
+ * acceptable for v1 given the low write rate of the pairing channel.
+ */
+@injectable()
+export class PrismaHmacNonceStore implements HmacNonceStore {
+  constructor(@inject(PrismaDatabaseClientToken) private readonly prisma: PrismaDatabaseClient) {}
+  async recordIfNew(nonce: string, expiresAt: Date): Promise<boolean> {
+    // Prune expired nonces inline (v1 housekeeping; low write rate on this table)
+    await this.prisma.hmacNonce.deleteMany({ where: { expiresAt: { lt: new Date() } } });
+    try {
+      await this.prisma.hmacNonce.create({ data: { nonce, expiresAt } });
+      return true;
+    } catch {
+      // Unique constraint violation → nonce already present → replay
+      return false;
+    }
+  }
+}

package/src/infrastructure/persistence/PrismaHumanTaskStore.ts ADDED Viewed

@@ -0,0 +1,156 @@
+import { inject, injectable } from "@codemation/core";
+import type { HumanTaskActor, HumanTaskRecord, HumanTaskStore } from "@codemation/core";
+import type { JsonValue } from "@codemation/core";
+import { PrismaDatabaseClientToken, type PrismaDatabaseClient } from "./PrismaDatabaseClient";
+@injectable()
+export class PrismaHumanTaskStore implements HumanTaskStore {
+  constructor(@inject(PrismaDatabaseClientToken) private readonly prisma: PrismaDatabaseClient) {}
+  async create(record: HumanTaskRecord): Promise<void> {
+    await this.prisma.humanTask.create({
+      data: {
+        id: record.id,
+        runId: record.runId,
+        workflowId: record.workflowId,
+        workspaceId: record.workspaceId ?? null,
+        nodeId: record.nodeId,
+        activationId: record.activationId,
+        itemIndex: record.itemIndex,
+        status: record.status,
+        channel: record.channel,
+        subjectJson: JSON.stringify(record.subject),
+        metadataJson: JSON.stringify(record.metadata),
+        decisionSchemaJson: record.decisionSchemaJson,
+        decisionSchemaHash: record.decisionSchemaHash,
+        onTimeout: record.onTimeout,
+        deliveryRefJson: record.deliveryRef !== undefined ? JSON.stringify(record.deliveryRef) : null,
+        decisionJson: null,
+        decidedAt: null,
+        decidedByJson: null,
+        resumeTokenHash: record.resumeTokenHash,
+        expiresAt: record.expiresAt,
+        createdAt: record.createdAt,
+      },
+    });
+  }
+  async findById(taskId: string): Promise<HumanTaskRecord | undefined> {
+    const row = await this.prisma.humanTask.findUnique({ where: { id: taskId } });
+    return row ? this.toRecord(row) : undefined;
+  }
+  async findByResumeTokenHash(tokenHash: string): Promise<HumanTaskRecord | undefined> {
+    const row = await this.prisma.humanTask.findFirst({ where: { resumeTokenHash: tokenHash } });
+    return row ? this.toRecord(row) : undefined;
+  }
+  async findPendingForWorkspace(workspaceId: string): Promise<ReadonlyArray<HumanTaskRecord>> {
+    const rows = await this.prisma.humanTask.findMany({
+      where: { workspaceId, status: "pending" },
+      orderBy: { expiresAt: "asc" },
+    });
+    return rows.map((row) => this.toRecord(row));
+  }
+  async findAllPending(): Promise<ReadonlyArray<HumanTaskRecord>> {
+    const rows = await this.prisma.humanTask.findMany({
+      where: { status: "pending" },
+      orderBy: { expiresAt: "asc" },
+    });
+    return rows.map((row) => this.toRecord(row));
+  }
+  async markDecided(args: {
+    taskId: string;
+    decision: JsonValue;
+    decidedBy: HumanTaskActor;
+    decidedAt: Date;
+  }): Promise<void> {
+    await this.prisma.humanTask.update({
+      where: { id: args.taskId },
+      data: {
+        status: "decided",
+        decisionJson: JSON.stringify(args.decision),
+        decidedAt: args.decidedAt,
+        decidedByJson: JSON.stringify(args.decidedBy),
+      },
+    });
+  }
+  async markTimedOut(taskId: string): Promise<void> {
+    await this.prisma.humanTask.update({
+      where: { id: taskId },
+      data: { status: "timed_out" },
+    });
+  }
+  async markAutoAccepted(taskId: string): Promise<void> {
+    await this.prisma.humanTask.update({
+      where: { id: taskId },
+      data: { status: "auto_accepted" },
+    });
+  }
+  async markCancelled(taskId: string): Promise<void> {
+    await this.prisma.humanTask.update({
+      where: { id: taskId },
+      data: { status: "cancelled" },
+    });
+  }
+  async cancelPendingForRun(runId: string): Promise<void> {
+    await this.prisma.humanTask.updateMany({
+      where: { runId, status: "pending" },
+      data: { status: "cancelled" },
+    });
+  }
+  private toRecord(row: {
+    id: string;
+    runId: string;
+    workflowId: string;
+    workspaceId: string | null;
+    nodeId: string;
+    activationId: string;
+    itemIndex: number;
+    status: string;
+    channel: string;
+    subjectJson: string;
+    metadataJson: string;
+    decisionSchemaJson: string;
+    decisionSchemaHash: string;
+    onTimeout: string;
+    deliveryRefJson: string | null;
+    decisionJson: string | null;
+    decidedAt: Date | null;
+    decidedByJson: string | null;
+    resumeTokenHash: string;
+    expiresAt: Date;
+    createdAt: Date;
+  }): HumanTaskRecord {
+    return {
+      id: row.id,
+      runId: row.runId,
+      workflowId: row.workflowId,
+      workspaceId: row.workspaceId ?? undefined,
+      nodeId: row.nodeId,
+      activationId: row.activationId,
+      itemIndex: row.itemIndex,
+      status: row.status as HumanTaskRecord["status"],
+      channel: row.channel,
+      subject: JSON.parse(row.subjectJson),
+      metadata: JSON.parse(row.metadataJson),
+      decisionSchemaJson: row.decisionSchemaJson,
+      decisionSchemaHash: row.decisionSchemaHash,
+      onTimeout: row.onTimeout as "halt" | "auto-accept",
+      deliveryRef: row.deliveryRefJson !== null ? (JSON.parse(row.deliveryRefJson) as JsonValue) : undefined,
+      decision: row.decisionJson !== null ? (JSON.parse(row.decisionJson) as JsonValue) : undefined,
+      decidedAt: row.decidedAt ?? undefined,
+      decidedBy: row.decidedByJson !== null ? JSON.parse(row.decidedByJson) : undefined,
+      resumeTokenHash: row.resumeTokenHash,
+      expiresAt: row.expiresAt,
+      createdAt: row.createdAt,
+    };
+  }
+}