npm - @codemation/host - Versions diffs - 0.7.0 → 0.9.0 - Mend

@codemation/host 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (164) hide show

package/src/presentation/http/ApiPaths.ts CHANGED Viewed

@@ -132,6 +132,10 @@ export class ApiPaths {
     return `${this.credentialsBasePath}/instances`;
   }
+  static credentialApps(): string {
+    return `${this.credentialsBasePath}/apps`;
+  }
   static credentialInstance(instanceId: string, withSecrets?: boolean): string {
     const base = `${this.credentialInstances()}/${encodeURIComponent(instanceId)}`;
     return withSecrets ? `${base}?withSecrets=1` : base;
@@ -279,4 +283,14 @@ export class ApiPaths {
   static internalAuthBootstrap(): string {
     return `${this.bootstrapBasePath}/auth/internal`;
   }
+  /** Token-authenticated: resume a suspended HITL task. */
+  static hitlTaskResume(taskId: string): string {
+    return `${this.apiBasePath}/hitl/tasks/${encodeURIComponent(taskId)}/resume`;
+  }
+  /** Session-authenticated: record a decision on a suspended HITL task. */
+  static hitlTaskDecide(taskId: string): string {
+    return `${this.apiBasePath}/hitl/tasks/${encodeURIComponent(taskId)}/decide`;
+  }
 }

package/src/presentation/http/HeadlessHttpServerFactory.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import { createServer, type Server } from "node:http";
+import type { Logger } from "../../application/logging/Logger";
+import type { CodemationHonoApiApp } from "./hono/CodemationHonoApiAppFactory";
+/**
+ * Creates a Node.js http.Server that bridges IncomingMessage to Hono's Fetch API.
+ * Used by {@link import("../../bootstrap/runtime/HeadlessApiRuntime").HeadlessApiRuntime}
+ * to serve the Hono API without Next.js.
+ */
+export class HeadlessHttpServerFactory {
+  create(honoApp: CodemationHonoApiApp, port: number, logger: Logger): Server {
+    return createServer((req, res) => {
+      const url = new URL(req.url ?? "/", `http://${req.headers.host ?? `127.0.0.1:${port}`}`);
+      const headers = new Headers();
+      for (const [key, value] of Object.entries(req.headers)) {
+        if (value === undefined) continue;
+        if (Array.isArray(value)) {
+          for (const v of value) headers.append(key, v);
+        } else {
+          headers.set(key, value);
+        }
+      }
+      const chunks: Buffer[] = [];
+      req.on("data", (chunk: Buffer) => chunks.push(chunk));
+      req.on("end", () => {
+        // eslint-disable-next-line codemation/no-buffer-everything -- node:http bridge; no streaming alternative when adapting IncomingMessage to Fetch API Request
+        const body = chunks.length > 0 ? Buffer.concat(chunks) : null;
+        const fetchRequest = new Request(url, {
+          method: req.method ?? "GET",
+          headers,
+          body: body?.byteLength ? body : undefined,
+          // @ts-expect-error — Node's Request needs duplex for streaming; required in some runtimes
+          duplex: "half",
+        });
+        Promise.resolve(honoApp.fetch(fetchRequest))
+          .then(async (fetchResponse: Response) => {
+            const responseHeaders: Record<string, string> = {};
+            fetchResponse.headers.forEach((value, key) => {
+              responseHeaders[key] = value;
+            });
+            res.writeHead(fetchResponse.status, responseHeaders);
+            // eslint-disable-next-line codemation/no-buffer-everything -- node:http bridge; Hono Fetch Response must be fully buffered to write to ServerResponse
+            const responseBody = await fetchResponse.arrayBuffer();
+            res.end(Buffer.from(responseBody));
+          })
+          .catch((err: unknown) => {
+            logger.error("Unhandled request error", err instanceof Error ? err : new Error(String(err)));
+            if (!res.headersSent) {
+              res.writeHead(500);
+              res.end("Internal server error");
+            }
+          });
+      });
+    });
+  }
+}

package/src/presentation/http/hono/HonoHttpAnonymousRoutePolicyRegistry.ts CHANGED Viewed

@@ -35,6 +35,10 @@ export class HonoHttpAnonymousRoutePolicy {
     if (pathname === ApiPaths.whitelabelLogo()) {
       return true;
     }
+    // HITL token-authenticated resume endpoint — token is the auth, no session required
+    if (/^\/api\/hitl\/tasks\/[^/]+\/resume$/.test(pathname)) {
+      return true;
+    }
     return false;
   }
 }

package/src/presentation/http/hono/registrars/CredentialHonoApiRouteRegistrar.ts CHANGED Viewed

@@ -8,6 +8,7 @@ export class CredentialHonoApiRouteRegistrar implements HonoApiRouteRegistrar {
   constructor(@inject(CredentialHttpRouteHandler) private readonly handler: CredentialHttpRouteHandler) {}
   register(app: Hono): void {
+    app.get("/credentials/apps", (_c) => this.handler.getCredentialApps());
     app.get("/credentials/types", (_c) => this.handler.getCredentialTypes());
     app.get("/credentials/env-status", (_c) => this.handler.getCredentialFieldEnvStatus());
     app.get("/credentials/instances", (_c) => this.handler.getCredentialInstances());

package/src/presentation/http/hono/registrars/HitlDecideHonoApiRouteRegistrar.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import { inject, injectable } from "@codemation/core";
+import type { JsonValue } from "@codemation/core";
+import { Hono } from "hono";
+import { DecideHumanTaskCommandHandler } from "../../../../application/hitl/DecideHumanTaskCommandHandler";
+import { HttpRequestJsonBodyReader } from "../../HttpRequestJsonBodyReader";
+import { ServerHttpErrorResponseFactory } from "../../ServerHttpErrorResponseFactory";
+import type { HonoApiRouteRegistrar } from "../HonoApiRouteRegistrar";
+import { PairingConfigToken } from "../../../../pairing/PairingConfigToken";
+import type { PairingConfig } from "../../../../pairing/pairing.types";
+/**
+ * Session-authenticated endpoint: `POST /api/hitl/tasks/:taskId/decide`
+ *
+ * Registered ONLY in non-managed mode. Used by the local /dev/inbox UI.
+ *
+ * In managed mode (`PairingConfig !== null`) the route is intentionally NOT mounted —
+ * decisions must arrive via the HMAC-signed `POST /internal/hitl/tasks/:taskId/callback`
+ * receiver from the control plane. This prevents a compromised user session
+ * from deciding arbitrary pending tasks.
+ *
+ * The session middleware is already applied on the /api sub-app by CodemationHonoApiAppFactory.
+ */
+@injectable()
+export class HitlDecideHonoApiRouteRegistrar implements HonoApiRouteRegistrar {
+  constructor(
+    @inject(DecideHumanTaskCommandHandler) private readonly handler: DecideHumanTaskCommandHandler,
+    @inject(PairingConfigToken, { isOptional: true })
+    private readonly pairingConfig: PairingConfig | null = null,
+  ) {}
+  register(app: Hono): void {
+    if (this.pairingConfig !== null) {
+      // Managed mode — decisions only via HMAC callback. Do not mount the session-auth route.
+      return;
+    }
+    app.post("/hitl/tasks/:taskId/decide", async (c) => {
+      try {
+        const taskId = c.req.param("taskId");
+        const body = await HttpRequestJsonBodyReader.readJsonBody<{
+          decision: JsonValue;
+          decidedBy?: { actorId: string; displayName?: string };
+        }>(c.req.raw);
+        const result = await this.handler.decide({
+          taskId,
+          decision: body.decision,
+          decidedBy: body.decidedBy ?? { actorId: "session-user" },
+        });
+        return c.json(result);
+      } catch (error) {
+        return ServerHttpErrorResponseFactory.fromUnknown(error);
+      }
+    });
+  }
+}

package/src/presentation/http/hono/registrars/HitlInternalCallbackHonoApiRouteRegistrar.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { inject, injectable } from "@codemation/core";
+import type { Hono } from "hono";
+import { InternalHmacAuthMiddleware } from "../../../../pairing/InternalHmacAuthMiddleware";
+import { HitlCallbackHandler } from "../../../../application/hitl/HitlCallbackHandler";
+import type { InternalHonoApiRouteRegistrar } from "../InternalHonoApiRouteRegistrar";
+/**
+ * Registers `POST /internal/hitl/tasks/:taskId/callback` — HMAC-verified endpoint
+ * that receives decision callbacks from the control plane and forwards them to
+ * `HitlCallbackHandler`.
+ *
+ * The HMAC middleware verifies the request is signed by the paired CP.
+ * `HitlCallbackHandler` additionally asserts the task's workspace matches the
+ * pairing config workspace.
+ */
+@injectable()
+export class HitlInternalCallbackHonoApiRouteRegistrar implements InternalHonoApiRouteRegistrar {
+  constructor(
+    @inject(InternalHmacAuthMiddleware) private readonly hmacMiddleware: InternalHmacAuthMiddleware,
+    @inject(HitlCallbackHandler) private readonly callbackHandler: HitlCallbackHandler,
+  ) {}
+  register(app: Hono): void {
+    app.post("/internal/hitl/tasks/:taskId/callback", this.hmacMiddleware.handle(), async (c) => {
+      const taskId = c.req.param("taskId");
+      const rawBody = c.get("body" as never) as string | undefined;
+      const body = rawBody ? JSON.parse(rawBody) : await c.req.json();
+      const result = await this.callbackHandler.handle(taskId, body);
+      return c.json(result.body, result.status);
+    });
+  }
+}

package/src/presentation/http/hono/registrars/HitlResumeHonoApiRouteRegistrar.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { inject, injectable } from "@codemation/core";
+import type { JsonValue } from "@codemation/core";
+import { Hono } from "hono";
+import { DecideHumanTaskCommandHandler } from "../../../../application/hitl/DecideHumanTaskCommandHandler";
+import { HttpRequestJsonBodyReader } from "../../HttpRequestJsonBodyReader";
+import { ServerHttpErrorResponseFactory } from "../../ServerHttpErrorResponseFactory";
+import type { HonoApiRouteRegistrar } from "../HonoApiRouteRegistrar";
+/**
+ * Token-authenticated (unauthenticated session) endpoint:
+ * `POST /api/hitl/tasks/:taskId/resume?token=<signed>`
+ *
+ * This endpoint is declared as an anonymous route in `HonoHttpAnonymousRoutePolicyRegistry`
+ * so the session middleware is bypassed. The HMAC-signed token is the auth mechanism.
+ *
+ * Used by local inbox and future magic-link channels (Slack, email).
+ */
+@injectable()
+export class HitlResumeHonoApiRouteRegistrar implements HonoApiRouteRegistrar {
+  constructor(@inject(DecideHumanTaskCommandHandler) private readonly handler: DecideHumanTaskCommandHandler) {}
+  register(app: Hono): void {
+    app.post("/hitl/tasks/:taskId/resume", async (c) => {
+      try {
+        const taskId = c.req.param("taskId");
+        const token = c.req.query("token") ?? "";
+        // Validate the signed token (replaces session auth for this endpoint)
+        await this.handler.validateResumeToken({ taskId, token });
+        const body = await HttpRequestJsonBodyReader.readJsonBody<{ decision: JsonValue }>(c.req.raw);
+        const result = await this.handler.decide({
+          taskId,
+          decision: body.decision,
+          decidedBy: { actorId: "token-bearer" },
+        });
+        return c.json(result);
+      } catch (error) {
+        return ServerHttpErrorResponseFactory.fromUnknown(error);
+      }
+    });
+  }
+}

package/src/presentation/http/routeHandlers/CredentialHttpRouteHandler.ts CHANGED Viewed

@@ -16,6 +16,7 @@ import type {
   UpsertCredentialBindingRequest,
 } from "../../../application/contracts/CredentialContractsRegistry";
 import {
+  GetCredentialAppsQuery,
   GetCredentialFieldEnvStatusQuery,
   GetCredentialInstanceQuery,
   GetCredentialInstanceWithSecretsQuery,
@@ -66,6 +67,14 @@ export class CredentialHttpRouteHandler {
     }
   }
+  async getCredentialApps(): Promise<Response> {
+    try {
+      return Response.json(await this.queryBus.execute(new GetCredentialAppsQuery()));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
   async getCredentialInstance(request: Request, params: ServerHttpRouteParams): Promise<Response> {
     try {
       const withSecrets = new URL(request.url).searchParams.get("withSecrets") === "1";

package/src/presentation/http/routeHandlers/OAuth2HttpRouteHandlerFactory.ts CHANGED Viewed

@@ -87,7 +87,7 @@ export class OAuth2HttpRouteHandler {
       const stateToken = url.searchParams.get("state")?.trim();
       if (!code || !stateToken) {
         return new Response(
-          this.createPopupHtml({ kind: "oauth2.error", message: "Missing code or state parameter." }),
+          this.createPopupHtml({ kind: "oauth2.error", message: "Missing code and state parameters." }),
           {
             status: 400,
             headers: { "content-type": "text/html; charset=utf-8" },

package/src/presentation/server/CodemationConsumerConfigLoader.ts CHANGED Viewed

@@ -38,6 +38,7 @@ export class CodemationConsumerConfigLoader {
   private readonly performanceDiagnosticsLogger = new ServerLoggerFactory(
     logLevelPolicyFactory,
   ).createPerformanceDiagnostics("codemation-config-loader.timing");
+  private readonly bootLogger = new ServerLoggerFactory(logLevelPolicyFactory).create("codemation.boot");
   /**
    * In-flight + completed load promises keyed by `${consumerRoot}|${configPathOverride}`. The
    * boot path constructs MULTIPLE CodemationConsumerConfigLoader instances (one inside the CLI's
@@ -109,6 +110,9 @@ export class CodemationConsumerConfigLoader {
       throw new Error(`Config file does not export a Codemation config object: ${bootstrapSource}`);
     }
     const config = this.configNormalizer.normalize(rawConfig);
+    if (rawConfig.codemationVersion) {
+      this.bootLogger.info(`codemationVersion: ${rawConfig.codemationVersion}`);
+    }
     const workflowSources = await BootTimer.measureAsync("config.resolveWorkflowSources", () =>
       this.resolveWorkflowSources(args.consumerRoot, config),
     );
@@ -190,8 +194,9 @@ export class CodemationConsumerConfigLoader {
           workflowDiscoveryDirectories,
           absoluteWorkflowModulePath: workflowSource,
         }),
-        moduleExports: await BootTimer.measureAsync(`workflow.${path.basename(workflowSource).replace(/\.tsx?$/, "")}`, () =>
-          this.importModule(workflowSource, importSession),
+        moduleExports: await BootTimer.measureAsync(
+          `workflow.${path.basename(workflowSource).replace(/\.tsx?$/, "")}`,
+          () => this.importModule(workflowSource, importSession),
         ),
       })),
     );

package/src/presentation/websocket/WorkflowWebsocketServerFactory.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { AppConfig } from "../config/AppConfig";
+import { WorkflowWebsocketServer } from "./WorkflowWebsocketServer";
+import { logLevelPolicyFactory } from "../../infrastructure/logging/LogLevelPolicyFactory";
+import { ServerLoggerFactory } from "../../infrastructure/logging/ServerLoggerFactory";
+const loggerFactory = new ServerLoggerFactory(logLevelPolicyFactory);
+export class WorkflowWebsocketServerFactory {
+  create(appConfig: AppConfig): WorkflowWebsocketServer {
+    return new WorkflowWebsocketServer(
+      appConfig.webSocketPort,
+      appConfig.webSocketBindHost,
+      loggerFactory.create("codemation-websocket.server"),
+    );
+  }
+}

package/src/server.ts CHANGED Viewed

@@ -1,5 +1,10 @@
-export { CodemationPostgresPrismaClientFactory } from "./persistenceServer";
-export type { PrismaClient } from "./persistenceServer";
+// Direct re-export from source files, NOT via the persistenceServer barrel: that
+// barrel also re-exports PrismaMigrationDeployer, whose createRequire + dynamic
+// require.resolve trips the Turbopack module tracer ("whole project traced
+// unintentionally") when this server barrel is transitively reached from a
+// Next.js Server Component such as the dev/inbox page.
+export { CodemationPostgresPrismaClientFactory } from "./infrastructure/persistence/CodemationPostgresPrismaClientFactory";
+export type { PrismaDatabaseClient as PrismaClient } from "./infrastructure/persistence/PrismaDatabaseClient";
 export { ExecaProcessRunner } from "./process/ExecaProcessRunner";
 export type { ProcessRunner, ProcessRunOptions, ProcessRunResult } from "./process/ProcessRunner.types";
 export { ApiPaths } from "./presentation/http/ApiPaths";

package/src/workflows/InternalWorkflowTestRunRegistrar.ts CHANGED Viewed

@@ -79,6 +79,15 @@ export class InternalWorkflowTestRunRegistrar implements InternalHonoApiRouteReg
         });
       }
+      if (runResult.status === "halted") {
+        return c.json({
+          ok: false,
+          runId: runResult.runId,
+          error: `Run halted: ${runResult.reason}`,
+          durationMs: Date.now() - startMs,
+        });
+      }
       // completed
       return c.json({
         ok: true,

package/tsconfig.json CHANGED Viewed

@@ -28,6 +28,7 @@
       "@codemation/host/dev-server-sidecar": ["./src/devServerSidecar.ts"],
       "@codemation/host/persistence": ["./src/persistenceServer.ts"],
       "@codemation/canvas": ["../canvas/src/index.ts"],
+      "@codemation/canvas-core": ["../canvas-core/src/index.ts"],
       "@codemation/next-host/src/*": ["../next-host/src/*"],
       "@/*": ["../next-host/src/*"]
     }