@cospacehq/server 0.1.0

package/src/index.ts

@@ -0,0 +1,44 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import process from "node:process";
+import { CoSpaceConfigSchema } from "@cospacehq/shared";
+import { startCoSpaceServer } from "./server.js";
+
+export { startCoSpaceServer } from "./server.js";
+
+async function runStandaloneServer(): Promise<void> {
+  const configPathArg = process.argv.find((value) => value.startsWith("--config="));
+  const configPath = configPathArg
+    ? path.resolve(configPathArg.replace("--config=", ""))
+    : path.resolve(process.cwd(), ".cospace/config.json");
+
+  const raw = await fs.readFile(configPath, "utf8");
+  const config = CoSpaceConfigSchema.parse(JSON.parse(raw));
+
+  const started = await startCoSpaceServer({
+    config,
+    configPath,
+    webDistPath: process.env.COSPACE_WEB_DIST
+  });
+
+  process.stdout.write(`CoSpace server listening at ${started.localUrl}\n`);
+
+  const shutdown = async (): Promise<void> => {
+    await started.stop();
+    process.exit(0);
+  };
+
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+}
+
+const isEntry = process.argv[1] ? import.meta.url.endsWith(process.argv[1]) : false;
+
+if (isEntry) {
+  runStandaloneServer().catch((error: unknown) => {
+    process.stderr.write(
+      `Failed to start CoSpace server: ${error instanceof Error ? error.message : String(error)}\n`
+    );
+    process.exit(1);
+  });
+}

package/src/model-client.ts

@@ -0,0 +1,187 @@
+import type { ProviderKind } from "@cospacehq/shared";
+
+export type ProviderRuntimeConfig = {
+  providerKey: string;
+  label: string;
+  kind: ProviderKind;
+  baseUrl: string;
+  apiKey: string;
+};
+
+export type ModelReply = {
+  body: string;
+  trace: string;
+};
+
+function normalizeBaseUrl(value: string): string {
+  return value.endsWith("/") ? value : `${value}/`;
+}
+
+function extractMessageContent(payload: unknown): string {
+  if (!payload || typeof payload !== "object") {
+    throw new Error("Model response payload is empty");
+  }
+
+  const choices = (payload as { choices?: unknown }).choices;
+  if (!Array.isArray(choices) || choices.length === 0) {
+    throw new Error("Model response has no choices");
+  }
+
+  const firstChoice = choices[0] as { message?: { content?: unknown } };
+  const content = firstChoice.message?.content;
+
+  if (typeof content === "string") {
+    return content;
+  }
+
+  if (Array.isArray(content)) {
+    const textFragments = content
+      .map((entry) => {
+        if (!entry || typeof entry !== "object") {
+          return "";
+        }
+
+        const typed = entry as { type?: string; text?: string };
+        return typed.type === "text" && typeof typed.text === "string" ? typed.text : "";
+      })
+      .filter(Boolean);
+
+    if (textFragments.length > 0) {
+      return textFragments.join("\n");
+    }
+  }
+
+  throw new Error("Model response content is not text");
+}
+
+function parseStructuredReply(text: string, includeTrace: boolean): ModelReply {
+  const candidate = text.trim();
+
+  try {
+    const parsed = JSON.parse(candidate) as { body?: unknown; trace?: unknown };
+    if (typeof parsed.body === "string" && parsed.body.trim().length > 0) {
+      return {
+        body: parsed.body.trim(),
+        trace: includeTrace
+          ? typeof parsed.trace === "string" && parsed.trace.trim().length > 0
+            ? parsed.trace.trim()
+            : "No trace available"
+          : ""
+      };
+    }
+  } catch {
+    // Non-JSON response is handled below.
+  }
+
+  return {
+    body: candidate,
+    trace: includeTrace ? "Model returned an unstructured response" : ""
+  };
+}
+
+export class OpenAICompatibleModelClient {
+  public async complete(input: {
+    provider: ProviderRuntimeConfig;
+    model: string;
+    messages: Array<{ role: "system" | "user" | "assistant"; content: string }>;
+    temperature?: number;
+  }): Promise<string> {
+    if (input.provider.kind !== "openai-compatible") {
+      throw new Error(`Unsupported provider kind: ${input.provider.kind}`);
+    }
+
+    const endpoint = new URL("chat/completions", normalizeBaseUrl(input.provider.baseUrl)).toString();
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 30_000);
+
+    try {
+      const response = await fetch(endpoint, {
+        method: "POST",
+        signal: controller.signal,
+        headers: {
+          "content-type": "application/json",
+          authorization: `Bearer ${input.provider.apiKey}`
+        },
+        body: JSON.stringify({
+          model: input.model,
+          temperature: input.temperature ?? 0.2,
+          messages: input.messages
+        })
+      });
+
+      if (!response.ok) {
+        const details = await response.text();
+        throw new Error(`Provider request failed (${response.status}): ${details.slice(0, 240)}`);
+      }
+
+      const payload = (await response.json()) as unknown;
+      return extractMessageContent(payload);
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
+
+  public async testConnection(input: {
+    provider: ProviderRuntimeConfig;
+    model: string;
+  }): Promise<{ preview: string }> {
+    const text = await this.complete({
+      provider: input.provider,
+      model: input.model,
+      temperature: 0,
+      messages: [
+        {
+          role: "system",
+          content: "You are testing model connectivity. Reply with one short sentence that includes the token CONNECTED."
+        },
+        {
+          role: "user",
+          content: "Respond now."
+        }
+      ]
+    });
+
+    return { preview: text.slice(0, 180) };
+  }
+
+  public async generateAgentReply(input: {
+    provider: ProviderRuntimeConfig;
+    model: string;
+    agentTitle: string;
+    agentName: string;
+    agentInstruction: string | null;
+    latestMessages: Array<{ senderName: string; senderRole: "human" | "agent"; body: string }>;
+    includeTrace: boolean;
+  }): Promise<ModelReply> {
+    const conversation = input.latestMessages
+      .map((message) => `${message.senderRole === "human" ? "Human" : "Agent"} ${message.senderName}: ${message.body}`)
+      .join("\n");
+
+    const text = await this.complete({
+      provider: input.provider,
+      model: input.model,
+      messages: [
+        {
+          role: "system",
+          content: [
+            `You are ${input.agentName}, the ${input.agentTitle} in CoSpace.`,
+            input.agentInstruction ? `Role instruction: ${input.agentInstruction}` : "",
+            "Keep the response concise and practical.",
+            input.includeTrace ? "Return strict JSON with keys body and trace." : "Return strict JSON with key body.",
+            input.includeTrace
+              ? "trace should be a short 2-4 line execution summary, not hidden chain-of-thought."
+              : ""
+          ]
+            .filter(Boolean)
+            .join(" ")
+        },
+        {
+          role: "user",
+          content: `Conversation context:\n${conversation}\n\nWrite your next response.`
+        }
+      ]
+    });
+
+    return parseStructuredReply(text, input.includeTrace);
+  }
+}

package/src/provider-crypto.ts

@@ -0,0 +1,39 @@
+import crypto from "node:crypto";
+
+const ENCRYPTION_VERSION = "v1";
+
+function deriveKey(secret: string): Buffer {
+  return crypto.scryptSync(secret, "cospace-provider-credentials", 32);
+}
+
+export function encryptionSecretFromToken(token: string): string {
+  return process.env.COSPACE_ENCRYPTION_SECRET?.trim() || token;
+}
+
+export function encryptProviderSecret(secretValue: string, secret: string): string {
+  const key = deriveKey(secret);
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+
+  const encrypted = Buffer.concat([cipher.update(secretValue, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+
+  return `${ENCRYPTION_VERSION}:${iv.toString("base64")}:${authTag.toString("base64")}:${encrypted.toString("base64")}`;
+}
+
+export function decryptProviderSecret(encoded: string, secret: string): string {
+  const [version, ivRaw, tagRaw, payloadRaw] = encoded.split(":");
+  if (version !== ENCRYPTION_VERSION || !ivRaw || !tagRaw || !payloadRaw) {
+    throw new Error("Unsupported provider secret format");
+  }
+
+  const key = deriveKey(secret);
+  const iv = Buffer.from(ivRaw, "base64");
+  const authTag = Buffer.from(tagRaw, "base64");
+  const payload = Buffer.from(payloadRaw, "base64");
+
+  const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+  decipher.setAuthTag(authTag);
+
+  return Buffer.concat([decipher.update(payload), decipher.final()]).toString("utf8");
+}

package/src/sandbox.ts

@@ -0,0 +1,26 @@
+import path from "node:path";
+import fs from "node:fs/promises";
+
+export function resolveSandboxPath(root: string, requestedPath: string): string {
+  const normalizedRoot = path.resolve(root);
+  const target = path.resolve(normalizedRoot, requestedPath);
+
+  if (target !== normalizedRoot && !target.startsWith(`${normalizedRoot}${path.sep}`)) {
+    throw new Error("Path escapes workspace sandbox");
+  }
+
+  return target;
+}
+
+export async function listSandboxFiles(root: string, requestedPath: string): Promise<string[]> {
+  const target = resolveSandboxPath(root, requestedPath);
+  const entries = await fs.readdir(target, { withFileTypes: true });
+
+  return entries
+    .map((entry) => ({
+      entry,
+      relativePath: path.relative(root, path.join(target, entry.name))
+    }))
+    .sort((a, b) => a.relativePath.localeCompare(b.relativePath))
+    .map(({ entry, relativePath }) => (entry.isDirectory() ? `${relativePath}/` : relativePath));
+}