@delegance/claude-autopilot 6.2.2 → 7.2.1

package/dist/src/dashboard/upload/chain.d.ts

@@ -0,0 +1,9 @@
+export declare const ZERO_HASH: string;
+export declare function hashChunk(prevHashHex: string, body: Buffer): string;
+/**
+ * Compute the chain root for an ordered sequence of chunks.
+ * Unambiguous loop form (per spec): prev=ZERO_HASH; for seq in 0..N-1:
+ *   h[seq] = sha256(chunk[seq] || prev); prev = h[seq]; root = prev.
+ */
+export declare function computeChainRoot(chunks: Buffer[]): string;
+//# sourceMappingURL=chain.d.ts.map

package/dist/src/dashboard/upload/chain.js

@@ -0,0 +1,27 @@
+// Parity copy of apps/web/lib/upload/chain.ts.
+// CLI ↔ web hash agreement is asserted in tests/dashboard/parity.test.ts.
+import { createHash } from 'node:crypto';
+export const ZERO_HASH = '0'.repeat(64);
+export function hashChunk(prevHashHex, body) {
+    if (!/^[0-9a-f]{64}$/.test(prevHashHex)) {
+        throw new Error(`hashChunk: prev hash must be 64 lowercase hex chars`);
+    }
+    const prevBytes = Buffer.from(prevHashHex, 'hex');
+    const hash = createHash('sha256');
+    hash.update(body);
+    hash.update(prevBytes);
+    return hash.digest('hex');
+}
+/**
+ * Compute the chain root for an ordered sequence of chunks.
+ * Unambiguous loop form (per spec): prev=ZERO_HASH; for seq in 0..N-1:
+ *   h[seq] = sha256(chunk[seq] || prev); prev = h[seq]; root = prev.
+ */
+export function computeChainRoot(chunks) {
+    let prev = ZERO_HASH;
+    for (const chunk of chunks) {
+        prev = hashChunk(prev, chunk);
+    }
+    return prev;
+}
+//# sourceMappingURL=chain.js.map

package/dist/src/dashboard/upload/snapshot.d.ts

@@ -0,0 +1,23 @@
+export interface SnapshotPaths {
+    snapshotDir: string;
+    events: string;
+    state: string;
+}
+export interface SnapshotResult extends SnapshotPaths {
+    /** Bytes of the snapshot events file. May be 0. */
+    eventsBytes: number;
+}
+export declare class SnapshotMismatchError extends Error {
+    constructor(message: string);
+}
+/**
+ * Copy events.ndjson + state.json from `runDir` to `runDir/.upload-snapshot/`.
+ *
+ * Defense in depth: stat-before/stat-after on the source files, fail
+ * loudly if size or mtime changes during copy. Per spec, snapshot is
+ * post-`run.complete` only (writers are flushed) so this should never
+ * fire — but if it does, abort rather than upload a torn read.
+ */
+export declare function snapshotRun(runDir: string): Promise<SnapshotResult>;
+export declare function deleteSnapshot(runDir: string): Promise<void>;
+//# sourceMappingURL=snapshot.d.ts.map

package/dist/src/dashboard/upload/snapshot.js

@@ -0,0 +1,66 @@
+// Snapshot-before-upload — copy events.ndjson + state.json to
+// <runDir>/.upload-snapshot/ atomically before chunking begins.
+// The uploader then reads only the snapshot, so the writer streaming new
+// events into events.ndjson can't shift bytes mid-upload.
+import { promises as fs } from 'node:fs';
+import * as path from 'node:path';
+export class SnapshotMismatchError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'SnapshotMismatchError';
+    }
+}
+/**
+ * Copy events.ndjson + state.json from `runDir` to `runDir/.upload-snapshot/`.
+ *
+ * Defense in depth: stat-before/stat-after on the source files, fail
+ * loudly if size or mtime changes during copy. Per spec, snapshot is
+ * post-`run.complete` only (writers are flushed) so this should never
+ * fire — but if it does, abort rather than upload a torn read.
+ */
+export async function snapshotRun(runDir) {
+    const eventsSrc = path.join(runDir, 'events.ndjson');
+    const stateSrc = path.join(runDir, 'state.json');
+    const snapshotDir = path.join(runDir, '.upload-snapshot');
+    const eventsDst = path.join(snapshotDir, 'events.ndjson');
+    const stateDst = path.join(snapshotDir, 'state.json');
+    const eventsBefore = await fs.stat(eventsSrc);
+    let stateBefore = null;
+    try {
+        stateBefore = await fs.stat(stateSrc);
+    }
+    catch {
+        // state.json may not exist for an in-flight run; we still snapshot events.
+    }
+    await fs.mkdir(snapshotDir, { recursive: true });
+    await fs.copyFile(eventsSrc, eventsDst);
+    if (stateBefore) {
+        await fs.copyFile(stateSrc, stateDst);
+    }
+    const eventsAfter = await fs.stat(eventsSrc);
+    if (eventsAfter.size !== eventsBefore.size || eventsAfter.mtimeMs !== eventsBefore.mtimeMs) {
+        throw new SnapshotMismatchError(`events.ndjson changed during snapshot (size ${eventsBefore.size}->${eventsAfter.size}, mtime ${eventsBefore.mtimeMs}->${eventsAfter.mtimeMs})`);
+    }
+    if (stateBefore) {
+        const stateAfter = await fs.stat(stateSrc);
+        if (stateAfter.size !== stateBefore.size || stateAfter.mtimeMs !== stateBefore.mtimeMs) {
+            throw new SnapshotMismatchError(`state.json changed during snapshot (size ${stateBefore.size}->${stateAfter.size})`);
+        }
+    }
+    return {
+        snapshotDir,
+        events: eventsDst,
+        state: stateDst,
+        eventsBytes: eventsAfter.size,
+    };
+}
+export async function deleteSnapshot(runDir) {
+    const snapshotDir = path.join(runDir, '.upload-snapshot');
+    try {
+        await fs.rm(snapshotDir, { recursive: true, force: true });
+    }
+    catch {
+        /* idempotent */
+    }
+}
+//# sourceMappingURL=snapshot.js.map

package/dist/src/dashboard/upload/uploader.d.ts

@@ -0,0 +1,54 @@
+export interface UploadOptions {
+    signal?: AbortSignal;
+    baseUrl?: string;
+    apiKey: string;
+    onProgress?: (event: ProgressEvent) => void;
+    /** Test seam — substitute fetch impl. Defaults to global fetch. */
+    fetchImpl?: typeof fetch;
+}
+export type ProgressEvent = {
+    kind: 'snapshot';
+    bytes: number;
+} | {
+    kind: 'session';
+    resumed: boolean;
+    nextExpectedSeq: number;
+} | {
+    kind: 'chunk-uploaded';
+    seq: number;
+    total: number;
+} | {
+    kind: 'finalized';
+};
+export interface UploadResult {
+    ok: boolean;
+    url?: string;
+    skipped?: boolean;
+    error?: string;
+}
+export declare class UploadError extends Error {
+    readonly status: number | null;
+    constructor(message: string, status?: number | null);
+}
+/**
+ * Phase 3 — thrown when /api/upload-session returns 402 with a structured
+ * `limit_reached` payload. Auto-upload entry point detects this subclass
+ * and prints a friendly message without retrying or overriding the run's
+ * exit code.
+ */
+export declare class UploadLimitError extends UploadError {
+    readonly payload: {
+        limit: string;
+        current: number;
+        max: number;
+        upgrade_url: string;
+    };
+    constructor(message: string, payload: {
+        limit: string;
+        current: number;
+        max: number;
+        upgrade_url: string;
+    });
+}
+export declare function uploadRun(runId: string, runDir: string, opts: UploadOptions): Promise<UploadResult>;
+//# sourceMappingURL=uploader.d.ts.map

package/dist/src/dashboard/upload/uploader.js

@@ -0,0 +1,330 @@
+// CLI uploader — snapshot, chunk, retry, finalize.
+//
+// Flow:
+//   1. Empty events.ndjson check → skip upload (Phase 2.2 returns 422 on
+//      expectedChunkCount=0; never call it).
+//   2. Snapshot events.ndjson + state.json to <runDir>/.upload-snapshot/.
+//   3. Bootstrap session: GET dashboard upload-session for resume; if 404
+//      mint fresh via POST /api/upload-session (Phase 2.2 endpoint, accepts
+//      Bearer clp_<key> via resolveCaller).
+//   4. PUT each chunk with x-chunk-prev-hash; retry transient 5xx.
+//   5. POST /api/runs/:runId/finalize with chainRoot + state.
+//   6. On success, delete the snapshot dir.
+import { promises as fs } from 'node:fs';
+import * as path from 'node:path';
+import { hashChunk, ZERO_HASH } from "./chain.js";
+import { sha256OfCanonical } from "./canonical.js";
+import { snapshotRun, deleteSnapshot, SnapshotMismatchError } from "./snapshot.js";
+const CHUNK_BYTES = 1024 * 1024; // 1 MiB matches server MAX_CHUNK_BYTES
+const DEFAULT_RETRY_DELAYS_MS = [1000, 4000, 16000, 64000];
+function resolveRetryDelays() {
+    // Test seam — let CI/tests override the exponential backoff schedule
+    // so transient-failure assertions don't add minutes to the suite.
+    const override = process.env.CLAUDE_AUTOPILOT_UPLOAD_RETRY_MS;
+    if (!override)
+        return DEFAULT_RETRY_DELAYS_MS;
+    return override
+        .split(',')
+        .map((s) => Number.parseInt(s.trim(), 10))
+        .filter((n) => Number.isFinite(n) && n >= 0);
+}
+export class UploadError extends Error {
+    status;
+    constructor(message, status = null) {
+        super(message);
+        this.status = status;
+    }
+}
+/**
+ * Phase 3 — thrown when /api/upload-session returns 402 with a structured
+ * `limit_reached` payload. Auto-upload entry point detects this subclass
+ * and prints a friendly message without retrying or overriding the run's
+ * exit code.
+ */
+export class UploadLimitError extends UploadError {
+    payload;
+    constructor(message, payload) {
+        super(message, 402);
+        this.payload = payload;
+    }
+}
+function resolveBaseUrl(opts) {
+    return (opts.baseUrl ??
+        process.env.AUTOPILOT_DASHBOARD_BASE_URL ??
+        'https://autopilot.dev');
+}
+function checkAborted(signal) {
+    if (signal?.aborted) {
+        const reason = signal.reason;
+        const err = reason instanceof Error
+            ? reason
+            : new Error('upload aborted');
+        throw err;
+    }
+}
+async function delay(ms, signal) {
+    return new Promise((resolve, reject) => {
+        const t = setTimeout(resolve, ms);
+        if (signal) {
+            const onAbort = () => {
+                clearTimeout(t);
+                reject(new Error('aborted'));
+            };
+            if (signal.aborted)
+                onAbort();
+            else
+                signal.addEventListener('abort', onAbort, { once: true });
+        }
+    });
+}
+async function readChunks(filePath) {
+    const handle = await fs.open(filePath, 'r');
+    try {
+        const stat = await handle.stat();
+        const total = stat.size;
+        const out = [];
+        let position = 0;
+        while (position < total) {
+            const remaining = total - position;
+            const size = remaining < CHUNK_BYTES ? remaining : CHUNK_BYTES;
+            const buf = Buffer.alloc(size);
+            const { bytesRead } = await handle.read(buf, 0, size, position);
+            if (bytesRead !== size) {
+                throw new UploadError(`short read at offset ${position}: ${bytesRead}/${size}`);
+            }
+            out.push(buf);
+            position += size;
+        }
+        return out;
+    }
+    finally {
+        await handle.close();
+    }
+}
+async function fetchWithRetry(url, init, fetchImpl, signal, is5xxRetryable) {
+    let lastErr = null;
+    const delays = resolveRetryDelays();
+    for (let attempt = 0; attempt <= delays.length; attempt++) {
+        checkAborted(signal);
+        try {
+            const res = await fetchImpl(url, init);
+            if (res.status >= 500 && res.status < 600 && is5xxRetryable && attempt < delays.length) {
+                const wait = delays[attempt];
+                await delay(wait, signal);
+                continue;
+            }
+            return res;
+        }
+        catch (err) {
+            if (signal?.aborted)
+                throw err;
+            lastErr = err;
+            if (attempt < delays.length) {
+                const wait = delays[attempt];
+                await delay(wait, signal);
+                continue;
+            }
+            throw err;
+        }
+    }
+    throw lastErr instanceof Error ? lastErr : new UploadError('exhausted retries');
+}
+async function bootstrapSession(baseUrl, apiKey, runId, expectedChunkCount, expectedBytes, fetchImpl, signal) {
+    // Resume path first.
+    const resumeUrl = `${baseUrl}/api/dashboard/runs/${encodeURIComponent(runId)}/upload-session`;
+    const resumeRes = await fetchWithRetry(resumeUrl, {
+        method: 'GET',
+        headers: { authorization: `Bearer ${apiKey}` },
+        signal,
+    }, fetchImpl, signal, true);
+    if (resumeRes.status === 200) {
+        const data = await resumeRes.json();
+        return { session: data, resumed: true };
+    }
+    if (resumeRes.status !== 404) {
+        const text = await resumeRes.text().catch(() => '');
+        throw new UploadError(`resume bootstrap failed: ${resumeRes.status} ${text}`, resumeRes.status);
+    }
+    // Mint fresh via Phase 2.2 endpoint.
+    const mintUrl = `${baseUrl}/api/upload-session`;
+    const mintRes = await fetchWithRetry(mintUrl, {
+        method: 'POST',
+        headers: {
+            authorization: `Bearer ${apiKey}`,
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({ runId, expectedChunkCount, expectedBytes }),
+        signal,
+    }, fetchImpl, signal, true);
+    // Phase 3 — structured 402 means we hit a runs/storage cap. Surface as a
+    // typed error so the auto-upload caller can print a friendly message
+    // without retrying or overriding the run's exit code.
+    if (mintRes.status === 402) {
+        let parsed = {};
+        try {
+            parsed = await mintRes.json();
+        }
+        catch {
+            // fall through — message below still useful
+        }
+        const limit = parsed.limit ?? 'unknown';
+        const current = parsed.current ?? 0;
+        const max = parsed.max ?? 0;
+        const upgradeUrl = parsed.upgrade_url ?? '';
+        throw new UploadLimitError(`upload rejected — ${limit} cap reached (${current}/${max}). Upgrade at ${upgradeUrl}`, { limit, current, max, upgrade_url: upgradeUrl });
+    }
+    if (mintRes.status !== 201) {
+        const text = await mintRes.text().catch(() => '');
+        throw new UploadError(`mint failed: ${mintRes.status} ${text}`, mintRes.status);
+    }
+    const data = await mintRes.json();
+    return { session: { ...data, session: { ...data.session, nextExpectedSeq: 0 } }, resumed: false };
+}
+export async function uploadRun(runId, runDir, opts) {
+    const fetchImpl = opts.fetchImpl ?? fetch;
+    const baseUrl = resolveBaseUrl(opts);
+    const signal = opts.signal;
+    try {
+        // (1) Empty events check — skip cleanly so server's 422 isn't tripped.
+        const eventsPath = path.join(runDir, 'events.ndjson');
+        let eventsStat;
+        try {
+            eventsStat = await fs.stat(eventsPath);
+        }
+        catch {
+            return { ok: true, skipped: true };
+        }
+        if (eventsStat.size === 0) {
+            return { ok: true, skipped: true };
+        }
+        // (2) Snapshot.
+        checkAborted(signal);
+        const snap = await snapshotRun(runDir);
+        opts.onProgress?.({ kind: 'snapshot', bytes: snap.eventsBytes });
+        const chunks = await readChunks(snap.events);
+        const expectedChunkCount = chunks.length;
+        // (3) Bootstrap. Phase 3 — pass expectedBytes for storage cap preflight.
+        checkAborted(signal);
+        const { session, resumed } = await bootstrapSession(baseUrl, opts.apiKey, runId, expectedChunkCount, snap.eventsBytes, fetchImpl, signal);
+        const startSeq = session.session.nextExpectedSeq ?? 0;
+        opts.onProgress?.({ kind: 'session', resumed, nextExpectedSeq: startSeq });
+        // (4) Stream chunks. Walk the chain forward from seq 0 even when
+        // resuming so prev-hash for seq=startSeq is correct.
+        let prev = ZERO_HASH;
+        for (let i = 0; i < startSeq; i++) {
+            const chunk = chunks[i];
+            if (!chunk)
+                throw new UploadError(`missing chunk at seq ${i} during prefix replay`);
+            prev = hashChunk(prev, chunk);
+        }
+        let token = session.uploadToken;
+        let chainRoot = prev;
+        let reauthAttempts = 0; // bugbot HIGH — bound the 401 re-bootstrap retry
+        const MAX_REAUTH_ATTEMPTS = 1;
+        for (let seq = startSeq; seq < chunks.length; seq++) {
+            checkAborted(signal);
+            const chunk = chunks[seq];
+            if (!chunk)
+                throw new UploadError(`missing chunk at seq ${seq}`);
+            const thisHash = hashChunk(prev, chunk);
+            const url = `${baseUrl}/api/runs/${encodeURIComponent(runId)}/events/${seq}`;
+            const init = {
+                method: 'PUT',
+                headers: {
+                    authorization: `Bearer ${token}`,
+                    'content-type': 'application/octet-stream',
+                    'x-chunk-prev-hash': prev,
+                },
+                body: chunk,
+                signal,
+            };
+            const res = await fetchWithRetry(url, init, fetchImpl, signal, true);
+            if (res.status === 200 || res.status === 201) {
+                prev = thisHash;
+                chainRoot = thisHash;
+                opts.onProgress?.({ kind: 'chunk-uploaded', seq, total: chunks.length });
+                continue;
+            }
+            if (res.status === 401) {
+                // bugbot HIGH — bound retries. Token might be expired, OR the API
+                // key is revoked (bootstrap succeeds but minted tokens are still
+                // 401). Without a counter, the loop spins forever.
+                if (reauthAttempts >= MAX_REAUTH_ATTEMPTS) {
+                    const text = await res.text().catch(() => '');
+                    throw new UploadError(`chunk ${seq} unauthorized after ${reauthAttempts} re-bootstrap attempt(s); check API key validity. ${text}`, res.status);
+                }
+                reauthAttempts++;
+                const reboot = await bootstrapSession(baseUrl, opts.apiKey, runId, expectedChunkCount, snap.eventsBytes, fetchImpl, signal);
+                token = reboot.session.uploadToken;
+                seq -= 1;
+                continue;
+            }
+            if (res.status === 409) {
+                // Duplicate chunk content with matching hash is treated as success
+                // by the server (RPC path); treat as success here too if hash agrees.
+                const text = await res.text().catch(() => '');
+                if (/duplicate/i.test(text)) {
+                    prev = thisHash;
+                    chainRoot = thisHash;
+                    opts.onProgress?.({ kind: 'chunk-uploaded', seq, total: chunks.length });
+                    continue;
+                }
+                throw new UploadError(`chunk ${seq} rejected: ${res.status} ${text}`, res.status);
+            }
+            const text = await res.text().catch(() => '');
+            throw new UploadError(`chunk ${seq} failed: ${res.status} ${text}`, res.status);
+        }
+        // (5) Finalize.
+        checkAborted(signal);
+        let stateJson = {};
+        try {
+            const raw = await fs.readFile(snap.state, 'utf-8');
+            stateJson = JSON.parse(raw);
+        }
+        catch {
+            stateJson = {};
+        }
+        // sha256 not strictly needed here — server recomputes — but include for parity.
+        void sha256OfCanonical(stateJson);
+        const finalizeUrl = `${baseUrl}/api/runs/${encodeURIComponent(runId)}/finalize`;
+        const finalRes = await fetchWithRetry(finalizeUrl, {
+            method: 'POST',
+            headers: {
+                authorization: `Bearer ${token}`,
+                'content-type': 'application/json',
+            },
+            body: JSON.stringify({
+                chainRoot,
+                expectedChunkCount,
+                stateJson,
+            }),
+            signal,
+        }, fetchImpl, signal, true);
+        if (finalRes.status !== 200) {
+            const text = await finalRes.text().catch(() => '');
+            throw new UploadError(`finalize failed: ${finalRes.status} ${text}`, finalRes.status);
+        }
+        opts.onProgress?.({ kind: 'finalized' });
+        // (6) Cleanup snapshot.
+        await deleteSnapshot(runDir);
+        return {
+            ok: true,
+            url: `${baseUrl}/runs/${encodeURIComponent(runId)}`,
+        };
+    }
+    catch (err) {
+        // Phase 3 — let UploadLimitError bubble so the auto-upload entry point
+        // can print the friendly message + preserve the run's exit code.
+        if (err instanceof UploadLimitError) {
+            throw err;
+        }
+        if (err instanceof SnapshotMismatchError) {
+            return { ok: false, error: `snapshot mismatch: ${err.message}` };
+        }
+        if (err.message === 'aborted') {
+            return { ok: false, error: 'aborted' };
+        }
+        return { ok: false, error: err.message ?? String(err) };
+    }
+}
+//# sourceMappingURL=uploader.js.map

package/package.json

@@ -1,7 +1,10 @@
 {
   "name": "@delegance/claude-autopilot",
-  "version": "6.2.2",
+  "version": "7.2.1",
   "type": "module",
+  "publishConfig": {
+    "tag": "next"
+  },
   "description": "Autonomous development pipeline for Claude Code: brainstorm → spec → plan → implement → migrate → validate → PR → review → merge. Multi-model, local-first, every phase a skill you can intervene in.",
   "keywords": [
     "claude-autopilot",
@@ -15,6 +18,10 @@
     "pipeline"
   ],
   "license": "MIT",
+  "workspaces": [
+    "apps/*",
+    "packages/*"
+  ],
   "repository": {
     "type": "git",
     "url": "https://github.com/axledbetter/claude-autopilot.git"
@@ -53,20 +60,27 @@
   "scripts": {
     "test": "node scripts/test-runner.mjs",
     "test:adapters:live": "node --test --import=tsx tests/adapters/live/vercel.cert.ts tests/adapters/live/fly.cert.ts tests/adapters/live/render.cert.ts",
+    "test:rls": "node --test --import=tsx tests/rls/*.test.ts",
     "typecheck": "tsc --noEmit",
     "build": "tsc -p tsconfig.build.json && node scripts/post-build-rewrite-imports.mjs",
     "prepublishOnly": "npm run build && npm test",
-    "autoregress": "tsx scripts/autoregress.ts"
+    "autoregress": "tsx scripts/autoregress.ts",
+    "db:start": "bash scripts/db/start-supabase.sh",
+    "db:stop": "bash scripts/db/stop-supabase.sh",
+    "db:reset": "bash scripts/db/reset-supabase.sh"
   },
   "dependencies": {
+    "@supabase/supabase-js": "^2.97.0",
     "ajv": "^8",
     "ajv-formats": "^3.0.1",
+    "canonicalize": "^3.0.0",
     "dotenv": ">=16",
     "js-yaml": "^4",
     "minimatch": ">=9",
     "proper-lockfile": "^4.1.2",
     "shell-quote": "^1.8.3",
-    "tsx": ">=4"
+    "tsx": ">=4",
+    "ulid": "^3.0.2"
   },
   "optionalDependencies": {
     "@anthropic-ai/sdk": "^0.91.1",
@@ -79,6 +93,7 @@
     "@types/node": "^25",
     "@types/proper-lockfile": "^4.1.4",
     "@types/shell-quote": "^1.7.5",
+    "supabase": "^2.20.0",
     "typescript": "^6"
   },
   "peerDependencies": {

package/scripts/test-runner.mjs

@@ -4,6 +4,10 @@ import { spawnSync } from 'node:child_process';
 
 const files = [];
 for await (const f of glob('tests/**/*.test.ts')) {
+  // RLS tests require a live Supabase stack + env credentials; they run
+  // from a dedicated workflow (.github/workflows/db-tests.yml) via
+  // `npm run test:rls`, not from the general test runner.
+  if (f.startsWith('tests/rls/') || f.startsWith('tests\\rls\\')) continue;
   files.push(f);
 }
 files.sort();