@desplega.ai/agent-swarm 1.75.0 → 1.76.0

package/src/http/task-templates.ts

@@ -0,0 +1,51 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { z } from "zod";
+import { listTaskTemplates } from "../be/db";
+import { TaskTemplateKindSchema } from "../types";
+import { route } from "./route-def";
+import { json } from "./utils";
+
+// ─── Route Definitions ───────────────────────────────────────────────────────
+
+const listTemplates = route({
+  method: "get",
+  path: "/api/task-templates",
+  pattern: ["api", "task-templates"],
+  summary: "List task templates ('To start' bucket)",
+  tags: ["Task Templates"],
+  query: z.object({
+    category: z.string().optional(),
+    /** v2 hook — v1 callers always pass `kind=task` (or omit). */
+    kind: TaskTemplateKindSchema.optional(),
+    /** Case-insensitive LIKE match against `title` OR `description`. */
+    query: z.string().optional(),
+  }),
+  responses: {
+    200: { description: "Task template list" },
+    401: { description: "Unauthorized" },
+  },
+  auth: { apiKey: true },
+});
+
+// ─── Handler ─────────────────────────────────────────────────────────────────
+
+export async function handleTaskTemplates(
+  req: IncomingMessage,
+  res: ServerResponse,
+  pathSegments: string[],
+  queryParams: URLSearchParams,
+): Promise<boolean> {
+  if (listTemplates.match(req.method, pathSegments)) {
+    const parsed = await listTemplates.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const templates = listTaskTemplates({
+      category: parsed.query.category,
+      kind: parsed.query.kind,
+      query: parsed.query.query,
+    });
+    json(res, { templates });
+    return true;
+  }
+
+  return false;
+}

package/src/http/tasks.ts

@@ -7,10 +7,12 @@ import {
   failTask,
   getAllTasks,
   getDb,
+  getLeadAgent,
   getLogsByTaskId,
   getPausedTasksForAgent,
   getTaskById,
   getTasksCount,
+  getUserById,
   pauseTask,
   resumeTask,
   updateAgentStatusFromCapacity,
@@ -20,7 +22,13 @@ import {
 } from "../be/db";
 import { createTaskWithSiblingAwareness } from "../tasks/sibling-awareness";
 import { telemetry } from "../telemetry";
-import { ProviderNameSchema } from "../types";
+import {
+  type AgentTaskSource,
+  AgentTaskSourceSchema,
+  type AgentTaskStatus,
+  AgentTaskStatusSchema,
+  ProviderNameSchema,
+} from "../types";
 import { route } from "./route-def";
 import { json, jsonError } from "./utils";
 
@@ -33,16 +41,22 @@ const listTasks = route({
   summary: "List tasks with filters",
   tags: ["Tasks"],
   query: z.object({
+    /** Single status, or comma-separated list (e.g. "failed,cancelled"). */
     status: z.string().optional(),
     agentId: z.string().optional(),
     scheduleId: z.string().optional(),
     search: z.string().optional(),
     includeHeartbeat: z.enum(["true", "false"]).optional(),
+    /** ISO 8601 — return only tasks created on/after this timestamp. */
+    createdAfter: z.string().datetime().optional(),
+    /** Comma-separated source filter (e.g. `ui,slack`). Omit to include all. */
+    source: z.string().optional(),
     limit: z.coerce.number().int().optional(),
     offset: z.coerce.number().int().optional(),
   }),
   responses: {
     200: { description: "Paginated task list" },
+    400: { description: "Validation error (e.g. unknown status token)" },
   },
 });
 
@@ -62,9 +76,10 @@ const createTask = route({
     offeredTo: z.string().optional(),
     dir: z.string().optional(),
     parentTaskId: z.string().optional(),
-    source: z.string().optional(),
+    source: AgentTaskSourceSchema.optional(),
     outputSchema: z.record(z.string(), z.unknown()).optional(),
     contextKey: z.string().optional(),
+    requestedByUserId: z.string().optional(),
   }),
   responses: {
     201: { description: "Task created" },
@@ -239,12 +254,53 @@ export async function handleTasks(
   if (listTasks.match(req.method, pathSegments)) {
     const parsed = await listTasks.parse(req, res, pathSegments, queryParams);
     if (!parsed) return true;
+
+    // Multi-status CSV: split on `,` and validate each token against the
+    // canonical enum. Empty / single-status callers still work.
+    let status: AgentTaskStatus | AgentTaskStatus[] | undefined;
+    if (parsed.query.status) {
+      const tokens = parsed.query.status
+        .split(",")
+        .map((s) => s.trim())
+        .filter(Boolean);
+      const validated: AgentTaskStatus[] = [];
+      for (const tok of tokens) {
+        const result = AgentTaskStatusSchema.safeParse(tok);
+        if (!result.success) {
+          jsonError(res, `Invalid status token: ${tok}`, 400);
+          return true;
+        }
+        validated.push(result.data);
+      }
+      status = validated.length === 1 ? validated[0] : validated;
+    }
+
+    let source: AgentTaskSource[] | undefined;
+    if (parsed.query.source) {
+      const tokens = parsed.query.source
+        .split(",")
+        .map((s) => s.trim())
+        .filter(Boolean);
+      const validated: AgentTaskSource[] = [];
+      for (const tok of tokens) {
+        const result = AgentTaskSourceSchema.safeParse(tok);
+        if (!result.success) {
+          jsonError(res, `Invalid source token: ${tok}`, 400);
+          return true;
+        }
+        validated.push(result.data);
+      }
+      if (validated.length > 0) source = validated;
+    }
+
     const filters = {
-      status: (parsed.query.status as import("../types").AgentTaskStatus) || undefined,
+      status,
       agentId: parsed.query.agentId || undefined,
       scheduleId: parsed.query.scheduleId || undefined,
       search: parsed.query.search || undefined,
       includeHeartbeat: parsed.query.includeHeartbeat === "true" || undefined,
+      createdAfter: parsed.query.createdAfter || undefined,
+      source,
       limit: parsed.query.limit,
       offset: parsed.query.offset,
     };
@@ -258,9 +314,32 @@ export async function handleTasks(
     const parsed = await createTask.parse(req, res, pathSegments, queryParams);
     if (!parsed) return true;
 
+    // Tolerant `requestedByUserId`: prevent the deleted-user race from
+    // becoming a 500 — if the referenced user doesn't exist, log and drop
+    // the field rather than letting the FK fail at INSERT.
+    let requestedByUserId = parsed.body.requestedByUserId || undefined;
+    if (requestedByUserId && !getUserById(requestedByUserId)) {
+      console.warn(
+        `[tasks] requestedByUserId ${requestedByUserId} does not exist — coercing to NULL`,
+      );
+      requestedByUserId = undefined;
+    }
+
+    // Default agent for ingress-created tasks: when no explicit `agentId` is
+    // provided, route to the lead so the task has an owner immediately
+    // (regardless of whether it's a root or a follow-up under a parentTaskId).
+    // Without this, UI composer follow-ups land unassigned and never get
+    // picked up. Mirrors Slack's pattern (slack/actions.ts uses lead?.id when
+    // there's no working agent).
+    let defaultAgentId = parsed.body.agentId || undefined;
+    if (!defaultAgentId) {
+      const lead = getLeadAgent();
+      if (lead) defaultAgentId = lead.id;
+    }
+
     try {
       const task = createTaskWithSiblingAwareness(parsed.body.task, {
-        agentId: parsed.body.agentId || undefined,
+        agentId: defaultAgentId,
         creatorAgentId: myAgentId || undefined,
         taskType: parsed.body.taskType || undefined,
         tags: parsed.body.tags || undefined,
@@ -269,9 +348,10 @@ export async function handleTasks(
         offeredTo: parsed.body.offeredTo || undefined,
         dir: parsed.body.dir || undefined,
         parentTaskId: parsed.body.parentTaskId || undefined,
-        source: (parsed.body.source as import("../types").AgentTaskSource) || "api",
+        source: parsed.body.source || "api",
         outputSchema: parsed.body.outputSchema || undefined,
         contextKey: parsed.body.contextKey || undefined,
+        requestedByUserId,
       });
 
       ensure({

package/src/http/users.ts

@@ -0,0 +1,134 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { z } from "zod";
+import { createUser, getAllUsers, getUserById, updateUser } from "../be/db";
+import { route } from "./route-def";
+import { json, jsonError } from "./utils";
+
+// ─── Route Definitions ───────────────────────────────────────────────────────
+
+const listUsers = route({
+  method: "get",
+  path: "/api/users",
+  pattern: ["api", "users"],
+  summary: "List all users",
+  tags: ["Users"],
+  responses: {
+    200: { description: "List of users" },
+    401: { description: "Unauthorized" },
+  },
+  auth: { apiKey: true },
+});
+
+const createUserRoute = route({
+  method: "post",
+  path: "/api/users",
+  pattern: ["api", "users"],
+  summary: "Create a new user",
+  tags: ["Users"],
+  body: z.object({
+    name: z.string().min(1),
+    email: z.string().optional(),
+    role: z.string().optional(),
+    notes: z.string().optional(),
+    slackUserId: z.string().optional(),
+    linearUserId: z.string().optional(),
+    githubUsername: z.string().optional(),
+    gitlabUsername: z.string().optional(),
+    emailAliases: z.array(z.string()).optional(),
+    preferredChannel: z.string().optional(),
+    timezone: z.string().optional(),
+  }),
+  responses: {
+    200: { description: "User created" },
+    400: { description: "Validation error" },
+    401: { description: "Unauthorized" },
+  },
+  auth: { apiKey: true },
+});
+
+const updateUserRoute = route({
+  method: "put",
+  path: "/api/users/{id}",
+  pattern: ["api", "users", null],
+  summary: "Update an existing user (partial — at least one field required)",
+  tags: ["Users"],
+  params: z.object({ id: z.string() }),
+  body: z
+    .object({
+      name: z.string().min(1).optional(),
+      email: z.string().optional(),
+      role: z.string().optional(),
+      notes: z.string().optional(),
+      slackUserId: z.string().optional(),
+      linearUserId: z.string().optional(),
+      githubUsername: z.string().optional(),
+      gitlabUsername: z.string().optional(),
+      emailAliases: z.array(z.string()).optional(),
+      preferredChannel: z.string().optional(),
+      timezone: z.string().optional(),
+    })
+    .refine((v) => Object.keys(v).length > 0, {
+      message: "At least one field must be provided",
+    }),
+  responses: {
+    200: { description: "User updated" },
+    400: { description: "Validation error or empty body" },
+    401: { description: "Unauthorized" },
+    404: { description: "User not found" },
+  },
+  auth: { apiKey: true },
+});
+
+// ─── Handler ─────────────────────────────────────────────────────────────────
+
+export async function handleUsers(
+  req: IncomingMessage,
+  res: ServerResponse,
+  pathSegments: string[],
+  queryParams: URLSearchParams,
+): Promise<boolean> {
+  if (listUsers.match(req.method, pathSegments)) {
+    const parsed = await listUsers.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const users = getAllUsers();
+    json(res, { users });
+    return true;
+  }
+
+  if (createUserRoute.match(req.method, pathSegments)) {
+    const parsed = await createUserRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    try {
+      const user = createUser(parsed.body);
+      json(res, { user });
+    } catch (err) {
+      jsonError(res, err instanceof Error ? err.message : "Failed to create user", 500);
+    }
+    return true;
+  }
+
+  if (updateUserRoute.match(req.method, pathSegments)) {
+    const parsed = await updateUserRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+
+    // 404 if user not found before update — keeps the contract honest.
+    if (!getUserById(parsed.params.id)) {
+      jsonError(res, "User not found", 404);
+      return true;
+    }
+
+    try {
+      const user = updateUser(parsed.params.id, parsed.body);
+      if (!user) {
+        jsonError(res, "User not found", 404);
+        return true;
+      }
+      json(res, { user });
+    } catch (err) {
+      jsonError(res, err instanceof Error ? err.message : "Failed to update user", 500);
+    }
+    return true;
+  }
+
+  return false;
+}

package/src/providers/claude-adapter.ts

@@ -194,6 +194,11 @@ class ClaudeSession implements ProviderSession {
         ENABLE_PROMPT_CACHING_1H: "1",
         ...(config.env || process.env),
         TASK_FILE: taskFilePath,
+        // Belt-and-braces: TASK_FILE on disk can disappear mid-session (race
+        // with task lifecycle), which silently drops the Stop-hook memory
+        // rater. The hook prefers these env vars when present. See PR #444.
+        AGENT_SWARM_TASK_ID: config.taskId,
+        AGENT_SWARM_AGENT_ID: config.agentId,
       } as Record<string, string>,
       stdout: "pipe",
       stderr: "pipe",

package/src/providers/codex-adapter.ts

@@ -690,7 +690,7 @@ class CodexSession implements ProviderSession {
           // `contextPercent` is on a 0-100 scale across all providers — claude
           // emits `(used / total) * 100`, pi-mono passes through `usage.percent`
           // which is already 0-100. The dashboard at
-          // new-ui/src/pages/tasks/[id]/page.tsx renders it via `.toFixed(0)`
+          // ui/src/pages/tasks/[id]/page.tsx renders it via `.toFixed(0)`
           // expecting an integer percent, so a 0-1 fraction would render as
           // "0%" instead of e.g. "40%".
           this.emit({

package/src/providers/index.ts

@@ -2,7 +2,7 @@ export {
   checkProviderCredentials,
   REQUIRED_CRED_VARS_BY_PROVIDER,
   type SupportedProvider,
-} from "./credentials";
+} from "../commands/provider-credentials";
 export type {
   CostData,
   CredCheckOptions,

package/src/slack/handlers.ts

@@ -1,7 +1,6 @@
 import type { App } from "@slack/bolt";
 import type { WebClient } from "@slack/web-api";
 import {
-  createTaskExtended,
   getAgentById,
   getAgentWorkingOnThread,
   getLeadAgent,