@desplega.ai/agent-swarm 1.79.4 → 1.80.1

package/src/http/scripts.ts

@@ -0,0 +1,381 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { z } from "zod";
+import { getAgentById } from "../be/db";
+import { createEvent } from "../be/events";
+import { deleteScript, getScript, upsertScriptByName } from "../be/scripts/db";
+import { searchScripts } from "../be/scripts/embeddings";
+import { SCRIPT_SDK_TYPES, SCRIPT_STDLIB_TYPES, typecheckScript } from "../be/scripts/typecheck";
+import { extractScriptSignature } from "../scripts-runtime/extract-signature";
+import { runScript } from "../scripts-runtime/loader";
+import {
+  ScriptFsModeSchema,
+  type ScriptRecord,
+  type ScriptScope,
+  ScriptScopeSchema,
+} from "../types";
+import { scrubObject } from "../utils/secret-scrubber";
+import { route } from "./route-def";
+import { json, jsonError } from "./utils";
+
+const scriptNameSchema = z.string().min(1).max(200);
+
+const upsertBodySchema = z.object({
+  name: scriptNameSchema,
+  source: z.string().min(1),
+  description: z.string().default(""),
+  intent: z.string().default(""),
+  scope: ScriptScopeSchema.default("agent"),
+  fsMode: ScriptFsModeSchema.default("none"),
+});
+
+const runBodySchema = z
+  .object({
+    name: scriptNameSchema.optional(),
+    source: z.string().min(1).optional(),
+    args: z.unknown().optional(),
+    intent: z.string().default(""),
+    scope: ScriptScopeSchema.optional(),
+    fsMode: ScriptFsModeSchema.default("none"),
+  })
+  .refine((body) => Boolean(body.name) !== Boolean(body.source), {
+    message: "Provide exactly one of name or source",
+  });
+
+const searchBodySchema = z.object({
+  query: z.string().default(""),
+  scope: ScriptScopeSchema.optional(),
+  limit: z.number().int().min(1).max(100).default(10),
+});
+
+const nameParamsSchema = z.object({ name: scriptNameSchema });
+const scopeQuerySchema = z.object({ scope: ScriptScopeSchema.default("agent") });
+const optionalScopeQuerySchema = z.object({ scope: ScriptScopeSchema.optional() });
+
+const upsertRoute = route({
+  method: "post",
+  path: "/api/scripts/upsert",
+  pattern: ["api", "scripts", "upsert"],
+  operationId: "scripts_upsert",
+  summary: "Create or update a reusable script",
+  description: "Explicit script upserts run a TypeScript typecheck before writing.",
+  tags: ["Scripts"],
+  body: upsertBodySchema,
+  responses: {
+    200: { description: "Script upserted" },
+    400: { description: "Validation or typecheck failure" },
+    403: { description: "Global write requires lead agent" },
+  },
+});
+
+const runRoute = route({
+  method: "post",
+  path: "/api/scripts/run",
+  pattern: ["api", "scripts", "run"],
+  operationId: "scripts_run",
+  summary: "Run a reusable or inline script",
+  description:
+    "Inline source skips typecheck and is auto-saved as a scratch script only on success.",
+  tags: ["Scripts"],
+  body: runBodySchema,
+  responses: {
+    200: { description: "Script run completed" },
+    400: { description: "Validation error" },
+    404: { description: "Script not found" },
+    501: { description: "workspace-rw scripts are not supported in v1" },
+  },
+});
+
+const searchRoute = route({
+  method: "post",
+  path: "/api/scripts/search",
+  pattern: ["api", "scripts", "search"],
+  operationId: "scripts_search",
+  summary: "Search reusable scripts",
+  description: "Phase 3 search is substring-only over script name and metadata.",
+  tags: ["Scripts"],
+  body: searchBodySchema,
+  responses: {
+    200: { description: "Matching scripts" },
+    400: { description: "Validation error" },
+  },
+});
+
+const deleteRoute = route({
+  method: "delete",
+  path: "/api/scripts/{name}",
+  pattern: ["api", "scripts", null],
+  operationId: "scripts_delete",
+  summary: "Delete a reusable script",
+  tags: ["Scripts"],
+  params: nameParamsSchema,
+  query: scopeQuerySchema,
+  responses: {
+    200: { description: "Delete result" },
+    400: { description: "Validation error" },
+    403: { description: "Global delete requires lead agent" },
+  },
+});
+
+const typesRoute = route({
+  method: "get",
+  path: "/api/scripts/{name}/types",
+  pattern: ["api", "scripts", null, "types"],
+  operationId: "scripts_types",
+  summary: "Get script signature and authoring types",
+  tags: ["Scripts"],
+  params: nameParamsSchema,
+  query: optionalScopeQuerySchema,
+  responses: {
+    200: { description: "Script signature and type blobs" },
+    404: { description: "Script not found" },
+  },
+});
+
+function requireAgent(res: ServerResponse, agentId: string | undefined) {
+  if (!agentId) {
+    jsonError(res, "X-Agent-ID required for scripts API", 400);
+    return null;
+  }
+  const agent = getAgentById(agentId);
+  if (!agent) {
+    jsonError(res, "Agent not found", 404);
+    return null;
+  }
+  return agent;
+}
+
+function signatureJsonFor(source: string): string {
+  return JSON.stringify(extractScriptSignature(source));
+}
+
+function resolveScript(name: string, agentId: string, scope?: ScriptScope): ScriptRecord | null {
+  if (scope === "global") return getScript({ name, scope: "global" });
+  if (scope === "agent") return getScript({ name, scope: "agent", scopeId: agentId });
+  return (
+    getScript({ name, scope: "agent", scopeId: agentId }) ?? getScript({ name, scope: "global" })
+  );
+}
+
+function scratchSlug(intent: string, source: string): string {
+  const base = (intent || "inline-script")
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-+|-+$/g, "")
+    .slice(0, 48);
+  const hash = new Bun.CryptoHasher("sha256").update(source).digest("hex").slice(0, 8);
+  return `scratch-${base || "inline-script"}-${hash}`;
+}
+
+function emitGlobalUpsertEvent(args: {
+  agentId: string;
+  script: ScriptRecord;
+  isNew: boolean;
+  isPromotion: boolean;
+}) {
+  createEvent({
+    category: "system",
+    event: "script.global_upsert",
+    source: "api",
+    agentId: args.agentId,
+    data: {
+      scriptId: args.script.id,
+      name: args.script.name,
+      version: args.script.version,
+      contentHash: args.script.contentHash,
+      changedByAgentId: args.agentId,
+      isNew: args.isNew,
+      isPromotion: args.isPromotion,
+    },
+  });
+}
+
+export async function handleScripts(
+  req: IncomingMessage,
+  res: ServerResponse,
+  pathSegments: string[],
+  queryParams: URLSearchParams,
+  agentId: string | undefined,
+): Promise<boolean> {
+  if (upsertRoute.match(req.method, pathSegments)) {
+    const parsed = await upsertRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const agent = requireAgent(res, agentId);
+    if (!agent) return true;
+
+    if (parsed.body.scope === "global" && !agent.isLead) {
+      jsonError(res, "Global scripts require a lead agent", 403);
+      return true;
+    }
+
+    const typecheck = typecheckScript(parsed.body.source);
+    if (!typecheck.ok) {
+      json(res, { error: "typecheck_failed", diagnostics: typecheck.diagnostics }, 400);
+      return true;
+    }
+
+    const existingAgentScript =
+      parsed.body.scope === "global"
+        ? getScript({ name: parsed.body.name, scope: "agent", scopeId: agent.id })
+        : null;
+    const result = await upsertScriptByName({
+      name: parsed.body.name,
+      scope: parsed.body.scope,
+      scopeId: parsed.body.scope === "agent" ? agent.id : null,
+      source: parsed.body.source,
+      description: parsed.body.description,
+      intent: parsed.body.intent,
+      signatureJson: signatureJsonFor(parsed.body.source),
+      fsMode: parsed.body.fsMode,
+      agentId: agent.id,
+      isScratch: false,
+      typeChecked: true,
+    });
+
+    if (parsed.body.scope === "global" && !result.contentDeduped) {
+      emitGlobalUpsertEvent({
+        agentId: agent.id,
+        script: result.script,
+        isNew: result.isNew,
+        isPromotion: Boolean(existingAgentScript),
+      });
+    }
+
+    json(res, {
+      name: result.script.name,
+      version: result.script.version,
+      contentDeduped: result.contentDeduped,
+    });
+    return true;
+  }
+
+  if (runRoute.match(req.method, pathSegments)) {
+    const parsed = await runRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const agent = requireAgent(res, agentId);
+    if (!agent) return true;
+
+    let source = parsed.body.source;
+    let fsMode = parsed.body.fsMode;
+    if (parsed.body.name) {
+      const script = resolveScript(parsed.body.name, agent.id, parsed.body.scope);
+      if (!script) {
+        jsonError(res, "Script not found", 404);
+        return true;
+      }
+      source = script.source;
+      fsMode = script.fsMode;
+    }
+
+    if (fsMode === "workspace-rw") {
+      jsonError(res, "workspace-rw scripts are not supported by /api/scripts/run in v1", 501);
+      return true;
+    }
+
+    const output = await runScript({
+      source: source as string,
+      args: parsed.body.args,
+      fsMode,
+      agentId: agent.id,
+    });
+
+    let autoSaved: { slug: string; reason: string } | undefined;
+    if (parsed.body.source && !output.error && output.exitCode === 0) {
+      const slug = scratchSlug(parsed.body.intent, parsed.body.source);
+      await upsertScriptByName({
+        name: slug,
+        scope: "agent",
+        scopeId: agent.id,
+        source: parsed.body.source,
+        description: `Scratch script: ${parsed.body.intent || slug}`,
+        intent: parsed.body.intent || "Inline script auto-saved after successful run",
+        signatureJson: signatureJsonFor(parsed.body.source),
+        fsMode: "none",
+        agentId: agent.id,
+        isScratch: true,
+        typeChecked: false,
+        changeReason: "Auto-saved successful inline run",
+      });
+      autoSaved = { slug, reason: "successful_inline_run" };
+    }
+
+    json(
+      res,
+      scrubObject({
+        result: output.result,
+        autoSaved,
+        truncated: output.truncated,
+        durationMs: output.durationMs,
+        stdout: output.stdout,
+        stderr: output.stderr,
+        exitCode: output.exitCode,
+        error: output.error,
+      }),
+    );
+    return true;
+  }
+
+  if (searchRoute.match(req.method, pathSegments)) {
+    const parsed = await searchRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const agent = requireAgent(res, agentId);
+    if (!agent) return true;
+
+    const matches = await searchScripts({
+      query: parsed.body.query,
+      scope: parsed.body.scope,
+      scopeId: agent.id,
+      limit: parsed.body.limit,
+    });
+
+    json(res, {
+      results: matches.map(({ script, score }) => ({
+        name: script.name,
+        signature: JSON.parse(script.signatureJson),
+        description: script.description,
+        score,
+      })),
+    });
+    return true;
+  }
+
+  if (typesRoute.match(req.method, pathSegments)) {
+    const parsed = await typesRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const agent = requireAgent(res, agentId);
+    if (!agent) return true;
+
+    const script = resolveScript(parsed.params.name, agent.id, parsed.query.scope);
+    if (!script) {
+      jsonError(res, "Script not found", 404);
+      return true;
+    }
+    json(res, {
+      signature: JSON.parse(script.signatureJson),
+      sdkTypes: SCRIPT_SDK_TYPES,
+      stdlibTypes: SCRIPT_STDLIB_TYPES,
+    });
+    return true;
+  }
+
+  if (deleteRoute.match(req.method, pathSegments)) {
+    const parsed = await deleteRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const agent = requireAgent(res, agentId);
+    if (!agent) return true;
+
+    if (parsed.query.scope === "global" && !agent.isLead) {
+      jsonError(res, "Global scripts require a lead agent", 403);
+      return true;
+    }
+
+    const deleted = deleteScript({
+      name: parsed.params.name,
+      scope: parsed.query.scope,
+      scopeId: parsed.query.scope === "agent" ? agent.id : null,
+    });
+    json(res, { deleted });
+    return true;
+  }
+
+  return false;
+}

package/src/http/session-data.ts

@@ -13,6 +13,7 @@ import {
   getSessionLogsByTaskId,
   getTaskById,
 } from "../be/db";
+import { normalizeModelKey } from "../be/pricing-normalize";
 import type { SessionCost, SessionCostSource } from "../types";
 import { route } from "./route-def";
 import { json, jsonError } from "./utils";
@@ -65,17 +66,24 @@ const createSessionCostRoute = route({
     inputTokens: z.number().int().optional(),
     outputTokens: z.number().int().optional(),
     cacheReadTokens: z.number().int().optional(),
-    cacheWriteTokens: z.number().int().optional(),
+    // Migration 063: nullable — adapters that can't honestly report cache writes
+    // (e.g. Codex SDK) prefer null over a faked 0.
+    cacheWriteTokens: z.number().int().nullable().optional(),
+    // Migration 063: new token classes previously dropped on the floor.
+    reasoningOutputTokens: z.number().int().nonnegative().optional(),
+    thinkingTokens: z.number().int().nonnegative().optional(),
     durationMs: z.number().int().optional(),
-    numTurns: z.number().int().optional(),
+    // Migration 063: nullable for adapters that can't honestly report numTurns.
+    numTurns: z.number().int().nullable().optional(),
     model: z.string().optional(),
     isError: z.boolean().optional(),
     /**
-     * Phase 6: when present, drives the codex pricing-table recompute path.
-     * Other providers ('claude' / 'pi' / 'opencode') always trust harness-reported USD.
-     * Optional / undefined keeps back-compat for existing callers.
+     * Phase 6 (extended migration 063): drives the API recompute path. After
+     * Phase 2 every provider with seeded pricing rows participates.
      */
-    provider: z.enum(["claude", "codex", "pi", "opencode"]).optional(),
+    provider: z
+      .enum(["claude", "claude-managed", "codex", "pi", "opencode", "devin", "gemini"])
+      .optional(),
     /**
      * Phase 6: epoch-ms timestamp used as the "active price at time T" lookup
      * basis. Defaults to `Date.now()` when omitted. Including it lets
@@ -185,35 +193,75 @@ export async function handleSessionData(
     try {
       const inputTokens = parsed.body.inputTokens ?? 0;
       const cachedInputTokens = parsed.body.cacheReadTokens ?? 0;
+      const cacheWriteTokens = parsed.body.cacheWriteTokens ?? 0;
       const outputTokens = parsed.body.outputTokens ?? 0;
-      const model = parsed.body.model || "opus";
+      // Phase 2: don't paper over a missing model with a fake default — that
+      // poisoned the pricing-table lookup against the wrong rate. Only the
+      // back-compat case (no provider tag) keeps "opus" so old callers don't
+      // explode.
+      const model = parsed.body.model || (parsed.body.provider ? "" : "opus");
 
-      // Phase 6: Codex USD recompute. When the worker reports `provider='codex'`
-      // and DB pricing rows exist for ALL three token classes at the lookup
-      // time, recompute `totalCostUsd` from tokens × DB prices and tag the
-      // row as 'pricing-table'. If any class has no row, fall back to the
-      // worker-reported value with `costSource='harness'` (back-compat for
-      // unseeded models). Claude / pi / opencode paths always use 'harness'.
+      // Phase 2: widen the recompute branch beyond codex. For any provider
+      // with a known model and seeded pricing rows, recompute `totalCostUsd`
+      // from tokens × DB prices and tag the row 'pricing-table'. When the
+      // (provider, model) pair has no pricing rows at all, tag 'unpriced' so
+      // the UI can flag it. When the provider isn't set, fall through with
+      // 'harness' (back-compat for older callers).
       let totalCostUsd = parsed.body.totalCostUsd;
       let costSource: SessionCostSource = "harness";
 
-      if (parsed.body.provider === "codex") {
+      if (parsed.body.provider && model) {
         const lookupTime = parsed.body.createdAt ?? Date.now();
-        const inputRow = getActivePricingRow("codex", model, "input", lookupTime);
-        const cachedRow = getActivePricingRow("codex", model, "cached_input", lookupTime);
-        const outputRow = getActivePricingRow("codex", model, "output", lookupTime);
+        // Phase 2 fix — different harnesses prepend routing prefixes
+        // (`openrouter/`, `github-copilot/`, …) to the same underlying model
+        // id. The pricing seed stores canonical (un-prefixed) keys, so we
+        // strip the prefix here before lookup. The original adapter-emitted
+        // string is still persisted to `session_costs.model` for debugging.
+        const lookupModel = normalizeModelKey(parsed.body.provider, model);
+        const inputRow = getActivePricingRow(
+          parsed.body.provider,
+          lookupModel,
+          "input",
+          lookupTime,
+        );
+        const cachedRow = getActivePricingRow(
+          parsed.body.provider,
+          lookupModel,
+          "cached_input",
+          lookupTime,
+        );
+        const outputRow = getActivePricingRow(
+          parsed.body.provider,
+          lookupModel,
+          "output",
+          lookupTime,
+        );
+        const cacheWriteRow = getActivePricingRow(
+          parsed.body.provider,
+          lookupModel,
+          "cache_write",
+          lookupTime,
+        );
 
-        if (inputRow && cachedRow && outputRow) {
-          // Mirror the existing computeCodexCostUsd logic: subtract cached
-          // tokens from input before billing the uncached portion at the full
-          // rate (Codex SDK reports input_tokens as TOTAL across the turn).
+        if (inputRow && outputRow) {
+          // Mirror the legacy codex semantic: uncached input is billed at the
+          // full rate, cached input at the discounted rate. Cache writes are
+          // billed separately when the provider's pricing table carries that
+          // class (anthropic) and the adapter reports a non-zero value.
           const uncachedInputTokens = Math.max(0, inputTokens - cachedInputTokens);
+          const cachedRate = cachedRow?.pricePerMillionUsd ?? 0;
+          const cacheWriteRate = cacheWriteRow?.pricePerMillionUsd ?? 0;
           totalCostUsd =
             (uncachedInputTokens * inputRow.pricePerMillionUsd +
-              cachedInputTokens * cachedRow.pricePerMillionUsd +
+              cachedInputTokens * cachedRate +
+              cacheWriteTokens * cacheWriteRate +
               outputTokens * outputRow.pricePerMillionUsd) /
             1_000_000;
           costSource = "pricing-table";
+        } else {
+          // Provider was tagged but we have no pricing rows for it; flag the
+          // row so the UI can show an "unpriced" badge instead of pretending.
+          costSource = "unpriced";
         }
       }
 
@@ -226,8 +274,11 @@ export async function handleSessionData(
         outputTokens,
         cacheReadTokens: cachedInputTokens,
         cacheWriteTokens: parsed.body.cacheWriteTokens ?? 0,
+        reasoningOutputTokens: parsed.body.reasoningOutputTokens ?? 0,
+        thinkingTokens: parsed.body.thinkingTokens ?? 0,
         durationMs: parsed.body.durationMs ?? 0,
-        numTurns: parsed.body.numTurns ?? 1,
+        // Migration 063: pass null through honestly instead of faking a 1.
+        numTurns: parsed.body.numTurns ?? null,
         model,
         isError: parsed.body.isError ?? false,
         costSource,

package/src/linear/outbound.ts

@@ -49,6 +49,10 @@ async function handleTaskCreated(data: unknown): Promise<void> {
   );
 }
 
+// Cap parameter length to avoid oversized Linear GraphQL payloads. Linear renders this in the
+// AgentSession panel; 2000 chars is plenty for a progress update.
+const PROGRESS_PARAMETER_MAX = 2000;
+
 async function handleTaskProgress(data: unknown): Promise<void> {
   const { taskId, progress } = data as { taskId: string; progress?: string };
   if (!taskId || !progress) return;
@@ -56,8 +60,11 @@ async function handleTaskProgress(data: unknown): Promise<void> {
   const sessionId = taskSessionMap.get(taskId);
   if (!sessionId) return;
 
-  // Use 'action' activity type — Linear renders it as a structured tool invocation card
-  postAgentSessionAction(sessionId, progress).catch((err) => {
+  // Post as `action` activity (renders as a structured card in Linear's AgentSession panel).
+  // Per Linear's agentActivityCreate spec, `action` requires BOTH `action` AND `parameter`;
+  // the original bug here was passing `progress` as `action` with `parameter` undefined.
+  const parameter = progress.slice(0, PROGRESS_PARAMETER_MAX);
+  postAgentSessionAction(sessionId, "Progress update", parameter).catch((err) => {
     console.error(`[Linear Outbound] Failed to post progress action for task ${taskId}:`, err);
   });
 }