@desplega.ai/agent-swarm 1.83.0 → 1.83.1

package/src/tools/schedules/update-schedule.ts

@@ -7,6 +7,7 @@ import {
   getScheduledTaskByName,
   updateScheduledTask,
 } from "@/be/db";
+import { mergeScheduleTiming, validateRecurringTiming } from "@/be/schedules/validate";
 import { calculateNextRun } from "@/scheduler";
 import { createToolRegistrar } from "@/tools/utils";
 
@@ -23,8 +24,18 @@ export const registerUpdateScheduleTool = (server: McpServer) => {
         name: z.string().optional().describe("Schedule name to update (alternative to ID)"),
         newName: z.string().min(1).max(100).optional().describe("New name for the schedule"),
         taskTemplate: z.string().min(1).optional().describe("New task template"),
-        cronExpression: z.string().optional().describe("New cron expression"),
-        intervalMs: z.number().int().positive().optional().describe("New interval in milliseconds"),
+        cronExpression: z
+          .string()
+          .nullable()
+          .optional()
+          .describe("New cron expression (null to clear)"),
+        intervalMs: z
+          .number()
+          .int()
+          .positive()
+          .nullable()
+          .optional()
+          .describe("New interval in milliseconds (null to clear)"),
         description: z.string().optional().describe("New description"),
         taskType: z.string().max(50).optional().describe("New task type"),
         tags: z.array(z.string()).optional().describe("New tags"),
@@ -215,6 +226,32 @@ export const registerUpdateScheduleTool = (server: McpServer) => {
             updateData.nextRunAt = undefined;
           }
         } else {
+          // Validate merged timing before recalc — runs BEFORE the enabled===false
+          // skip-recalc branch so disabling cannot bypass the invariant.
+          const timing = mergeScheduleTiming(
+            {
+              cronExpression: schedule.cronExpression ?? null,
+              intervalMs: schedule.intervalMs ?? null,
+            },
+            { cronExpression, intervalMs },
+          );
+          const timingError = validateRecurringTiming(timing);
+          if (timingError) {
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: "At least one of intervalMs or cronExpression must be set for recurring schedules.",
+                },
+              ],
+              structuredContent: {
+                success: false,
+                message:
+                  "At least one of intervalMs or cronExpression must be set for recurring schedules.",
+              },
+            };
+          }
+
           const needsNextRunRecalc =
             cronExpression !== undefined ||
             intervalMs !== undefined ||
@@ -222,12 +259,15 @@ export const registerUpdateScheduleTool = (server: McpServer) => {
             (enabled === true && !schedule.enabled);
 
           if (needsNextRunRecalc && enabled !== false) {
-            const tempSchedule = {
-              cronExpression: cronExpression ?? schedule.cronExpression,
-              intervalMs: intervalMs ?? schedule.intervalMs,
-              timezone: timezone ?? schedule.timezone,
-            } as Parameters<typeof calculateNextRun>[0];
-            updateData.nextRunAt = calculateNextRun(tempSchedule, new Date());
+            const mergedTimezone = timezone !== undefined ? timezone : schedule.timezone;
+            updateData.nextRunAt = calculateNextRun(
+              {
+                cronExpression: timing.mergedCron,
+                intervalMs: timing.mergedInterval,
+                timezone: mergedTimezone,
+              } as Parameters<typeof calculateNextRun>[0],
+              new Date(),
+            );
           } else if (enabled === false) {
             updateData.nextRunAt = undefined;
           }

package/src/tools/slack-upload-file.ts

@@ -13,6 +13,13 @@ const WORKSPACE_DIR = "/workspace";
 
 /**
  * Resolves a file path to an absolute path and checks if it exists.
+ *
+ * NOTE: existence is checked on the API server's filesystem (where this tool
+ * runs), NOT the caller's. Worker/lead containers have their own `/tmp` that
+ * the API server cannot see — the only volume mounted on both is
+ * `/workspace/shared/`. Files outside `/workspace/shared/` must be passed
+ * inline via the `content` (base64) param instead of `filePath`.
+ *
  * Handles several common patterns:
  * 1. Relative paths (e.g., "shared/file.png") -> resolved from /workspace
  * 2. Absolute paths under /workspace (e.g., "/workspace/shared/file.png") -> used as-is
@@ -110,14 +117,17 @@ export const registerSlackUploadFileTool = (server: McpServer) => {
           .optional()
           .describe(
             "Path to the file to upload. Either filePath OR content must be provided. " +
-              "Relative paths are resolved from /workspace (e.g., 'shared/file.png' -> '/workspace/shared/file.png'). " +
-              "Absolute paths work if they exist or if the file exists under /workspace with that path (e.g., '/tmp/file.png' checks '/tmp/file.png' then '/workspace/tmp/file.png').",
+              "IMPORTANT: the file is read on the API server's filesystem (where this tool runs), NOT on the caller's. " +
+              "Worker/lead containers do NOT share /tmp or /workspace/personal/ with the API server — the only shared volume is /workspace/shared/. " +
+              "Use /workspace/shared/<agent-id>/file.png (or a relative path like 'shared/<agent-id>/file.png'). " +
+              "For files that only live on the caller (e.g. /tmp), pass them inline via `content` (base64) instead.",
           ),
         content: z
           .string()
           .optional()
           .describe(
-            "Base64-encoded file content. Use this when the file is not on the local filesystem. Either filePath OR content must be provided.",
+            "Base64-encoded file content. Use this when the file lives on the caller's filesystem and isn't reachable by the API server " +
+              "(e.g. anything under /tmp on a worker/lead container). Either filePath OR content must be provided.",
           ),
         filename: z
           .string()
@@ -287,9 +297,11 @@ export const registerSlackUploadFileTool = (server: McpServer) => {
             `${pathResult.error}\n` +
             `Provided path: ${filePath}\n` +
             `Tried locations:\n${triedPathsList}\n\n` +
+            `Note: this tool reads the file on the API server's filesystem, NOT the caller's. ` +
+            `Worker/lead containers do not share /tmp or /workspace/personal/ with the API server — only /workspace/shared/.\n\n` +
             `Tips:\n` +
-            `- Use relative paths from /workspace (e.g., 'shared/my-file.png')\n` +
-            `- Or use absolute paths under /workspace (e.g., '/workspace/shared/my-file.png')`;
+            `- Put the file in /workspace/shared/<agent-id>/ (e.g., '/workspace/shared/<agent-id>/my-file.png') and pass that path.\n` +
+            `- Or pass the file inline via the \`content\` arg as base64 (with \`filename\`) so no shared-mount round-trip is needed.`;
           return {
             content: [{ type: "text", text: errorMsg }],
             structuredContent: { success: false, message: errorMsg },

package/src/utils/skills-refresh.ts

@@ -0,0 +1,123 @@
+/**
+ * Worker-side per-task skill refresh.
+ *
+ * Polls the cheap signature endpoint; on a hash mismatch, refetches the
+ * full skill list and re-runs filesystem sync (claude/pi/codex dirs). The
+ * worker stores the signature returned in the list response so the cached
+ * hash always corresponds exactly to the snapshot it acted on — avoids a
+ * stale-hash race between the signature and list endpoints.
+ *
+ * Transient errors are swallowed (returned as `changed: false`) so a flaky
+ * API can't churn the system prompt.
+ */
+
+export type SkillsRefreshContext = {
+  apiUrl: string;
+  swarmUrl: string;
+  apiKey: string;
+  agentId: string;
+  role: string;
+};
+
+export type SkillsRefreshResult = {
+  changed: boolean;
+  summary?: { name: string; description: string }[];
+};
+
+export async function refreshSkillsIfChanged(
+  ctx: SkillsRefreshContext,
+  lastHashRef: { current: string | null },
+): Promise<SkillsRefreshResult> {
+  const { apiUrl, swarmUrl, apiKey, agentId, role } = ctx;
+  const authHeaders: Record<string, string> = { "X-Agent-ID": agentId };
+  if (apiKey) authHeaders.Authorization = `Bearer ${apiKey}`;
+
+  // Step 1: cheap signature probe
+  try {
+    const sigResp = await fetch(`${apiUrl}/api/agents/${agentId}/skills/signature`, {
+      headers: authHeaders,
+    });
+    if (sigResp.ok) {
+      const sig = (await sigResp.json()) as { hash: string };
+      if (lastHashRef.current !== null && sig.hash === lastHashRef.current) {
+        return { changed: false };
+      }
+    } else if (sigResp.status >= 500) {
+      // Transient — don't churn the prompt on a flaky API
+      return { changed: false };
+    }
+    // 4xx falls through (e.g. fresh worker hitting a legacy server without
+    // the signature endpoint yet) — let the list call drive the result.
+  } catch {
+    return { changed: false };
+  }
+
+  // Step 2: full fetch + sync (only reached when hash differs or first call)
+  let summary: { name: string; description: string }[] | undefined;
+  let newHash: string | null = null;
+  try {
+    const skillsResp = await fetch(`${apiUrl}/api/agents/${agentId}/skills`, {
+      headers: authHeaders,
+    });
+    if (skillsResp.ok) {
+      const skillsData = (await skillsResp.json()) as {
+        skills: { name: string; description: string; isActive: boolean; isEnabled: boolean }[];
+        signature?: string;
+      };
+      summary = skillsData.skills
+        .filter((s) => s.isActive && s.isEnabled)
+        .map((s) => ({ name: s.name, description: s.description }));
+      if (typeof skillsData.signature === "string") {
+        newHash = skillsData.signature;
+      }
+    }
+  } catch {
+    // Non-fatal — skills are optional
+  }
+
+  // Step 3: filesystem sync (claude/pi/codex dirs)
+  let syncOk = false;
+  try {
+    const syncHeaders: Record<string, string> = {
+      "Content-Type": "application/json",
+      "X-Agent-ID": agentId,
+    };
+    if (apiKey) syncHeaders.Authorization = `Bearer ${apiKey}`;
+    const syncRes = await fetch(`${swarmUrl}/api/skills/sync-filesystem`, {
+      method: "POST",
+      headers: syncHeaders,
+    });
+    if (syncRes.ok) {
+      const syncResult = (await syncRes.json()) as {
+        synced: number;
+        removed: number;
+        errors: string[];
+      };
+      console.log(
+        `[${role}] Skills synced: ${syncResult.synced} written, ${syncResult.removed} removed`,
+      );
+      if (syncResult.errors.length > 0) {
+        console.warn(`[${role}] Skill sync errors: ${syncResult.errors.join(", ")}`);
+      }
+      syncOk = true;
+    } else {
+      console.warn(`[${role}] Skill sync failed: HTTP ${syncRes.status}`);
+    }
+  } catch (err) {
+    console.warn(`[${role}] Skill sync failed: ${(err as Error).message}`);
+  }
+
+  if (summary === undefined && newHash === null) {
+    return { changed: false };
+  }
+
+  // Only cache the new hash once the FS sync has actually succeeded —
+  // otherwise a transient sync failure would leave the cached hash matching
+  // the current signature, causing later polls to short-circuit and the
+  // disk state to stay stale until an unrelated skill mutation. The next
+  // poll re-enters this code path (lastHashRef unchanged) and retries.
+  if (syncOk && newHash !== null) {
+    lastHashRef.current = newHash;
+  }
+  return { changed: true, summary };
+}