npm - @desplega.ai/agent-swarm - Versions diffs - 1.92.0 → 1.92.2 - Mend

@desplega.ai/agent-swarm 1.92.0 → 1.92.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/README.md +1 -1
package/openapi.json +276 -3
package/package.json +6 -6
package/plugin/skills/pages/SKILL.md +5 -2
package/src/be/db.ts +416 -20
package/src/be/memory/boot-reembed.ts +85 -0
package/src/be/memory/constants.ts +44 -2
package/src/be/memory/providers/openai-embedding.ts +15 -5
package/src/be/memory/providers/sqlite-store.ts +325 -76
package/src/be/memory/reranker.ts +35 -17
package/src/be/memory/types.ts +43 -0
package/src/be/migrations/084_script_run_journal_duration.sql +5 -0
package/src/be/migrations/085_script_runs_kind.sql +9 -0
package/src/be/migrations/086_pages_default_authed.sql +64 -0
package/src/be/migrations/087_skill_files.sql +19 -0
package/src/be/modelsdev-cache.json +5622 -2543
package/src/be/seed-scripts/catalog/boot-triage.ts +221 -0
package/src/be/seed-scripts/catalog/catalog-report.ts +457 -0
package/src/be/seed-scripts/catalog/compound-insights.ts +465 -0
package/src/be/seed-scripts/catalog/gh-pr-snapshot.ts +1 -1
package/src/be/seed-scripts/catalog/memory-eval.ts +1059 -0
package/src/be/seed-scripts/catalog/ops-catalog-audit.ts +34 -439
package/src/be/seed-scripts/catalog/schedule-health.ts +78 -2
package/src/be/seed-scripts/catalog/task-failure-audit.ts +48 -1
package/src/be/seed-scripts/index.ts +32 -4
package/src/be/seed-skills/index.ts +0 -7
package/src/be/skill-sync.ts +91 -7
package/src/commands/runner.ts +6 -2
package/src/heartbeat/templates.ts +20 -16
package/src/http/index.ts +50 -7
package/src/http/mcp-user.ts +23 -0
package/src/http/mcp.ts +58 -0
package/src/http/memory.ts +62 -0
package/src/http/pages.ts +1 -1
package/src/http/script-runs.ts +2 -0
package/src/http/scripts.ts +39 -2
package/src/http/skills.ts +225 -0
package/src/providers/claude-adapter.ts +56 -24
package/src/script-workflows/workflow-ctx.ts +7 -3
package/src/scripts-runtime/sdk-allowlist.ts +1 -0
package/src/scripts-runtime/swarm-sdk.ts +13 -0
package/src/scripts-runtime/types/stdlib.d.ts +1 -0
package/src/scripts-runtime/types/swarm-sdk.d.ts +1 -0
package/src/server.ts +2 -0
package/src/tasks/worker-follow-up.ts +12 -0
package/src/tests/claude-adapter-binary.test.ts +135 -81
package/src/tests/create-page-tool.test.ts +19 -2
package/src/tests/heartbeat-checklist.test.ts +36 -0
package/src/tests/mcp-transport-gc.test.ts +58 -0
package/src/tests/memory-e2e.test.ts +6 -6
package/src/tests/memory-health-endpoint.test.ts +78 -0
package/src/tests/memory-rater-e2e.test.ts +4 -5
package/src/tests/memory-reranker.test.ts +135 -124
package/src/tests/memory-store.test.ts +221 -1
package/src/tests/memory.test.ts +13 -12
package/src/tests/pages-http.test.ts +20 -2
package/src/tests/pages-storage.test.ts +26 -0
package/src/tests/scripts-mcp-e2e.test.ts +53 -0
package/src/tests/seed-scripts.test.ts +328 -3
package/src/tests/skill-files-http.test.ts +171 -0
package/src/tests/skill-files.test.ts +162 -0
package/src/tests/skill-get-file-tool.test.ts +110 -0
package/src/tests/skill-sync.test.ts +125 -6
package/src/tests/task-cascade-fail.test.ts +304 -0
package/src/tools/create-page.ts +2 -2
package/src/tools/skills/index.ts +1 -0
package/src/tools/skills/skill-get-file.ts +80 -0
package/src/tools/tool-config.ts +2 -1
package/src/types.ts +20 -0
package/src/utils/internal-ai/complete-structured.ts +2 -2
package/templates/schedules/daily-blocker-digest/content.md +68 -54
package/templates/schedules/daily-compounding-reflection/content.md +4 -4
package/templates/schedules/daily-hn-briefing/content.md +5 -5
package/templates/schedules/daily-workflow-health-audit/content.md +6 -6
package/templates/schedules/gtm-weekly-review/content.md +9 -9
package/templates/schedules/weekly-dependabot-triage/content.md +24 -20
package/templates/skills/agentmail-sending/content.md +6 -7
package/templates/skills/desloppify/content.md +8 -9
package/templates/skills/jira-interaction/content.md +25 -33
package/templates/skills/kapso-whatsapp/content.md +29 -30
package/templates/skills/linear-interaction/content.md +8 -9
package/templates/skills/profile-corruption-escalation/content.md +44 -85
package/templates/skills/sprite-cli/content.md +4 -5
package/templates/skills/turso-interaction/content.md +14 -17
package/templates/skills/workflow-iterate/content.md +38 -391
package/templates/skills/x-api-interactions/content.md +4 -6
package/templates/workflows/llm-safe-release-context/config.json +13 -0
package/templates/workflows/llm-safe-release-context/content.md +69 -0
package/templates/skills/scheduled-task-resilience/config.json +0 -14
package/templates/skills/scheduled-task-resilience/content.md +0 -95

package/src/http/mcp.ts CHANGED Viewed

@@ -4,10 +4,62 @@ import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import { createServer } from "@/server";
+export type McpTransportActivity = Record<string, number>;
+export const DEFAULT_MCP_TRANSPORT_IDLE_TIMEOUT_MS = 2 * 60 * 60 * 1000;
+export function markMcpTransportActivity(
+  sessionActivity: McpTransportActivity,
+  sessionId: string | undefined,
+  now = Date.now(),
+): void {
+  if (sessionId) {
+    sessionActivity[sessionId] = now;
+  }
+}
+export function closeIdleMcpTransports(
+  transports: Record<string, StreamableHTTPServerTransport>,
+  sessionActivity: McpTransportActivity,
+  options: {
+    now?: number;
+    idleTimeoutMs?: number;
+    label?: string;
+    onClose?: (id: string) => void;
+  } = {},
+): number {
+  const now = options.now ?? Date.now();
+  const idleTimeoutMs = options.idleTimeoutMs ?? DEFAULT_MCP_TRANSPORT_IDLE_TIMEOUT_MS;
+  let closed = 0;
+  for (const [id, transport] of Object.entries(transports)) {
+    const lastActivity = sessionActivity[id];
+    if (lastActivity === undefined) {
+      sessionActivity[id] = now;
+      continue;
+    }
+    if (now - lastActivity < idleTimeoutMs) continue;
+    try {
+      transport.close();
+    } catch (err) {
+      console.warn(`[HTTP] Failed to close idle ${options.label ?? "MCP"} transport ${id}: ${err}`);
+    } finally {
+      delete transports[id];
+      delete sessionActivity[id];
+      options.onClose?.(id);
+      closed++;
+    }
+  }
+  return closed;
+}
 export async function handleMcp(
   req: IncomingMessage,
   res: ServerResponse,
   transports: Record<string, StreamableHTTPServerTransport>,
+  sessionActivity: McpTransportActivity = {},
 ): Promise<boolean> {
   const sessionId = req.headers["mcp-session-id"] as string | undefined;
@@ -26,20 +78,24 @@ export async function handleMcp(
     if (sessionId && transports[sessionId]) {
       transport = transports[sessionId];
+      markMcpTransportActivity(sessionActivity, sessionId);
     } else if (!sessionId && isInitializeRequest(body)) {
       transport = new StreamableHTTPServerTransport({
         sessionIdGenerator: () => randomUUID(),
         onsessioninitialized: (id) => {
           transports[id] = transport;
+          markMcpTransportActivity(sessionActivity, id);
         },
         onsessionclosed: (id) => {
           delete transports[id];
+          delete sessionActivity[id];
         },
       });
       transport.onclose = () => {
         if (transport.sessionId) {
           delete transports[transport.sessionId];
+          delete sessionActivity[transport.sessionId];
         }
       };
@@ -58,11 +114,13 @@ export async function handleMcp(
     }
     await transport.handleRequest(req, res, body);
+    markMcpTransportActivity(sessionActivity, transport.sessionId);
     return true;
   }
   if (req.method === "GET" || req.method === "DELETE") {
     if (sessionId && transports[sessionId]) {
+      markMcpTransportActivity(sessionActivity, sessionId);
       await transports[sessionId].handleRequest(req, res);
       return true;
     }

package/src/http/memory.ts CHANGED Viewed

@@ -115,6 +115,18 @@ const listMemory = route({
   },
 });
+const memoryHealth = route({
+  method: "get",
+  path: "/api/memory/health",
+  pattern: ["api", "memory", "health"],
+  summary: "Report memory vector index health and retrieval mode",
+  tags: ["Memory"],
+  auth: { apiKey: true },
+  responses: {
+    200: { description: "Memory vector index health" },
+  },
+});
 const deleteMemoryById = route({
   method: "delete",
   path: "/api/memory/{id}",
@@ -375,6 +387,8 @@ export async function handleMemory(
           name: r.name,
           content: r.content,
           similarity: r.similarity,
+          rawSimilarity: r.rawSimilarity,
+          compositeScore: r.compositeScore,
           source: r.source,
           scope: r.scope,
         })),
@@ -430,6 +444,8 @@ export async function handleMemory(
             scope: r.scope,
             source: r.source,
             similarity: r.similarity,
+            rawSimilarity: r.rawSimilarity,
+            compositeScore: r.compositeScore,
             createdAt: r.createdAt,
             accessedAt: r.accessedAt,
             accessCount: r.accessCount ?? 0,
@@ -498,6 +514,14 @@ export async function handleMemory(
     return true;
   }
+  if (memoryHealth.match(req.method, pathSegments)) {
+    const parsed = await memoryHealth.parse(req, res, pathSegments, new URLSearchParams());
+    if (!parsed) return true;
+    json(res, getMemoryStore().getHealth());
+    return true;
+  }
   if (deleteMemoryById.match(req.method, pathSegments)) {
     const parsed = await deleteMemoryById.parse(req, res, pathSegments, new URLSearchParams());
     if (!parsed) return true;
@@ -663,3 +687,41 @@ export async function handleMemory(
   return false;
 }
+// ─── Expired Memory GC ──────────────────────────────────────────────────────
+const MEMORY_GC_INTERVAL_MS = 60 * 60 * 1000; // 1 hour
+let memoryGcTimer: ReturnType<typeof setInterval> | null = null;
+export function startMemoryGc(intervalMs = MEMORY_GC_INTERVAL_MS): void {
+  if (memoryGcTimer) return;
+  // Run immediately on startup to clear any backlog
+  try {
+    const purged = getMemoryStore().purgeExpired();
+    if (purged > 0) {
+      console.log(`[memory-gc] Initial purge removed ${purged} expired memory row(s)`);
+    }
+  } catch (err) {
+    console.error("[memory-gc] Initial purge failed:", err);
+  }
+  memoryGcTimer = setInterval(() => {
+    try {
+      const purged = getMemoryStore().purgeExpired();
+      if (purged > 0) {
+        console.log(`[memory-gc] Periodic purge removed ${purged} expired memory row(s)`);
+      }
+    } catch (err) {
+      console.error("[memory-gc] Periodic purge failed:", err);
+    }
+  }, intervalMs);
+  if (typeof memoryGcTimer?.unref === "function") memoryGcTimer.unref();
+}
+export function stopMemoryGc(): void {
+  if (memoryGcTimer) {
+    clearInterval(memoryGcTimer);
+    memoryGcTimer = null;
+  }
+}

package/src/http/pages.ts CHANGED Viewed

@@ -58,7 +58,7 @@ const createPageRoute = route({
     title: z.string().min(1),
     description: z.string().optional(),
     contentType: PageContentTypeSchema,
-    authMode: PageAuthModeSchema,
+    authMode: PageAuthModeSchema.default("authed"),
     password: z.string().min(1).optional(),
     body: z.string(),
     needsCredentials: z.array(z.string()).optional(),

package/src/http/script-runs.ts CHANGED Viewed

@@ -62,6 +62,7 @@ const journalStepBodySchema = z.object({
   status: z.enum(["completed", "failed"]),
   result: z.unknown().optional(),
   error: z.string().optional(),
+  durationMs: z.number().int().nonnegative().optional(),
 });
 const statusBodySchema = z.discriminatedUnion("status", [
@@ -440,6 +441,7 @@ export async function handleScriptRuns(
       status: parsed.body.status,
       result: parsed.body.result,
       error: parsed.body.error,
+      durationMs: parsed.body.durationMs,
     });
     const limit = assertRunWithinLimits(run.id);
     if (!limit.ok) {

package/src/http/scripts.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import type { IncomingMessage, ServerResponse } from "node:http";
 import { z } from "zod";
-import { getAgentById, upsertKv } from "../be/db";
+import { getAgentById, recordInlineScriptRun, upsertKv } from "../be/db";
 import { createEvent } from "../be/events";
 import { deleteScript, getScript, upsertScriptByName } from "../be/scripts/db";
 import { searchScripts } from "../be/scripts/embeddings";
@@ -14,7 +14,7 @@ import {
   type ScriptScope,
   ScriptScopeSchema,
 } from "../types";
-import { scrubObject } from "../utils/secret-scrubber";
+import { scrubObject, scrubSecrets } from "../utils/secret-scrubber";
 import { route } from "./route-def";
 import { json, jsonError } from "./utils";
@@ -283,6 +283,7 @@ export async function handleScripts(
       return true;
     }
+    const startedAt = new Date().toISOString();
     const output = await runScript({
       source: source as string,
       args: parsed.body.args,
@@ -331,6 +332,42 @@ export async function handleScripts(
       autoSaved = { slug, reason: "successful_inline_run" };
     }
+    // Persist the inline run (no journal) so one-off executions show up alongside
+    // durable workflow runs in the Script Runs dashboard. Best-effort: recording
+    // must never fail the actual execution.
+    const ok = output.exitCode === 0 && !output.error && !output.runtimeError;
+    const runError = ok
+      ? undefined
+      : scrubSecrets(
+          [
+            output.error,
+            output.runtimeError
+              ? `${output.runtimeError.name}: ${output.runtimeError.message}`
+              : undefined,
+          ]
+            .filter(Boolean)
+            .join(" — ") || `Script exited with code ${output.exitCode}`,
+        );
+    try {
+      recordInlineScriptRun({
+        id: crypto.randomUUID(),
+        agentId: agent.id,
+        source: source as string,
+        // Scrub args + result before persisting: the stored row is later served
+        // raw by GET /api/script-runs/{id} to the dashboard, so it needs the same
+        // redaction guarantees as the scrubbed run response below.
+        args: scrubObject(parsed.body.args ?? null),
+        scriptName: parsed.body.name,
+        status: ok ? "completed" : "failed",
+        output: scrubObject(output.result),
+        error: runError,
+        startedAt,
+        finishedAt: new Date().toISOString(),
+      });
+    } catch {
+      // swallow — the run already executed; persistence is observability only.
+    }
     json(
       res,
       scrubObject({

package/src/http/skills.ts CHANGED Viewed

@@ -3,13 +3,18 @@ import { z } from "zod";
 import {
   createSkill,
   deleteSkill,
+  deleteSkillFile,
   getAgentSkills,
   getSkillById,
+  getSkillFile,
   installSkill,
+  listSkillFileManifest,
   listSkills,
   searchSkills,
   uninstallSkill,
   updateSkill,
+  upsertSkillFile,
+  upsertSkillFiles,
 } from "../be/db";
 import { parseSkillContent } from "../be/skill-parser";
 import { computeAgentSkillsSignature, syncSkillsToFilesystem } from "../be/skill-sync";
@@ -19,6 +24,24 @@ import { json, jsonError } from "./utils";
 const SYSTEM_DEFAULT_SKILL_LOCKED_MESSAGE =
   "This skill is system-managed and cannot be edited from the UI; it is re-seeded on each start. Fork it under a new name to customize.";
+const skillFileBodySchema = z.object({
+  content: z.string(),
+  mimeType: z.string().optional(),
+  isBinary: z.boolean().optional(),
+  size: z.number().int().nonnegative().optional(),
+});
+const skillFileWithPathSchema = skillFileBodySchema.extend({
+  path: z.string().min(1),
+});
+function decodeSkillFilePath(pathSegments: string[]): string {
+  return pathSegments
+    .slice(4)
+    .map((segment) => decodeURIComponent(segment))
+    .join("/");
+}
 // ─── Route Definitions ───────────────────────────────────────────────────────
 const listSkillsRoute = route({
@@ -58,6 +81,86 @@ const getSkillRoute = route({
   },
 });
+const listSkillFilesRoute = route({
+  method: "get",
+  path: "/api/skills/{id}/files",
+  pattern: ["api", "skills", null, "files"],
+  summary: "List bundled files for a skill",
+  description: "Returns a manifest of bundled skill files without file content.",
+  tags: ["Skills"],
+  auth: { apiKey: true },
+  params: z.object({ id: z.string() }),
+  responses: {
+    200: { description: "Skill file manifest" },
+    404: { description: "Skill not found" },
+  },
+});
+const bulkUpsertSkillFilesRoute = route({
+  method: "post",
+  path: "/api/skills/{id}/files",
+  pattern: ["api", "skills", null, "files"],
+  summary: "Bulk upsert bundled files for a skill",
+  tags: ["Skills"],
+  auth: { apiKey: true },
+  params: z.object({ id: z.string() }),
+  body: z.object({
+    files: z.array(skillFileWithPathSchema).max(100),
+  }),
+  responses: {
+    200: { description: "Skill files upserted" },
+    400: { description: "Validation error" },
+    404: { description: "Skill not found" },
+  },
+});
+const getSkillFileRoute = route({
+  method: "get",
+  path: "/api/skills/{id}/files/{path}",
+  pattern: ["api", "skills", null, "files", null],
+  exact: false,
+  summary: "Get a bundled skill file",
+  tags: ["Skills"],
+  auth: { apiKey: true },
+  params: z.object({ id: z.string(), path: z.string() }),
+  responses: {
+    200: { description: "Skill file" },
+    404: { description: "Skill or file not found" },
+  },
+});
+const upsertSkillFileRoute = route({
+  method: "put",
+  path: "/api/skills/{id}/files/{path}",
+  pattern: ["api", "skills", null, "files", null],
+  exact: false,
+  summary: "Upsert a bundled skill file",
+  tags: ["Skills"],
+  auth: { apiKey: true },
+  params: z.object({ id: z.string(), path: z.string() }),
+  body: skillFileBodySchema,
+  responses: {
+    200: { description: "Skill file upserted" },
+    400: { description: "Validation error" },
+    404: { description: "Skill not found" },
+  },
+});
+const deleteSkillFileRoute = route({
+  method: "delete",
+  path: "/api/skills/{id}/files/{path}",
+  pattern: ["api", "skills", null, "files", null],
+  exact: false,
+  summary: "Delete a bundled skill file",
+  tags: ["Skills"],
+  auth: { apiKey: true },
+  params: z.object({ id: z.string(), path: z.string() }),
+  responses: {
+    200: { description: "Skill file deleted" },
+    404: { description: "Skill or file not found" },
+  },
+});
 const createSkillRoute = route({
   method: "post",
   path: "/api/skills",
@@ -423,6 +526,128 @@ export async function handleSkills(
     return true;
   }
+  // GET /api/skills/:id/files
+  if (listSkillFilesRoute.match(req.method, pathSegments)) {
+    const parsed = await listSkillFilesRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const skill = getSkillById(parsed.params.id);
+    if (!skill) {
+      jsonError(res, "Skill not found", 404);
+      return true;
+    }
+    const files = listSkillFileManifest(parsed.params.id);
+    json(res, { files, total: files.length });
+    return true;
+  }
+  // POST /api/skills/:id/files
+  if (bulkUpsertSkillFilesRoute.match(req.method, pathSegments)) {
+    const parsed = await bulkUpsertSkillFilesRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const skill = getSkillById(parsed.params.id);
+    if (!skill) {
+      jsonError(res, "Skill not found", 404);
+      return true;
+    }
+    if (skill.systemDefault) {
+      jsonError(res, SYSTEM_DEFAULT_SKILL_LOCKED_MESSAGE, 403);
+      return true;
+    }
+    try {
+      const files = upsertSkillFiles(parsed.params.id, parsed.body.files);
+      const updatedSkill = getSkillById(parsed.params.id);
+      json(res, { files, total: files.length, skill: updatedSkill });
+    } catch (err) {
+      jsonError(res, err instanceof Error ? err.message : "Failed to upsert files", 400);
+    }
+    return true;
+  }
+  // GET /api/skills/:id/files/:path
+  if (getSkillFileRoute.match(req.method, pathSegments)) {
+    const parsed = await getSkillFileRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const skill = getSkillById(parsed.params.id);
+    if (!skill) {
+      jsonError(res, "Skill not found", 404);
+      return true;
+    }
+    try {
+      const file = getSkillFile(parsed.params.id, decodeSkillFilePath(pathSegments));
+      if (!file) {
+        jsonError(res, "Skill file not found", 404);
+        return true;
+      }
+      json(res, { file });
+    } catch (err) {
+      jsonError(res, err instanceof Error ? err.message : "Invalid file path", 400);
+    }
+    return true;
+  }
+  // PUT /api/skills/:id/files/:path
+  if (upsertSkillFileRoute.match(req.method, pathSegments)) {
+    const parsed = await upsertSkillFileRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const skill = getSkillById(parsed.params.id);
+    if (!skill) {
+      jsonError(res, "Skill not found", 404);
+      return true;
+    }
+    if (skill.systemDefault) {
+      jsonError(res, SYSTEM_DEFAULT_SKILL_LOCKED_MESSAGE, 403);
+      return true;
+    }
+    try {
+      const file = upsertSkillFile(parsed.params.id, {
+        path: decodeSkillFilePath(pathSegments),
+        ...parsed.body,
+      });
+      const updatedSkill = getSkillById(parsed.params.id);
+      json(res, { file, skill: updatedSkill });
+    } catch (err) {
+      jsonError(res, err instanceof Error ? err.message : "Failed to upsert file", 400);
+    }
+    return true;
+  }
+  // DELETE /api/skills/:id/files/:path
+  if (deleteSkillFileRoute.match(req.method, pathSegments)) {
+    const parsed = await deleteSkillFileRoute.parse(req, res, pathSegments, queryParams);
+    if (!parsed) return true;
+    const skill = getSkillById(parsed.params.id);
+    if (!skill) {
+      jsonError(res, "Skill not found", 404);
+      return true;
+    }
+    if (skill.systemDefault) {
+      jsonError(res, SYSTEM_DEFAULT_SKILL_LOCKED_MESSAGE, 403);
+      return true;
+    }
+    try {
+      const deleted = deleteSkillFile(parsed.params.id, decodeSkillFilePath(pathSegments));
+      if (!deleted) {
+        jsonError(res, "Skill file not found", 404);
+        return true;
+      }
+      const updatedSkill = getSkillById(parsed.params.id);
+      json(res, { success: true, skill: updatedSkill });
+    } catch (err) {
+      jsonError(res, err instanceof Error ? err.message : "Invalid file path", 400);
+    }
+    return true;
+  }
   // GET /api/skills/:id
   if (getSkillRoute.match(req.method, pathSegments)) {
     const parsed = await getSkillRoute.parse(req, res, pathSegments, queryParams);