@electric-agent/studio 1.12.0 → 1.12.1

package/dist/server.js

@@ -17,6 +17,7 @@ import { HostedStreamBridge } from "./bridge/hosted.js";
 import { DEFAULT_ELECTRIC_URL, getClaimUrl, provisionElectricResources } from "./electric-api.js";
 import { createGate, rejectAllGates, resolveGate } from "./gate.js";
 import { ghListAccounts, ghListBranches, ghListRepos, isGhAuthenticated } from "./git.js";
+import { createOrgRepo, getInstallationToken } from "./github-app.js";
 import { generateInviteCode } from "./invite-code.js";
 import { resolveProjectDir } from "./project-utils.js";
 import { RoomRouter } from "./room-router.js";
@@ -73,8 +74,17 @@ function resolveStudioUrl(port) {
 // Rate limiting — in-memory sliding window per IP
 // ---------------------------------------------------------------------------
 const MAX_SESSIONS_PER_IP_PER_HOUR = Number(process.env.MAX_SESSIONS_PER_IP_PER_HOUR) || 5;
+const MAX_TOTAL_SESSIONS = Number(process.env.MAX_TOTAL_SESSIONS || 50);
 const RATE_LIMIT_WINDOW_MS = 60 * 60 * 1000; // 1 hour
 const sessionCreationsByIp = new Map();
+// GitHub App config (prod mode — repo creation in electric-apps org)
+const GITHUB_APP_ID = process.env.GITHUB_APP_ID;
+const GITHUB_INSTALLATION_ID = process.env.GITHUB_INSTALLATION_ID;
+const GITHUB_PRIVATE_KEY = process.env.GITHUB_PRIVATE_KEY?.replace(/\\n/g, "\n");
+const GITHUB_ORG = "electric-apps";
+// Rate limiting for GitHub token endpoint
+const githubTokenRequestsBySession = new Map();
+const MAX_GITHUB_TOKENS_PER_SESSION_PER_HOUR = 10;
 function extractClientIp(c) {
     return (c.req.header("x-forwarded-for")?.split(",")[0]?.trim() ||
         c.req.header("cf-connecting-ip") ||
@@ -94,6 +104,20 @@ function checkSessionRateLimit(ip) {
     sessionCreationsByIp.set(ip, timestamps);
     return true;
 }
+function checkGlobalSessionCap(sessions) {
+    return sessions.size() >= MAX_TOTAL_SESSIONS;
+}
+function checkGithubTokenRateLimit(sessionId) {
+    const now = Date.now();
+    const requests = githubTokenRequestsBySession.get(sessionId) ?? [];
+    const recent = requests.filter((t) => now - t < RATE_LIMIT_WINDOW_MS);
+    if (recent.length >= MAX_GITHUB_TOKENS_PER_SESSION_PER_HOUR) {
+        return false;
+    }
+    recent.push(now);
+    githubTokenRequestsBySession.set(sessionId, recent);
+    return true;
+}
 // ---------------------------------------------------------------------------
 // Per-session cost budget
 // ---------------------------------------------------------------------------
@@ -186,31 +210,6 @@ function closeBridge(sessionId) {
         bridges.delete(sessionId);
     }
 }
-/**
- * Detect git operations from natural language prompts.
- * Returns structured gitOp fields if matched, null otherwise.
- */
-function detectGitOp(request) {
-    const lower = request.toLowerCase().trim();
-    // Commit: "commit", "commit the code", "commit changes", "commit with message ..."
-    if (/^(git\s+)?commit\b/.test(lower) || /^save\s+(my\s+)?(changes|progress|work)\b/.test(lower)) {
-        // Extract commit message after "commit" keyword, or after "message:" / "msg:"
-        const msgMatch = request.match(/(?:commit\s+(?:with\s+(?:message\s+)?)?|message:\s*|msg:\s*)["']?(.+?)["']?\s*$/i);
-        const message = msgMatch?.[1]?.replace(/^(the\s+)?(code|changes)\s*/i, "").trim();
-        return { gitOp: "commit", gitMessage: message || undefined };
-    }
-    // Push: "push", "push to github", "push to remote", "git push"
-    if (/^(git\s+)?push\b/.test(lower)) {
-        return { gitOp: "push" };
-    }
-    // Create PR: "create pr", "open pr", "make pr", "create pull request"
-    if (/^(create|open|make)\s+(a\s+)?(pr|pull\s*request)\b/.test(lower)) {
-        // Try to extract title after the PR keyword
-        const titleMatch = request.match(/(?:pr|pull\s*request)\s+(?:(?:titled?|called|named)\s+)?["']?(.+?)["']?\s*$/i);
-        return { gitOp: "create-pr", gitPrTitle: titleMatch?.[1] || undefined };
-    }
-    return null;
-}
 /**
  * Map a Claude Code hook event JSON payload to an EngineEvent.
  *
@@ -343,7 +342,10 @@ export function createApp(config) {
     });
     // Public config — exposes non-sensitive flags to the client
     app.get("/api/config", (c) => {
-        return c.json({ devMode: config.devMode });
+        return c.json({
+            devMode: config.devMode,
+            maxSessionCostUsd: config.devMode ? undefined : MAX_SESSION_COST_USD,
+        });
     });
     // Provision Electric Cloud resources via the Claim API
     app.post("/api/provision-electric", async (c) => {
@@ -802,6 +804,10 @@ echo "Start claude in this project — the session will appear in the studio UI.
         const body = await validateBody(c, createSessionSchema);
         if (isResponse(body))
             return body;
+        // In prod mode, use server-side API key; ignore user-provided credentials
+        const apiKey = config.devMode ? body.apiKey : process.env.ANTHROPIC_API_KEY;
+        const oauthToken = config.devMode ? body.oauthToken : undefined;
+        const ghToken = config.devMode ? body.ghToken : undefined;
         // Block freeform sessions in production mode
         if (body.freeform && !config.devMode) {
             return c.json({ error: "Freeform sessions are not available" }, 403);
@@ -812,14 +818,19 @@ echo "Start claude in this project — the session will appear in the studio UI.
             if (!checkSessionRateLimit(ip)) {
                 return c.json({ error: "Too many sessions. Please try again later." }, 429);
             }
+            if (checkGlobalSessionCap(config.sessions)) {
+                return c.json({ error: "Service at capacity, please try again later" }, 503);
+            }
         }
         const sessionId = crypto.randomUUID();
-        const inferredName = body.name ||
-            body.description
-                .slice(0, 40)
-                .replace(/[^a-z0-9]+/gi, "-")
-                .replace(/^-|-$/g, "")
-                .toLowerCase();
+        const inferredName = config.devMode
+            ? body.name ||
+                body.description
+                    .slice(0, 40)
+                    .replace(/[^a-z0-9]+/gi, "-")
+                    .replace(/^-|-$/g, "")
+                    .toLowerCase()
+            : `electric-${sessionId.slice(0, 8)}`;
         const baseDir = body.baseDir || process.cwd();
         const { projectName } = resolveProjectDir(baseDir, inferredName);
         console.log(`[session] Creating new session: id=${sessionId} project=${projectName}`);
@@ -856,11 +867,10 @@ echo "Start claude in this project — the session will appear in the studio UI.
         // Freeform sessions skip the infra config gate — no Electric/DB setup needed
         let ghAccounts = [];
         if (!body.freeform) {
-            // Gather GitHub accounts for the merged setup gate
-            // Only check if the client provided a token — never fall back to server-side GH_TOKEN
-            if (body.ghToken && isGhAuthenticated(body.ghToken)) {
+            // Gather GitHub accounts for the merged setup gate (dev mode only)
+            if (config.devMode && ghToken && isGhAuthenticated(ghToken)) {
                 try {
-                    ghAccounts = ghListAccounts(body.ghToken);
+                    ghAccounts = ghListAccounts(ghToken);
                 }
                 catch {
                     // gh not available — no repo setup
@@ -943,9 +953,15 @@ echo "Start claude in this project — the session will appear in the studio UI.
             const handle = await config.sandbox.create(sessionId, {
                 projectName,
                 infra,
-                apiKey: body.apiKey,
-                oauthToken: body.oauthToken,
-                ghToken: body.ghToken,
+                apiKey,
+                oauthToken,
+                ghToken,
+                ...(!config.devMode && {
+                    prodMode: {
+                        sessionToken: deriveSessionToken(config.streamConfig.secret, sessionId),
+                        studioUrl: resolveStudioUrl(config.port),
+                    },
+                }),
             });
             console.log(`[session:${sessionId}] Sandbox created: projectDir=${handle.projectDir} port=${handle.port} previewUrl=${handle.previewUrl ?? "none"}`);
             await bridge.emit({
@@ -1011,6 +1027,54 @@ echo "Start claude in this project — the session will appear in the studio UI.
                             ts: ts(),
                         });
                     }
+                    // In prod mode, create GitHub repo and initialize git in the sandbox
+                    let prodGitConfig;
+                    if (!config.devMode && GITHUB_APP_ID && GITHUB_INSTALLATION_ID && GITHUB_PRIVATE_KEY) {
+                        try {
+                            // Repo name matches the project name (already has random slug)
+                            const repoSlug = projectName;
+                            await bridge.emit({
+                                type: "log",
+                                level: "build",
+                                message: "Creating GitHub repository...",
+                                ts: ts(),
+                            });
+                            const { token } = await getInstallationToken(GITHUB_APP_ID, GITHUB_INSTALLATION_ID, GITHUB_PRIVATE_KEY);
+                            const repo = await createOrgRepo(GITHUB_ORG, repoSlug, token);
+                            if (repo) {
+                                const actualRepoName = `${GITHUB_ORG}/${repo.htmlUrl.split("/").pop()}`;
+                                // Initialize git and set remote in the sandbox
+                                await config.sandbox.exec(handle, `cd '${handle.projectDir}' && git init -b main && git remote add origin '${repo.cloneUrl}'`);
+                                prodGitConfig = {
+                                    mode: "pre-created",
+                                    repoName: actualRepoName,
+                                    repoUrl: repo.htmlUrl,
+                                };
+                                config.sessions.update(sessionId, {
+                                    git: {
+                                        branch: "main",
+                                        remoteUrl: repo.htmlUrl,
+                                        repoName: actualRepoName,
+                                        lastCommitHash: null,
+                                        lastCommitMessage: null,
+                                        lastCheckpointAt: null,
+                                    },
+                                });
+                                await bridge.emit({
+                                    type: "log",
+                                    level: "done",
+                                    message: `GitHub repo created: ${repo.htmlUrl}`,
+                                    ts: ts(),
+                                });
+                            }
+                            else {
+                                console.warn(`[session:${sessionId}] Failed to create GitHub repo`);
+                            }
+                        }
+                        catch (err) {
+                            console.error(`[session:${sessionId}] GitHub repo creation error:`, err);
+                        }
+                    }
                     // Write CLAUDE.md to the sandbox workspace.
                     // Our generator includes hardcoded playbook paths and reading order
                     // so we don't depend on @tanstack/intent generating a skill block.
@@ -1020,15 +1084,17 @@ echo "Start claude in this project — the session will appear in the studio UI.
                         projectDir: handle.projectDir,
                         runtime: config.sandbox.runtime,
                         production: !config.devMode,
-                        ...(repoConfig
-                            ? {
-                                git: {
-                                    mode: "create",
-                                    repoName: `${repoConfig.account}/${repoConfig.repoName}`,
-                                    visibility: repoConfig.visibility,
-                                },
-                            }
-                            : {}),
+                        ...(prodGitConfig
+                            ? { git: prodGitConfig }
+                            : repoConfig
+                                ? {
+                                    git: {
+                                        mode: "create",
+                                        repoName: `${repoConfig.account}/${repoConfig.repoName}`,
+                                        visibility: repoConfig.visibility,
+                                    },
+                                }
+                                : {}),
                     });
                     try {
                         await config.sandbox.exec(handle, `cat > '${handle.projectDir}/CLAUDE.md' << 'CLAUDEMD_EOF'\n${claudeMd}\nCLAUDEMD_EOF`);
@@ -1193,69 +1259,6 @@ echo "Start claude in this project — the session will appear in the studio UI.
         const body = await validateBody(c, iterateSessionSchema);
         if (isResponse(body))
             return body;
-        // Intercept operational commands (start/stop/restart the app/server)
-        const normalised = body.request
-            .toLowerCase()
-            .replace(/[^a-z ]/g, "")
-            .trim();
-        const appOrServer = /\b(app|server|dev server|dev|vite)\b/;
-        const isStartCmd = /^(start|run|launch|boot)\b/.test(normalised) && appOrServer.test(normalised);
-        const isStopCmd = /^(stop|kill|shutdown|shut down)\b/.test(normalised) && appOrServer.test(normalised);
-        const isRestartCmd = /^restart\b/.test(normalised) && appOrServer.test(normalised);
-        if (isStartCmd || isStopCmd || isRestartCmd) {
-            const bridge = getOrCreateBridge(config, sessionId);
-            await bridge.emit({ type: "user_prompt", message: body.request, ts: ts() });
-            try {
-                const handle = config.sandbox.get(sessionId);
-                if (isStopCmd) {
-                    if (handle && config.sandbox.isAlive(handle))
-                        await config.sandbox.stopApp(handle);
-                    await bridge.emit({ type: "log", level: "done", message: "App stopped", ts: ts() });
-                }
-                else {
-                    if (!handle || !config.sandbox.isAlive(handle)) {
-                        return c.json({ error: "Container is not running" }, 400);
-                    }
-                    if (isRestartCmd)
-                        await config.sandbox.stopApp(handle);
-                    await config.sandbox.startApp(handle);
-                    await bridge.emit({
-                        type: "log",
-                        level: "done",
-                        message: "App started",
-                        ts: ts(),
-                    });
-                    await bridge.emit({
-                        type: "app_status",
-                        status: "running",
-                        port: session.appPort,
-                        previewUrl: session.previewUrl,
-                        ts: ts(),
-                    });
-                }
-            }
-            catch (err) {
-                const msg = err instanceof Error ? err.message : "Operation failed";
-                await bridge.emit({ type: "log", level: "error", message: msg, ts: ts() });
-            }
-            return c.json({ ok: true });
-        }
-        // Intercept git commands (commit, push, create PR)
-        const gitOp = detectGitOp(body.request);
-        if (gitOp) {
-            const bridge = getOrCreateBridge(config, sessionId);
-            await bridge.emit({ type: "user_prompt", message: body.request, ts: ts() });
-            const handle = config.sandbox.get(sessionId);
-            if (!handle || !config.sandbox.isAlive(handle)) {
-                return c.json({ error: "Container is not running" }, 400);
-            }
-            // Send git requests as user messages via Claude Code bridge
-            await bridge.sendCommand({
-                command: "iterate",
-                request: body.request,
-            });
-            return c.json({ ok: true });
-        }
         const handle = config.sandbox.get(sessionId);
         if (!handle || !config.sandbox.isAlive(handle)) {
             return c.json({ error: "Container is not running" }, 400);
@@ -1272,6 +1275,28 @@ echo "Start claude in this project — the session will appear in the studio UI.
         });
         return c.json({ ok: true });
     });
+    // Generate a GitHub installation token for the sandbox (prod mode only)
+    app.post("/api/sessions/:id/github-token", async (c) => {
+        const sessionId = c.req.param("id");
+        if (config.devMode) {
+            return c.json({ error: "Not available in dev mode" }, 403);
+        }
+        if (!GITHUB_APP_ID || !GITHUB_INSTALLATION_ID || !GITHUB_PRIVATE_KEY) {
+            return c.json({ error: "GitHub App not configured" }, 500);
+        }
+        if (!checkGithubTokenRateLimit(sessionId)) {
+            return c.json({ error: "Too many token requests" }, 429);
+        }
+        try {
+            const result = await getInstallationToken(GITHUB_APP_ID, GITHUB_INSTALLATION_ID, GITHUB_PRIVATE_KEY);
+            return c.json(result);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : "Unknown error";
+            console.error(`GitHub token error for session ${sessionId}:`, message);
+            return c.json({ error: "Failed to generate GitHub token" }, 500);
+        }
+    });
     // Respond to a gate (approval, clarification, continue, revision)
     app.post("/api/sessions/:id/respond", async (c) => {
         const sessionId = c.req.param("id");
@@ -1658,8 +1683,8 @@ echo "Start claude in this project — the session will appear in the studio UI.
         console.log(`[room] Created: id=${roomId} name=${body.name} code=${code}`);
         return c.json({ roomId, code, roomToken }, 201);
     });
-    // Join an agent room by id + invite code
-    app.get("/api/rooms/join/:id/:code", (c) => {
+    // Join an agent room by id + invite code (outside /api/rooms/:id to avoid auth middleware)
+    app.get("/api/join-room/:id/:code", (c) => {
         const id = c.req.param("id");
         const code = c.req.param("code");
         const room = config.rooms.getRoom(id);
@@ -1697,6 +1722,19 @@ echo "Start claude in this project — the session will appear in the studio UI.
         const body = await validateBody(c, addAgentSchema);
         if (isResponse(body))
             return body;
+        // Rate-limit and gate credentials in production mode
+        if (!config.devMode) {
+            const ip = extractClientIp(c);
+            if (!checkSessionRateLimit(ip)) {
+                return c.json({ error: "Too many sessions. Please try again later." }, 429);
+            }
+            if (checkGlobalSessionCap(config.sessions)) {
+                return c.json({ error: "Service at capacity, please try again later" }, 503);
+            }
+        }
+        const apiKey = config.devMode ? body.apiKey : process.env.ANTHROPIC_API_KEY;
+        const oauthToken = config.devMode ? body.oauthToken : undefined;
+        const ghToken = config.devMode ? body.ghToken : undefined;
         const sessionId = crypto.randomUUID();
         const randomSuffix = sessionId.slice(0, 6);
         const agentName = body.name?.trim() || `agent-${randomSuffix}`;
@@ -1745,9 +1783,15 @@ echo "Start claude in this project — the session will appear in the studio UI.
                 const handle = await config.sandbox.create(sessionId, {
                     projectName,
                     infra: { mode: "local" },
-                    apiKey: body.apiKey,
-                    oauthToken: body.oauthToken,
-                    ghToken: body.ghToken,
+                    apiKey,
+                    oauthToken,
+                    ghToken,
+                    ...(!config.devMode && {
+                        prodMode: {
+                            sessionToken: deriveSessionToken(config.streamConfig.secret, sessionId),
+                            studioUrl: resolveStudioUrl(config.port),
+                        },
+                    }),
                 });
                 config.sessions.update(sessionId, {
                     appPort: handle.port,
@@ -2199,6 +2243,8 @@ echo "Start claude in this project — the session will appear in the studio UI.
     });
     // List GitHub accounts (personal + orgs) — requires client-provided token
     app.get("/api/github/accounts", (c) => {
+        if (!config.devMode)
+            return c.json({ error: "Not available" }, 403);
         const token = c.req.header("X-GH-Token");
         if (!token)
             return c.json({ accounts: [] });
@@ -2210,8 +2256,10 @@ echo "Start claude in this project — the session will appear in the studio UI.
             return c.json({ error: e instanceof Error ? e.message : "Failed to list accounts" }, 500);
         }
     });
-    // List GitHub repos for the authenticated user — requires client-provided token
+    // List GitHub repos for the authenticated user — requires client-provided token (dev mode only)
     app.get("/api/github/repos", (c) => {
+        if (!config.devMode)
+            return c.json({ error: "Not available" }, 403);
         const token = c.req.header("X-GH-Token");
         if (!token)
             return c.json({ repos: [] });
@@ -2224,6 +2272,8 @@ echo "Start claude in this project — the session will appear in the studio UI.
         }
     });
     app.get("/api/github/repos/:owner/:repo/branches", (c) => {
+        if (!config.devMode)
+            return c.json({ error: "Not available" }, 403);
         const owner = c.req.param("owner");
         const repo = c.req.param("repo");
         const token = c.req.header("X-GH-Token");
@@ -2261,18 +2311,14 @@ echo "Start claude in this project — the session will appear in the studio UI.
             }
         });
     }
-    // Resume a project from a GitHub repo
+    // Resume a project from a GitHub repo (dev mode only)
     app.post("/api/sessions/resume", async (c) => {
+        if (!config.devMode) {
+            return c.json({ error: "Resume from repo not available" }, 403);
+        }
         const body = await validateBody(c, resumeSessionSchema);
         if (isResponse(body))
             return body;
-        // Rate-limit session creation in production mode
-        if (!config.devMode) {
-            const ip = extractClientIp(c);
-            if (!checkSessionRateLimit(ip)) {
-                return c.json({ error: "Too many sessions. Please try again later." }, 429);
-            }
-        }
         const sessionId = crypto.randomUUID();
         const repoName = body.repoUrl
             .split("/")