@femtomc/mu-server 26.2.69 → 26.2.70

package/README.md

@@ -103,7 +103,8 @@ Bun.serve(server);
 ### Issues
 
 - `GET /api/issues` - List issues
-  - Query params: `?status=open&tag=bug`
+  - Query params: `?status=open&tag=bug&contains=crash&limit=50`
+  - `limit` defaults to `200` and is clamped to `<= 200`.
 - `GET /api/issues/:id` - Get issue by ID
 - `POST /api/issues` - Create new issue
   ```json
@@ -123,14 +124,17 @@ Bun.serve(server);
   ```
 - `POST /api/issues/:id/claim` - Claim issue (changes status to in_progress)
 - `GET /api/issues/ready` - Get ready issues
-  - Query param: `?root=issue-id`
+  - Query params: `?root=issue-id&contains=worker&limit=20`
+  - `limit` defaults to `200` and is clamped to `<= 200`.
 
 ### Forum
 
 - `GET /api/forum/topics` - List forum topics
-  - Query param: `?prefix=issue:`
+  - Query params: `?prefix=issue:&limit=20`
+  - `limit` defaults to `100` and is clamped to `<= 200`.
 - `GET /api/forum/read` - Read messages from topic
   - Query params: `?topic=issue:123&limit=50`
+  - `limit` defaults to `50` and is clamped to `<= 200`.
 - `POST /api/forum/post` - Post message to topic
   ```json
   {

package/dist/api/events.js

@@ -1,3 +1,67 @@
+function trimOrNull(value) {
+    if (value == null) {
+        return null;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+function previewText(value) {
+    if (typeof value === "string") {
+        return value;
+    }
+    if (value == null) {
+        return "";
+    }
+    try {
+        return JSON.stringify(value);
+    }
+    catch {
+        return String(value);
+    }
+}
+function includeByContains(event, contains) {
+    if (!contains) {
+        return true;
+    }
+    const needle = contains.toLowerCase();
+    const haystack = [
+        event.type ?? "",
+        event.source ?? "",
+        event.issue_id ?? "",
+        event.run_id ?? "",
+        previewText(event.payload),
+    ]
+        .join("\n")
+        .toLowerCase();
+    return haystack.includes(needle);
+}
+function applyEventFilters(events, filters) {
+    return events
+        .filter((event) => (filters.type ? event.type === filters.type : true))
+        .filter((event) => (filters.source ? event.source === filters.source : true))
+        .filter((event) => (filters.issueId ? event.issue_id === filters.issueId : true))
+        .filter((event) => (filters.runId ? event.run_id === filters.runId : true))
+        .filter((event) => {
+        if (filters.sinceMs == null) {
+            return true;
+        }
+        if (typeof event.ts_ms !== "number") {
+            return false;
+        }
+        return event.ts_ms >= filters.sinceMs;
+    })
+        .filter((event) => includeByContains(event, filters.contains));
+}
+function parseSinceMs(value) {
+    if (value == null || value.trim().length === 0) {
+        return null;
+    }
+    const parsed = Number.parseInt(value, 10);
+    if (!Number.isFinite(parsed)) {
+        return null;
+    }
+    return parsed;
+}
 export async function eventRoutes(request, context) {
     const url = new URL(request.url);
     const path = url.pathname.replace("/api/events", "") || "/";
@@ -6,31 +70,25 @@ export async function eventRoutes(request, context) {
         return new Response("Method Not Allowed", { status: 405 });
     }
     try {
-        const allEvents = await context.eventsStore.read();
+        const allEvents = (await context.eventsStore.read());
+        const filters = {
+            type: trimOrNull(url.searchParams.get("type")),
+            source: trimOrNull(url.searchParams.get("source")),
+            issueId: trimOrNull(url.searchParams.get("issue_id")),
+            runId: trimOrNull(url.searchParams.get("run_id")),
+            sinceMs: parseSinceMs(url.searchParams.get("since")),
+            contains: trimOrNull(url.searchParams.get("contains")),
+        };
         // Tail - GET /api/events/tail?n=50
         if (path === "/tail") {
             const n = Math.min(Math.max(1, parseInt(url.searchParams.get("n") ?? "50", 10) || 50), 500);
-            return Response.json(allEvents.slice(-n));
+            const filtered = applyEventFilters(allEvents, filters);
+            return Response.json(filtered.slice(-n));
         }
-        // Query - GET /api/events?type=...&source=...&since=...&limit=50
+        // Query - GET /api/events?type=...&source=...&issue_id=...&run_id=...&since=...&contains=...&limit=50
         if (path === "/") {
-            const typeFilter = url.searchParams.get("type");
-            const sourceFilter = url.searchParams.get("source");
-            const sinceRaw = url.searchParams.get("since");
             const limit = Math.min(Math.max(1, parseInt(url.searchParams.get("limit") ?? "50", 10) || 50), 500);
-            let filtered = allEvents;
-            if (typeFilter) {
-                filtered = filtered.filter((e) => e.type === typeFilter);
-            }
-            if (sourceFilter) {
-                filtered = filtered.filter((e) => e.source === sourceFilter);
-            }
-            if (sinceRaw) {
-                const sinceMs = parseInt(sinceRaw, 10);
-                if (!Number.isNaN(sinceMs)) {
-                    filtered = filtered.filter((e) => e.ts_ms >= sinceMs);
-                }
-            }
+            const filtered = applyEventFilters(allEvents, filters);
             return Response.json(filtered.slice(-limit));
         }
         return new Response("Not Found", { status: 404 });

package/dist/api/forum.js

@@ -1,3 +1,33 @@
+import { DEFAULT_FORUM_TOPICS_LIMIT, ForumStoreValidationError, normalizeForumPrefix, normalizeForumReadLimit, normalizeForumTopic, normalizeForumTopicsLimit, } from "@femtomc/mu-forum";
+async function readJsonBody(request) {
+    let body;
+    try {
+        body = await request.json();
+    }
+    catch {
+        throw new ForumStoreValidationError("invalid json body");
+    }
+    if (!body || typeof body !== "object" || Array.isArray(body)) {
+        throw new ForumStoreValidationError("json body must be an object");
+    }
+    return body;
+}
+function errorResponse(status, message) {
+    return new Response(JSON.stringify({ error: message }), {
+        status,
+        headers: { "Content-Type": "application/json" },
+    });
+}
+function mapForumRouteError(error) {
+    if (error instanceof ForumStoreValidationError) {
+        return errorResponse(400, error.message);
+    }
+    if (error instanceof Error && error.name === "ZodError") {
+        return errorResponse(400, error.message);
+    }
+    console.error("Forum API error:", error);
+    return errorResponse(500, error instanceof Error ? error.message : "Internal server error");
+}
 export async function forumRoutes(request, context) {
     const url = new URL(request.url);
     const path = url.pathname.replace("/api/forum", "") || "/";
@@ -5,37 +35,41 @@ export async function forumRoutes(request, context) {
     try {
         // List topics - GET /api/forum/topics
         if (path === "/topics" && method === "GET") {
-            const prefix = url.searchParams.get("prefix");
-            const topics = await context.forumStore.topics(prefix);
+            const prefix = normalizeForumPrefix(url.searchParams.get("prefix"));
+            const limit = normalizeForumTopicsLimit(url.searchParams.get("limit"), {
+                defaultLimit: DEFAULT_FORUM_TOPICS_LIMIT,
+            });
+            const topics = await context.forumStore.topics(prefix, { limit });
             return Response.json(topics);
         }
         // Read messages - GET /api/forum/read
         if (path === "/read" && method === "GET") {
-            const topic = url.searchParams.get("topic");
-            const limit = url.searchParams.get("limit");
-            if (!topic) {
-                return new Response("Topic is required", { status: 400 });
-            }
-            const messages = await context.forumStore.read(topic, limit ? parseInt(limit, 10) : 50);
+            const topic = normalizeForumTopic(url.searchParams.get("topic"));
+            const limit = normalizeForumReadLimit(url.searchParams.get("limit"));
+            const messages = await context.forumStore.read(topic, limit);
             return Response.json(messages);
         }
         // Post message - POST /api/forum/post
         if (path === "/post" && method === "POST") {
-            const body = (await request.json());
-            const { topic, body: messageBody, author } = body;
-            if (!topic || !messageBody) {
-                return new Response("Topic and body are required", { status: 400 });
+            const body = await readJsonBody(request);
+            const topic = normalizeForumTopic(body.topic);
+            if (typeof body.body !== "string" || body.body.trim().length === 0) {
+                return errorResponse(400, "body is required");
+            }
+            const messageBody = body.body;
+            let author = "system";
+            if (body.author != null) {
+                if (typeof body.author !== "string" || body.author.trim().length === 0) {
+                    return errorResponse(400, "author must be a non-empty string when provided");
+                }
+                author = body.author.trim();
             }
-            const message = await context.forumStore.post(topic, messageBody, author || "system");
+            const message = await context.forumStore.post(topic, messageBody, author);
             return Response.json(message, { status: 201 });
         }
         return new Response("Not Found", { status: 404 });
     }
     catch (error) {
-        console.error("Forum API error:", error);
-        return new Response(JSON.stringify({ error: error instanceof Error ? error.message : "Internal server error" }), {
-            status: 500,
-            headers: { "Content-Type": "application/json" },
-        });
+        return mapForumRouteError(error);
     }
 }

package/dist/api/issues.js

@@ -1,3 +1,58 @@
+import { DEFAULT_ISSUE_QUERY_LIMIT, ISSUE_STATUS_VALUES, IssueStoreNotFoundError, IssueStoreValidationError, normalizeIssueContainsFilter, normalizeIssueQueryLimit, } from "@femtomc/mu-issue";
+const ISSUE_STATUS_SET = new Set(ISSUE_STATUS_VALUES);
+function normalizeIssueId(value) {
+    try {
+        return decodeURIComponent(value).trim();
+    }
+    catch (cause) {
+        throw new IssueStoreValidationError("invalid issue id encoding", { cause });
+    }
+}
+function normalizeIssueStatusFilter(value) {
+    if (value == null) {
+        return undefined;
+    }
+    const normalized = value.trim();
+    if (normalized.length === 0) {
+        return undefined;
+    }
+    if (!ISSUE_STATUS_SET.has(normalized)) {
+        throw new IssueStoreValidationError(`invalid issue status filter: ${normalized}`);
+    }
+    return normalized;
+}
+async function readJsonBody(request) {
+    let body;
+    try {
+        body = await request.json();
+    }
+    catch {
+        throw new IssueStoreValidationError("invalid json body");
+    }
+    if (!body || typeof body !== "object" || Array.isArray(body)) {
+        throw new IssueStoreValidationError("json body must be an object");
+    }
+    return body;
+}
+function errorResponse(status, message) {
+    return new Response(JSON.stringify({ error: message }), {
+        status,
+        headers: { "Content-Type": "application/json" },
+    });
+}
+function mapIssueRouteError(error) {
+    if (error instanceof IssueStoreNotFoundError) {
+        return errorResponse(404, error.message);
+    }
+    if (error instanceof IssueStoreValidationError) {
+        return errorResponse(400, error.message);
+    }
+    if (error instanceof Error && error.name === "ZodError") {
+        return errorResponse(400, error.message);
+    }
+    console.error("Issue API error:", error);
+    return errorResponse(500, error instanceof Error ? error.message : "Internal server error");
+}
 export async function issueRoutes(request, context) {
     const url = new URL(request.url);
     const path = url.pathname.replace("/api/issues", "") || "/";
@@ -5,37 +60,63 @@ export async function issueRoutes(request, context) {
     try {
         // List issues - GET /api/issues
         if (path === "/" && method === "GET") {
-            const status = url.searchParams.get("status");
-            const tag = url.searchParams.get("tag");
-            const issues = await context.issueStore.list({
-                status: status,
-                tag: tag || undefined,
+            const status = normalizeIssueStatusFilter(url.searchParams.get("status"));
+            const tag = url.searchParams.get("tag")?.trim() || undefined;
+            const contains = normalizeIssueContainsFilter(url.searchParams.get("contains"));
+            const limit = normalizeIssueQueryLimit(url.searchParams.get("limit"), {
+                defaultLimit: DEFAULT_ISSUE_QUERY_LIMIT,
             });
+            const issues = await context.issueStore.list({ status, tag, contains, limit: limit ?? undefined });
             return Response.json(issues);
         }
         // Get ready issues - GET /api/issues/ready
         if (path === "/ready" && method === "GET") {
-            const root = url.searchParams.get("root");
-            const issues = await context.issueStore.ready(root || undefined);
+            const root = url.searchParams.get("root")?.trim() || undefined;
+            const contains = normalizeIssueContainsFilter(url.searchParams.get("contains"));
+            const limit = normalizeIssueQueryLimit(url.searchParams.get("limit"), {
+                defaultLimit: DEFAULT_ISSUE_QUERY_LIMIT,
+            });
+            const issues = await context.issueStore.ready(root, { contains, limit: limit ?? undefined });
             return Response.json(issues);
         }
         // Get single issue - GET /api/issues/:id
         if (path.startsWith("/") && method === "GET") {
-            const id = path.slice(1);
-            if (id) {
-                const issue = await context.issueStore.get(id);
-                if (!issue) {
-                    return new Response("Issue not found", { status: 404 });
-                }
-                return Response.json(issue);
+            const id = normalizeIssueId(path.slice(1));
+            if (id.length === 0) {
+                return errorResponse(400, "issue id is required");
             }
+            const issue = await context.issueStore.get(id);
+            if (!issue) {
+                return errorResponse(404, "issue not found");
+            }
+            return Response.json(issue);
         }
         // Create issue - POST /api/issues
         if (path === "/" && method === "POST") {
-            const body = (await request.json());
-            const { title, body: issueBody, tags, priority } = body;
+            const body = await readJsonBody(request);
+            const title = typeof body.title === "string" ? body.title.trim() : "";
             if (!title) {
-                return new Response("Title is required", { status: 400 });
+                return errorResponse(400, "title is required");
+            }
+            const issueBody = body.body == null ? undefined : typeof body.body === "string" ? body.body : undefined;
+            if (body.body != null && issueBody == null) {
+                return errorResponse(400, "body must be a string when provided");
+            }
+            let tags;
+            if (body.tags != null) {
+                if (!Array.isArray(body.tags) || !body.tags.every((tag) => typeof tag === "string")) {
+                    return errorResponse(400, "tags must be a string[] when provided");
+                }
+                tags = body.tags.map((tag) => tag.trim());
+            }
+            let priority;
+            if (body.priority != null) {
+                if (typeof body.priority !== "number" ||
+                    !Number.isFinite(body.priority) ||
+                    !Number.isInteger(body.priority)) {
+                    return errorResponse(400, "priority must be an integer when provided");
+                }
+                priority = body.priority;
             }
             const issue = await context.issueStore.create(title, {
                 body: issueBody,
@@ -46,41 +127,47 @@ export async function issueRoutes(request, context) {
         }
         // Update issue - PATCH /api/issues/:id
         if (path.startsWith("/") && method === "PATCH") {
-            const id = path.slice(1);
-            if (id) {
-                const body = (await request.json());
-                const issue = await context.issueStore.update(id, body);
-                return Response.json(issue);
+            const id = normalizeIssueId(path.slice(1));
+            if (id.length === 0) {
+                return errorResponse(400, "issue id is required");
             }
+            const body = await readJsonBody(request);
+            const issue = await context.issueStore.update(id, body);
+            return Response.json(issue);
         }
         // Close issue - POST /api/issues/:id/close
         if (path.endsWith("/close") && method === "POST") {
-            const id = path.slice(1, -6); // Remove leading / and trailing /close
-            const body = (await request.json());
-            const { outcome } = body;
+            const id = normalizeIssueId(path.slice(1, -"/close".length));
+            if (id.length === 0) {
+                return errorResponse(400, "issue id is required");
+            }
+            const body = await readJsonBody(request);
+            const outcome = typeof body.outcome === "string" ? body.outcome.trim() : "";
             if (!outcome) {
-                return new Response("Outcome is required", { status: 400 });
+                return errorResponse(400, "outcome is required");
             }
             const issue = await context.issueStore.close(id, outcome);
             return Response.json(issue);
         }
         // Claim issue - POST /api/issues/:id/claim
         if (path.endsWith("/claim") && method === "POST") {
-            const id = path.slice(1, -6); // Remove leading / and trailing /claim
+            const id = normalizeIssueId(path.slice(1, -"/claim".length));
+            if (id.length === 0) {
+                return errorResponse(400, "issue id is required");
+            }
             const success = await context.issueStore.claim(id);
             if (!success) {
-                return new Response("Failed to claim issue", { status: 409 });
+                return errorResponse(409, "failed to claim issue");
             }
             const issue = await context.issueStore.get(id);
+            if (!issue) {
+                return errorResponse(404, "issue not found");
+            }
             return Response.json(issue);
         }
         return new Response("Not Found", { status: 404 });
     }
     catch (error) {
-        console.error("Issue API error:", error);
-        return new Response(JSON.stringify({ error: error instanceof Error ? error.message : "Internal server error" }), {
-            status: 500,
-            headers: { "Content-Type": "application/json" },
-        });
+        return mapIssueRouteError(error);
     }
 }

package/dist/control_plane.d.ts

@@ -1,117 +1,9 @@
-import { type MessagingOperatorBackend, MessagingOperatorRuntime } from "@femtomc/mu-agent";
-import { type Channel, type CommandPipelineResult, type GenerationTelemetryRecorder, type ReloadableGenerationIdentity } from "@femtomc/mu-control-plane";
-import { type MuConfig } from "./config.js";
+import type { MessagingOperatorBackend, MessagingOperatorRuntime } from "@femtomc/mu-agent";
+import { type GenerationTelemetryRecorder } from "@femtomc/mu-control-plane";
+import type { ControlPlaneConfig, ControlPlaneGenerationContext, ControlPlaneHandle, ControlPlaneSessionLifecycle, TelegramGenerationSwapHooks } from "./control_plane_contract.js";
 import type { ActivityHeartbeatScheduler } from "./heartbeat_scheduler.js";
-import { type ControlPlaneRunHeartbeatResult, type ControlPlaneRunInterruptResult, type ControlPlaneRunSnapshot, type ControlPlaneRunSupervisorOpts, type ControlPlaneRunTrace } from "./run_supervisor.js";
-export type ActiveAdapter = {
-    name: Channel;
-    route: string;
-};
-export type TelegramGenerationRollbackTrigger = "manual" | "warmup_failed" | "health_gate_failed" | "cutover_failed" | "post_cutover_health_failed" | "rollback_unavailable" | "rollback_failed";
-export type TelegramGenerationReloadResult = {
-    handled: boolean;
-    ok: boolean;
-    reason: string;
-    route: string;
-    from_generation: ReloadableGenerationIdentity | null;
-    to_generation: ReloadableGenerationIdentity | null;
-    active_generation: ReloadableGenerationIdentity | null;
-    warmup: {
-        ok: boolean;
-        elapsed_ms: number;
-        error?: string;
-    } | null;
-    cutover: {
-        ok: boolean;
-        elapsed_ms: number;
-        error?: string;
-    } | null;
-    drain: {
-        ok: boolean;
-        elapsed_ms: number;
-        timed_out: boolean;
-        forced_stop: boolean;
-        error?: string;
-    } | null;
-    rollback: {
-        requested: boolean;
-        trigger: TelegramGenerationRollbackTrigger | null;
-        attempted: boolean;
-        ok: boolean;
-        error?: string;
-    };
-    error?: string;
-};
-export type ControlPlaneHandle = {
-    activeAdapters: ActiveAdapter[];
-    handleWebhook(path: string, req: Request): Promise<Response | null>;
-    reloadTelegramGeneration?(opts: {
-        config: ControlPlaneConfig;
-        reason: string;
-    }): Promise<TelegramGenerationReloadResult>;
-    listRuns?(opts?: {
-        status?: string;
-        limit?: number;
-    }): Promise<ControlPlaneRunSnapshot[]>;
-    getRun?(idOrRoot: string): Promise<ControlPlaneRunSnapshot | null>;
-    startRun?(opts: {
-        prompt: string;
-        maxSteps?: number;
-    }): Promise<ControlPlaneRunSnapshot>;
-    resumeRun?(opts: {
-        rootIssueId: string;
-        maxSteps?: number;
-    }): Promise<ControlPlaneRunSnapshot>;
-    interruptRun?(opts: {
-        jobId?: string | null;
-        rootIssueId?: string | null;
-    }): Promise<ControlPlaneRunInterruptResult>;
-    heartbeatRun?(opts: {
-        jobId?: string | null;
-        rootIssueId?: string | null;
-        reason?: string | null;
-        wakeMode?: string | null;
-    }): Promise<ControlPlaneRunHeartbeatResult>;
-    traceRun?(opts: {
-        idOrRoot: string;
-        limit?: number;
-    }): Promise<ControlPlaneRunTrace | null>;
-    submitTerminalCommand?(opts: {
-        commandText: string;
-        repoRoot: string;
-        requestId?: string;
-    }): Promise<CommandPipelineResult>;
-    stop(): Promise<void>;
-};
-export type ControlPlaneConfig = MuConfig["control_plane"];
-export type ControlPlaneGenerationContext = ReloadableGenerationIdentity;
-export type TelegramGenerationSwapHooks = {
-    onWarmup?: (ctx: {
-        generation: ReloadableGenerationIdentity;
-        reason: string;
-    }) => void | Promise<void>;
-    onCutover?: (ctx: {
-        from_generation: ReloadableGenerationIdentity | null;
-        to_generation: ReloadableGenerationIdentity;
-        reason: string;
-    }) => void | Promise<void>;
-    onDrain?: (ctx: {
-        generation: ReloadableGenerationIdentity;
-        reason: string;
-        timeout_ms: number;
-    }) => void | Promise<void>;
-};
-export type ControlPlaneSessionMutationAction = "reload" | "update";
-export type ControlPlaneSessionMutationResult = {
-    ok: boolean;
-    action: ControlPlaneSessionMutationAction;
-    message: string;
-    details?: Record<string, unknown>;
-};
-export type ControlPlaneSessionLifecycle = {
-    reload: () => Promise<ControlPlaneSessionMutationResult>;
-    update: () => Promise<ControlPlaneSessionMutationResult>;
-};
+import { type ControlPlaneRunSupervisorOpts } from "./run_supervisor.js";
+export type { ActiveAdapter, ControlPlaneConfig, ControlPlaneGenerationContext, ControlPlaneHandle, ControlPlaneSessionLifecycle, ControlPlaneSessionMutationAction, ControlPlaneSessionMutationResult, TelegramGenerationReloadResult, TelegramGenerationRollbackTrigger, TelegramGenerationSwapHooks, } from "./control_plane_contract.js";
 type DetectedAdapter = {
     name: "slack";
     signingSecret: string;
@@ -158,4 +50,3 @@ export type BootstrapControlPlaneOpts = {
     terminalEnabled?: boolean;
 };
 export declare function bootstrapControlPlane(opts: BootstrapControlPlaneOpts): Promise<ControlPlaneHandle | null>;
-export {};