@gajae-code/coding-agent 0.7.2 → 0.7.4

package/dist/types/notifications/index.d.ts

@@ -12,12 +12,160 @@
  * - `ask` (unattended/RPC): observes emitted workflow gates and resolves the real
  *   gate on a remote reply via `ctx.workflowGate`.
  * - `turn_end` -> `action_needed` (kind `idle`, deduped per turn).
- * - `session_shutdown` -> stop the server + deregister the answer source.
+ * - `session_shutdown` -> `session_closed` frame, stop server, deregister answer source.
  *
  * Enable with Settings notifications config, `GJC_NOTIFICATIONS=1` (a token is
  * generated), or `GJC_NOTIFICATIONS_TOKEN`.
  */
 import type { ExtensionFactory } from "../extensibility/extensions";
+/** Where a `session_create` should run. Discriminated by `kind`. */
+export type SessionCreateTarget = {
+    kind: "existing_path";
+    path: string;
+} | {
+    kind: "worktree";
+    repo: string;
+    branch: string;
+} | {
+    kind: "plain_dir";
+    path: string;
+};
+/** Identifies the session a `session_close` targets. */
+export interface SessionCloseTarget {
+    sessionId: string;
+    /** Expected GJC-managed tmux session name (defense-in-depth match). */
+    tmuxSession?: string;
+    /** Expected `@gjc-session-state-file` tag (defense-in-depth match). */
+    sessionStateFile?: string;
+}
+/** Identifies the session a `session_resume` targets. */
+export interface SessionResumeTarget {
+    sessionIdOrPrefix: string;
+    /** Optional repo/working-dir hint to disambiguate matches. */
+    path?: string;
+}
+/** Create a new session. */
+export interface SessionCreateFrame {
+    type: "session_create";
+    requestId: string;
+    /** Deterministic lifecycle marker preallocated by the daemon before spawn. */
+    lifecycleRequestId: string;
+    /** Session id the daemon preallocated and propagates to the child. */
+    intendedSessionId: string;
+    /** Telegram update id (idempotency key on the daemon side). */
+    updateId: number;
+    chatId: string;
+    /** Control-endpoint token authorizing this frame. */
+    token: string;
+    target: SessionCreateTarget;
+    /** Reference to the daemon-written, once-consumed startup-prompt file. */
+    startupPromptRef?: string;
+}
+/** Close (hard-kill, history preserved) a session. */
+export interface SessionCloseFrame {
+    type: "session_close";
+    requestId: string;
+    updateId: number;
+    chatId: string;
+    token: string;
+    target: SessionCloseTarget;
+    /** Hard-kill even if a live pane is attached (GJC-managed only). */
+    force?: boolean;
+}
+/** Resume a session (reattach if alive, else cold-restart from history). */
+export interface SessionResumeFrame {
+    type: "session_resume";
+    requestId: string;
+    updateId: number;
+    chatId: string;
+    token: string;
+    target: SessionResumeTarget;
+    startupPromptRef?: string;
+}
+/** Any client -> ingress lifecycle request frame. */
+export type SessionLifecycleRequest = SessionCreateFrame | SessionCloseFrame | SessionResumeFrame;
+/** Terminal status of a lifecycle request. */
+export type LifecycleStatus = "ok" | "error";
+/** A connected session's per-session endpoint, returned to the control client. */
+export interface LifecycleEndpoint {
+    url: string;
+    token: string;
+}
+/** The Telegram topic/thread a session is surfaced in. */
+export interface LifecycleTopic {
+    chatId: string;
+    threadId: string;
+}
+/** How a create request was correlated to its spawned session. */
+export type MatchedBy = "spawn_marker" | "session_ready";
+/** Response to a successful `session_create`. */
+export interface SessionCreateResponseFrame {
+    type: "session_create_response";
+    requestId: string;
+    status: LifecycleStatus;
+    lifecycleRequestId: string;
+    sessionId: string;
+    matchedBy: MatchedBy;
+    endpoint: LifecycleEndpoint;
+    topic: LifecycleTopic;
+    target: SessionCreateTarget;
+}
+/** Response to a successful `session_close`. */
+export interface SessionCloseResponseFrame {
+    type: "session_close_response";
+    requestId: string;
+    status: LifecycleStatus;
+    sessionId: string;
+    processGone: boolean;
+    historyPreserved: boolean;
+    endpointStale: boolean;
+}
+/** Whether a resume reattached to a live session or cold-restarted a dead one. */
+export type ResumeMode = "reattached" | "cold_restarted";
+/** Response to a successful `session_resume`. */
+export interface SessionResumeResponseFrame {
+    type: "session_resume_response";
+    requestId: string;
+    status: LifecycleStatus;
+    sessionId: string;
+    mode: ResumeMode;
+    endpoint: LifecycleEndpoint;
+    topic: LifecycleTopic;
+}
+/** Machine-readable reason a lifecycle request failed. */
+export type LifecycleErrorReason = "unauthorized" | "rate_limited" | "duplicate_conflict" | "invalid_target" | "ambiguous_target" | "spawn_failed" | "discovery_timeout" | "readiness_timeout" | "close_refused" | "not_found" | "terminal_uncertain";
+/** A candidate returned with an `ambiguous_target` resume error. */
+export interface ResumeCandidate {
+    sessionId: string;
+    path?: string;
+    /** Last-activity epoch-millis (session history file mtime), if known. */
+    mtimeMs?: number;
+}
+/** A structured lifecycle error frame. */
+export interface SessionLifecycleErrorFrame {
+    type: "session_lifecycle_error";
+    requestId: string;
+    status: LifecycleStatus;
+    reason: LifecycleErrorReason;
+    message: string;
+    candidates?: ResumeCandidate[];
+}
+/** Any ingress -> client lifecycle response frame. */
+export type SessionLifecycleResponse = SessionCreateResponseFrame | SessionCloseResponseFrame | SessionResumeResponseFrame | SessionLifecycleErrorFrame;
+/**
+ * Replayable per-session readiness signal (mirror of the Rust `session_ready`
+ * frame). Buffered and replayed to late clients so WS-open alone never implies
+ * the session is live and surfaced.
+ */
+export interface SessionReadyFrame {
+    type: "session_ready";
+    sessionId: string;
+    lifecycleRequestId?: string;
+    startupPromptRef?: string;
+    repo?: string;
+    branch?: string;
+    title?: string;
+}
 /**
  * Best-effort real repository name (no git spawn): resolves the main worktree
  * root directory so linked worktrees report the repo (e.g. `gajae-code`)

package/dist/types/notifications/lifecycle-commands.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Paired-chat /session_* command grammar (G009).
+ *
+ * Pure parser + shared target validator for the Telegram session-lifecycle
+ * commands. The daemon parses an inbound paired-chat message here, then attaches
+ * transport identity (chatId/updateId/token/requestId) and routes the resulting
+ * frame to the orchestrator. Keeping this pure makes the grammar, the MVP
+ * prompt-rejection, and target validation unit-testable without the daemon.
+ *
+ * MVP scope: an initial prompt (`-- <prompt>`) is REJECTED with usage text — no
+ * prompt text ever enters a frame, audit, log, or response until daemon-owned
+ * 0600 prompt refs are designed.
+ */
+import type { SessionCloseTarget, SessionCreateTarget, SessionLifecycleResponse, SessionResumeTarget } from "./index";
+export type LifecycleCommandVerb = "session_create" | "session_close" | "session_resume";
+/** A parsed, validated lifecycle command (transport identity added by caller). */
+export type ParsedLifecycleCommand = {
+    kind: "create";
+    target: SessionCreateTarget;
+} | {
+    kind: "close";
+    target: SessionCloseTarget;
+} | {
+    kind: "resume";
+    target: SessionResumeTarget;
+} | {
+    kind: "recent";
+    which: "create" | "resume" | "all";
+} | {
+    kind: "usage";
+    message: string;
+} | {
+    kind: "reject";
+    reason: "invalid_target" | "prompt_unsupported";
+    message: string;
+} | {
+    kind: "none";
+};
+/** True when the text begins a /session_* command (cheap pre-gate). */
+export declare function isLifecycleCommandText(text: string | undefined): boolean;
+/**
+ * Parse a paired-chat message into a lifecycle command. Returns `none` for
+ * non-lifecycle text, `usage`/`reject` for malformed input (no side effect), or
+ * a validated `create`/`close`/`resume`/`recent` intent.
+ *
+ * The caller MUST have already enforced paired-chat authorization; this function
+ * performs grammar + target validation only.
+ */
+export declare function parseLifecycleCommand(text: string | undefined): ParsedLifecycleCommand;
+/** The canonical usage text (exported for the daemon's help replies). */
+export declare function lifecycleUsage(): string;
+/**
+ * Shared target validator reused at the policy/effect boundary (after paired-chat
+ * auth, before any side effect). Returns null when valid, or an `invalid_target`
+ * reason. The orchestrator remains authoritative; this is a defensive pre-check
+ * the parser and any other entry point share.
+ */
+export declare function validateLifecycleTarget(verb: LifecycleCommandVerb, target: SessionCreateTarget | SessionCloseTarget | SessionResumeTarget): {
+    ok: true;
+} | {
+    ok: false;
+    reason: "invalid_target";
+    message: string;
+};
+/**
+ * Map a lifecycle response/error to a user-facing Telegram message (G010).
+ *
+ * Only derives text from sessionId, mode, reason, a safe message, and candidate
+ * {sessionId,path} — never a token or prompt. Each error reason gets tailored,
+ * actionable copy; an "in progress" pending response is surfaced distinctly.
+ */
+export declare function formatLifecycleOutcome(r: SessionLifecycleResponse): string;

package/dist/types/notifications/lifecycle-control-runtime.d.ts

@@ -0,0 +1,98 @@
+import type { ResumeCandidate, SessionCreateFrame, SessionLifecycleRequest, SessionLifecycleResponse } from "./index";
+import { type AuditEvent, type CreateEffectResult, type LedgerStore, type LifecycleOutcome, type OrchestratorDeps, type ResumeEffectResult } from "./lifecycle-orchestrator";
+/** Minimal view of the native control server this runtime depends on. */
+export interface ControlServerLike {
+    onLifecycleRequest(cb: (err: Error | null, req: {
+        kind: string;
+        requestId: string;
+        payloadJson: string;
+    }) => void): void;
+    respond(responseJson: string): void;
+}
+/**
+ * A startable control server (the native NotificationControlServer, or a fake in
+ * tests). Extends {@link ControlServerLike} with the start/stop lifecycle the
+ * daemon owns.
+ */
+export interface LifecycleControlServer extends ControlServerLike {
+    start(): Promise<unknown>;
+    stop(): void;
+}
+/** Factory the daemon uses to construct a control server bound to its ownership. */
+export type LifecycleControlServerFactory = (input: {
+    token: string;
+    ownerId: string;
+    agentDir: string;
+}) => LifecycleControlServer;
+/** Atomic + fsynced file-backed idempotency ledger store. */
+export declare function fileLedgerStore(idempotencyFile: string): LedgerStore;
+/** Append-only JSONL audit sink (0600). Never receives tokens or raw prompts. */
+export declare function fileAudit(auditPath: string): (e: AuditEvent) => void;
+/** Simple per-chat sliding-window create rate limiter. */
+export declare function createRateLimiter(maxPerWindow: number, windowMs: number): (chatId: string, nowMs: number) => boolean;
+/** Build the `gjc` argv for a create target (existing path / worktree / dir).
+ *
+ *  The launched session id is carried via `GJC_SESSION_ID` in the child env (see
+ *  {@link daemonSpawnCreate}); the root `gjc` launcher has no `--session-id`
+ *  flag, so it must never appear in argv. Only flags the launch parser actually
+ *  supports are emitted (`--worktree <branch>` for worktree targets). */
+export declare function buildCreateArgv(frame: SessionCreateFrame, _ids: {
+    intendedSessionId: string;
+    startupPromptRef?: string;
+}): {
+    cwd: string;
+    args: string[];
+};
+/** Real daemon-safe tmux launcher: detached `tmux new-session -d` + GJC tags. */
+export declare function daemonSpawnCreate(env?: NodeJS.ProcessEnv): (frame: SessionCreateFrame, ids: {
+    lifecycleRequestId: string;
+    intendedSessionId: string;
+    startupPromptRef?: string;
+}) => Promise<CreateEffectResult>;
+/** Real force-close effect (GJC-managed only, id-matched). */
+export declare function daemonCloseSession(env?: NodeJS.ProcessEnv): (target: {
+    sessionId: string;
+    tmuxSession?: string;
+    sessionStateFile?: string;
+}) => Promise<{
+    processGone: boolean;
+}>;
+/** Real resume effect: reattach if a live GJC session matches; else resolve the
+ *  prefix against saved history and fail closed (`ambiguous`/`notFound`) before
+ *  cold-restarting exactly one resolved session via the daemon-safe launcher. */
+export declare function daemonResumeSession(env?: NodeJS.ProcessEnv, opts?: {
+    sessionsRoot?: string;
+}): (target: {
+    sessionIdOrPrefix: string;
+    path?: string;
+}) => Promise<ResumeEffectResult | {
+    ambiguous: ResumeCandidate[];
+} | {
+    notFound: true;
+}>;
+/** Translate an orchestrator outcome into a wire response frame. */
+export declare function outcomeToResponse(frame: SessionLifecycleRequest, outcome: LifecycleOutcome): SessionLifecycleResponse;
+/**
+ * Wire a control server's lifecycle requests through the orchestrator.
+ *
+ * Handlers run on a single serial queue (a promise chain): the daemon owns the
+ * one control endpoint, so serializing here makes each request's ledger
+ * read -> classify -> write atomic with respect to every other request. Two
+ * identical updates that arrive nearly simultaneously can no longer both
+ * classify as `new` and both spawn — the second sees the first's persisted
+ * `in_progress`/`success` entry and re-acks instead.
+ */
+export declare function attachLifecycleControl(server: ControlServerLike, deps: OrchestratorDeps): void;
+/** Assemble real orchestrator deps for the daemon (ledger/audit under agentDir). */
+export declare function buildOrchestratorDeps(input: {
+    pairedChatId: string;
+    agentNotificationsDir: string;
+    /** Root of saved session histories (`<agentDir>/sessions`), for resume resolution. */
+    sessionsRoot?: string;
+    env?: NodeJS.ProcessEnv;
+}): OrchestratorDeps;
+/**
+ * Default production factory: a real native NotificationControlServer bound to
+ * the daemon's control token, owner id, and agent dir.
+ */
+export declare const createNativeControlServer: LifecycleControlServerFactory;

package/dist/types/notifications/lifecycle-orchestrator.d.ts

@@ -0,0 +1,144 @@
+import type { LifecycleErrorReason, ResumeCandidate, SessionCreateFrame, SessionLifecycleRequest } from "./index";
+/** Durable idempotency state for a single lifecycle request. */
+export type LedgerState = "in_progress" | "success" | "failure" | "terminal_uncertain";
+/** One persisted idempotency entry, keyed by `chatId:updateId`. */
+export interface LedgerEntry {
+    requestHash: string;
+    state: LedgerState;
+    requestId: string;
+    verb: SessionLifecycleRequest["type"];
+    intendedSessionId?: string;
+    startupPromptRef?: string;
+    createdAt: number;
+    updatedAt: number;
+    targetSummary: Record<string, unknown>;
+    sessionId?: string;
+    tmuxSession?: string;
+    sessionStateFile?: string;
+    endpointUrl?: string;
+    /** Close effect outcome: whether the tmux process is confirmed gone. */
+    processGone?: boolean;
+    reason?: LifecycleErrorReason;
+}
+/** The full on-disk ledger document. */
+export interface LedgerDoc {
+    version: 1;
+    entries: Record<string, LedgerEntry>;
+}
+/** Persistence boundary: atomic + fsynced read/write of the ledger document. */
+export interface LedgerStore {
+    read(): Promise<LedgerDoc>;
+    /** Write atomically (temp + fsync + rename) under a per-ledger lock. */
+    write(doc: LedgerDoc): Promise<void>;
+}
+/** One audit line. Tokens and raw prompts are NEVER included. */
+export interface AuditEvent {
+    ts: string;
+    event: "accepted" | "rejected" | "duplicate_reack" | "rate_limited" | "spawn_started" | "recovered_in_progress" | "success" | "failure" | "terminal_uncertain";
+    chatId: string;
+    updateId: number;
+    requestId: string;
+    requestHash: string;
+    verb: SessionLifecycleRequest["type"];
+    targetSummary: Record<string, unknown>;
+    sessionId?: string;
+    tmuxSession?: string;
+    reason?: LifecycleErrorReason;
+    /** Prompt byte length only (never the prompt text). */
+    promptBytes?: number;
+    /** Prompt content hash only (never the prompt text). */
+    promptHash?: string;
+}
+export interface CreateEffectResult {
+    sessionId: string;
+    tmuxSession: string;
+    sessionStateFile?: string;
+    endpointUrl: string;
+    topicThreadId: string;
+}
+export interface ResumeEffectResult extends CreateEffectResult {
+    mode: "reattached" | "cold_restarted";
+}
+/** Injected effects + policy. Pure orchestration calls into these. */
+export interface OrchestratorDeps {
+    /** The single paired chat id. Anything else is rejected before parsing. */
+    pairedChatId: string;
+    now: () => number;
+    store: LedgerStore;
+    audit: (event: AuditEvent) => Promise<void> | void;
+    /** Per-chat create rate limiter: returns true when allowed. */
+    allowCreate: (chatId: string, nowMs: number) => boolean;
+    /** Persist the once-consumed 0600 startup-prompt file; returns its ref. */
+    writeStartupPrompt: (requestId: string, prompt: string | undefined) => Promise<string | undefined>;
+    /** Spawn a session for a create/cold-restart. */
+    spawnCreate: (frame: SessionCreateFrame, ids: {
+        lifecycleRequestId: string;
+        intendedSessionId: string;
+        startupPromptRef?: string;
+    }) => Promise<CreateEffectResult>;
+    closeSession: (target: {
+        sessionId: string;
+        tmuxSession?: string;
+        sessionStateFile?: string;
+    }) => Promise<{
+        processGone: boolean;
+    }>;
+    resumeSession: (target: {
+        sessionIdOrPrefix: string;
+        path?: string;
+    }) => Promise<ResumeEffectResult | {
+        ambiguous: ResumeCandidate[];
+    } | {
+        notFound: true;
+    }>;
+    newLifecycleRequestId: () => string;
+    newSessionId: () => string;
+}
+/** A redaction-safe summary of a request target (never includes the token). */
+export declare function summarizeTarget(frame: SessionLifecycleRequest): Record<string, unknown>;
+/**
+ * Stable request hash over the meaningful (non-token) request content. Used to
+ * detect a duplicate update id reused with a DIFFERENT body (conflict).
+ */
+export declare function requestHash(frame: SessionLifecycleRequest): string;
+export declare function ledgerKey(chatId: string, updateId: number): string;
+/** How a freshly-arrived request relates to the durable ledger. */
+export type DuplicateClass = {
+    kind: "new";
+} | {
+    kind: "reack_success";
+    entry: LedgerEntry;
+} | {
+    kind: "reack_failure";
+    entry: LedgerEntry;
+} | {
+    kind: "in_progress";
+    entry: LedgerEntry;
+} | {
+    kind: "terminal_uncertain";
+    entry: LedgerEntry;
+} | {
+    kind: "conflict";
+    entry: LedgerEntry;
+};
+/** Classify a request against an existing ledger entry (pure). */
+export declare function classifyDuplicate(existing: LedgerEntry | undefined, hash: string): DuplicateClass;
+/** The structured outcome the daemon translates into a wire response frame. */
+export type LifecycleOutcome = {
+    status: "ok";
+    entry: LedgerEntry;
+    mode?: "reattached" | "cold_restarted";
+} | {
+    status: "error";
+    reason: LifecycleErrorReason;
+    message: string;
+    candidates?: ResumeCandidate[];
+} | {
+    status: "pending";
+    entry: LedgerEntry;
+};
+/**
+ * Handle one authenticated lifecycle request. Enforces paired-chat gating,
+ * idempotency, and rate limiting BEFORE any side effect, then dispatches.
+ */
+export declare function handleLifecycleRequest(frame: SessionLifecycleRequest, deps: OrchestratorDeps): Promise<LifecycleOutcome>;

package/dist/types/notifications/operator-runtime.d.ts

@@ -0,0 +1,52 @@
+export interface NotificationOperatorTimerDeps {
+    now?: () => number;
+    setTimeoutImpl?: typeof setTimeout;
+    clearTimeoutImpl?: typeof clearTimeout;
+    setIntervalImpl?: typeof setInterval;
+    clearIntervalImpl?: typeof clearInterval;
+}
+export interface NotificationOperatorRuntimeState {
+    running: boolean;
+    stopRequested: boolean;
+    activeAbort: boolean;
+}
+export interface OperatorBackoffOptions {
+    initialMs: number;
+    maxMs: number;
+    factor?: number;
+}
+export declare class OperatorBackoffPolicy {
+    #private;
+    constructor(opts: OperatorBackoffOptions);
+    next(): number;
+    reset(): void;
+    get currentMs(): number;
+}
+export interface OperatorRoute<TContext> {
+    name: string;
+    matches(event: Record<string, unknown>): boolean;
+    handle(context: TContext, event: Record<string, unknown>): Promise<void> | void;
+}
+export declare class OperatorEventRouter<TContext> {
+    readonly routes: OperatorRoute<TContext>[];
+    add(input: OperatorRoute<TContext>): this;
+    dispatch(context: TContext, event: Record<string, unknown>): Promise<boolean>;
+}
+export declare class NotificationOperatorRuntime {
+    #private;
+    constructor(deps?: NotificationOperatorTimerDeps);
+    get state(): NotificationOperatorRuntimeState;
+    start(): void;
+    stop(): void;
+    requestStop(): void;
+    get running(): boolean;
+    get stopRequested(): boolean;
+    createAbortController(): AbortController;
+    clearAbortController(controller: AbortController): void;
+    startInterval(name: string, intervalMs: number, tick: () => void): void;
+    stopInterval(name: string): void;
+    stopAllIntervals(): void;
+    runExclusive(name: string, fn: () => Promise<void>): Promise<void>;
+    sleep(ms: number, signal?: AbortSignal): Promise<void>;
+    now(): number;
+}

package/dist/types/notifications/rate-limit-pool.d.ts

@@ -81,6 +81,8 @@ export declare class RateLimitPool<T = unknown> {
      * single session monopolises a lane), consuming one token each.
      */
     drain(nowMs?: number): RateLimitItem<T>[];
+    /** Remove queued items matching `predicate` without consuming tokens. Returns removed items in lane/FIFO order. */
+    removeWhere(predicate: (item: RateLimitItem<T>) => boolean): RateLimitItem<T>[];
     private refill;
     /** Pop the next item by lane priority + per-session round-robin fairness. */
     private takeNext;

package/dist/types/notifications/recent-activity.d.ts

@@ -0,0 +1,35 @@
+/** One ranked recent-session entry surfaced to the picker. */
+export interface RecentSessionEntry {
+    /** Session id (the `.jsonl` file stem). */
+    sessionId: string;
+    /** Working directory / repo path, when recoverable from the header. */
+    path?: string;
+    /** Branch, when recoverable from the header. */
+    branch?: string;
+    /** A short title (first user message), when recoverable. */
+    title?: string;
+    /** Absolute path of the session history (state) file. */
+    sessionStateFile: string;
+    /** Last-activity epoch-millis (history file mtime). */
+    mtimeMs: number;
+    /** True when a terminal breadcrumb points at this session file. */
+    currentTerminal?: boolean;
+}
+export interface RecentActivityDeps {
+    /** Root holding `<encoded-cwd>/<sessionId>.jsonl` history files. */
+    sessionsRoot: string;
+    /** Optional breadcrumb session-file paths (current terminals). */
+    breadcrumbPaths?: string[];
+    /** Max entries to return (default 20). */
+    limit?: number;
+    /** Injection seam for tests. */
+    readFirstLine?: (file: string) => string | undefined;
+}
+/**
+ * List recent sessions ranked by history-file mtime (newest first).
+ *
+ * Scans `<sessionsRoot>/<encoded-cwd>/<sessionId>.jsonl`, stats each file, and
+ * returns up to `limit` entries enriched with header metadata and a
+ * `currentTerminal` flag for any breadcrumb-referenced session file.
+ */
+export declare function listRecentSessions(deps: RecentActivityDeps): RecentSessionEntry[];