@h-rig/server 0.0.6-alpha.22 → 0.0.6-alpha.23

package/dist/src/server-helpers/http-router.js

@@ -174,14 +174,29 @@ function summarizeUsefulRunError(projectRoot, runId, fallback) {
   const nonGeneric = errorLines.at(-1);
   return nonGeneric ?? (typeof fallback === "string" ? fallback : null);
 }
+function readRunPiSessionMetadata(projectRoot, runId) {
+  const run = readAuthorityRun(projectRoot, runId);
+  const metadata = run?.piSessionPrivate;
+  if (!metadata || typeof metadata !== "object" || Array.isArray(metadata))
+    return null;
+  const record = metadata;
+  const publicMetadata = record.public;
+  const daemonConnection = record.daemonConnection;
+  if (!publicMetadata || typeof publicMetadata !== "object" || Array.isArray(publicMetadata))
+    return null;
+  if (!daemonConnection || typeof daemonConnection !== "object" || Array.isArray(daemonConnection))
+    return null;
+  return metadata;
+}
 function readRunDetails(projectRoot, runId) {
   const run = readAuthorityRun(projectRoot, runId);
   if (!run) {
     return null;
   }
   const usefulErrorText = isGenericRunFailure(run.errorText) ? summarizeUsefulRunError(projectRoot, runId, run.errorText) : null;
+  const { piSessionPrivate: _piSessionPrivate, ...publicRun } = run;
   return {
-    run: usefulErrorText ? { ...run, errorText: usefulErrorText } : run,
+    run: usefulErrorText ? { ...publicRun, errorText: usefulErrorText } : publicRun,
     timeline: readJsonlFile(resolve(resolveAuthorityRunDir(projectRoot, runId), "timeline.jsonl")),
     approvals: readApprovals(projectRoot, { runId }),
     userInputs: readUserInputs(projectRoot, { runId })
@@ -1275,6 +1290,7 @@ var TERMINAL_RUN_STATUSES2 = new Set([
   "stopped"
 ]);
 var RESUMABLE_SERVER_CLOSEOUT_STATUSES = new Set(["pending", "running"]);
+var EXPLICIT_RESUMABLE_SERVER_CLOSEOUT_STATUSES = new Set(["pending", "running", "needs_attention"]);
 var ACTIVE_LOCAL_RUN_STATUSES = new Set(["created", "preparing", "running", "validating", "reviewing"]);
 
 // packages/server/src/server-helpers/ws-router.ts
@@ -1436,7 +1452,7 @@ if (false) {}
 // packages/server/src/server-helpers/http-router.ts
 import {
   listAuthorityRuns as listAuthorityRuns7,
-  readAuthorityRun as readAuthorityRun8,
+  readAuthorityRun as readAuthorityRun9,
   resolveAuthorityPaths,
   writeJsonFile as writeJsonFile4
 } from "@rig/runtime/control-plane/authority-files";
@@ -1456,10 +1472,64 @@ import {
   RemoteWsClient as RemoteWsClient2
 } from "@rig/runtime/control-plane/remote";
 
+// packages/server/src/server-helpers/pi-session-proxy.ts
+import { readAuthorityRun as readAuthorityRun7 } from "@rig/runtime/control-plane/authority-files";
+function resolveRunPiSessionProxy(projectRoot, runId) {
+  const run = readAuthorityRun7(projectRoot, runId);
+  if (!run)
+    return null;
+  const privateMetadata = readRunPiSessionMetadata(projectRoot, runId);
+  if (!privateMetadata)
+    return { pending: true, runId, status: typeof run.status === "string" ? run.status : undefined };
+  const connection = privateMetadata.daemonConnection;
+  if (connection.mode !== "http")
+    throw new Error("Only loopback HTTP Rig Pi session daemon connections are supported");
+  const token = tokenFromRef(connection.tokenRef);
+  if (!token)
+    throw new Error("Rig Pi session daemon token is unavailable");
+  return {
+    runId,
+    sessionId: privateMetadata.public.sessionId,
+    metadata: privateMetadata.public,
+    privateMetadata,
+    baseUrl: connection.baseUrl.replace(/\/+$/, ""),
+    token
+  };
+}
+async function proxyRunPiHttp(projectRoot, runId, input) {
+  const resolved = resolveRunPiSessionProxy(projectRoot, runId);
+  if (resolved === null)
+    return { status: 404, payload: { ok: false, error: "Run not found" } };
+  if ("pending" in resolved)
+    return { status: 409, payload: { ready: false, runId, status: resolved.status, retryAfterMs: 500 } };
+  const response = await fetch(`${resolved.baseUrl}${input.daemonPath}`, {
+    method: input.method,
+    headers: {
+      authorization: `Bearer ${resolved.token}`,
+      ...input.body === undefined ? {} : { "content-type": "application/json" }
+    },
+    body: input.body === undefined ? undefined : JSON.stringify(input.body)
+  });
+  const text = await response.text();
+  const payload = text.trim() ? JSON.parse(text) : null;
+  return { status: response.status, payload };
+}
+function buildRunPiDaemonWebSocketUrl(resolved) {
+  const url = new URL(`${resolved.baseUrl}/sessions/${encodeURIComponent(resolved.sessionId)}/events`);
+  url.protocol = url.protocol === "https:" ? "wss:" : "ws:";
+  url.searchParams.set("token", resolved.token);
+  return url.toString();
+}
+function tokenFromRef(ref) {
+  if (ref.startsWith("inline:"))
+    return ref.slice("inline:".length) || null;
+  return null;
+}
+
 // packages/server/src/server-helpers/run-steering.ts
 import { dirname as dirname4, resolve as resolve8 } from "path";
 import { existsSync as existsSync5, mkdirSync as mkdirSync4, readFileSync as readFileSync3 } from "fs";
-import { appendJsonlRecord as appendJsonlRecord2, readAuthorityRun as readAuthorityRun7, resolveAuthorityRunDir as resolveAuthorityRunDir4 } from "@rig/runtime/control-plane/authority-files";
+import { appendJsonlRecord as appendJsonlRecord2, readAuthorityRun as readAuthorityRun8, resolveAuthorityRunDir as resolveAuthorityRunDir4 } from "@rig/runtime/control-plane/authority-files";
 var steeringSequence = 0;
 function runSteeringPath(projectRoot, runId) {
   return resolve8(resolveAuthorityRunDir4(projectRoot, runId), "steering.jsonl");
@@ -1528,7 +1598,7 @@ function markQueuedRunSteeringMessagesDelivered(projectRoot, runId, ids) {
   return delivered;
 }
 function queueRunSteeringMessage(projectRoot, runId, input) {
-  const run = readAuthorityRun7(projectRoot, runId);
+  const run = readAuthorityRun8(projectRoot, runId);
   if (!run)
     throw new Error(`Run not found: ${runId}`);
   const text = input.message.trim();
@@ -2416,7 +2486,8 @@ function isAuthorizedInspectorStreamRequest(req, authToken) {
 }
 function buildDeploymentStatus(projectRoot) {
   const envCommit = normalizeCommit(process.env.RIG_COMMIT_SHA ?? process.env.GITHUB_SHA ?? process.env.VERCEL_GIT_COMMIT_SHA ?? process.env.RAILWAY_GIT_COMMIT_SHA ?? process.env.COMMIT_SHA);
-  const gitCommit = envCommit ?? readGitHeadCommit(projectRoot);
+  const deploymentRoot = normalizeString(process.env.RIG_HOST_PROJECT_ROOT) ?? projectRoot;
+  const gitCommit = envCommit ?? readGitHeadCommit(deploymentRoot) ?? readGitHeadCommit(projectRoot);
   return {
     currentCommit: gitCommit,
     commitSource: envCommit ? "env" : gitCommit ? "git" : null,
@@ -3006,7 +3077,7 @@ function redactSecretFields(value) {
   return redacted;
 }
 function validateRemoteLease(deps, state, input) {
-  const run = readAuthorityRun8(state.projectRoot, input.runId);
+  const run = readAuthorityRun9(state.projectRoot, input.runId);
   if (!run) {
     return { ok: false, response: deps.jsonResponse({ ok: false, error: "Remote run not found" }, 404) };
   }
@@ -3026,6 +3097,43 @@ function createRigServerFetch(state, deps) {
     return deps.withServerPathEnv(state.projectRoot, async () => {
       const browserOrigin = deps.resolveAllowedBrowserOrigin(req);
       const finalizeResponse = (response) => deps.withCorsHeaders(response, req, browserOrigin);
+      const earlyUrl = new URL(req.url);
+      const piEventsWsMatch = earlyUrl.pathname.match(/^\/api\/runs\/([^/]+)\/pi\/events$/);
+      if (piEventsWsMatch && req.headers.get("upgrade")?.toLowerCase() === "websocket") {
+        const queryToken = earlyUrl.searchParams.get("token");
+        const authHeaders = new Headers(req.headers);
+        if (queryToken && !authHeaders.has("authorization")) {
+          authHeaders.set("authorization", `Bearer ${queryToken}`);
+        }
+        const legacyAuthorized = Boolean(state.authToken && queryToken === state.authToken);
+        const requestAuth = authorizeRigHttpRequest({
+          req: new Request(req.url, { method: req.method, headers: authHeaders }),
+          pathname: earlyUrl.pathname,
+          projectRoot: state.projectRoot,
+          serverAuthToken: state.authToken,
+          legacyAuthorized
+        });
+        if (!requestAuth.authorized) {
+          return deps.jsonResponse({ ok: false, error: "Unauthorized WebSocket connection", reason: requestAuth.reason }, 401);
+        }
+        const runId = decodeURIComponent(piEventsWsMatch[1]);
+        const resolved = resolveRunPiSessionProxy(state.projectRoot, runId);
+        if (resolved === null)
+          return deps.jsonResponse({ ok: false, error: "Run not found" }, 404);
+        if ("pending" in resolved)
+          return deps.jsonResponse({ ready: false, runId, status: resolved.status, retryAfterMs: 500 }, 202);
+        if (!server)
+          return deps.jsonResponse({ ok: false, error: "WebSocket upgrade unavailable" }, 400);
+        const upgraded = server.upgrade(req, {
+          data: {
+            kind: "pi-session-proxy",
+            connectedAt: new Date().toISOString(),
+            upstreamUrl: buildRunPiDaemonWebSocketUrl(resolved),
+            runId
+          }
+        });
+        return upgraded ? new Response(null) : deps.jsonResponse({ ok: false, error: "WebSocket upgrade failed" }, 400);
+      }
       const upgradeResponse = handleWebSocketUpgrade({
         req,
         server,
@@ -4764,6 +4872,49 @@ data: ${JSON.stringify({ connectedAt: new Date().toISOString() })}
             return deps.jsonResponse({ ok: false, error: error instanceof Error ? error.message : String(error) }, 404);
           }
         }
+        const runPiMatch = url.pathname.match(/^\/api\/runs\/([^/]+)\/pi(?:\/(.*))?$/);
+        if (runPiMatch) {
+          const runId = decodeURIComponent(runPiMatch[1]);
+          const action = runPiMatch[2] || "";
+          const resolved = resolveRunPiSessionProxy(state.projectRoot, runId);
+          if (resolved === null)
+            return deps.notFound();
+          if ("pending" in resolved) {
+            if (action === "" && req.method === "GET") {
+              return deps.jsonResponse({ ready: false, runId, status: resolved.status, retryAfterMs: 500 }, 202);
+            }
+            return deps.jsonResponse({ ready: false, runId, status: resolved.status, retryAfterMs: 500, error: "Pi session is not ready" }, 409);
+          }
+          if (action === "" && req.method === "GET")
+            return deps.jsonResponse({ ready: true, metadata: resolved.metadata });
+          const body = req.method === "GET" ? undefined : await deps.readJsonBody(req);
+          const sessionPath = `/sessions/${encodeURIComponent(resolved.sessionId)}`;
+          const daemonPath = (() => {
+            if (action === "messages" && req.method === "GET")
+              return `${sessionPath}/messages`;
+            if (action === "status" && req.method === "GET")
+              return `${sessionPath}/status`;
+            if (action === "commands" && req.method === "GET")
+              return `${sessionPath}/commands`;
+            if (action === "prompt" && req.method === "POST")
+              return `${sessionPath}/prompt`;
+            if (action === "shell" && req.method === "POST")
+              return `${sessionPath}/shell`;
+            if (action === "commands/run" && req.method === "POST")
+              return `${sessionPath}/commands/run`;
+            if (action === "commands/respond" && req.method === "POST")
+              return `${sessionPath}/commands/respond`;
+            if (action === "extension-ui/respond" && req.method === "POST")
+              return `${sessionPath}/extension-ui/respond`;
+            if (action === "abort" && req.method === "POST")
+              return `${sessionPath}/abort`;
+            return null;
+          })();
+          if (!daemonPath)
+            return deps.notFound();
+          const proxied = await proxyRunPiHttp(state.projectRoot, runId, { method: req.method, daemonPath, body });
+          return deps.jsonResponse(proxied.payload, proxied.status);
+        }
         const runSteeringAckMatch = url.pathname.match(/^\/api\/runs\/([^/]+)\/steering\/ack$/);
         if (runSteeringAckMatch && req.method === "POST") {
           const runId = decodeURIComponent(runSteeringAckMatch[1]);

package/dist/src/server-helpers/pi-session-proxy.js

@@ -0,0 +1,84 @@
+// @bun
+// packages/server/src/server-helpers/pi-session-proxy.ts
+import { readAuthorityRun as readAuthorityRun2 } from "@rig/runtime/control-plane/authority-files";
+
+// packages/server/src/server-helpers/run-io.ts
+import {
+  listAuthorityRuns,
+  readAuthorityRun,
+  readJsonlFile,
+  resolveAuthorityRunDir
+} from "@rig/runtime/control-plane/authority-files";
+function readRunPiSessionMetadata(projectRoot, runId) {
+  const run = readAuthorityRun(projectRoot, runId);
+  const metadata = run?.piSessionPrivate;
+  if (!metadata || typeof metadata !== "object" || Array.isArray(metadata))
+    return null;
+  const record = metadata;
+  const publicMetadata = record.public;
+  const daemonConnection = record.daemonConnection;
+  if (!publicMetadata || typeof publicMetadata !== "object" || Array.isArray(publicMetadata))
+    return null;
+  if (!daemonConnection || typeof daemonConnection !== "object" || Array.isArray(daemonConnection))
+    return null;
+  return metadata;
+}
+var INITIAL_RUN_LOG_TAIL_MAX_BYTES = 8 * 1024 * 1024;
+
+// packages/server/src/server-helpers/pi-session-proxy.ts
+function resolveRunPiSessionProxy(projectRoot, runId) {
+  const run = readAuthorityRun2(projectRoot, runId);
+  if (!run)
+    return null;
+  const privateMetadata = readRunPiSessionMetadata(projectRoot, runId);
+  if (!privateMetadata)
+    return { pending: true, runId, status: typeof run.status === "string" ? run.status : undefined };
+  const connection = privateMetadata.daemonConnection;
+  if (connection.mode !== "http")
+    throw new Error("Only loopback HTTP Rig Pi session daemon connections are supported");
+  const token = tokenFromRef(connection.tokenRef);
+  if (!token)
+    throw new Error("Rig Pi session daemon token is unavailable");
+  return {
+    runId,
+    sessionId: privateMetadata.public.sessionId,
+    metadata: privateMetadata.public,
+    privateMetadata,
+    baseUrl: connection.baseUrl.replace(/\/+$/, ""),
+    token
+  };
+}
+async function proxyRunPiHttp(projectRoot, runId, input) {
+  const resolved = resolveRunPiSessionProxy(projectRoot, runId);
+  if (resolved === null)
+    return { status: 404, payload: { ok: false, error: "Run not found" } };
+  if ("pending" in resolved)
+    return { status: 409, payload: { ready: false, runId, status: resolved.status, retryAfterMs: 500 } };
+  const response = await fetch(`${resolved.baseUrl}${input.daemonPath}`, {
+    method: input.method,
+    headers: {
+      authorization: `Bearer ${resolved.token}`,
+      ...input.body === undefined ? {} : { "content-type": "application/json" }
+    },
+    body: input.body === undefined ? undefined : JSON.stringify(input.body)
+  });
+  const text = await response.text();
+  const payload = text.trim() ? JSON.parse(text) : null;
+  return { status: response.status, payload };
+}
+function buildRunPiDaemonWebSocketUrl(resolved) {
+  const url = new URL(`${resolved.baseUrl}/sessions/${encodeURIComponent(resolved.sessionId)}/events`);
+  url.protocol = url.protocol === "https:" ? "wss:" : "ws:";
+  url.searchParams.set("token", resolved.token);
+  return url.toString();
+}
+function tokenFromRef(ref) {
+  if (ref.startsWith("inline:"))
+    return ref.slice("inline:".length) || null;
+  return null;
+}
+export {
+  resolveRunPiSessionProxy,
+  proxyRunPiHttp,
+  buildRunPiDaemonWebSocketUrl
+};

package/dist/src/server-helpers/run-io.js

@@ -114,14 +114,29 @@ function summarizeUsefulRunError(projectRoot, runId, fallback) {
   const nonGeneric = errorLines.at(-1);
   return nonGeneric ?? (typeof fallback === "string" ? fallback : null);
 }
+function readRunPiSessionMetadata(projectRoot, runId) {
+  const run = readAuthorityRun(projectRoot, runId);
+  const metadata = run?.piSessionPrivate;
+  if (!metadata || typeof metadata !== "object" || Array.isArray(metadata))
+    return null;
+  const record = metadata;
+  const publicMetadata = record.public;
+  const daemonConnection = record.daemonConnection;
+  if (!publicMetadata || typeof publicMetadata !== "object" || Array.isArray(publicMetadata))
+    return null;
+  if (!daemonConnection || typeof daemonConnection !== "object" || Array.isArray(daemonConnection))
+    return null;
+  return metadata;
+}
 function readRunDetails(projectRoot, runId) {
   const run = readAuthorityRun(projectRoot, runId);
   if (!run) {
     return null;
   }
   const usefulErrorText = isGenericRunFailure(run.errorText) ? summarizeUsefulRunError(projectRoot, runId, run.errorText) : null;
+  const { piSessionPrivate: _piSessionPrivate, ...publicRun } = run;
   return {
-    run: usefulErrorText ? { ...run, errorText: usefulErrorText } : run,
+    run: usefulErrorText ? { ...publicRun, errorText: usefulErrorText } : publicRun,
     timeline: readJsonlFile(resolve(resolveAuthorityRunDir(projectRoot, runId), "timeline.jsonl")),
     approvals: readApprovals(projectRoot, { runId }),
     userInputs: readUserInputs(projectRoot, { runId })
@@ -265,6 +280,7 @@ export {
   readUserInputsForRuns,
   readUserInputs,
   readRunTimelinePage,
+  readRunPiSessionMetadata,
   readRunLogsPage,
   readRunDetails,
   readRawRunLogs,