@juspay/shooter 1.20.0 → 1.22.0

package/src/lib/types/autopilot.ts

@@ -0,0 +1,138 @@
+// Hand-written autopilot types — union/record types not expressible in YAML.
+
+/** A raw proposal from a single agent. */
+export interface AgentProposal {
+  confidence: number;
+  text: string;
+}
+
+/** Autopilot module-level state (not a Svelte store — held in the autopilot module). */
+export interface AutopilotState {
+  enabled: boolean;
+  status: Record<string, AutopilotStatus>;
+}
+
+/** Per-session autopilot lifecycle state. */
+export type AutopilotStatus = 'error' | 'idle' | 'running';
+
+/** Verdict from guardCommand() — whether a concrete command is safe to write to the PTY. */
+export interface CommandVerdict {
+  /** The trimmed command (echoed back for convenience). */
+  command: string;
+  /** Human-readable reason for the verdict. */
+  reason: string;
+  /** True when the command passed all guards and may be injected. */
+  safe: boolean;
+}
+
+/** Result from mergeNextStepConsensus(). */
+export interface ConsensusResult {
+  /** Number of agent lists passed in. */
+  agentCount: number;
+  /** Quorum threshold used. */
+  quorum: number;
+  /** Consensus (or tentative) next-step list, sorted by votes desc then confidence desc. */
+  steps: NextStep[];
+}
+
+/** A record of one autonomous-loop decision, surfaced in the dashboard panel. */
+export interface DriverAction {
+  /** ms timestamp of the action. */
+  at: number;
+  /** The command injected, or a short reason it was skipped / failed. */
+  detail: string;
+  /** What happened. */
+  kind: DriverActionKind;
+  /** The terminal acted on. */
+  terminalId: string;
+}
+
+/** Outcome of one driver evaluation. */
+export type DriverActionKind = 'error' | 'injected' | 'skipped';
+
+/** Decision from decideInjection() — the gate deciding whether to auto-act. */
+export interface GateDecision {
+  /** True when all safety gates pass and the loop should produce + inject a command. */
+  act: boolean;
+  /** Human-readable reason (always set, for logging + the phone UI). */
+  reason: string;
+  /** The consensus step being acted on (present when act is true). */
+  step?: NextStep;
+}
+
+/** Tunable thresholds for the auto-inject safety gate. */
+export interface InjectionPolicy {
+  /** Suppress injection within this many ms of observed human / output activity. */
+  humanGraceMs: number;
+  /** Minimum confidence of the top consensus step required to inject. */
+  injectConfidence: number;
+  /** Stop auto-injecting a terminal after this many consecutive actions without progress. */
+  maxAutoActions: number;
+  /** Minimum gap in ms between injections into the same terminal. */
+  minIntervalMs: number;
+}
+
+/** Per-terminal snapshot the driver passes to decideInjection(). */
+export interface InjectionState {
+  /** Consecutive auto-injections without a human touch or successful tool completion. */
+  autoActionCount: number;
+  /** True only for terminals Shooter created (POST /api/terminals); external sessions are read-only. */
+  isManaged: boolean;
+  /** Normalized text of the last consensus step acted on (dedup guard). */
+  lastActedStep: null | string;
+  /** ms timestamp of the last observed human input / terminal output activity. */
+  lastActivityAt: number;
+  /** The most recent WireShooterEvent type seen for this terminal. */
+  lastEventType: string;
+  /** ms timestamp of the last command injection into this terminal. */
+  lastInjectedAt: number;
+  /** The terminal id. */
+  terminalId: string;
+}
+
+/** Options for mergeNextStepConsensus(). */
+export interface MergeOptions {
+  /** Max steps taken from each agent list (default 3). */
+  k?: number;
+  /** Minimum vote count for a group to reach consensus (default 3). */
+  quorum?: number;
+}
+
+/** A single proposed next step from one agent or the merged consensus. */
+export interface NextStep {
+  /** Confidence score in [0, 1]. For consensus steps this is the mean across proposers. */
+  confidence: number;
+  /** Present and true when no group reached quorum; indicates low-certainty result. */
+  tentative?: boolean;
+  /** The original (highest-confidence) phrasing of the step. */
+  text: string;
+  /** Number of distinct agents that proposed this step (consensus only). */
+  votes?: number;
+}
+
+/**
+ * Additional per-session fields added by the autopilot engine.
+ * These are optional so that SessionState objects (which lack them by default)
+ * remain assignable; the engine writes them via Svelte 5's reactive proxy.
+ */
+export interface SessionAutopilotFields {
+  /** ISO 8601 timestamp of the last completed autopilot pipeline run. */
+  autopilotLastRun?: null | string;
+  /** Current autopilot pipeline status for this session. */
+  autopilotStatus?: AutopilotStatus;
+  /** Consensus next-step list from the last pipeline run. */
+  nextSteps?: NextStep[];
+}
+
+/** A persisted summary record stored in session_summaries. */
+export interface SessionSummaryRecord {
+  createdAt: string;
+  id: string;
+  /** JSON-serialised NextStep[] */
+  nextSteps: string;
+  projectName: null | string;
+  sessionId: null | string;
+  summary: string;
+  terminalId: null | string;
+  trigger: string;
+}

package/src/lib/types/index.ts

@@ -3,6 +3,7 @@
 
 export type * from './activity';
 export type * from './apn';
+export type * from './autopilot';
 export type * from './cli';
 export type * from './codex';
 export type * from './common';

package/src/lib/types/terminal-client.ts

@@ -56,6 +56,8 @@ export interface LaunchSheetProps {
 
 export interface LayoutData {
   aiProviders: Record<string, boolean>;
+  litellmBaseUrl: string;
+  litellmModel: string;
   neurolinkProvider: string;
 }
 

package/src/routes/+layout.server.ts

@@ -5,5 +5,7 @@ import type { LayoutServerLoad } from './$types';
 
 export const load: LayoutServerLoad = () => ({
   aiProviders: getProviderAvailability(env),
+  litellmBaseUrl: env.LITELLM_BASE_URL ?? '',
+  litellmModel: env.LITELLM_MODEL ?? 'open-large',
   neurolinkProvider: env.NEUROLINK_PROVIDER ?? '',
 });

package/src/routes/+layout.svelte

@@ -22,11 +22,26 @@
       return;
     }
     (window as unknown as Record<string, unknown>).__aiProviders = data.aiProviders;
+
+    // Ensure window.process.env exists minimally so env vars can be injected.
+    const win = window as unknown as Record<string, unknown>;
+    if (!win.process || typeof win.process !== 'object') {
+      win.process = { env: {} };
+    }
+    const proc = win.process as Record<string, unknown>;
+    if (!proc.env || typeof proc.env !== 'object') {
+      proc.env = {};
+    }
+    const procEnv = proc.env as Record<string, string>;
+
     if (data.neurolinkProvider) {
-      const proc = (window as unknown as { process?: { env?: Record<string, string> } }).process;
-      if (proc?.env) {
-        proc.env.NEUROLINK_PROVIDER = data.neurolinkProvider;
-      }
+      procEnv.NEUROLINK_PROVIDER = data.neurolinkProvider;
+    }
+    if (data.litellmBaseUrl) {
+      procEnv.LITELLM_BASE_URL = data.litellmBaseUrl;
+    }
+    if (data.litellmModel) {
+      procEnv.LITELLM_MODEL = data.litellmModel;
     }
   });
 

package/src/routes/+page.svelte

@@ -12,7 +12,13 @@
     isShooterConfig,
     setCache,
   } from '$lib/modules/client/common';
-  import { connect, DashboardView, disconnect, getCards } from '$lib/modules/client/dashboard';
+  import {
+    AutopilotPanel,
+    connect,
+    DashboardView,
+    disconnect,
+    getCards,
+  } from '$lib/modules/client/dashboard';
   import { Banner, Button, EmptyState, Icon, Pill, Shimmer } from '@juspay/svelte-ui-components';
   import { onDestroy, onMount } from 'svelte';
 
@@ -203,6 +209,8 @@
       <Button classes="btn-primary" onclick={navigateToConfig} text="Configure Settings" />
     </EmptyState>
   {:else}
+    <AutopilotPanel />
+
     <!-- Dashboard section: active terminal sessions -->
     {#if cards.length > 0}
       <div class="dashboard-section">

package/src/routes/api/autopilot/+server.ts

@@ -0,0 +1,74 @@
+// Control endpoint for the always-on server-side autopilot engine.
+// GET returns the enabled flag; POST { enabled } toggles it.
+//
+// The engine runs in the server.ts module graph and exposes its control on
+// globalThis.__shooter_autopilot. This route (bundled handler graph) reaches it
+// there rather than importing the engine — importing it would start a second
+// event subscriber. Falls back to the on-disk state file if the engine has not
+// started yet.
+
+import { validateAuth } from '$lib/modules/server/auth';
+import { json } from '@sveltejs/kit';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+
+import type { RequestHandler } from './$types';
+
+const STATE_FILE = join(homedir(), '.shooter', 'autopilot.json');
+
+function control(): undefined | { isEnabled: () => boolean; setEnabled: (v: boolean) => void } {
+  return (globalThis as Record<string, unknown>).__shooter_autopilot as
+    | undefined
+    | { isEnabled: () => boolean; setEnabled: (v: boolean) => void };
+}
+
+function readFileEnabled(): boolean {
+  try {
+    if (existsSync(STATE_FILE)) {
+      const parsed: unknown = JSON.parse(readFileSync(STATE_FILE, 'utf-8'));
+      return Boolean((parsed as { enabled?: unknown })?.enabled);
+    }
+  } catch {
+    // corrupt / unreadable
+  }
+  return false;
+}
+
+export const GET: RequestHandler = ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  const ctrl = control();
+  return json({ enabled: ctrl ? ctrl.isEnabled() : readFileEnabled(), running: Boolean(ctrl) });
+};
+
+export const POST: RequestHandler = async ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  let body: { enabled?: unknown };
+  try {
+    body = (await request.json()) as { enabled?: unknown };
+  } catch {
+    return json({ error: 'Invalid JSON body' }, { status: 400 });
+  }
+  if (typeof body.enabled !== 'boolean') {
+    return json({ error: 'enabled must be a boolean' }, { status: 400 });
+  }
+
+  const ctrl = control();
+  if (ctrl) {
+    ctrl.setEnabled(body.enabled);
+  } else {
+    try {
+      mkdirSync(join(homedir(), '.shooter'), { recursive: true });
+      writeFileSync(STATE_FILE, JSON.stringify({ enabled: body.enabled }), 'utf-8');
+    } catch {
+      // best-effort
+    }
+  }
+  return json({ enabled: body.enabled, running: Boolean(ctrl) });
+};

package/src/routes/api/autopilot/goal/+server.ts

@@ -0,0 +1,72 @@
+// Set/read the per-terminal autopilot GOAL that anchors the engine's context every cycle.
+//
+// POST { terminalId, goal } pins the goal; GET ?terminalId=… reads it back. Like
+// /api/autopilot, this reaches the engine via globalThis.__shooter_autopilot rather than
+// importing it (importing would start a second event subscriber). Goals live in-memory in the
+// engine (no file fallback): if the engine is not running there is nothing to set, so we 503.
+
+import { validateAuth } from '$lib/modules/server/auth';
+import { json } from '@sveltejs/kit';
+
+import type { RequestHandler } from './$types';
+
+function control():
+  | undefined
+  | {
+      getGoal?: (terminalId: string) => string | undefined;
+      setGoal?: (terminalId: string, goal: string) => void;
+    } {
+  return (globalThis as Record<string, unknown>).__shooter_autopilot as
+    | undefined
+    | {
+        getGoal?: (terminalId: string) => string | undefined;
+        setGoal?: (terminalId: string, goal: string) => void;
+      };
+}
+
+export const GET: RequestHandler = ({ request, url }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  const terminalId = url.searchParams.get('terminalId') ?? '';
+  if (!terminalId) {
+    return json({ error: 'terminalId query param is required' }, { status: 400 });
+  }
+  const ctrl = control();
+  if (!ctrl?.getGoal) {
+    return json({ error: 'autopilot engine not running', running: false }, { status: 503 });
+  }
+  return json({ goal: ctrl.getGoal(terminalId) ?? null, running: true });
+};
+
+export const POST: RequestHandler = async ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  let body: { goal?: unknown; terminalId?: unknown };
+  try {
+    body = (await request.json()) as { goal?: unknown; terminalId?: unknown };
+  } catch {
+    return json({ error: 'Invalid JSON body' }, { status: 400 });
+  }
+  if (typeof body.terminalId !== 'string' || body.terminalId.length === 0) {
+    return json({ error: 'terminalId must be a non-empty string' }, { status: 400 });
+  }
+  if (typeof body.goal !== 'string') {
+    return json({ error: 'goal must be a string' }, { status: 400 });
+  }
+  if (body.goal.length > 500) {
+    // The goal is prepended to EVERY engine LLM context, so an unbounded string would permanently
+    // bloat (and could dominate) the prompt. Cap it like the summaries route caps its fields.
+    return json({ error: 'goal must be 500 characters or fewer' }, { status: 400 });
+  }
+
+  const ctrl = control();
+  if (!ctrl?.setGoal) {
+    return json({ error: 'autopilot engine not running', running: false }, { status: 503 });
+  }
+  ctrl.setGoal(body.terminalId, body.goal);
+  return json({ goal: body.goal.trim() || null, running: true, terminalId: body.terminalId });
+};

package/src/routes/api/neurolink-proxy/+server.ts

@@ -15,6 +15,7 @@ import type { RequestHandler } from './$types';
 const ALLOWED_CLIENT_HEADERS: Record<string, Set<string>> = {
   anthropic: new Set(['anthropic-beta', 'anthropic-version']),
   'google-ai': new Set<string>([]),
+  litellm: new Set<string>([]),
   mistral: new Set([]),
   openai: new Set(['openai-organization', 'openai-project']),
 };
@@ -63,15 +64,29 @@ export const POST: RequestHandler = async ({ request }) => {
     openai: 'https://api.openai.com/',
   };
 
-  const allowedPrefix = ALLOWED_PREFIXES[provider];
-  if (!allowedPrefix || !url.startsWith(allowedPrefix)) {
-    return json({ error: `Provider "${provider}" or URL not allowed` }, { status: 403 });
+  if (provider === 'litellm') {
+    // SSRF-safe: only forward to the operator-configured LiteLLM endpoint.
+    // Trim to align with getProviderAvailability semantics (whitespace-only = not configured).
+    const rawBase = env.LITELLM_BASE_URL?.trim();
+    if (!rawBase) {
+      return json({ error: 'LiteLLM is not configured on this server' }, { status: 403 });
+    }
+    const litellmPrefix = `${rawBase.replace(/\/+$/, '')}/`;
+    if (!url.startsWith(litellmPrefix)) {
+      return json({ error: `Provider "${provider}" or URL not allowed` }, { status: 403 });
+    }
+  } else {
+    const allowedPrefix = ALLOWED_PREFIXES[provider];
+    if (!allowedPrefix || !url.startsWith(allowedPrefix)) {
+      return json({ error: `Provider "${provider}" or URL not allowed` }, { status: 403 });
+    }
   }
 
   // Inject the server-side API key so the browser never sees it
   const apiKeyEnv: Record<string, string> = {
     anthropic: env.ANTHROPIC_API_KEY ?? '',
     'google-ai': env.GOOGLE_AI_API_KEY ?? '',
+    litellm: env.LITELLM_API_KEY ?? '',
     mistral: env.MISTRAL_API_KEY ?? '',
     openai: env.OPENAI_API_KEY ?? '',
   };
@@ -93,16 +108,32 @@ export const POST: RequestHandler = async ({ request }) => {
     ...normalizedReqHeaders,
   };
 
-  // Override / set auth header with server-side key
+  // Override / set auth header with server-side key.
+  // For Bearer-token providers, only inject the header when the key is non-empty
+  // to avoid sending a malformed `Authorization: Bearer ` to the upstream.
   if (provider === 'anthropic') {
-    forwardHeaders['x-api-key'] = apiKeyEnv.anthropic;
+    // Only inject the key header when non-empty — sending `x-api-key: ` (empty) is a malformed
+    // header that the upstream rejects with a confusing error instead of a clean 401.
+    if (apiKeyEnv.anthropic) {
+      forwardHeaders['x-api-key'] = apiKeyEnv.anthropic;
+    }
     forwardHeaders['anthropic-version'] = forwardHeaders['anthropic-version'] ?? '2023-06-01';
   } else if (provider === 'google-ai') {
-    forwardHeaders['x-goog-api-key'] = apiKeyEnv['google-ai'];
+    if (apiKeyEnv['google-ai']) {
+      forwardHeaders['x-goog-api-key'] = apiKeyEnv['google-ai'];
+    }
   } else if (provider === 'openai') {
-    forwardHeaders.Authorization = `Bearer ${apiKeyEnv.openai}`;
+    if (apiKeyEnv.openai) {
+      forwardHeaders.Authorization = `Bearer ${apiKeyEnv.openai}`;
+    }
   } else if (provider === 'mistral') {
-    forwardHeaders.Authorization = `Bearer ${apiKeyEnv.mistral}`;
+    if (apiKeyEnv.mistral) {
+      forwardHeaders.Authorization = `Bearer ${apiKeyEnv.mistral}`;
+    }
+  } else if (provider === 'litellm') {
+    if (apiKeyEnv.litellm) {
+      forwardHeaders.Authorization = `Bearer ${apiKeyEnv.litellm}`;
+    }
   }
 
   const controller = new AbortController();

package/src/routes/api/notify/+server.ts

@@ -173,13 +173,8 @@ function intelligentNotificationFilter(
     };
   }
 
-  // Always allow Stop hook completion notifications
-  if (source === 'stop-hook') {
-    return {
-      reason: 'Stop hook completion notification - session finished',
-      send: true,
-    };
-  }
+  // (Removed a dead `source === 'stop-hook'` branch: the notifier emits
+  // 'shooter-completion-detector', never 'stop-hook', and the default below already allows it.)
 
   // Filter out only very specific spam patterns to be less restrictive
   const spamPatterns = [
@@ -238,7 +233,15 @@ function isDuplicateNotification(
     return false;
   }
 
-  const key = `${title}|${message}|${data?.category || 'unknown'}`;
+  // Autopilot pushes include a stable dedupKey keyed on sessionId + top-step text
+  // (not the variable summary). Prefer it over the title|message|category key so
+  // two runs with the same top-step but different summary wording are correctly
+  // deduplicated.
+  const dataRecord = data as (NotificationData & { dedupKey?: string }) | undefined;
+  const key = dataRecord?.dedupKey
+    ? dataRecord.dedupKey
+    : `${title}|${message}|${data?.category || 'unknown'}`;
+
   const now = Date.now();
 
   if (notificationCache.has(key)) {
@@ -255,15 +258,28 @@ function isDuplicateNotification(
     }
   }
 
-  // Do NOT record here -- caller must call recordNotification() after
-  // successful delivery to avoid cache poisoning on send failure.
+  // RESERVE the slot atomically (check-and-set): a second concurrent request with the same key now
+  // sees it as a duplicate before either has delivered, closing the TOCTOU window that let two
+  // identical pushes through. The delivery path RELEASES the slot (releaseNotification) if the send
+  // fails, so a legitimate retry is not blocked — this replaces the old record-only-on-success
+  // scheme while still avoiding cache poisoning on failure.
+  notificationCache.set(key, now);
   return false;
 }
 
-/** Record a notification key in the dedup cache after successful delivery. */
+function notificationKey(title: string, message: string, data?: NotificationData): string {
+  const dataRecord = data as (NotificationData & { dedupKey?: string }) | undefined;
+  return dataRecord?.dedupKey ?? `${title}|${message}|${data?.category || 'unknown'}`;
+}
+
+/** Refresh a reserved dedup key after successful delivery (keeps the window measured from send). */
 function recordNotification(title: string, message: string, data?: NotificationData): void {
-  const key = `${title}|${message}|${data?.category || 'unknown'}`;
-  notificationCache.set(key, Date.now());
+  notificationCache.set(notificationKey(title, message, data), Date.now());
+}
+
+/** Release a reserved dedup key when delivery failed, so a legitimate retry is not blocked. */
+function releaseNotification(title: string, message: string, data?: NotificationData): void {
+  notificationCache.delete(notificationKey(title, message, data));
 }
 
 // TODO(refactor): extract body parsing, filtering, and platform routing into
@@ -302,6 +318,11 @@ export const POST: RequestHandler = async ({ request }) => {
     const waitForResponse =
       typeof body.waitForResponse === 'boolean' ? body.waitForResponse : false;
 
+    // forcePush: when true, send the push even if WS clients are connected.
+    // Used by the autopilot engine for high-signal notifications.
+    // Deduplication still applies — only the WS-client skip is bypassed.
+    const forcePush = typeof body.forcePush === 'boolean' ? body.forcePush : false;
+
     // Dynamic-options fields (PR-2/PR-3). When the caller wants to drive
     // a richer notification category — plan-mode approval, MCP
     // elicitation, AskUserQuestion choices — these arrive in the top
@@ -375,7 +396,8 @@ export const POST: RequestHandler = async ({ request }) => {
     // (for bidirectional permission polling) without actually sending a push
     // notification.  This happens when WebSocket clients are connected and the
     // events channel will broadcast the permission-requested event instead.
-    if (skipPush) {
+    // forcePush overrides this so high-signal autopilot pushes still reach the device.
+    if (skipPush && !forcePush) {
       if (waitForResponse) {
         createPendingRequest(canonicalRequestId, {
           options,
@@ -484,6 +506,7 @@ export const POST: RequestHandler = async ({ request }) => {
         });
       } else {
         console.error(`[notify] FCM delivery failed: ${fcmResult.error}`);
+        releaseNotification(title, message, data); // free the reserved dedup slot for a retry
 
         addNotification(
           buildNotificationRecord(
@@ -564,6 +587,7 @@ export const POST: RequestHandler = async ({ request }) => {
       } catch (notificationError) {
         const notifErrMsg = toErrorMessage(notificationError);
         console.error(`[notify] APNs delivery failed: ${notifErrMsg}`);
+        releaseNotification(title, message, data); // free the reserved dedup slot for a retry
 
         addNotification(
           buildNotificationRecord(canonicalRequestId, title, message, 'failed', data, notifErrMsg)

package/src/routes/api/presence/+server.ts

@@ -0,0 +1,39 @@
+// Viewer-presence endpoint. The dashboard / phone posts a heartbeat so the autopilot
+// engine can push only when the user is AWAY (not foregrounded) — see presence-store.ts.
+// Distinct from raw WebSocket connection count, which the autonomous loop keeps open.
+
+import { validateAuth } from '$lib/modules/server/auth';
+import {
+  hasEverReported,
+  isViewerPresent,
+  reportPresence,
+} from '$lib/modules/server/ws/presence-store';
+import { json } from '@sveltejs/kit';
+
+import type { RequestHandler } from './$types';
+
+export const GET: RequestHandler = ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  return json({ everReported: hasEverReported(), present: isViewerPresent() });
+};
+
+export const POST: RequestHandler = async ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  let body: { state?: unknown };
+  try {
+    body = (await request.json()) as { state?: unknown };
+  } catch {
+    return json({ error: 'Invalid JSON body' }, { status: 400 });
+  }
+  if (body.state !== 'foreground' && body.state !== 'background') {
+    return json({ error: "state must be 'foreground' or 'background'" }, { status: 400 });
+  }
+  reportPresence(body.state);
+  return json({ everReported: hasEverReported(), present: isViewerPresent(), state: body.state });
+};