npm - @kbediako/codex-orchestrator - Versions diffs - 0.1.38 → 0.2.1 - Mend

@kbediako/codex-orchestrator 0.1.38 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (311) hide show

package/dist/orchestrator/src/cli/control/confirmationApproveController.js ADDED Viewed

@@ -0,0 +1,62 @@
+export async function handleConfirmationApproveRequest(context) {
+    const method = context.req.method ?? 'GET';
+    const pathname = new URL(context.req.url ?? '/', 'http://localhost').pathname;
+    if (pathname !== '/confirmations/approve' || method !== 'POST') {
+        return false;
+    }
+    await context.expireConfirmations();
+    const body = await context.readRequestBody();
+    const requestId = readStringValue(body, 'request_id', 'requestId');
+    if (!requestId) {
+        writeConfirmationApproveResponse(context.res, 400, { error: 'missing_request_id' });
+        return true;
+    }
+    const actor = readStringValue(body, 'actor') ?? 'ui';
+    context.approveConfirmation(requestId, actor);
+    const entry = context.readConfirmation(requestId);
+    await context.persistConfirmations();
+    if (entry && entry.tool.startsWith('ui.') && entry.action === 'cancel') {
+        try {
+            const nonce = context.issueConfirmation(requestId);
+            const validation = context.validateConfirmation({
+                confirmNonce: nonce.confirm_nonce,
+                tool: entry.tool,
+                params: entry.params
+            });
+            await context.persistConfirmations();
+            await context.emitConfirmationResolved({
+                request_id: validation.request.request_id,
+                nonce_id: validation.nonce_id,
+                outcome: 'approved'
+            });
+            context.updateControlAction({
+                action: 'cancel',
+                requestedBy: actor,
+                requestId
+            });
+            await context.persistControl();
+            context.publishRuntime();
+        }
+        catch (error) {
+            writeConfirmationApproveResponse(context.res, 409, {
+                error: error?.message ?? 'confirmation_invalid'
+            });
+            return true;
+        }
+    }
+    writeConfirmationApproveResponse(context.res, 200, { status: 'approved' });
+    return true;
+}
+function writeConfirmationApproveResponse(res, status, body) {
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(body));
+}
+function readStringValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'string' && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return undefined;
+}

package/dist/orchestrator/src/cli/control/confirmationCreateController.js ADDED Viewed

@@ -0,0 +1,69 @@
+export async function handleConfirmationCreateRequest(context) {
+    const method = context.req.method ?? 'GET';
+    const pathname = new URL(context.req.url ?? '/', 'http://localhost').pathname;
+    if (pathname !== '/confirmations/create' || method !== 'POST') {
+        return false;
+    }
+    await context.expireConfirmations();
+    const body = await context.readRequestBody();
+    const rawAction = readStringValue(body, 'action');
+    const action = rawAction === 'cancel' || rawAction === 'merge' ? rawAction : 'other';
+    let tool = readStringValue(body, 'tool') ?? 'unknown';
+    let params = readRecordValue(body, 'params') ?? {};
+    if (context.authKind === 'session') {
+        if (rawAction !== 'cancel' || tool !== 'ui.cancel') {
+            writeConfirmationCreateResponse(context.res, 403, { error: 'ui_confirmation_disallowed' });
+            return true;
+        }
+        tool = 'ui.cancel';
+        params = {};
+    }
+    const { confirmation, wasCreated } = context.createConfirmation({
+        action,
+        tool,
+        params
+    });
+    await context.persistConfirmations();
+    if (wasCreated) {
+        await context.maybeAutoPause(confirmation.request_id);
+    }
+    const payload = buildConfirmationRequiredPayload(context.readRunId(), confirmation);
+    if (wasCreated) {
+        await context.emitConfirmationRequired(payload);
+    }
+    writeConfirmationCreateResponse(context.res, 200, payload);
+    return true;
+}
+function buildConfirmationRequiredPayload(runId, result) {
+    return {
+        request_id: result.request_id,
+        confirm_scope: {
+            run_id: runId,
+            action: result.action,
+            action_params_digest: result.action_params_digest
+        },
+        action_params_digest: result.action_params_digest,
+        digest_alg: result.digest_alg,
+        confirm_expires_in_ms: Date.parse(result.expires_at) - Date.parse(result.requested_at)
+    };
+}
+function writeConfirmationCreateResponse(res, status, body) {
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(body));
+}
+function readStringValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'string' && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return undefined;
+}
+function readRecordValue(record, key) {
+    const value = record[key];
+    if (value && typeof value === 'object' && !Array.isArray(value)) {
+        return value;
+    }
+    return undefined;
+}

package/dist/orchestrator/src/cli/control/confirmationIssueConsumeController.js ADDED Viewed

@@ -0,0 +1,43 @@
+export async function handleConfirmationIssueConsumeRequest(context) {
+    const method = context.req.method ?? 'GET';
+    const pathname = new URL(context.req.url ?? '/', 'http://localhost').pathname;
+    if (!isConfirmationIssueConsumeRoute(pathname) || method !== 'POST') {
+        return false;
+    }
+    await context.expireConfirmations();
+    const body = await context.readRequestBody();
+    const requestId = readStringValue(body, 'request_id', 'requestId');
+    if (!requestId) {
+        writeConfirmationResponse(context.res, 400, { error: 'missing_request_id' });
+        return true;
+    }
+    let nonce;
+    try {
+        nonce = context.issueConfirmation(requestId);
+    }
+    catch (error) {
+        writeConfirmationResponse(context.res, 409, {
+            error: error?.message ?? 'confirmation_invalid'
+        });
+        return true;
+    }
+    await context.persistConfirmations();
+    writeConfirmationResponse(context.res, 200, nonce);
+    return true;
+}
+function isConfirmationIssueConsumeRoute(pathname) {
+    return pathname === '/confirmations/issue' || pathname === '/confirmations/consume';
+}
+function writeConfirmationResponse(res, status, body) {
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(body));
+}
+function readStringValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'string' && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return undefined;
+}

package/dist/orchestrator/src/cli/control/confirmationListController.js ADDED Viewed

@@ -0,0 +1,22 @@
+export async function handleConfirmationListRequest(context) {
+    const method = context.req.method ?? 'GET';
+    const pathname = new URL(context.req.url ?? '/', 'http://localhost').pathname;
+    if (pathname !== '/confirmations' || method !== 'GET') {
+        return false;
+    }
+    await context.expireConfirmations();
+    const pending = sanitizeConfirmations(context.listPendingConfirmations());
+    writeConfirmationListResponse(context.res, 200, { pending });
+    return true;
+}
+function writeConfirmationListResponse(res, status, body) {
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(body));
+}
+function sanitizeConfirmations(entries) {
+    return entries.map((entry) => {
+        const sanitized = { ...entry };
+        delete sanitized.params;
+        return sanitized;
+    });
+}

package/dist/orchestrator/src/cli/control/confirmationValidateController.js ADDED Viewed

@@ -0,0 +1,58 @@
+export async function handleConfirmationValidateRequest(context) {
+    const method = context.req.method ?? 'GET';
+    const pathname = new URL(context.req.url ?? '/', 'http://localhost').pathname;
+    if (pathname !== '/confirmations/validate' || method !== 'POST') {
+        return false;
+    }
+    await context.expireConfirmations();
+    const body = await context.readRequestBody();
+    const confirmNonce = readStringValue(body, 'confirm_nonce', 'confirmNonce');
+    if (!confirmNonce) {
+        writeConfirmationValidateResponse(context.res, 400, { error: 'missing_confirm_nonce' });
+        return true;
+    }
+    const tool = readStringValue(body, 'tool') ?? 'unknown';
+    const params = readRecordValue(body, 'params') ?? {};
+    let validation;
+    try {
+        validation = context.validateConfirmation({ confirmNonce, tool, params });
+    }
+    catch (error) {
+        writeConfirmationValidateResponse(context.res, 409, {
+            error: error?.message ?? 'confirmation_invalid'
+        });
+        return true;
+    }
+    await context.persistConfirmations();
+    await context.emitConfirmationResolved({
+        request_id: validation.request.request_id,
+        nonce_id: validation.nonce_id,
+        outcome: 'approved'
+    });
+    writeConfirmationValidateResponse(context.res, 200, {
+        status: 'valid',
+        request_id: validation.request.request_id,
+        nonce_id: validation.nonce_id
+    });
+    return true;
+}
+function writeConfirmationValidateResponse(res, status, body) {
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(body));
+}
+function readStringValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'string' && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return undefined;
+}
+function readRecordValue(record, key) {
+    const value = record[key];
+    if (value && typeof value === 'object' && !Array.isArray(value)) {
+        return value;
+    }
+    return undefined;
+}

package/dist/orchestrator/src/cli/control/confirmations.js CHANGED Viewed

@@ -1,5 +1,4 @@
 import { createHash, createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
-import canonicalize from 'canonicalize';
 const NONCE_VERSION = 1;
 export class ConfirmationStore {
     runId;
@@ -202,13 +201,36 @@ export class ConfirmationStore {
 }
 export function buildActionParamsDigest(input) {
     const sanitized = stripConfirmNonce({ tool: input.tool, params: input.params });
-    const canonicalizeFn = canonicalize;
-    const canonical = canonicalizeFn(sanitized);
+    const canonical = canonicalizeJsonValue(sanitized);
     if (typeof canonical !== 'string') {
         throw new Error('Unable to canonicalize confirmation params.');
     }
     return createHash('sha256').update(canonical).digest('hex');
 }
+function canonicalizeJsonValue(value) {
+    if (value === null) {
+        return 'null';
+    }
+    if (typeof value === 'boolean' || typeof value === 'number' || typeof value === 'string') {
+        return JSON.stringify(value);
+    }
+    if (Array.isArray(value)) {
+        return `[${value.map((entry) => canonicalizeJsonValue(entry) ?? 'null').join(',')}]`;
+    }
+    if (value && typeof value === 'object') {
+        const entries = Object.entries(value)
+            .sort(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey))
+            .flatMap(([key, entry]) => {
+            const canonicalEntry = canonicalizeJsonValue(entry);
+            if (typeof canonicalEntry === 'undefined') {
+                return [];
+            }
+            return [`${JSON.stringify(key)}:${canonicalEntry}`];
+        });
+        return `{${entries.join(',')}}`;
+    }
+    return undefined;
+}
 function stripConfirmNonce(value) {
     if (Array.isArray(value)) {
         return value.map(stripConfirmNonce);

package/dist/orchestrator/src/cli/control/controlActionCancelConfirmation.js ADDED Viewed

@@ -0,0 +1,65 @@
+import { buildCanonicalTraceability, resolveTransportMutationRequestFromConfirmationScope } from './controlActionPreflight.js';
+export async function resolveCancelConfirmation(input) {
+    let validation;
+    try {
+        validation = input.validateNonce({
+            confirmNonce: input.confirmNonce,
+            tool: input.tool,
+            params: input.params
+        });
+    }
+    catch (error) {
+        return {
+            ok: false,
+            status: 409,
+            error: error?.message ?? 'confirmation_invalid'
+        };
+    }
+    const confirmedRequestValue = validation.request.params.request_id ?? validation.request.params.requestId;
+    const confirmedRequestId = typeof confirmedRequestValue === 'string' && confirmedRequestValue.trim().length > 0
+        ? confirmedRequestValue.trim()
+        : undefined;
+    const confirmedIntentValue = validation.request.params.intent_id ?? validation.request.params.intentId;
+    const confirmedIntentId = typeof confirmedIntentValue === 'string' && confirmedIntentValue.trim().length > 0
+        ? confirmedIntentValue.trim()
+        : undefined;
+    const requestId = confirmedRequestId ?? validation.request.request_id;
+    const intentId = confirmedIntentId ?? input.currentIntentId;
+    await input.persistConfirmations();
+    await input.emitConfirmationResolved({
+        request_id: validation.request.request_id,
+        nonce_id: validation.nonce_id,
+        outcome: 'approved'
+    });
+    const transportMutationResult = resolveTransportMutationRequestFromConfirmationScope({
+        body: input.body,
+        params: validation.request.params,
+        action: 'cancel'
+    });
+    if (transportMutationResult.error) {
+        return {
+            ok: false,
+            status: transportMutationResult.status ?? 400,
+            error: transportMutationResult.error,
+            traceability: buildCanonicalTraceability({
+                action: 'cancel',
+                decision: 'rejected',
+                requestId,
+                intentId,
+                taskId: input.taskId,
+                runId: input.snapshot.run_id,
+                manifestPath: input.manifestPath,
+                transport: transportMutationResult.partial?.transport ?? null,
+                actorId: transportMutationResult.partial?.actorId ?? null,
+                actorSource: transportMutationResult.partial?.actorSource ?? null,
+                principal: transportMutationResult.partial?.principal ?? null
+            })
+        };
+    }
+    return {
+        ok: true,
+        requestId,
+        intentId,
+        transportMutation: transportMutationResult.request
+    };
+}

package/dist/orchestrator/src/cli/control/controlActionController.js ADDED Viewed

@@ -0,0 +1,77 @@
+import { resolveControlActionControllerSequencing } from './controlActionControllerSequencing.js';
+import { normalizeControlActionRequest } from './controlActionPreflight.js';
+export async function handleControlActionRequest(context) {
+    const body = await context.readRequestBody();
+    const snapshot = context.readInitialSnapshot();
+    const normalized = normalizeControlActionRequest({
+        body,
+        authKind: context.authKind,
+        snapshot,
+        taskId: context.taskId,
+        manifestPath: context.manifestPath
+    });
+    if (!normalized.ok) {
+        context.writeControlError(normalized.status, normalized.error, normalized.traceability);
+        return;
+    }
+    const { action, requestedBy, reason } = normalized.value;
+    const tool = readStringValue(body, 'tool') ?? 'delegate.cancel';
+    const params = readRecordValue(body, 'params') ?? {};
+    const sequencing = await resolveControlActionControllerSequencing({
+        body,
+        tool,
+        params,
+        snapshot,
+        taskId: context.taskId,
+        manifestPath: context.manifestPath,
+        normalized: normalized.value,
+        isTransportNonceConsumed: context.isTransportNonceConsumed,
+        validateConfirmation: context.validateConfirmation,
+        persistConfirmations: context.persistConfirmations,
+        emitConfirmationResolved: context.emitConfirmationResolved,
+        readSnapshot: context.readSnapshot,
+        updateAction: context.updateAction
+    });
+    if (sequencing.kind === 'error') {
+        context.writeControlError(sequencing.status, sequencing.error, sequencing.traceability);
+        return;
+    }
+    if (sequencing.plan.persistRequired) {
+        await context.persistControlAction({
+            action,
+            requestId: sequencing.requestId,
+            intentId: sequencing.intentId,
+            transportMutation: sequencing.transportMutation
+        });
+    }
+    if (sequencing.plan.publishRequired) {
+        context.publishRuntime('control.action');
+    }
+    await context.emitControlActionAuditEvent({
+        outcome: sequencing.plan.response.outcome,
+        action,
+        requestedBy,
+        reason: reason ?? null,
+        requestId: sequencing.plan.response.requestId,
+        intentId: sequencing.plan.response.intentId,
+        snapshot: sequencing.plan.snapshot,
+        traceability: sequencing.plan.response.traceability
+    });
+    context.writeControlResponse(sequencing.plan.response);
+}
+function readStringValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'string' && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return undefined;
+}
+function readRecordValue(record, key) {
+    const value = record[key];
+    if (value && typeof value === 'object' && !Array.isArray(value)) {
+        return value;
+    }
+    return undefined;
+}

package/dist/orchestrator/src/cli/control/controlActionControllerSequencing.js ADDED Viewed

@@ -0,0 +1,161 @@
+import { resolveCancelConfirmation } from './controlActionCancelConfirmation.js';
+import { executeControlAction, resolveControlActionReplay } from './controlActionExecution.js';
+import { buildExecutionControlActionFinalizationPlan, buildReplayControlActionFinalizationPlan } from './controlActionFinalization.js';
+import { validateTransportMutationPreflight } from './controlActionPreflight.js';
+export async function resolveControlActionControllerSequencing(input) {
+    const { normalized } = input;
+    let requestId = normalized.requestId;
+    let intentId = normalized.intentId;
+    let transportMutation = normalized.transportMutation;
+    let isTransportMutation = Boolean(transportMutation);
+    const transportPreflight = validateTransportMutationPreflight({
+        action: normalized.action,
+        requestId,
+        intentId,
+        taskId: input.taskId,
+        snapshot: input.snapshot,
+        manifestPath: input.manifestPath,
+        transportMutation,
+        isTransportNonceConsumed: input.isTransportNonceConsumed
+    });
+    if (!transportPreflight.ok) {
+        return {
+            kind: 'error',
+            status: transportPreflight.status,
+            error: transportPreflight.error,
+            traceability: transportPreflight.traceability
+        };
+    }
+    if (normalized.action === 'cancel' && !normalized.deferTransportResolutionToConfirmation) {
+        const replaySnapshot = input.readSnapshot();
+        const replay = resolveControlActionReplay({
+            snapshot: replaySnapshot,
+            action: normalized.action,
+            requestId,
+            intentId,
+            taskId: input.taskId,
+            manifestPath: input.manifestPath,
+            transportMutation,
+            isTransportMutation
+        });
+        if (replay.matched) {
+            return {
+                kind: 'finalize',
+                requestId: replay.requestId,
+                intentId: replay.intentId,
+                transportMutation,
+                plan: buildReplayControlActionFinalizationPlan({
+                    snapshot: replaySnapshot,
+                    requestId: replay.requestId,
+                    intentId: replay.intentId,
+                    traceability: replay.traceability,
+                    persistRequired: true
+                })
+            };
+        }
+    }
+    if (normalized.action === 'cancel') {
+        if (!normalized.confirmNonce) {
+            return { kind: 'error', status: 409, error: 'confirmation_required' };
+        }
+        const cancelResolution = await resolveCancelConfirmation({
+            body: input.body,
+            tool: input.tool,
+            params: input.params,
+            confirmNonce: normalized.confirmNonce,
+            currentIntentId: intentId,
+            snapshot: input.snapshot,
+            taskId: input.taskId,
+            manifestPath: input.manifestPath,
+            validateNonce: input.validateConfirmation,
+            persistConfirmations: input.persistConfirmations,
+            emitConfirmationResolved: input.emitConfirmationResolved
+        });
+        if (!cancelResolution.ok) {
+            return {
+                kind: 'error',
+                status: cancelResolution.status,
+                error: cancelResolution.error,
+                traceability: cancelResolution.traceability
+            };
+        }
+        requestId = cancelResolution.requestId;
+        intentId = cancelResolution.intentId;
+        transportMutation = cancelResolution.transportMutation;
+        isTransportMutation = Boolean(transportMutation);
+        const postConfirmationPreflight = validateTransportMutationPreflight({
+            action: normalized.action,
+            requestId,
+            intentId,
+            taskId: input.taskId,
+            snapshot: input.snapshot,
+            manifestPath: input.manifestPath,
+            transportMutation,
+            isTransportNonceConsumed: input.isTransportNonceConsumed
+        });
+        if (!postConfirmationPreflight.ok) {
+            return {
+                kind: 'error',
+                status: postConfirmationPreflight.status,
+                error: postConfirmationPreflight.error,
+                traceability: postConfirmationPreflight.traceability
+            };
+        }
+        return {
+            kind: 'finalize',
+            requestId,
+            intentId,
+            transportMutation,
+            plan: buildExecutionControlActionFinalizationPlan({
+                action: normalized.action,
+                execution: executeControlAction({
+                    action: normalized.action,
+                    requestedBy: normalized.requestedBy,
+                    requestId,
+                    intentId,
+                    reason: normalized.reason ?? null,
+                    taskId: input.taskId,
+                    manifestPath: input.manifestPath,
+                    transportMutation,
+                    isTransportMutation,
+                    transportIdempotencyWindowMs: postConfirmationPreflight.idempotencyWindowMs,
+                    readSnapshot: input.readSnapshot,
+                    updateAction: input.updateAction
+                }),
+                requestId,
+                intentId,
+                taskId: input.taskId,
+                manifestPath: input.manifestPath,
+                transportMutation
+            })
+        };
+    }
+    return {
+        kind: 'finalize',
+        requestId,
+        intentId,
+        transportMutation,
+        plan: buildExecutionControlActionFinalizationPlan({
+            action: normalized.action,
+            execution: executeControlAction({
+                action: normalized.action,
+                requestedBy: normalized.requestedBy,
+                requestId,
+                intentId,
+                reason: normalized.reason ?? null,
+                taskId: input.taskId,
+                manifestPath: input.manifestPath,
+                transportMutation,
+                isTransportMutation,
+                transportIdempotencyWindowMs: transportPreflight.idempotencyWindowMs,
+                readSnapshot: input.readSnapshot,
+                updateAction: input.updateAction
+            }),
+            requestId,
+            intentId,
+            taskId: input.taskId,
+            manifestPath: input.manifestPath,
+            transportMutation
+        })
+    };
+}