@matthesketh/fleet 1.1.0 → 1.6.0

package/dist/adapters/notifier/webhook.js

@@ -0,0 +1,38 @@
+import { createHmac } from 'node:crypto';
+export function createWebhookNotifier(opts) {
+    const fetcher = opts.fetcher ?? fetch;
+    const timeoutMs = opts.timeoutMs ?? 10_000;
+    return {
+        id: 'webhook',
+        async notify(subject, body, meta) {
+            const payload = JSON.stringify({ subject, body, ...meta, at: new Date().toISOString() });
+            const headers = {
+                'Content-Type': 'application/json',
+                ...opts.headers,
+            };
+            if (opts.secret) {
+                const sig = createHmac('sha256', opts.secret).update(payload).digest('hex');
+                headers['X-Fleet-Signature'] = `sha256=${sig}`;
+            }
+            const controller = new AbortController();
+            const timer = setTimeout(() => controller.abort(), timeoutMs);
+            try {
+                const res = await fetcher(opts.url, {
+                    method: 'POST',
+                    headers,
+                    body: payload,
+                    signal: controller.signal,
+                });
+                if (!res.ok) {
+                    process.stderr.write(`[webhook] ${opts.url} returned ${res.status}\n`);
+                }
+            }
+            catch (err) {
+                process.stderr.write(`[webhook] ${opts.url} failed: ${err.message}\n`);
+            }
+            finally {
+                clearTimeout(timer);
+            }
+        },
+    };
+}

package/dist/adapters/runner/claude-cli.d.ts

@@ -0,0 +1,7 @@
+import type { RunnerAdapter } from '../types.js';
+export interface ClaudeCliOptions {
+    binary?: string;
+    lockRoot?: string;
+    configRoot?: string;
+}
+export declare function createClaudeCliRunner(opts?: ClaudeCliOptions): RunnerAdapter;

package/dist/adapters/runner/claude-cli.js

@@ -0,0 +1,231 @@
+import { spawn } from 'node:child_process';
+import { existsSync, mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+import lockfile from 'proper-lockfile';
+function summariseArgs(args) {
+    const s = JSON.stringify(args ?? null);
+    return s.length > 200 ? `${s.slice(0, 197)}...` : s;
+}
+function ensureDir(path) {
+    if (!existsSync(path))
+        mkdirSync(path, { recursive: true });
+}
+export function createClaudeCliRunner(opts = {}) {
+    const binary = opts.binary ?? 'claude';
+    const lockRoot = opts.lockRoot ?? '/var/lib/fleet/locks';
+    const configRoot = opts.configRoot ?? '/var/lib/fleet/claude-configs';
+    return {
+        id: 'claude-cli',
+        supports(task) {
+            return task.kind === 'claude-cli';
+        },
+        async *run(task, ctx, signal) {
+            if (task.kind !== 'claude-cli')
+                throw new Error('claude-cli runner received wrong task kind');
+            ensureDir(lockRoot);
+            ensureDir(configRoot);
+            const lockTarget = join(lockRoot, 'claude-cli');
+            ensureDir(lockTarget);
+            const startedAt = new Date().toISOString();
+            const startTime = Date.now();
+            yield { kind: 'start', routineId: ctx.routineId, target: ctx.repo ?? null, at: startedAt };
+            let release = null;
+            try {
+                release = await lockfile.lock(lockTarget, { stale: 30 * 60 * 1000, retries: 0 });
+            }
+            catch (err) {
+                yield {
+                    kind: 'end',
+                    status: 'failed',
+                    exitCode: -1,
+                    durationMs: Date.now() - startTime,
+                    at: new Date().toISOString(),
+                    error: `mutex busy: another claude-cli routine is running (${err.message})`,
+                };
+                return;
+            }
+            const perRoutineConfigDir = join(configRoot, ctx.routineId);
+            ensureDir(perRoutineConfigDir);
+            const args = [
+                '-p', task.prompt,
+                '--output-format', 'stream-json',
+                '--verbose',
+            ];
+            if (task.model)
+                args.push('--model', task.model);
+            if (task.appendSystem)
+                args.push('--append-system-prompt', task.appendSystem);
+            if (task.allowedTools && task.allowedTools.length > 0) {
+                args.push('--allowed-tools', task.allowedTools.join(','));
+            }
+            const env = {
+                ...process.env,
+                ...ctx.env,
+                CLAUDE_CONFIG_DIR: perRoutineConfigDir,
+            };
+            const child = spawn(binary, args, {
+                cwd: ctx.repoPath ?? undefined,
+                env,
+                stdio: ['ignore', 'pipe', 'pipe'],
+            });
+            const buffer = [];
+            let resolveWait = null;
+            const waitForEvent = () => new Promise(r => { resolveWait = r; });
+            const push = (ev) => {
+                buffer.push(ev);
+                if (resolveWait) {
+                    resolveWait();
+                    resolveWait = null;
+                }
+            };
+            let cumulativeUsd = 0;
+            let cumulativeInput = 0;
+            let cumulativeOutput = 0;
+            let cumulativeCacheCreate = 0;
+            let cumulativeCacheRead = 0;
+            let capBreached = null;
+            const killChain = () => {
+                child.kill('SIGTERM');
+                setTimeout(() => { if (!child.killed)
+                    child.kill('SIGKILL'); }, 5000);
+            };
+            const timer = setTimeout(() => {
+                capBreached = capBreached ?? 'wall-clock timeout';
+                killChain();
+            }, task.wallClockMs);
+            const onAbort = () => { capBreached = capBreached ?? 'aborted by caller'; killChain(); };
+            signal.addEventListener('abort', onAbort);
+            let stdoutTail = '';
+            child.stdout?.setEncoding('utf-8');
+            child.stderr?.setEncoding('utf-8');
+            child.stdout?.on('data', (chunk) => {
+                stdoutTail += chunk;
+                let newlineIdx;
+                while ((newlineIdx = stdoutTail.indexOf('\n')) >= 0) {
+                    const line = stdoutTail.slice(0, newlineIdx);
+                    stdoutTail = stdoutTail.slice(newlineIdx + 1);
+                    if (!line.trim())
+                        continue;
+                    let evt;
+                    try {
+                        evt = JSON.parse(line);
+                    }
+                    catch {
+                        push({ kind: 'stdout', chunk: `${line}\n` });
+                        continue;
+                    }
+                    if (evt.type === 'assistant' && Array.isArray(evt.message?.content)) {
+                        for (const part of evt.message.content) {
+                            if (part.type === 'tool_use' && part.name) {
+                                push({ kind: 'tool-call', name: part.name, argsPreview: summariseArgs(part.input) });
+                            }
+                            else if (part.type === 'text') {
+                                const text = part.text;
+                                if (typeof text === 'string')
+                                    push({ kind: 'stdout', chunk: text });
+                            }
+                        }
+                    }
+                    if (evt.type === 'result') {
+                        const usage = evt.usage ?? {};
+                        cumulativeInput = Math.max(cumulativeInput, usage.input_tokens ?? 0);
+                        cumulativeOutput = Math.max(cumulativeOutput, usage.output_tokens ?? 0);
+                        cumulativeCacheCreate = Math.max(cumulativeCacheCreate, usage.cache_creation_input_tokens ?? 0);
+                        cumulativeCacheRead = Math.max(cumulativeCacheRead, usage.cache_read_input_tokens ?? 0);
+                        cumulativeUsd = Math.max(cumulativeUsd, evt.total_cost_usd ?? 0);
+                        push({
+                            kind: 'cost',
+                            inputTokens: cumulativeInput,
+                            outputTokens: cumulativeOutput,
+                            cacheCreateTokens: cumulativeCacheCreate,
+                            cacheReadTokens: cumulativeCacheRead,
+                            usd: cumulativeUsd,
+                        });
+                        const totalTokens = cumulativeInput + cumulativeOutput + cumulativeCacheCreate;
+                        if (totalTokens > task.tokenCap) {
+                            capBreached = capBreached ?? `token cap exceeded: ${totalTokens} > ${task.tokenCap}`;
+                            killChain();
+                        }
+                        if (cumulativeUsd > task.maxUsd) {
+                            capBreached = capBreached ?? `cost cap exceeded: $${cumulativeUsd.toFixed(4)} > $${task.maxUsd}`;
+                            killChain();
+                        }
+                    }
+                }
+            });
+            child.stderr?.on('data', (chunk) => push({ kind: 'stderr', chunk }));
+            let exitCode = -1;
+            let exitSignal = null;
+            let done = false;
+            const exited = new Promise(resolveExit => {
+                child.on('close', (code, sig) => {
+                    if (stdoutTail.trim()) {
+                        try {
+                            const evt = JSON.parse(stdoutTail);
+                            if (evt.type === 'result') {
+                                const usage = evt.usage ?? {};
+                                cumulativeInput = Math.max(cumulativeInput, usage.input_tokens ?? 0);
+                                cumulativeOutput = Math.max(cumulativeOutput, usage.output_tokens ?? 0);
+                                cumulativeUsd = Math.max(cumulativeUsd, evt.total_cost_usd ?? 0);
+                            }
+                        }
+                        catch { /* not JSON */ }
+                        stdoutTail = '';
+                    }
+                    exitCode = code ?? -1;
+                    exitSignal = sig;
+                    done = true;
+                    if (resolveWait) {
+                        resolveWait();
+                        resolveWait = null;
+                    }
+                    resolveExit();
+                });
+                child.on('error', err => {
+                    push({ kind: 'stderr', chunk: `spawn error: ${err.message}\n` });
+                    done = true;
+                    if (resolveWait) {
+                        resolveWait();
+                        resolveWait = null;
+                    }
+                    resolveExit();
+                });
+            });
+            try {
+                while (!done || buffer.length > 0) {
+                    if (buffer.length === 0 && !done)
+                        await waitForEvent();
+                    while (buffer.length > 0) {
+                        const ev = buffer.shift();
+                        if (ev)
+                            yield ev;
+                    }
+                }
+                await exited;
+            }
+            finally {
+                clearTimeout(timer);
+                signal.removeEventListener('abort', onAbort);
+                if (release) {
+                    try {
+                        await release();
+                    }
+                    catch { /* already released */ }
+                }
+            }
+            const durationMs = Date.now() - startTime;
+            const status = capBreached === 'aborted by caller' ? 'aborted'
+                : capBreached ? 'timeout'
+                    : exitSignal ? 'timeout'
+                        : exitCode === 0 ? 'ok' : 'failed';
+            yield {
+                kind: 'end',
+                status,
+                exitCode,
+                durationMs,
+                at: new Date().toISOString(),
+                ...(capBreached ? { error: capBreached } : {}),
+            };
+        },
+    };
+}

package/dist/adapters/runner/mcp-call.d.ts

@@ -0,0 +1,8 @@
+import type { RunnerAdapter } from '../types.js';
+export interface McpCallOptions {
+    command?: string;
+    args?: string[];
+    clientName?: string;
+    clientVersion?: string;
+}
+export declare function createMcpCallRunner(opts?: McpCallOptions): RunnerAdapter;

package/dist/adapters/runner/mcp-call.js

@@ -0,0 +1,82 @@
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
+function extractText(content) {
+    if (!Array.isArray(content))
+        return '';
+    const chunks = [];
+    for (const part of content) {
+        if (part.type === 'text' && typeof part.text === 'string')
+            chunks.push(part.text);
+    }
+    return chunks.join('');
+}
+export function createMcpCallRunner(opts = {}) {
+    const command = opts.command ?? 'fleet';
+    const args = opts.args ?? ['mcp'];
+    return {
+        id: 'mcp-call',
+        supports(task) {
+            return task.kind === 'mcp-call';
+        },
+        async *run(task, ctx, signal) {
+            if (task.kind !== 'mcp-call')
+                throw new Error('mcp-call runner received wrong task kind');
+            const startedAt = new Date().toISOString();
+            const startTime = Date.now();
+            yield { kind: 'start', routineId: ctx.routineId, target: ctx.repo ?? null, at: startedAt };
+            const transport = new StdioClientTransport({ command, args });
+            const client = new Client({ name: opts.clientName ?? 'fleet-routine', version: opts.clientVersion ?? '1.0.0' }, { capabilities: {} });
+            const timer = setTimeout(() => {
+                void transport.close().catch(() => { });
+            }, task.wallClockMs);
+            const onAbort = () => {
+                void transport.close().catch(() => { });
+            };
+            signal.addEventListener('abort', onAbort);
+            let errorText;
+            let status = 'failed';
+            let exitCode = 1;
+            try {
+                await client.connect(transport);
+                const result = await client.callTool({ name: task.tool, arguments: task.args });
+                const payload = result;
+                const text = extractText(payload.content);
+                if (text)
+                    yield { kind: 'stdout', chunk: `${text}\n` };
+                yield { kind: 'tool-call', name: task.tool, argsPreview: JSON.stringify(task.args).slice(0, 200) };
+                if (payload.isError) {
+                    status = 'failed';
+                    errorText = text || 'mcp tool returned isError';
+                }
+                else {
+                    status = 'ok';
+                    exitCode = 0;
+                }
+            }
+            catch (err) {
+                errorText = err.message;
+                status = signal.aborted ? 'aborted' : 'failed';
+            }
+            finally {
+                clearTimeout(timer);
+                signal.removeEventListener('abort', onAbort);
+                try {
+                    await client.close();
+                }
+                catch { /* already closed */ }
+                try {
+                    await transport.close();
+                }
+                catch { /* already closed */ }
+            }
+            yield {
+                kind: 'end',
+                status,
+                exitCode,
+                durationMs: Date.now() - startTime,
+                at: new Date().toISOString(),
+                ...(errorText ? { error: errorText } : {}),
+            };
+        },
+    };
+}

package/dist/adapters/runner/shell.d.ts

@@ -0,0 +1,2 @@
+import type { RunnerAdapter } from '../types.js';
+export declare function createShellRunner(): RunnerAdapter;

package/dist/adapters/runner/shell.js

@@ -0,0 +1,103 @@
+import { spawn } from 'node:child_process';
+export function createShellRunner() {
+    return {
+        id: 'shell',
+        supports(task) {
+            return task.kind === 'shell';
+        },
+        async *run(task, ctx, signal) {
+            if (task.kind !== 'shell')
+                throw new Error('shell runner received non-shell task');
+            const startedAt = new Date().toISOString();
+            const startTime = Date.now();
+            yield {
+                kind: 'start',
+                routineId: ctx.routineId,
+                target: ctx.repo ?? null,
+                at: startedAt,
+            };
+            const [cmd, ...args] = task.argv;
+            const env = { ...process.env, ...ctx.env, ...(task.env ?? {}) };
+            const child = spawn(cmd, args, {
+                cwd: ctx.repoPath ?? undefined,
+                env,
+                stdio: ['ignore', 'pipe', 'pipe'],
+            });
+            const buffer = [];
+            let resolve = null;
+            const waitForEvent = () => new Promise(r => { resolve = r; });
+            const push = (ev) => {
+                buffer.push(ev);
+                if (resolve) {
+                    resolve();
+                    resolve = null;
+                }
+            };
+            const timer = setTimeout(() => {
+                child.kill('SIGTERM');
+                setTimeout(() => child.kill('SIGKILL'), 5000);
+            }, task.wallClockMs);
+            const onAbort = () => {
+                child.kill('SIGTERM');
+                setTimeout(() => child.kill('SIGKILL'), 5000);
+            };
+            signal.addEventListener('abort', onAbort);
+            child.stdout?.setEncoding('utf-8');
+            child.stderr?.setEncoding('utf-8');
+            child.stdout?.on('data', chunk => push({ kind: 'stdout', chunk }));
+            child.stderr?.on('data', chunk => push({ kind: 'stderr', chunk }));
+            let exitCode = -1;
+            let exitSignal = null;
+            let done = false;
+            const exited = new Promise(resolveExit => {
+                child.on('close', (code, sig) => {
+                    exitCode = code ?? -1;
+                    exitSignal = sig;
+                    done = true;
+                    if (resolve) {
+                        resolve();
+                        resolve = null;
+                    }
+                    resolveExit();
+                });
+                child.on('error', err => {
+                    push({ kind: 'stderr', chunk: `spawn error: ${err.message}\n` });
+                    done = true;
+                    if (resolve) {
+                        resolve();
+                        resolve = null;
+                    }
+                    resolveExit();
+                });
+            });
+            try {
+                while (!done || buffer.length > 0) {
+                    if (buffer.length === 0 && !done)
+                        await waitForEvent();
+                    while (buffer.length > 0) {
+                        const ev = buffer.shift();
+                        if (ev)
+                            yield ev;
+                    }
+                }
+                await exited;
+            }
+            finally {
+                clearTimeout(timer);
+                signal.removeEventListener('abort', onAbort);
+            }
+            const durationMs = Date.now() - startTime;
+            const status = signal.aborted ? 'aborted'
+                : exitSignal === 'SIGTERM' || exitSignal === 'SIGKILL' ? 'timeout'
+                    : exitCode === 0 ? 'ok' : 'failed';
+            yield {
+                kind: 'end',
+                status,
+                exitCode,
+                durationMs,
+                at: new Date().toISOString(),
+                ...(exitSignal ? { error: `signal=${exitSignal}` } : {}),
+            };
+        },
+    };
+}

package/dist/adapters/scheduler/systemd-timer.d.ts

@@ -0,0 +1,17 @@
+import type { Routine } from '../../core/routines/schema.js';
+import type { SchedulerAdapter } from '../types.js';
+export interface SystemdTimerOptions {
+    fleetBinary?: string;
+    runAsUser?: string;
+    unitDir?: string;
+}
+interface RenderedUnit {
+    timerPath: string;
+    servicePath: string;
+    timerUnit: string;
+    serviceUnit: string;
+    unitName: string;
+}
+export declare function renderUnits(routine: Routine, opts?: SystemdTimerOptions): RenderedUnit | null;
+export declare function createSystemdTimerAdapter(opts?: SystemdTimerOptions): SchedulerAdapter;
+export {};

package/dist/adapters/scheduler/systemd-timer.js

@@ -0,0 +1,149 @@
+import { existsSync, unlinkSync, writeFileSync } from 'node:fs';
+import { execSafe } from '../../core/exec.js';
+const UNIT_DIR = '/etc/systemd/system';
+const UNIT_PREFIX = 'fleet-routine-';
+export function renderUnits(routine, opts = {}) {
+    if (routine.schedule.kind !== 'calendar')
+        return null;
+    const fleetBinary = opts.fleetBinary ?? '/usr/local/bin/fleet';
+    const unitDir = opts.unitDir ?? UNIT_DIR;
+    const unitName = `${UNIT_PREFIX}${routine.id}`;
+    const timerPath = `${unitDir}/${unitName}.timer`;
+    const servicePath = `${unitDir}/${unitName}.service`;
+    const onCalendar = routine.schedule.onCalendar;
+    const randomizedDelay = routine.schedule.randomizedDelaySec;
+    const persistent = routine.schedule.persistent;
+    const userDirective = opts.runAsUser ? `User=${opts.runAsUser}\n` : '';
+    const timerUnit = [
+        `[Unit]`,
+        `Description=Fleet routine ${routine.id} (${routine.name})`,
+        ``,
+        `[Timer]`,
+        `OnCalendar=${onCalendar}`,
+        `RandomizedDelaySec=${randomizedDelay}`,
+        `Persistent=${persistent ? 'true' : 'false'}`,
+        `Unit=${unitName}.service`,
+        ``,
+        `[Install]`,
+        `WantedBy=timers.target`,
+        ``,
+    ].join('\n');
+    const serviceUnit = [
+        `[Unit]`,
+        `Description=Fleet routine ${routine.id} run`,
+        `After=network-online.target`,
+        `Wants=network-online.target`,
+        ``,
+        `[Service]`,
+        `Type=oneshot`,
+        userDirective,
+        `ExecStart=${fleetBinary} routine-run --id ${routine.id}`,
+        `NoNewPrivileges=true`,
+        `PrivateTmp=true`,
+        `ProtectSystem=strict`,
+        `ProtectHome=read-only`,
+        `ReadWritePaths=/var/log/fleet /var/lib/fleet`,
+        `LockPersonality=true`,
+        `RestrictSUIDSGID=true`,
+        `TimeoutStartSec=3600`,
+        `StandardOutput=journal`,
+        `StandardError=journal`,
+        ``,
+    ].filter(Boolean).join('\n');
+    return { timerPath, servicePath, timerUnit, serviceUnit, unitName };
+}
+function parseListTimers(stdout) {
+    const map = new Map();
+    const lines = stdout.split('\n');
+    for (const line of lines) {
+        const match = line.match(/^(\S.*?)\s+(\S.*?\s+\S+)\s+(.*?)\s+(\S.*?)\s+(.*?)\s+(\S+\.timer)\s+(\S+\.service)/);
+        if (!match)
+            continue;
+        const [, nextRaw, , lastRaw, , , timerName] = match;
+        const baseName = timerName.replace(/\.timer$/, '');
+        map.set(baseName, {
+            next: nextRaw === 'n/a' || nextRaw === '-' ? null : nextRaw.trim(),
+            last: lastRaw === 'n/a' || lastRaw === '-' ? null : lastRaw.trim(),
+        });
+    }
+    return map;
+}
+function parseActiveStatus(unitName) {
+    const show = execSafe('systemctl', [
+        'show', `${unitName}.service`,
+        '--property=ActiveState,Result', '--no-pager',
+    ]);
+    const active = /ActiveState=active|activating/.test(show.stdout);
+    const resultMatch = show.stdout.match(/Result=(\S+)/);
+    const result = resultMatch?.[1] ?? 'unknown';
+    const lastStatus = result === 'success' ? 'ok' : result === 'exit-code' || result === 'signal' ? 'failed' : 'unknown';
+    return { active, lastStatus };
+}
+export function createSystemdTimerAdapter(opts = {}) {
+    const unitDir = opts.unitDir ?? UNIT_DIR;
+    return {
+        id: 'systemd-timer',
+        available() {
+            const r = execSafe('systemctl', ['--version']);
+            return r.ok;
+        },
+        async upsert(routine) {
+            if (routine.schedule.kind === 'manual')
+                return;
+            const rendered = renderUnits(routine, opts);
+            if (!rendered)
+                return;
+            writeFileSync(rendered.servicePath, rendered.serviceUnit, { mode: 0o644 });
+            writeFileSync(rendered.timerPath, rendered.timerUnit, { mode: 0o644 });
+            const reload = execSafe('systemctl', ['daemon-reload']);
+            if (!reload.ok)
+                throw new Error(`daemon-reload failed: ${reload.stderr}`);
+            if (routine.enabled) {
+                const enable = execSafe('systemctl', ['enable', '--now', `${rendered.unitName}.timer`]);
+                if (!enable.ok)
+                    throw new Error(`enable failed: ${enable.stderr}`);
+            }
+            else {
+                execSafe('systemctl', ['disable', '--now', `${rendered.unitName}.timer`]);
+            }
+        },
+        async remove(routineId) {
+            const unitName = `${UNIT_PREFIX}${routineId}`;
+            const timerPath = `${unitDir}/${unitName}.timer`;
+            const servicePath = `${unitDir}/${unitName}.service`;
+            execSafe('systemctl', ['disable', '--now', `${unitName}.timer`]);
+            if (existsSync(timerPath))
+                unlinkSync(timerPath);
+            if (existsSync(servicePath))
+                unlinkSync(servicePath);
+            execSafe('systemctl', ['daemon-reload']);
+        },
+        async list() {
+            const timers = execSafe('systemctl', [
+                'list-timers', '--all', '--no-pager', '--no-legend', `${UNIT_PREFIX}*`,
+            ]);
+            if (!timers.ok)
+                return [];
+            const parsed = parseListTimers(timers.stdout);
+            const entries = [];
+            for (const [unitName, timing] of parsed) {
+                const routineId = unitName.replace(new RegExp(`^${UNIT_PREFIX}`), '');
+                const { active, lastStatus } = parseActiveStatus(unitName);
+                entries.push({
+                    routineId,
+                    unitName,
+                    nextRunAt: timing.next,
+                    lastRunAt: timing.last,
+                    lastStatus,
+                    active,
+                    persistent: true,
+                });
+            }
+            return entries;
+        },
+        async get(routineId) {
+            const all = await this.list();
+            return all.find(e => e.routineId === routineId) ?? null;
+        },
+    };
+}

package/dist/adapters/signals/ci-status.d.ts

@@ -0,0 +1,2 @@
+import type { SignalProvider } from '../types.js';
+export declare const ciStatusProvider: SignalProvider;