@mondaydotcomorg/atp-server 0.17.14

package/src/controllers/stream.controller.ts

@@ -0,0 +1,190 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { ExecutionConfig } from '@mondaydotcomorg/atp-protocol';
+import {
+	ExecutionErrorCode,
+	validateExecutionConfig,
+	sanitizeInput,
+	MAX_CODE_SIZE,
+} from '@mondaydotcomorg/atp-protocol';
+import type { CodeValidator } from '../validator/index.js';
+import type { SandboxExecutor } from '../executor/index.js';
+import type { ExecutionStateManager } from '../execution-state/index.js';
+import { nanoid } from 'nanoid';
+import type { log } from '@mondaydotcomorg/atp-runtime';
+
+interface StreamContext {
+	validator: CodeValidator;
+	executor: SandboxExecutor;
+	stateManager?: ExecutionStateManager;
+	auditConfig?: { enabled: boolean };
+	defaultTimeout: number;
+	defaultMemoryLimit: number;
+	defaultLLMCallLimit: number;
+}
+
+export async function handleExecuteStream(
+	req: IncomingMessage,
+	res: ServerResponse,
+	context: StreamContext,
+	body: string,
+	clientId: string | undefined,
+	logger: ReturnType<typeof log.child>
+): Promise<void> {
+	let request: { code: string; config?: Partial<ExecutionConfig> };
+
+	try {
+		request = JSON.parse(body);
+	} catch (error) {
+		logger.warn('Invalid request body', { error });
+		res.writeHead(400, { 'Content-Type': 'application/json' });
+		res.end(
+			JSON.stringify({
+				error: 'Invalid request body',
+				message: error instanceof Error ? error.message : 'Failed to parse request',
+			})
+		);
+		return;
+	}
+
+	request.code = sanitizeInput(request.code, MAX_CODE_SIZE);
+
+	logger.info('Streaming code execution request', {
+		codeLength: request.code.length,
+	});
+
+	res.writeHead(200, {
+		'Content-Type': 'text/event-stream',
+		'Cache-Control': 'no-cache',
+		Connection: 'keep-alive',
+	});
+
+	const sendEvent = (event: string, data: unknown) => {
+		res.write(`event: ${event}\n`);
+		res.write(`data: ${JSON.stringify(data)}\n\n`);
+	};
+
+	try {
+		if (request.config) {
+			try {
+				validateExecutionConfig(request.config);
+			} catch (error) {
+				logger.warn('Invalid execution config', { error });
+				sendEvent('error', {
+					message: error instanceof Error ? error.message : 'Invalid configuration',
+				});
+				res.end();
+				return;
+			}
+		}
+
+		const executionConfig: ExecutionConfig = {
+			timeout: request.config?.timeout ?? context.defaultTimeout,
+			maxMemory: request.config?.maxMemory ?? context.defaultMemoryLimit,
+			maxLLMCalls: request.config?.maxLLMCalls ?? context.defaultLLMCallLimit,
+			allowedAPIs: request.config?.allowedAPIs ?? [],
+			allowLLMCalls: request.config?.allowLLMCalls ?? true,
+			progressCallback: (message: string, fraction: number) => {
+				sendEvent('progress', { message, fraction });
+			},
+			clientServices: request.config?.clientServices,
+			provenanceMode: request.config?.provenanceMode,
+			securityPolicies: request.config?.securityPolicies,
+			provenanceHints: request.config?.provenanceHints,
+		};
+
+		logger.info('Validating code for streaming execution', {
+			codeLength: request.code.length,
+			timeout: executionConfig.timeout,
+			clientServices: executionConfig.clientServices,
+		});
+
+		const validationResult = await context.validator.validate(request.code, executionConfig);
+
+		if (!validationResult.valid) {
+			logger.warn('Code validation failed', {
+				errors: validationResult.errors?.length,
+				securityIssues: validationResult.securityIssues?.length,
+			});
+
+			const hasSecurityIssues =
+				validationResult.securityIssues && validationResult.securityIssues.length > 0;
+
+			sendEvent('result', {
+				executionId: nanoid(),
+				status: hasSecurityIssues ? 'security_violation' : 'validation_failed',
+				error: {
+					message: 'Code validation failed',
+					code: hasSecurityIssues
+						? ExecutionErrorCode.SECURITY_VIOLATION
+						: ExecutionErrorCode.VALIDATION_FAILED,
+					context: {
+						errors: validationResult.errors,
+						securityIssues: validationResult.securityIssues,
+					},
+					retryable: false,
+					suggestion: hasSecurityIssues
+						? 'Remove forbidden operations and use only allowed APIs'
+						: 'Fix syntax errors and validation issues in your code',
+				},
+				stats: {
+					duration: 0,
+					memoryUsed: 0,
+					llmCallsCount: 0,
+					approvalCallsCount: 0,
+				},
+			});
+			res.end();
+			return;
+		}
+
+		sendEvent('start', { message: 'Execution started' });
+
+		logger.info('Executing code in sandbox (streaming)');
+		const result = await context.executor.execute(request.code, executionConfig, clientId);
+
+		logger.info('Code execution completed (streaming)', {
+			executionId: result.executionId,
+			status: result.status,
+			duration: result.stats.duration,
+		});
+
+		if (
+			result.status === 'paused' &&
+			result.needsCallback &&
+			result.callbackHistory &&
+			context.stateManager
+		) {
+			if (!clientId) {
+				sendEvent('error', { message: 'Client ID required for paused executions' });
+				res.end();
+				return;
+			}
+
+			await context.stateManager.pause({
+				executionId: result.executionId,
+				code: request.code,
+				config: executionConfig,
+				clientId,
+				callbackRequest: result.needsCallback,
+				pausedAt: Date.now(),
+				callbackHistory: result.callbackHistory,
+				currentCallbackIndex: result.callbackHistory.length - 1,
+				context: {},
+			});
+
+			logger.info('Execution state saved (streaming)', {
+				executionId: result.executionId,
+				callbackType: result.needsCallback.type,
+				historyLength: result.callbackHistory.length,
+			});
+		}
+
+		sendEvent('result', result);
+		res.end();
+	} catch (error) {
+		const err = error as Error;
+		logger.error('Streaming execution error', { error: err.message });
+		sendEvent('error', { message: err.message, stack: err.stack });
+		res.end();
+	}
+}

package/src/core/config.ts

@@ -0,0 +1,180 @@
+import type {
+	CacheProvider,
+	AuthProvider,
+	AuditSink,
+	ProvenanceMode,
+	SecurityPolicy,
+	ScopeFilteringConfig,
+} from '@mondaydotcomorg/atp-protocol';
+
+export const MB = 1024 * 1024;
+export const GB = 1024 * 1024 * 1024;
+export const SECOND = 1000;
+export const MINUTE = 60 * 1000;
+export const HOUR = 60 * 60 * 1000;
+export const DAY = 24 * 60 * 60 * 1000;
+
+/**
+ * Execution configuration
+ */
+export interface ExecutionConfig {
+	/** Timeout in milliseconds */
+	timeout: number;
+	/** Memory limit in bytes */
+	memory: number;
+	/** Maximum LLM calls allowed */
+	llmCalls: number;
+	/** Provenance tracking mode (none|proxy|ast) */
+	provenanceMode?: ProvenanceMode;
+	/** Security policies for provenance-based protection */
+	securityPolicies?: SecurityPolicy[];
+}
+
+/**
+ * Client initialization configuration
+ */
+export interface ClientInitConfig {
+	/** Token time-to-live in milliseconds */
+	tokenTTL: number;
+	/** Token rotation interval in milliseconds */
+	tokenRotation: number;
+}
+
+/**
+ * Execution state configuration
+ */
+export interface ExecutionStateConfig {
+	/** TTL for paused execution state in seconds */
+	ttl: number;
+	/** Maximum allowed pause duration in seconds (default: 1 hour) */
+	maxPauseDuration: number;
+	/** Key prefix for execution state (defaults to 'atp:execution:') */
+	keyPrefix?: string;
+}
+
+/**
+ * Discovery configuration
+ */
+export interface DiscoveryConfig {
+	/** Enable embeddings for semantic search */
+	embeddings: boolean;
+	/** Scope filtering configuration for search results */
+	scopeFiltering?: ScopeFilteringConfig;
+}
+
+/**
+ * OpenTelemetry configuration
+ */
+export interface OpenTelemetryConfig {
+	/** Enable OpenTelemetry tracing and metrics */
+	enabled: boolean;
+	/** Service name for traces and metrics (defaults to 'agent-tool-protocol') */
+	serviceName?: string;
+	/** Service version for resource attributes */
+	serviceVersion?: string;
+	/** OTLP endpoint for traces (defaults to http://localhost:4318/v1/traces) */
+	traceEndpoint?: string;
+	/** OTLP endpoint for metrics (defaults to http://localhost:4318/v1/metrics) */
+	metricsEndpoint?: string;
+	/** Headers for OTLP exporter (e.g., for authentication) */
+	headers?: Record<string, string>;
+	/** Metrics export interval in milliseconds (defaults to 60000) */
+	metricsInterval?: number;
+	/** Additional resource attributes */
+	resourceAttributes?: Record<string, string>;
+}
+
+/**
+ * Logger interface
+ */
+export interface Logger {
+	debug(message: string, meta?: unknown): void;
+	info(message: string, meta?: unknown): void;
+	warn(message: string, meta?: unknown): void;
+	error(message: string, meta?: unknown): void;
+	child?(meta: Record<string, unknown>): Logger;
+}
+
+/**
+ * Audit configuration
+ */
+export interface AuditConfig {
+	/** Enable audit logging */
+	enabled: boolean;
+	/** Audit sink(s) for logging events */
+	sinks?: AuditSink | AuditSink[];
+}
+
+/**
+ * Provider configuration
+ */
+export interface ProvidersConfig {
+	/** Cache provider for storing execution state and data (defaults to MemoryCache) */
+	cache?: CacheProvider;
+	/** Token/credential store for managing client tokens (defaults to EnvAuthProvider) */
+	auth?: AuthProvider;
+}
+
+/**
+ * Server configuration (user input - all fields optional)
+ */
+export interface ServerConfig {
+	execution?: Partial<ExecutionConfig>;
+	clientInit?: Partial<ClientInitConfig>;
+	executionState?: Partial<ExecutionStateConfig>;
+	discovery?: Partial<DiscoveryConfig>;
+	/** Audit logging configuration */
+	audit?: Partial<AuditConfig>;
+	/** OpenTelemetry tracing and metrics configuration */
+	otel?: Partial<OpenTelemetryConfig>;
+	/** External providers (cache, auth) */
+	providers?: ProvidersConfig;
+	logger?: 'debug' | 'info' | 'warn' | 'error' | Logger;
+}
+
+/**
+ * Resolved server configuration with defaults applied
+ */
+export interface ResolvedServerConfig {
+	execution: ExecutionConfig;
+	clientInit: ClientInitConfig;
+	executionState: ExecutionStateConfig;
+	discovery: DiscoveryConfig;
+	audit: AuditConfig;
+	otel: OpenTelemetryConfig;
+	logger: 'debug' | 'info' | 'warn' | 'error' | Logger;
+}
+
+/**
+ * Request context passed through middleware
+ */
+export interface RequestContext {
+	method: string;
+	path: string;
+	query: Record<string, string>;
+	headers: Record<string, string>;
+	body: unknown;
+	clientId?: string;
+	clientToken?: string;
+	userId?: string;
+	user?: unknown;
+	executionId?: string;
+	code?: string;
+	validation?: unknown;
+	result?: unknown;
+	error?: Error;
+	cache?: CacheProvider;
+	auth?: AuthProvider;
+	audit?: AuditSink;
+	logger: Logger;
+	status: number;
+	responseBody: unknown;
+	throw(status: number, message: string): never;
+	assert(condition: boolean, message: string): asserts condition;
+	set(header: string, value: string): void;
+}
+
+/**
+ * Middleware function signature
+ */
+export type Middleware = (ctx: RequestContext, next: () => Promise<void>) => Promise<void>;

package/src/core/http.ts

@@ -0,0 +1,21 @@
+import { IncomingMessage } from 'node:http';
+import { readJsonBody } from '../utils/request.js';
+
+export function parseBody(req: IncomingMessage): Promise<unknown> {
+	return readJsonBody(req);
+}
+
+export function parseQuery(url: string): Record<string, string> {
+	const queryIndex = url.indexOf('?');
+	if (queryIndex === -1) return {};
+
+	const queryString = url.substring(queryIndex + 1);
+	const params = new URLSearchParams(queryString);
+	const result: Record<string, string> = {};
+
+	for (const [key, value] of params) {
+		result[key] = value;
+	}
+
+	return result;
+}