@obtoai/agent-bridge 0.1.0-beta.21 → 0.1.0-beta.23

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@obtoai/agent-bridge",
-  "version": "0.1.0-beta.21",
+  "version": "0.1.0-beta.23",
   "description": "Local consumer for the OBTO Agent Bridge. Receives bridge events over SSE and drives a coding agent (Claude Code or OpenAI Codex) on your machine.",
   "license": "Apache-2.0",
   "author": "OBTO Inc.",

package/src/bridge-http.js

@@ -92,6 +92,28 @@ const claimThread = (threadId, agentId) =>
 const postExternalSync = (agentId, sessions) =>
   postJson('/api/bridge/external/sync', { agentId, sessions });
 
+// Phase 6.4 — download an attachment's raw bytes for use as a Claude SDK
+// image content block. The serve route streams the file with its stored
+// Content-Type; we read it into a Buffer and base64-encode for the SDK.
+// Returns { ok, status, mimeType, base64 } or { ok: false, status }.
+const getAttachmentBytes = async (attachmentId) => {
+  const c = getCfg();
+  const url = c.baseUrl.replace(/\/$/, '') +
+    '/api/bridge/attachment/' + encodeURIComponent(String(attachmentId));
+  const res = await fetch(url, {
+    method: 'GET',
+    headers: {
+      'OBTO-ORIGIN-HOST': c.originHost,
+      Authorization: 'Bearer ' + c.apiToken,
+    },
+    cache: 'no-store',
+  });
+  if (!res.ok) return { ok: false, status: res.status };
+  const mimeType = res.headers.get('content-type') || 'application/octet-stream';
+  const buf = Buffer.from(await res.arrayBuffer());
+  return { ok: true, status: res.status, mimeType, base64: buf.toString('base64') };
+};
+
 module.exports = {
   getCfg,
   buildHeaders,
@@ -100,4 +122,5 @@ module.exports = {
   postAgentActivity,
   claimThread,
   postExternalSync,
+  getAttachmentBytes,
 };

package/src/capabilities.js

@@ -1,9 +1,14 @@
 'use strict';
 
-// Phase 2b — what this machine can drive. The Claude Agent SDK is a hard
-// dependency of the daemon (declared in package.json), so `claude` is always
-// available. `codex` and `opencode` need their respective CLIs on PATH —
-// we probe with `which` (POSIX) or `where` (Windows).
+// Phase 2b — what this machine can drive.
+//
+// `claude` and `opencode` are bundled SDKs (declared in package.json) and
+// self-contained: claude uses the Claude Agent SDK; opencode uses
+// @opencode-ai/sdk's createOpencode() which spawns its own local HTTP server.
+// Neither needs a CLI on PATH — they're always advertised.
+//
+// `codex` uses @openai/codex-sdk which delegates to the user's `codex` CLI
+// for auth/config, so we still probe PATH for it.
 //
 // Sent to the bridge as `?capabilities=claude,codex,...` on SSE connect; the
 // bridge records them in `agent_bridge_daemons` so the UI picker can offer
@@ -22,9 +27,8 @@ const onPath = (cmd) => {
 };
 
 const detect = () => {
-  const out = ['claude']; // bundled SDK; always advertised
+  const out = ['claude', 'opencode']; // bundled SDKs; always advertised
   if (onPath('codex')) out.push('codex');
-  if (onPath('opencode')) out.push('opencode');
   return out;
 };
 

package/src/claude-driver.js

@@ -228,6 +228,52 @@ const buildEnvelope = (payload) => {
   return head + '\n\n' + body;
 };
 
+// Phase 6.4 — image attachments. When payload.attachmentIds is non-empty,
+// download each via the bridge HTTP API and assemble a multimodal user
+// message (image blocks + text envelope) as an async iterable, which the
+// Claude Agent SDK accepts in lieu of a plain prompt string. With no
+// attachments, returns the envelope text as-is — zero overhead on the
+// hot text-only path.
+const buildPromptForSdk = async (payload, envelopeText, log) => {
+  const ids = Array.isArray(payload && payload.attachmentIds)
+    ? payload.attachmentIds.filter(Boolean)
+    : [];
+  if (ids.length === 0) return envelopeText;
+
+  const blocks = [];
+  for (const id of ids) {
+    try {
+      const r = await bridgeHttp.getAttachmentBytes(id);
+      if (r && r.ok) {
+        blocks.push({
+          type: 'image',
+          source: {
+            type: 'base64',
+            media_type: r.mimeType || 'image/png',
+            data: r.base64,
+          },
+        });
+      } else {
+        if (log) log('warn', 'attachment fetch failed', { id, status: r && r.status });
+      }
+    } catch (e) {
+      if (log) log('warn', 'attachment fetch threw', {
+        id,
+        error: e && e.message ? e.message : String(e),
+      });
+    }
+  }
+  // No images survived the fetch — fall back to text-only so the turn still
+  // runs (with degraded context). The agent has the envelope; the user will
+  // see their own bubble with images in the bridge UI.
+  if (blocks.length === 0) return envelopeText;
+
+  blocks.push({ type: 'text', text: envelopeText });
+  return (async function* () {
+    yield { type: 'user', message: { role: 'user', content: blocks } };
+  })();
+};
+
 const buildBootstrapPrompt = (payload) =>
   buildEnvelope(payload) +
   '\n\n---\n' +
@@ -290,7 +336,7 @@ const consumeQuery = async (q) => {
 const driveFirstTouch = async ({ threadId, projectDir, payload, log }) => {
   const sdk = await import('@anthropic-ai/claude-agent-sdk');
   const bridgeServer = await buildBridgeMcpServer({ log });
-  const prompt = buildBootstrapPrompt(payload);
+  const prompt = await buildPromptForSdk(payload, buildBootstrapPrompt(payload), log);
   const options = Object.assign(
     {
       cwd: projectDir,
@@ -303,6 +349,7 @@ const driveFirstTouch = async ({ threadId, projectDir, payload, log }) => {
     threadId,
     projectDir,
     messageId: payload.messageId,
+    attachments: (payload.attachmentIds || []).length,
   });
 
   const startedAt = Date.now();
@@ -357,7 +404,7 @@ const driveResume = async ({ threadId, sessionId, projectDir, jsonlPath, lastJso
 
   const sdk = await import('@anthropic-ai/claude-agent-sdk');
   const bridgeServer = await buildBridgeMcpServer({ log });
-  const prompt = buildEnvelope(payload);
+  const prompt = await buildPromptForSdk(payload, buildEnvelope(payload), log);
   const options = Object.assign(
     {
       resume: sessionId,
@@ -371,6 +418,7 @@ const driveResume = async ({ threadId, sessionId, projectDir, jsonlPath, lastJso
     threadId,
     sessionId,
     messageId: payload.messageId,
+    attachments: (payload.attachmentIds || []).length,
   });
 
   const startedAt = Date.now();

package/src/codex-driver.js

@@ -32,8 +32,24 @@ const queues = new Map();
 
 const ALLOW_ALL = process.env.BRIDGE_ALLOW_ALL === '1';
 
+// Phase 6.4 — Codex SDK doesn't accept image inputs yet. When the bridge
+// payload carries attachmentIds, we prepend an honest note so the agent
+// knows images existed (the human will see them in their own bubble on the
+// bridge UI). When the SDK gains multimodal support, this can be replaced
+// with a real image-in path.
+const attachmentDropNote = (payload) => {
+  const n = Array.isArray(payload && payload.attachmentIds)
+    ? payload.attachmentIds.filter(Boolean).length
+    : 0;
+  if (!n) return '';
+  return '[OBTO bridge note: ' + n + ' image attachment' + (n === 1 ? '' : 's') +
+    ' came with this message, but the Codex driver does not support image ' +
+    'input yet — proceeding with text only. Ask the human to describe the ' +
+    'image in words if you need its content.]\n\n';
+};
+
 const buildCodexPrompt = (payload, isFirst) => {
-  const head = buildEnvelope(payload);
+  const head = attachmentDropNote(payload) + buildEnvelope(payload);
   if (!isFirst) return head;
   return head +
     '\n\n---\n' +

package/src/daemon.js

@@ -7,6 +7,10 @@ const { drive, tryResolvePermission, agentFor } = require('./driver');
 const { postAgentActivity, claimThread, postExternalSync } = require('./bridge-http');
 const { detect: detectCapabilities } = require('./capabilities');
 const { scanAll: scanExternalSessions } = require('./external-scanner');
+// Phase 6.5 — OpenCode desktop/CLI uses SQLite instead of JSONL; separate
+// scanner reads ~/.local/share/opencode/opencode.db read-only via the
+// sqlite3 CLI subprocess. Empty array when SQLite or the DB isn't present.
+const { scanAll: scanOpencodeSessions } = require('./opencode-sqlite-scanner');
 
 const log = (level, msg, data) => {
   const line = { ts: new Date().toISOString(), level, msg };
@@ -295,7 +299,17 @@ const ownedSessionIdsFromState = () => {
 };
 const externalScanTick = async () => {
   try {
-    const all = scanExternalSessions();
+    // Phase 6.5 — fold opencode SQLite sessions into the same external sync
+    // payload. Both scanners are best-effort and return [] on failure, so a
+    // dead SQLite CLI or missing DB never breaks the JSONL path.
+    const fromJsonl = scanExternalSessions();
+    let fromOpencode = [];
+    try {
+      fromOpencode = scanOpencodeSessions();
+    } catch (e) {
+      log('warn', 'opencode sqlite scan failed', { error: e && e.message ? e.message : String(e) });
+    }
+    const all = fromJsonl.concat(fromOpencode);
     const owned = ownedSessionIdsFromState();
     const external = all.filter((s) => s && s.sessionId && !owned.has(String(s.sessionId)));
     if (external.length === 0) return;

package/src/opencode-driver.js

@@ -29,8 +29,24 @@ const queues = new Map();
 const DEFAULT_PROVIDER = process.env.BRIDGE_OPENCODE_PROVIDER || 'anthropic';
 const DEFAULT_MODEL = process.env.BRIDGE_OPENCODE_MODEL || 'claude-sonnet-4-5';
 
+// Phase 6.4 — opencode's SDK accepts only `parts:[{type:'text',text}]`. When
+// the bridge payload carries attachmentIds, we prepend an honest note so the
+// agent knows images existed (the human will see them in their own bubble on
+// the bridge UI). Upgrade to real image parts when opencode-ai/sdk grows
+// support for file/image parts.
+const attachmentDropNote = (payload) => {
+  const n = Array.isArray(payload && payload.attachmentIds)
+    ? payload.attachmentIds.filter(Boolean).length
+    : 0;
+  if (!n) return '';
+  return '[OBTO bridge note: ' + n + ' image attachment' + (n === 1 ? '' : 's') +
+    ' came with this message, but the opencode driver does not support image ' +
+    'input yet — proceeding with text only. Ask the human to describe the ' +
+    'image in words if you need its content.]\n\n';
+};
+
 const buildOpencodePrompt = (payload, isFirst) => {
-  const head = buildEnvelope(payload);
+  const head = attachmentDropNote(payload) + buildEnvelope(payload);
   if (!isFirst) return head;
   return head +
     '\n\n---\n' +

package/src/opencode-sqlite-scanner.js

@@ -0,0 +1,178 @@
+'use strict';
+
+// Phase 6.5 — surface OpenCode desktop/CLI conversations to the bridge.
+//
+// OpenCode stores sessions in SQLite at ~/.local/share/opencode/opencode.db
+// (shared between the CLI and the Electron desktop app). Schema (relevant
+// subset, captured 2026-06-07):
+//
+//   session(id, project_id, parent_id, directory, title, time_created,
+//           time_updated, agent, model, ...)
+//   message(id, session_id, time_created, data JSON)   -- data.role: user|assistant|...
+//   part(id, message_id, session_id, time_created, data JSON)   -- data.type: text|reasoning|step-start|...
+//   project(id, worktree, name, ...)
+//
+// We read via the `sqlite3` CLI subprocess (ships on macOS, standard on
+// Linux) rather than adding a native dependency (better-sqlite3) to the
+// daemon's install footprint. Opens in `-readonly` mode so live writes from
+// the desktop app are safe — SQLite WAL allows concurrent reads.
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { spawnSync, execFileSync } = require('child_process');
+
+const OPENCODE_DB = path.join(os.homedir(), '.local', 'share', 'opencode', 'opencode.db');
+
+// Match the limits the Claude/Codex scanners use so the bridge UI's
+// preview/title rendering looks consistent across sources.
+const SESSION_LIMIT = 500;
+const RECENT_TURN_COUNT = 10;
+const RECENT_MESSAGE_BODY_MAX = 4000;
+const PREVIEW_MAX_CHARS = 240;
+const QUERY_TIMEOUT_MS = 8000;
+
+let sqliteAvailableCached = null;
+const sqliteAvailable = () => {
+  if (sqliteAvailableCached !== null) return sqliteAvailableCached;
+  try {
+    const r = spawnSync('sqlite3', ['-version'], { encoding: 'utf8' });
+    sqliteAvailableCached = r.status === 0;
+  } catch (_) {
+    sqliteAvailableCached = false;
+  }
+  return sqliteAvailableCached;
+};
+
+const dbExists = () => {
+  try { return fs.existsSync(OPENCODE_DB); } catch (_) { return false; }
+};
+
+// Run a single SQL query against the OpenCode DB and parse `-json` output.
+// Returns [] on any failure (missing CLI, locked DB beyond timeout, bad SQL).
+// The daemon's external scan is fire-and-forget and runs every 30s, so we
+// MUST NOT throw out — at worst we miss this tick.
+const queryJson = (sql) => {
+  try {
+    const out = execFileSync('sqlite3', ['-readonly', '-json', OPENCODE_DB, sql], {
+      encoding: 'utf8',
+      timeout: QUERY_TIMEOUT_MS,
+      maxBuffer: 32 * 1024 * 1024,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    });
+    if (!out || !out.trim()) return [];
+    return JSON.parse(out);
+  } catch (_) {
+    return [];
+  }
+};
+
+// Take a string and slice/trim to PREVIEW_MAX_CHARS for the sidebar preview.
+const previewOf = (s) => {
+  const t = String(s || '').replace(/\s+/g, ' ').trim();
+  return t.length > PREVIEW_MAX_CHARS ? t.slice(0, PREVIEW_MAX_CHARS) : t;
+};
+
+// Trim a recentMessages body to the same RECENT_MESSAGE_BODY_MAX cap as the
+// other scanners so the bridge's per-row payload stays bounded.
+const bodyOf = (s) => {
+  const t = String(s || '');
+  return t.length > RECENT_MESSAGE_BODY_MAX ? t.slice(0, RECENT_MESSAGE_BODY_MAX) : t;
+};
+
+// Pull the last N text-bearing turns for one session. Skip control rows
+// (step-start, reasoning, tool-use) so the preview matches what the human
+// actually said and what the assistant actually replied.
+const recentMessagesFor = (sessionId) => {
+  const safeId = String(sessionId).replace(/'/g, "''");
+  // Last N text parts in order. We take 2*N from the tail then sort because
+  // SQLite's LIMIT is fastest with DESC + ascending re-sort in JS.
+  const rows = queryJson(
+    "SELECT p.time_created AS ts, " +
+    "json_extract(m.data, '$.role') AS role, " +
+    "json_extract(p.data, '$.text') AS text " +
+    "FROM part p JOIN message m ON p.message_id = m.id " +
+    "WHERE p.session_id = '" + safeId + "' " +
+    "AND json_extract(p.data, '$.type') = 'text' " +
+    "ORDER BY p.time_created DESC LIMIT " + (RECENT_TURN_COUNT * 2),
+  );
+  rows.reverse();
+  // Coalesce consecutive same-role rows (assistant turn can be split across
+  // parts) and tail to N.
+  const coalesced = [];
+  for (const r of rows) {
+    if (!r || !r.text) continue;
+    const role = r.role === 'user' ? 'user' : 'assistant';
+    const last = coalesced[coalesced.length - 1];
+    if (last && last.role === role) {
+      last.text += '\n\n' + r.text;
+      last.ts = r.ts;
+    } else {
+      coalesced.push({ role, text: r.text, ts: r.ts });
+    }
+  }
+  const sliced = coalesced.slice(-RECENT_TURN_COUNT);
+  return sliced.map((m) => ({ role: m.role, body: bodyOf(m.text), ts: m.ts }));
+};
+
+const lastMessageFor = (sessionId) => {
+  const safeId = String(sessionId).replace(/'/g, "''");
+  const rows = queryJson(
+    "SELECT json_extract(m.data, '$.role') AS role, json_extract(p.data, '$.text') AS text " +
+    "FROM part p JOIN message m ON p.message_id = m.id " +
+    "WHERE p.session_id = '" + safeId + "' " +
+    "AND json_extract(p.data, '$.type') = 'text' " +
+    "ORDER BY p.time_created DESC LIMIT 1",
+  );
+  if (!rows.length) return null;
+  const r = rows[0];
+  return {
+    author: r.role === 'user' ? 'user' : 'assistant',
+    preview: previewOf(r.text),
+  };
+};
+
+// Public API. Returns the same shape that postExternalSync expects (same as
+// claude/codex rows). Best-effort: returns [] if SQLite/DB unavailable.
+const scanAll = () => {
+  if (!dbExists() || !sqliteAvailable()) return [];
+
+  // Top-level sessions only — skip sub-sessions (parent_id non-null), they
+  // belong to a parent and showing them as standalone rows would clutter
+  // the sidebar with duplicate-looking conversations.
+  const sessions = queryJson(
+    "SELECT s.id AS sessionId, s.title, s.directory, " +
+    "s.time_created AS createdMs, s.time_updated AS updatedMs, " +
+    "s.agent, s.model, " +
+    "p.name AS projectName, p.worktree AS projectWorktree " +
+    "FROM session s LEFT JOIN project p ON s.project_id = p.id " +
+    "WHERE (s.parent_id IS NULL OR s.parent_id = '') " +
+    "ORDER BY s.time_updated DESC LIMIT " + SESSION_LIMIT,
+  );
+
+  const out = [];
+  for (const s of sessions) {
+    if (!s || !s.sessionId) continue;
+    const dir = s.directory || s.projectWorktree || '';
+    const recentMessages = recentMessagesFor(s.sessionId);
+    const lastMsg = lastMessageFor(s.sessionId);
+    out.push({
+      source: 'opencode',
+      sessionId: String(s.sessionId),
+      // The bridge's adoption path uses projectDir for resume cwd. OpenCode
+      // stores the absolute path in `directory` (or project.worktree as
+      // backup); pass it through as both projectDir and projectName so the
+      // daemon's "looksAbsolute" guard in daemon.js handleEvent accepts it.
+      projectDir: dir,
+      projectName: dir,
+      title: String(s.title || '').trim() || null,
+      recentMessages: recentMessages,
+      lastActivityAt: typeof s.updatedMs === 'number' ? s.updatedMs : Number(s.updatedMs) || 0,
+      lastMessagePreview: lastMsg ? lastMsg.preview : '',
+      lastMessageAuthor: lastMsg ? lastMsg.author : null,
+    });
+  }
+  return out;
+};
+
+module.exports = { scanAll, OPENCODE_DB };