@openthink/stamp 2.1.0 → 2.2.0

package/dist/server/start-http-server.cjs

@@ -2,6 +2,7 @@
 "use strict";
 
 // src/server/http-server.ts
+var import_node_crypto4 = require("crypto");
 var import_node_http = require("http");
 
 // src/lib/invites.ts
@@ -184,9 +185,225 @@ function sshFingerprintFromBlob(keyBlob) {
   return `SHA256:${b64}`;
 }
 
+// src/server/prompts-cache.ts
+var import_node_fs4 = require("fs");
+var import_node_child_process = require("child_process");
+var import_node_url = require("url");
+var import_node_path3 = require("path");
+
+// src/server/promptFetch.ts
+var import_node_fs3 = require("fs");
+var import_node_crypto3 = require("crypto");
+var MAX_PROMPT_BYTES = 1024 * 1024;
+
+// src/server/prompts-cache.ts
+var import_meta = {};
+var LOCK_STALE_MS = 5 * 60 * 1e3;
+function defaultKnownHostsPath() {
+  return (0, import_node_path3.resolve)(
+    (0, import_node_path3.dirname)((0, import_node_url.fileURLToPath)(import_meta.url)),
+    "..",
+    "..",
+    "server",
+    "github-known-hosts"
+  );
+}
+var inflightRefreshes = /* @__PURE__ */ new Map();
+async function cloneOrFetchPromptsCache(opts) {
+  validateOpts(opts);
+  const cacheRoot = (0, import_node_path3.resolve)(opts.cacheRoot);
+  const existing = inflightRefreshes.get(cacheRoot);
+  if (existing) return existing;
+  const promise = (async () => {
+    const lockPath = `${cacheRoot}.refresh.lock`;
+    acquireLock(lockPath);
+    try {
+      return await refreshInternal({ ...opts, cacheRoot });
+    } finally {
+      releaseLock(lockPath);
+    }
+  })();
+  inflightRefreshes.set(cacheRoot, promise);
+  promise.finally(() => {
+    if (inflightRefreshes.get(cacheRoot) === promise) {
+      inflightRefreshes.delete(cacheRoot);
+    }
+  }).catch(() => {
+  });
+  return promise;
+}
+function validateOpts(opts) {
+  if (!opts || typeof opts !== "object") {
+    throw new Error("cloneOrFetchPromptsCache: opts must be an object");
+  }
+  if (!opts.url || typeof opts.url !== "string") {
+    throw new Error("cloneOrFetchPromptsCache: url is required");
+  }
+  if (!opts.ref || typeof opts.ref !== "string") {
+    throw new Error("cloneOrFetchPromptsCache: ref is required");
+  }
+  if (!opts.cacheRoot || typeof opts.cacheRoot !== "string") {
+    throw new Error("cloneOrFetchPromptsCache: cacheRoot is required");
+  }
+  if (!/^[a-zA-Z0-9][a-zA-Z0-9._/-]{0,200}$/.test(opts.ref)) {
+    throw new Error(
+      `cloneOrFetchPromptsCache: ref ${JSON.stringify(opts.ref)} contains characters not allowed in a git refspec`
+    );
+  }
+}
+function acquireLock(lockPath) {
+  (0, import_node_fs4.mkdirSync)((0, import_node_path3.dirname)(lockPath), { recursive: true });
+  try {
+    const fd = (0, import_node_fs4.openSync)(lockPath, "wx");
+    (0, import_node_fs4.closeSync)(fd);
+    return;
+  } catch (err) {
+    const e = err;
+    if (e.code !== "EEXIST") {
+      throw new Error(
+        `prompts-cache: could not create lock file ${lockPath}: ${err.message}`
+      );
+    }
+  }
+  let lockStat;
+  try {
+    lockStat = (0, import_node_fs4.statSync)(lockPath);
+  } catch (err) {
+    try {
+      const fd = (0, import_node_fs4.openSync)(lockPath, "wx");
+      (0, import_node_fs4.closeSync)(fd);
+      return;
+    } catch (err2) {
+      throw new Error(
+        `prompts-cache: lock-file race on ${lockPath}: ${err2.message}`
+      );
+    }
+  }
+  const age = Date.now() - lockStat.mtimeMs;
+  if (age > LOCK_STALE_MS) {
+    (0, import_node_fs4.rmSync)(lockPath, { force: true });
+    const fd = (0, import_node_fs4.openSync)(lockPath, "wx");
+    (0, import_node_fs4.closeSync)(fd);
+    return;
+  }
+  throw new Error(
+    `prompts-cache: refresh already in progress (lock ${lockPath} held, ${Math.round(age / 1e3)}s old)`
+  );
+}
+function releaseLock(lockPath) {
+  try {
+    (0, import_node_fs4.rmSync)(lockPath, { force: true });
+  } catch {
+  }
+}
+async function refreshInternal(opts) {
+  const { url, ref, cacheRoot, deployKeyPath } = opts;
+  const env = buildGitEnv(deployKeyPath);
+  const tmpPath = `${cacheRoot}.tmp`;
+  if ((0, import_node_fs4.existsSync)(tmpPath)) {
+    (0, import_node_fs4.rmSync)(tmpPath, { recursive: true, force: true });
+  }
+  const cacheIsCheckout = (0, import_node_fs4.existsSync)(cacheRoot) && (0, import_node_fs4.existsSync)(`${cacheRoot}/.git`);
+  if (cacheIsCheckout) {
+    try {
+      runGit(cacheRoot, ["remote", "set-url", "origin", url], env);
+      runGit(cacheRoot, ["fetch", "--prune", "origin", ref], env);
+      runGit(cacheRoot, ["checkout", ref], env);
+      runGit(cacheRoot, ["reset", "--hard", `origin/${ref}`], env);
+      const commitSha2 = runGit(cacheRoot, ["rev-parse", "HEAD"], env).trim();
+      return { commitSha: commitSha2, refreshedAt: (/* @__PURE__ */ new Date()).toISOString() };
+    } catch (err) {
+      const reason = err instanceof Error ? err.message : String(err);
+      process.stderr.write(
+        `prompts-cache: in-place fetch failed (${reason}), falling back to atomic rebuild
+`
+      );
+    }
+  }
+  (0, import_node_fs4.mkdirSync)((0, import_node_path3.dirname)(cacheRoot), { recursive: true });
+  runGit((0, import_node_path3.dirname)(cacheRoot), ["clone", "--quiet", "--branch", ref, url, tmpPath], env);
+  const commitSha = runGit(tmpPath, ["rev-parse", "HEAD"], env).trim();
+  if (!/^[0-9a-f]{40}$/.test(commitSha)) {
+    throw new Error(
+      `prompts-cache: rev-parse HEAD in ${tmpPath} returned non-SHA ${JSON.stringify(commitSha)}`
+    );
+  }
+  if ((0, import_node_fs4.existsSync)(cacheRoot)) {
+    const oldPath = `${cacheRoot}.old`;
+    if ((0, import_node_fs4.existsSync)(oldPath)) {
+      (0, import_node_fs4.rmSync)(oldPath, { recursive: true, force: true });
+    }
+    (0, import_node_fs4.renameSync)(cacheRoot, oldPath);
+    try {
+      (0, import_node_fs4.renameSync)(tmpPath, cacheRoot);
+    } catch (err) {
+      try {
+        (0, import_node_fs4.renameSync)(oldPath, cacheRoot);
+      } catch {
+      }
+      throw err;
+    }
+    (0, import_node_fs4.rmSync)(oldPath, { recursive: true, force: true });
+  } else {
+    (0, import_node_fs4.renameSync)(tmpPath, cacheRoot);
+  }
+  return { commitSha, refreshedAt: (/* @__PURE__ */ new Date()).toISOString() };
+}
+function buildGitEnv(deployKeyPath) {
+  const env = { ...process.env };
+  if (!deployKeyPath) return env;
+  if (!(0, import_node_fs4.existsSync)(deployKeyPath)) {
+    throw new Error(
+      `prompts-cache: deployKeyPath ${deployKeyPath} does not exist \u2014 operator must provision the private SSH key`
+    );
+  }
+  const knownHostsPath = process.env["GIT_SSH_KNOWN_HOSTS"] || defaultKnownHostsPath();
+  if (!(0, import_node_fs4.existsSync)(knownHostsPath)) {
+    throw new Error(
+      `prompts-cache: known-hosts file ${knownHostsPath} does not exist \u2014 image build is missing server/github-known-hosts`
+    );
+  }
+  env["GIT_SSH_COMMAND"] = [
+    "ssh",
+    "-i",
+    quoteForSshCommand(deployKeyPath),
+    "-o",
+    "StrictHostKeyChecking=yes",
+    "-o",
+    `UserKnownHostsFile=${quoteForSshCommand(knownHostsPath)}`,
+    "-o",
+    "IdentitiesOnly=yes"
+  ].join(" ");
+  return env;
+}
+function quoteForSshCommand(s) {
+  return `'${s.replace(/'/g, "'\\''")}'`;
+}
+function runGit(cwd, args, env) {
+  try {
+    return (0, import_node_child_process.execFileSync)("git", args, {
+      cwd,
+      env,
+      encoding: "utf8",
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+  } catch (err) {
+    const e = err;
+    const stderr = typeof e.stderr === "string" ? e.stderr : e.stderr?.toString("utf8") ?? "";
+    throw new Error(
+      `git ${args.join(" ")} (cwd=${cwd}) failed: ${e.message ?? String(err)}${stderr ? `
+stderr: ${stderr.trim()}` : ""}`
+    );
+  }
+}
+
 // src/server/http-server.ts
 var DEFAULT_PORT = 8080;
 var MAX_BODY_BYTES = 16 * 1024;
+var WEBHOOK_MAX_BODY_BYTES = 64 * 1024;
+var WEBHOOK_COALESCE_WINDOW_MS = 5e3;
+var DEFAULT_PROMPTS_CACHE_ROOT = "/srv/git/.prompts-cache";
+var DEFAULT_DEPLOY_KEY_PATH = "/srv/git/.ssh-client-keys/prompts_repo_key";
 var SHORT_NAME_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,62}$/;
 var STAMP_PUBKEY_PEM_RE = /^\s*-----BEGIN PUBLIC KEY-----[A-Za-z0-9+/=\s]+-----END PUBLIC KEY-----\s*$/;
 function logLine(level, msg) {
@@ -206,7 +423,7 @@ function sendJson(res, status, body) {
   });
   res.end(payload);
 }
-async function readBody(req) {
+async function readBody(req, maxBytes = MAX_BODY_BYTES) {
   return new Promise((resolve2, reject) => {
     const chunks = [];
     let total = 0;
@@ -214,7 +431,7 @@ async function readBody(req) {
     req.on("data", (chunk) => {
       if (tooLarge) return;
       total += chunk.length;
-      if (total > MAX_BODY_BYTES) {
+      if (total > maxBytes) {
         tooLarge = true;
         chunks.length = 0;
         return;
@@ -366,6 +583,250 @@ async function handlePost(req, res) {
     sendJson(res, 500, { ok: false, error: "internal_error" });
   }
 }
+var DELIVERY_ID_RE = /^[A-Za-z0-9._:-]{1,200}$/;
+var webhookState = {
+  lastKickoffAt: 0,
+  pendingTrailingRefresh: false,
+  inflight: null
+};
+var refreshFn = cloneOrFetchPromptsCache;
+function buildRefreshOpts() {
+  const url = process.env["STAMP_PROMPTS_REPO_URL"];
+  if (!url) return null;
+  const ref = process.env["STAMP_PROMPTS_REPO_REF"] || "main";
+  const cacheRoot = process.env["STAMP_PROMPTS_CACHE_ROOT"] || DEFAULT_PROMPTS_CACHE_ROOT;
+  const deployKeyPath = process.env["STAMP_PROMPTS_DEPLOY_KEY_PATH"] || DEFAULT_DEPLOY_KEY_PATH;
+  return { url, ref, cacheRoot, deployKeyPath };
+}
+function verifyWebhookSignature(body, signatureHeader, secret) {
+  if (!signatureHeader || !signatureHeader.startsWith("sha256=")) {
+    return false;
+  }
+  const providedHex = signatureHeader.slice("sha256=".length);
+  if (!/^[0-9a-fA-F]{64}$/.test(providedHex)) {
+    return false;
+  }
+  const provided = Buffer.from(providedHex, "hex");
+  const expected = (0, import_node_crypto4.createHmac)("sha256", secret).update(body).digest();
+  if (provided.length !== expected.length) {
+    return false;
+  }
+  return (0, import_node_crypto4.timingSafeEqual)(provided, expected);
+}
+function scheduleWebhookRefresh(opts, deliveryId) {
+  const now = Date.now();
+  const elapsed = now - webhookState.lastKickoffAt;
+  if (elapsed >= WEBHOOK_COALESCE_WINDOW_MS) {
+    kickoffRefresh(opts, deliveryId);
+    return;
+  }
+  if (webhookState.inflight) {
+    if (!webhookState.pendingTrailingRefresh) {
+      logLine(
+        "info",
+        `webhook/prompts coalesced delivery=${deliveryId} (refresh in flight, trailing scheduled)`
+      );
+    }
+    webhookState.pendingTrailingRefresh = true;
+    return;
+  }
+  logLine(
+    "info",
+    `webhook/prompts coalesced delivery=${deliveryId} (refresh ${Math.round(elapsed)}ms ago, within ${WEBHOOK_COALESCE_WINDOW_MS}ms window)`
+  );
+}
+function kickoffRefresh(opts, deliveryId) {
+  webhookState.lastKickoffAt = Date.now();
+  const promise = refreshFn(opts);
+  webhookState.inflight = promise;
+  logLine("info", `webhook/prompts refresh start delivery=${deliveryId}`);
+  promise.then((result) => {
+    logLine(
+      "info",
+      `webhook/prompts refresh ok delivery=${deliveryId} sha=${result.commitSha} at=${result.refreshedAt}`
+    );
+  }).catch((err) => {
+    const msg = err instanceof Error ? err.message : String(err);
+    logLine(
+      "error",
+      `webhook/prompts refresh failed delivery=${deliveryId}: ${msg}`
+    );
+  }).finally(() => {
+    if (webhookState.inflight === promise) {
+      webhookState.inflight = null;
+    }
+    if (webhookState.pendingTrailingRefresh) {
+      webhookState.pendingTrailingRefresh = false;
+      kickoffRefresh(opts, `${deliveryId}+trailing`);
+    }
+  });
+}
+async function handleWebhookPrompts(req, res) {
+  const rawDelivery = req.headers["x-github-delivery"];
+  const deliveryId = typeof rawDelivery === "string" && DELIVERY_ID_RE.test(rawDelivery) ? rawDelivery : rawDelivery ? "malformed" : "none";
+  const remoteAddr = req.socket.remoteAddress ?? "unknown";
+  const secret = process.env["STAMP_PROMPTS_WEBHOOK_SECRET"];
+  if (!secret) {
+    logLine(
+      "error",
+      `webhook/prompts delivery=${deliveryId} rejected: STAMP_PROMPTS_WEBHOOK_SECRET not configured`
+    );
+    sendJson(res, 503, {
+      ok: false,
+      error: "webhook_secret_unconfigured",
+      detail: "STAMP_PROMPTS_WEBHOOK_SECRET env var must be set on stamp-server to accept prompt-repo webhooks"
+    });
+    return;
+  }
+  let read;
+  try {
+    read = await readBody(req, WEBHOOK_MAX_BODY_BYTES);
+  } catch (e) {
+    logLine("warn", `webhook/prompts read body failed delivery=${deliveryId}: ${e.message}`);
+    sendJson(res, 400, { ok: false, error: "body_read_failed" });
+    return;
+  }
+  if (read.tooLarge) {
+    logLine(
+      "warn",
+      `webhook/prompts delivery=${deliveryId} from=${remoteAddr} body too large (> ${WEBHOOK_MAX_BODY_BYTES} bytes)`
+    );
+    sendJson(res, 413, { ok: false, error: "body_too_large" });
+    return;
+  }
+  const sigHeader = req.headers["x-hub-signature-256"];
+  const sigValue = Array.isArray(sigHeader) ? sigHeader[0] : sigHeader;
+  if (!verifyWebhookSignature(read.buf, sigValue, secret)) {
+    logLine(
+      "warn",
+      `webhook/prompts delivery=${deliveryId} from=${remoteAddr} rejected: invalid signature`
+    );
+    sendJson(res, 401, { ok: false, error: "invalid_signature" });
+    return;
+  }
+  const opts = buildRefreshOpts();
+  if (!opts) {
+    logLine(
+      "error",
+      `webhook/prompts delivery=${deliveryId} rejected: STAMP_PROMPTS_REPO_URL not configured`
+    );
+    sendJson(res, 503, {
+      ok: false,
+      error: "prompts_repo_url_unconfigured",
+      detail: "STAMP_PROMPTS_REPO_URL env var must be set on stamp-server to accept prompt-repo webhooks"
+    });
+    return;
+  }
+  sendJson(res, 202, { ok: true });
+  logLine(
+    "info",
+    `webhook/prompts delivery=${deliveryId} accepted (signature valid)`
+  );
+  setImmediate(() => {
+    try {
+      scheduleWebhookRefresh(opts, deliveryId);
+    } catch (e) {
+      logLine(
+        "error",
+        `webhook/prompts schedule error delivery=${deliveryId}: ${e.message}`
+      );
+    }
+  });
+}
+var DEFAULT_PROMPTS_POLL_INTERVAL_SEC = 3600;
+var MIN_PROMPTS_POLL_INTERVAL_SEC = 5;
+var pollState = {
+  handle: null,
+  inflight: false,
+  tickCount: 0
+};
+function resolvePromptsPollIntervalSec() {
+  const raw = process.env["STAMP_PROMPTS_POLL_INTERVAL_SEC"];
+  if (raw === void 0 || raw === "") {
+    return DEFAULT_PROMPTS_POLL_INTERVAL_SEC;
+  }
+  if (raw === "0") return 0;
+  if (!/^-?\d+$/.test(raw)) {
+    logLine(
+      "warn",
+      `STAMP_PROMPTS_POLL_INTERVAL_SEC=${JSON.stringify(raw)} is not a non-negative integer; falling back to default ${DEFAULT_PROMPTS_POLL_INTERVAL_SEC}s`
+    );
+    return DEFAULT_PROMPTS_POLL_INTERVAL_SEC;
+  }
+  const n = Number(raw);
+  if (!Number.isInteger(n) || n <= 0) {
+    logLine(
+      "warn",
+      `STAMP_PROMPTS_POLL_INTERVAL_SEC=${JSON.stringify(raw)} is not a positive integer (and not the literal '0' opt-out); falling back to default ${DEFAULT_PROMPTS_POLL_INTERVAL_SEC}s`
+    );
+    return DEFAULT_PROMPTS_POLL_INTERVAL_SEC;
+  }
+  if (n > 0 && n < MIN_PROMPTS_POLL_INTERVAL_SEC) {
+    logLine(
+      "warn",
+      `STAMP_PROMPTS_POLL_INTERVAL_SEC=${n} is below the floor of ${MIN_PROMPTS_POLL_INTERVAL_SEC}s; clamping to floor`
+    );
+    return MIN_PROMPTS_POLL_INTERVAL_SEC;
+  }
+  return n;
+}
+async function runPollTick(opts) {
+  if (pollState.inflight) {
+    logLine(
+      "info",
+      "prompts-poll: skipping tick \u2014 previous refresh still in flight"
+    );
+    return;
+  }
+  pollState.inflight = true;
+  pollState.tickCount += 1;
+  try {
+    const result = await refreshFn(opts);
+    logLine(
+      "info",
+      `prompts-poll: refresh ok sha=${result.commitSha} at=${result.refreshedAt}`
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    logLine("error", `prompts-poll: refresh failed: ${msg}`);
+  } finally {
+    pollState.inflight = false;
+  }
+}
+function startPromptsPollWorker() {
+  if (pollState.handle !== null) {
+    logLine("warn", "prompts-poll: already started \u2014 ignoring duplicate start");
+    return;
+  }
+  const opts = buildRefreshOpts();
+  if (!opts) {
+    return;
+  }
+  const intervalSec = resolvePromptsPollIntervalSec();
+  if (intervalSec === 0) {
+    logLine(
+      "info",
+      "prompts-poll: disabled (STAMP_PROMPTS_POLL_INTERVAL_SEC=0)"
+    );
+    return;
+  }
+  const intervalMs = intervalSec * 1e3;
+  const handle = setInterval(() => {
+    void runPollTick(opts);
+  }, intervalMs);
+  handle.unref();
+  pollState.handle = handle;
+  logLine(
+    "info",
+    `prompts-poll: started (interval=${intervalSec}s, url=${opts.url}, ref=${opts.ref}, cacheRoot=${opts.cacheRoot})`
+  );
+}
+function stopPromptsPollWorker() {
+  if (pollState.handle === null) return;
+  clearInterval(pollState.handle);
+  pollState.handle = null;
+  pollState.inflight = false;
+}
 var HTTP_DEFAULT_PORT = DEFAULT_PORT;
 function startServer(port2 = DEFAULT_PORT) {
   const server = (0, import_node_http.createServer)((req, res) => {
@@ -378,10 +839,18 @@ function startServer(port2 = DEFAULT_PORT) {
       void handlePost(req, res);
       return;
     }
+    if (req.method === "POST" && url === "/webhook/prompts") {
+      void handleWebhookPrompts(req, res);
+      return;
+    }
     sendJson(res, 404, { ok: false, error: "not_found" });
   });
   server.listen(port2, () => {
     logLine("info", `listening on :${port2}`);
+    startPromptsPollWorker();
+  });
+  server.once("close", () => {
+    stopPromptsPollWorker();
   });
   return server;
 }