@otto-assistant/bridge 0.4.92

package/src/hrana-server.ts

@@ -0,0 +1,314 @@
+// In-process HTTP server speaking the Hrana v2 protocol.
+// Backed by the `libsql` npm package (better-sqlite3 API).
+// Binds to the fixed lock port for single-instance enforcement.
+//
+// Protocol logic is implemented in the `libsqlproxy` package.
+// This file handles: server lifecycle, single-instance enforcement,
+// auth, and kimaki-specific endpoints (/kimaki/wake, /health).
+//
+// Hrana v2 protocol spec ("Hrana over HTTP"):
+//   https://github.com/tursodatabase/libsql/blob/main/docs/HTTP_V2_SPEC.md
+
+import fs from 'node:fs'
+import http from 'node:http'
+import path from 'node:path'
+import crypto from 'node:crypto'
+import Database from 'libsql'
+import * as errore from 'errore'
+import {
+  createLibsqlHandler,
+  createLibsqlNodeHandler,
+  libsqlExecutor,
+} from 'libsqlproxy'
+import { createLogger, LogPrefix } from './logger.js'
+import { ServerStartError, FetchError } from './errors.js'
+import { getLockPort } from './config.js'
+import { store } from './store.js'
+
+const hranaLogger = createLogger(LogPrefix.DB)
+
+let db: Database.Database | null = null
+let server: http.Server | null = null
+let hranaUrl: string | null = null
+let discordGatewayReady = false
+let readyWaiters: Array<() => void> = []
+
+export function markDiscordGatewayReady(): void {
+  if (discordGatewayReady) {
+    return
+  }
+  discordGatewayReady = true
+  for (const resolve of readyWaiters) {
+    resolve()
+  }
+  readyWaiters = []
+}
+
+async function waitForDiscordGatewayReady({ timeoutMs }: { timeoutMs: number }): Promise<boolean> {
+  if (discordGatewayReady) {
+    return true
+  }
+  const readyPromise = new Promise<boolean>((resolve) => {
+    readyWaiters.push(() => {
+      resolve(true)
+    })
+  })
+  const timeoutPromise = new Promise<boolean>((resolve) => {
+    setTimeout(() => {
+      resolve(false)
+    }, timeoutMs)
+  })
+  return Promise.race([readyPromise, timeoutPromise])
+}
+
+function getRequestAuthToken(req: http.IncomingMessage): string | null {
+  const authorizationHeader = req.headers.authorization
+  if (typeof authorizationHeader === 'string' && authorizationHeader.startsWith('Bearer ')) {
+    return authorizationHeader.slice('Bearer '.length)
+  }
+
+  return null
+}
+
+// Timing-safe comparison to prevent timing attacks when the hrana server
+// is internet-facing (bindAll=true / KIMAKI_INTERNET_REACHABLE_URL set).
+function isAuthorizedRequest(req: http.IncomingMessage): boolean {
+  const expectedToken = store.getState().gatewayToken
+  if (!expectedToken) {
+    return false
+  }
+  const providedToken = getRequestAuthToken(req)
+  if (!providedToken) {
+    return false
+  }
+  const expectedBuf = Buffer.from(expectedToken, 'utf8')
+  const providedBuf = Buffer.from(providedToken, 'utf8')
+  if (expectedBuf.length !== providedBuf.length) {
+    return false
+  }
+  return crypto.timingSafeEqual(expectedBuf, providedBuf)
+}
+
+function ensureServiceAuthTokenInStore(): string {
+  const existingToken = store.getState().gatewayToken
+  if (existingToken) {
+    return existingToken
+  }
+  const generatedToken = `${crypto.randomUUID()}:${crypto.randomBytes(32).toString('hex')}`
+  store.setState({ gatewayToken: generatedToken })
+  return generatedToken
+}
+
+/**
+ * Get the Hrana HTTP URL for injecting into plugin child processes.
+ * Returns null if the server hasn't been started yet.
+ * Only used for KIMAKI_DB_URL env var in opencode.ts — the bot process
+ * itself always uses direct file: access via Prisma.
+ */
+export function getHranaUrl(): string | null {
+  return hranaUrl
+}
+
+/**
+ * Start the in-process Hrana v2 server on the fixed lock port.
+ * Handles single-instance enforcement: if the port is occupied, kills the
+ * existing process first.
+ */
+export async function startHranaServer({
+  dbPath,
+  bindAll = false,
+}: {
+  dbPath: string
+  /** Bind to 0.0.0.0 instead of 127.0.0.1. Set when KIMAKI_INTERNET_REACHABLE_URL is defined. */
+  bindAll?: boolean
+}) {
+  if (server && db && hranaUrl) return hranaUrl
+
+  const port = getLockPort()
+  const bindHost = bindAll ? '0.0.0.0' : '127.0.0.1'
+  const serviceAuthToken = ensureServiceAuthTokenInStore()
+  process.env.KIMAKI_DB_AUTH_TOKEN = serviceAuthToken
+
+  fs.mkdirSync(path.dirname(dbPath), { recursive: true })
+  await evictExistingInstance({ port })
+
+  hranaLogger.log(
+    `Starting hrana server on ${bindHost}:${port} with db: ${dbPath}`,
+  )
+
+  const database = new Database(dbPath)
+  database.exec('PRAGMA journal_mode = WAL')
+  database.exec('PRAGMA busy_timeout = 5000')
+  db = database
+
+  // Create the Hrana handler using libsqlproxy
+  const hranaFetchHandler = createLibsqlHandler(libsqlExecutor(database))
+  const hranaNodeHandler = createLibsqlNodeHandler(hranaFetchHandler)
+
+  // Combined handler: kimaki-specific endpoints + hrana protocol
+  const handler: http.RequestListener = async (req, res) => {
+    const pathname = new URL(req.url || '/', 'http://localhost').pathname
+    if (pathname === '/kimaki/wake') {
+      if (req.method !== 'POST') {
+        res.writeHead(405, { 'content-type': 'application/json' })
+        res.end(JSON.stringify({ error: 'method_not_allowed' }))
+        return
+      }
+      if (!isAuthorizedRequest(req)) {
+        res.writeHead(401, { 'content-type': 'application/json' })
+        res.end(JSON.stringify({ error: 'unauthorized' }))
+        return
+      }
+      const isReady = await waitForDiscordGatewayReady({ timeoutMs: 30_000 })
+      if (!isReady) {
+        res.writeHead(504, { 'content-type': 'application/json' })
+        res.end(JSON.stringify({ ready: false, error: 'timeout_waiting_for_discord_ready' }))
+        return
+      }
+      res.writeHead(200, { 'content-type': 'application/json' })
+      res.end(JSON.stringify({ ready: true }))
+      return
+    }
+    // Health check — no auth required
+    if (pathname === '/health') {
+      res.writeHead(200, { 'content-type': 'application/json' })
+      res.end(JSON.stringify({ status: 'ok', pid: process.pid }))
+      return
+    }
+    // Hrana routes: /v2, /v2/pipeline — require auth
+    if (pathname === '/v2' || pathname === '/v2/pipeline') {
+      if (!isAuthorizedRequest(req)) {
+        res.writeHead(401, { 'content-type': 'application/json' })
+        res.end(JSON.stringify({ error: 'unauthorized' }))
+        return
+      }
+      hranaNodeHandler(req, res)
+      return
+    }
+    res.writeHead(404)
+    res.end()
+  }
+
+  const started = await new Promise<ServerStartError | true>((resolve) => {
+    const srv = http.createServer(handler)
+
+    srv.on('error', (err: NodeJS.ErrnoException) => {
+      resolve(
+        new ServerStartError({
+          port,
+          reason:
+            err.code === 'EADDRINUSE'
+              ? `Port ${port} still in use after eviction`
+              : err.message,
+        }),
+      )
+    })
+    srv.listen(port, bindHost, () => {
+      server = srv
+      resolve(true)
+    })
+  })
+  if (started instanceof Error) {
+    database.close()
+    db = null
+    return started
+  }
+
+  hranaUrl = `http://127.0.0.1:${port}`
+  hranaLogger.log(`Hrana server ready at ${hranaUrl}`)
+  return hranaUrl
+}
+
+/**
+ * Stop the Hrana server and close the database.
+ */
+export async function stopHranaServer() {
+  if (server) {
+    hranaLogger.log('Stopping hrana server...')
+    await new Promise<void>((resolve) => {
+      server!.close(() => {
+        resolve()
+      })
+    })
+    server = null
+  }
+  if (db) {
+    db.close()
+    db = null
+  }
+  hranaUrl = null
+  discordGatewayReady = false
+  readyWaiters = []
+  hranaLogger.log('Hrana server stopped')
+}
+
+// ── Single-instance enforcement ──────────────────────────────────────
+
+/**
+ * Evict a previous kimaki instance on the lock port.
+ * Fetches /health to get the running process PID, then kills it directly.
+ * No lsof/netstat/spawnSync needed — the PID comes from the health response.
+ */
+export async function evictExistingInstance({ port }: { port: number }) {
+  const url = `http://127.0.0.1:${port}/health`
+
+  const probe = await fetch(url, { signal: AbortSignal.timeout(1000) }).catch(
+    (e) => new FetchError({ url, cause: e }),
+  )
+  if (probe instanceof Error) return
+
+  const body = await (probe.json() as Promise<{ pid?: number }>).catch(
+    (e) => new FetchError({ url, cause: e }),
+  )
+  if (body instanceof Error) return
+
+  const targetPid = body.pid
+  if (!targetPid || targetPid === process.pid) return
+
+  hranaLogger.log(
+    `Evicting existing kimaki process (PID: ${targetPid}) on port ${port}`,
+  )
+  const killResult = errore.try({
+    try: () => {
+      process.kill(targetPid, 'SIGTERM')
+    },
+    catch: (e) =>
+      new Error('Failed to send SIGTERM to existing kimaki process', {
+        cause: e,
+      }),
+  })
+  if (killResult instanceof Error) {
+    hranaLogger.log(`Failed to kill PID ${targetPid}: ${killResult.message}`)
+    return
+  }
+
+  await new Promise((resolve) => {
+    setTimeout(resolve, 1000)
+  })
+
+  // Verify it's gone — if still alive, escalate to SIGKILL
+  const secondProbe = await fetch(url, {
+    signal: AbortSignal.timeout(500),
+  }).catch((e) => new FetchError({ url, cause: e }))
+  if (secondProbe instanceof Error) return
+
+  hranaLogger.log(`PID ${targetPid} still alive after SIGTERM, sending SIGKILL`)
+  const forceKillResult = errore.try({
+    try: () => {
+      process.kill(targetPid, 'SIGKILL')
+    },
+    catch: (e) =>
+      new Error('Failed to send SIGKILL to existing kimaki process', {
+        cause: e,
+      }),
+  })
+  if (forceKillResult instanceof Error) {
+    hranaLogger.log(
+      `Failed to force-kill PID ${targetPid}: ${forceKillResult.message}`,
+    )
+    return
+  }
+  await new Promise((resolve) => {
+    setTimeout(resolve, 1000)
+  })
+}

package/src/html-actions.test.ts

@@ -0,0 +1,87 @@
+import { afterEach, describe, expect, test } from 'vitest'
+import {
+  buildHtmlActionCustomId,
+  cancelHtmlActionsForOwner,
+  cancelHtmlActionsForThread,
+  pendingHtmlActions,
+  registerHtmlAction,
+} from './html-actions.js'
+
+const TEST_OWNER_A = 'worktrees:user-a:channel-a'
+const TEST_OWNER_B = 'worktrees:user-b:channel-a'
+
+afterEach(() => {
+  cancelHtmlActionsForOwner(TEST_OWNER_A)
+  cancelHtmlActionsForOwner(TEST_OWNER_B)
+})
+
+describe('html action registry', () => {
+  test('registers action ids with expected custom id prefix', () => {
+    const actionId = registerHtmlAction({
+      ownerKey: TEST_OWNER_A,
+      run: async () => {
+        return undefined
+      },
+    })
+
+    expect(buildHtmlActionCustomId(actionId)).toMatch(/^html_action:/)
+    expect(pendingHtmlActions.has(actionId)).toBe(true)
+  })
+
+  test('cancels actions by owner', () => {
+    registerHtmlAction({
+      ownerKey: TEST_OWNER_A,
+      run: async () => {
+        return undefined
+      },
+    })
+    registerHtmlAction({
+      ownerKey: TEST_OWNER_A,
+      run: async () => {
+        return undefined
+      },
+    })
+
+    expect(cancelHtmlActionsForOwner(TEST_OWNER_A)).toBe(2)
+    expect(pendingHtmlActions.size).toBe(0)
+  })
+
+  test('cancels only actions from the matching thread', () => {
+    const threadAActionId = registerHtmlAction({
+      ownerKey: TEST_OWNER_A,
+      threadId: 'thread-a',
+      run: async () => {
+        return undefined
+      },
+    })
+    const threadBActionId = registerHtmlAction({
+      ownerKey: TEST_OWNER_B,
+      threadId: 'thread-b',
+      run: async () => {
+        return undefined
+      },
+    })
+
+    expect(cancelHtmlActionsForThread('thread-a')).toBe(1)
+    expect(pendingHtmlActions.has(threadAActionId)).toBe(false)
+    expect(pendingHtmlActions.has(threadBActionId)).toBe(true)
+  })
+
+  test('expires actions after ttl', async () => {
+    const actionId = registerHtmlAction({
+      ownerKey: TEST_OWNER_A,
+      ttlMs: 10,
+      run: async () => {
+        return undefined
+      },
+    })
+
+    await new Promise<void>((resolve) => {
+      setTimeout(() => {
+        resolve()
+      }, 30)
+    })
+
+    expect(pendingHtmlActions.has(actionId)).toBe(false)
+  })
+})

package/src/html-actions.ts

@@ -0,0 +1,174 @@
+// HTML action registry for rendered Discord components.
+// Stores short-lived button callbacks by generated id so HTML-backed UI can
+// attach interactions without leaking closures across rerenders.
+
+import crypto from 'node:crypto'
+import {
+  ComponentType,
+  MessageFlags,
+  type ButtonInteraction,
+} from 'discord.js'
+import { createLogger } from './logger.js'
+import { notifyError } from './sentry.js'
+
+const logger = createLogger('HTML_ACT')
+const DEFAULT_TTL_MS = 24 * 60 * 60 * 1000
+
+type PendingHtmlAction = {
+  actionId: string
+  ownerKey: string
+  threadId?: string
+  resolved: boolean
+  timer: ReturnType<typeof setTimeout>
+  run: ({ interaction }: { interaction: ButtonInteraction }) => Promise<void>
+}
+
+export const pendingHtmlActions = new Map<string, PendingHtmlAction>()
+const actionIdsByOwner = new Map<string, Set<string>>()
+
+export function buildHtmlActionCustomId(actionId: string): string {
+  return `html_action:${actionId}`
+}
+
+export function registerHtmlAction({
+  ownerKey,
+  threadId,
+  run,
+  ttlMs = DEFAULT_TTL_MS,
+}: {
+  ownerKey: string
+  threadId?: string
+  run: ({ interaction }: { interaction: ButtonInteraction }) => Promise<void>
+  ttlMs?: number
+}): string {
+  const actionId = crypto.randomBytes(8).toString('hex')
+  const timer = setTimeout(() => {
+    resolveHtmlAction({ actionId })
+  }, ttlMs)
+
+  pendingHtmlActions.set(actionId, {
+    actionId,
+    ownerKey,
+    threadId,
+    resolved: false,
+    timer,
+    run,
+  })
+
+  const ownerActionIds = actionIdsByOwner.get(ownerKey) ?? new Set<string>()
+  ownerActionIds.add(actionId)
+  actionIdsByOwner.set(ownerKey, ownerActionIds)
+  return actionId
+}
+
+export function cancelHtmlActionsForOwner(ownerKey: string): number {
+  const actionIds = actionIdsByOwner.get(ownerKey)
+  if (!actionIds) {
+    return 0
+  }
+
+  let cancelled = 0
+  for (const actionId of actionIds) {
+    const resolved = resolveHtmlAction({ actionId })
+    if (!resolved) {
+      continue
+    }
+    cancelled++
+  }
+
+  return cancelled
+}
+
+export function cancelHtmlActionsForThread(threadId: string): number {
+  let cancelled = 0
+
+  for (const [actionId, action] of pendingHtmlActions) {
+    if (action.threadId !== threadId) {
+      continue
+    }
+
+    const resolved = resolveHtmlAction({ actionId })
+    if (!resolved) {
+      continue
+    }
+    cancelled++
+  }
+
+  return cancelled
+}
+
+export async function handleHtmlActionButton(
+  interaction: ButtonInteraction,
+): Promise<void> {
+  const customId = interaction.customId
+  if (!customId.startsWith('html_action:')) {
+    return
+  }
+
+  const actionId = customId.slice('html_action:'.length)
+  if (!actionId) {
+    await interaction.reply({
+      content: 'Invalid action button.',
+      flags: MessageFlags.Ephemeral,
+    })
+    return
+  }
+
+  const action = pendingHtmlActions.get(actionId)
+  if (!action || action.resolved) {
+    await interaction.reply({
+      content: 'This action is no longer available.',
+      flags: MessageFlags.Ephemeral,
+    })
+    return
+  }
+
+  await interaction.deferUpdate()
+  const resolvedAction = resolveHtmlAction({ actionId })
+  if (!resolvedAction) {
+    return
+  }
+
+  try {
+    await resolvedAction.run({ interaction })
+  } catch (error) {
+    logger.error('[HTML_ACTION] Failed to run action:', error)
+    void notifyError(error, 'HTML action button failed')
+    await interaction
+      .editReply({
+        components: [
+          {
+            type: ComponentType.TextDisplay,
+            content: `Action failed: ${error instanceof Error ? error.message : String(error)}`,
+          },
+        ],
+        flags: MessageFlags.IsComponentsV2,
+      })
+      .catch(() => {
+        return undefined
+      })
+  }
+}
+
+function resolveHtmlAction({
+  actionId,
+}: {
+  actionId: string
+}): PendingHtmlAction | undefined {
+  const action = pendingHtmlActions.get(actionId)
+  if (!action || action.resolved) {
+    return undefined
+  }
+
+  action.resolved = true
+  clearTimeout(action.timer)
+  pendingHtmlActions.delete(actionId)
+
+  const ownerActionIds = actionIdsByOwner.get(action.ownerKey)
+  ownerActionIds?.delete(actionId)
+  if (ownerActionIds && ownerActionIds.size === 0) {
+    actionIdsByOwner.delete(action.ownerKey)
+  }
+
+  return action
+}

package/src/html-components.test.ts

@@ -0,0 +1,38 @@
+import { describe, expect, test } from 'vitest'
+import { parseInlineHtmlRenderables } from './html-components.js'
+
+describe('parseInlineHtmlRenderables', () => {
+  test('parses text and button fragments', () => {
+    const result = parseInlineHtmlRenderables({
+      html: 'Before <button id="delete-a" variant="danger">Delete</button> after',
+    })
+    expect(result).toMatchInlineSnapshot(`
+      [
+        {
+          "text": "Before ",
+          "type": "text",
+        },
+        {
+          "disabled": false,
+          "id": "delete-a",
+          "label": "Delete",
+          "type": "button",
+          "variant": "danger",
+        },
+        {
+          "text": " after",
+          "type": "text",
+        },
+      ]
+    `)
+  })
+
+  test('rejects buttons without id', () => {
+    const result = parseInlineHtmlRenderables({
+      html: '<button>Delete</button>',
+    })
+    expect(result instanceof Error ? result.message : result).toBe(
+      '<button> is missing required id attribute',
+    )
+  })
+})