@pellux/goodvibes-daemon-sdk 0.30.3 → 0.33.1

package/dist/media-routes.js

@@ -1,7 +1,7 @@
 import { resolvePrivateHostFetchOptions } from './http-policy.js';
 import { jsonErrorResponse } from './error-response.js';
-import { DaemonErrorCategory } from '@pellux/goodvibes-errors';
 import { createArtifactFromUploadRequest, isArtifactUploadRequest } from './artifact-upload.js';
+import { createRouteBodySchema, createRouteBodySchemaRegistry, readBoundedBodyInteger, readOptionalStringField, readStringArrayField, } from './route-helpers.js';
 function readErrorMessage(error) {
     if (typeof error === 'string')
         return error;
@@ -13,22 +13,16 @@ function readErrorMessage(error) {
     return 'Unknown error';
 }
 function isProviderNotConfiguredError(error) {
-    const msg = readErrorMessage(error).toLowerCase();
-    return (msg.includes('not configured')
-        || msg.includes('no provider')
-        || msg.includes('api key')
-        || msg.includes('api_key')
-        || msg.includes('missing key')
-        || msg.includes('no api')
-        || msg.includes('provider not')
-        || msg.includes('unconfigured'));
+    return Boolean(error && typeof error === 'object' && error.code === 'PROVIDER_NOT_CONFIGURED');
 }
 export function createDaemonMediaRouteHandlers(context) {
     return {
         getVoiceStatus: async () => Response.json(await context.voiceService.getStatus(Boolean(context.configManager.get('ui.voiceEnabled')))),
-        getVoiceProviders: async () => Response.json({
-            providers: await context.voiceService.getStatus(Boolean(context.configManager.get('ui.voiceEnabled'))).then((status) => status.providers),
-        }),
+        getVoiceProviders: async () => {
+            // reuse the same status snapshot instead of issuing a second provider-status probe.
+            const status = await context.voiceService.getStatus(Boolean(context.configManager.get('ui.voiceEnabled')));
+            return Response.json({ providers: status.providers });
+        },
         getVoiceVoices: async (url) => Response.json({ voices: await context.voiceService.listVoices(url.searchParams.get('providerId') ?? undefined) }),
         postVoiceTts: async (request) => handleVoiceTts(context, request),
         postVoiceTtsStream: async (request) => handleVoiceTtsStream(context, request),
@@ -42,7 +36,7 @@ export function createDaemonMediaRouteHandlers(context) {
             const artifact = context.artifactStore.get(artifactId);
             return artifact
                 ? Response.json({ artifact })
-                : Response.json({ error: 'Unknown artifact' }, { status: 404 });
+                : jsonErrorResponse({ error: 'Unknown artifact' }, { status: 404 });
         },
         getArtifactContent: async (artifactId, request) => handleArtifactContent(context, artifactId, request),
         getMediaProviders: async () => Response.json({ providers: await context.mediaProviders.status() }),
@@ -60,6 +54,12 @@ function readOptionalConfigString(context, key) {
     const value = context.configManager.get(key);
     return typeof value === 'string' && value.trim().length > 0 ? value.trim() : undefined;
 }
+const MAX_MEDIA_WRITEBACK_TAGS = 64;
+function readOptionalBoundedNumber(value, min, max) {
+    if (typeof value !== 'number' || !Number.isFinite(value))
+        return undefined;
+    return Math.min(max, Math.max(min, value));
+}
 function readVoiceSynthesisRequest(body, context) {
     const providerId = typeof body.providerId === 'string'
         ? body.providerId
@@ -73,7 +73,7 @@ function readVoiceSynthesisRequest(body, context) {
             : undefined;
     const modelId = typeof body.modelId === 'string' ? body.modelId : undefined;
     const format = typeof body.format === 'string' ? body.format : undefined;
-    const speed = typeof body.speed === 'number' ? body.speed : undefined;
+    const speed = readOptionalBoundedNumber(body.speed, 0.25, 4);
     const input = {
         text: typeof body.text === 'string' ? body.text : '',
         metadata: typeof body.metadata === 'object' && body.metadata !== null ? body.metadata : {},
@@ -91,38 +91,83 @@ function readVoiceSynthesisRequest(body, context) {
         input,
     };
 }
+const mediaBodySchemas = createRouteBodySchemaRegistry({
+    webSearch: createRouteBodySchema('POST /api/web-search', (body) => {
+        const query = readOptionalStringField(body, 'query');
+        if (!query)
+            return jsonErrorResponse({ error: 'Missing query' }, { status: 400 });
+        const providerId = readOptionalStringField(body, 'providerId');
+        const verbosity = readOptionalStringField(body, 'verbosity');
+        const region = readOptionalStringField(body, 'region');
+        const safeSearch = readOptionalStringField(body, 'safeSearch');
+        const timeRange = readOptionalStringField(body, 'timeRange');
+        const evidenceExtract = readOptionalStringField(body, 'evidenceExtract');
+        return {
+            query,
+            ...(providerId ? { providerId } : {}),
+            ...(Object.hasOwn(body, 'maxResults') ? { maxResults: readBoundedBodyInteger(body.maxResults, 5, 50) } : {}),
+            ...(verbosity ? { verbosity: verbosity } : {}),
+            ...(region ? { region } : {}),
+            ...(safeSearch ? { safeSearch: safeSearch } : {}),
+            ...(timeRange ? { timeRange: timeRange } : {}),
+            ...(typeof body.includeInstantAnswer === 'boolean' ? { includeInstantAnswer: body.includeInstantAnswer } : {}),
+            ...(typeof body.includeEvidence === 'boolean' ? { includeEvidence: body.includeEvidence } : {}),
+            ...(Object.hasOwn(body, 'evidenceTopN') ? { evidenceTopN: readBoundedBodyInteger(body.evidenceTopN, 3, 20) } : {}),
+            ...(evidenceExtract ? { evidenceExtract: evidenceExtract } : {}),
+        };
+    }),
+    multimodalPacket: createRouteBodySchema('POST /api/multimodal/packet', (body) => {
+        if (typeof body.analysis !== 'object' || body.analysis === null) {
+            return jsonErrorResponse({ error: 'Missing analysis payload' }, { status: 400 });
+        }
+        const detail = readOptionalStringField(body, 'detail');
+        return {
+            analysis: body.analysis,
+            detail: detail ?? 'standard',
+            ...(Object.hasOwn(body, 'budgetLimit') ? { budgetLimit: readBoundedBodyInteger(body.budgetLimit, 8, 100) } : {}),
+        };
+    }),
+});
 async function handleVoiceTts(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
-    const { providerId, input } = readVoiceSynthesisRequest(body);
+    // pass context so defaults from tts.provider/tts.voice config are applied
+    // consistently with handleVoiceTtsStream.
+    const { providerId, input } = readVoiceSynthesisRequest(body, context);
     if (!input.text.trim())
-        return Response.json({ error: 'Missing text' }, { status: 400 });
+        return jsonErrorResponse({ error: 'Missing text' }, { status: 400 });
     try {
         const result = await context.voiceService.synthesize(providerId, input);
         return Response.json(result);
     }
     catch (error) {
         if (isProviderNotConfiguredError(error)) {
-            return Response.json({ code: 'PROVIDER_NOT_CONFIGURED', error: readErrorMessage(error), category: DaemonErrorCategory.CONFIG, source: 'provider', recoverable: false, hint: 'Configure the voice provider API key or service credentials.' }, { status: 409 });
+            return jsonErrorResponse({ code: 'PROVIDER_NOT_CONFIGURED', error: readErrorMessage(error), source: 'provider', recoverable: false, hint: 'Configure the voice provider API key or service credentials.' }, { status: 409 });
         }
         return jsonErrorResponse(error, { status: 400 });
     }
 }
 async function handleVoiceTtsStream(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
     const { providerId, input } = readVoiceSynthesisRequest(body, context);
     if (!input.text.trim())
-        return Response.json({ error: 'Missing text' }, { status: 400 });
+        return jsonErrorResponse({ error: 'Missing text' }, { status: 400 });
     try {
         const result = await context.voiceService.synthesizeStream(providerId, { ...input, signal: req.signal });
         return voiceStreamResponse(result);
     }
     catch (error) {
         if (isProviderNotConfiguredError(error)) {
-            return Response.json({ code: 'PROVIDER_NOT_CONFIGURED', error: readErrorMessage(error), category: DaemonErrorCategory.CONFIG, source: 'provider', recoverable: false, hint: 'Configure the streaming TTS provider API key or service credentials.' }, { status: 409 });
+            return jsonErrorResponse({ code: 'PROVIDER_NOT_CONFIGURED', error: readErrorMessage(error), source: 'provider', recoverable: false, hint: 'Configure the streaming TTS provider API key or service credentials.' }, { status: 409 });
         }
         return jsonErrorResponse(error, { status: 400 });
     }
@@ -162,11 +207,14 @@ function voiceStreamResponse(result) {
     });
 }
 async function handleVoiceStt(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
     if (typeof body.audio !== 'object' || body.audio === null) {
-        return Response.json({ error: 'Missing audio artifact' }, { status: 400 });
+        return jsonErrorResponse({ error: 'Missing audio artifact' }, { status: 400 });
     }
     try {
         const result = await context.voiceService.transcribe(typeof body.providerId === 'string' ? body.providerId : undefined, {
@@ -180,12 +228,15 @@ async function handleVoiceStt(context, req) {
     }
     catch (error) {
         if (isProviderNotConfiguredError(error)) {
-            return Response.json({ code: 'PROVIDER_NOT_CONFIGURED', error: readErrorMessage(error), category: DaemonErrorCategory.CONFIG, source: 'provider', recoverable: false, hint: 'Configure the voice provider API key or service credentials.' }, { status: 409 });
+            return jsonErrorResponse({ code: 'PROVIDER_NOT_CONFIGURED', error: readErrorMessage(error), source: 'provider', recoverable: false, hint: 'Configure the voice provider API key or service credentials.' }, { status: 409 });
         }
         return jsonErrorResponse(error, { status: 400 });
     }
 }
 async function handleVoiceRealtimeSession(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
@@ -202,18 +253,21 @@ async function handleVoiceRealtimeSession(context, req) {
     }
     catch (error) {
         if (isProviderNotConfiguredError(error)) {
-            return Response.json({ code: 'PROVIDER_NOT_CONFIGURED', error: readErrorMessage(error), category: DaemonErrorCategory.CONFIG, source: 'provider', recoverable: false, hint: 'Configure the voice provider API key or service credentials.' }, { status: 409 });
+            return jsonErrorResponse({ code: 'PROVIDER_NOT_CONFIGURED', error: readErrorMessage(error), source: 'provider', recoverable: false, hint: 'Configure the voice provider API key or service credentials.' }, { status: 409 });
         }
         return jsonErrorResponse(error, { status: 400 });
     }
 }
 async function handleMediaAnalyze(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
     const provider = context.mediaProviders.findProvider('understand', typeof body.providerId === 'string' ? body.providerId : undefined);
     if (!provider?.analyze)
-        return Response.json({ error: 'No media analysis provider is registered' }, { status: 404 });
+        return jsonErrorResponse({ error: 'No media analysis provider is registered' }, { status: 404 });
     const artifact = typeof body.artifact === 'object' && body.artifact !== null
         ? body.artifact
         : typeof body.artifactId === 'string' && body.artifactId.trim().length > 0
@@ -224,7 +278,7 @@ async function handleMediaAnalyze(context, req) {
             }
             : null;
     if (!artifact) {
-        return Response.json({ error: 'Missing media artifact' }, { status: 400 });
+        return jsonErrorResponse({ error: 'Missing media artifact' }, { status: 400 });
     }
     return Response.json(await provider.analyze({
         artifact,
@@ -234,6 +288,9 @@ async function handleMediaAnalyze(context, req) {
     }));
 }
 async function handleArtifactCreate(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     if (isArtifactUploadRequest(req)) {
         const uploaded = await createArtifactFromUploadRequest(context.artifactStore, req);
         if (uploaded instanceof Response)
@@ -280,7 +337,9 @@ async function handleArtifactContent(context, artifactId, req) {
         });
         const download = new URL(req.url).searchParams.get('download');
         if (record.filename && download !== '0') {
-            headers.set('Content-Disposition', `attachment; filename="${record.filename.replace(/"/g, '\\"')}"`);
+            // Strip non-ASCII bytes so the ASCII filename parameter stays valid.
+            const asciiFallback = record.filename.replace(/[^\x20-\x7E]/g, '_').replace(/[\r\n"]/g, '_');
+            headers.set('Content-Disposition', `attachment; filename="${asciiFallback}"; filename*=UTF-8''${encodeURIComponent(record.filename)}`);
         }
         return new Response(bytes, { status: 200, headers });
     }
@@ -289,44 +348,38 @@ async function handleArtifactContent(context, artifactId, req) {
     }
 }
 async function handleWebSearch(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
-    const query = typeof body.query === 'string' ? body.query.trim() : '';
-    if (!query)
-        return Response.json({ error: 'Missing query' }, { status: 400 });
+    const input = mediaBodySchemas.webSearch.parse(body);
+    if (input instanceof Response)
+        return input;
     try {
-        return Response.json(await context.webSearchService.search({
-            query,
-            ...(typeof body.providerId === 'string' ? { providerId: body.providerId } : {}),
-            ...(typeof body.maxResults === 'number' ? { maxResults: body.maxResults } : {}),
-            ...(typeof body.verbosity === 'string' ? { verbosity: body.verbosity } : {}),
-            ...(typeof body.region === 'string' ? { region: body.region } : {}),
-            ...(typeof body.safeSearch === 'string' ? { safeSearch: body.safeSearch } : {}),
-            ...(typeof body.timeRange === 'string' ? { timeRange: body.timeRange } : {}),
-            ...(typeof body.includeInstantAnswer === 'boolean' ? { includeInstantAnswer: body.includeInstantAnswer } : {}),
-            ...(typeof body.includeEvidence === 'boolean' ? { includeEvidence: body.includeEvidence } : {}),
-            ...(typeof body.evidenceTopN === 'number' ? { evidenceTopN: body.evidenceTopN } : {}),
-            ...(typeof body.evidenceExtract === 'string' ? { evidenceExtract: body.evidenceExtract } : {}),
-        }));
+        return Response.json(await context.webSearchService.search(input));
     }
     catch (error) {
         return jsonErrorResponse(error, { status: 400 });
     }
 }
 async function handleMediaTransform(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
     const provider = context.mediaProviders.findProvider('transform', typeof body.providerId === 'string' ? body.providerId : undefined);
     if (!provider?.transform)
-        return Response.json({ error: 'No media transform provider is registered' }, { status: 404 });
+        return jsonErrorResponse({ error: 'No media transform provider is registered' }, { status: 404 });
     if (typeof body.artifact !== 'object' || body.artifact === null) {
-        return Response.json({ error: 'Missing media artifact' }, { status: 400 });
+        return jsonErrorResponse({ error: 'Missing media artifact' }, { status: 400 });
     }
     const operation = typeof body.operation === 'string' ? body.operation : '';
     if (!operation)
-        return Response.json({ error: 'Missing media transform operation' }, { status: 400 });
+        return jsonErrorResponse({ error: 'Missing media transform operation' }, { status: 400 });
     return Response.json(await provider.transform({
         artifact: body.artifact,
         operation,
@@ -336,15 +389,18 @@ async function handleMediaTransform(context, req) {
     }));
 }
 async function handleMediaGenerate(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
     const provider = context.mediaProviders.findProvider('generate', typeof body.providerId === 'string' ? body.providerId : undefined);
     if (!provider?.generate)
-        return Response.json({ error: 'No media generation provider is registered' }, { status: 404 });
+        return jsonErrorResponse({ error: 'No media generation provider is registered' }, { status: 404 });
     const prompt = typeof body.prompt === 'string' ? body.prompt : '';
     if (!prompt.trim())
-        return Response.json({ error: 'Missing media generation prompt' }, { status: 400 });
+        return jsonErrorResponse({ error: 'Missing media generation prompt' }, { status: 400 });
     return Response.json(await provider.generate({
         prompt,
         outputMimeType: typeof body.outputMimeType === 'string' ? body.outputMimeType : undefined,
@@ -354,6 +410,9 @@ async function handleMediaGenerate(context, req) {
     }));
 }
 async function handleMultimodalAnalyze(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
@@ -412,30 +471,35 @@ async function handleMultimodalAnalyze(context, req) {
     }
 }
 async function handleMultimodalPacket(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
-    if (typeof body.analysis !== 'object' || body.analysis === null) {
-        return Response.json({ error: 'Missing analysis payload' }, { status: 400 });
-    }
-    const detail = typeof body.detail === 'string' ? body.detail : 'standard';
-    const budgetLimit = typeof body.budgetLimit === 'number' ? body.budgetLimit : undefined;
+    const input = mediaBodySchemas.multimodalPacket.parse(body);
+    if (input instanceof Response)
+        return input;
     return Response.json({
-        packet: context.multimodalService.buildPacket(body.analysis, detail, budgetLimit),
+        packet: context.multimodalService.buildPacket(input.analysis, input.detail, input.budgetLimit),
     });
 }
 async function handleMultimodalWriteback(context, req) {
+    const admin = context.requireAdmin(req);
+    if (admin)
+        return admin;
     const body = await context.parseJsonBody(req);
     if (body instanceof Response)
         return body;
     if (typeof body.analysis !== 'object' || body.analysis === null) {
-        return Response.json({ error: 'Missing analysis payload' }, { status: 400 });
+        return jsonErrorResponse({ error: 'Missing analysis payload' }, { status: 400 });
     }
+    const tags = readStringArrayField(body, 'tags', MAX_MEDIA_WRITEBACK_TAGS);
     try {
         const writeback = await context.multimodalService.writeBackAnalysis(body.analysis, {
             ...(typeof body.sessionId === 'string' ? { sessionId: body.sessionId } : {}),
             ...(typeof body.title === 'string' ? { title: body.title } : {}),
-            ...(Array.isArray(body.tags) ? { tags: body.tags.filter((entry) => typeof entry === 'string') } : {}),
+            ...(tags ? { tags } : {}),
             ...(typeof body.folderPath === 'string' ? { folderPath: body.folderPath } : {}),
             ...(typeof body.metadata === 'object' && body.metadata !== null ? { metadata: body.metadata } : {}),
         });

package/dist/operator.d.ts

@@ -1,3 +1,19 @@
 import type { DaemonOperatorRouteHandlers } from './context.js';
+/**
+ * Route-level authentication is enforced inside each handler, not at the
+ * dispatcher level. Handler auth requirements by category:
+ *
+ * - READ-ONLY routes (status, providers, settings, continuity, intelligence,
+ *   worktrees, watchers, approvals, telemetry snapshot) — require admin or
+ *   authenticated session per handler implementation.
+ * - STATE-CHANGING routes (service install/start/stop, route bindings,
+ *   automation jobs, knowledge ingest) — always `withAdmin(context, req, ...)`.
+ * - SCHEDULER/RUNTIME routes (getSchedulerCapacity, getRuntimeMetrics) —
+ *   require admin per handler implementation.
+ *
+ * Dispatcher does not short-circuit unauthenticated requests; all auth
+ * enforcement lives in the handler factories (system-routes.ts,
+ * integration-routes.ts, runtime-automation-routes.ts, etc.).
+ */
 export declare function dispatchOperatorRoutes(req: Request, handlers: DaemonOperatorRouteHandlers): Promise<Response | null>;
 //# sourceMappingURL=operator.d.ts.map

package/dist/operator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"operator.d.ts","sourceRoot":"","sources":["../src/operator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAGhE,wBAAsB,sBAAsB,CAC1C,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,2BAA2B,GACpC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CA8S1B"}
+{"version":3,"file":"operator.d.ts","sourceRoot":"","sources":["../src/operator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AA4BhE;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,sBAAsB,CAC1C,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,2BAA2B,GACpC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAO1B"}