@pixelbyte-software/pixcode 1.33.10 → 1.34.0

package/server/modules/orchestration/a2a/types.ts

@@ -0,0 +1,111 @@
+// server/modules/orchestration/a2a/types.ts
+// A2A protocol v0.2 types — minimal surface used by pixcode.
+// See https://a2a-protocol.org for the full spec; this file
+// keeps only what the orchestrator actually exchanges.
+
+export type TaskState =
+  | 'submitted'
+  | 'working'
+  | 'input-required'
+  | 'completed'
+  | 'canceled'
+  | 'failed';
+
+export type Role = 'user' | 'agent';
+
+export type PartKind = 'text' | 'file' | 'data';
+
+export interface TextPart {
+  kind: 'text';
+  text: string;
+}
+
+export interface FilePart {
+  kind: 'file';
+  name: string;
+  mimeType?: string;
+  bytesBase64?: string;
+  uri?: string;
+}
+
+export interface DataPart {
+  kind: 'data';
+  data: Record<string, unknown>;
+}
+
+export type Part = TextPart | FilePart | DataPart;
+
+export interface Message {
+  messageId: string;
+  role: Role;
+  parts: Part[];
+  /** Required for task-scoped messages. Omit only for broadcast/standalone messages. */
+  taskId?: string;
+}
+
+export type ArtifactType =
+  | 'file-diff'
+  | 'command-output'
+  | 'preview-url'
+  | 'data';
+
+// Note: Artifact and AuthScheme use `type` discriminator (matches A2A
+// v0.2 wire format). Part and BusEvent use `kind` per the same spec.
+export interface Artifact {
+  artifactId: string;
+  type: ArtifactType;
+  parts: Part[];
+  metadata?: Record<string, unknown>;
+}
+
+export interface TaskError {
+  code: string;
+  message: string;
+  details?: Record<string, unknown>;
+}
+
+export interface Task {
+  id: string;
+  contextId?: string;
+  state: TaskState;
+  history: Message[];
+  artifacts: Artifact[];
+  error?: TaskError;
+  metadata?: Record<string, unknown>;
+  createdAt: number;
+  updatedAt: number;
+}
+
+export interface AgentSkill {
+  id: string;
+  description: string;
+  examples?: string[];
+}
+
+export type AuthScheme =
+  | { type: 'none' }
+  | { type: 'bearer' }
+  | { type: 'mtls' };
+
+export interface AgentCard {
+  name: string;
+  description: string;
+  url: string;
+  version: string;
+  capabilities: string[];
+  skills: AgentSkill[];
+  authentication: AuthScheme;
+}
+
+export interface SubmitTaskInput {
+  message: Message;
+  contextId?: string;
+  metadata?: Record<string, unknown>;
+  /** Adapter id, "auto", or "skill:<id>". Resolved by the adapter registry. */
+  adapterId: string;
+}
+
+export type BusEvent =
+  | { kind: 'task-state'; taskId: string; state: TaskState; error?: TaskError }
+  | { kind: 'message'; taskId: string; message: Message }
+  | { kind: 'artifact'; taskId: string; artifact: Artifact };

package/server/modules/orchestration/a2a/validator.ts

@@ -0,0 +1,90 @@
+// server/modules/orchestration/a2a/validator.ts
+// Hand-written validators for incoming A2A payloads.
+// We deliberately avoid adding a new dep (zod, ajv) for the
+// foundation; a follow-on plan can swap to a schema lib if needed.
+//
+// All path strings use JSONPath-style "$" as the document root so
+// callers can map errors to wire-payload locations consistently.
+
+import type { AgentCard, DataPart, FilePart, Message, Part, SubmitTaskInput, TextPart } from '@/modules/orchestration/a2a/types.js';
+
+export class A2AValidationError extends Error {
+  constructor(message: string, public readonly path: string) {
+    super(`${path}: ${message}`);
+    this.name = 'A2AValidationError';
+  }
+}
+
+function assertNonEmptyString(value: unknown, path: string): asserts value is string {
+  if (typeof value !== 'string' || value.length === 0) {
+    throw new A2AValidationError('expected non-empty string', path);
+  }
+}
+
+function assertPart(value: unknown, path: string): asserts value is Part {
+  if (!value || typeof value !== 'object') {
+    throw new A2AValidationError('expected object', path);
+  }
+  const part = value as { kind?: unknown };
+  if (part.kind === 'text') {
+    assertNonEmptyString((part as Partial<TextPart>).text, `${path}.text`);
+    return;
+  }
+  if (part.kind === 'file') {
+    assertNonEmptyString((part as Partial<FilePart>).name, `${path}.name`);
+    return;
+  }
+  if (part.kind === 'data') {
+    const data = (part as Partial<DataPart>).data;
+    if (!data || typeof data !== 'object' || Array.isArray(data)) {
+      throw new A2AValidationError('data must be a plain object', `${path}.data`);
+    }
+    return;
+  }
+  throw new A2AValidationError('part.kind must be text|file|data', `${path}.kind`);
+}
+
+export function assertMessage(value: unknown, path = '$'): asserts value is Message {
+  if (!value || typeof value !== 'object') {
+    throw new A2AValidationError('expected object', path);
+  }
+  const m = value as { messageId?: unknown; role?: unknown; parts?: unknown };
+  assertNonEmptyString(m.messageId, `${path}.messageId`);
+  if (m.role !== 'user' && m.role !== 'agent') {
+    throw new A2AValidationError('role must be user|agent', `${path}.role`);
+  }
+  if (!Array.isArray(m.parts) || m.parts.length === 0) {
+    throw new A2AValidationError('parts must be non-empty array', `${path}.parts`);
+  }
+  m.parts.forEach((p, i) => assertPart(p, `${path}.parts[${i}]`));
+}
+
+export function assertSubmitTaskInput(value: unknown): asserts value is SubmitTaskInput {
+  if (!value || typeof value !== 'object') {
+    throw new A2AValidationError('expected object', '$');
+  }
+  const v = value as { message?: unknown; adapterId?: unknown };
+  assertMessage(v.message, '$.message');
+  assertNonEmptyString(v.adapterId, '$.adapterId');
+}
+
+export function assertAgentCard(value: unknown): asserts value is AgentCard {
+  if (!value || typeof value !== 'object') {
+    throw new A2AValidationError('expected object', '$');
+  }
+  const card = value as Partial<AgentCard>;
+  assertNonEmptyString(card.name, '$.name');
+  assertNonEmptyString(card.description, '$.description');
+  assertNonEmptyString(card.url, '$.url');
+  assertNonEmptyString(card.version, '$.version');
+  if (!Array.isArray(card.capabilities)) {
+    throw new A2AValidationError('capabilities must be array', '$.capabilities');
+  }
+  if (!Array.isArray(card.skills)) {
+    throw new A2AValidationError('skills must be array', '$.skills');
+  }
+  card.skills.forEach((s, i) => {
+    assertNonEmptyString(s.id, `$.skills[${i}].id`);
+    assertNonEmptyString(s.description, `$.skills[${i}].description`);
+  });
+}

package/server/modules/orchestration/index.ts

@@ -0,0 +1,26 @@
+// server/modules/orchestration/index.ts
+// Public surface for the orchestration module.
+// All cross-module consumers must import from here per
+// eslint.config.js boundaries rules.
+
+export { createA2ARouter } from './a2a/routes.js';
+export { adapterRegistry } from './a2a/adapter-registry.js';
+export { ClaudeCodeA2AAdapter } from './a2a/adapters/claude-code.adapter.js';
+export type {
+  AdapterContext,
+  TaskHandle,
+} from './a2a/adapters/abstract-a2a.adapter.js';
+export { AbstractA2AAdapter } from './a2a/adapters/abstract-a2a.adapter.js';
+export { a2aBus } from './a2a/bus.js';
+export type {
+  AgentCard,
+  Artifact,
+  ArtifactType,
+  BusEvent,
+  Message,
+  Part,
+  SubmitTaskInput,
+  Task,
+  TaskError,
+  TaskState,
+} from './a2a/types.js';

package/server/modules/providers/list/opencode/opencode-auth.provider.ts

@@ -1,130 +1,130 @@
-import { readFile } from 'node:fs/promises';
-import os from 'node:os';
-import path from 'node:path';
-
-import spawn from 'cross-spawn';
-
-import type { IProviderAuth } from '@/shared/interfaces.js';
-import type { ProviderAuthStatus } from '@/shared/types.js';
-import { readObjectRecord, readOptionalString } from '@/shared/utils.js';
-// eslint-disable-next-line @typescript-eslint/ban-ts-comment
-// @ts-ignore — plain-JS module, typed via inference
-import { getProviderCredentials } from '@/services/provider-credentials.js';
-
-type OpencodeCredentialsStatus = {
-  authenticated: boolean;
-  email: string | null;
-  method: string | null;
-  error?: string;
-};
-
-/**
- * OpenCode auth checker.
- *
- * OpenCode stores credentials at `~/.local/share/opencode/auth.json` (XDG
- * data dir — different layout from the other providers which use
- * `~/.<name>/`). The file is a JSON map of `providerName → { type, ... }`
- * where type is `api` (API key), `oauth` (OAuth tokens), or similar.
- *
- * Windows layout (as of the 2026 release): `%LOCALAPPDATA%\opencode\auth.json`.
- *
- * Since OpenCode is multi-provider (OpenAI, Anthropic, Google, Ollama,
- * OpenCode Zen), "authenticated" here means "at least ONE provider in
- * auth.json has credentials" — we don't care which.
- */
-export class OpencodeProviderAuth implements IProviderAuth {
-  private checkInstalled(): boolean {
-    const cliPath = process.env.OPENCODE_CLI_PATH || 'opencode';
-    try {
-      const result = spawn.sync(cliPath, ['--version'], { stdio: 'ignore', timeout: 5000 });
-      return !result.error && result.status === 0;
-    } catch {
-      return false;
-    }
-  }
-
-  async getStatus(): Promise<ProviderAuthStatus> {
-    const installed = this.checkInstalled();
-
-    if (!installed) {
-      return {
-        installed,
-        provider: 'opencode',
-        authenticated: false,
-        email: null,
-        method: null,
-        error: 'OpenCode CLI is not installed',
-      };
-    }
-
-    const credentials = await this.checkCredentials();
-
-    return {
-      installed,
-      provider: 'opencode',
-      authenticated: credentials.authenticated,
-      email: credentials.email,
-      method: credentials.method,
-      error: credentials.authenticated ? undefined : credentials.error || 'Not authenticated',
-    };
-  }
-
-  private async checkCredentials(): Promise<OpencodeCredentialsStatus> {
-    // Pixcode-managed credentials come first — if the user stored an API
-    // key via Settings > Agents > API Key, trust that regardless of
-    // env vars or auth.json.
-    try {
-      const creds = await getProviderCredentials('opencode');
-      if (creds?.apiKey) {
-        return { authenticated: true, email: 'API Key Auth', method: 'pixcode_store' };
-      }
-    } catch { /* fall through */ }
-
-    // Env-var shortcut — any of the multi-provider keys OpenCode recognises.
-    const envKeys = ['ANTHROPIC_API_KEY', 'OPENAI_API_KEY', 'GOOGLE_API_KEY', 'OPENROUTER_API_KEY'];
-    for (const k of envKeys) {
-      if (process.env[k]?.trim()) {
-        return { authenticated: true, email: `${k.replace('_API_KEY', '')} env`, method: 'api_key' };
-      }
-    }
-
-    // auth.json — written by `opencode auth login`. On Windows the XDG
-    // data dir typically resolves to `%LOCALAPPDATA%\opencode`, but since
-    // Node's `os.homedir()` + `.local/share/opencode` covers the Linux
-    // default and most WSL cases, we check both paths.
-    const candidatePaths = [
-      path.join(os.homedir(), '.local', 'share', 'opencode', 'auth.json'),
-      path.join(os.homedir(), 'AppData', 'Local', 'opencode', 'auth.json'),
-    ];
-
-    for (const credsPath of candidatePaths) {
-      try {
-        const content = await readFile(credsPath, 'utf8');
-        const creds = readObjectRecord(JSON.parse(content)) ?? {};
-        const providerNames = Object.keys(creds);
-        if (providerNames.length > 0) {
-          // Prefer a real provider label over a generic one when we can
-          // identify it.
-          const firstProvider = providerNames[0];
-          const firstConfig = readObjectRecord(creds[firstProvider]) ?? {};
-          const authType = readOptionalString(firstConfig.type) ?? 'stored';
-          const label = providerNames.length === 1
-            ? `${firstProvider} (${authType})`
-            : `${providerNames.length} providers configured`;
-          return {
-            authenticated: true,
-            email: label,
-            method: authType === 'oauth' ? 'credentials_file' : 'api_key',
-          };
-        }
-      } catch { /* try next path */ }
-    }
-
-    return {
-      authenticated: false,
-      email: null,
-      method: null,
-      error: 'OpenCode is not configured — run `opencode auth login`.',
-    };
-  }
-}
+import { readFile } from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+
+import spawn from 'cross-spawn';
+
+import type { IProviderAuth } from '@/shared/interfaces.js';
+import type { ProviderAuthStatus } from '@/shared/types.js';
+import { readObjectRecord, readOptionalString } from '@/shared/utils.js';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore — plain-JS module, typed via inference
+import { getProviderCredentials } from '@/services/provider-credentials.js';
+
+type OpencodeCredentialsStatus = {
+  authenticated: boolean;
+  email: string | null;
+  method: string | null;
+  error?: string;
+};
+
+/**
+ * OpenCode auth checker.
+ *
+ * OpenCode stores credentials at `~/.local/share/opencode/auth.json` (XDG
+ * data dir — different layout from the other providers which use
+ * `~/.<name>/`). The file is a JSON map of `providerName → { type, ... }`
+ * where type is `api` (API key), `oauth` (OAuth tokens), or similar.
+ *
+ * Windows layout (as of the 2026 release): `%LOCALAPPDATA%\opencode\auth.json`.
+ *
+ * Since OpenCode is multi-provider (OpenAI, Anthropic, Google, Ollama,
+ * OpenCode Zen), "authenticated" here means "at least ONE provider in
+ * auth.json has credentials" — we don't care which.
+ */
+export class OpencodeProviderAuth implements IProviderAuth {
+  private checkInstalled(): boolean {
+    const cliPath = process.env.OPENCODE_CLI_PATH || 'opencode';
+    try {
+      const result = spawn.sync(cliPath, ['--version'], { stdio: 'ignore', timeout: 5000 });
+      return !result.error && result.status === 0;
+    } catch {
+      return false;
+    }
+  }
+
+  async getStatus(): Promise<ProviderAuthStatus> {
+    const installed = this.checkInstalled();
+
+    if (!installed) {
+      return {
+        installed,
+        provider: 'opencode',
+        authenticated: false,
+        email: null,
+        method: null,
+        error: 'OpenCode CLI is not installed',
+      };
+    }
+
+    const credentials = await this.checkCredentials();
+
+    return {
+      installed,
+      provider: 'opencode',
+      authenticated: credentials.authenticated,
+      email: credentials.email,
+      method: credentials.method,
+      error: credentials.authenticated ? undefined : credentials.error || 'Not authenticated',
+    };
+  }
+
+  private async checkCredentials(): Promise<OpencodeCredentialsStatus> {
+    // Pixcode-managed credentials come first — if the user stored an API
+    // key via Settings > Agents > API Key, trust that regardless of
+    // env vars or auth.json.
+    try {
+      const creds = await getProviderCredentials('opencode');
+      if (creds?.apiKey) {
+        return { authenticated: true, email: 'API Key Auth', method: 'pixcode_store' };
+      }
+    } catch { /* fall through */ }
+
+    // Env-var shortcut — any of the multi-provider keys OpenCode recognises.
+    const envKeys = ['ANTHROPIC_API_KEY', 'OPENAI_API_KEY', 'GOOGLE_API_KEY', 'OPENROUTER_API_KEY'];
+    for (const k of envKeys) {
+      if (process.env[k]?.trim()) {
+        return { authenticated: true, email: `${k.replace('_API_KEY', '')} env`, method: 'api_key' };
+      }
+    }
+
+    // auth.json — written by `opencode auth login`. On Windows the XDG
+    // data dir typically resolves to `%LOCALAPPDATA%\opencode`, but since
+    // Node's `os.homedir()` + `.local/share/opencode` covers the Linux
+    // default and most WSL cases, we check both paths.
+    const candidatePaths = [
+      path.join(os.homedir(), '.local', 'share', 'opencode', 'auth.json'),
+      path.join(os.homedir(), 'AppData', 'Local', 'opencode', 'auth.json'),
+    ];
+
+    for (const credsPath of candidatePaths) {
+      try {
+        const content = await readFile(credsPath, 'utf8');
+        const creds = readObjectRecord(JSON.parse(content)) ?? {};
+        const providerNames = Object.keys(creds);
+        if (providerNames.length > 0) {
+          // Prefer a real provider label over a generic one when we can
+          // identify it.
+          const firstProvider = providerNames[0];
+          const firstConfig = readObjectRecord(creds[firstProvider]) ?? {};
+          const authType = readOptionalString(firstConfig.type) ?? 'stored';
+          const label = providerNames.length === 1
+            ? `${firstProvider} (${authType})`
+            : `${providerNames.length} providers configured`;
+          return {
+            authenticated: true,
+            email: label,
+            method: authType === 'oauth' ? 'credentials_file' : 'api_key',
+          };
+        }
+      } catch { /* try next path */ }
+    }
+
+    return {
+      authenticated: false,
+      email: null,
+      method: null,
+      error: 'OpenCode is not configured — run `opencode auth login`.',
+    };
+  }
+}