@pleri/olam-cli 0.1.188 → 0.1.195

package/host-cp/src/planning-sessions.mjs

@@ -175,6 +175,216 @@ export async function setCrystallizeStatus({ pool, sessionId, status, worldId =
   );
 }
 
+/**
+ * Create a new multi-turn DISPATCH session (multi-turn-cloud-sandbox-dispatch
+ * Phase A2 — distinct from createPlanningSession which is for planning-flow
+ * crystallization sessions under world_id='_planning').
+ *
+ * Allocates a UUID session_id, INSERTs a planning_sessions row with
+ * session_type='dispatch' + caller-supplied world_id, applies operator-supplied
+ * budget_usd_cap / allow_unpriced_models defaults, returns the session_id.
+ *
+ * No seed chunk: dispatch sessions accumulate chunks from the agent runtime
+ * (via /v1/chunks); we don't pre-seed a system chunk because Electric shape
+ * subscribers for dispatch sessions can wait for the first real agent chunk.
+ *
+ * @param {object} opts
+ * @param {object} opts.pool
+ * @param {string} opts.actorId
+ * @param {string} opts.worldId — operator-supplied; identifies the dispatch
+ *   target world (NOT the '_planning' sentinel used by createPlanningSession).
+ * @param {number | null} [opts.budgetUsdCap=null] — per-session budget cap;
+ *   null = uncapped. When null AND `OLAM_SESSION_BUDGET_DEFAULT_USD` is set,
+ *   the env-default applies at /v1/dispatch-turn check time (Phase D); here
+ *   we record the row exactly as supplied.
+ * @param {boolean} [opts.allowUnpricedModels=false] — opt session into the
+ *   pricingForModel-returns-null fallback (Plan A T11 mitigation; default
+ *   refuses unknown models with 502).
+ * @returns {Promise<{ session_id: string }>}
+ */
+export async function createDispatchSession({
+  pool,
+  actorId,
+  worldId,
+  budgetUsdCap = null,
+  allowUnpricedModels = false,
+  sessionId: providedSessionId = null,
+}) {
+  if (!actorId || typeof actorId !== 'string') {
+    throw new Error('createDispatchSession: actorId required');
+  }
+  if (!worldId || typeof worldId !== 'string') {
+    throw new Error('createDispatchSession: worldId required');
+  }
+  // A6 (Decision 9 always-on threading): callers MAY supply session_id to
+  // upsert an existing planning_sessions row (e.g. /api/cloud-dispatch
+  // pre-creating the thread before forwarding to plan-DO). When omitted,
+  // we generate a UUID. ON CONFLICT DO NOTHING handles the race where
+  // the SPA called /v1/sessions/create concurrently AND server-side
+  // cloud-dispatch tried to pre-create the same row.
+  const sessionId = providedSessionId ?? randomUUID();
+  await pool.query(
+    `INSERT INTO planning_sessions
+       (session_id, actor_id, session_type, world_id, budget_usd_cap, allow_unpriced_models)
+     VALUES ($1, $2, 'dispatch', $3, $4, $5)
+     ON CONFLICT (session_id) DO NOTHING`,
+    [sessionId, actorId, worldId, budgetUsdCap, allowUnpricedModels],
+  );
+  return { session_id: sessionId };
+}
+
+/**
+ * Atomic test-and-set lock claim on a dispatch session
+ * (multi-turn-cloud-sandbox-dispatch Phase A3 — Decision 4 + T5 mitigation).
+ *
+ * Pattern: single-statement UPDATE ... WHERE in_flight_turn_id IS NULL RETURNING.
+ * Two concurrent attempts: first claim wins (RETURNING yields 1 row); second
+ * sees empty result + must return 409 to caller. Matches the established
+ * planning-sessions.mjs:169 setCrystallizeStatus atomic-write idiom.
+ *
+ * @param {object} opts
+ * @param {object} opts.pool
+ * @param {string} opts.sessionId
+ * @param {string} opts.turnId — operator-or-server-generated turn UUID
+ * @returns {Promise<boolean>} true if lock claimed, false if already held
+ */
+export async function claimDispatchTurnLock({ pool, sessionId, turnId }) {
+  const result = await pool.query(
+    `UPDATE planning_sessions
+     SET in_flight_turn_id = $1,
+         in_flight_turn_started_at = NOW(),
+         last_turn_at = NOW()
+     WHERE session_id = $2
+       AND session_type = 'dispatch'
+       AND in_flight_turn_id IS NULL
+     RETURNING session_id`,
+    [turnId, sessionId],
+  );
+  return (result.rows?.length ?? 0) > 0;
+}
+
+/**
+ * Clear the in-flight turn lock after dispatch completes (success OR failure).
+ *
+ * @param {object} opts
+ * @param {object} opts.pool
+ * @param {string} opts.sessionId
+ */
+export async function clearDispatchTurnLock({ pool, sessionId }) {
+  await pool.query(
+    `UPDATE planning_sessions
+     SET in_flight_turn_id = NULL,
+         in_flight_turn_started_at = NULL
+     WHERE session_id = $1
+       AND session_type = 'dispatch'`,
+    [sessionId],
+  );
+}
+
+/**
+ * Halt a dispatch session — operator-driven "block next turn" state (T13).
+ *
+ * Sets halted_at to NOW() AND clears in_flight_turn_id. Future /v1/dispatch-turn
+ * calls return 409 'session_halted' until reactivateDispatchSession clears
+ * halted_at. Does NOT stop an in-flight container — the running container
+ * completes its current turn naturally. UX is "Block next turn" not "Stop"
+ * (Plan A Phase C C6).
+ *
+ * Scoped by actor_id for ownership isolation.
+ *
+ * @param {object} opts
+ * @param {object} opts.pool
+ * @param {string} opts.sessionId
+ * @param {string} opts.actorId
+ * @returns {Promise<boolean>} true if a session row was updated; false if
+ *   the session_id was not found / not owned by actorId.
+ */
+export async function haltDispatchSession({ pool, sessionId, actorId }) {
+  const result = await pool.query(
+    `UPDATE planning_sessions
+     SET halted_at = NOW(),
+         in_flight_turn_id = NULL,
+         in_flight_turn_started_at = NULL
+     WHERE session_id = $1
+       AND session_type = 'dispatch'
+       AND actor_id = $2
+     RETURNING session_id`,
+    [sessionId, actorId],
+  );
+  return (result.rows?.length ?? 0) > 0;
+}
+
+/**
+ * Reactivate a halted dispatch session — clears halted_at so subsequent
+ * /v1/dispatch-turn calls can claim the lock again. Idempotent (clearing an
+ * already-null halted_at is a no-op).
+ *
+ * @param {object} opts
+ * @param {object} opts.pool
+ * @param {string} opts.sessionId
+ * @param {string} opts.actorId
+ * @returns {Promise<boolean>} true if a session row was updated; false if
+ *   the session_id was not found / not owned by actorId.
+ */
+export async function reactivateDispatchSession({ pool, sessionId, actorId }) {
+  const result = await pool.query(
+    `UPDATE planning_sessions
+     SET halted_at = NULL
+     WHERE session_id = $1
+       AND session_type = 'dispatch'
+       AND actor_id = $2
+     RETURNING session_id`,
+    [sessionId, actorId],
+  );
+  return (result.rows?.length ?? 0) > 0;
+}
+
+/**
+ * Read a dispatch session by session_id + scope to caller's actor_id
+ * (ownership check). Returns the session metadata needed for budget check
+ * + plan-DO forward, OR null when not found / not owned.
+ *
+ * @param {object} opts
+ * @param {object} opts.pool
+ * @param {string} opts.sessionId
+ * @param {string} opts.actorId
+ * @returns {Promise<null | {
+ *   session_id: string,
+ *   world_id: string | null,
+ *   actor_id: string,
+ *   total_usd: number,
+ *   budget_usd_cap: number | null,
+ *   allow_unpriced_models: boolean,
+ *   halted_at: string | null,
+ * }>}
+ */
+export async function getDispatchSession({ pool, sessionId, actorId }) {
+  const result = await pool.query(
+    `SELECT session_id, world_id, actor_id,
+            total_usd, budget_usd_cap, allow_unpriced_models,
+            halted_at
+     FROM planning_sessions
+     WHERE session_id = $1
+       AND session_type = 'dispatch'
+       AND actor_id = $2`,
+    [sessionId, actorId],
+  );
+  const row = result.rows?.[0];
+  if (!row) return null;
+  return {
+    session_id: row.session_id,
+    world_id: row.world_id ?? null,
+    actor_id: row.actor_id,
+    total_usd: Number(row.total_usd ?? 0),
+    budget_usd_cap:
+      row.budget_usd_cap === null || row.budget_usd_cap === undefined
+        ? null
+        : Number(row.budget_usd_cap),
+    allow_unpriced_models: Boolean(row.allow_unpriced_models),
+    halted_at: row.halted_at ?? null,
+  };
+}
+
 /**
  * List planning sessions for a given actorId, ordered by created_at DESC.
  *
@@ -204,6 +414,48 @@ export async function listPlanningSessions({ pool, actorId, limit = 50 }) {
   return result.rows;
 }
 
+/**
+ * List multi-turn DISPATCH sessions for a given actorId, ordered by
+ * last_turn_at DESC (most recently active first), excluding archived sessions.
+ *
+ * Distinct from listPlanningSessions: this returns only `session_type='dispatch'`
+ * rows + projects the multi-turn-specific columns (total_usd, in_flight_turn_id,
+ * halted_at, etc.) that the SPA's SessionsListView (Phase C C3) renders.
+ *
+ * @param {object} opts
+ * @param {object} opts.pool
+ * @param {string} opts.actorId
+ * @param {number} [opts.limit=50]
+ * @returns {Promise<Array<{
+ *   session_id: string,
+ *   world_id: string | null,
+ *   total_usd: string,
+ *   budget_usd_cap: string | null,
+ *   in_flight_turn_id: string | null,
+ *   halted_at: string | null,
+ *   last_turn_at: string | null,
+ *   created_at: string,
+ *   summary: string | null,
+ * }>>}
+ */
+export async function listDispatchSessions({ pool, actorId, limit = 50 }) {
+  const result = await pool.query(
+    `SELECT session_id, world_id,
+            total_usd, budget_usd_cap,
+            in_flight_turn_id, halted_at,
+            last_turn_at, created_at,
+            summary
+     FROM planning_sessions
+     WHERE actor_id = $1
+       AND session_type = 'dispatch'
+       AND archived_at IS NULL
+     ORDER BY last_turn_at DESC NULLS LAST, created_at DESC
+     LIMIT $2`,
+    [actorId, limit],
+  );
+  return result.rows;
+}
+
 /**
  * Load lightweight metadata for an existing in-flight planning session.
  *

package/host-cp/src/server.mjs

@@ -354,6 +354,50 @@ function readDogfoodRepoUrl() {
   return '';
 }
 
+/**
+ * Resolve the cloud-kg-mirror classifier proxy URL the runner forwards
+ * into spawned CF Sandbox child worlds. When set, host-cp enriches
+ * cloud-dispatch bodies with `kgProxyUrl` + `kgProxyBearer`; the runner
+ * injects those into the sandbox env so the PreToolUse hook's
+ * cloud-sandbox flavor can POST /v1/classify against the
+ * kg-mirror-worker. Source order: OLAM_KG_PROXY_URL env, then
+ * ~/.olam/kg-proxy-url file. Absent → no injection (dispatched worlds
+ * see no proxy URL → hook falls through to grep via existing fail-open).
+ * Mirrors readAnthropicBaseUrl() — operators have ONE pattern.
+ *
+ * Phase 1 (cloud-kg-mirror): docs/plans/cloud-kg-mirror/README.md §6-7.
+ */
+function readKgProxyUrl() {
+  const fromOlamEnv = process.env['OLAM_KG_PROXY_URL'];
+  if (fromOlamEnv && fromOlamEnv.length > 0) return fromOlamEnv.trim();
+  try {
+    const file = path.join(os.homedir(), '.olam', 'kg-proxy-url');
+    const content = fs.readFileSync(file, 'utf-8').trim();
+    if (content.length > 0) return content;
+  } catch {
+    // file absent — fall through
+  }
+  return '';
+}
+
+/**
+ * Bearer that pairs with readKgProxyUrl(). Stored in
+ * ~/.olam/kg-proxy-bearer (chmod 600 by operator). Mirrors the
+ * source-order convention; absent → no injection.
+ */
+function readKgProxyBearer() {
+  const fromOlamEnv = process.env['OLAM_KG_PROXY_BEARER'];
+  if (fromOlamEnv && fromOlamEnv.length > 0) return fromOlamEnv.trim();
+  try {
+    const file = path.join(os.homedir(), '.olam', 'kg-proxy-bearer');
+    const content = fs.readFileSync(file, 'utf-8').trim();
+    if (content.length > 0) return content;
+  } catch {
+    // file absent — fall through
+  }
+  return '';
+}
+
 /** @type {Record<string, number>} */
 let WORLDS = {};
 
@@ -2584,6 +2628,35 @@ const server = http.createServer(instrumentHandler('host-cp', async (req, res) =
         // Keep `messages` too — plan-DO may use it for multi-turn fidelity later.
       }
 
+      // multi-turn-cloud-sandbox-dispatch Phase A6 (Decision 9 always-on
+      // threading): pre-create the planning_sessions row server-side so
+      // EVERY cloud dispatch surfaces as a SPA thread — including pre-PR
+      // #1182-style one-shot calls that never invoked /v1/sessions/create
+      // directly. Idempotent (ON CONFLICT DO NOTHING in createDispatchSession).
+      // Fail-soft: thread-creation failure does NOT block the dispatch
+      // (the operator's task still ships); we log + continue.
+      try {
+        if (parsed.world_id && parsed.session_id) {
+          const planChatBearer = readPlanChatSecret();
+          const planChatBase = process.env.PLAN_CHAT_SERVICE_URL || 'http://127.0.0.1:3200';
+          await fetch(`${planChatBase}/v1/sessions/create`, {
+            method: 'POST',
+            headers: {
+              'content-type': 'application/json',
+              authorization: `Bearer ${planChatBearer}`,
+            },
+            body: JSON.stringify({
+              world_id: parsed.world_id,
+              session_id: parsed.session_id,
+            }),
+          });
+        }
+      } catch (threadErr) {
+        console.warn(
+          `[cloud-dispatch] thread pre-create failed (continuing): ${threadErr?.message ?? threadErr}`,
+        );
+      }
+
       // Gap 3: enrich the dispatch body with the operator's anthropicBaseUrl
       // so plan-DO can propagate it to spawned CF Sandbox child worlds.
       // Only injected when not already set by the SPA (SPA has no auth-worker
@@ -2596,9 +2669,18 @@ const server = http.createServer(instrumentHandler('host-cp', async (req, res) =
       // ~/.olam/dogfood-repo-url file. Absent → no injection (the dispatch
       // runs text-only, like before this change).
       const dogfoodRepoUrl = readDogfoodRepoUrl();
+      // cloud-kg-mirror Phase 1: propagate the classifier Worker URL +
+      // bearer so the runner can inject them into the sandbox env. When
+      // either is missing the dispatched world's PreToolUse hook falls
+      // through to grep via the existing fail-open path. Operator opts
+      // in by writing ~/.olam/kg-proxy-url + ~/.olam/kg-proxy-bearer.
+      const kgProxyUrl = readKgProxyUrl();
+      const kgProxyBearer = readKgProxyBearer();
       let enrichedObj = null;
       if (anthropicBaseUrl && !parsed.anthropicBaseUrl) enrichedObj = { ...(enrichedObj ?? parsed), anthropicBaseUrl };
       if (dogfoodRepoUrl && !parsed.repoUrl) enrichedObj = { ...(enrichedObj ?? parsed), repoUrl: dogfoodRepoUrl };
+      if (kgProxyUrl && !parsed.kgProxyUrl) enrichedObj = { ...(enrichedObj ?? parsed), kgProxyUrl };
+      if (kgProxyBearer && !parsed.kgProxyBearer) enrichedObj = { ...(enrichedObj ?? parsed), kgProxyBearer };
       // Use `parsed` (not raw `body`) as the no-enrichment fallback so that the
       // messages→prompt normalisation above is always forwarded even when no
       // env-var enrichments are applied.
@@ -2667,10 +2749,18 @@ const server = http.createServer(instrumentHandler('host-cp', async (req, res) =
         // bearer registration without additional plan metadata.
       }
 
-      // Enrich with anthropicBaseUrl from the host config.
+      // Enrich with anthropicBaseUrl + kgProxy from the host config.
       const anthropicBaseUrl = readAnthropicBaseUrl();
+      const kgProxyUrl = readKgProxyUrl();
+      const kgProxyBearer = readKgProxyBearer();
       const planId = parsed.planId ?? parsed.session_id ?? `plan-${Date.now()}`;
-      const requestBody = { ...parsed, planId, ...(anthropicBaseUrl ? { anthropicBaseUrl } : {}) };
+      const requestBody = {
+        ...parsed,
+        planId,
+        ...(anthropicBaseUrl ? { anthropicBaseUrl } : {}),
+        ...(kgProxyUrl ? { kgProxyUrl } : {}),
+        ...(kgProxyBearer ? { kgProxyBearer } : {}),
+      };
 
       const basicAuth = Buffer.from(`operator:${showcasePw}`).toString('base64');
       // Phase H h2: attach CF Access service-token headers when configured.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pleri/olam-cli",
-  "version": "0.1.188",
+  "version": "0.1.195",
   "type": "module",
   "bin": {
     "olam": "./bin/olam.cjs"
@@ -32,6 +32,7 @@
     "test": "vitest run --passWithNoTests",
     "test:ci": "vitest run --reporter=basic --passWithNoTests",
     "test:docker": "vitest run --config vitest.config.docker.ts",
+    "test:e2e:k3d-https": "node e2e/k3d-https-e2e.spec.mjs",
     "audit:publish-deps": "node scripts/audit-publish-deps.mjs",
     "audit:cli-bundle-k8s": "node scripts/audit-cli-bundle-k8s.mjs",
     "audit:cli-package-contents": "node scripts/audit-cli-package-contents.mjs"