@pleri/olam-cli 0.1.7

package/host-cp/src/sse-gate.mjs

@@ -0,0 +1,117 @@
+// Phase F-2-B (B5): SSE concurrent-connection gate + path detection.
+//
+// Background. Each open SSE proxy holds:
+//   - A Node http.ClientRequest to the per-world CP (one fd)
+//   - The browser's incoming socket (one fd)
+// Plus the Node event loop wakes on every chunk. With N worlds × M tabs
+// × Sse-per-tab, the FD budget grows linearly. P3 budgets ≤100 concurrent
+// SSE proxies; P4 caps at 50 + returns 503 with Retry-After: 30 above
+// that. Below the cap there's no impact.
+//
+// Cap semantics:
+//   - increment() returns true if we're allowed to open; false → reject.
+//   - decrement() is idempotent + fire-once via the FiredFlag pattern
+//     because Node emits both 'close' and 'finish' on a normal stream
+//     end. Without idempotency the counter would underflow.
+//
+// SSE detection is path-based (cheap; runs before opening upstream).
+// Two patterns are SSE today:
+//   /api/stream                    — per-world CP's existing SSE feed
+//   /api/world/<id>/bootstrap-progress — placeholder for B7's UI strip
+//                                       (per-world CP route lands later)
+
+const SSE_PATH_PATTERNS = [
+  /\/api\/stream(?:\/|$|\?)/,
+  /\/bootstrap-progress(?:\/|$|\?)/,
+  /\/api\/logs(?:\/|$|\?)/,
+];
+
+/**
+ * Detect whether an upstream subPath represents an SSE stream. The
+ * subPath is the value emitted by `parseProxyPath()` — i.e., everything
+ * AFTER `/api/world/<id>`. So we match on the inner route, not the
+ * `/api/world/<id>` prefix.
+ *
+ * @param {string} subPath
+ * @returns {boolean}
+ */
+export function isSsePath(subPath) {
+  return SSE_PATH_PATTERNS.some((re) => re.test(subPath));
+}
+
+export class SseGate {
+  /**
+   * @param {object} opts
+   * @param {number} [opts.maxConcurrent]    default 50 (P4 cap)
+   * @param {(message: string) => void} [opts.log]
+   */
+  constructor({ maxConcurrent = 50, log = console.log } = {}) {
+    if (maxConcurrent < 1) {
+      throw new Error('SseGate: maxConcurrent must be >= 1');
+    }
+    this.maxConcurrent = maxConcurrent;
+    this.active = 0;
+    this.log = log;
+  }
+
+  /**
+   * Try to acquire a slot. If at cap, returns null + writes a 503 to
+   * res. Caller MUST check the return value.
+   *
+   * @param {import('node:http').ServerResponse} res
+   * @returns {{ release: () => void } | null}
+   */
+  acquire(res) {
+    if (this.active >= this.maxConcurrent) {
+      res.writeHead(503, {
+        'Content-Type': 'application/json; charset=utf-8',
+        'Retry-After': '30',
+      });
+      res.end(JSON.stringify({
+        error: 'sse_capacity_reached',
+        active: this.active,
+        cap: this.maxConcurrent,
+        retry_after_sec: 30,
+        message: 'host CP has reached the SSE concurrent-connection cap. Retry after the indicated delay or close idle SPA tabs.',
+      }));
+      this.log(`sse-gate: 503 — cap reached (active=${this.active}, cap=${this.maxConcurrent})`);
+      return null;
+    }
+    this.active++;
+    let released = false;
+    const release = () => {
+      if (released) return;
+      released = true;
+      this.active--;
+    };
+    return { release };
+  }
+
+  /** Diagnostics for /health. */
+  stats() {
+    return {
+      active: this.active,
+      cap: this.maxConcurrent,
+    };
+  }
+}
+
+/**
+ * Wire SSE-gate teardown to a ServerResponse's lifecycle. Node's
+ * http response emits 'close' (client disconnected) AND 'finish'
+ * (response.end() called) on different code paths. We want decrement
+ * exactly once per acquire(), regardless of which event fires first.
+ *
+ * The release closure is already idempotent (released flag). Wiring
+ * both events covers every termination path:
+ *   - browser closes tab     → 'close' on res
+ *   - upstream EOF + res.end → 'finish' on res
+ *   - error in proxy         → 'close' on res (Node fires close on errors)
+ *
+ * @param {import('node:http').ServerResponse} res
+ * @param {() => void} release
+ */
+export function wireRelease(res, release) {
+  res.on('close', release);
+  res.on('finish', release);
+}

package/host-cp/src/version-status.mjs

@@ -0,0 +1,209 @@
+// Version detection for Phase 1 of self-upgrade.
+//
+// Compares each component's baked OLAM_BUILD_SHA against the operator's
+// local repo HEAD (mounted read-only at /operator-repo). Reports upgrade
+// availability without triggering any automatic action — Phase 1 is
+// detection only.
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+/** @typedef {'ok' | 'behind' | 'unknown'} VersionState */
+
+/**
+ * @typedef {Object} ComponentVersion
+ * @property {string} running  - SHA baked into the running image
+ * @property {string} latest   - SHA of operator's local HEAD (or 'unknown')
+ * @property {boolean} upgradeAvailable
+ */
+
+/**
+ * @typedef {Object} VersionSnapshot
+ * @property {ComponentVersion} hostCp
+ * @property {ComponentVersion} authService
+ * @property {ComponentVersion} devbox
+ * @property {string} operatorHead  - resolved HEAD or 'unknown'
+ * @property {string} checkedAt     - ISO timestamp
+ */
+
+/**
+ * Read the operator's local repo HEAD.
+ *
+ * Tries OLAM_REPO_PATH env var first, then /operator-repo (the compose-
+ * mounted path), then $HOME/Projects/ein-sof/olam as a bare-node fallback.
+ *
+ * Returns 'unknown' on any read error.
+ *
+ * @returns {string}
+ */
+export function readOperatorHead() {
+  const candidates = [
+    process.env.OLAM_REPO_PATH,
+    '/operator-repo',
+  ].filter(Boolean);
+
+  for (const repoPath of candidates) {
+    try {
+      // Read HEAD to find the current branch ref (e.g. "ref: refs/heads/main")
+      // then resolve to the SHA.
+      const headFile = path.join(repoPath, '.git', 'HEAD');
+      if (!fs.existsSync(headFile)) continue;
+
+      const headContent = fs.readFileSync(headFile, 'utf-8').trim();
+
+      if (headContent.startsWith('ref: ')) {
+        // Symbolic ref → resolve to SHA via the packed-refs or loose ref.
+        const refPath = headContent.slice('ref: '.length);
+        const looseRef = path.join(repoPath, '.git', refPath);
+        if (fs.existsSync(looseRef)) {
+          return fs.readFileSync(looseRef, 'utf-8').trim();
+        }
+        // Try packed-refs fallback.
+        const packedRefs = path.join(repoPath, '.git', 'packed-refs');
+        if (fs.existsSync(packedRefs)) {
+          const lines = fs.readFileSync(packedRefs, 'utf-8').split('\n');
+          for (const line of lines) {
+            if (line.startsWith('#')) continue;
+            const [sha, ref] = line.trim().split(' ');
+            if (ref === refPath) return sha;
+          }
+        }
+      } else if (/^[0-9a-f]{40}$/i.test(headContent)) {
+        // Detached HEAD — use the SHA directly.
+        return headContent;
+      }
+    } catch {
+      // silently try next candidate
+    }
+  }
+  return 'unknown';
+}
+
+/**
+ * Compare two SHAs. Returns true when they differ and both are known.
+ * If either is 'unknown' we cannot assert an upgrade is available.
+ *
+ * @param {string} running
+ * @param {string} latest
+ * @returns {boolean}
+ */
+export function isUpgradeAvailable(running, latest) {
+  if (running === 'unknown' || latest === 'unknown') return false;
+  // SHAs may be full (40 hex chars) or short (7+ hex chars from --short).
+  // Compare by checking if one is a prefix of the other.
+  const a = running.toLowerCase();
+  const b = latest.toLowerCase();
+  return !a.startsWith(b) && !b.startsWith(a);
+}
+
+/**
+ * Fetch the auth-service's /health endpoint and extract buildSha.
+ *
+ * @param {string} authServiceUrl
+ * @returns {Promise<string>}
+ */
+export async function fetchAuthServiceSha(authServiceUrl) {
+  try {
+    const res = await fetch(`${authServiceUrl}/health`, {
+      signal: AbortSignal.timeout(5000),
+    });
+    if (!res.ok) return 'unknown';
+    const data = /** @type {unknown} */ (await res.json());
+    if (data && typeof data === 'object' && 'buildSha' in data) {
+      const sha = /** @type {Record<string, unknown>} */ (data)['buildSha'];
+      return typeof sha === 'string' ? sha : 'unknown';
+    }
+    return 'unknown';
+  } catch {
+    return 'unknown';
+  }
+}
+
+/**
+ * Fetch the devbox image SHA. We check the running devbox container's
+ * OLAM_BUILD_SHA env var via the docker socket proxy (inspect endpoint).
+ * Returns 'unknown' if any step fails.
+ *
+ * @param {string} dockerApiBase  e.g. "http://docker-socket-proxy:2375" or "http://localhost:2375"
+ * @returns {Promise<string>}
+ */
+export async function fetchDevboxImageSha(dockerApiBase) {
+  try {
+    // List containers named olam-*-devbox and grab the first one.
+    const listRes = await fetch(
+      `${dockerApiBase}/containers/json?filters=${encodeURIComponent(JSON.stringify({ name: ['olam-devbox'] }))}`,
+      { signal: AbortSignal.timeout(5000) },
+    );
+    if (!listRes.ok) return 'unknown';
+    const containers = /** @type {unknown} */ (await listRes.json());
+    if (!Array.isArray(containers) || containers.length === 0) return 'unknown';
+
+    // Use the most recently-created devbox container's image ID.
+    // Inspect the image for OLAM_BUILD_SHA label or env.
+    const container = /** @type {Record<string, unknown>} */ (containers[0]);
+    const imageId = typeof container['ImageID'] === 'string' ? container['ImageID'] : null;
+    if (!imageId) return 'unknown';
+
+    const inspectRes = await fetch(
+      `${dockerApiBase}/images/${encodeURIComponent(imageId)}/json`,
+      { signal: AbortSignal.timeout(5000) },
+    );
+    if (!inspectRes.ok) return 'unknown';
+    const image = /** @type {unknown} */ (await inspectRes.json());
+    if (!image || typeof image !== 'object') return 'unknown';
+
+    const config = /** @type {Record<string, unknown>} */ (image)['Config'];
+    if (!config || typeof config !== 'object') return 'unknown';
+    const env = /** @type {Record<string, unknown>} */ (config)['Env'];
+    if (!Array.isArray(env)) return 'unknown';
+
+    for (const e of env) {
+      if (typeof e === 'string' && e.startsWith('OLAM_BUILD_SHA=')) {
+        return e.slice('OLAM_BUILD_SHA='.length);
+      }
+    }
+    return 'unknown';
+  } catch {
+    return 'unknown';
+  }
+}
+
+/**
+ * Build a full VersionSnapshot from all available sources.
+ *
+ * @param {{
+ *   authServiceUrl: string;
+ *   dockerApiBase: string;
+ * }} opts
+ * @returns {Promise<VersionSnapshot>}
+ */
+export async function buildVersionSnapshot({ authServiceUrl, dockerApiBase }) {
+  const operatorHead = readOperatorHead();
+
+  const [authSha, devboxSha] = await Promise.all([
+    fetchAuthServiceSha(authServiceUrl),
+    fetchDevboxImageSha(dockerApiBase),
+  ]);
+
+  const hostCpRunning = process.env.OLAM_BUILD_SHA ?? 'unknown';
+
+  return {
+    hostCp: {
+      running: hostCpRunning,
+      latest: operatorHead,
+      upgradeAvailable: isUpgradeAvailable(hostCpRunning, operatorHead),
+    },
+    authService: {
+      running: authSha,
+      latest: operatorHead,
+      upgradeAvailable: isUpgradeAvailable(authSha, operatorHead),
+    },
+    devbox: {
+      running: devboxSha,
+      latest: operatorHead,
+      upgradeAvailable: isUpgradeAvailable(devboxSha, operatorHead),
+    },
+    operatorHead,
+    checkedAt: new Date().toISOString(),
+  };
+}

package/host-cp/src/workspace-catalog.mjs

@@ -0,0 +1,149 @@
+// Phase F-2-B (B6): workspace + project catalog for host CP.
+//
+// Reads workspace YAML files from `~/.olam/workspaces/*.yaml` (mounted
+// at `/data/workspaces` inside the host-cp container per compose.yaml).
+// Provides three endpoints' worth of data:
+//
+//   1. /api/workspaces                 — list all workspaces (redacted)
+//   2. /api/projects                   — deduplicated project union
+//   3. POST /api/workspaces/match      — exact set-equality matching
+//                                        for D13's project-first
+//                                        create-world flow
+
+import fs from 'node:fs';
+import path from 'node:path';
+import YAML from 'yaml';
+import { redactSensitive } from './redact.mjs';
+
+/**
+ * @typedef {object} Project
+ * @property {string} name
+ * @property {string} [url]
+ * @property {string} [path]
+ * @property {string} [branch]
+ */
+
+/**
+ * @typedef {object} Workspace
+ * @property {string} name
+ * @property {Project[]} repos       project list (called `repos` in YAML)
+ * @property {Record<string, unknown>} [defaults]
+ * @property {Record<string, unknown>} [services]
+ * @property {Record<string, unknown>} [image]
+ * @property {Record<string, unknown>} [host_ui]
+ * @property {number} [updatedAt]
+ */
+
+/**
+ * Load all workspace YAMLs from a directory. Returns an array, sorted
+ * by name. Invalid YAMLs are logged + skipped (don't bring down the
+ * whole list because one file is malformed).
+ *
+ * @param {string} dir
+ * @param {(message: string) => void} [log]
+ * @returns {Workspace[]}
+ */
+export function loadWorkspaces(dir, log = console.log) {
+  if (!fs.existsSync(dir)) {
+    log(`workspace-catalog: directory ${dir} does not exist`);
+    return [];
+  }
+  /** @type {Workspace[]} */
+  const out = [];
+  for (const entry of fs.readdirSync(dir)) {
+    if (!entry.endsWith('.yaml') && !entry.endsWith('.yml')) continue;
+    const filePath = path.join(dir, entry);
+    try {
+      const raw = fs.readFileSync(filePath, 'utf-8');
+      const parsed = YAML.parse(raw);
+      if (parsed && typeof parsed === 'object' && parsed.name) {
+        // Normalize: ensure `repos` is at least an empty array.
+        out.push({ ...parsed, repos: parsed.repos ?? [] });
+      } else {
+        log(`workspace-catalog: skipping ${entry} (no .name field)`);
+      }
+    } catch (err) {
+      log(`workspace-catalog: failed to parse ${entry}: ${err.message}`);
+    }
+  }
+  return out.sort((a, b) => a.name.localeCompare(b.name));
+}
+
+/**
+ * /api/workspaces response: redacted workspace list.
+ *
+ * @param {Workspace[]} workspaces
+ * @returns {Workspace[]}
+ */
+export function workspacesForApi(workspaces) {
+  return /** @type {Workspace[]} */ (redactSensitive(workspaces));
+}
+
+/**
+ * /api/projects response: deduplicated project union across all
+ * workspaces. Dedup key is project name (case-sensitive — Atlas Core
+ * and atlas-core would be distinct, which matches the workspace YAML
+ * convention of using kebab-case throughout).
+ *
+ * Per-project metadata: takes the FIRST occurrence's url/path/branch.
+ * Subsequent occurrences with the same name are ignored. This keeps
+ * the response stable across reorderings within individual workspace
+ * YAMLs.
+ *
+ * @param {Workspace[]} workspaces
+ * @returns {Project[]}
+ */
+export function projectsFromWorkspaces(workspaces) {
+  /** @type {Map<string, Project>} */
+  const byName = new Map();
+  for (const ws of workspaces) {
+    for (const repo of ws.repos ?? []) {
+      if (!repo?.name) continue;
+      if (!byName.has(repo.name)) {
+        byName.set(repo.name, { ...repo });
+      }
+    }
+  }
+  return [...byName.values()].sort((a, b) => a.name.localeCompare(b.name));
+}
+
+/**
+ * POST /api/workspaces/match request body: { projects: string[] }.
+ * Returns workspaces whose project-name set EXACTLY equals the input
+ * set (no subset, no superset). Sorted by name for response stability.
+ *
+ * Algorithm: O(W × P) where W = #workspaces, P = average projects per
+ * workspace. Workspaces are small (<10 projects each); fine for direct
+ * iteration.
+ *
+ * @param {Workspace[]} workspaces
+ * @param {string[]} projectNames
+ * @returns {Workspace[]}
+ */
+export function matchWorkspacesByProjects(workspaces, projectNames) {
+  const target = new Set(projectNames);
+  /** @type {Workspace[]} */
+  const matches = [];
+  for (const ws of workspaces) {
+    const wsNames = new Set((ws.repos ?? []).map((r) => r.name).filter(Boolean));
+    if (setsEqual(target, wsNames)) {
+      matches.push(ws);
+    }
+  }
+  return matches.sort((a, b) => a.name.localeCompare(b.name));
+}
+
+/**
+ * Set equality. Two sets are equal iff same size + same members.
+ *
+ * @param {Set<string>} a
+ * @param {Set<string>} b
+ * @returns {boolean}
+ */
+function setsEqual(a, b) {
+  if (a.size !== b.size) return false;
+  for (const x of a) {
+    if (!b.has(x)) return false;
+  }
+  return true;
+}

package/host-cp/src/world-names-store.mjs

@@ -0,0 +1,176 @@
+// Phase F-2-D follow-up: persistent world-name store.
+//
+// Background: world.id is the docker container suffix (e.g. `gold-arc-1454`)
+// and is immutable. Operators want a separate human-friendly `name`
+// (e.g. "Refactor the auth module") so the worlds list reads like a
+// task board instead of a string of CSS-color-words.
+//
+// Storage: a single JSON file at /data/world-names.json (mounted from
+// ~/.olam/world-names.json on the host). Atomic write via tmp+rename so
+// concurrent PATCHes can't half-write the file. Read-on-demand with a
+// tiny in-process cache keyed off mtime so steady-state GET /api/worlds
+// doesn't reread the file every poll.
+//
+// Schema:
+//   { "<worldId>": "<name>", ... }
+//
+// Names are arbitrary UTF-8 strings, capped at NAME_MAX_LEN to keep
+// the file small + the UI sane.
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+const NAME_MAX_LEN = 120;
+
+/**
+ * @typedef {object} WorldNamesStore
+ * @property {() => Record<string, string>} all
+ * @property {(id: string) => string | null} get
+ * @property {(id: string, name: string) => string} set
+ * @property {(id: string) => void} remove
+ */
+
+/**
+ * Create a JSON-backed world-names store rooted at `filePath`.
+ * Resilient to a missing file (treats as empty); resilient to a
+ * malformed file (logs + treats as empty).
+ *
+ * @param {string} filePath
+ * @returns {WorldNamesStore}
+ */
+export function createWorldNamesStore(filePath) {
+  /** @type {Record<string, string>} */
+  let cache = {};
+  let cacheMtimeMs = -1;
+
+  function readFromDisk() {
+    if (!fs.existsSync(filePath)) {
+      cache = {};
+      cacheMtimeMs = 0;
+      return;
+    }
+    try {
+      const stat = fs.statSync(filePath);
+      if (stat.mtimeMs === cacheMtimeMs) return; // cache hit
+      const raw = fs.readFileSync(filePath, 'utf-8');
+      const parsed = JSON.parse(raw);
+      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+        const next = {};
+        for (const [k, v] of Object.entries(parsed)) {
+          if (typeof v === 'string') next[k] = v;
+        }
+        cache = next;
+      } else {
+        cache = {};
+      }
+      cacheMtimeMs = stat.mtimeMs;
+    } catch (err) {
+      console.error(`world-names-store: failed to read ${filePath}: ${err.message}`);
+      cache = {};
+      cacheMtimeMs = 0;
+    }
+  }
+
+  function writeToDisk() {
+    const dir = path.dirname(filePath);
+    fs.mkdirSync(dir, { recursive: true });
+    const tmp = `${filePath}.tmp-${process.pid}-${Date.now()}`;
+    fs.writeFileSync(tmp, JSON.stringify(cache, null, 2), 'utf-8');
+    fs.renameSync(tmp, filePath);
+    try {
+      const stat = fs.statSync(filePath);
+      cacheMtimeMs = stat.mtimeMs;
+    } catch {
+      cacheMtimeMs = 0;
+    }
+  }
+
+  /** @returns {Record<string, string>} */
+  function all() {
+    readFromDisk();
+    return { ...cache };
+  }
+
+  /**
+   * @param {string} id
+   * @returns {string | null}
+   */
+  function get(id) {
+    readFromDisk();
+    return cache[id] ?? null;
+  }
+
+  /**
+   * @param {string} id
+   * @param {string} name
+   * @returns {string} the normalized name actually stored
+   */
+  function set(id, name) {
+    if (typeof id !== 'string' || id.length === 0) {
+      throw new Error('worldId must be a non-empty string');
+    }
+    const normalized = normalizeName(name);
+    if (normalized === null) {
+      throw new Error('name must be a non-empty string (after trim)');
+    }
+    readFromDisk();
+    cache = { ...cache, [id]: normalized };
+    writeToDisk();
+    return normalized;
+  }
+
+  /**
+   * @param {string} id
+   */
+  function remove(id) {
+    readFromDisk();
+    if (!(id in cache)) return;
+    const next = { ...cache };
+    delete next[id];
+    cache = next;
+    writeToDisk();
+  }
+
+  return { all, get, set, remove };
+}
+
+/**
+ * Normalize a name input. Trims, collapses internal whitespace, caps
+ * length. Returns null for empty/whitespace-only input.
+ *
+ * @param {unknown} input
+ * @returns {string | null}
+ */
+export function normalizeName(input) {
+  if (typeof input !== 'string') return null;
+  const trimmed = input.replace(/\s+/g, ' ').trim();
+  if (trimmed.length === 0) return null;
+  return trimmed.length > NAME_MAX_LEN
+    ? trimmed.slice(0, NAME_MAX_LEN).trimEnd()
+    : trimmed;
+}
+
+/**
+ * Derive a human-friendly name from an initial task / dispatch text.
+ * Takes the first sentence (split on `.`/`?`/`!`/newline), trims, caps
+ * at ~60 chars at a word boundary so the UI doesn't truncate mid-word.
+ * Returns null for empty input — caller falls back to id.
+ *
+ * @param {unknown} taskText
+ * @returns {string | null}
+ */
+export function inferNameFromTask(taskText) {
+  if (typeof taskText !== 'string') return null;
+  const cleaned = taskText.replace(/\s+/g, ' ').trim();
+  if (cleaned.length === 0) return null;
+  // First sentence terminator wins; otherwise the whole string.
+  const firstSentence = cleaned.split(/[.!?\n]/)[0]?.trim() ?? cleaned;
+  const SOFT_CAP = 60;
+  if (firstSentence.length <= SOFT_CAP) return firstSentence || null;
+  // Cap at a word boundary close to SOFT_CAP so we don't dangle
+  // half a word + an ellipsis.
+  const head = firstSentence.slice(0, SOFT_CAP);
+  const lastSpace = head.lastIndexOf(' ');
+  const truncated = lastSpace > 30 ? head.slice(0, lastSpace) : head;
+  return truncated.replace(/[\s,;:—–-]+$/u, '');
+}