@ryanfw/prompt-orchestration-pipeline 0.11.0 → 0.13.0

package/src/ui/dist/favicon.svg

@@ -0,0 +1,12 @@
+<svg
+  xmlns="http://www.w3.org/2000/svg"
+  width="32"
+  height="32"
+  viewBox="0 0 1200 1200"
+>
+  <path
+    fill="#009966"
+    d="M406.13 988.31c-17.297 75.047-84.562 131.11-164.86 131.11-93.375 0-169.18-75.797-169.18-169.18s75.797-169.18 169.18-169.18 169.18 75.797 169.18 169.18v1.266h447.74v-167.9H671.63c-14.859 0-29.062-5.906-39.562-16.406s-16.406-24.703-16.406-39.562v-37.312h-317.16c-10.312 0-18.656-8.344-18.656-18.656V355.78h-147.94c-14.859 0-29.062-5.906-39.562-16.406s-16.406-24.75-16.406-39.562v-111.94c0-14.859 5.906-29.109 16.406-39.562 10.5-10.5 24.75-16.406 39.562-16.406h391.78c14.859 0 29.062 5.906 39.562 16.406s16.406 24.75 16.406 39.562v37.312h202.4c9.281-84.609 81.094-150.52 168.14-150.52 93.375 0 169.18 75.797 169.18 169.18s-75.797 169.18-169.18 169.18c-87.047 0-158.86-65.906-168.14-150.52h-202.4v37.312c0 14.859-5.906 29.062-16.406 39.562s-24.75 16.406-39.562 16.406h-206.53v297.24h298.5v-37.312c0-14.859 5.906-29.062 16.406-39.562s24.703-16.406 39.562-16.406h392.63c14.859 0 29.062 5.906 39.562 16.406s16.406 24.703 16.406 39.562v111.94c0 14.859-5.906 29.062-16.406 39.562s-24.75 16.406-39.562 16.406h-168.74v186.56c0 10.312-8.344 18.656-18.656 18.656h-466.4c-1.5 0-2.906-.187-4.312-.516zM225.19 262.45h18.656c10.312 0 18.656-8.344 18.656-18.656s-8.344-18.656-18.656-18.656H225.19c-10.312 0-18.656 8.344-18.656 18.656s8.344 18.656 18.656 18.656zm186.56 0h18.656c10.312 0 18.656-8.344 18.656-18.656s-8.344-18.656-18.656-18.656H411.75c-10.312 0-18.656 8.344-18.656 18.656s8.344 18.656 18.656 18.656zm-93.281 0h18.656c10.312 0 18.656-8.344 18.656-18.656s-8.344-18.656-18.656-18.656h-18.656c-10.312 0-18.656 8.344-18.656 18.656s8.344 18.656 18.656 18.656zm616.18 0h85.5c10.312 0 18.656-8.344 18.656-18.656s-8.344-18.656-18.656-18.656h-85.5l29.062-22.594c8.109-6.328 9.609-18.047 3.281-26.156s-18.047-9.609-26.156-3.281l-71.953 55.969a18.61 18.61 0 0 0 0 29.438l71.953 55.969c8.109 6.328 19.875 4.875 26.156-3.281 6.328-8.109 4.875-19.875-3.281-26.203l-29.062-22.594zm-779.95 696.66l50.391 50.391c7.266 7.313 19.078 7.313 26.391 0l100.73-100.73c7.266-7.266 7.266-19.078 0-26.391-7.266-7.266-19.078-7.266-26.391 0l-87.562 87.562-37.172-37.172c-7.266-7.266-19.078-7.266-26.391 0-7.266 7.266-7.266 19.078 0 26.391zm797.21-268.78h18.656c10.312 0 18.656-8.344 18.656-18.656s-8.344-18.656-18.656-18.656h-18.656c-10.312 0-18.656 8.344-18.656 18.656s8.344 18.656 18.656 18.656zm-186.56 0h18.656c10.312 0 18.656-8.344 18.656-18.656s-8.344-18.656-18.656-18.656h-18.656c-10.312 0-18.656 8.344-18.656 18.656s8.344 18.656 18.656 18.656zm93.281 0h18.656c10.312 0 18.656-8.344 18.656-18.656s-8.344-18.656-18.656-18.656H858.63c-10.312 0-18.656 8.344-18.656 18.656s8.344 18.656 18.656 18.656z"
+    fill-rule="evenodd"
+  />
+</svg>

package/src/ui/dist/index.html

@@ -11,8 +11,8 @@
     />
     <title>Prompt Pipeline Dashboard</title>
     <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
-    <script type="module" crossorigin src="/assets/index-DeDzq-Kk.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/style-aBtD_Yrs.css">
+    <script type="module" crossorigin src="/assets/index-cjHV9mYW.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/style-CoM9SoQF.css">
   </head>
   <body>
     <div id="root"></div>

package/src/ui/endpoints/create-pipeline-endpoint.js

@@ -0,0 +1,194 @@
+/**
+ * Create pipeline endpoint (logic-only)
+ *
+ * Exports:
+ *  - handleCreatePipeline(req, res) -> HTTP request handler
+ *
+ * This function creates a new pipeline type by:
+ *  - Validating name and description
+ *  - Generating a slug from the provided name
+ *  - Ensuring slug uniqueness in the registry
+ *  - Creating directory structure and starter files
+ *  - Updating the pipeline registry atomically
+ */
+
+import { getConfig } from "../../core/config.js";
+import { generateSlug, ensureUniqueSlug } from "../utils/slug.js";
+import { promises as fs } from "node:fs";
+import path from "node:path";
+
+/**
+ * Create starter files for a new pipeline
+ */
+async function createStarterFiles(pipelineDir, slug, name, description) {
+  // Create tasks directory
+  const tasksDir = path.join(pipelineDir, "tasks");
+  await fs.mkdir(tasksDir, { recursive: true });
+
+  // Create pipeline.json with correct schema
+  const pipelineJsonPath = path.join(pipelineDir, "pipeline.json");
+  const pipelineJsonContent = JSON.stringify(
+    {
+      name: slug,
+      version: "1.0.0",
+      description: description,
+      tasks: [],
+    },
+    null,
+    2
+  );
+  await fs.writeFile(pipelineJsonPath, pipelineJsonContent, "utf8");
+
+  // Create tasks/index.js
+  const tasksIndexPath = path.join(tasksDir, "index.js");
+  const tasksIndexContent = `// Task registry for ${slug}\nmodule.exports = { tasks: {} };\n`;
+  await fs.writeFile(tasksIndexPath, tasksIndexContent, "utf8");
+}
+
+/**
+ * Handle pipeline creation request
+ *
+ * Behavior:
+ *  - Validate name and description are present
+ *  - Generate slug from name (kebab-case, max 47 chars)
+ *  - Ensure slug uniqueness in registry
+ *  - Create directory structure and starter files
+ *  - Update registry.json atomically using temp file
+ *  - Return slug on success
+ */
+export async function handleCreatePipeline(req, res) {
+  console.log("[CreatePipelineEndpoint] POST /api/pipelines called");
+
+  try {
+    const { name, description } = req.body;
+
+    // Validate required fields
+    if (!name || typeof name !== "string" || name.trim() === "") {
+      res.status(400).json({ error: "Name and description are required" });
+      return;
+    }
+
+    if (
+      !description ||
+      typeof description !== "string" ||
+      description.trim() === ""
+    ) {
+      res.status(400).json({ error: "Name and description are required" });
+      return;
+    }
+
+    const config = getConfig();
+    const rootDir = config.paths?.root;
+
+    if (!rootDir) {
+      res.status(500).json({ error: "Failed to create pipeline" });
+      return;
+    }
+
+    const pipelineConfigDir = path.join(rootDir, "pipeline-config");
+    const registryPath = path.join(pipelineConfigDir, "registry.json");
+
+    // Read existing registry
+    let registryData;
+    try {
+      const contents = await fs.readFile(registryPath, "utf8");
+      registryData = JSON.parse(contents);
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        // Create registry file with empty pipelines object
+        await fs.mkdir(pipelineConfigDir, { recursive: true });
+        registryData = { pipelines: {} };
+      } else if (error instanceof SyntaxError) {
+        console.error(
+          "[CreatePipelineEndpoint] Invalid JSON in registry:",
+          error
+        );
+        res.status(500).json({ error: "Failed to create pipeline" });
+        return;
+      } else {
+        throw error;
+      }
+    }
+
+    // Validate registry structure
+    if (
+      !registryData ||
+      typeof registryData !== "object" ||
+      !registryData.pipelines ||
+      typeof registryData.pipelines !== "object"
+    ) {
+      console.error("[CreatePipelineEndpoint] Invalid registry structure");
+      res.status(500).json({ error: "Failed to create pipeline" });
+      return;
+    }
+
+    // Generate unique slug
+    const baseSlug = generateSlug(name.trim());
+    if (!baseSlug) {
+      res
+        .status(400)
+        .json({ error: "Invalid pipeline name; unable to generate slug" });
+      return;
+    }
+    const existingSlugs = new Set(Object.keys(registryData.pipelines));
+    const slug = ensureUniqueSlug(baseSlug, existingSlugs);
+
+    // Generate paths
+    const pipelineDir = path.join(pipelineConfigDir, slug);
+    const pipelinePath = path.join("pipeline-config", slug, "pipeline.json");
+    const taskRegistryPath = path.join(
+      "pipeline-config",
+      slug,
+      "tasks/index.js"
+    );
+
+    // Create starter files
+    try {
+      await createStarterFiles(
+        pipelineDir,
+        slug,
+        name.trim(),
+        description.trim()
+      );
+    } catch (error) {
+      console.error("[CreatePipelineEndpoint] Failed to create files:", error);
+      res.status(500).json({ error: "Failed to create pipeline" });
+      return;
+    }
+
+    // Update registry atomically using temp file
+    try {
+      registryData.pipelines[slug] = {
+        name: name.trim(),
+        description: description.trim(),
+        pipelinePath,
+        taskRegistryPath,
+      };
+
+      const tempPath = `${registryPath}.${Date.now()}.tmp`;
+      await fs.writeFile(
+        tempPath,
+        JSON.stringify(registryData, null, 2),
+        "utf8"
+      );
+      await fs.rename(tempPath, registryPath);
+    } catch (error) {
+      console.error(
+        "[CreatePipelineEndpoint] Failed to update registry:",
+        error
+      );
+      res.status(500).json({ error: "Failed to create pipeline" });
+      return;
+    }
+
+    console.log(
+      "[CreatePipelineEndpoint] Pipeline created successfully:",
+      slug
+    );
+
+    res.status(200).json({ slug });
+  } catch (err) {
+    console.error("[CreatePipelineEndpoint] Unexpected error:", err);
+    res.status(500).json({ error: "Failed to create pipeline" });
+  }
+}

package/src/ui/endpoints/file-endpoints.js

@@ -0,0 +1,330 @@
+/**
+ * File endpoint handlers for task file operations
+ */
+
+import fs from "fs";
+import path from "path";
+import { sendJson } from "../utils/http-utils.js";
+import { getMimeType, isTextMime } from "../utils/mime-types.js";
+import { getJobDirectoryPath } from "../../config/paths.js";
+
+const exists = async (p) =>
+  fs.promises
+    .access(p)
+    .then(() => true)
+    .catch(() => false);
+
+/**
+ * Resolve job lifecycle directory deterministically
+ * @param {string} dataDir - Base data directory
+ * @param {string} jobId - Job identifier
+ * @returns {Promise<string|null>} One of "current", "complete", "rejected", or null if job not found
+ */
+async function resolveJobLifecycle(dataDir, jobId) {
+  const currentJobDir = getJobDirectoryPath(dataDir, jobId, "current");
+  const completeJobDir = getJobDirectoryPath(dataDir, jobId, "complete");
+  const rejectedJobDir = getJobDirectoryPath(dataDir, jobId, "rejected");
+
+  // Check in order of preference: current > complete > rejected
+  const currentExists = await exists(currentJobDir);
+  const completeExists = await exists(completeJobDir);
+  const rejectedExists = await exists(rejectedJobDir);
+
+  if (currentExists) {
+    return "current";
+  }
+
+  if (completeExists) {
+    return "complete";
+  }
+
+  if (rejectedExists) {
+    return "rejected";
+  }
+
+  // Job not found in any lifecycle
+  return null;
+}
+
+/**
+ * Consolidated path jail security validation with generic error messages
+ * @param {string} filename - Filename to validate
+ * @returns {Object|null} Validation result or null if valid
+ */
+export function validateFilePath(filename) {
+  // Check for path traversal patterns
+  if (filename.includes("..")) {
+    console.error("Path security: path traversal detected", { filename });
+    return {
+      allowed: false,
+      message: "Path validation failed",
+    };
+  }
+
+  // Check for absolute paths (POSIX, Windows, backslashes, ~)
+  if (
+    path.isAbsolute(filename) ||
+    /^[a-zA-Z]:/.test(filename) ||
+    filename.includes("\\") ||
+    filename.startsWith("~")
+  ) {
+    console.error("Path security: absolute path detected", { filename });
+    return {
+      allowed: false,
+      message: "Path validation failed",
+    };
+  }
+
+  // Check for empty filename
+  if (!filename || filename.trim() === "") {
+    console.error("Path security: empty filename detected");
+    return {
+      allowed: false,
+      message: "Path validation failed",
+    };
+  }
+
+  // Path is valid
+  return null;
+}
+
+/**
+ * Handle task file list request with validation and security checks
+ * @param {http.IncomingMessage} req - HTTP request
+ * @param {http.ServerResponse} res - HTTP response
+ * @param {Object} params - Request parameters
+ * @param {string} params.jobId - Job ID
+ * @param {string} params.taskId - Task ID
+ * @param {string} params.type - File type (artifacts, logs, tmp)
+ * @param {string} params.dataDir - Data directory
+ */
+export async function handleTaskFileListRequest(
+  req,
+  res,
+  { jobId, taskId, type, dataDir }
+) {
+  // Resolve job lifecycle deterministically
+  const lifecycle = await resolveJobLifecycle(dataDir, jobId);
+  if (!lifecycle) {
+    // Job not found, return empty list
+    sendJson(res, 200, {
+      ok: true,
+      data: {
+        files: [],
+        jobId,
+        taskId,
+        type,
+      },
+    });
+    return;
+  }
+
+  // Use single lifecycle directory
+  const jobDir = getJobDirectoryPath(dataDir, jobId, lifecycle);
+  const taskDir = path.join(jobDir, "files", type);
+
+  // Use path.relative for stricter jail enforcement
+  const resolvedPath = path.resolve(taskDir);
+  const relativePath = path.relative(jobDir, resolvedPath);
+
+  if (relativePath.startsWith("..") || path.isAbsolute(relativePath)) {
+    console.error("Path security: directory traversal detected", {
+      taskDir,
+      relativePath,
+    });
+    sendJson(res, 403, {
+      ok: false,
+      error: "forbidden",
+      message: "Path validation failed",
+    });
+    return;
+  }
+
+  // Check if directory exists
+  if (!(await exists(taskDir))) {
+    // Directory doesn't exist, return empty list
+    sendJson(res, 200, {
+      ok: true,
+      data: {
+        files: [],
+        jobId,
+        taskId,
+        type,
+      },
+    });
+    return;
+  }
+
+  try {
+    // Read directory contents
+    const entries = await fs.promises.readdir(taskDir, {
+      withFileTypes: true,
+    });
+
+    // Filter and map to file list
+    const files = [];
+    for (const entry of entries) {
+      if (entry.isFile()) {
+        // Validate each filename using the consolidated function
+        const validation = validateFilePath(entry.name);
+        if (validation) {
+          console.error("Path security: skipping invalid file", {
+            filename: entry.name,
+            reason: validation.message,
+          });
+          continue; // Skip files that fail validation
+        }
+
+        const filePath = path.join(taskDir, entry.name);
+        const stats = await fs.promises.stat(filePath);
+
+        files.push({
+          name: entry.name,
+          size: stats.size,
+          mtime: stats.mtime.toISOString(),
+          mime: getMimeType(entry.name),
+        });
+      }
+    }
+
+    // Sort files by name
+    files.sort((a, b) => a.name.localeCompare(b.name));
+
+    // Send successful response
+    sendJson(res, 200, {
+      ok: true,
+      data: {
+        files,
+        jobId,
+        taskId,
+        type,
+      },
+    });
+  } catch (error) {
+    console.error("Error listing files:", error);
+    sendJson(res, 500, {
+      ok: false,
+      error: "internal_error",
+      message: "Failed to list files",
+    });
+  }
+}
+
+/**
+ * Handle task file request with validation, jail checks, and proper encoding
+ * @param {http.IncomingMessage} req - HTTP request
+ * @param {http.ServerResponse} res - HTTP response
+ * @param {Object} params - Request parameters
+ * @param {string} params.jobId - Job ID
+ * @param {string} params.taskId - Task ID
+ * @param {string} params.type - File type (artifacts, logs, tmp)
+ * @param {string} params.filename - Filename
+ * @param {string} params.dataDir - Data directory
+ */
+export async function handleTaskFileRequest(
+  req,
+  res,
+  { jobId, taskId, type, filename, dataDir }
+) {
+  // Unified security validation
+  const validation = validateFilePath(filename);
+  if (validation) {
+    sendJson(res, 403, {
+      ok: false,
+      error: "forbidden",
+      message: validation.message,
+    });
+    return;
+  }
+
+  // Resolve job lifecycle deterministically
+  const lifecycle = await resolveJobLifecycle(dataDir, jobId);
+  if (!lifecycle) {
+    sendJson(res, 404, {
+      ok: false,
+      error: "not_found",
+      message: "Job not found",
+    });
+    return;
+  }
+
+  // Use single lifecycle directory
+  const jobDir = getJobDirectoryPath(dataDir, jobId, lifecycle);
+  const taskDir = path.join(jobDir, "files", type);
+  const filePath = path.join(taskDir, filename);
+
+  // Use path.relative for stricter jail enforcement
+  const resolvedPath = path.resolve(filePath);
+  const relativePath = path.relative(jobDir, resolvedPath);
+
+  if (relativePath.startsWith("..") || path.isAbsolute(relativePath)) {
+    sendJson(res, 403, {
+      ok: false,
+      error: "forbidden",
+      message: "Path resolves outside allowed directory",
+    });
+    return;
+  }
+
+  // Check if file exists
+  if (!(await exists(filePath))) {
+    sendJson(res, 404, {
+      ok: false,
+      error: "not_found",
+      message: "File not found",
+      filePath,
+    });
+    return;
+  }
+
+  try {
+    // Get file stats
+    const stats = await fs.promises.stat(filePath);
+    if (!stats.isFile()) {
+      sendJson(res, 404, {
+        ok: false,
+        error: "not_found",
+        message: "Not a regular file",
+      });
+      return;
+    }
+
+    // Determine MIME type and encoding
+    const mime = getMimeType(filename);
+    const isText = isTextMime(mime);
+    const encoding = isText ? "utf8" : "base64";
+
+    // Read file content
+    let content;
+    if (isText) {
+      content = await fs.promises.readFile(filePath, "utf8");
+    } else {
+      const buffer = await fs.promises.readFile(filePath);
+      content = buffer.toString("base64");
+    }
+
+    // Build relative path for response
+    const relativePath = path.join("tasks", taskId, type, filename);
+
+    // Send successful response
+    sendJson(res, 200, {
+      ok: true,
+      jobId,
+      taskId,
+      type,
+      path: relativePath,
+      mime,
+      size: stats.size,
+      mtime: stats.mtime.toISOString(),
+      encoding,
+      content,
+    });
+  } catch (error) {
+    console.error("Error reading file:", error);
+    sendJson(res, 500, {
+      ok: false,
+      error: "internal_error",
+      message: "Failed to read file",
+    });
+  }
+}