@saeed42/worktree-worker 1.5.0 → 1.7.0

package/dist/main.js

@@ -1664,6 +1664,303 @@ git.delete("/config", async (c) => {
     );
   }
 });
+var gitExecSchema = z3.object({
+  args: z3.array(z3.string()).min(1, "At least one git argument is required"),
+  cwd: z3.string().optional()
+});
+git.post("/exec", async (c) => {
+  const log = logger.child({ route: "git/exec" });
+  try {
+    const body = await c.req.json().catch(() => ({}));
+    const parsed = gitExecSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json(
+        { success: false, error: { code: "VALIDATION_ERROR", message: parsed.error.message } },
+        400
+      );
+    }
+    const { args, cwd } = parsed.data;
+    const command = args[0];
+    const allowedCommands = [
+      "log",
+      "show",
+      "diff",
+      "status",
+      "branch",
+      "rev-list",
+      "rev-parse",
+      "ls-files",
+      "ls-tree",
+      "cat-file",
+      "describe",
+      "shortlog",
+      "blame",
+      "stash",
+      // Allow stash list
+      "remote",
+      // Allow remote -v
+      "config"
+      // Allow config --get
+    ];
+    const blockedCommands = [
+      "push",
+      "pull",
+      "fetch",
+      "clone",
+      "reset",
+      "checkout",
+      "merge",
+      "rebase",
+      "cherry-pick",
+      "revert",
+      "rm",
+      "mv",
+      "clean",
+      "gc",
+      "prune",
+      "filter-branch",
+      "reflog"
+    ];
+    if (blockedCommands.includes(command)) {
+      log.warn("Blocked dangerous git command", { command, args });
+      return c.json(
+        { success: false, error: { code: "FORBIDDEN", message: `Command '${command}' is not allowed` } },
+        403
+      );
+    }
+    if (!allowedCommands.includes(command)) {
+      log.warn("Unknown git command attempted", { command, args });
+      return c.json(
+        { success: false, error: { code: "FORBIDDEN", message: `Command '${command}' is not allowed` } },
+        403
+      );
+    }
+    log.debug("Executing git command", { args: args.slice(0, 3), cwd });
+    const result = await gitService.exec(args, cwd);
+    return c.json({
+      success: result.code === 0,
+      data: {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        code: result.code
+      }
+    });
+  } catch (err) {
+    const error = err;
+    log.error("Failed to execute git command", { error: error.message });
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
+  }
+});
+var commitsQuerySchema = z3.object({
+  cwd: z3.string().min(1, "Working directory is required"),
+  baseBranch: z3.string().optional().default("main"),
+  limit: z3.coerce.number().optional().default(50)
+});
+git.get("/commits", async (c) => {
+  const log = logger.child({ route: "git/commits" });
+  try {
+    const query = c.req.query();
+    const parsed = commitsQuerySchema.safeParse(query);
+    if (!parsed.success) {
+      return c.json(
+        { success: false, error: { code: "VALIDATION_ERROR", message: parsed.error.message } },
+        400
+      );
+    }
+    const { cwd, baseBranch, limit } = parsed.data;
+    const branchResult = await gitService.exec(["rev-parse", "--abbrev-ref", "HEAD"], cwd);
+    const currentBranch = branchResult.code === 0 ? branchResult.stdout.trim() : "unknown";
+    const logResult = await gitService.exec([
+      "log",
+      `origin/${baseBranch}..HEAD`,
+      `--format=%H|%h|%s|%an|%ae|%aI`,
+      "--no-merges",
+      `-n${limit}`
+    ], cwd);
+    let commits = [];
+    if (logResult.code === 0 && logResult.stdout.trim()) {
+      const lines = logResult.stdout.trim().split("\n").filter(Boolean);
+      commits = lines.map((line) => {
+        const [sha, shortSha, message, author, authorEmail, date] = line.split("|");
+        return { sha, shortSha, message, author, authorEmail, date };
+      });
+    }
+    let ahead = commits.length;
+    let behind = 0;
+    const revListResult = await gitService.exec([
+      "rev-list",
+      "--left-right",
+      "--count",
+      `origin/${baseBranch}...HEAD`
+    ], cwd);
+    if (revListResult.code === 0 && revListResult.stdout.trim()) {
+      const parts = revListResult.stdout.trim().split(/\s+/);
+      if (parts.length >= 2) {
+        behind = parseInt(parts[0], 10) || 0;
+        ahead = parseInt(parts[1], 10) || commits.length;
+      }
+    }
+    log.debug("Fetched commits", {
+      branch: currentBranch,
+      count: commits.length,
+      ahead,
+      behind
+    });
+    return c.json({
+      success: true,
+      data: {
+        commits,
+        branch: currentBranch,
+        baseBranch,
+        ahead,
+        behind
+      }
+    });
+  } catch (err) {
+    const error = err;
+    log.error("Failed to get commits", { error: error.message });
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
+  }
+});
+var pushSchema2 = z3.object({
+  cwd: z3.string().min(1, "Working directory is required"),
+  branch: z3.string().min(1, "Branch is required"),
+  githubToken: z3.string().min(1, "GitHub token is required"),
+  upToCommit: z3.string().optional()
+});
+git.post("/push", async (c) => {
+  const log = logger.child({ route: "git/push" });
+  try {
+    const body = await c.req.json().catch(() => ({}));
+    const parsed = pushSchema2.safeParse(body);
+    if (!parsed.success) {
+      return c.json(
+        { success: false, error: { code: "VALIDATION_ERROR", message: parsed.error.message } },
+        400
+      );
+    }
+    const { cwd, branch, githubToken, upToCommit } = parsed.data;
+    log.info("Pushing to remote", { branch, hasUpToCommit: !!upToCommit });
+    await gitService.exec([
+      "config",
+      "--global",
+      "credential.helper",
+      "store --file=/tmp/.git-credentials"
+    ]);
+    await gitService.exec(["config", "--global", "core.askPass", ""]);
+    const credLine = `https://x-access-token:${githubToken}@github.com
+`;
+    await fs.writeFile("/tmp/.git-credentials", credLine, { mode: 384 });
+    try {
+      let pushArgs;
+      if (upToCommit) {
+        pushArgs = ["push", "origin", `${upToCommit}:${branch}`];
+      } else {
+        pushArgs = ["push", "origin", branch];
+      }
+      log.debug("Executing git push", { args: pushArgs });
+      const result = await gitService.exec(pushArgs, cwd);
+      if (result.code !== 0) {
+        const output = result.stderr || result.stdout || "";
+        log.error("Git push failed", { stderr: output, code: result.code });
+        if (output.includes("rejected") || output.includes("non-fast-forward")) {
+          return c.json(
+            { success: false, error: { code: "REJECTED", message: "Push rejected: Remote has changes. Please pull first." } },
+            409
+          );
+        }
+        if (output.includes("Permission denied") || output.includes("authentication") || output.includes("fatal: Authentication")) {
+          return c.json(
+            { success: false, error: { code: "AUTH_FAILED", message: "GitHub authentication failed." } },
+            403
+          );
+        }
+        return c.json(
+          { success: false, error: { code: "PUSH_FAILED", message: output || "Git push failed" } },
+          500
+        );
+      }
+      log.info("Git push successful", { branch });
+      return c.json({
+        success: true,
+        data: {
+          branch,
+          message: "Push successful"
+        }
+      });
+    } finally {
+      try {
+        await fs.unlink("/tmp/.git-credentials");
+      } catch {
+      }
+    }
+  } catch (err) {
+    const error = err;
+    log.error("Failed to push", { error: error.message });
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
+  }
+});
+var discardSchema = z3.object({
+  cwd: z3.string().min(1, "Working directory is required"),
+  baseBranch: z3.string().min(1, "Base branch is required"),
+  commitSha: z3.string().optional()
+  // If provided, reset to before this commit
+});
+git.post("/discard", async (c) => {
+  const log = logger.child({ route: "git/discard" });
+  try {
+    const body = await c.req.json().catch(() => ({}));
+    const parsed = discardSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json(
+        { success: false, error: { code: "VALIDATION_ERROR", message: parsed.error.message } },
+        400
+      );
+    }
+    const { cwd, baseBranch, commitSha } = parsed.data;
+    let resetTarget;
+    if (commitSha) {
+      resetTarget = `${commitSha}^`;
+      log.info("Reverting commit", { commitSha });
+    } else {
+      resetTarget = `origin/${baseBranch}`;
+      log.info("Discarding all local commits", { baseBranch });
+      await gitService.exec(["fetch", "origin", baseBranch], cwd);
+    }
+    const result = await gitService.exec(["reset", "--hard", resetTarget], cwd);
+    if (result.code !== 0) {
+      log.error("Git reset failed", { stderr: result.stderr });
+      return c.json(
+        { success: false, error: { code: "RESET_FAILED", message: result.stderr || "Failed to reset" } },
+        500
+      );
+    }
+    log.info("Discard successful", { resetTarget });
+    return c.json({
+      success: true,
+      data: {
+        resetTarget,
+        message: commitSha ? "Commit reverted" : "All local commits discarded"
+      }
+    });
+  } catch (err) {
+    const error = err;
+    log.error("Failed to discard", { error: error.message });
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
+  }
+});
 
 // src/main.ts
 var app = new Hono5();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@saeed42/worktree-worker",
-  "version": "1.5.0",
+  "version": "1.7.0",
   "description": "Git worktree management service for AI agent trials",
   "type": "module",
   "main": "dist/main.js",