@venturewild/workspace 0.1.0

package/server/src/index.mjs

@@ -0,0 +1,635 @@
+// wild-workspace server bootstrap.
+// Three processes per AR-17:
+//   - this Node server (Hono): REST + WebSocket + frontend bundle
+//   - AI agent subprocess: spawned per chat session via agent.mjs
+//   - bmo-sync daemon (v1.x — out of scope for this scaffold)
+
+import { Hono } from 'hono';
+import { serveStatic } from '@hono/node-server/serve-static';
+import { serve } from '@hono/node-server';
+import { WebSocketServer } from 'ws';
+import { existsSync, mkdirSync, readFileSync } from 'node:fs';
+import path from 'node:path';
+import url from 'node:url';
+import {
+  buildConfig,
+  ROLES,
+  ROLE_CAPABILITIES,
+  APP_VERSION,
+  DEFAULT_AGENTS,
+  assertSecureBinding,
+} from './config.mjs';
+import { detectAgents, AgentSession, pickDefaultAgent } from './agent.mjs';
+import { mintShareToken, verifyShareToken, buildShareUrl, TokenRegistry } from './share.mjs';
+import { listDir, readFile, fullTree, workspaceSummary, safeResolve } from './fs.mjs';
+import { InboxWatcher } from './inbox.mjs';
+import { ActivityBus } from './activity.mjs';
+import { DaemonBridge } from './daemon.mjs';
+import { SyncControl } from './sync.mjs';
+import { detectPreviewPorts, checkPort } from './preview.mjs';
+import { nanoid } from 'nanoid';
+
+const __filename = url.fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+export async function createServer(overrides = {}) {
+  const config = buildConfig(overrides);
+  // Refuse to start on a public bind with a forgeable default secret. (C1/C2)
+  assertSecureBinding(config);
+  if (!existsSync(config.dataDir)) mkdirSync(config.dataDir, { recursive: true });
+
+  const activityBus = new ActivityBus();
+  const tokenRegistry = new TokenRegistry();
+  const inboxWatcher = new InboxWatcher(config.workspaceDir).start();
+  inboxWatcher.on('change', (payload) => {
+    activityBus.publish({ type: 'inbox-change', snapshot: payload.snapshot });
+  });
+
+  // Bridge the bmo-sync daemon's event feed into the ActivityBus. The daemon
+  // is a separate process and may be absent — the bridge retries quietly.
+  // `overrides.daemonBridge: false` disables it (used by tests).
+  const daemonBridge =
+    overrides.daemonBridge === false
+      ? null
+      : new DaemonBridge(activityBus, { url: config.daemonUrl }).start();
+
+  // Control plane for bmo-sync folder sharing (pair / detach / invite).
+  // `overrides.syncControl` is a test seam.
+  const syncControl =
+    overrides.syncControl ||
+    new SyncControl({
+      daemonHttpUrl: config.daemonHttpUrl,
+      bmoSyncServerUrl: config.bmoSyncServerUrl,
+      adminKey: config.bmoSyncAdminKey,
+    });
+
+  // `overrides.agents` / `overrides.activeAgent` are a test/embedding seam:
+  // a caller can inject agent definitions instead of probing PATH.
+  const detectedAgents = overrides.agents || (await detectAgents());
+  let activeAgent = overrides.activeAgent || pickDefaultAgent(detectedAgents);
+
+  const app = new Hono();
+
+  // --- auth + role resolution ---
+  async function resolveRole(c) {
+    const auth = c.req.header('authorization');
+    if (auth?.startsWith('Bearer ')) {
+      const token = auth.slice('Bearer '.length).trim();
+      if (token === config.partnerToken) {
+        return { role: ROLES.PARTNER, sub: 'partner', source: 'partner-token' };
+      }
+      const payload = await verifyShareToken(token, config.shareSecret);
+      if (payload && !tokenRegistry.isRevoked(payload.sub)) {
+        return {
+          role: payload.role,
+          sub: payload.sub,
+          workspaceId: payload.workspaceId,
+          source: 'share-jwt',
+          exp: payload.exp,
+        };
+      }
+    }
+    const queryToken = c.req.query('t');
+    if (queryToken) {
+      // A browser opening the workspace URL can only carry a token in the
+      // query string, not an Authorization header — so the partner token is
+      // accepted here too, mirroring the WebSocket upgrade handler.
+      if (queryToken === config.partnerToken) {
+        return { role: ROLES.PARTNER, sub: 'partner', source: 'partner-token-query' };
+      }
+      const payload = await verifyShareToken(queryToken, config.shareSecret);
+      if (payload && !tokenRegistry.isRevoked(payload.sub)) {
+        return {
+          role: payload.role,
+          sub: payload.sub,
+          workspaceId: payload.workspaceId,
+          source: 'share-jwt-query',
+          exp: payload.exp,
+        };
+      }
+    }
+    // Default for local partner UX — same machine, no token expected.
+    if (!config.publicMode) {
+      return { role: ROLES.PARTNER, sub: 'local-partner', source: 'localhost' };
+    }
+    // Public mode with no valid token: deny. No anonymous viewer access —
+    // a share JWT or the partner token is required. (Concern C1.)
+    return { role: null, sub: 'anon', source: 'unauth', denied: true };
+  }
+
+  function require(c, capability) {
+    const cap = ROLE_CAPABILITIES[c.get('role')];
+    if (!cap || !cap[capability]) {
+      return c.json({ error: 'forbidden', capability, role: c.get('role') }, 403);
+    }
+    return null;
+  }
+
+  app.use('*', async (c, next) => {
+    const session = await resolveRole(c);
+    c.set('role', session.role);
+    c.set('session', session);
+    // Block the API for denied (non-localhost, unauthenticated) requests, but
+    // let static assets and the health check through so the SPA can still
+    // load and prompt for a token. (Concern C1.)
+    if (session.denied && c.req.path.startsWith('/api/') && c.req.path !== '/api/health') {
+      return c.json({ error: 'unauthorized' }, 401);
+    }
+    await next();
+  });
+
+  // --- meta ---
+  app.get('/api/health', (c) =>
+    c.json({ status: 'ok', version: APP_VERSION, ts: Date.now() }),
+  );
+
+  app.get('/api/session', (c) => {
+    const session = c.get('session');
+    const role = c.get('role');
+    return c.json({
+      version: APP_VERSION,
+      role,
+      capabilities: ROLE_CAPABILITIES[role],
+      workspace: workspaceSummary(config.workspaceDir),
+      workspaceId: config.workspaceId,
+      session,
+      agent: activeAgent
+        ? { id: activeAgent.id, label: activeAgent.label, available: activeAgent.available }
+        : null,
+    });
+  });
+
+  app.get('/api/agents', (c) =>
+    c.json({
+      available: detectedAgents.map(({ id, label, description, available, resolvedPath }) => ({
+        id,
+        label,
+        description,
+        available,
+        resolvedPath,
+      })),
+      active: activeAgent?.id,
+    }),
+  );
+
+  app.post('/api/agents/select', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    const next = detectedAgents.find((a) => a.id === body.id);
+    if (!next) return c.json({ error: 'unknown-agent', id: body.id }, 400);
+    activeAgent = next;
+    activityBus.publish({ type: 'agent-changed', agentId: next.id });
+    return c.json({ ok: true, active: activeAgent.id });
+  });
+
+  // --- workspace files ---
+  app.get('/api/workspace/tree', async (c) => {
+    if (!ROLE_CAPABILITIES[c.get('role')].fileTree) {
+      return c.json({ error: 'forbidden' }, 403);
+    }
+    try {
+      const tree = await fullTree(config.workspaceDir, 3);
+      return c.json({ root: config.workspaceDir, entries: tree });
+    } catch (e) {
+      return c.json({ error: String(e.message || e) }, 500);
+    }
+  });
+
+  app.get('/api/workspace/list', async (c) => {
+    if (!ROLE_CAPABILITIES[c.get('role')].fileTree) {
+      return c.json({ error: 'forbidden' }, 403);
+    }
+    const p = c.req.query('path') || '';
+    try {
+      const items = await listDir(config.workspaceDir, p);
+      if (items == null) return c.json({ error: 'not-a-directory' }, 400);
+      return c.json({ path: p, items });
+    } catch (e) {
+      return c.json({ error: String(e.message || e) }, 400);
+    }
+  });
+
+  app.get('/api/workspace/file', async (c) => {
+    if (!ROLE_CAPABILITIES[c.get('role')].fileTree) {
+      return c.json({ error: 'forbidden' }, 403);
+    }
+    const p = c.req.query('path');
+    if (!p) return c.json({ error: 'path-required' }, 400);
+    try {
+      const result = await readFile(config.workspaceDir, p);
+      return c.json({ path: p, ...result });
+    } catch (e) {
+      return c.json({ error: String(e.message || e) }, 400);
+    }
+  });
+
+  // --- component inbox ---
+  app.get('/api/inbox', async (c) => {
+    const snapshot = await inboxWatcher.snapshot();
+    return c.json(snapshot);
+  });
+
+  // --- live preview port detection ---
+  app.get('/api/preview/ports', async (c) => {
+    const ports = await detectPreviewPorts();
+    return c.json({ ports });
+  });
+
+  app.get('/api/preview/check', async (c) => {
+    const port = Number(c.req.query('port'));
+    if (!port) return c.json({ error: 'port-required' }, 400);
+    const host = c.req.query('host') || '127.0.0.1';
+    return c.json({ port, host, listening: await checkPort(port, host) });
+  });
+
+  // --- activity stream snapshot (WebSocket carries live updates) ---
+  app.get('/api/activity', (c) => c.json(activityBus.snapshot()));
+
+  // --- share-by-URL (AR-20) ---
+  app.post('/api/share', async (c) => {
+    const forbidden = require(c, 'share');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    const role = body.role === 'client' ? 'client' : 'viewer';
+    const ttlSeconds = Number(body.ttlSeconds) || 60 * 60 * 24;
+    const label = body.label || (role === 'client' ? 'Client portal' : 'Viewer');
+    try {
+      const minted = await mintShareToken({
+        secret: config.shareSecret,
+        workspaceId: config.workspaceId,
+        role,
+        ttlSeconds,
+      });
+      tokenRegistry.add({
+        ...minted,
+        label,
+        createdAt: Date.now(),
+      });
+      const shareUrl = buildShareUrl({
+        shareBaseUrl: config.shareBaseUrl,
+        workspaceId: config.workspaceId,
+        token: minted.token,
+      });
+      activityBus.publish({
+        type: 'share-issued',
+        role,
+        sub: minted.sub,
+        exp: minted.exp,
+        label,
+      });
+      return c.json({ ...minted, shareUrl, label });
+    } catch (e) {
+      return c.json({ error: String(e.message || e) }, 400);
+    }
+  });
+
+  app.get('/api/share', (c) => {
+    const forbidden = require(c, 'share');
+    if (forbidden) return forbidden;
+    return c.json({ tokens: tokenRegistry.list() });
+  });
+
+  app.delete('/api/share/:sub', (c) => {
+    const forbidden = require(c, 'share');
+    if (forbidden) return forbidden;
+    const sub = c.req.param('sub');
+    tokenRegistry.revoke(sub);
+    activityBus.publish({ type: 'share-revoked', sub });
+    return c.json({ ok: true, sub });
+  });
+
+  // --- bmo-sync folder sharing ---
+  // Pairing / detaching a folder and minting invites all run through the
+  // bmo-sync daemon (and, for invites, the central server). Partner-only.
+  app.get('/api/sync/status', async (c) => {
+    const forbidden = require(c, 'sync');
+    if (forbidden) return forbidden;
+    const status = await syncControl.status();
+    return c.json({
+      ...status,
+      workspaceDir: config.workspaceDir,
+      workspaceName: path.basename(config.workspaceDir),
+    });
+  });
+
+  app.post('/api/sync/pair', async (c) => {
+    const forbidden = require(c, 'sync');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const workspace = await syncControl.pair(body.inviteCode, config.workspaceDir);
+      activityBus.publish({
+        type: 'sync-paired',
+        workspaceId: workspace.workspaceId,
+        projectName: workspace.projectName,
+      });
+      return c.json({ ok: true, workspace });
+    } catch (e) {
+      return c.json({ error: String(e.message || e) }, 400);
+    }
+  });
+
+  app.post('/api/sync/detach', async (c) => {
+    const forbidden = require(c, 'sync');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const result = await syncControl.detach(body.workspaceId);
+      activityBus.publish({ type: 'sync-detached', workspaceId: body.workspaceId });
+      return c.json({ ok: true, ...result });
+    } catch (e) {
+      return c.json({ error: String(e.message || e) }, 400);
+    }
+  });
+
+  app.post('/api/sync/invite', async (c) => {
+    const forbidden = require(c, 'sync');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const invite = await syncControl.createInvite({
+        projectCode: body.projectCode,
+        displayName: body.displayName,
+        expiresHours: body.expiresHours,
+      });
+      return c.json({ ok: true, invite });
+    } catch (e) {
+      return c.json({ error: String(e.message || e) }, 400);
+    }
+  });
+
+  // --- chat REST fallback (for clients that can't WebSocket) ---
+  app.post('/api/chat', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    const prompt = (body.prompt || '').trim();
+    if (!prompt) return c.json({ error: 'prompt-required' }, 400);
+    const session = new AgentSession(activeAgent);
+    return new Promise((resolve) => {
+      const chunks = [];
+      session.on('chunk', (chunk) => chunks.push(chunk));
+      session.on('end', ({ code }) => {
+        resolve(c.json({ ok: true, exitCode: code, chunks }));
+      });
+      session.on('error', (err) => {
+        resolve(c.json({ ok: false, error: String(err.message || err) }, 500));
+      });
+      session.send(prompt, { cwd: config.workspaceDir, mode: body.mode });
+    });
+  });
+
+  // --- request-changes (client role) ---
+  const changeRequests = [];
+  app.post('/api/request-changes', async (c) => {
+    const forbidden = require(c, 'requestChanges');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    const text = (body.text || '').trim();
+    if (!text) return c.json({ error: 'text-required' }, 400);
+    const session = c.get('session');
+    const entry = {
+      id: nanoid(12),
+      text,
+      from: session.sub || 'client',
+      ts: Date.now(),
+    };
+    changeRequests.push(entry);
+    activityBus.publish({ type: 'request-changes', entry });
+    return c.json({ ok: true, entry });
+  });
+
+  app.get('/api/request-changes', (c) => c.json({ requests: changeRequests }));
+
+  // --- frontend bundle (built by `npm run build:web`) ---
+  if (existsSync(config.webDir)) {
+    app.use(
+      '/*',
+      serveStatic({
+        root: path.relative(process.cwd(), config.webDir),
+      }),
+    );
+    // SPA fallback
+    app.notFound((c) => {
+      const indexHtmlPath = path.join(config.webDir, 'index.html');
+      if (existsSync(indexHtmlPath)) {
+        return new Response(readFileSync(indexHtmlPath), {
+          headers: { 'content-type': 'text/html' },
+        });
+      }
+      return c.text('wild-workspace: frontend not built; run `npm run build`', 200);
+    });
+  } else {
+    app.notFound((c) =>
+      c.text(
+        'wild-workspace API ready. Frontend bundle missing — run `npm run build` first.',
+        200,
+      ),
+    );
+  }
+
+  const httpServer = serve({
+    fetch: app.fetch,
+    port: config.port,
+    hostname: config.host,
+  });
+  // wait until the server is actually listening before continuing
+  await new Promise((resolve, reject) => {
+    if (httpServer.listening) return resolve();
+    httpServer.once('listening', resolve);
+    httpServer.once('error', reject);
+  });
+
+  // --- websocket bridge ---
+  const wss = new WebSocketServer({ noServer: true });
+  httpServer.on('upgrade', async (req, socket, head) => {
+    const reqUrl = new URL(req.url, `http://${req.headers.host || 'localhost'}`);
+    const supported = ['/ws/chat', '/ws/activity'];
+    if (!supported.includes(reqUrl.pathname)) {
+      socket.destroy();
+      return;
+    }
+    const tokenFromQuery = reqUrl.searchParams.get('t');
+    let role = null;
+    let sub = 'anon';
+    if (tokenFromQuery === config.partnerToken) {
+      role = ROLES.PARTNER;
+      sub = 'partner';
+    } else if (tokenFromQuery) {
+      const payload = await verifyShareToken(tokenFromQuery, config.shareSecret);
+      if (payload && !tokenRegistry.isRevoked(payload.sub)) {
+        role = payload.role;
+        sub = payload.sub;
+      }
+    } else if (!config.publicMode) {
+      role = ROLES.PARTNER;
+      sub = 'local-partner';
+    }
+    // Deny: public mode with no token, or any invalid/revoked token. An
+    // invalid token must NOT silently fall back to partner. (Concern C1.)
+    if (!role) {
+      socket.destroy();
+      return;
+    }
+    wss.handleUpgrade(req, socket, head, (ws) => {
+      ws._wsRole = role;
+      ws._wsSub = sub;
+      wss.emit('connection', ws, req, reqUrl.pathname);
+    });
+  });
+
+  wss.on('connection', (ws, req, route) => {
+    if (route === '/ws/activity') return wireActivityWs(ws);
+    if (route === '/ws/chat') return wireChatWs(ws);
+  });
+
+  function wireActivityWs(ws) {
+    const presence = activityBus.joinPresence({
+      sessionId: nanoid(10),
+      role: ws._wsRole,
+      label: ws._wsRole,
+    });
+    ws.send(
+      JSON.stringify({
+        type: 'snapshot',
+        snapshot: activityBus.snapshot(),
+        you: presence,
+      }),
+    );
+    const onEvent = (evt) => {
+      if (ws.readyState === ws.OPEN) ws.send(JSON.stringify(evt));
+    };
+    activityBus.on('event', onEvent);
+    ws.on('message', (raw) => {
+      try {
+        const msg = JSON.parse(raw.toString());
+        if (msg.type === 'focus') {
+          activityBus.updateFocus(presence.sessionId, msg.focus || null);
+        }
+      } catch {}
+    });
+    ws.on('close', () => {
+      activityBus.off('event', onEvent);
+      activityBus.leavePresence(presence.sessionId);
+    });
+  }
+
+  function wireChatWs(ws) {
+    const cap = ROLE_CAPABILITIES[ws._wsRole];
+    let activeSession = null;
+    ws.send(JSON.stringify({ type: 'hello', role: ws._wsRole, agent: activeAgent?.id }));
+    ws.on('message', (raw) => {
+      let msg;
+      try {
+        msg = JSON.parse(raw.toString());
+      } catch {
+        ws.send(JSON.stringify({ type: 'error', message: 'invalid json' }));
+        return;
+      }
+      if (msg.type === 'send') {
+        if (!cap.chatWrite) {
+          ws.send(
+            JSON.stringify({ type: 'error', message: 'role not permitted to send' }),
+          );
+          return;
+        }
+        if (activeSession) activeSession.close();
+        const messageId = msg.messageId || nanoid(8);
+        activityBus.publish({
+          type: 'chat-user',
+          messageId,
+          role: ws._wsRole,
+          text: msg.text,
+        });
+        activeSession = new AgentSession(activeAgent);
+        activeSession.on('chunk', (chunk) => {
+          ws.send(JSON.stringify({ type: 'chunk', messageId, chunk }));
+          activityBus.publish({ type: 'chat-stream', messageId, chunk });
+          // Surface the turn's token/cost totals so the activity bar can show
+          // running usage — the ActivityBus accumulates events typed 'usage'.
+          if (chunk.type === 'usage' && chunk.usage) {
+            activityBus.publish({ type: 'usage', usage: chunk.usage });
+          }
+        });
+        activeSession.on('stderr', (text) => {
+          ws.send(JSON.stringify({ type: 'stderr', messageId, text }));
+        });
+        activeSession.on('end', ({ code }) => {
+          ws.send(JSON.stringify({ type: 'end', messageId, code }));
+          activityBus.publish({ type: 'chat-end', messageId, code });
+          activeSession = null;
+        });
+        activeSession.on('error', (err) => {
+          ws.send(
+            JSON.stringify({
+              type: 'error',
+              messageId,
+              message: String(err.message || err),
+            }),
+          );
+          activeSession = null;
+        });
+        activeSession.send(msg.text, {
+          cwd: config.workspaceDir,
+          mode: msg.mode,
+        });
+      } else if (msg.type === 'cancel') {
+        if (activeSession) activeSession.close();
+        activeSession = null;
+      }
+    });
+    ws.on('close', () => {
+      if (activeSession) activeSession.close();
+    });
+  }
+
+  return {
+    config,
+    app,
+    httpServer,
+    wss,
+    activityBus,
+    inboxWatcher,
+    tokenRegistry,
+    daemonBridge,
+    syncControl,
+    detectedAgents,
+    getActiveAgent: () => activeAgent,
+    async stop() {
+      try { inboxWatcher.stop(); } catch {}
+      try { daemonBridge?.stop(); } catch {}
+      try { wss.close(); } catch {}
+      await new Promise((resolve) => httpServer.close(resolve));
+    },
+  };
+}
+
+// Standalone entry — runs when executed directly (node server/src/index.mjs).
+const isDirectRun = process.argv[1] && path.resolve(process.argv[1]) === __filename;
+if (isDirectRun) {
+  createServer().then(async (s) => {
+    const { config } = s;
+    console.log(`\n  wild-workspace v${APP_VERSION}`);
+    console.log(`  workspace : ${config.workspaceDir}`);
+    console.log(`  url       : http://${config.host}:${config.port}`);
+    console.log(`  agent     : ${s.getActiveAgent()?.label || '(none detected)'}`);
+    if (config.publicMode) {
+      // Public mode: no anonymous access. Partner must authenticate.
+      console.log(`  mode      : PUBLIC — anonymous requests denied`);
+      console.log(`  partner   : append ?t=${config.partnerToken} to the URL`);
+    }
+    console.log('');
+    if (config.openBrowser) {
+      try {
+        const open = (await import('open')).default;
+        open(`http://${config.host}:${config.port}`);
+      } catch (e) {
+        // browser is best-effort; not having one isn't fatal
+      }
+    }
+  }).catch((err) => {
+    console.error('wild-workspace failed to start:', err);
+    process.exit(1);
+  });
+}

package/server/src/preview.mjs

@@ -0,0 +1,31 @@
+// Live preview pane — detect dev-server ports the agent spawns.
+// AR-16: live preview iframe is the secondary surface.
+
+import net from 'node:net';
+
+const COMMON_DEV_PORTS = [3000, 3001, 4000, 4173, 5174, 5175, 8000, 8080, 8081, 8888, 9000];
+
+export async function checkPort(port, host = '127.0.0.1', timeoutMs = 250) {
+  return new Promise((resolve) => {
+    const socket = new net.Socket();
+    let done = false;
+    const finish = (ok) => {
+      if (done) return;
+      done = true;
+      try { socket.destroy(); } catch {}
+      resolve(ok);
+    };
+    socket.setTimeout(timeoutMs);
+    socket.once('connect', () => finish(true));
+    socket.once('timeout', () => finish(false));
+    socket.once('error', () => finish(false));
+    socket.connect(port, host);
+  });
+}
+
+export async function detectPreviewPorts(ports = COMMON_DEV_PORTS, host = '127.0.0.1') {
+  const results = await Promise.all(
+    ports.map(async (port) => ({ port, host, listening: await checkPort(port, host) })),
+  );
+  return results.filter((r) => r.listening);
+}