@worca/ui 0.41.0 → 0.43.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@worca/ui",
-  "version": "0.41.0",
+  "version": "0.43.0",
   "description": "Pipeline monitoring UI for worca-cc",
   "license": "MIT",
   "author": "Sinisha Djukic",
@@ -75,7 +75,7 @@
   },
   "devDependencies": {
     "@biomejs/biome": "^2.2.4",
-    "@playwright/test": "^1.58.2",
+    "@playwright/test": "^1.60.0",
     "@vitest/coverage-v8": "^4.0.15",
     "esbuild": "^0.27.1",
     "jsdom": "^29.0.1",

package/server/app.js

@@ -191,6 +191,50 @@ export function createApp(options = {}) {
   // /api/projects/:id/runs could both pass the cap check and start.
   const launchLock = new LaunchLock();
 
+  // In-process mutex for deferred PR creation — keyed by `${project}/${runId}`.
+  // Handles double-click races: a second POST while the first is in-flight gets 409.
+  const inFlightPrCreation = new Map();
+
+  // Spawner for `worca pr create` — overridable via options._spawnPrCreate for tests.
+  const prSpawn =
+    options._spawnPrCreate ||
+    ((runId, projectPath) =>
+      new Promise((resolve, reject) => {
+        const child = spawn(
+          'python3',
+          [
+            '-m',
+            'worca.cli.main',
+            'pr',
+            'create',
+            '--project',
+            projectPath,
+            '--',
+            runId,
+          ],
+          { stdio: ['ignore', 'pipe', 'pipe'], env: { ...process.env } },
+        );
+        let stdout = '';
+        let stderr = '';
+        child.stdout.on('data', (chunk) => {
+          stdout += chunk.toString();
+        });
+        child.stderr.on('data', (chunk) => {
+          stderr += chunk.toString();
+        });
+        child.on('error', reject);
+        child.on('exit', (code) => {
+          if (code === 0) resolve({ stdout, stderr });
+          else
+            reject(
+              Object.assign(
+                new Error(`worca pr create failed: ${stderr.trim()}`),
+                { stderr },
+              ),
+            );
+        });
+      }));
+
   // ─── Legacy single-project API ─────────────────────────────────────────
   // Mounts the shared project-scoped routes at /api with a middleware that
   // injects req.project from the closure options, so /api/runs, /api/settings,
@@ -817,6 +861,52 @@ export function createApp(options = {}) {
     app.use('/api/workspace-runs', workspaceRouters.workspaceRuns);
   }
 
+  // POST /api/projects/:project/runs/:runId/pr — trigger deferred PR creation.
+  // The in-process mutex (inFlightPrCreation) prevents double-click races: a
+  // second request while the first is still in-flight returns 409 immediately.
+  // The CLI's own status.json lock covers concurrent-process races.
+  app.post('/api/projects/:project/runs/:runId/pr', async (req, res) => {
+    const { project, runId } = req.params;
+
+    if (!/^[A-Za-z0-9_.-]+$/.test(runId) || runId.startsWith('-')) {
+      return res.status(400).json({ error: 'invalid_run_id' });
+    }
+
+    const key = `${project}/${runId}`;
+
+    if (inFlightPrCreation.has(key)) {
+      return res.status(409).json({ error: 'pr_creation_in_progress' });
+    }
+
+    // Resolve the project path: use req.project if set by projectResolver
+    // (global mode), otherwise fall back to projectRoot or cwd.
+    const projectPath = req.project?.path ?? projectRoot ?? process.cwd();
+
+    const work = (async () => {
+      const { stdout } = await prSpawn(runId, projectPath);
+      // Match a PR/MR URL across hosts the CLI may emit: GitHub (/pull/N),
+      // GitLab (/-/merge_requests/N), Bitbucket (/pull-requests/N), and
+      // Azure DevOps (/pullrequest/N). Keep it provider-agnostic so the
+      // returned pr_url isn't silently dropped on non-GitHub hosts.
+      const prUrlMatch = stdout.match(
+        /https?:\/\/\S+?\/(?:pull|pull-requests|pullrequest|merge_requests)\/\d+/,
+      );
+      if (prUrlMatch) return { pr_url: prUrlMatch[0] };
+      return {};
+    })();
+
+    inFlightPrCreation.set(key, work);
+
+    try {
+      const result = await work;
+      res.json(result);
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    } finally {
+      inFlightPrCreation.delete(key);
+    }
+  });
+
   // POST /api/integrations/telegram/detect — find chat IDs from recent messages.
   // If the Telegram adapter is running, temporarily pauses its poll loop so
   // getUpdates returns results instead of being consumed by the long-poller.

package/server/dispatch-defaults.js

@@ -64,12 +64,12 @@ export const DISPATCH_DEFAULTS = {
     },
   },
   subagents: {
+    // No subagents are denied by default. general-purpose (a full-tool Claude
+    // session) is now allowed under the '*' wildcard like any other subagent;
+    // a project can still deny specific subagents via always_disallowed /
+    // default_denied. Mirror of _DISPATCH_DEFAULTS in tracking.py.
     always_disallowed: [],
-    // general-purpose spawns an unconstrained full-tool Claude session, so it
-    // stays denied under the '*' wildcard — but as default_denied (not
-    // always_disallowed) a project can re-allow it per agent by naming it in
-    // per_agent_allow.
-    default_denied: ['general-purpose'],
+    default_denied: [],
     per_agent_allow: { _defaults: ['*'] },
   },
 };

package/server/dispatch-events-aggregator.js

@@ -24,6 +24,31 @@ const DISPATCH_EVENT_TYPES = new Set([
   'pipeline.hook.dispatch_blocked',
 ]);
 
+/**
+ * Classify a single parsed events.jsonl line. Returns the normalised dispatch
+ * entry if the line is a dispatch event, or null otherwise. Extracted so a
+ * combined single-pass reader (events-jsonl-reader.js) can share the exact same
+ * normalisation as the standalone reader below.
+ *
+ * @param {object} e — a parsed events.jsonl object
+ * @returns {{type, section, candidate, via?, reason?, timestamp}|null}
+ */
+export function parseDispatchEventLine(e) {
+  if (!e || !DISPATCH_EVENT_TYPES.has(e.event_type)) return null;
+  const payload = e.payload || {};
+  const candidate = payload.candidate;
+  if (!candidate) return null;
+  const entry = {
+    type: e.event_type,
+    section: payload.section || 'subagents',
+    candidate,
+    timestamp: e.timestamp,
+  };
+  if (payload.reason) entry.reason = payload.reason;
+  if (payload.via) entry.via = payload.via;
+  return entry;
+}
+
 /**
  * Parse events.jsonl and return only the dispatch events, with normalised shape.
  * Malformed lines are silently skipped so a corrupt event doesn't break the run view.
@@ -48,19 +73,8 @@ export function readDispatchEventsFromJsonl(eventsPath) {
     } catch {
       continue;
     }
-    if (!DISPATCH_EVENT_TYPES.has(e.event_type)) continue;
-    const payload = e.payload || {};
-    const candidate = payload.candidate;
-    if (!candidate) continue;
-    const entry = {
-      type: e.event_type,
-      section: payload.section || 'subagents',
-      candidate,
-      timestamp: e.timestamp,
-    };
-    if (payload.reason) entry.reason = payload.reason;
-    if (payload.via) entry.via = payload.via;
-    out.push(entry);
+    const entry = parseDispatchEventLine(e);
+    if (entry) out.push(entry);
   }
   return out;
 }

package/server/dispatch-migration.js

@@ -63,7 +63,9 @@ function _absorbFlatDispatchKeys(dispatch) {
 //   v1: collapse stale Explore-only subagent default; narrow worca-* skills glob.
 //   v2: move general-purpose from subagents.always_disallowed to default_denied
 //       (still denied by default, but allowable per-agent).
-export const DISPATCH_MIGRATION_VERSION = 2;
+//   v3: release general-purpose from default_denied entirely (now allowed under
+//       the "*" wildcard, matching the shipped default after the policy change).
+export const DISPATCH_MIGRATION_VERSION = 3;
 
 // Pre-W-054 (W-038-era) shipped subagent default: every pipeline agent capped
 // to Explore-only. coordinator:[] / empty lists fall through to _defaults and
@@ -184,6 +186,30 @@ export function adoptGeneralPurposeAllowable(subagentsCfg) {
   return true;
 }
 
+/**
+ * Remove general-purpose from default_denied to match the shipped default,
+ * which now allows it under the '*' wildcard. Reverses the untouched v2
+ * artifact (default_denied exactly `['general-purpose']`); a customized
+ * denylist (extra entries) is left alone. Returns true if changed. Mirror of
+ * release_general_purpose_default_deny() in tracking.py.
+ *
+ * @param {object} subagentsCfg
+ * @returns {boolean}
+ */
+export function releaseGeneralPurposeDefaultDeny(subagentsCfg) {
+  if (!subagentsCfg || typeof subagentsCfg !== 'object') return false;
+  const denied = subagentsCfg.default_denied;
+  if (
+    !Array.isArray(denied) ||
+    denied.length !== 1 ||
+    denied[0] !== 'general-purpose'
+  ) {
+    return false;
+  }
+  subagentsCfg.default_denied = [];
+  return true;
+}
+
 /**
  * Apply one-time dispatch-default normalizations, gated by a version stamp.
  * Brings an *untouched* config up to current shipped defaults for the two
@@ -215,6 +241,14 @@ export function normalizeDispatchDefaults(governanceCfg) {
       'governance.dispatch.subagents: moved general-purpose from always_disallowed to default_denied (now allowable per-agent)',
     );
   }
+  // Runs AFTER adoptGeneralPurposeAllowable so a v1 config that just had
+  // general-purpose moved into default_denied gets it released in the same
+  // pass — net result: general-purpose allowed under "*", matching the default.
+  if (releaseGeneralPurposeDefaultDeny(dispatch.subagents)) {
+    changes.push(
+      'governance.dispatch.subagents: released general-purpose from default_denied (now allowed under "*", matching the shipped default)',
+    );
+  }
   governanceCfg.dispatch_migration_version = DISPATCH_MIGRATION_VERSION;
   return changes;
 }

package/server/events-jsonl-reader.js

@@ -0,0 +1,93 @@
+/**
+ * Combined single-pass reader for a run's events.jsonl.
+ *
+ * Previously enrichment read the same file TWICE — once for dispatch events
+ * (dispatch-events-aggregator) and once for graph-query events
+ * (graph-query-aggregator) — each its own readFileSync + split + per-line
+ * JSON.parse. This module reads + parses the file ONCE and dispatches each line
+ * to both classifiers, halving the cost wherever enrichment still runs
+ * (findRun, the detailed-view live-update path). See issue #296.
+ *
+ * Results are cached by file mtime+size so an unchanged events.jsonl is parsed
+ * at most once across repeated enrichment (multiple subscribe-run calls, the
+ * status watcher's debounced refresh). A live run appends to the file, changing
+ * mtime+size on every flush, so it always re-reads — exactly what we want for
+ * fresh per-iteration counts. The cache is bounded to avoid unbounded growth on
+ * a long-lived global-mode server.
+ */
+
+import { existsSync, readFileSync, statSync } from 'node:fs';
+import { parseDispatchEventLine } from './dispatch-events-aggregator.js';
+import { parseGraphQueryEventLine } from './graph-query-aggregator.js';
+
+const _parsedEventsCache = new Map(); // cacheKey → { dispatchEvents, graphEvents }
+const _MAX_CACHE_ENTRIES = 256;
+
+const EMPTY = Object.freeze({
+  dispatchEvents: Object.freeze([]),
+  graphEvents: Object.freeze([]),
+});
+
+/** Clear the events.jsonl parse cache (tests, or explicit invalidation). */
+export function _clearEventsJsonlCache() {
+  _parsedEventsCache.clear();
+}
+
+/**
+ * Read a run's events.jsonl ONCE and return both dispatch and graph-query
+ * events. No-op (empty arrays) when the file is missing or unreadable.
+ *
+ * @param {string} eventsPath — absolute path to events.jsonl
+ * @returns {{dispatchEvents: Array, graphEvents: Array}}
+ */
+export function readEventsForEnrichment(eventsPath) {
+  if (!eventsPath || !existsSync(eventsPath)) return EMPTY;
+
+  let stat;
+  try {
+    stat = statSync(eventsPath);
+  } catch {
+    return EMPTY;
+  }
+
+  const cacheKey = `${eventsPath}:${stat.mtimeMs}:${stat.size}`;
+  const cached = _parsedEventsCache.get(cacheKey);
+  if (cached) return cached;
+
+  let content;
+  try {
+    content = readFileSync(eventsPath, 'utf8');
+  } catch {
+    return EMPTY;
+  }
+
+  const dispatchEvents = [];
+  const graphEvents = [];
+  for (const line of content.split('\n')) {
+    if (!line.trim()) continue;
+    let e;
+    try {
+      e = JSON.parse(line);
+    } catch {
+      continue;
+    }
+    // A line is at most one of these (distinct event_types) — classify once.
+    const d = parseDispatchEventLine(e);
+    if (d) {
+      dispatchEvents.push(d);
+      continue;
+    }
+    const g = parseGraphQueryEventLine(e);
+    if (g) graphEvents.push(g);
+  }
+
+  const result = { dispatchEvents, graphEvents };
+
+  // Bound cache growth — evict the oldest entry (insertion order) when full.
+  if (_parsedEventsCache.size >= _MAX_CACHE_ENTRIES) {
+    const oldest = _parsedEventsCache.keys().next().value;
+    _parsedEventsCache.delete(oldest);
+  }
+  _parsedEventsCache.set(cacheKey, result);
+  return result;
+}