aegis-bridge 2.9.3 → 2.10.0

package/dist/config.d.ts

@@ -68,6 +68,15 @@ export interface Config {
     /** Issue #884: Additional Claude projects directories to search during worktree fanout.
      *  Paths are expanded (~) and checked for existence before searching. */
     worktreeSiblingDirs: string[];
+    /** Issue #740: Verification Protocol — auto run quality gate after session ends.
+     *  When enabled, Aegis runs tsc + build + test after a Stop hook and emits
+     *  results via SSE (event: 'verification'). */
+    verificationProtocol: {
+        /** Auto-run verification when Stop hook fires (default: false). */
+        autoVerifyOnStop: boolean;
+        /** Run only critical checks: tsc + build (skip slow tests). Default: false = full. */
+        criticalOnly: boolean;
+    };
 }
 /** Compute stall threshold from env var or default (Issue #392).
  *  If CLAUDE_STREAM_IDLE_TIMEOUT_MS is set, uses Math.max(120000, parseInt(val) * 1.5).

package/dist/config.js

@@ -49,6 +49,7 @@ const defaults = {
     worktreeAwareContinuation: false,
     memoryBridge: { enabled: false },
     worktreeSiblingDirs: [],
+    verificationProtocol: { autoVerifyOnStop: false, criticalOnly: false },
 };
 /** Parse CLI args for --config flag */
 function getConfigPathFromArgv() {

package/dist/events.d.ts

@@ -6,7 +6,7 @@
  * The monitor pushes events; the SSE route consumes them.
  */
 export interface SessionSSEEvent {
-    event: 'status' | 'message' | 'system' | 'approval' | 'ended' | 'heartbeat' | 'stall' | 'dead' | 'hook' | 'subagent_start' | 'subagent_stop';
+    event: 'status' | 'message' | 'system' | 'approval' | 'ended' | 'heartbeat' | 'stall' | 'dead' | 'hook' | 'subagent_start' | 'subagent_stop' | 'verification';
     sessionId: string;
     timestamp: string;
     data: Record<string, unknown>;
@@ -15,8 +15,20 @@ export interface SessionSSEEvent {
     /** Issue #308: Incrementing event ID for Last-Event-ID replay. */
     id?: number;
 }
+export interface VerificationResult {
+    ok: boolean;
+    steps: {
+        name: 'tsc' | 'build' | 'test';
+        ok: boolean;
+        durationMs: number;
+        output?: string;
+        error?: string;
+    }[];
+    totalDurationMs: number;
+    summary: string;
+}
 export interface GlobalSSEEvent {
-    event: 'session_status_change' | 'session_message' | 'session_approval' | 'session_ended' | 'session_created' | 'session_stall' | 'session_dead' | 'session_subagent_start' | 'session_subagent_stop';
+    event: 'session_status_change' | 'session_message' | 'session_approval' | 'session_ended' | 'session_created' | 'session_stall' | 'session_dead' | 'session_subagent_start' | 'session_subagent_stop' | 'session_verification';
     sessionId: string;
     timestamp: string;
     data: Record<string, unknown>;
@@ -65,6 +77,8 @@ export declare class SessionEventBus {
     };
     /** Emit a status change event. */
     emitStatus(sessionId: string, status: string, detail: string): void;
+    /** Issue #740: Emit a verification result event. */
+    emitVerification(sessionId: string, result: VerificationResult): void;
     /** Emit a message event. */
     emitMessage(sessionId: string, role: string, text: string, contentType?: string, toolMeta?: {
         tool_name?: string;

package/dist/events.js

@@ -16,6 +16,7 @@ function toGlobalEvent(event) {
         approval: 'session_approval',
         ended: 'session_ended',
         heartbeat: 'session_status_change',
+        verification: 'session_verification',
         stall: 'session_stall',
         dead: 'session_dead',
         subagent_start: 'session_subagent_start',
@@ -167,6 +168,15 @@ export class SessionEventBus {
             data: { status, detail },
         });
     }
+    /** Issue #740: Emit a verification result event. */
+    emitVerification(sessionId, result) {
+        this.emit(sessionId, {
+            event: 'verification',
+            sessionId,
+            timestamp: new Date().toISOString(),
+            data: result,
+        });
+    }
     /** Emit a message event. */
     emitMessage(sessionId, role, text, contentType, toolMeta) {
         this.emit(sessionId, {

package/dist/server.js

@@ -26,6 +26,7 @@ import { captureScreenshot, isPlaywrightAvailable } from './screenshot.js';
 import { validateScreenshotUrl, resolveAndCheckIp, buildHostResolverRule } from './ssrf.js';
 import { validateWorkDir, permissionRuleSchema } from './validation.js';
 import { SessionEventBus } from './events.js';
+import { runVerification } from './verification.js';
 import { SSEWriter } from './sse-writer.js';
 import { SSEConnectionLimiter } from './sse-limiter.js';
 import { PipelineManager } from './pipeline.js';
@@ -431,7 +432,8 @@ app.get('/v1/sessions/:id/metrics', async (req, reply) => {
 });
 // Issue #704: Tool usage endpoints
 app.get('/v1/sessions/:id/tools', async (req, reply) => {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     // Parse JSONL on-demand for tool usage
@@ -472,7 +474,8 @@ app.get('/v1/channels/health', async () => {
 });
 // Issue #87: Per-session latency metrics
 app.get('/v1/sessions/:id/latency', async (req, reply) => {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     const realtimeLatency = sessions.getLatencyMetrics(req.params.id);
@@ -678,7 +681,8 @@ app.post('/v1/sessions', createSessionHandler);
 app.post('/sessions', createSessionHandler);
 // Get session (Issue #20: includes actionHints for interactive states)
 async function getSessionHandler(req, reply) {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     return addActionHints(session, sessions);
@@ -739,7 +743,8 @@ app.post('/v1/sessions/:id/send', sendMessageHandler);
 app.post('/sessions/:id/send', sendMessageHandler);
 // Issue #702: GET children sessions
 async function getChildrenHandler(req, reply) {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     const children = (session.children ?? []).map(id => {
@@ -771,13 +776,15 @@ async function spawnChildHandler(req, reply) {
 app.post('/v1/sessions/:id/spawn', spawnChildHandler);
 app.post('/sessions/:id/spawn', spawnChildHandler);
 async function getPermissionPolicyHandler(req, reply) {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     return { permissionPolicy: session.permissionPolicy ?? [] };
 }
 async function updatePermissionPolicyHandler(req, reply) {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     const policy = req.body ?? [];
@@ -816,7 +823,8 @@ app.post('/v1/sessions/:id/answer', async (req, reply) => {
     if (!questionId || answer === undefined || answer === null) {
         return reply.status(400).send({ error: 'questionId and answer are required' });
     }
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     const resolved = sessions.submitAnswer(req.params.id, questionId, answer);
@@ -872,7 +880,8 @@ app.delete('/v1/sessions/:id', killSessionHandler);
 app.delete('/sessions/:id', killSessionHandler);
 // Capture raw pane
 async function capturePaneHandler(req, reply) {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     const pane = await tmux.capturePane(session.windowId);
@@ -979,7 +988,8 @@ async function screenshotHandler(req, reply) {
     if (dnsResult.error)
         return reply.status(400).send({ error: dnsResult.error });
     // Validate session exists
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     if (!isPlaywrightAvailable()) {
@@ -1004,7 +1014,8 @@ app.post('/v1/sessions/:id/screenshot', screenshotHandler);
 app.post('/sessions/:id/screenshot', screenshotHandler);
 // SSE event stream (Issue #32)
 app.get('/v1/sessions/:id/events', async (req, reply) => {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     const clientIp = req.ip;
@@ -1076,7 +1087,8 @@ app.get('/v1/sessions/:id/events', async (req, reply) => {
 // ── Claude Code Hook Endpoints (Issue #161) ─────────────────────────
 // POST /v1/sessions/:id/hooks/permission — PermissionRequest hook from CC
 app.post('/v1/sessions/:id/hooks/permission', async (req, reply) => {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     const parsed = permissionHookSchema.safeParse(req.body);
@@ -1103,7 +1115,8 @@ app.post('/v1/sessions/:id/hooks/permission', async (req, reply) => {
 });
 // POST /v1/sessions/:id/hooks/stop — Stop hook from CC
 app.post('/v1/sessions/:id/hooks/stop', async (req, reply) => {
-    const session = sessions.getSession(req.params.id);
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
     const parsed = stopHookSchema.safeParse(req.body);
@@ -1155,6 +1168,28 @@ app.post('/v1/sessions/batch', async (req, reply) => {
     const result = await pipelines.batchCreate(specs);
     return reply.status(201).send(result);
 });
+// Issue #740: Verification Protocol — run quality gate (tsc + build + test) on a session's workDir
+app.post('/v1/sessions/:id/verify', async (req, reply) => {
+    const sessionId = req.params.id;
+    const session = sessions.getSession(sessionId);
+    if (!session)
+        return reply.status(404).send({ error: 'Session not found' });
+    const { workDir } = session;
+    if (!workDir)
+        return reply.status(400).send({ error: 'Session has no workDir' });
+    const criticalOnly = config.verificationProtocol?.criticalOnly ?? false;
+    eventBus.emitStatus(sessionId, 'working', `Running verification (criticalOnly=${criticalOnly})…`);
+    try {
+        const result = await runVerification(workDir, criticalOnly);
+        eventBus.emitVerification(sessionId, result);
+        const httpStatus = result.ok ? 200 : 422;
+        return reply.status(httpStatus).send(result);
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return reply.status(500).send({ ok: false, summary: `Verification error: ${msg}` });
+    }
+});
 // Pipeline create (Issue #36)
 app.post('/v1/pipelines', async (req, reply) => {
     const parsed = pipelineSchema.safeParse(req.body);

package/dist/verification.d.ts

@@ -0,0 +1,2 @@
+import type { VerificationResult } from './events.js';
+export declare function runVerification(workDir: string, criticalOnly?: boolean): Promise<VerificationResult>;

package/dist/verification.js

@@ -0,0 +1,72 @@
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { join } from 'path';
+import { statSync } from 'fs';
+const execAsync = promisify(exec);
+async function runCmd(cmd, { cwd, timeoutMs }) {
+    try {
+        const { stdout, stderr } = await execAsync(cmd, { cwd, timeout: Math.floor(timeoutMs / 1000), killSignal: 'SIGKILL' });
+        return { stdout, stderr, exitCode: 0 };
+    }
+    catch (e) {
+        const err = e;
+        return { stdout: err.stdout ?? '', stderr: err.stderr ?? '', exitCode: err.code ?? 1 };
+    }
+}
+export async function runVerification(workDir, criticalOnly = false) {
+    const start = Date.now();
+    const hasPackageJson = statSync(join(workDir, 'package.json')).isFile();
+    if (!hasPackageJson) {
+        return {
+            ok: false,
+            steps: [],
+            totalDurationMs: Date.now() - start,
+            summary: 'No package.json found — cannot verify',
+        };
+    }
+    const steps = [];
+    const timeoutMs = 120_000;
+    // Step 1: tsc
+    const tscStart = Date.now();
+    const tscResult = await runCmd('npx tsc --noEmit', { cwd: workDir, timeoutMs });
+    const tscDuration = Date.now() - tscStart;
+    const tscOk = tscResult.exitCode === 0;
+    steps.push({
+        name: 'tsc',
+        ok: tscOk,
+        durationMs: tscDuration,
+        output: tscResult.stdout.slice(0, 2000),
+        error: tscOk ? undefined : (tscResult.stderr || tscResult.stdout).slice(0, 2000),
+    });
+    // Step 2: build
+    const buildStart = Date.now();
+    const buildResult = await runCmd('npm run build', { cwd: workDir, timeoutMs });
+    const buildDuration = Date.now() - buildStart;
+    const buildOk = buildResult.exitCode === 0;
+    steps.push({
+        name: 'build',
+        ok: buildOk,
+        durationMs: buildDuration,
+        output: buildResult.stdout.slice(0, 2000),
+        error: buildOk ? undefined : (buildResult.stderr || buildResult.stdout).slice(0, 2000),
+    });
+    // Step 3: test (unless criticalOnly)
+    let testOk = true;
+    if (!criticalOnly) {
+        const testStart = Date.now();
+        const testResult = await runCmd('npm test', { cwd: workDir, timeoutMs: 180_000 });
+        const testDuration = Date.now() - testStart;
+        testOk = testResult.exitCode === 0;
+        steps.push({ name: 'test', ok: testOk, durationMs: testDuration, output: testResult.stdout.slice(0, 2000), error: testOk ? undefined : (testResult.stderr || testResult.stdout).slice(0, 2000) });
+    }
+    const ok = tscOk && buildOk && (!criticalOnly || testOk);
+    const totalDurationMs = Date.now() - start;
+    const summary = ok
+        ? `Verification passed: tsc ✅, build ✅${criticalOnly ? '' : ', test ✅'} (${totalDurationMs}ms)`
+        : `Verification failed: ${[
+            !tscOk ? 'tsc ❌' : '',
+            !buildOk ? 'build ❌' : '',
+            !criticalOnly && !testOk ? 'test ❌' : '',
+        ].filter(Boolean).join(', ')} (${totalDurationMs}ms)`;
+    return { ok, steps, totalDurationMs, summary };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aegis-bridge",
-  "version": "2.9.3",
+  "version": "2.10.0",
   "type": "module",
   "description": "Orchestrate Claude Code sessions via API. Create, brief, monitor, refine, ship.",
   "main": "dist/server.js",