agentboss 0.1.0

package/server/execution/prompt.js

@@ -0,0 +1,227 @@
+/**
+ * Execution prompt builder — turns an AdviceItem + its source session
+ * into a single self-contained instruction for `opencode run` / `claude -p`
+ * to run inside the session's project directory.
+ *
+ * Spec: docs/superpowers/specs/2026-06-13-advice-execution-design.md §6
+ *
+ * # Independence
+ *
+ * Execution has its own sentinel (EXECUTION_SENTINEL).  Registered in
+ * server/etl/judge-filter.js so the resulting CLI session gets filtered
+ * out of the user's own data.  This file does NOT import from
+ * judge-prompts or advice-prompt; the three families are decoupled.
+ *
+ * # Versioning
+ *
+ * EXECUTION_PROMPT_VERSION is informational for the MVP — execution
+ * results are immutable facts (something either happened or didn't),
+ * so we don't store the version per-run and don't invalidate history
+ * on bump.  Bump anyway to keep audit trails.
+ *
+ * @author Felix
+ */
+
+'use strict';
+
+// ---------------------------------------------------------------------------
+//  Constants
+// ---------------------------------------------------------------------------
+
+const EXECUTION_SENTINEL       = '[ABOSS-EXEC]';
+const EXECUTION_PROMPT_VERSION = 1;
+
+/** Max chars per recent-user-message snippet sent to the executor. */
+const MSG_CAP_CHARS = 400;
+const MAX_RECENT_MSGS = 5;
+
+// ---------------------------------------------------------------------------
+//  Helpers
+// ---------------------------------------------------------------------------
+
+function trimTo(s, n) {
+  if (!s) return '';
+  return s.length > n ? s.slice(0, n) + '…' : s;
+}
+
+function fmtRecent(messages) {
+  if (!Array.isArray(messages) || messages.length === 0) return '(无)';
+  return messages
+    .map((m, i) => `${i + 1}. ${trimTo(String(m.text || '').replace(/\s+/g, ' '), MSG_CAP_CHARS)}`)
+    .join('\n');
+}
+
+// ---------------------------------------------------------------------------
+//  Builder
+// ---------------------------------------------------------------------------
+
+/**
+ * Assemble the executor prompt.
+ *
+ * @param {object} input
+ * @param {object} input.advice       AdviceItem (with category attached)
+ * @param {string} input.advice.category  e.g. 'cost'
+ * @param {string} input.advice.severity
+ * @param {string} input.advice.title
+ * @param {string} input.advice.why
+ * @param {string} input.advice.action
+ * @param {string} input.advice.evidence
+ * @param {object} input.session
+ * @param {string} input.session.project
+ * @param {string} input.session.title
+ * @param {string} input.session.model
+ * @param {number} input.session.durationMinutes
+ * @param {number} input.session.messageCount
+ * @param {{role:string, text:string}[]} input.recentUserMessages
+ * @returns {string}
+ */
+function buildExecutionPrompt({ advice, session, recentUserMessages }) {
+  const a = advice || {};
+  const s = session || {};
+  return `${EXECUTION_SENTINEL}（内部标记,忽略本行）
+
+# 任务
+
+我是 Agent Boss,在分析一段开发者与 AI 助手过去的会话时,得出了一条
+可执行的改进建议。请在当前项目里实施这条建议,然后按指定 JSON 格式
+报告你的行动。
+
+# 来源会话
+
+项目:    ${s.project || '未知'}
+标题:    ${s.title || '(无标题)'}
+模型:    ${s.model || '未知'}
+时长:    ${s.durationMinutes ?? '?'} 分钟
+消息:    ${s.messageCount ?? '?'} 条
+
+# 改进建议
+
+类别:    ${a.category || '?'}
+严重度:  ${a.severity || '?'}
+标题:    ${a.title || '(无)'}
+
+现状:    ${a.why || '(无)'}
+动作:    ${a.action || '(无)'}
+依据:    ${a.evidence || '(无)'}
+
+# 最近 ${Math.min((recentUserMessages || []).length, MAX_RECENT_MSGS)} 条用户消息(供你定位上下文,不代表当前任务)
+
+${fmtRecent(recentUserMessages)}
+
+# 报告格式
+
+完成后(无论成功失败),请在你的最后一条消息里输出一段严格 JSON:
+
+{
+  "ok": true | false,
+  "summary": "≤80 字 总结你做了什么(或为什么没做)",
+  "files_changed": ["相对路径", ...],
+  "notes": "可选,任何补充"
+}
+
+如果你判断这条建议不应该执行(过时、与代码冲突、需要更多信息),
+直接返回 ok=false 并在 notes 里说明,不要硬改。`;
+}
+
+// ---------------------------------------------------------------------------
+//  Project-level execution prompt
+// ---------------------------------------------------------------------------
+
+/**
+ * Build a prompt for executing a PROJECT-LEVEL AdviceItem.
+ *
+ * The big differences vs. session-level:
+ *   • the AdviceItem describes a cross-session pattern, not a single
+ *     conversation problem — so we don't have "recent user messages" to
+ *     give as context.  Instead we pass the cross-session patterns the
+ *     analyser surfaced.
+ *   • the action is typically "build a skill", "change a config", "set
+ *     up a workflow" — durable changes to the project, not single-shot
+ *     code edits.
+ *
+ * Re-uses the same EXECUTION_SENTINEL so judge-filter.js keeps filtering
+ * the executor's own session out of the user's ETL.
+ *
+ * @param {object} input
+ * @param {object} input.advice                AdviceItem (with .category)
+ * @param {object} input.project
+ * @param {string} input.project.path
+ * @param {string} input.project.scope         'daily'|'weekly'|'all'
+ * @param {string} input.project.windowFrom
+ * @param {string} input.project.windowTo
+ * @param {number} input.project.sessionCount  number of sessions analysed
+ * @param {string[]} input.crossSessionPatterns
+ * @returns {string}
+ */
+function buildProjectExecutionPrompt({ advice, project, crossSessionPatterns }) {
+  const a = advice || {};
+  const p = project || {};
+  const windowLabel =
+    p.scope === 'all' ? '全部历史'
+    : (p.windowFrom && p.windowTo)
+      ? (p.windowFrom === p.windowTo ? p.windowFrom : `${p.windowFrom} → ${p.windowTo}`)
+      : '?';
+  const patterns = Array.isArray(crossSessionPatterns) && crossSessionPatterns.length
+    ? crossSessionPatterns.map((s, i) => `${i + 1}. ${s}`).join('\n')
+    : '(无)';
+
+  return `${EXECUTION_SENTINEL}（内部标记,忽略本行）
+
+# 任务
+
+我是 Agent Boss,在分析这个项目最近多次开发会话之后,得出了一条
+**项目级**的可执行改进建议。请在当前项目里实施这条建议。
+
+项目级建议通常是**持久化的改变**——新增 / 修改一个 opencode skill、
+调整某个配置、写一份惯例文档、补一段脚本——目的是让以后所有会话都
+能从中受益,而不是修一段具体的业务代码。
+
+# 项目
+
+路径:        ${p.path || '?'}
+分析范围:    ${p.scope || '?'} · ${windowLabel}
+覆盖会话数:  ${p.sessionCount ?? '?'}
+
+# 跨会话观察到的模式
+
+${patterns}
+
+# 改进建议
+
+类别:    ${a.category || '?'}
+严重度:  ${a.severity || '?'}
+标题:    ${a.title || '(无)'}
+
+现状:    ${a.why || '(无)'}
+动作:    ${a.action || '(无)'}
+依据:    ${a.evidence || '(无)'}
+
+# 实施原则
+
+1. 优先做**可复用的**改变(skill / 配置 / 文档),而不是某次具体业务代码。
+2. 如果建议是"建立 skill",在 \`.opencode/skills/\` 或 \`.claude/\` 之类的
+   惯例位置下创建合适文件;不存在的目录请自行创建。
+3. 不要为了执行这条建议去修改正在跑的应用功能代码,除非建议明确要求。
+4. 不要 push / commit;只修改工作区文件。
+
+# 报告格式
+
+完成后(无论成功失败),请在你的最后一条消息里输出一段严格 JSON:
+
+{
+  "ok": true | false,
+  "summary": "≤80 字 总结你做了什么(或为什么没做)",
+  "files_changed": ["相对路径", ...],
+  "notes": "可选,任何补充"
+}
+
+如果你判断这条建议不应该执行(过时、与项目现状冲突、需要更多信息),
+直接返回 ok=false 并在 notes 里说明,不要硬改。`;
+}
+
+module.exports = {
+  EXECUTION_SENTINEL,
+  EXECUTION_PROMPT_VERSION,
+  buildExecutionPrompt,
+  buildProjectExecutionPrompt,
+};

package/server/execution/runner.js

@@ -0,0 +1,218 @@
+/**
+ * Long-running CLI runner for advice execution.
+ *
+ * Spawns `opencode run` or `claude -p` in a given cwd, feeds the prompt
+ * via stdin, streams stdout/stderr, and resolves with a result blob.
+ * NEVER throws on normal failures (no-cli / timeout / spawn-error / non-zero
+ * exit) — the caller (server/execution/job.js) just inspects `ok`.
+ *
+ * Why NOT cli-runner.js / runJudge:
+ *   • runJudge is contracted for short (<30s) JSON-strict calls with a
+ *     2-wide global semaphore — perfect for E1/O1/advice but wrong here.
+ *   • execution is open-ended (minutes), can produce megabytes, and uses
+ *     a 1-wide global lock managed by job.js (not by runner).
+ *
+ * Spec: docs/superpowers/specs/2026-06-13-advice-execution-design.md §7
+ *
+ * @author Felix
+ */
+
+'use strict';
+
+const { spawn } = require('child_process');
+
+// ---------------------------------------------------------------------------
+//  Defaults
+// ---------------------------------------------------------------------------
+
+const DEFAULT_TIMEOUT_MS = 10 * 60_000;       // 10 minutes
+const DEFAULT_MAX_BYTES  = 256 * 1024;        // 256 KB per stream
+
+const CLI_TO_ARGV = {
+  opencode: () => ['run'],
+  claude:   () => ['-p'],
+};
+
+// ---------------------------------------------------------------------------
+//  Best-effort CLI detection
+// ---------------------------------------------------------------------------
+
+/**
+ * Try `bin --version`; resolves true on exit code 0 within 5 s.
+ * Caches per-binary forever (PATH changes during a single aboss process
+ * are rare).
+ */
+const _detectCache = new Map();
+
+function canSpawn(bin) {
+  if (_detectCache.has(bin)) return _detectCache.get(bin);
+  const p = new Promise((resolve) => {
+    let done = false;
+    const settle = (v) => { if (!done) { done = true; resolve(v); } };
+    try {
+      const proc = spawn(bin, ['--version'], {
+        stdio: 'ignore',
+        shell: process.platform === 'win32',
+      });
+      proc.on('error', () => settle(false));
+      proc.on('exit', (code) => settle(code === 0));
+      setTimeout(() => { try { proc.kill('SIGKILL'); } catch {} settle(false); }, 5000);
+    } catch { settle(false); }
+  });
+  _detectCache.set(bin, p);
+  return p;
+}
+
+/** Public: clear detection cache (tests / settings reload). */
+function _resetDetectCache() { _detectCache.clear(); }
+
+// ---------------------------------------------------------------------------
+//  Core runner
+// ---------------------------------------------------------------------------
+
+/**
+ * Run the chosen executor in `cwd`, feed `prompt` via stdin, collect output.
+ *
+ * @param {object} opts
+ * @param {'opencode'|'claude'} opts.executor
+ * @param {string}   opts.prompt
+ * @param {string}   opts.cwd                    absolute path, must exist
+ * @param {number}   [opts.timeoutMs=600_000]    SIGKILL after this many ms
+ * @param {number}   [opts.maxBytes=262_144]     truncate each of stdout/stderr
+ * @param {(cancel:Function)=>void} [opts.onSpawn]  receives a cancel fn once
+ *                                                  the process is alive; calling
+ *                                                  it SIGKILLs the child and
+ *                                                  resolves with reason='cancelled'
+ *
+ * @returns {Promise<
+ *   { ok: true,  exitCode, stdout, stderr, durationMs, executor }
+ * | { ok: false, reason: 'no-cli'|'spawn-error'|'timeout'|'cancelled'|'exit-non-zero',
+ *     exitCode, stdout, stderr, durationMs, executor, error }
+ * >}
+ */
+async function runExecutor(opts) {
+  const {
+    executor,
+    prompt,
+    cwd,
+    timeoutMs = DEFAULT_TIMEOUT_MS,
+    maxBytes  = DEFAULT_MAX_BYTES,
+    onSpawn,
+  } = opts;
+
+  if (!CLI_TO_ARGV[executor]) {
+    return _fail('spawn-error', 0, '', '', 0, executor, `unknown executor: ${executor}`);
+  }
+  if (!prompt || typeof prompt !== 'string') {
+    return _fail('spawn-error', 0, '', '', 0, executor, 'empty prompt');
+  }
+
+  const available = await canSpawn(executor);
+  if (!available) {
+    return _fail('no-cli', 0, '', '', 0, executor, `${executor} not on PATH`);
+  }
+
+  return new Promise((resolve) => {
+    let done = false;
+    const start = Date.now();
+    const settle = (v) => { if (!done) { done = true; clearTimeout(timer); resolve(v); } };
+
+    let proc;
+    try {
+      proc = spawn(executor, CLI_TO_ARGV[executor](), {
+        cwd,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        shell: process.platform === 'win32',
+        windowsHide: true,
+      });
+    } catch (err) {
+      return settle(_fail('spawn-error', 0, '', '', Date.now() - start, executor, err.message));
+    }
+
+    // Expose a cancel handle for the job layer.
+    let cancelled = false;
+    if (typeof onSpawn === 'function') {
+      onSpawn(() => {
+        cancelled = true;
+        try { proc.kill('SIGKILL'); } catch {}
+      });
+    }
+
+    let stdout = '';
+    let stderr = '';
+    let stdoutTrunc = false;
+    let stderrTrunc = false;
+    let _timedOut = false;
+
+    proc.stdout.on('data', (chunk) => {
+      if (stdoutTrunc) return;
+      stdout += chunk.toString('utf8');
+      if (stdout.length > maxBytes) {
+        stdout = stdout.slice(0, maxBytes) + `\n[…truncated at ${maxBytes} B…]`;
+        stdoutTrunc = true;
+        // Don't kill here — let stderr still flow.  Kill only if BOTH overflow.
+        if (stderrTrunc) try { proc.kill('SIGKILL'); } catch {}
+      }
+    });
+    proc.stderr.on('data', (chunk) => {
+      if (stderrTrunc) return;
+      stderr += chunk.toString('utf8');
+      if (stderr.length > maxBytes) {
+        stderr = stderr.slice(0, maxBytes) + `\n[…truncated at ${maxBytes} B…]`;
+        stderrTrunc = true;
+        if (stdoutTrunc) try { proc.kill('SIGKILL'); } catch {}
+      }
+    });
+
+    proc.on('error', (err) => settle(
+      _fail('spawn-error', 0, stdout, stderr, Date.now() - start, executor, err.message)
+    ));
+
+    proc.on('exit', (code, signal) => {
+      const durationMs = Date.now() - start;
+      if (cancelled) {
+        return settle(_fail('cancelled', code ?? 0, stdout, stderr, durationMs, executor,
+          signal ? `killed by ${signal}` : 'cancelled'));
+      }
+      if (signal === 'SIGKILL' && _timedOut) {
+        return settle(_fail('timeout', code ?? 0, stdout, stderr, durationMs, executor,
+          `killed after ${timeoutMs}ms`));
+      }
+      if (code !== 0) {
+        return settle(_fail('exit-non-zero', code, stdout, stderr, durationMs, executor,
+          `exit ${code}`));
+      }
+      settle({
+        ok: true, exitCode: code, stdout, stderr, durationMs, executor,
+      });
+    });
+
+    // Pipe prompt via stdin then close — opencode/claude both read from
+    // stdin when no positional prompt is given after run/-p.
+    try {
+      proc.stdin.on('error', () => {}); // EPIPE if CLI exits before we're done
+      proc.stdin.end(prompt, 'utf8');
+    } catch {
+      // Already handled by 'error' event.
+    }
+
+    // Timeout (declared above, set here so the close-handler distinguishes
+    // a SIGKILL from a 10-min wall-clock kill versus user cancel).
+    const timer = setTimeout(() => {
+      _timedOut = true;
+      try { proc.kill('SIGKILL'); } catch {}
+    }, timeoutMs);
+  });
+}
+
+function _fail(reason, exitCode, stdout, stderr, durationMs, executor, error) {
+  return { ok: false, reason, exitCode, stdout, stderr, durationMs, executor, error };
+}
+
+module.exports = {
+  runExecutor,
+  canSpawn,
+  _resetDetectCache,
+  DEFAULT_TIMEOUT_MS,
+  DEFAULT_MAX_BYTES,
+};

package/server/index.js

@@ -0,0 +1,94 @@
+/**
+ * Express server for Agent Boss.
+ * Serves REST API and static frontend files.
+ *
+ * @author Felix
+ */
+
+const path = require('path');
+const express = require('express');
+
+// ---------------------------------------------------------------------------
+// Route factories
+// ---------------------------------------------------------------------------
+
+const createReportsRouter = require('./api/reports');
+const createMetricsRouter = require('./api/metrics');
+const createSessionsRouter = require('./api/sessions');
+const createSettingsRouter = require('./api/settings');
+const createAnalysisRouter = require('./api/analysis');
+const createOverviewRouter = require('./api/overview');
+const createAdviceRouter    = require('./api/advice');
+const createProjectRouter   = require('./api/project');
+const createExecutionRouter = require('./api/execution');
+
+const { cleanupOrphans }    = require('./execution/job');
+
+// ---------------------------------------------------------------------------
+// Server factory
+// ---------------------------------------------------------------------------
+
+/**
+ * Create and configure the Express application.
+ *
+ * @param {object} db  sql.js Database instance (boss.db)
+ * @returns {import('express').Express}
+ */
+function createServer(db) {
+  // Mark any execution_run rows left in 'pending' / 'running' by a crashed
+  // previous process as failed.  Has to happen before any API mounts so a
+  // user opening the page right after restart doesn't see a stale "still
+  // running" badge.  See server/execution/job.js::cleanupOrphans.
+  const orphans = cleanupOrphans(db);
+  if (orphans > 0) {
+    console.log(`[execution] cleaned ${orphans} orphan run(s) from previous process`);
+  }
+
+  const app = express();
+
+  // --- Middleware -----------------------------------------------------------
+  app.use(express.json({ limit: '512kb' }));
+
+  // --- API routes -----------------------------------------------------------
+  app.use('/api/overview',  createOverviewRouter(db));
+  app.use('/api/reports',   createReportsRouter(db));
+  app.use('/api/metrics',   createMetricsRouter(db));
+  app.use('/api/sessions',  createSessionsRouter(db));
+  app.use('/api/settings',  createSettingsRouter(db));
+  app.use('/api/analysis',  createAnalysisRouter(db));
+  app.use('/api/advice',    createAdviceRouter(db));
+  app.use('/api/project',   createProjectRouter(db));
+  app.use('/api/execution', createExecutionRouter(db));
+
+  // --- Static files ---------------------------------------------------------
+  const clientDist = path.join(__dirname, '..', 'client', 'dist');
+  app.use(express.static(clientDist));
+
+  // --- SPA fallback ---------------------------------------------------------
+  app.get('*', (_req, res) => {
+    res.sendFile(path.join(clientDist, 'index.html'));
+  });
+
+  return app;
+}
+
+/**
+ * Start the Express server on the given port.
+ *
+ * @param {object} db   sql.js Database instance (boss.db)
+ * @param {number} port TCP port to listen on
+ * @returns {Promise<import('http').Server>}
+ */
+function startServer(db, port) {
+  const app = createServer(db);
+
+  return new Promise((resolve, reject) => {
+    const server = app.listen(port, () => {
+      console.log(`Agent Boss server listening on http://localhost:${port}`);
+      resolve(server);
+    });
+    server.on('error', (err) => reject(err));
+  });
+}
+
+module.exports = { createServer, startServer };