agentgui 1.0.694 → 1.0.695

package/lib/acp-sdk-manager.js

@@ -3,6 +3,7 @@ import path from 'path';
 import os from 'os';
 import fs from 'fs';
 import { fileURLToPath } from 'url';
+import pRetry, { AbortError } from 'p-retry';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const projectRoot = path.resolve(__dirname, '..');
@@ -67,13 +68,11 @@ function startProcess(tool) {
       log(tool.id + ' exited code ' + code);
       const window = Date.now() - RESTART_WINDOW_MS;
       entry.restarts = entry.restarts.filter(t => t > window);
-      if (entry.restarts.length < MAX_RESTARTS) {
-        const delay = Math.min(1000 * Math.pow(2, entry.restarts.length), 30000);
-        entry.restarts.push(Date.now());
-        setTimeout(() => startProcess(tool), delay);
-      } else {
-        log(tool.id + ' max restarts reached');
-      }
+      if (entry.restarts.length >= MAX_RESTARTS) { log(tool.id + ' max restarts reached'); return; }
+      const attempt = entry.restarts.length;
+      entry.restarts.push(Date.now());
+      const delay = Math.min(1000 * Math.pow(2, attempt), 30000);
+      setTimeout(() => { if (!shuttingDown) startProcess(tool); }, delay);
     });
 
     processes.set(tool.id, entry);
@@ -133,12 +132,17 @@ export async function ensureRunning(agentId) {
     entry = startProcess(tool);
     if (!entry) return null;
   }
-  for (let i = 0; i < 20; i++) {
-    await new Promise(r => setTimeout(r, 500));
-    await checkHealth(agentId);
-    if (processes.get(agentId)?.healthy) { resetIdleTimer(agentId); return tool.port; }
+  try {
+    await pRetry(async () => {
+      if (shuttingDown) throw new AbortError('shutting down');
+      await checkHealth(agentId);
+      if (!processes.get(agentId)?.healthy) throw new Error('not healthy yet');
+    }, { retries: 20, minTimeout: 500, maxTimeout: 500, factor: 1 });
+    resetIdleTimer(agentId);
+    return tool.port;
+  } catch {
+    return null;
   }
-  return null;
 }
 
 export function touch(agentId) {

package/lib/claude-runner.js

@@ -1,4 +1,5 @@
-import { spawn, spawnSync } from 'child_process';
+import { spawnSync } from 'child_process';
+import { execa } from 'execa';
 
 const isWindows = process.platform === 'win32';
 
@@ -80,191 +81,135 @@ class AgentRunner {
   }
 
   async runDirect(prompt, cwd, config = {}) {
-    return new Promise((resolve, reject) => {
-      const {
-        timeout = 300000,
-        onEvent = null,
-        onError = null,
-        onRateLimit = null
-      } = config;
-
-      if (process.env.DEBUG === '1') {
-        const sp = config.systemPrompt;
-        console.error(`[prompt-trace] convId=${config.conversationId} promptType=${typeof prompt} promptLen=${String(prompt).length} prompt0=${String(prompt).slice(0, 100)} sysLen=${sp ? String(sp).length : 0}`);
-      }
-      const args = this.buildArgs(prompt, config);
-      const spawnOpts = getSpawnOptions(cwd);
-      if (Object.keys(this.spawnEnv).length > 0) {
-        spawnOpts.env = { ...spawnOpts.env, ...this.spawnEnv };
-        for (const [k, v] of Object.entries(this.spawnEnv)) {
-          if (v === undefined) delete spawnOpts.env[k];
-        }
-      }
-      // Tell hooks the actual project dir (used by mcp-thorns/codebasesearch)
-      if (cwd) spawnOpts.env.CLAUDE_PROJECT_DIR = cwd;
-      if (this.closeStdin) {
-        spawnOpts.stdio = ['ignore', 'pipe', 'pipe'];
-      }
-      const proc = spawn(this.command, args, spawnOpts);
-      console.log(`[${this.id}] Spawned PID ${proc.pid} closeStdin=${this.closeStdin}`);
-
-      if (config.onPid) {
-        try { config.onPid(proc.pid); } catch (e) {}
-      }
-
-      if (config.onProcess) {
-        try { config.onProcess(proc); } catch (e) {}
-      }
-
-      let jsonBuffer = '';
-      const outputs = [];
-      let timedOut = false;
-      let sessionId = null;
-      let rateLimited = false;
-      let retryAfterSec = 60;
-      let authError = false;
-      let authErrorMessage = '';
-      let stderrBuffer = '';
+    const {
+      timeout = 300000,
+      onEvent = null,
+      onError = null,
+      onRateLimit = null
+    } = config;
 
-      const timeoutHandle = setTimeout(() => {
-        timedOut = true;
-        proc.kill();
-        reject(new Error(`${this.name} timeout after ${timeout}ms`));
-      }, timeout);
+    if (process.env.DEBUG === '1') {
+      const sp = config.systemPrompt;
+      console.error(`[prompt-trace] convId=${config.conversationId} promptType=${typeof prompt} promptLen=${String(prompt).length} prompt0=${String(prompt).slice(0, 100)} sysLen=${sp ? String(sp).length : 0}`);
+    }
 
-      // Write prompt to stdin only for agents that use stdin protocol (not positional args)
-      if (this.supportsStdin && this.stdinPrompt) {
-        proc.stdin.write(typeof prompt === 'string' ? prompt : String(prompt));
-        // Don't call stdin.end() - agents need open stdin for steering
+    const args = this.buildArgs(prompt, config);
+    const spawnOpts = getSpawnOptions(cwd);
+    if (Object.keys(this.spawnEnv).length > 0) {
+      spawnOpts.env = { ...spawnOpts.env, ...this.spawnEnv };
+      for (const [k, v] of Object.entries(this.spawnEnv)) {
+        if (v === undefined) delete spawnOpts.env[k];
       }
+    }
+    if (cwd) spawnOpts.env.CLAUDE_PROJECT_DIR = cwd;
+
+    const proc = execa(this.command, args, {
+      cwd,
+      env: spawnOpts.env,
+      stdin: this.closeStdin ? 'ignore' : 'pipe',
+      stdout: 'pipe',
+      stderr: 'pipe',
+      reject: false,
+      timeout,
+      windowsHide: true,
+      shell: isWindows,
+    });
 
-      proc.stdout.on('error', () => {});
-      if (proc.stderr) proc.stderr.on('error', () => {});
-      proc.stdout.on('data', (chunk) => {
-        if (timedOut) return;
-
-        jsonBuffer += chunk.toString();
-        const lines = jsonBuffer.split('\n');
-        jsonBuffer = lines.pop();
-
-        for (const line of lines) {
-          if (line.trim()) {
-            const parsed = this.parseOutput(line);
-            if (!parsed) continue;
+    console.log(`[${this.id}] Spawned PID ${proc.pid} closeStdin=${this.closeStdin}`);
 
-            outputs.push(parsed);
+    if (config.onPid) { try { config.onPid(proc.pid); } catch (e) {} }
+    if (config.onProcess) { try { config.onProcess(proc); } catch (e) {} }
 
-            if (parsed.session_id) {
-              sessionId = parsed.session_id;
-            }
+    if (this.supportsStdin && this.stdinPrompt && proc.stdin) {
+      proc.stdin.write(typeof prompt === 'string' ? prompt : String(prompt));
+    }
 
-            if (onEvent) {
-              try { onEvent(parsed); } catch (e) {
-                console.error(`[${this.id}] onEvent error: ${e.message}`);
-              }
-            }
+    const outputs = [];
+    let sessionId = null;
+    let rateLimited = false;
+    let retryAfterSec = 60;
+    let authError = false;
+    let authErrorMessage = '';
+    let stderrBuffer = '';
+
+    proc.stderr.on('data', (chunk) => {
+      const errorText = chunk.toString();
+      stderrBuffer += errorText;
+      console.error(`[${this.id}] stderr:`, errorText);
+      const authMatch = errorText.match(/401|unauthorized|invalid.*auth|invalid.*token|auth.*failed|permission denied|access denied/i);
+      if (authMatch) { authError = true; authErrorMessage = errorText.trim(); }
+      const rateLimitMatch = errorText.match(/rate.?limit|429|too many requests|overloaded|throttl|hit your limit/i);
+      if (rateLimitMatch) {
+        rateLimited = true;
+        const retryMatch = errorText.match(/retry.?after[:\s]+(\d+)/i);
+        if (retryMatch) {
+          retryAfterSec = parseInt(retryMatch[1], 10) || 60;
+        } else {
+          const resetTimeMatch = errorText.match(/resets?\s+(?:at\s+)?(\d{1,2})(?::(\d{2}))?\s*(am|pm)?\s*\(?(UTC|[A-Z]{2,4})\)?/i);
+          if (resetTimeMatch) {
+            let hours = parseInt(resetTimeMatch[1], 10);
+            const minutes = resetTimeMatch[2] ? parseInt(resetTimeMatch[2], 10) : 0;
+            const period = resetTimeMatch[3]?.toLowerCase();
+            if (period === 'pm' && hours !== 12) hours += 12;
+            if (period === 'am' && hours === 12) hours = 0;
+            const now = new Date();
+            const resetTime = new Date(now);
+            resetTime.setUTCHours(hours, minutes, 0, 0);
+            if (resetTime <= now) resetTime.setUTCDate(resetTime.getUTCDate() + 1);
+            retryAfterSec = Math.max(60, Math.ceil((resetTime.getTime() - now.getTime()) / 1000));
           }
         }
-      });
-
-      if (proc.stderr) proc.stderr.on('data', (chunk) => {
-        const errorText = chunk.toString();
-        stderrBuffer += errorText;
-        console.error(`[${this.id}] stderr:`, errorText);
-
-        const authMatch = errorText.match(/401|unauthorized|invalid.*auth|invalid.*token|auth.*failed|permission denied|access denied/i);
-        if (authMatch) {
-          authError = true;
-          authErrorMessage = errorText.trim();
-        }
-
-        const rateLimitMatch = errorText.match(/rate.?limit|429|too many requests|overloaded|throttl|hit your limit/i);
-        if (rateLimitMatch) {
-          rateLimited = true;
-          const retryMatch = errorText.match(/retry.?after[:\s]+(\d+)/i);
-          if (retryMatch) {
-            retryAfterSec = parseInt(retryMatch[1], 10) || 60;
-          } else {
-            const resetTimeMatch = errorText.match(/resets?\s+(?:at\s+)?(\d{1,2})(?::(\d{2}))?\s*(am|pm)?\s*\(?(UTC|[A-Z]{2,4})\)?/i);
-            if (resetTimeMatch) {
-              let hours = parseInt(resetTimeMatch[1], 10);
-              const minutes = resetTimeMatch[2] ? parseInt(resetTimeMatch[2], 10) : 0;
-              const period = resetTimeMatch[3]?.toLowerCase();
-              const tz = resetTimeMatch[4]?.toUpperCase() || 'UTC';
-
-              if (period === 'pm' && hours !== 12) hours += 12;
-              if (period === 'am' && hours === 12) hours = 0;
-
-              const now = new Date();
-              const resetTime = new Date(now);
-              resetTime.setUTCHours(hours, minutes, 0, 0);
-
-              if (resetTime <= now) {
-                resetTime.setUTCDate(resetTime.getUTCDate() + 1);
-              }
+      }
+      if (onError) { try { onError(errorText); } catch (e) {} }
+    });
 
-              retryAfterSec = Math.max(60, Math.ceil((resetTime.getTime() - now.getTime()) / 1000));
-            }
-          }
-        }
+    let jsonBuffer = '';
+    proc.stdout.on('data', (chunk) => {
+      jsonBuffer += chunk.toString();
+      const lines = jsonBuffer.split('\n');
+      jsonBuffer = lines.pop();
+      for (const line of lines) {
+        if (!line.trim()) continue;
+        const parsed = this.parseOutput(line);
+        if (!parsed) continue;
+        outputs.push(parsed);
+        if (parsed.session_id) sessionId = parsed.session_id;
+        if (onEvent) { try { onEvent(parsed); } catch (e) { console.error(`[${this.id}] onEvent error: ${e.message}`); } }
+      }
+    });
 
-        if (onError) {
-          try { onError(errorText); } catch (e) {}
-        }
-      });
+    const result = await proc;
 
-      proc.on('close', (code) => {
-        clearTimeout(timeoutHandle);
-        // Close stdin when process exits - it was kept open for steering during execution
-        if (proc.stdin && !proc.stdin.destroyed) {
-          try { proc.stdin.end(); } catch (e) {}
-        }
-        if (timedOut) return;
+    if (proc.stdin && !proc.stdin.destroyed) { try { proc.stdin.end(); } catch (e) {} }
 
-        if (authError) {
-          const err = new Error(`Authentication failed: ${authErrorMessage || 'Invalid credentials or unauthorized access'}`);
-          err.authError = true;
-          err.nonRetryable = true;
-          reject(err);
-          return;
-        }
+    if (jsonBuffer.trim()) {
+      const parsed = this.parseOutput(jsonBuffer);
+      if (parsed) {
+        outputs.push(parsed);
+        if (parsed.session_id) sessionId = parsed.session_id;
+        if (onEvent) { try { onEvent(parsed); } catch (e) {} }
+      }
+    }
 
-        if (rateLimited) {
-          const err = new Error(`Rate limited - retry after ${retryAfterSec}s`);
-          err.rateLimited = true;
-          err.retryAfterSec = retryAfterSec;
-          if (onRateLimit) {
-            try { onRateLimit({ retryAfterSec }); } catch (e) {}
-          }
-          reject(err);
-          return;
-        }
+    if (result.timedOut) throw new Error(`${this.name} timeout after ${timeout}ms`);
 
-        if (jsonBuffer.trim()) {
-          const parsed = this.parseOutput(jsonBuffer);
-          if (parsed) {
-            outputs.push(parsed);
-            if (parsed.session_id) sessionId = parsed.session_id;
-            if (onEvent) {
-              try { onEvent(parsed); } catch (e) {}
-            }
-          }
-        }
+    if (authError) {
+      const err = new Error(`Authentication failed: ${authErrorMessage || 'Invalid credentials or unauthorized access'}`);
+      err.authError = true; err.nonRetryable = true; throw err;
+    }
 
-        if (code === 0 || outputs.length > 0) {
-          resolve({ outputs, sessionId });
-        } else {
-          const stderrHint = stderrBuffer.trim() ? `: ${stderrBuffer.trim().slice(0, 200)}` : '';
-          const codeHint = code === 143 ? ' (SIGTERM - process was killed)' : code === 137 ? ' (SIGKILL - out of memory or force-killed)' : '';
-          reject(new Error(`${this.name} exited with code ${code}${codeHint}${stderrHint}`));
-        }
-      });
+    if (rateLimited) {
+      const err = new Error(`Rate limited - retry after ${retryAfterSec}s`);
+      err.rateLimited = true; err.retryAfterSec = retryAfterSec;
+      if (onRateLimit) { try { onRateLimit({ retryAfterSec }); } catch (e) {} }
+      throw err;
+    }
 
-      proc.on('error', (err) => {
-        clearTimeout(timeoutHandle);
-        reject(err);
-      });
-    });
+    const code = result.exitCode;
+    if (code === 0 || outputs.length > 0) return { outputs, sessionId };
+    const stderrHint = stderrBuffer.trim() ? `: ${stderrBuffer.trim().slice(0, 200)}` : '';
+    const codeHint = code === 143 ? ' (SIGTERM - process was killed)' : code === 137 ? ' (SIGKILL - out of memory or force-killed)' : '';
+    throw new Error(`${this.name} exited with code ${code}${codeHint}${stderrHint}`);
   }
 
   async runACP(prompt, cwd, config = {}, _retryCount = 0) {

package/lib/ws-handlers-conv.js

@@ -1,10 +1,43 @@
 import path from 'path';
 import os from 'os';
+import { z } from 'zod';
 
 function fail(code, message) { const e = new Error(message); e.code = code; throw e; }
 function notFound(msg = 'Not found') { fail(404, msg); }
 function expandTilde(p) { return p && p.startsWith('~') ? path.join(os.homedir(), p.slice(1)) : p; }
 
+function validate(schema, params) {
+  const result = schema.safeParse(params);
+  if (!result.success) fail(400, result.error.issues.map(i => i.message).join('; '));
+  return result.data;
+}
+
+const ConvNewSchema = z.object({
+  agentId: z.string().optional(),
+  title: z.string().optional(),
+  workingDirectory: z.string().optional(),
+  model: z.string().optional(),
+  subAgent: z.string().optional(),
+}).passthrough();
+
+const ConvUpdSchema = z.object({
+  id: z.string().min(1, 'id required'),
+}).passthrough();
+
+const MsgStreamSchema = z.object({
+  id: z.string().min(1, 'conversation id required'),
+  content: z.union([z.string(), z.any()]).optional(),
+  message: z.union([z.string(), z.any()]).optional(),
+  agentId: z.string().optional(),
+  model: z.string().optional(),
+  subAgent: z.string().optional(),
+}).passthrough();
+
+const ConvSteerSchema = z.object({
+  id: z.string().min(1, 'conversation id required'),
+  content: z.union([z.string(), z.record(z.any())]).refine(v => v !== undefined && v !== null && v !== '', { message: 'content required' }),
+}).passthrough();
+
 export function register(router, deps) {
   const { queries, activeExecutions, messageQueues, rateLimitState,
     broadcastSync, processMessageWithStreaming, cleanupExecution, logError = () => {} } = deps;
@@ -26,6 +59,7 @@ export function register(router, deps) {
   });
 
   router.handle('conv.new', (p) => {
+    p = validate(ConvNewSchema, p);
     const wd = p.workingDirectory ? path.resolve(expandTilde(p.workingDirectory)) : null;
     const conv = queries.createConversation(p.agentId, p.title, wd, p.model || null, p.subAgent || null);
     queries.createEvent('conversation.created', { agentId: p.agentId, workingDirectory: conv.workingDirectory, model: conv.model, subAgent: conv.subAgent }, conv.id);
@@ -40,6 +74,7 @@ export function register(router, deps) {
   });
 
   router.handle('conv.upd', (p) => {
+    p = validate(ConvUpdSchema, p);
     const { id, ...data } = p;
     if (data.workingDirectory) data.workingDirectory = path.resolve(data.workingDirectory);
     const conv = queries.updateConversation(id, data);
@@ -130,9 +165,9 @@ export function register(router, deps) {
   });
 
   router.handle('conv.steer', (p) => {
+    p = validate(ConvSteerSchema, p);
     const conv = queries.getConversation(p.id);
     if (!conv) notFound('Conversation not found');
-    if (!p.content) fail(400, 'Missing content');
 
     const entry = activeExecutions.get(p.id);
     if (!entry) fail(409, 'No active execution to steer');
@@ -226,6 +261,7 @@ export function register(router, deps) {
   });
 
   router.handle('msg.stream', (p) => {
+    p = validate(MsgStreamSchema, p);
     const conv = queries.getConversation(p.id);
     if (!conv) notFound('Conversation not found');
     const rawContent = p.content || p.message;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentgui",
-  "version": "1.0.694",
+  "version": "1.0.695",
   "description": "Multi-agent ACP client with real-time communication",
   "type": "module",
   "main": "server.js",
@@ -29,17 +29,21 @@
     "audio-decode": "^2.2.3",
     "better-sqlite3": "^12.6.2",
     "busboy": "^1.6.0",
+    "execa": "^9.6.1",
     "express": "^5.2.1",
     "form-data": "^4.0.5",
     "fsbrowse": "latest",
     "google-auth-library": "^10.5.0",
+    "lru-cache": "^11.2.7",
     "msgpackr": "^1.11.8",
     "onnxruntime-node": "1.21.0",
     "opencode-ai": "^1.2.15",
+    "p-retry": "^7.1.1",
     "pm2": "^5.4.3",
     "puppeteer-core": "^24.37.5",
     "webtalk": "^1.0.31",
-    "ws": "^8.14.2"
+    "ws": "^8.14.2",
+    "zod": "^4.3.6"
   },
   "optionalDependencies": {
     "node-pty": "^1.0.0"

package/server.js

@@ -7,6 +7,7 @@ import crypto from 'crypto';
 import { fileURLToPath } from 'url';
 import { WebSocketServer } from 'ws';
 import { execSync, spawn } from 'child_process';
+import { LRUCache } from 'lru-cache';
 import { createRequire } from 'module';
 const PKG_VERSION = JSON.parse(fs.readFileSync(new URL('./package.json', import.meta.url), 'utf8')).version;
 import { OAuth2Client } from 'google-auth-library';
@@ -3277,8 +3278,8 @@ function generateETag(stats) {
   return `"${stats.mtimeMs.toString(36)}-${stats.size.toString(36)}"`;
 }
 
-// In-memory cache: etag -> { br: Buffer, gz: Buffer, raw: Buffer }
-const _assetCache = new Map();
+// In-memory cache: etag -> { gz: Buffer, raw: Buffer } (bounded to 200 entries)
+const _assetCache = new LRUCache({ max: 200 });
 // Cached processed HTML (invalidated on hot-reload or server restart)
 let _htmlCache = null;
 let _htmlCacheEtag = null;