agentweaver 0.1.18 → 0.1.20

package/dist/interactive/web/server.js

@@ -1,12 +1,19 @@
 import { spawn } from "node:child_process";
 import { createHash, timingSafeEqual } from "node:crypto";
-import { existsSync, readFileSync, statSync } from "node:fs";
+import { closeSync, existsSync, openSync, readFileSync, readSync, realpathSync, statSync } from "node:fs";
 import http from "node:http";
 import path from "node:path";
 import process from "node:process";
 import { fileURLToPath } from "node:url";
+import { parseArtifactReference } from "../../artifact-manifest.js";
+import { scopeArtifactsDir, scopeWorkspaceDir } from "../../artifacts.js";
+import { GitDiffError } from "../../git/git-service.js";
+import { groupArtifactCatalog, inferArtifactRenderKind, inferArtifactRole, inferArtifactTitle, } from "../../runtime/artifact-catalog.js";
+import { createArtifactRegistry } from "../../runtime/artifact-registry.js";
 import { parseClientAction } from "./protocol.js";
 const STATIC_DIR = path.join(path.dirname(fileURLToPath(import.meta.url)), "static");
+const MAX_PREVIEW_SIZE = 512 * 1024;
+const MAX_JSON_PARSE_SIZE = 2 * 1024 * 1024;
 const CONTENT_TYPES = new Map([
     [".html", "text/html; charset=utf-8"],
     [".css", "text/css; charset=utf-8"],
@@ -15,6 +22,27 @@ const CONTENT_TYPES = new Map([
     [".svg", "image/svg+xml; charset=utf-8"],
 ]);
 const BASIC_AUTH_REALM = "AgentWeaver Web UI";
+const ARTIFACT_API_PREFIX = "/__agentweaver/api/artifacts";
+const GIT_DIFF_API_PATH = "/__agentweaver/api/git/diff";
+const GIT_DIFF_ERROR_STATUSES = {
+    missing_path: 400,
+    invalid_path: 403,
+    invalid_mode: 400,
+    missing_provider: 503,
+    repository_unavailable: 503,
+    forbidden_path: 403,
+    read_failed: 500,
+    git_failed: 500,
+};
+const ARTIFACT_ERROR_STATUSES = {
+    invalid_id: 400,
+    missing_scope: 400,
+    scope_mismatch: 403,
+    forbidden_path: 403,
+    not_found: 404,
+    unsupported_preview: 415,
+    read_failed: 500,
+};
 function hashCredential(value) {
     return createHash("sha256").update(value, "utf8").digest();
 }
@@ -106,6 +134,448 @@ function serveStaticAsset(request, response) {
     response.end(readFileSync(assetPath));
     return true;
 }
+function writeJson(response, statusCode, value) {
+    response.writeHead(statusCode, {
+        "content-type": "application/json; charset=utf-8",
+        "cache-control": "no-store",
+    });
+    response.end(JSON.stringify(value));
+}
+function writeArtifactApiError(response, code, message, artifact) {
+    writeJson(response, ARTIFACT_ERROR_STATUSES[code], {
+        code,
+        message,
+        ...(artifact ? { artifact } : {}),
+    });
+}
+function writeGitDiffApiError(response, code, message) {
+    writeJson(response, GIT_DIFF_ERROR_STATUSES[code], { code, message });
+}
+function safeArtifactMetadata(item) {
+    return {
+        id: item.id,
+        scopeKey: item.scopeKey,
+        runId: item.runId,
+        logicalKey: item.logicalKey,
+        title: item.title,
+        relativePath: item.relativePath,
+        kind: item.kind,
+        role: item.role,
+        phaseId: item.phaseId,
+        stepId: item.stepId,
+        schemaId: item.schemaId,
+        sizeBytes: item.sizeBytes,
+        updatedAt: item.updatedAt,
+        isLatest: item.isLatest,
+        source: item.source,
+    };
+}
+function normalizePathSeparators(value) {
+    return value.replace(/\\/g, "/");
+}
+function isInsideDirectory(parent, candidate) {
+    const relative = path.relative(parent, candidate);
+    return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative));
+}
+function safeDecodeURIComponent(value) {
+    try {
+        return decodeURIComponent(value);
+    }
+    catch {
+        return null;
+    }
+}
+function parseArtifactApiRoute(requestUrl) {
+    const parsed = new URL(requestUrl ?? "/", "http://agentweaver.local");
+    const scopeKey = parsed.searchParams.get("scope");
+    const runIds = parsed.searchParams.getAll("runId").filter((value, index, values) => (value.length > 0 && values.indexOf(value) === index));
+    if (parsed.pathname === ARTIFACT_API_PREFIX) {
+        return { kind: "list", scopeKey, runIds };
+    }
+    if (!parsed.pathname.startsWith(`${ARTIFACT_API_PREFIX}/`)) {
+        return null;
+    }
+    const suffix = parsed.pathname.slice(`${ARTIFACT_API_PREFIX}/`.length);
+    for (const action of ["preview", "raw", "download"]) {
+        const actionSuffix = `/${action}`;
+        if (!suffix.endsWith(actionSuffix)) {
+            continue;
+        }
+        const encodedId = suffix.slice(0, -actionSuffix.length);
+        const artifactId = safeDecodeURIComponent(encodedId);
+        if (!artifactId || artifactId.includes("\0")) {
+            return { kind: "content", artifactId: "", action, scopeKey, runIds };
+        }
+        return { kind: "content", artifactId, action, scopeKey, runIds };
+    }
+    return { kind: "content", artifactId: "", action: "preview", scopeKey, runIds };
+}
+function filterCatalog(catalog, scopeKey) {
+    const markdownItems = catalog.items.filter((item) => item.scopeKey === scopeKey && item.kind === "markdown");
+    const sortedItems = markdownItems.slice();
+    return {
+        scopeKey,
+        items: sortedItems,
+        groups: groupArtifactCatalog(sortedItems),
+    };
+}
+async function loadArtifactCatalog(options, input) {
+    if (!options.getArtifactCatalog) {
+        return null;
+    }
+    return options.getArtifactCatalog(input);
+}
+function scopeRelativePath(scopeKey, payloadPath) {
+    const workspaceDir = path.resolve(scopeWorkspaceDir(scopeKey));
+    const normalizedPayloadPath = path.resolve(payloadPath);
+    if (isInsideDirectory(workspaceDir, normalizedPayloadPath)) {
+        return normalizePathSeparators(path.relative(workspaceDir, normalizedPayloadPath));
+    }
+    return normalizePathSeparators(path.basename(normalizedPayloadPath));
+}
+function itemFromManifest(scopeKey, manifest) {
+    const relativePath = scopeRelativePath(scopeKey, manifest.payload_path);
+    const kind = inferArtifactRenderKind({
+        payloadFamily: manifest.payload_family,
+        schemaId: manifest.schema_id,
+        filePath: manifest.payload_path,
+    });
+    return {
+        id: manifest.artifact_id,
+        scopeKey,
+        runId: manifest.run_id,
+        logicalKey: manifest.logical_key,
+        title: inferArtifactTitle(scopeKey, manifest.logical_key, relativePath),
+        relativePath,
+        kind,
+        role: inferArtifactRole(manifest.logical_key, relativePath),
+        phaseId: manifest.phase_id || null,
+        stepId: manifest.step_id || null,
+        schemaId: manifest.schema_id || null,
+        sizeBytes: 0,
+        updatedAt: manifest.created_at,
+        isLatest: manifest.status === "ready",
+        source: "manifest",
+    };
+}
+function realExistingRoots(scopeKey) {
+    const roots = [scopeWorkspaceDir(scopeKey), scopeArtifactsDir(scopeKey)];
+    const realRoots = [];
+    for (const root of roots) {
+        try {
+            realRoots.push(realpathSync(root));
+        }
+        catch {
+            // A missing .artifacts directory should not block regular scope files.
+        }
+    }
+    return [...new Set(realRoots)];
+}
+function assertContainedRegularFile(scopeKey, filePath) {
+    let realPath;
+    try {
+        realPath = realpathSync(filePath);
+    }
+    catch {
+        throw new ArtifactApiResolutionError("not_found");
+    }
+    const allowedRoots = realExistingRoots(scopeKey);
+    if (allowedRoots.length === 0 || !allowedRoots.some((root) => isInsideDirectory(root, realPath))) {
+        throw new ArtifactApiResolutionError("forbidden_path");
+    }
+    let stats;
+    try {
+        stats = statSync(realPath);
+    }
+    catch {
+        throw new ArtifactApiResolutionError("not_found");
+    }
+    if (!stats.isFile()) {
+        throw new ArtifactApiResolutionError("forbidden_path");
+    }
+    return { filePath, realPath, stats };
+}
+class ArtifactApiResolutionError extends Error {
+    code;
+    constructor(code) {
+        super(code);
+        this.code = code;
+    }
+}
+function catalogFilePath(scopeKey, item) {
+    if (path.isAbsolute(item.relativePath) || item.relativePath.includes("\0")) {
+        throw new ArtifactApiResolutionError("forbidden_path");
+    }
+    return path.join(scopeWorkspaceDir(scopeKey), item.relativePath);
+}
+function findCatalogItemForReference(catalog, reference) {
+    return catalog.items.find((item) => item.id === reference) ?? null;
+}
+function resolveArtifactRequest(catalog, artifactId) {
+    if (!artifactId.trim() || artifactId.includes("\0")) {
+        throw new ArtifactApiResolutionError("invalid_id");
+    }
+    const parsedReference = parseArtifactReference(artifactId);
+    if (parsedReference) {
+        if (parsedReference.kind === "artifact-id" && parsedReference.parsedId.scopeKey !== catalog.scopeKey) {
+            throw new ArtifactApiResolutionError("scope_mismatch");
+        }
+        let manifest;
+        try {
+            manifest = createArtifactRegistry().resolveArtifact(catalog.scopeKey, artifactId);
+        }
+        catch {
+            throw new ArtifactApiResolutionError("not_found");
+        }
+        const item = findCatalogItemForReference(catalog, manifest.artifact_id) ?? itemFromManifest(catalog.scopeKey, manifest);
+        const contained = assertContainedRegularFile(catalog.scopeKey, manifest.payload_path);
+        return { item: { ...item, sizeBytes: contained.stats.size }, ...contained };
+    }
+    const item = findCatalogItemForReference(catalog, artifactId);
+    if (!item) {
+        throw new ArtifactApiResolutionError("invalid_id");
+    }
+    if (item.scopeKey !== catalog.scopeKey) {
+        throw new ArtifactApiResolutionError("scope_mismatch");
+    }
+    const contained = assertContainedRegularFile(catalog.scopeKey, catalogFilePath(catalog.scopeKey, item));
+    return { item: { ...item, sizeBytes: contained.stats.size }, ...contained };
+}
+function readLeadingBytes(filePath, byteLimit) {
+    const fd = openSync(filePath, "r");
+    try {
+        const buffer = Buffer.alloc(byteLimit);
+        const loadedBytes = readSync(fd, buffer, 0, byteLimit, 0);
+        return { buffer: buffer.subarray(0, loadedBytes), loadedBytes };
+    }
+    finally {
+        closeSync(fd);
+    }
+}
+function contentTypeForArtifactKind(kind) {
+    switch (kind) {
+        case "markdown":
+            return "text/markdown; charset=utf-8";
+        case "json":
+            return "application/json; charset=utf-8";
+        case "text":
+        case "diff":
+            return "text/plain; charset=utf-8";
+        case "binary":
+        case "unknown":
+            return "application/octet-stream";
+    }
+}
+function sanitizeDownloadFilename(value) {
+    const normalizedSeparators = normalizePathSeparators(value);
+    const basename = path.posix.basename(normalizedSeparators);
+    const sanitized = basename
+        .replace(/["\r\n\\/]/g, "_")
+        .replace(/[\x00-\x1f\x7f-\x9f]/g, "_")
+        .replace(/[^\x20-\x7e]/g, "_")
+        .replace(/\s+/g, " ")
+        .trim()
+        .slice(0, 120);
+    return sanitized && sanitized !== "." && sanitized !== ".." ? sanitized : "artifact";
+}
+function writeArtifactBytes(response, resolved, attachment) {
+    const headers = {
+        "content-type": contentTypeForArtifactKind(resolved.item.kind),
+        "cache-control": "no-store",
+        "x-content-type-options": "nosniff",
+    };
+    if (attachment) {
+        headers["content-disposition"] = `attachment; filename="${sanitizeDownloadFilename(resolved.item.relativePath || path.basename(resolved.realPath))}"`;
+    }
+    let bytes;
+    try {
+        bytes = readFileSync(resolved.realPath);
+    }
+    catch {
+        writeArtifactApiError(response, "read_failed", "Artifact content could not be read.", safeArtifactMetadata(resolved.item));
+        return;
+    }
+    response.writeHead(200, headers);
+    response.end(bytes);
+}
+function previewJsonArtifact(resolved) {
+    if (resolved.stats.size <= MAX_JSON_PARSE_SIZE) {
+        const loadedBytes = Number(resolved.stats.size);
+        const content = readFileSync(resolved.realPath).toString("utf8");
+        const contentBytes = Buffer.from(content, "utf8");
+        if (contentBytes.length > MAX_PREVIEW_SIZE) {
+            return {
+                content: contentBytes.subarray(0, MAX_PREVIEW_SIZE).toString("utf8"),
+                loadedBytes,
+                truncated: true,
+                jsonParseSafe: false,
+            };
+        }
+        return { content, loadedBytes, truncated: false, jsonParseSafe: true };
+    }
+    const { buffer, loadedBytes } = readLeadingBytes(resolved.realPath, MAX_PREVIEW_SIZE);
+    return {
+        content: buffer.toString("utf8"),
+        loadedBytes,
+        truncated: true,
+        jsonParseSafe: false,
+    };
+}
+function writeArtifactPreview(response, resolved) {
+    if (resolved.item.kind === "binary" || resolved.item.kind === "unknown") {
+        writeArtifactApiError(response, "unsupported_preview", "Artifact preview is not supported for this content type.", safeArtifactMetadata(resolved.item));
+        return;
+    }
+    try {
+        const preview = resolved.item.kind === "json"
+            ? previewJsonArtifact(resolved)
+            : (() => {
+                const byteLimit = Math.min(Number(resolved.stats.size), MAX_PREVIEW_SIZE);
+                const { buffer, loadedBytes } = readLeadingBytes(resolved.realPath, byteLimit);
+                return {
+                    content: buffer.toString("utf8"),
+                    loadedBytes,
+                    truncated: resolved.stats.size > loadedBytes,
+                };
+            })();
+        writeJson(response, 200, {
+            artifact: safeArtifactMetadata(resolved.item),
+            renderKind: resolved.item.kind,
+            kind: resolved.item.kind,
+            encoding: "utf-8",
+            content: preview.content,
+            truncated: preview.truncated,
+            sizeBytes: resolved.stats.size,
+            loadedBytes: preview.loadedBytes,
+            ...(resolved.item.kind === "json" ? { jsonParseSafe: preview.jsonParseSafe } : {}),
+        });
+    }
+    catch {
+        writeArtifactApiError(response, "read_failed", "Artifact preview could not be read.", safeArtifactMetadata(resolved.item));
+    }
+}
+function handleArtifactApiRequest(request, response, options, auth) {
+    if (request.method !== "GET") {
+        return false;
+    }
+    const route = parseArtifactApiRoute(request.url);
+    if (!route) {
+        return false;
+    }
+    if (!isAuthorized(request, auth)) {
+        writeAuthRequired(response);
+        return true;
+    }
+    if (route.kind === "list") {
+        if (!route.scopeKey) {
+            writeArtifactApiError(response, "missing_scope", "A scope query parameter is required.");
+            return true;
+        }
+        void loadArtifactCatalog(options, {
+            scopeKey: route.scopeKey,
+        })
+            .then((catalog) => {
+            if (!catalog) {
+                writeArtifactApiError(response, "not_found", "Artifact catalog provider is not configured.");
+                return;
+            }
+            if (catalog.scopeKey !== route.scopeKey) {
+                writeArtifactApiError(response, "scope_mismatch", "Requested scope does not match the active Web UI scope.");
+                return;
+            }
+            writeJson(response, 200, filterCatalog(catalog, route.scopeKey));
+        })
+            .catch(() => {
+            writeArtifactApiError(response, "read_failed", "Artifact catalog could not be loaded.");
+        });
+        return true;
+    }
+    if (!route.artifactId) {
+        writeArtifactApiError(response, "invalid_id", "Artifact identifier is invalid.");
+        return true;
+    }
+    void loadArtifactCatalog(options, {
+        ...(route.scopeKey ? { scopeKey: route.scopeKey } : {}),
+    })
+        .then((catalog) => {
+        if (!catalog) {
+            writeArtifactApiError(response, "not_found", "Artifact catalog provider is not configured.");
+            return;
+        }
+        if (route.scopeKey && catalog.scopeKey !== route.scopeKey) {
+            writeArtifactApiError(response, "scope_mismatch", "Requested scope does not match the active Web UI scope.");
+            return;
+        }
+        let resolved;
+        try {
+            resolved = resolveArtifactRequest(catalog, route.artifactId);
+        }
+        catch (error) {
+            const code = error instanceof ArtifactApiResolutionError ? error.code : "read_failed";
+            writeArtifactApiError(response, code, code === "invalid_id" ? "Artifact identifier is invalid." : "Artifact could not be resolved.");
+            return;
+        }
+        if (route.action === "preview") {
+            writeArtifactPreview(response, resolved);
+            return;
+        }
+        writeArtifactBytes(response, resolved, route.action === "download");
+    })
+        .catch(() => {
+        writeArtifactApiError(response, "read_failed", "Artifact could not be loaded.");
+    });
+    return true;
+}
+function isGitDiffMode(value) {
+    return value === "head" || value === "staged" || value === "worktree";
+}
+function gitDiffErrorCode(error) {
+    if (error instanceof GitDiffError && error.code in GIT_DIFF_ERROR_STATUSES) {
+        return error.code;
+    }
+    return "git_failed";
+}
+function handleGitDiffApiRequest(request, response, options, auth) {
+    const parsed = new URL(request.url ?? "/", "http://agentweaver.local");
+    if (parsed.pathname !== GIT_DIFF_API_PATH) {
+        return false;
+    }
+    if (request.method !== "GET") {
+        return false;
+    }
+    if (!isAuthorized(request, auth)) {
+        writeAuthRequired(response);
+        return true;
+    }
+    if (!options.gitService || !options.getGitWorkspaceSnapshot) {
+        writeGitDiffApiError(response, "missing_provider", "Git diff provider is not configured.");
+        return true;
+    }
+    const filePath = parsed.searchParams.get("path");
+    const mode = parsed.searchParams.get("mode");
+    if (!filePath) {
+        writeGitDiffApiError(response, "missing_path", "A path query parameter is required.");
+        return true;
+    }
+    if (!isGitDiffMode(mode)) {
+        writeGitDiffApiError(response, "invalid_mode", "Mode must be head, staged, or worktree.");
+        return true;
+    }
+    const snapshot = options.getGitWorkspaceSnapshot();
+    if (!snapshot || !snapshot.available || !snapshot.repositoryRoot) {
+        writeGitDiffApiError(response, "repository_unavailable", snapshot?.error ?? "Git repository is not available.");
+        return true;
+    }
+    void options.gitService.diffFile(filePath, mode, snapshot)
+        .then((diff) => {
+        writeJson(response, 200, diff);
+    })
+        .catch((error) => {
+        const code = gitDiffErrorCode(error);
+        writeGitDiffApiError(response, code, error.message || "Git diff request failed.");
+    });
+    return true;
+}
 function htmlShell() {
     return `<!doctype html>
 <html lang="en">
@@ -425,8 +895,32 @@ export async function startWebServer(options) {
     let closed = false;
     const server = http.createServer((request, response) => {
         if (request.method === "GET" && request.url === "/__agentweaver/health") {
-            response.writeHead(200, { "content-type": "application/json; charset=utf-8" });
-            response.end(JSON.stringify({ ok: true }));
+            writeJson(response, 200, { ok: true });
+            return;
+        }
+        if (handleGitDiffApiRequest(request, response, options, auth)) {
+            return;
+        }
+        if (handleArtifactApiRequest(request, response, options, auth)) {
+            return;
+        }
+        if (request.method === "GET" && request.url === "/__agentweaver/artifacts") {
+            if (!isAuthorized(request, auth)) {
+                writeAuthRequired(response);
+                return;
+            }
+            if (!options.getArtifactCatalog) {
+                writeJson(response, 404, { error: "Artifact catalog provider is not configured." });
+                return;
+            }
+            void Promise.resolve()
+                .then(() => options.getArtifactCatalog?.())
+                .then((catalog) => {
+                writeJson(response, 200, catalog);
+            })
+                .catch((error) => {
+                writeJson(response, 500, { error: error.message });
+            });
             return;
         }
         if (request.method === "GET" && staticAssetPath(request.url)) {