aiden-runtime 4.1.5 → 4.5.0

package/dist/core/v4/daemon/dispatcher/agentRunner.js

@@ -0,0 +1,98 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/daemon/dispatcher/agentRunner.ts — v4.5 Phase 5a.
+ *
+ * The seam between the dispatcher's claim/markDone loop and an
+ * AidenAgent invocation. Keeps the dispatcher testable without
+ * dragging in the full agent / provider / tool stack.
+ *
+ * Two responsibilities:
+ *   1. Define the `DaemonAgentRunner` interface (one `invoke` method).
+ *   2. Define `DaemonAgentInput` / `DaemonAgentResult` so the
+ *      dispatcher and bootstrap-side wiring agree on shape.
+ *
+ * Bootstrap is responsible for building a runner that holds the
+ * AidenAgent + provider + toolExecutor + plumbing. Tests pass a
+ * stub runner.
+ *
+ * Two pure helpers also live here:
+ *   - `buildInitialHistory(input)` — turns a `DaemonAgentInput`
+ *     into the `Message[]` the agent's `runConversation` expects.
+ *     Used by both the real runner and integration tests that
+ *     assert the dispatched message shape.
+ *   - `deliverOnlyStub(input, runStore, instanceId)` — the
+ *     deliver-only short-circuit. Q-P5-4(a): logs delivery via
+ *     a run_event row and returns immediately without invoking
+ *     the agent. Channel-adapter integration (Telegram, Discord,
+ *     etc.) is deferred to a future phase.
+ *
+ * The runner returns the `runId` written into `runs`. The
+ * dispatcher passes that to `triggerBus.markDone(eventId,
+ * claimToken, runId)` so the link FK is populated.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildInitialHistory = buildInitialHistory;
+exports.deliverOnlyStub = deliverOnlyStub;
+exports.makeRunner = makeRunner;
+// ── Pure helpers ───────────────────────────────────────────────────────────
+/**
+ * Construct the initial `Message[]` history fed to
+ * `AidenAgent.runConversation`. Single user message carrying
+ * the rendered initial message. The system prompt is layered
+ * on by the agent itself.
+ *
+ * Pure — no side effects, deterministic per input.
+ */
+function buildInitialHistory(input) {
+    return [
+        {
+            role: 'user',
+            content: input.initialMessage,
+        },
+    ];
+}
+/**
+ * Q-P5-4(a) deliver-only short-circuit.
+ *
+ * Creates a `runs` row with status `completed`, emits a
+ * `delivered` run_event capturing the rendered message, and
+ * returns a `DaemonAgentResult` with finishReason='delivered'.
+ *
+ * Channel-adapter integration (Telegram / Discord / Slack
+ * webhook target / etc.) is deferred. The stub records that
+ * "delivery" happened (logs only) so operators can verify the
+ * code path via run_events without yet wiring a transport.
+ */
+function deliverOnlyStub(input, runStore) {
+    const runId = runStore.create({
+        sessionId: input.sessionId,
+        instanceId: input.instanceId,
+        triggerEventId: input.triggerEventId,
+        status: 'running',
+    });
+    runStore.emitEvent(runId, 'delivered', {
+        source: input.triggerContext.source,
+        triggerId: input.triggerContext.triggerId,
+        eventId: input.triggerEventId,
+        messageBytes: input.initialMessage.length,
+        deliverOnly: true,
+        /* future: target channel, adapter, response */
+    });
+    runStore.setStatus(runId, 'completed', { finishReason: 'delivered' });
+    return { runId, finishReason: 'delivered' };
+}
+/**
+ * Wrap a function-shaped invocation into the `DaemonAgentRunner`
+ * interface. Convenience for tests + simple wiring.
+ *
+ *   const runner = makeRunner(async (input) => ({ runId, finishReason: 'stop' }));
+ */
+function makeRunner(invoke) {
+    return { invoke };
+}

package/dist/core/v4/daemon/dispatcher/budgetGate.js

@@ -0,0 +1,127 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/daemon/dispatcher/budgetGate.ts — v4.5 Phase 7.
+ *
+ * Two-layer cost guardrail for daemon-fired agent turns:
+ *
+ *   1. PER-TRIGGER (soft) — `spec.maxTokensPerFire`. Each turn
+ *      tracks token usage via `AidenAgent.onBudgetWarning`. When
+ *      crossed, the turn ABORTS via the wrap-controller's abort
+ *      signal; finishReason becomes `budget_exhausted`. NO bus-
+ *      level retry — that would just re-trigger the same blowup.
+ *
+ *   2. GLOBAL (hard) — `AIDEN_DAEMON_DAILY_BUDGET=<tokens>` env.
+ *      Pre-flight check before invoking the agent at all. When
+ *      hit, the dispatcher rejects new claims with a
+ *      `trigger_quota` tag (classifier maps to that category;
+ *      dispatcher dead-letters by retry-matrix).
+ *
+ * The gate exposes a single `evaluatePreTurn()` that combines
+ * both layers + returns a structured verdict. Callers wrap the
+ * agent loop in an `AbortController` whose `signal` the per-trigger
+ * watcher trips on threshold cross.
+ *
+ * Token accounting is best-effort — the agent's onToolCall +
+ * provider response token counts feed the watcher. Providers
+ * that don't surface usage (rare) get a zero-cost turn and
+ * neither cap fires. That's acceptable: the global daily budget
+ * is the strict safety net regardless.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.evaluatePreTurn = evaluatePreTurn;
+exports.consumePostTurn = consumePostTurn;
+exports.createPerTurnBudgetWatcher = createPerTurnBudgetWatcher;
+/**
+ * Pre-flight check before invoking the agent. When the daily
+ * budget is already exhausted, returns allowed=false WITHOUT
+ * consuming. When estimated tokens would push over the cap,
+ * also rejects pre-emptively. When the estimate fits (or
+ * unknown), allows — the per-trigger watcher catches in-flight
+ * overruns.
+ *
+ * Does NOT consume tokens itself. Token consumption happens
+ * mid/post-turn via `consumePostTurn()`.
+ */
+function evaluatePreTurn(input) {
+    const snapshot = input.tracker.peek({ budget: input.dailyBudget, now: input.now });
+    if (snapshot.exhausted) {
+        return {
+            allowed: false,
+            daily: snapshot,
+            reason: `trigger_quota: daily_budget_exhausted (used=${snapshot.used}/${snapshot.budget})`,
+        };
+    }
+    if (input.estimatedTokens && input.estimatedTokens > 0 && snapshot.budget !== null && snapshot.budget > 0) {
+        if (snapshot.used + input.estimatedTokens > snapshot.budget) {
+            return {
+                allowed: false,
+                daily: snapshot,
+                reason: `trigger_quota: estimated ${input.estimatedTokens} tokens exceeds remaining ${snapshot.remaining}`,
+            };
+        }
+    }
+    return { allowed: true, daily: snapshot };
+}
+/**
+ * Post-turn consumption. Caller passes the ACTUAL tokens the
+ * agent reported (or 0 when the provider didn't surface usage).
+ * Returns the post-consume snapshot for the dispatcher:completed
+ * event payload. Never throws — over-budget consume is just
+ * recorded (the next pre-turn check will reject the next claim).
+ */
+function consumePostTurn(input) {
+    if (input.actualTokens <= 0)
+        return input.tracker.peek({ budget: input.dailyBudget, now: input.now });
+    const r = input.tracker.addAndCheck(input.actualTokens, {
+        budget: input.dailyBudget,
+        now: input.now,
+    });
+    return r.snapshot;
+}
+function createPerTurnBudgetWatcher(opts) {
+    const limit = opts.maxTokensPerFire ?? null;
+    const ctl = new AbortController();
+    let used = 0;
+    let hit = false;
+    let reason = null;
+    function check() {
+        if (hit)
+            return;
+        if (limit === null || limit <= 0)
+            return;
+        if (used >= limit) {
+            hit = true;
+            reason = `per_trigger_budget_exhausted: ${used}/${limit}`;
+            try {
+                ctl.abort(reason);
+            }
+            catch { /* abort may throw on older Node; safe to swallow */ }
+        }
+    }
+    return {
+        tally(tokens) {
+            if (tokens > 0) {
+                used += tokens;
+                check();
+            }
+        },
+        used() { return used; },
+        hit() { return hit; },
+        reason() { return reason; },
+        signal: ctl.signal,
+        abort(r) {
+            hit = true;
+            reason = r ?? 'manual_abort';
+            try {
+                ctl.abort(reason);
+            }
+            catch { /* noop */ }
+        },
+    };
+}

package/dist/core/v4/daemon/dispatcher/daemonApproval.js

@@ -0,0 +1,113 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/daemon/dispatcher/daemonApproval.ts — v4.5 Phase 7.
+ *
+ * Non-interactive approval callbacks for daemon-mode agent turns.
+ * Interactive `approvalEngine.promptUser` requires a TTY; daemon-
+ * fired turns have no user, so we hand the engine an auto-decider
+ * keyed on the per-trigger policy (Q-P7-1a default: 'safe-only').
+ *
+ * Decision table:
+ *
+ *   policy            safe     caution    dangerous
+ *   ---------------   ------   --------   ---------
+ *   safe-only         allow    DENY       DENY     ← default
+ *   caution-ok        allow    allow      DENY
+ *   dangerous-ok      allow    allow      allow
+ *
+ * Every decision emits an `approval_decision` run_event with
+ * `{toolName, riskTier, decision, policy}` so the operator can
+ * audit what was let through and what was blocked.
+ *
+ * Denied tools surface to the agent as an `approval_denied`
+ * envelope; the daemon:dispatcher classifier maps these to
+ * `trigger_misconfigured` (already wired in failureClassifier.ts).
+ * Per-trigger override is loaded by the runner via
+ * `triggers.spec_json.daemonApproval` and passed to this builder.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_DAEMON_APPROVAL_POLICY = void 0;
+exports.buildDaemonApprovalCallbacks = buildDaemonApprovalCallbacks;
+exports.decideForPolicy = decideForPolicy;
+exports.isDaemonApprovalPolicy = isDaemonApprovalPolicy;
+exports.DEFAULT_DAEMON_APPROVAL_POLICY = 'safe-only';
+/**
+ * Build a non-interactive `ApprovalCallbacks` instance for use by
+ * a daemon-mode `ApprovalEngine`. Returns the same shape the
+ * interactive REPL builds — only `promptUser` is auto-deciding
+ * (instead of asking the user). `riskAssess` is intentionally
+ * absent: smart-mode auxiliary classifier doesn't fit a non-
+ * interactive turn (it'd burn an extra LLM call per tool and the
+ * tier table already encodes the policy).
+ */
+function buildDaemonApprovalCallbacks(input) {
+    const policy = input.policy;
+    const log = input.log ?? (() => { });
+    return {
+        /**
+         * The agent loop only invokes `promptUser` when the engine
+         * can't auto-decide via mode + tier. Daemon callbacks NEVER
+         * defer to a human — every call resolves here synchronously
+         * (well, via Promise.resolve for shape parity).
+         */
+        promptUser: async (req) => {
+            const decision = decideForPolicy(policy, req.riskTier ?? 'caution');
+            return decision;
+        },
+        /**
+         * `onDecision` fires AFTER every decision (allow + deny). We
+         * use it as the emission hook for the `approval_decision`
+         * run_event so EVERY decision lands in the audit log — not
+         * just the deferred-to-promptUser ones.
+         */
+        onDecision: (req, decision) => {
+            try {
+                input.runStore.emitEvent(input.runId, 'approval_decision', {
+                    toolName: req.toolName,
+                    category: req.category,
+                    riskTier: req.riskTier ?? 'caution',
+                    reason: req.reason ?? null,
+                    policy,
+                    decision,
+                });
+                if (decision === 'deny') {
+                    log('warn', `[daemon-approval] denied ${req.toolName} (tier=${req.riskTier ?? 'caution'} policy=${policy})`);
+                }
+            }
+            catch { /* never let logging crash the agent loop */ }
+        },
+    };
+}
+/**
+ * Pure decision function. Public for testing.
+ *
+ *   safe-only      → safe → allow_session,   caution|dangerous → deny
+ *   caution-ok     → safe|caution → allow_session, dangerous  → deny
+ *   dangerous-ok   → safe|caution|dangerous → allow_session
+ *
+ * Returns `allow_session` (not `allow_always`) so the agent's
+ * session-scoped allowlist doesn't grow unbounded across daemon
+ * turns of the same sessionId. The session-scoped allowlist DOES
+ * persist across multiple tool calls within ONE runConversation,
+ * which is the optimization we want: a webhook turn that touches
+ * `file_read` twice doesn't pay the auto-decide cost twice.
+ */
+function decideForPolicy(policy, tier) {
+    if (tier === 'safe')
+        return 'allow_session';
+    if (tier === 'caution') {
+        return policy === 'safe-only' ? 'deny' : 'allow_session';
+    }
+    // dangerous
+    return policy === 'dangerous-ok' ? 'allow_session' : 'deny';
+}
+/** Type-guard for runtime spec validation. */
+function isDaemonApprovalPolicy(s) {
+    return s === 'safe-only' || s === 'caution-ok' || s === 'dangerous-ok';
+}

package/dist/core/v4/daemon/dispatcher/dailyBudgetTracker.js

@@ -0,0 +1,120 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/daemon/dispatcher/dailyBudgetTracker.ts — v4.5 Phase 7.
+ *
+ * Persistent daily-token-budget counter for daemon-mode agent
+ * turns. Defends against "I set up 50 triggers and the bill
+ * exploded" (Q-P7-4a).
+ *
+ * Storage: piggyback on the existing `idempotency_keys` table
+ * via `scope='daemon_budget'` rows — no schema bump. One row per
+ * UTC day, `key=<yyyy-mm-dd>`, `response_json` carries the
+ * running total. `status_code` unused (200). `expires_at` set 7
+ * days out so the L2 sweep cleans old rows automatically.
+ *
+ * Threading: synchronous SQL writes serialize the counter at
+ * the SQLite level. Concurrency-safe against multiple producer
+ * threads in the same process. Cross-process daemons would need
+ * a separate locking step (out of scope — single-daemon-per-host
+ * is the v4.5 invariant).
+ *
+ * Cap evaluation: `addAndCheck(tokens)` returns `{allowed,
+ * remaining, used}`. Allowed=false means EITHER the add would
+ * exceed the budget OR the budget is already exhausted. Callers
+ * (`budgetGate.ts`) handle the reject path.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createDailyBudgetTracker = createDailyBudgetTracker;
+exports.utcDateKey = utcDateKey;
+const BUDGET_SCOPE = 'daemon_budget';
+const ROW_TTL_DAYS = 7;
+function createDailyBudgetTracker(opts) {
+    const db = opts.db;
+    const configuredBudget = opts.budget ?? null;
+    function readRow(date) {
+        const row = db.prepare(`SELECT response_json FROM idempotency_keys WHERE scope = ? AND key = ?`).get(BUDGET_SCOPE, date);
+        if (!row)
+            return 0;
+        try {
+            const parsed = JSON.parse(row.response_json);
+            return typeof parsed.used === 'number' ? parsed.used : 0;
+        }
+        catch {
+            return 0;
+        }
+    }
+    function writeRow(date, used, now) {
+        const expiresAt = now + ROW_TTL_DAYS * 24 * 60 * 60 * 1000;
+        db.prepare(`INSERT OR REPLACE INTO idempotency_keys
+         (scope, key, fingerprint, response_json, status_code, created_at, expires_at)
+       VALUES (?, ?, NULL, ?, 200, ?, ?)`).run(BUDGET_SCOPE, date, JSON.stringify({ used }), now, expiresAt);
+    }
+    function buildSnapshot(date, used, budget) {
+        return {
+            date,
+            used,
+            budget,
+            remaining: budget !== null && budget > 0 ? Math.max(0, budget - used) : Number.POSITIVE_INFINITY,
+            exhausted: budget !== null && budget > 0 && used >= budget,
+        };
+    }
+    return {
+        addAndCheck(tokens, opts2 = {}) {
+            const now = opts2.now ?? Date.now();
+            const date = utcDateKey(now);
+            const budget = opts2.budget !== undefined ? opts2.budget : configuredBudget;
+            const tx = db.transaction(() => {
+                const used = readRow(date);
+                // Refuse to consume when already at/over cap.
+                if (budget !== null && budget > 0 && used >= budget) {
+                    return {
+                        allowed: false,
+                        snapshot: buildSnapshot(date, used, budget),
+                        reason: `daily_budget_exhausted: ${used}/${budget} tokens used today (${date})`,
+                    };
+                }
+                // Refuse to consume when this call would push over cap.
+                const next = used + Math.max(0, tokens);
+                if (budget !== null && budget > 0 && next > budget) {
+                    return {
+                        allowed: false,
+                        snapshot: buildSnapshot(date, used, budget),
+                        reason: `daily_budget_would_exceed: ${tokens} > remaining ${budget - used}`,
+                    };
+                }
+                writeRow(date, next, now);
+                return {
+                    allowed: true,
+                    snapshot: buildSnapshot(date, next, budget),
+                };
+            });
+            return tx();
+        },
+        peek(opts2 = {}) {
+            const now = opts2.now ?? Date.now();
+            const date = utcDateKey(now);
+            const budget = opts2.budget !== undefined ? opts2.budget : configuredBudget;
+            const used = readRow(date);
+            return buildSnapshot(date, used, budget);
+        },
+        reset(opts2 = {}) {
+            const now = opts2.now ?? Date.now();
+            const date = utcDateKey(now);
+            writeRow(date, 0, now);
+        },
+    };
+}
+/** `2026-05-17` for the day midnight UTC of `nowMs`. Public for tests. */
+function utcDateKey(nowMs) {
+    const d = new Date(nowMs);
+    const y = d.getUTCFullYear();
+    const m = String(d.getUTCMonth() + 1).padStart(2, '0');
+    const day = String(d.getUTCDate()).padStart(2, '0');
+    return `${y}-${m}-${day}`;
+}