aiden-runtime 4.8.1 → 4.9.1

package/dist/cli/v4/ui/progressBar.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * cli/v4/ui/progressBar.ts — v4.9.1 reusable progress animation.
+ * Auto-detects TTY / NO_COLOR / TERM=dumb / CI to pick render mode
+ * (block glyphs vs `#-`, color vs plain, animated vs once-per-second
+ * non-TTY lines). Cursor hidden during animation, restored on exit.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectRenderMode = detectRenderMode;
+exports.renderLine = renderLine;
+exports.startProgressBar = startProgressBar;
+exports.npmInstallPhasePercent = npmInstallPhasePercent;
+exports.detectNpmPhase = detectNpmPhase;
+const DEFAULT_WIDTH = 28;
+const DEFAULT_TICK_MS = 100;
+/** Minimum elapsed before we paint anything — avoids flicker on sub-300ms ops. */
+const PAINT_AFTER_MS = 300;
+const ANSI_HIDE_CURSOR = '\x1b[?25l';
+const ANSI_SHOW_CURSOR = '\x1b[?25h';
+const ANSI_CLEAR_LINE = '\r\x1b[2K';
+const ANSI_BRAND = '\x1b[38;2;255;107;53m'; // RGB 255,107,53 (Aiden orange)
+const ANSI_MUTED = '\x1b[38;2;106;106;106m';
+const ANSI_SUCCESS = '\x1b[38;2;127;194;139m';
+const ANSI_ERROR = '\x1b[38;2;224;90;90m';
+const ANSI_RESET = '\x1b[0m';
+/** Detect the right render mode from TTY + env. Pure function. */
+function detectRenderMode(isTTY, env = process.env) {
+    if (!isTTY)
+        return { color: false, blocks: false, animated: false };
+    const noColor = env.NO_COLOR !== undefined && env.NO_COLOR !== '';
+    const dumb = env.TERM === 'dumb' || env.CI === 'true' || env.CI === '1';
+    return {
+        color: !noColor && !dumb,
+        blocks: !dumb,
+        animated: true,
+    };
+}
+/**
+ * Build the rendered line (without trailing newline). Pure so tests
+ * can assert byte-for-byte without timing.
+ */
+function renderLine(opts) {
+    const pct = Math.max(0, Math.min(100, Math.round(opts.percent)));
+    const filled = Math.round((pct / 100) * opts.width);
+    const empty = opts.width - filled;
+    const full = opts.mode.blocks ? '█' : '#';
+    const blank = opts.mode.blocks ? '░' : '-';
+    const elapsed = `${(opts.elapsedMs / 1000).toFixed(1)}s`;
+    const bar = full.repeat(filled) + blank.repeat(empty);
+    if (opts.mode.color) {
+        return `${ANSI_BRAND}[${bar}]${ANSI_RESET} ${pct}%  ${ANSI_MUTED}${opts.phase}${ANSI_RESET}  ${ANSI_MUTED}${elapsed}${ANSI_RESET}`;
+    }
+    return `[${bar}] ${pct}%  ${opts.phase}  ${elapsed}`;
+}
+/**
+ * Start a progress bar. Returns a controller object. Never throws —
+ * any I/O failure on output degrades the bar to a silent no-op while
+ * still honoring `complete` / `fail` semantics for the caller.
+ */
+function startProgressBar(opts) {
+    const width = opts.width ?? DEFAULT_WIDTH;
+    const out = opts.out ?? process.stdout;
+    const env = opts.env ?? process.env;
+    const tickMs = opts.tickMs ?? DEFAULT_TICK_MS;
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const isTTY = opts.isTTY ?? Boolean(out.isTTY);
+    const mode = detectRenderMode(isTTY, env);
+    const startedAt = Date.now();
+    let phase = opts.phases[0] ?? '';
+    let percent = 0;
+    let painted = false;
+    let closed = false;
+    const write = (s) => {
+        try {
+            out.write(s);
+        }
+        catch { /* swallow — never break caller */ }
+    };
+    // SIGINT: restore cursor + clear the partial line before bubbling.
+    const onSigint = () => {
+        try {
+            write(ANSI_CLEAR_LINE + ANSI_SHOW_CURSOR);
+        }
+        catch { /* noop */ }
+    };
+    if (mode.animated) {
+        try {
+            process.once('SIGINT', onSigint);
+        }
+        catch { /* noop */ }
+    }
+    // Label line paints once, immediately.
+    write(`${mode.color ? ANSI_MUTED : ''}${opts.label}${mode.color ? ANSI_RESET : ''}\n`);
+    const paint = () => {
+        if (closed)
+            return;
+        const elapsedMs = Date.now() - startedAt;
+        if (elapsedMs < PAINT_AFTER_MS)
+            return;
+        const line = renderLine({ width, percent, phase, elapsedMs, mode });
+        if (mode.animated) {
+            if (!painted) {
+                write(ANSI_HIDE_CURSOR);
+                painted = true;
+            }
+            write(ANSI_CLEAR_LINE + line);
+        }
+        else {
+            write(line + '\n');
+        }
+    };
+    let timer = null;
+    if (mode.animated) {
+        timer = setInterval(paint, tickMs);
+        if (typeof timer.unref === 'function')
+            timer.unref();
+    }
+    const close = (icon, color, message) => {
+        if (closed)
+            return;
+        closed = true;
+        if (timer)
+            clearInterval(timer);
+        try {
+            process.removeListener('SIGINT', onSigint);
+        }
+        catch { /* noop */ }
+        const finalLine = mode.color
+            ? `${color}${icon}${ANSI_RESET} ${message}`
+            : `${icon} ${message}`;
+        if (mode.animated && painted)
+            write(ANSI_CLEAR_LINE);
+        write(finalLine + '\n');
+        if (mode.animated)
+            write(ANSI_SHOW_CURSOR);
+    };
+    return {
+        setPhase(name) { phase = name; if (!mode.animated)
+            paint(); },
+        setPercent(p) { percent = p; if (!mode.animated)
+            paint(); },
+        complete(message) { close('✓', ANSI_SUCCESS, message); },
+        fail(message) { close('✗', ANSI_ERROR, message); },
+    };
+}
+/** npm install phase → default percent. Best-effort bar shaping. */
+function npmInstallPhasePercent(phase) {
+    switch (phase) {
+        case 'spawning': return 3;
+        case 'resolving': return 15;
+        case 'downloading': return 50;
+        case 'extracting': return 85;
+        case 'verifying': return 97;
+        case 'installed': return 100;
+        case 'failed': return 100;
+        default: return 0;
+    }
+}
+/** Detect npm phase from a stdout/stderr line. Checks ordered for npm 9/10/11. */
+function detectNpmPhase(line) {
+    const l = line.toLowerCase();
+    if (l.includes('added ') && l.includes('package'))
+        return 'verifying';
+    if (l.includes('http fetch'))
+        return 'downloading';
+    if (l.includes('extracting') || l.includes('extract'))
+        return 'extracting';
+    if (l.includes('reify:'))
+        return 'downloading';
+    if (l.includes('resolved') || l.includes('audit'))
+        return 'resolving';
+    return null;
+}

package/dist/cli/v4/util/closestAction.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.closestAction = closestAction;
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * cli/v4/util/closestAction.ts — v4.9.1 amendment.
+ * Suggest the closest known action when the user mis-types a subcommand.
+ * Matches if input is a substring of a known action OR Levenshtein
+ * distance ≤ 2. Returns null when nothing is reasonably close.
+ */
+function lev(a, b) {
+    const m = a.length, n = b.length;
+    if (m === 0)
+        return n;
+    if (n === 0)
+        return m;
+    const row = Array.from({ length: n + 1 }, (_, i) => i);
+    for (let i = 1; i <= m; i++) {
+        let prev = i - 1;
+        row[0] = i;
+        for (let j = 1; j <= n; j++) {
+            const cur = row[j];
+            row[j] = a[i - 1] === b[j - 1] ? prev : Math.min(prev, row[j - 1], row[j]) + 1;
+            prev = cur;
+        }
+    }
+    return row[n];
+}
+function closestAction(input, known) {
+    if (!input)
+        return null;
+    const lo = input.toLowerCase();
+    let best = null;
+    for (const k of known) {
+        const kl = k.toLowerCase();
+        if (kl.includes(lo) || lo.includes(kl))
+            return k;
+        const d = lev(lo, kl);
+        if (d <= 2 && (!best || d < best.d))
+            best = { name: k, d };
+    }
+    return best?.name ?? null;
+}

package/dist/core/v4/aidenAgent.js

@@ -698,7 +698,28 @@ class AidenAgent {
             }
             let output;
             try {
-                output = await this.callProvider(messages, effectiveTools, runOptions);
+                // v4.9.0 Slice 6 — wrap the provider call in an LLM span when
+                // the daemon foundation is up AND a runWithContext frame is
+                // active. NOOP otherwise. patchAttrs back-fills tokens +
+                // finish_reason from the response after the call returns.
+                const shim = llmSpanShim();
+                if (shim && shim.db && shim.hasContext()) {
+                    output = await shim.withLlmSpan(shim.db, { model: this.modelId ?? 'unknown', provider: this.providerId ?? 'unknown' }, async (_ctx, patchAttrs) => {
+                        const out = await this.callProvider(messages, effectiveTools, runOptions);
+                        patchAttrs({
+                            input_tokens: out.usage?.inputTokens ?? 0,
+                            output_tokens: out.usage?.outputTokens ?? 0,
+                            total_tokens: (out.usage?.inputTokens ?? 0) + (out.usage?.outputTokens ?? 0),
+                            cache_read_tokens: out.usage?.cacheReadTokens ?? 0,
+                            cache_write_tokens: out.usage?.cacheWriteTokens ?? 0,
+                            finish_reason: out.finishReason,
+                        });
+                        return out;
+                    });
+                }
+                else {
+                    output = await this.callProvider(messages, effectiveTools, runOptions);
+                }
             }
             catch (err) {
                 const error = err instanceof Error ? err : new Error(String(err));
@@ -1203,10 +1224,16 @@ class AidenAgent {
             this.onProviderRequestStart?.(this.providerId);
         }
         catch { /* defensive */ }
+        // v4.9.0 Slice 7 — when an ExecutionContext is active, emit
+        // outbound correlation headers (`traceparent`, `X-Aiden-*`). The
+        // adapter merges them under its own auth headers so they can't
+        // override security-relevant fields. No-context: headers omitted.
+        const ambient = (0, identity_1.currentContext)();
+        const outboundHeaders = ambient ? (0, identity_2.injectContextHeaders)(ambient) : undefined;
         if (!wantStream) {
             // v4.6 prep — forward the abort signal into the provider call so
             // an in-flight HTTP request can be cancelled mid-flight.
-            return this.provider.call({ messages, tools, signal: runOptions.signal });
+            return this.provider.call({ messages, tools, signal: runOptions.signal, headers: outboundHeaders });
         }
         let firstDeltaFired = false;
         let finalOutput = null;
@@ -1217,6 +1244,7 @@ class AidenAgent {
             // v4.6 prep — also forward to streaming adapters; mid-stream
             // aborts cancel the underlying SSE read via the same signal.
             signal: runOptions.signal,
+            headers: outboundHeaders,
         });
         for await (const evt of stream) {
             if (evt.type === 'delta') {
@@ -1304,3 +1332,18 @@ function stringifyToolResult(result) {
         return String(result);
     }
 }
+// v4.9.0 Slice 6 — static imports for the LLM span bridge. Same
+// reasoning as toolRegistry: vite-node doesn't intercept CJS require
+// for `.ts` modules, so the lazy `require()` form returned null in
+// tests. Static ESM imports work everywhere.
+const bootstrap_1 = require("./daemon/bootstrap");
+const spanHelpers_1 = require("./daemon/spans/spanHelpers");
+const identity_1 = require("./identity");
+// v4.9.0 Slice 7 — outbound trace propagation.
+const identity_2 = require("./identity");
+const _llmSpanShim = {
+    get db() { return (0, bootstrap_1.getCurrentDaemonDb)(); },
+    hasContext: () => (0, identity_1.currentContext)() !== undefined,
+    withLlmSpan: spanHelpers_1.withLlmSpan,
+};
+function llmSpanShim() { return _llmSpanShim; }

package/dist/core/v4/daemon/api/runs.js

@@ -0,0 +1,131 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/daemon/api/runs.ts — v4.9.0 Slice 5.
+ *
+ * `POST /api/runs` — durable run-acceptance ingress. The handler:
+ *
+ *   1. Validates the body (must contain at least `args` or `prompt`).
+ *   2. Computes a fingerprint from a canonical JSON of the body.
+ *   3. Honours a caller-supplied `Idempotency-Key` header (Stripe/RFC
+ *      pattern). If absent, falls back to the body fingerprint itself.
+ *   4. Calls `triggerBus.insert({source:'api',...})`, which (with
+ *      `enableRunIdempotency:true`) atomically writes both the
+ *      `trigger_events` row AND the `run_idempotency_keys` anchor.
+ *   5. Returns `202` with the persisted trigger_event id — the
+ *      dispatcher picks the row up off the queue and creates the
+ *      `runs` row downstream. This is the "202 only after durable
+ *      insert" guarantee.
+ *
+ * AUTH: the existing bind-safety check covers non-loopback binds; this
+ * endpoint inherits the same `AIDEN_API_KEY` requirement when the
+ * daemon binds beyond 127.0.0.1. Loopback-only callers (the common
+ * case) authenticate by being on-host.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.mountRunsRoutes = mountRunsRoutes;
+const express_1 = __importDefault(require("express"));
+const runIdempotencyStore_1 = require("../idempotency/runIdempotencyStore");
+// v4.9.0 Slice 7 — inbound trace adoption.
+const identity_1 = require("../../identity");
+const bootstrap_1 = require("../bootstrap");
+function mountRunsRoutes(opts) {
+    const PATH = '/api/runs';
+    opts.app.post(PATH, express_1.default.json({ limit: '1mb' }), (req, res, _next) => {
+        // Optional shared-secret auth.
+        if (opts.apiKeyRequired) {
+            const expected = process.env.AIDEN_API_KEY ?? '';
+            const auth = req.header('authorization') ?? '';
+            const tokenMatch = /^Bearer\s+(\S+)/i.exec(auth);
+            const provided = tokenMatch ? tokenMatch[1] : '';
+            if (!expected || expected !== provided) {
+                res.status(401).json({ error: 'unauthorized' });
+                return;
+            }
+        }
+        const body = (req.body ?? {});
+        if (!body || typeof body !== 'object' || Array.isArray(body)) {
+            res.status(400).json({ error: 'body must be a JSON object' });
+            return;
+        }
+        if (!body.args && !body.prompt) {
+            res.status(400).json({ error: 'body requires `args` or `prompt`' });
+            return;
+        }
+        const fingerprint = (0, runIdempotencyStore_1.fingerprintCanonical)(body);
+        const headerKey = (req.header('idempotency-key') ?? '').trim();
+        const idempotencyKey = headerKey.length > 0 ? headerKey : fingerprint;
+        const sourceKey = (typeof body.client_id === 'string' && body.client_id.length > 0)
+            ? body.client_id
+            : 'default';
+        // v4.9.0 Slice 7 — inbound trace adoption.
+        const incomingTp = (0, identity_1.parseTraceparent)(req.header('traceparent'));
+        const rawIncomingTp = req.header('traceparent');
+        if (rawIncomingTp && !incomingTp) {
+            opts.log('warn', `[api/runs] dropped malformed traceparent header (length=${rawIncomingTp.length})`);
+        }
+        const rawExternalReqId = req.header('x-request-id');
+        const externalReqId = (0, identity_1.validateExternalRequestId)(rawExternalReqId);
+        if (rawExternalReqId && externalReqId === null) {
+            opts.log('warn', `[api/runs] dropped invalid X-Request-Id header (length=${rawExternalReqId.length})`);
+        }
+        const ctx = {
+            daemonId: (0, bootstrap_1.getCurrentDaemonId)() ?? '',
+            incarnationId: (0, bootstrap_1.getCurrentIncarnationId)() ?? '',
+            runId: (0, identity_1.newRunId)(), // pre-claim run id (dispatcher assigns final numeric id)
+            traceId: incomingTp ? `trc_${incomingTp.traceId}` : (0, identity_1.newTraceId)(),
+            spanId: (0, identity_1.newSpanId)(),
+            parentSpanId: incomingTp?.parentSpanId ?? undefined,
+            requestId: (0, identity_1.newRequestId)(),
+            externalRequestId: externalReqId ?? undefined,
+            source: 'api',
+            attempt: 1,
+        };
+        void (0, identity_1.runWithContext)(ctx, () => {
+            try {
+                const result = opts.triggerBus.insert({
+                    source: 'manual',
+                    sourceKey,
+                    idempotencyKey,
+                    payload: {
+                        body, fingerprint, headerKey,
+                        external_trace_id: incomingTp?.traceId ?? null,
+                        external_request_id: externalReqId ?? null,
+                    },
+                });
+                // Persist `external_trace_id` on the trigger payload so the
+                // dispatcher can copy it onto the `runs` row when it
+                // creates one. We can't write to `runs` here (no run row
+                // yet), but the payload carries the value.
+                opts.log('info', `[api/runs] accepted trigger_event_id=${result.id} ` +
+                    `${incomingTp ? `external_trace_id=${incomingTp.traceId} ` : ''}` +
+                    `${externalReqId ? `external_request_id=${externalReqId}` : ''}`);
+                res.status(202).json({
+                    accepted: true,
+                    duplicate: !result.inserted,
+                    trigger_event_id: result.id,
+                    idempotency_key: idempotencyKey,
+                    run_id: ctx.runId,
+                    trace_id: ctx.traceId,
+                    external_trace_id: incomingTp?.traceId ?? null,
+                });
+            }
+            catch (e) {
+                opts.log('error', `[api/runs] insert failed: ${e instanceof Error ? e.message : String(e)}`);
+                res.status(500).json({ error: 'internal_error' });
+            }
+        });
+        // Quiet unused-warning on the db handle; future Slice 8 uses it
+        // to back-fill the `runs.external_trace_id` column on creation.
+        void bootstrap_1.getCurrentDaemonDb;
+    });
+    return { path: PATH };
+}