npm - arkaos - Versions diffs - 3.49.0 → 3.51.0 - Mend

arkaos 3.49.0 → 3.51.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/VERSION +1 -1
package/dashboard/app/layouts/default.vue +7 -0
package/dashboard/app/pages/terminal.vue +224 -0
package/dashboard/app/pages/workflows.vue +89 -3
package/package.json +1 -1
package/pyproject.toml +1 -1
package/scripts/__pycache__/dashboard-api.cpython-313.pyc +0 -0
package/scripts/dashboard-api.py +170 -0

package/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 3.49.0
1	+ 3.51.0

package/dashboard/app/layouts/default.vue CHANGED Viewed

@@ -59,6 +59,13 @@ const links = [[{
   onSelect: () => {
     open.value = false
   }
+}, {
+  label: 'Terminal',
+  icon: 'i-lucide-terminal',
+  to: '/terminal',
+  onSelect: () => {
+    open.value = false
+  }
 }, {
   label: 'Workflows',
   icon: 'i-lucide-workflow',

package/dashboard/app/pages/terminal.vue ADDED Viewed

@@ -0,0 +1,224 @@
+<script setup lang="ts">
+// PR95a v3.51.0 — Dashboard terminal (allowlist mode).
+//
+// Operator picks one of the allowlisted commands; backend runs it via
+// subprocess.run (no shell). Output streams into the history block.
+//
+// Note: vue-termui is for building Vue TUI apps that RUN in a terminal,
+// not for embedding an arbitrary shell in a browser. The dashboard
+// instead ships a controlled command runner with allowlist + capped
+// output. xterm.js-style PTY can be a later upgrade if needed.
+interface CommandEntry {
+  id: string
+  label: string
+  description: string
+}
+interface ExecResult {
+  stdout: string
+  stderr: string
+  exit_code: number
+  duration_ms: number
+  command: string
+}
+interface HistoryEntry {
+  id: string
+  label: string
+  result: ExecResult
+  ts: string
+}
+const { fetchApi, apiBase } = useApi()
+const toast = useToast()
+const { data: cmdData, status } = await fetchApi<{ commands: CommandEntry[] }>(
+  '/api/terminal/commands',
+)
+const commands = computed<CommandEntry[]>(() => cmdData.value?.commands ?? [])
+const running = ref<string | null>(null)
+const history = ref<HistoryEntry[]>([])
+async function run(cmd: CommandEntry) {
+  running.value = cmd.id
+  try {
+    const res = await $fetch<ExecResult & { error?: string }>(
+      `${apiBase}/api/terminal/exec`,
+      { method: 'POST', body: { command_id: cmd.id } },
+    )
+    if (res.error) throw new Error(res.error)
+    history.value = [
+      {
+        id: cmd.id,
+        label: cmd.label,
+        result: res,
+        ts: new Date().toISOString(),
+      },
+      ...history.value,
+    ].slice(0, 20)
+    if (res.exit_code === 0) {
+      toast.add({
+        title: `${cmd.label} · ok`,
+        description: `${res.duration_ms}ms`,
+        color: 'success',
+        icon: 'i-lucide-check',
+      })
+    } else {
+      toast.add({
+        title: `${cmd.label} · exit ${res.exit_code}`,
+        description: `${res.duration_ms}ms · ${res.stderr.slice(0, 80) || 'no stderr'}`,
+        color: 'warning',
+      })
+    }
+  } catch (err) {
+    toast.add({
+      title: 'Run failed',
+      description: err instanceof Error ? err.message : 'unknown error',
+      color: 'error',
+    })
+  } finally {
+    running.value = null
+  }
+}
+function copyOutput(entry: HistoryEntry) {
+  if (typeof navigator === 'undefined' || !navigator.clipboard) return
+  const body = entry.result.stdout || entry.result.stderr
+  void navigator.clipboard.writeText(body)
+  toast.add({ title: 'Copied to clipboard', color: 'success', icon: 'i-lucide-clipboard-check' })
+}
+function clearHistory() {
+  history.value = []
+}
+function relative(iso: string): string {
+  const ts = Date.parse(iso)
+  if (Number.isNaN(ts)) return iso
+  const diff = Date.now() - ts
+  const s = Math.floor(diff / 1000)
+  if (s < 60) return `${s}s ago`
+  const m = Math.floor(s / 60)
+  if (m < 60) return `${m}m ago`
+  return `${Math.floor(m / 60)}h ago`
+}
+</script>
+<template>
+  <UDashboardPanel id="terminal">
+    <template #header>
+      <UDashboardNavbar title="Terminal">
+        <template #leading>
+          <UDashboardSidebarCollapse />
+        </template>
+        <template #trailing>
+          <UBadge label="Allowlist mode" variant="subtle" color="primary" size="sm" />
+        </template>
+      </UDashboardNavbar>
+    </template>
+    <template #body>
+      <DashboardState
+        :status="status"
+        :empty="commands.length === 0"
+        empty-title="No allowlisted commands"
+        empty-description="The backend exposes no terminal commands. Add to TERMINAL_ALLOWLIST."
+        empty-icon="i-lucide-terminal"
+      >
+        <div class="space-y-5 max-w-4xl">
+          <UCard>
+            <template #header>
+              <div>
+                <h3 class="text-lg font-bold">Commands</h3>
+                <p class="text-xs text-muted mt-0.5">
+                  Server-enforced allowlist. Each command runs via
+                  <code class="font-mono">subprocess.run</code> with explicit argv —
+                  no shell, no globbing, no pipes. Cap: 15s timeout, 20K chars per stream.
+                </p>
+              </div>
+            </template>
+            <div class="grid grid-cols-1 md:grid-cols-2 gap-2">
+              <UButton
+                v-for="cmd in commands"
+                :key="cmd.id"
+                :label="cmd.label"
+                :description="cmd.description"
+                icon="i-lucide-terminal"
+                variant="soft"
+                color="primary"
+                size="sm"
+                block
+                class="justify-start"
+                :loading="running === cmd.id"
+                :disabled="running !== null && running !== cmd.id"
+                @click="run(cmd)"
+              />
+            </div>
+          </UCard>
+          <UCard v-if="history.length > 0">
+            <template #header>
+              <div class="flex items-center justify-between gap-3">
+                <div>
+                  <h3 class="text-lg font-bold">Recent runs</h3>
+                  <p class="text-xs text-muted mt-0.5">
+                    Last {{ history.length }} commands · most recent first
+                  </p>
+                </div>
+                <UButton label="Clear" variant="ghost" size="xs" @click="clearHistory" />
+              </div>
+            </template>
+            <ul class="space-y-4">
+              <li
+                v-for="entry in history"
+                :key="`${entry.ts}-${entry.id}`"
+                class="rounded-lg border border-default overflow-hidden"
+              >
+                <div class="px-3 py-2 bg-elevated/30 flex items-center justify-between gap-3 text-xs">
+                  <div class="min-w-0 flex items-center gap-2">
+                    <UBadge
+                      :label="entry.result.exit_code === 0 ? 'ok' : `exit ${entry.result.exit_code}`"
+                      :color="entry.result.exit_code === 0 ? 'success' : 'warning'"
+                      variant="subtle"
+                      size="xs"
+                    />
+                    <span class="font-mono truncate">{{ entry.result.command }}</span>
+                  </div>
+                  <div class="flex items-center gap-2 shrink-0">
+                    <span class="text-muted font-mono">{{ entry.result.duration_ms }}ms</span>
+                    <span class="text-muted">{{ relative(entry.ts) }}</span>
+                    <UButton
+                      icon="i-lucide-clipboard-copy"
+                      variant="ghost"
+                      size="xs"
+                      aria-label="Copy output"
+                      @click="copyOutput(entry)"
+                    />
+                  </div>
+                </div>
+                <pre
+                  v-if="entry.result.stdout"
+                  class="p-3 text-xs font-mono whitespace-pre overflow-x-auto"
+                >{{ entry.result.stdout }}</pre>
+                <pre
+                  v-if="entry.result.stderr"
+                  class="p-3 text-xs font-mono whitespace-pre overflow-x-auto text-rose-500 border-t border-default"
+                >{{ entry.result.stderr }}</pre>
+              </li>
+            </ul>
+          </UCard>
+          <p class="text-xs text-muted">
+            Want a different command? Add it to
+            <code class="font-mono">TERMINAL_ALLOWLIST</code> in
+            <code class="font-mono">scripts/dashboard-api.py</code> and
+            restart the backend. Arbitrary shell execution from the
+            dashboard is intentionally not supported.
+          </p>
+        </div>
+      </DashboardState>
+    </template>
+  </UDashboardPanel>
+</template>

package/dashboard/app/pages/workflows.vue CHANGED Viewed

@@ -30,8 +30,55 @@ interface Workflow {
 }
 const { fetchApi, apiBase } = useApi()
+const toast = useToast()
 const { data, status, error, refresh } = await fetchApi<{ workflows: Workflow[] }>('/api/workflows')
+// PR94d v3.50.0 — inline YAML editor state.
+const editingYaml = ref(false)
+const yamlDraft = ref('')
+const savingYaml = ref(false)
+function startEditYaml() {
+  if (!selected.value) return
+  yamlDraft.value = selected.value.content
+  editingYaml.value = true
+}
+function cancelEditYaml() {
+  yamlDraft.value = ''
+  editingYaml.value = false
+}
+async function saveYaml() {
+  if (!selected.value) return
+  savingYaml.value = true
+  try {
+    const res = await $fetch<{ updated?: boolean, error?: string }>(
+      `${apiBase}/api/workflows/${selected.value.id}/yaml`,
+      { method: 'PUT', body: { content: yamlDraft.value } },
+    )
+    if (res.error) throw new Error(res.error)
+    toast.add({
+      title: 'YAML updated',
+      description: selected.value.file,
+      color: 'success',
+      icon: 'i-lucide-check',
+    })
+    // Patch local content so the preview shows the new YAML immediately.
+    selected.value = { ...selected.value, content: yamlDraft.value }
+    editingYaml.value = false
+    await refresh()
+  } catch (err) {
+    toast.add({
+      title: 'Save failed',
+      description: err instanceof Error ? err.message : 'unknown error',
+      color: 'error',
+    })
+  } finally {
+    savingYaml.value = false
+  }
+}
 // PR89b v3.28.0 — recent runs for the selected workflow.
 interface WorkflowRun {
   session_id: string
@@ -171,7 +218,7 @@ const columns: TableColumn<Workflow>[] = [
               th: 'py-2 first:rounded-l-lg last:rounded-r-lg border-y border-default first:border-l last:border-r',
               td: 'border-b border-default',
             }"
-            @select="(row: { original: Workflow }) => { selected = row.original; sidePanelTab = 'flow'; runs = []; loadRuns(row.original.id) }"
+            @select="(row: { original: Workflow }) => { selected = row.original; sidePanelTab = 'flow'; runs = []; editingYaml = false; loadRuns(row.original.id) }"
           >
             <template #name-cell="{ row }">
               <div class="min-w-0">
@@ -292,8 +339,47 @@ const columns: TableColumn<Workflow>[] = [
                 No phases defined.
               </div>
             </div>
-            <div v-else-if="sidePanelTab === 'yaml'" class="overflow-x-auto">
-              <pre class="p-4 text-xs font-mono whitespace-pre">{{ selected.content }}</pre>
+            <div v-else-if="sidePanelTab === 'yaml'" class="flex flex-col">
+              <div class="px-4 py-2 border-b border-default flex items-center justify-between text-xs">
+                <span class="text-muted font-mono">{{ selected.file }}</span>
+                <div class="flex items-center gap-2">
+                  <template v-if="!editingYaml">
+                    <UButton
+                      label="Edit"
+                      icon="i-lucide-pencil"
+                      size="xs"
+                      variant="soft"
+                      @click="startEditYaml"
+                    />
+                  </template>
+                  <template v-else>
+                    <UButton
+                      label="Cancel"
+                      variant="ghost"
+                      size="xs"
+                      :disabled="savingYaml"
+                      @click="cancelEditYaml"
+                    />
+                    <UButton
+                      label="Save"
+                      icon="i-lucide-check"
+                      color="primary"
+                      size="xs"
+                      :loading="savingYaml"
+                      @click="saveYaml"
+                    />
+                  </template>
+                </div>
+              </div>
+              <div v-if="!editingYaml" class="overflow-x-auto">
+                <pre class="p-4 text-xs font-mono whitespace-pre">{{ selected.content }}</pre>
+              </div>
+              <UTextarea
+                v-else
+                v-model="yamlDraft"
+                :rows="20"
+                class="m-2 font-mono text-xs"
+              />
             </div>
             <div v-else class="p-4">
               <div v-if="runsLoading" class="py-6 text-center text-sm text-muted">

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "arkaos",
-  "version": "3.49.0",
+  "version": "3.51.0",
   "description": "The Operating System for AI Agent Teams",
   "type": "module",
   "bin": {

package/pyproject.toml CHANGED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "arkaos-core"
-version = "3.49.0"
+version = "3.51.0"
 description = "Core engine for ArkaOS — The Operating System for AI Agent Teams"
 readme = "README.md"
 license = {text = "MIT"}

package/scripts/__pycache__/dashboard-api.cpython-313.pyc CHANGED Viewed

Binary file

package/scripts/dashboard-api.py CHANGED Viewed

@@ -1894,6 +1894,176 @@ def _iso_duration_s(start_iso: str, end_iso: str) -> Optional[int]:
         return None
+# --- Terminal command runner (PR95a v3.51.0) ---
+# Allowlist of commands the dashboard terminal can run. Each entry is
+# {id, label, cmd, description}. Server-side enforcement: any request
+# whose `command_id` isn't in this list is rejected. No shell expansion,
+# no globbing, no pipes — subprocess.run with explicit argv only.
+TERMINAL_ALLOWLIST: list[dict] = [
+    {
+        "id": "arka-status",
+        "label": "ArkaOS status",
+        "cmd": ["arkaos", "status"],
+        "description": "System status (version, departments, agents, projects).",
+    },
+    {
+        "id": "git-status",
+        "label": "git status",
+        "cmd": ["git", "status", "--short"],
+        "description": "Working tree status in short form.",
+    },
+    {
+        "id": "git-log",
+        "label": "git log (10)",
+        "cmd": ["git", "log", "-10", "--oneline"],
+        "description": "Most recent 10 commits.",
+    },
+    {
+        "id": "npm-version",
+        "label": "npm view arkaos version",
+        "cmd": ["npm", "view", "arkaos", "version"],
+        "description": "Latest published ArkaOS version on npm.",
+    },
+    {
+        "id": "pytest-collect",
+        "label": "pytest --collect-only",
+        "cmd": ["python3", "-m", "pytest", "--collect-only", "-q", "tests/python/"],
+        "description": "List every Python test without running.",
+    },
+    {
+        "id": "ls",
+        "label": "ls",
+        "cmd": ["ls", "-la"],
+        "description": "List files in the project root.",
+    },
+]
+_TERMINAL_TIMEOUT_S = 15
+_TERMINAL_MAX_OUTPUT = 20_000  # chars — both stdout and stderr capped
+@app.get("/api/terminal/commands")
+def terminal_commands():
+    """List allowlisted commands the dashboard terminal may run."""
+    return {
+        "commands": [
+            {"id": c["id"], "label": c["label"], "description": c["description"]}
+            for c in TERMINAL_ALLOWLIST
+        ],
+        "total": len(TERMINAL_ALLOWLIST),
+    }
+@app.post("/api/terminal/exec")
+def terminal_exec(body: dict):
+    """PR95a v3.51.0 — run an allowlisted command and return the output.
+    Body: ``{"command_id": "<id>"}``. Unknown ids are rejected.
+    Returns ``{stdout, stderr, exit_code, duration_ms, command}``.
+    Output is capped at ``_TERMINAL_MAX_OUTPUT`` chars per stream.
+    """
+    if not isinstance(body, dict):
+        return {"error": "body must be an object"}
+    cid = (body.get("command_id") or "").strip()
+    if not cid:
+        return {"error": "command_id is required"}
+    entry = next((c for c in TERMINAL_ALLOWLIST if c["id"] == cid), None)
+    if entry is None:
+        return {"error": f"command '{cid}' is not on the allowlist"}
+    import time
+    started = time.monotonic()
+    try:
+        result = subprocess.run(
+            entry["cmd"],
+            cwd=str(ARKAOS_ROOT),
+            capture_output=True,
+            text=True,
+            timeout=_TERMINAL_TIMEOUT_S,
+            shell=False,
+        )
+    except subprocess.TimeoutExpired:
+        return {
+            "stdout": "",
+            "stderr": f"command timed out after {_TERMINAL_TIMEOUT_S}s",
+            "exit_code": -1,
+            "duration_ms": int(_TERMINAL_TIMEOUT_S * 1000),
+            "command": " ".join(entry["cmd"]),
+        }
+    except OSError as exc:
+        return {
+            "stdout": "",
+            "stderr": f"command failed to launch: {exc}",
+            "exit_code": -1,
+            "duration_ms": int((time.monotonic() - started) * 1000),
+            "command": " ".join(entry["cmd"]),
+        }
+    duration_ms = int((time.monotonic() - started) * 1000)
+    return {
+        "stdout": (result.stdout or "")[:_TERMINAL_MAX_OUTPUT],
+        "stderr": (result.stderr or "")[:_TERMINAL_MAX_OUTPUT],
+        "exit_code": result.returncode,
+        "duration_ms": duration_ms,
+        "command": " ".join(entry["cmd"]),
+    }
+@app.put("/api/workflows/{workflow_id}/yaml")
+def workflow_update_yaml(workflow_id: str, body: dict):
+    """PR94d v3.50.0 — overwrite a workflow's YAML file in place.
+    Body: ``{"content": "<full YAML body>"}``. Validates that the
+    content parses to a dict with a non-empty ``id`` key. Refuses to
+    move the file (operator can't rename via this endpoint — that
+    would invalidate cached references).
+    """
+    if not isinstance(body, dict):
+        return {"error": "body must be an object"}
+    content = str(body.get("content") or "")
+    if not content.strip():
+        return {"error": "content is required"}
+    target = _resolve_workflow_yaml(workflow_id)
+    if target is None:
+        return {"error": "workflow not found"}
+    try:
+        import yaml as _yaml
+        parsed = _yaml.safe_load(content)
+    except Exception as exc:  # noqa: BLE001
+        return {"error": f"YAML parse failed: {exc}"}
+    if not isinstance(parsed, dict):
+        return {"error": "YAML root must be a mapping"}
+    if not parsed.get("id"):
+        return {"error": "YAML must include a non-empty 'id' field"}
+    try:
+        tmp = target.with_suffix(target.suffix + ".tmp")
+        tmp.write_text(content, encoding="utf-8")
+        tmp.replace(target)
+    except OSError as exc:
+        return {"error": f"write failed: {exc}"}
+    return {"updated": True, "id": workflow_id, "file": str(target)}
+def _resolve_workflow_yaml(workflow_id: str):
+    """Return the YAML path for a workflow id, or None when missing."""
+    try:
+        import yaml as _yaml
+    except ImportError:
+        return None
+    dept_root = ARKAOS_ROOT / "departments"
+    if not dept_root.exists():
+        return None
+    for path in dept_root.glob("*/workflows/*.yaml"):
+        try:
+            raw = _yaml.safe_load(path.read_text(encoding="utf-8")) or {}
+        except Exception:  # noqa: BLE001
+            continue
+        if not isinstance(raw, dict):
+            continue
+        if str(raw.get("id") or path.stem) == workflow_id:
+            return path
+    return None
 @app.get("/api/workflows")
 def workflows_list():
     """Scan departments/*/workflows/*.yaml and return metadata + content."""