bopodev-api 0.1.14 → 0.1.16

package/src/routes/agents.ts

@@ -28,7 +28,7 @@ import {
   runtimeConfigToStateBlobPatch
 } from "../lib/agent-config";
 import { resolveOpencodeRuntimeModel } from "../lib/opencode-model";
-import { hasText, resolveDefaultRuntimeCwdForCompany } from "../lib/workspace-policy";
+import { assertRuntimeCwdForCompany, hasText, resolveDefaultRuntimeCwdForCompany } from "../lib/workspace-policy";
 import { requireCompanyScope } from "../middleware/company-scope";
 import { requireBoardRole, requirePermission } from "../middleware/request-actor";
 import { createGovernanceRealtimeEvent, serializeStoredApproval } from "../realtime/governance";
@@ -148,7 +148,13 @@ export function createAgentsRouter(ctx: AppContext) {
   });
 
   router.get("/runtime-default-cwd", async (req, res) => {
-    const runtimeCwd = await resolveDefaultRuntimeCwdForCompany(ctx.db, req.companyId!);
+    let runtimeCwd: string;
+    try {
+      runtimeCwd = await resolveDefaultRuntimeCwdForCompany(ctx.db, req.companyId!);
+      runtimeCwd = assertRuntimeCwdForCompany(req.companyId!, runtimeCwd, "runtimeCwd");
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
     await mkdir(runtimeCwd, { recursive: true });
     return sendOk(res, { runtimeCwd });
   });
@@ -163,10 +169,16 @@ export function createAgentsRouter(ctx: AppContext) {
       return sendError(res, `Unsupported provider type: ${providerType}`, 422);
     }
     const defaultRuntimeCwd = await resolveDefaultRuntimeCwdForCompany(ctx.db, req.companyId!);
-    const runtimeConfig = normalizeRuntimeConfig({
-      runtimeConfig: req.body?.runtimeConfig,
-      defaultRuntimeCwd
-    });
+    let runtimeConfig: ReturnType<typeof normalizeRuntimeConfig>;
+    try {
+      runtimeConfig = normalizeRuntimeConfig({
+        runtimeConfig: req.body?.runtimeConfig,
+        defaultRuntimeCwd
+      });
+      runtimeConfig = enforceRuntimeCwdPolicy(req.companyId!, runtimeConfig);
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
     const typedProviderType = providerType as
       | "claude_code"
       | "codex"
@@ -197,23 +209,29 @@ export function createAgentsRouter(ctx: AppContext) {
       return sendError(res, parsed.error.message, 422);
     }
     const defaultRuntimeCwd = await resolveDefaultRuntimeCwdForCompany(ctx.db, req.companyId!);
-    const runtimeConfig = normalizeRuntimeConfig({
-      runtimeConfig: parsed.data.runtimeConfig,
-      legacy: {
-        runtimeCommand: parsed.data.runtimeCommand,
-        runtimeArgs: parsed.data.runtimeArgs,
-        runtimeCwd: parsed.data.runtimeCwd,
-        runtimeTimeoutMs: parsed.data.runtimeTimeoutMs,
-        runtimeModel: parsed.data.runtimeModel,
-        runtimeThinkingEffort: parsed.data.runtimeThinkingEffort,
-        bootstrapPrompt: parsed.data.bootstrapPrompt,
-        runtimeTimeoutSec: parsed.data.runtimeTimeoutSec,
-        interruptGraceSec: parsed.data.interruptGraceSec,
-        runtimeEnv: parsed.data.runtimeEnv,
-        runPolicy: parsed.data.runPolicy
-      },
-      defaultRuntimeCwd
-    });
+    let runtimeConfig: ReturnType<typeof normalizeRuntimeConfig>;
+    try {
+      runtimeConfig = normalizeRuntimeConfig({
+        runtimeConfig: parsed.data.runtimeConfig,
+        legacy: {
+          runtimeCommand: parsed.data.runtimeCommand,
+          runtimeArgs: parsed.data.runtimeArgs,
+          runtimeCwd: parsed.data.runtimeCwd,
+          runtimeTimeoutMs: parsed.data.runtimeTimeoutMs,
+          runtimeModel: parsed.data.runtimeModel,
+          runtimeThinkingEffort: parsed.data.runtimeThinkingEffort,
+          bootstrapPrompt: parsed.data.bootstrapPrompt,
+          runtimeTimeoutSec: parsed.data.runtimeTimeoutSec,
+          interruptGraceSec: parsed.data.interruptGraceSec,
+          runtimeEnv: parsed.data.runtimeEnv,
+          runPolicy: parsed.data.runPolicy
+        },
+        defaultRuntimeCwd
+      });
+      runtimeConfig = enforceRuntimeCwdPolicy(req.companyId!, runtimeConfig);
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
 
     if (runtimeConfig.runtimeCwd) {
       await mkdir(runtimeConfig.runtimeCwd, { recursive: true });
@@ -261,23 +279,29 @@ export function createAgentsRouter(ctx: AppContext) {
       return sendError(res, parsed.error.message, 422);
     }
     const defaultRuntimeCwd = await resolveDefaultRuntimeCwdForCompany(ctx.db, req.companyId!);
-    const runtimeConfig = normalizeRuntimeConfig({
-      runtimeConfig: parsed.data.runtimeConfig,
-      legacy: {
-        runtimeCommand: parsed.data.runtimeCommand,
-        runtimeArgs: parsed.data.runtimeArgs,
-        runtimeCwd: parsed.data.runtimeCwd,
-        runtimeTimeoutMs: parsed.data.runtimeTimeoutMs,
-        runtimeModel: parsed.data.runtimeModel,
-        runtimeThinkingEffort: parsed.data.runtimeThinkingEffort,
-        bootstrapPrompt: parsed.data.bootstrapPrompt,
-        runtimeTimeoutSec: parsed.data.runtimeTimeoutSec,
-        interruptGraceSec: parsed.data.interruptGraceSec,
-        runtimeEnv: parsed.data.runtimeEnv,
-        runPolicy: parsed.data.runPolicy
-      },
-      defaultRuntimeCwd
-    });
+    let runtimeConfig: ReturnType<typeof normalizeRuntimeConfig>;
+    try {
+      runtimeConfig = normalizeRuntimeConfig({
+        runtimeConfig: parsed.data.runtimeConfig,
+        legacy: {
+          runtimeCommand: parsed.data.runtimeCommand,
+          runtimeArgs: parsed.data.runtimeArgs,
+          runtimeCwd: parsed.data.runtimeCwd,
+          runtimeTimeoutMs: parsed.data.runtimeTimeoutMs,
+          runtimeModel: parsed.data.runtimeModel,
+          runtimeThinkingEffort: parsed.data.runtimeThinkingEffort,
+          bootstrapPrompt: parsed.data.bootstrapPrompt,
+          runtimeTimeoutSec: parsed.data.runtimeTimeoutSec,
+          interruptGraceSec: parsed.data.interruptGraceSec,
+          runtimeEnv: parsed.data.runtimeEnv,
+          runPolicy: parsed.data.runPolicy
+        },
+        defaultRuntimeCwd
+      });
+      runtimeConfig = enforceRuntimeCwdPolicy(req.companyId!, runtimeConfig);
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
     runtimeConfig.runtimeModel = await resolveOpencodeRuntimeModel(parsed.data.providerType, runtimeConfig);
     runtimeConfig.runtimeModel = resolveRuntimeModelForProvider(parsed.data.providerType, runtimeConfig.runtimeModel);
     if (!ensureNamedRuntimeModel(parsed.data.providerType, runtimeConfig.runtimeModel)) {
@@ -390,74 +414,79 @@ export function createAgentsRouter(ctx: AppContext) {
       parsed.data.interruptGraceSec !== undefined ||
       parsed.data.runtimeEnv !== undefined ||
       parsed.data.runPolicy !== undefined;
-    const nextRuntime = {
-      ...existingRuntime,
-      ...(hasRuntimeInput
-        ? normalizeRuntimeConfig({
-            runtimeConfig: {
-              ...existingRuntime,
-              ...(parsed.data.runtimeConfig ?? {})
-            },
-            legacy: {
-              runtimeCommand: parsed.data.runtimeCommand,
-              runtimeArgs: parsed.data.runtimeArgs,
-              runtimeCwd: parsed.data.runtimeCwd,
-              runtimeTimeoutMs: parsed.data.runtimeTimeoutMs,
-              runtimeModel: parsed.data.runtimeModel,
-              runtimeThinkingEffort: parsed.data.runtimeThinkingEffort,
-              bootstrapPrompt: parsed.data.bootstrapPrompt,
-              runtimeTimeoutSec: parsed.data.runtimeTimeoutSec ?? existingRuntime.runtimeTimeoutSec,
-              interruptGraceSec: parsed.data.interruptGraceSec,
-              runtimeEnv: parsed.data.runtimeEnv,
-              runPolicy: parsed.data.runPolicy
-            }
-          })
-        : {})
-    };
-    nextRuntime.runtimeModel = await resolveOpencodeRuntimeModel(effectiveProviderType, nextRuntime);
-    nextRuntime.runtimeModel = resolveRuntimeModelForProvider(effectiveProviderType, nextRuntime.runtimeModel);
-    if (!ensureNamedRuntimeModel(effectiveProviderType, nextRuntime.runtimeModel)) {
-      return sendError(res, "A named runtime model is required for this provider.", 422);
-    }
-    if (!nextRuntime.runtimeCwd && defaultRuntimeCwd) {
-      nextRuntime.runtimeCwd = defaultRuntimeCwd;
-    }
-    const effectiveRuntimeCwd = nextRuntime.runtimeCwd ?? "";
-    if (requiresRuntimeCwd(effectiveProviderType) && !hasText(effectiveRuntimeCwd)) {
-      return sendError(res, "Runtime working directory is required for this runtime provider.", 422);
-    }
-    if (requiresRuntimeCwd(effectiveProviderType) && hasText(effectiveRuntimeCwd)) {
-      await mkdir(effectiveRuntimeCwd, { recursive: true });
-    }
-    const agent = await updateAgent(ctx.db, {
-      companyId: req.companyId!,
-      id: req.params.agentId,
-      managerAgentId: parsed.data.managerAgentId,
-      role: parsed.data.role,
-      name: parsed.data.name,
-      providerType: parsed.data.providerType,
-      status: parsed.data.status,
-      heartbeatCron: parsed.data.heartbeatCron,
-      monthlyBudgetUsd:
-        typeof parsed.data.monthlyBudgetUsd === "number" ? parsed.data.monthlyBudgetUsd.toFixed(4) : undefined,
-      canHireAgents: parsed.data.canHireAgents,
-      ...runtimeConfigToDb(nextRuntime),
-      stateBlob: runtimeConfigToStateBlobPatch(nextRuntime)
-    });
-    if (!agent) {
-      return sendError(res, "Agent not found.", 404);
-    }
+    try {
+      let nextRuntime = {
+        ...existingRuntime,
+        ...(hasRuntimeInput
+          ? normalizeRuntimeConfig({
+              runtimeConfig: {
+                ...existingRuntime,
+                ...(parsed.data.runtimeConfig ?? {})
+              },
+              legacy: {
+                runtimeCommand: parsed.data.runtimeCommand,
+                runtimeArgs: parsed.data.runtimeArgs,
+                runtimeCwd: parsed.data.runtimeCwd,
+                runtimeTimeoutMs: parsed.data.runtimeTimeoutMs,
+                runtimeModel: parsed.data.runtimeModel,
+                runtimeThinkingEffort: parsed.data.runtimeThinkingEffort,
+                bootstrapPrompt: parsed.data.bootstrapPrompt,
+                runtimeTimeoutSec: parsed.data.runtimeTimeoutSec ?? existingRuntime.runtimeTimeoutSec,
+                interruptGraceSec: parsed.data.interruptGraceSec,
+                runtimeEnv: parsed.data.runtimeEnv,
+                runPolicy: parsed.data.runPolicy
+              }
+            })
+          : {})
+      };
+      nextRuntime = enforceRuntimeCwdPolicy(req.companyId!, nextRuntime);
+      nextRuntime.runtimeModel = await resolveOpencodeRuntimeModel(effectiveProviderType, nextRuntime);
+      nextRuntime.runtimeModel = resolveRuntimeModelForProvider(effectiveProviderType, nextRuntime.runtimeModel);
+      if (!ensureNamedRuntimeModel(effectiveProviderType, nextRuntime.runtimeModel)) {
+        return sendError(res, "A named runtime model is required for this provider.", 422);
+      }
+      if (!nextRuntime.runtimeCwd && defaultRuntimeCwd) {
+        nextRuntime.runtimeCwd = assertRuntimeCwdForCompany(req.companyId!, defaultRuntimeCwd, "runtimeCwd");
+      }
+      const effectiveRuntimeCwd = nextRuntime.runtimeCwd ?? "";
+      if (requiresRuntimeCwd(effectiveProviderType) && !hasText(effectiveRuntimeCwd)) {
+        return sendError(res, "Runtime working directory is required for this runtime provider.", 422);
+      }
+      if (requiresRuntimeCwd(effectiveProviderType) && hasText(effectiveRuntimeCwd)) {
+        await mkdir(effectiveRuntimeCwd, { recursive: true });
+      }
+      const agent = await updateAgent(ctx.db, {
+        companyId: req.companyId!,
+        id: req.params.agentId,
+        managerAgentId: parsed.data.managerAgentId,
+        role: parsed.data.role,
+        name: parsed.data.name,
+        providerType: parsed.data.providerType,
+        status: parsed.data.status,
+        heartbeatCron: parsed.data.heartbeatCron,
+        monthlyBudgetUsd:
+          typeof parsed.data.monthlyBudgetUsd === "number" ? parsed.data.monthlyBudgetUsd.toFixed(4) : undefined,
+        canHireAgents: parsed.data.canHireAgents,
+        ...runtimeConfigToDb(nextRuntime),
+        stateBlob: runtimeConfigToStateBlobPatch(nextRuntime)
+      });
+      if (!agent) {
+        return sendError(res, "Agent not found.", 404);
+      }
 
-    await appendAuditEvent(ctx.db, {
-      companyId: req.companyId!,
-      actorType: "human",
-      eventType: "agent.updated",
-      entityType: "agent",
-      entityId: agent.id,
-      payload: agent
-    });
-    await publishOfficeOccupantForAgent(ctx.db, ctx.realtimeHub, req.companyId!, agent.id);
-    return sendOk(res, toAgentResponse(agent as unknown as Record<string, unknown>));
+      await appendAuditEvent(ctx.db, {
+        companyId: req.companyId!,
+        actorType: "human",
+        eventType: "agent.updated",
+        entityType: "agent",
+        entityId: agent.id,
+        payload: agent
+      });
+      await publishOfficeOccupantForAgent(ctx.db, ctx.realtimeHub, req.companyId!, agent.id);
+      return sendOk(res, toAgentResponse(agent as unknown as Record<string, unknown>));
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
   });
 
   router.delete("/:agentId", async (req, res) => {
@@ -579,6 +608,16 @@ function listUnsupportedAgentUpdateKeys(payload: unknown) {
   return unsupported;
 }
 
+function enforceRuntimeCwdPolicy(companyId: string, runtime: ReturnType<typeof normalizeRuntimeConfig>) {
+  if (!runtime.runtimeCwd) {
+    return runtime;
+  }
+  return {
+    ...runtime,
+    runtimeCwd: assertRuntimeCwdForCompany(companyId, runtime.runtimeCwd, "runtimeCwd")
+  };
+}
+
 async function findDuplicateHireRequest(
   db: AppContext["db"],
   companyId: string,

package/src/routes/auth.ts

@@ -0,0 +1,54 @@
+import { Router } from "express";
+import { z } from "zod";
+import type { AppContext } from "../context";
+import { sendError, sendOk } from "../http";
+import { issueActorToken } from "../security/actor-token";
+import { isAuthenticatedMode, resolveDeploymentMode } from "../security/deployment-mode";
+
+const createActorTokenSchema = z.object({
+  actorType: z.enum(["board", "member", "agent"]),
+  actorId: z.string().trim().min(1),
+  actorCompanies: z.array(z.string().trim().min(1)).default([]),
+  actorPermissions: z.array(z.string().trim().min(1)).default([]),
+  ttlSec: z.number().int().positive().max(86_400).optional()
+});
+
+export function createAuthRouter(ctx: AppContext) {
+  const router = Router();
+
+  router.post("/actor-token", (req, res) => {
+    const parsed = createActorTokenSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return sendError(res, parsed.error.message, 422);
+    }
+    const secret = process.env.BOPO_AUTH_TOKEN_SECRET?.trim();
+    if (!secret) {
+      return sendError(
+        res,
+        "Actor token support is not configured. Set BOPO_AUTH_TOKEN_SECRET in the API environment.",
+        503
+      );
+    }
+    const bootstrapSecret = process.env.BOPO_AUTH_BOOTSTRAP_SECRET?.trim();
+    const headerSecret = req.header("x-bopo-bootstrap-secret")?.trim();
+    const localMode = !isAuthenticatedMode(ctx.deploymentMode ?? resolveDeploymentMode());
+    const bootstrapAllowed = localMode || (bootstrapSecret && headerSecret && bootstrapSecret === headerSecret);
+    if (!bootstrapAllowed) {
+      return sendError(res, "Actor token issuance requires bootstrap authorization.", 403);
+    }
+
+    const token = issueActorToken(
+      {
+        actorType: parsed.data.actorType,
+        actorId: parsed.data.actorId,
+        actorCompanies: parsed.data.actorType === "board" ? null : parsed.data.actorCompanies,
+        actorPermissions: parsed.data.actorPermissions,
+        ttlSec: parsed.data.ttlSec
+      },
+      secret
+    );
+    return sendOk(res, { token, expiresInSec: parsed.data.ttlSec ?? 3_600 });
+  });
+
+  return router;
+}

package/src/routes/companies.ts

@@ -5,6 +5,7 @@ import type { AppContext } from "../context";
 import { sendError, sendOk } from "../http";
 import { ensureCompanyModelPricingDefaults } from "../services/model-pricing";
 import { ensureCompanyBuiltinPluginDefaults } from "../services/plugin-runtime";
+import { ensureCompanyBuiltinTemplateDefaults } from "../services/template-catalog";
 
 const createCompanySchema = z.object({
   name: z.string().min(1),
@@ -33,6 +34,7 @@ export function createCompaniesRouter(ctx: AppContext) {
     }
     const company = await createCompany(ctx.db, parsed.data);
     await ensureCompanyBuiltinPluginDefaults(ctx.db, company.id);
+    await ensureCompanyBuiltinTemplateDefaults(ctx.db, company.id);
     await ensureCompanyModelPricingDefaults(ctx.db, company.id);
     return sendOk(res, company);
   });

package/src/routes/governance.ts

@@ -3,6 +3,7 @@ import { z } from "zod";
 import {
   appendAuditEvent,
   clearApprovalInboxDismissed,
+  countPendingApprovalRequests,
   getApprovalRequest,
   listApprovalInboxStates,
   listApprovalRequests,
@@ -44,6 +45,11 @@ export function createGovernanceRouter(ctx: AppContext) {
     );
   });
 
+  router.get("/approvals/pending-count", async (req, res) => {
+    const count = await countPendingApprovalRequests(ctx.db, req.companyId!);
+    return sendOk(res, { count });
+  });
+
   router.get("/inbox", async (req, res) => {
     const actorId = req.actor?.id ?? "local-board";
     const [approvals, inboxStates] = await Promise.all([
@@ -166,6 +172,8 @@ export function createGovernanceRouter(ctx: AppContext) {
       const eventType =
         resolution.action === "grant_plugin_capabilities"
           ? "plugin.capabilities_granted_from_approval"
+          : resolution.action === "apply_template"
+            ? "template.applied_from_approval"
           : resolution.execution.entityType === "agent"
           ? "agent.hired_from_approval"
           : resolution.execution.entityType === "goal"

package/src/routes/issues.ts

@@ -21,13 +21,14 @@ import {
   listIssueComments,
   listIssues,
   projects,
+  projectWorkspaces,
   updateIssueComment,
   updateIssue
 } from "bopodev-db";
 import { nanoid } from "nanoid";
 import type { AppContext } from "../context";
 import { sendError, sendOk } from "../http";
-import { isInsidePath, normalizeAbsolutePath, resolveProjectWorkspacePath } from "../lib/instance-paths";
+import { isInsidePath, normalizeCompanyWorkspacePath, resolveProjectWorkspacePath } from "../lib/instance-paths";
 import { requireCompanyScope } from "../middleware/company-scope";
 import { requirePermission } from "../middleware/request-actor";
 
@@ -220,7 +221,7 @@ export function createIssuesRouter(ctx: AppContext) {
         if (!issueContext) {
           return sendError(res, "Issue not found.", 404);
         }
-        const workspacePath = resolveWorkspacePath(issueContext.companyId, issueContext.projectId, issueContext.workspaceLocalPath);
+        const workspacePath = resolveWorkspacePath(issueContext.companyId, issueContext.projectId, issueContext.workspaceCwd);
         const attachmentDir = join(workspacePath, ".bopo", "issues", issueContext.issueId, "attachments");
         await mkdir(attachmentDir, { recursive: true });
 
@@ -313,7 +314,7 @@ export function createIssuesRouter(ctx: AppContext) {
     if (!attachment) {
       return sendError(res, "Attachment not found.", 404);
     }
-    const workspacePath = resolveWorkspacePath(issueContext.companyId, issueContext.projectId, issueContext.workspaceLocalPath);
+    const workspacePath = resolveWorkspacePath(issueContext.companyId, issueContext.projectId, issueContext.workspaceCwd);
     const absolutePath = resolve(workspacePath, attachment.relativePath);
     if (!isInsidePath(workspacePath, absolutePath)) {
       return sendError(res, "Invalid attachment path.", 422);
@@ -346,7 +347,7 @@ export function createIssuesRouter(ctx: AppContext) {
     if (!attachment) {
       return sendError(res, "Attachment not found.", 404);
     }
-    const workspacePath = resolveWorkspacePath(issueContext.companyId, issueContext.projectId, issueContext.workspaceLocalPath);
+    const workspacePath = resolveWorkspacePath(issueContext.companyId, issueContext.projectId, issueContext.workspaceCwd);
     const absolutePath = resolve(workspacePath, attachment.relativePath);
     if (!isInsidePath(workspacePath, absolutePath)) {
       return sendError(res, "Invalid attachment path.", 422);
@@ -717,9 +718,9 @@ function toIssueAttachmentResponse(attachment: Record<string, unknown>, issueId:
   };
 }
 
-function resolveWorkspacePath(companyId: string, projectId: string, workspaceLocalPath: string | null) {
-  if (workspaceLocalPath && workspaceLocalPath.trim().length > 0) {
-    return normalizeAbsolutePath(workspaceLocalPath);
+function resolveWorkspacePath(companyId: string, projectId: string, workspaceCwd: string | null) {
+  if (workspaceCwd && workspaceCwd.trim().length > 0) {
+    return normalizeCompanyWorkspacePath(companyId, workspaceCwd);
   }
   return resolveProjectWorkspacePath(companyId, projectId);
 }
@@ -739,8 +740,7 @@ async function getIssueContextForAttachment(ctx: AppContext, companyId: string,
   }
   const [project] = await ctx.db
     .select({
-      id: projects.id,
-      workspaceLocalPath: projects.workspaceLocalPath
+      id: projects.id
     })
     .from(projects)
     .where(and(eq(projects.companyId, companyId), eq(projects.id, issue.projectId)))
@@ -748,11 +748,24 @@ async function getIssueContextForAttachment(ctx: AppContext, companyId: string,
   if (!project) {
     return null;
   }
+  const [workspace] = await ctx.db
+    .select({
+      cwd: projectWorkspaces.cwd
+    })
+    .from(projectWorkspaces)
+    .where(
+      and(
+        eq(projectWorkspaces.companyId, companyId),
+        eq(projectWorkspaces.projectId, issue.projectId),
+        eq(projectWorkspaces.isPrimary, true)
+      )
+    )
+    .limit(1);
   return {
     issueId: issue.issueId,
     companyId: issue.companyId,
     projectId: issue.projectId,
-    workspaceLocalPath: project.workspaceLocalPath
+    workspaceCwd: workspace?.cwd ?? null
   };
 }