bopodev-api 0.1.24 → 0.1.26

package/src/routes/observability.ts

@@ -1,10 +1,14 @@
 import { Router } from "express";
+import { readFile, stat } from "node:fs/promises";
+import { basename, isAbsolute, resolve } from "node:path";
 import { z } from "zod";
 import {
   getHeartbeatRun,
+  listCompanies,
   listAgents,
   listAuditEvents,
   listCostEntries,
+  listGoals,
   listHeartbeatRunMessages,
   listHeartbeatRuns,
   listModelPricing,
@@ -13,9 +17,10 @@ import {
 } from "bopodev-db";
 import type { AppContext } from "../context";
 import { sendError, sendOk } from "../http";
+import { isInsidePath, resolveCompanyWorkspaceRootPath } from "../lib/instance-paths";
 import { requireCompanyScope } from "../middleware/company-scope";
 import { requirePermission } from "../middleware/request-actor";
-import { listAgentMemoryFiles, readAgentMemoryFile } from "../services/memory-file-service";
+import { listAgentMemoryFiles, loadAgentMemoryContext, readAgentMemoryFile } from "../services/memory-file-service";
 
 export function createObservabilityRouter(ctx: AppContext) {
   const router = Router();
@@ -111,10 +116,12 @@ export function createObservabilityRouter(ctx: AppContext) {
         .filter((run) => (agentFilter ? run.agentId === agentFilter : true))
         .map((run) => {
           const details = runDetailsByRunId.get(run.id);
-          const outcome = details?.outcome ?? null;
+          const report = toRecord(details?.report);
+          const outcome = details?.outcome ?? report?.outcome ?? null;
           return {
-            ...serializeRunRow(run, outcome),
-            outcome
+            ...serializeRunRow(run, details),
+            outcome,
+            report: report ?? null
           };
         })
     );
@@ -136,7 +143,7 @@ export function createObservabilityRouter(ctx: AppContext) {
     const trace = toRecord(details?.trace);
     const traceTranscript = Array.isArray(trace?.transcript) ? trace.transcript : [];
     return sendOk(res, {
-      run: serializeRunRow(run, details?.outcome ?? null),
+      run: serializeRunRow(run, details),
       details,
       transcript: {
         hasPersistedMessages: transcriptResult.items.length > 0,
@@ -146,6 +153,46 @@ export function createObservabilityRouter(ctx: AppContext) {
     });
   });
 
+  router.get("/heartbeats/:runId/artifacts/:artifactIndex/download", async (req, res) => {
+    const companyId = req.companyId!;
+    const runId = req.params.runId;
+    const rawArtifactIndex = Number(req.params.artifactIndex);
+    const artifactIndex = Number.isFinite(rawArtifactIndex) ? Math.floor(rawArtifactIndex) : NaN;
+    if (!Number.isInteger(artifactIndex) || artifactIndex < 0) {
+      return sendError(res, "Artifact index must be a non-negative integer.", 422);
+    }
+    const [run, auditRows] = await Promise.all([getHeartbeatRun(ctx.db, companyId, runId), listAuditEvents(ctx.db, companyId, 500)]);
+    if (!run) {
+      return sendError(res, "Run not found", 404);
+    }
+    const details = buildRunDetailsMap(auditRows).get(runId) ?? null;
+    const report = toRecord(details?.report);
+    const artifacts = Array.isArray(report?.artifacts)
+      ? report.artifacts.filter((entry) => typeof entry === "object" && entry !== null)
+      : [];
+    const artifact = (artifacts[artifactIndex] ?? null) as Record<string, unknown> | null;
+    if (!artifact) {
+      return sendError(res, "Artifact not found.", 404);
+    }
+    const resolvedPath = resolveRunArtifactAbsolutePath(companyId, artifact);
+    if (!resolvedPath) {
+      return sendError(res, "Artifact path is invalid.", 422);
+    }
+    let stats: Awaited<ReturnType<typeof stat>>;
+    try {
+      stats = await stat(resolvedPath);
+    } catch {
+      return sendError(res, "Artifact not found on disk.", 404);
+    }
+    if (!stats.isFile()) {
+      return sendError(res, "Artifact is not a file.", 422);
+    }
+    const buffer = await readFile(resolvedPath);
+    res.setHeader("content-type", "application/octet-stream");
+    res.setHeader("content-disposition", `inline; filename="${encodeURIComponent(basename(resolvedPath))}"`);
+    return res.send(buffer);
+  });
+
   router.get("/heartbeats/:runId/messages", async (req, res) => {
     const companyId = req.companyId!;
     const runId = req.params.runId;
@@ -266,6 +313,65 @@ export function createObservabilityRouter(ctx: AppContext) {
     }
   });
 
+  router.get("/memory/:agentId/context-preview", async (req, res) => {
+    const companyId = req.companyId!;
+    const agentId = req.params.agentId;
+    const projectIds = typeof req.query.projectIds === "string"
+      ? req.query.projectIds
+          .split(",")
+          .map((entry) => entry.trim())
+          .filter(Boolean)
+      : [];
+    const queryText = typeof req.query.query === "string" ? req.query.query.trim() : "";
+    const [agents, goals, companies] = await Promise.all([
+      listAgents(ctx.db, companyId),
+      listGoals(ctx.db, companyId),
+      listCompanies(ctx.db)
+    ]);
+    const agent = agents.find((entry) => entry.id === agentId);
+    if (!agent) {
+      return sendError(res, "Agent not found", 404);
+    }
+    const company = companies.find((entry) => entry.id === companyId);
+    const memoryContext = await loadAgentMemoryContext({
+      companyId,
+      agentId,
+      projectIds,
+      queryText: queryText.length > 0 ? queryText : undefined
+    });
+    const activeCompanyGoals = goals
+      .filter((goal) => goal.status === "active" && goal.level === "company")
+      .map((goal) => goal.title);
+    const activeProjectGoals = goals
+      .filter((goal) => goal.status === "active" && goal.level === "project" && goal.projectId && projectIds.includes(goal.projectId))
+      .map((goal) => goal.title);
+    const activeAgentGoals = goals
+      .filter((goal) => goal.status === "active" && goal.level === "agent")
+      .map((goal) => goal.title);
+    const compiledPreview = [
+      `Agent: ${agent.name} (${agent.role})`,
+      `Company mission: ${company?.mission ?? "No mission set"}`,
+      `Company goals: ${activeCompanyGoals.length > 0 ? activeCompanyGoals.join(" | ") : "None"}`,
+      `Project goals: ${activeProjectGoals.length > 0 ? activeProjectGoals.join(" | ") : "None"}`,
+      `Agent goals: ${activeAgentGoals.length > 0 ? activeAgentGoals.join(" | ") : "None"}`,
+      `Tacit notes: ${memoryContext.tacitNotes ?? "None"}`,
+      `Durable facts: ${memoryContext.durableFacts.join(" | ") || "None"}`,
+      `Daily notes: ${memoryContext.dailyNotes.join(" | ") || "None"}`
+    ].join("\n");
+    return sendOk(res, {
+      agentId,
+      projectIds,
+      companyMission: company?.mission ?? null,
+      goalContext: {
+        companyGoals: activeCompanyGoals,
+        projectGoals: activeProjectGoals,
+        agentGoals: activeAgentGoals
+      },
+      memoryContext,
+      compiledPreview
+    });
+  });
+
   router.get("/plugins/runs", async (req, res) => {
     const companyId = req.companyId!;
     const pluginId = typeof req.query.pluginId === "string" && req.query.pluginId.trim() ? req.query.pluginId.trim() : undefined;
@@ -298,6 +404,85 @@ function toRecord(value: unknown) {
   return typeof value === "object" && value !== null ? (value as Record<string, unknown>) : null;
 }
 
+function resolveRunArtifactAbsolutePath(companyId: string, artifact: Record<string, unknown>) {
+  const companyWorkspaceRoot = resolveCompanyWorkspaceRootPath(companyId);
+  const absolutePathRaw = normalizeAbsoluteArtifactPath(
+    typeof artifact.absolutePath === "string" ? artifact.absolutePath.trim() : ""
+  );
+  const relativePathRaw = normalizeWorkspaceRelativeArtifactPath(
+    typeof artifact.relativePath === "string"
+      ? artifact.relativePath.trim()
+      : typeof artifact.path === "string"
+        ? artifact.path.trim()
+        : "",
+    companyId
+  );
+  const candidate = relativePathRaw
+    ? resolve(companyWorkspaceRoot, relativePathRaw)
+    : absolutePathRaw
+      ? absolutePathRaw
+      : "";
+  if (!candidate) {
+    return null;
+  }
+  const resolved = isAbsolute(candidate) ? resolve(candidate) : resolve(companyWorkspaceRoot, candidate);
+  if (!isInsidePath(companyWorkspaceRoot, resolved)) {
+    return null;
+  }
+  return resolved;
+}
+
+function normalizeAbsoluteArtifactPath(value: string) {
+  const trimmed = value.trim();
+  if (!trimmed || !isAbsolute(trimmed)) {
+    return "";
+  }
+  return resolve(trimmed);
+}
+
+function normalizeWorkspaceRelativeArtifactPath(value: string, companyId: string) {
+  const trimmed = value.trim();
+  if (!trimmed) {
+    return "";
+  }
+  const unixSeparated = trimmed.replace(/\\/g, "/");
+  if (isAbsolute(unixSeparated)) {
+    return "";
+  }
+  const parts: string[] = [];
+  for (const part of unixSeparated.split("/")) {
+    if (!part || part === ".") {
+      continue;
+    }
+    if (part === "..") {
+      if (parts.length > 0 && parts[parts.length - 1] !== "..") {
+        parts.pop();
+      } else {
+        parts.push(part);
+      }
+      continue;
+    }
+    parts.push(part);
+  }
+  const normalized = parts.join("/");
+  if (!normalized) {
+    return "";
+  }
+  const workspaceScopedMatch = normalized.match(/(?:^|\/)workspace\/([^/]+)\/(.+)$/);
+  if (!workspaceScopedMatch) {
+    return normalized;
+  }
+  const scopedCompanyId = workspaceScopedMatch[1];
+  const scopedRelativePath = workspaceScopedMatch[2];
+  if (!scopedCompanyId || !scopedRelativePath) {
+    return "";
+  }
+  if (scopedCompanyId !== companyId) {
+    return "";
+  }
+  return scopedRelativePath;
+}
+
 function serializeRunRow(
   run: {
   id: string;
@@ -308,14 +493,27 @@ function serializeRunRow(
   finishedAt: Date | null;
   message: string | null;
   },
-  outcome: unknown
+  details: Record<string, unknown> | null | undefined
 ) {
-  const runType = resolveRunType(run, outcome);
+  const runType = resolveRunType(run, details);
+  const report = toRecord(details?.report);
+  const publicStatusRaw = typeof report?.finalStatus === "string" ? report.finalStatus : null;
+  const publicStatus =
+    publicStatusRaw === "completed" || publicStatusRaw === "failed"
+      ? publicStatusRaw
+      : run.status === "started"
+        ? "started"
+        : run.status === "failed"
+          ? "failed"
+          : run.status === "completed"
+            ? "completed"
+            : "failed";
   return {
     id: run.id,
     companyId: run.companyId,
     agentId: run.agentId,
     status: run.status,
+    publicStatus,
     startedAt: run.startedAt.toISOString(),
     finishedAt: run.finishedAt?.toISOString() ?? null,
     message: run.message ?? null,
@@ -328,14 +526,25 @@ function resolveRunType(
     status: string;
     message: string | null;
   },
-  outcome: unknown
+  details: Record<string, unknown> | null | undefined
 ): "work" | "no_assigned_work" | "budget_skip" | "overlap_skip" | "other_skip" | "failed" | "running" {
   if (run.status === "started") {
     return "running";
   }
-  if (run.status === "failed") {
+  const report = toRecord(details?.report);
+  const completionReason = typeof report?.completionReason === "string" ? report.completionReason : null;
+  if (run.status === "failed" || completionReason === "runtime_error" || completionReason === "provider_unavailable") {
     return "failed";
   }
+  if (completionReason === "no_assigned_work") {
+    return "no_assigned_work";
+  }
+  if (completionReason === "budget_hard_stop") {
+    return "budget_skip";
+  }
+  if (completionReason === "overlap_in_progress") {
+    return "overlap_skip";
+  }
   const normalizedMessage = (run.message ?? "").toLowerCase();
   if (normalizedMessage.includes("already in progress")) {
     return "overlap_skip";
@@ -346,7 +555,7 @@ function resolveRunType(
   if (isNoAssignedWorkMessage(run.message)) {
     return "no_assigned_work";
   }
-  if (isNoAssignedWorkOutcome(outcome)) {
+  if (isNoAssignedWorkOutcome(details?.outcome)) {
     return "no_assigned_work";
   }
   if (run.status === "skipped") {

package/src/routes/projects.ts

@@ -2,6 +2,7 @@ import { Router } from "express";
 import { mkdir, stat } from "node:fs/promises";
 import { join } from "node:path";
 import { z } from "zod";
+import { ProjectSchema } from "bopodev-contracts";
 import {
   appendAuditEvent,
   createProject,
@@ -15,7 +16,7 @@ import {
   updateProjectWorkspace
 } from "bopodev-db";
 import type { AppContext } from "../context";
-import { sendError, sendOk } from "../http";
+import { sendError, sendOk, sendOkValidated } from "../http";
 import { normalizeCompanyWorkspacePath, resolveProjectWorkspacePath } from "../lib/instance-paths";
 import { requireCompanyScope } from "../middleware/company-scope";
 import { requirePermission } from "../middleware/request-actor";
@@ -50,6 +51,7 @@ const createProjectSchema = z.object({
   description: z.string().optional(),
   status: projectStatusSchema.default("planned"),
   plannedStartAt: z.string().optional(),
+  monthlyBudgetUsd: z.number().positive().default(100),
   executionWorkspacePolicy: executionWorkspacePolicySchema.optional().nullable(),
   workspace: z
     .object({
@@ -69,6 +71,7 @@ const updateProjectSchema = z
     description: z.string().nullable().optional(),
     status: projectStatusSchema.optional(),
     plannedStartAt: z.string().nullable().optional(),
+    monthlyBudgetUsd: z.number().positive().optional(),
     executionWorkspacePolicy: executionWorkspacePolicySchema.nullable().optional(),
     goalIds: z.array(z.string().min(1)).optional()
   })
@@ -122,7 +125,7 @@ export function createProjectsRouter(ctx: AppContext) {
   router.get("/", async (req, res) => {
     const projects = await listProjects(ctx.db, req.companyId!);
     const withDiagnostics = await Promise.all(projects.map((project) => enrichProjectDiagnostics(req.companyId!, project)));
-    return sendOk(res, withDiagnostics);
+    return sendOkValidated(res, ProjectSchema.array(), withDiagnostics, "projects.list");
   });
 
   router.post("/", async (req, res) => {
@@ -140,6 +143,7 @@ export function createProjectsRouter(ctx: AppContext) {
       description: parsed.data.description,
       status: parsed.data.status,
       plannedStartAt: parsePlannedStartAt(parsed.data.plannedStartAt),
+      monthlyBudgetUsd: parsed.data.monthlyBudgetUsd.toFixed(4),
       executionWorkspacePolicy: parsed.data.executionWorkspacePolicy ?? null
     });
     if (!project) {
@@ -216,6 +220,7 @@ export function createProjectsRouter(ctx: AppContext) {
       status: parsed.data.status,
       plannedStartAt:
         parsed.data.plannedStartAt === undefined ? undefined : parsePlannedStartAt(parsed.data.plannedStartAt),
+      monthlyBudgetUsd: parsed.data.monthlyBudgetUsd === undefined ? undefined : parsed.data.monthlyBudgetUsd.toFixed(4),
       executionWorkspacePolicy: parsed.data.executionWorkspacePolicy
     });
     if (!project) {

package/src/scripts/onboard-seed.ts

@@ -26,7 +26,6 @@ import { normalizeRuntimeConfig, runtimeConfigToDb, runtimeConfigToStateBlobPatc
 import {
   normalizeAbsolutePath,
   normalizeCompanyWorkspacePath,
-  resolveAgentFallbackWorkspacePath,
   resolveProjectWorkspacePath
 } from "../lib/instance-paths";
 import { buildDefaultCeoBootstrapPrompt } from "../lib/ceo-bootstrap-prompt";
@@ -101,7 +100,7 @@ export async function ensureOnboardingSeed(input: {
     const resolvedCompanyName = companyRow.name;
     await ensureCompanyBuiltinTemplateDefaults(db, companyId);
     const agents = await listAgents(db, companyId);
-    const existingCeo = agents.find((agent) => agent.role === "CEO" || agent.name === "CEO");
+    const existingCeo = agents.find((agent) => agent.roleKey === "ceo" || agent.role === "CEO" || agent.name === "CEO");
     let ceoCreated = false;
     let ceoMigrated = false;
     let ceoProviderType: AgentProvider = parseAgentProvider(existingCeo?.providerType) ?? agentProvider;
@@ -130,6 +129,8 @@ export async function ensureOnboardingSeed(input: {
         const ceo = await createAgent(db, {
           companyId,
           role: "CEO",
+          roleKey: "ceo",
+          title: "CEO",
           name: "CEO",
           providerType: agentProvider,
           heartbeatCron: "*/5 * * * *",
@@ -303,15 +304,15 @@ async function ensureCeoStartupTask(
       typeof issue.body === "string" &&
       issue.body.includes(CEO_STARTUP_TASK_MARKER)
   );
-  const ceoWorkspaceRoot = resolveAgentFallbackWorkspacePath(input.companyId, input.ceoId);
-  const ceoOperatingFolder = `${ceoWorkspaceRoot}/operating`;
-  const ceoTmpFolder = `${ceoWorkspaceRoot}/tmp`;
+  const companyScopedCeoRoot = `workspace/${input.companyId}/agents/${input.ceoId}`;
+  const ceoOperatingFolder = `${companyScopedCeoRoot}/operating`;
+  const ceoTmpFolder = `${companyScopedCeoRoot}/tmp`;
   const body = [
     CEO_STARTUP_TASK_MARKER,
     "",
     "Stand up your leadership operating baseline before taking on additional delivery work.",
     "",
-    `1. Create your operating folder at \`${ceoOperatingFolder}/\` (system path, outside project workspaces).`,
+    `1. Create your operating folder at \`${ceoOperatingFolder}/\`.`,
     "2. Author these files with your own voice and responsibilities:",
     `   - \`${ceoOperatingFolder}/AGENTS.md\``,
     `   - \`${ceoOperatingFolder}/HEARTBEAT.md\``,
@@ -333,7 +334,7 @@ async function ensureCeoStartupTask(
     "7. Do not use unsupported hire fields such as `adapterType`, `adapterConfig`, or `reportsTo`.",
     "",
     "Safety checks before requesting hire:",
-    "- Do not write operating/system files under any project workspace folder.",
+    `- Keep operating/system files inside \`workspace/${input.companyId}/agents/${input.ceoId}/\` only.`,
     "- Do not request duplicates if a Founding Engineer already exists.",
     "- Do not request duplicates if a pending approval for the same role is already open.",
     "- For control-plane calls, prefer direct header env vars (`BOPODEV_COMPANY_ID`, `BOPODEV_ACTOR_TYPE`, `BOPODEV_ACTOR_ID`, `BOPODEV_ACTOR_COMPANIES`, `BOPODEV_ACTOR_PERMISSIONS`) instead of parsing `BOPODEV_REQUEST_HEADERS_JSON`.",

package/src/server.ts

@@ -10,6 +10,7 @@ import { createApp } from "./app";
 import { loadGovernanceRealtimeSnapshot } from "./realtime/governance";
 import { loadOfficeSpaceRealtimeSnapshot } from "./realtime/office-space";
 import { loadHeartbeatRunsRealtimeSnapshot } from "./realtime/heartbeat-runs";
+import { loadAttentionRealtimeSnapshot } from "./realtime/attention";
 import { attachRealtimeHub } from "./realtime/hub";
 import {
   isAuthenticatedMode,
@@ -106,7 +107,8 @@ async function main() {
     bootstrapLoaders: {
       governance: (companyId) => loadGovernanceRealtimeSnapshot(db, companyId),
       "office-space": (companyId) => loadOfficeSpaceRealtimeSnapshot(db, companyId),
-      "heartbeat-runs": (companyId) => loadHeartbeatRunsRealtimeSnapshot(db, companyId)
+      "heartbeat-runs": (companyId) => loadHeartbeatRunsRealtimeSnapshot(db, companyId),
+      attention: (companyId) => loadAttentionRealtimeSnapshot(db, companyId)
     }
   });
   const app = createApp({ db, deploymentMode, allowedOrigins, getRuntimeHealth, realtimeHub });