chapterhouse 0.9.1 → 0.10.0

package/dist/api/routes/sessions.js

@@ -0,0 +1,347 @@
+import { Router } from "express";
+import { z } from "zod";
+import { cancelCurrentMessage, enqueueForSse, getCurrentSessionKey, getLastRouteResult, interruptCurrentTurn, interruptSessionTurn, sendToOrchestrator, } from "../../copilot/orchestrator.js";
+import { subscribeSession, getSessionEventsFromDb, getSessionMaxSeqFromDb, oldestSessionSeq } from "../../copilot/turn-event-log.js";
+import { config } from "../../config.js";
+import { CancelResponseSchema, SessionMessagesResponseSchema, StatusResponseSchema, SubmitTurnResponseSchema } from "../../shared/api-schemas.js";
+import { getCurrentRunId, getSessionMessages } from "../../store/db.js";
+import { getStatus, onStatusChange } from "../../status.js";
+import { BadRequestError, parseRequest } from "../errors.js";
+import { sendJson } from "../send-json.js";
+import { formatSseData } from "../sse.js";
+import { setupSseCleanup } from "../server-runtime.js";
+import { associateSseClient, broadcastSsePayload, nextSseConnectionId, pendingSseMessages, sseClients, } from "../sse-hub.js";
+const requiredString = (message) => z.string({ error: message }).trim().min(1, message);
+const messageRequestSchema = z.object({
+    prompt: requiredString("Missing 'prompt' in request body"),
+    connectionId: requiredString("Missing or invalid 'connectionId'. Connect to /stream first."),
+    projectPath: z.string().optional(),
+    sessionKey: z.string().optional(),
+    /** Optional client-generated correlation ID. Echoed back in the `queued` SSE event
+     * so the frontend can match the event to the user message bubble it should update. */
+    msgId: z.string().optional(),
+});
+const interruptRequestSchema = z.object({
+    prompt: requiredString("Missing 'prompt' in request body"),
+    connectionId: requiredString("Missing or invalid 'connectionId'. Connect to /stream first."),
+    attachments: z.array(z.object({
+        type: z.literal("file"),
+        path: z.string(),
+        displayName: z.string().optional(),
+    })).optional(),
+});
+const turnRequestSchema = z.object({
+    prompt: z.string().trim().min(1, "Missing prompt"),
+    source: z.string().optional(),
+    attachments: z
+        .array(z.object({
+        type: z.literal("file"),
+        path: z.string(),
+        displayName: z.string().optional(),
+    }))
+        .optional(),
+    interrupt: z.boolean().optional(),
+});
+export function createSessionsRouter() {
+    const router = Router();
+    router.get("/stream", (req, res) => {
+        const connectionId = nextSseConnectionId();
+        res.writeHead(200, {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive",
+        });
+        res.write(formatSseData({ type: "connected", connectionId }));
+        while (pendingSseMessages.length > 0) {
+            const queued = pendingSseMessages.shift();
+            if (!queued) {
+                continue;
+            }
+            res.write(formatSseData({ type: "message", content: queued }));
+        }
+        sseClients.set(connectionId, { res, sessionKey: null });
+        const unsubscribeStatus = onStatusChange((status, message) => {
+            res.write(formatSseData({ type: "status", status, message }));
+        });
+        const currentStatus = getStatus();
+        if (currentStatus.status !== "idle") {
+            res.write(formatSseData({ type: "status", ...currentStatus }));
+        }
+        const heartbeat = setInterval(() => {
+            res.write(`:ping\n\n`);
+        }, 20_000);
+        setupSseCleanup((registerCleanup, cleanupNow) => {
+            registerCleanup(() => clearInterval(heartbeat));
+            registerCleanup(unsubscribeStatus);
+            registerCleanup(() => {
+                sseClients.delete(connectionId);
+            });
+            req.on("close", cleanupNow);
+        });
+    });
+    // ---------------------------------------------------------------------------
+    // Send a message to the orchestrator
+    // ---------------------------------------------------------------------------
+    router.post("/api/message", (req, res) => {
+        const { prompt, connectionId, projectPath, sessionKey: requestedSessionKey, msgId } = parseRequest(messageRequestSchema, req.body);
+        const effectiveSessionKey = requestedSessionKey || "default";
+        if (!sseClients.has(connectionId)) {
+            throw new BadRequestError("Missing or invalid 'connectionId'. Connect to /stream first.");
+        }
+        associateSseClient(connectionId, effectiveSessionKey);
+        sendToOrchestrator(prompt, {
+            type: "web",
+            connectionId,
+            user: req.user,
+            authorizationHeader: typeof req.headers.authorization === "string" ? req.headers.authorization : undefined,
+            projectPath: projectPath || undefined,
+        }, (text, done, turnId) => {
+            const sseClient = sseClients.get(connectionId);
+            if (sseClient) {
+                const event = {
+                    type: done ? "message" : "delta",
+                    content: text,
+                    sessionKey: effectiveSessionKey,
+                    turnId,
+                };
+                if (done) {
+                    const routeResult = getLastRouteResult();
+                    if (routeResult) {
+                        event.route = {
+                            model: routeResult.model,
+                            routerMode: routeResult.routerMode,
+                            ...(routeResult.tier !== null ? { tier: routeResult.tier } : {}),
+                            ...(routeResult.overrideName ? { overrideName: routeResult.overrideName } : {}),
+                        };
+                    }
+                }
+                sseClient.res.write(formatSseData(event));
+            }
+        }, undefined, (activity, turnId) => {
+            const sseClient = sseClients.get(connectionId);
+            if (sseClient) {
+                sseClient.res.write(formatSseData({ type: "activity", ...activity, sessionKey: effectiveSessionKey, ...(turnId ? { turnId } : {}) }));
+            }
+        }, (position, turnId) => {
+            const sseClient = sseClients.get(connectionId);
+            if (sseClient) {
+                sseClient.res.write(formatSseData({
+                    type: "queued",
+                    position,
+                    sessionKey: effectiveSessionKey,
+                    turnId,
+                    ...(msgId ? { msgId } : {}),
+                }));
+            }
+        }, (remainingLength) => {
+            const sseClient = sseClients.get(connectionId);
+            if (sseClient) {
+                sseClient.res.write(formatSseData({
+                    type: "queue-advance",
+                    length: remainingLength,
+                    sessionKey: effectiveSessionKey,
+                }));
+            }
+        });
+        sendJson(res, StatusResponseSchema, { status: "queued" });
+    });
+    // Cancel the current in-flight message
+    router.post("/api/cancel", async (_req, res) => {
+        const sessionKey = getCurrentSessionKey();
+        const cancelled = await cancelCurrentMessage();
+        broadcastSsePayload({ type: "cancelled", sessionKey });
+        sendJson(res, CancelResponseSchema, { status: "ok", cancelled });
+    });
+    router.post("/api/session/:sessionKey/interrupt", async (req, res) => {
+        const sessionKey = Array.isArray(req.params.sessionKey)
+            ? req.params.sessionKey[0]
+            : req.params.sessionKey;
+        if (!sessionKey)
+            throw new BadRequestError("Missing sessionKey");
+        const cancelled = await interruptSessionTurn(sessionKey);
+        sendJson(res, CancelResponseSchema, { status: "ok", cancelled });
+    });
+    // Interrupt the active turn on a specific session and start a replacement turn.
+    // POST /api/sessions/:sessionKey/interrupt
+    // Body: { prompt, connectionId, attachments? }
+    router.post("/api/sessions/:sessionKey/interrupt", (req, res) => {
+        const sessionKey = Array.isArray(req.params.sessionKey)
+            ? req.params.sessionKey[0]
+            : req.params.sessionKey;
+        if (!sessionKey)
+            throw new BadRequestError("Missing sessionKey");
+        const { prompt, connectionId, attachments } = parseRequest(interruptRequestSchema, req.body);
+        if (!sseClients.has(connectionId)) {
+            throw new BadRequestError("Missing or invalid 'connectionId'. Connect to /stream first.");
+        }
+        const source = {
+            type: "web",
+            connectionId,
+            user: req.user,
+            authorizationHeader: typeof req.headers.authorization === "string" ? req.headers.authorization : undefined,
+        };
+        interruptCurrentTurn(sessionKey, prompt, source, (text, done, turnId) => {
+            const sseClient = sseClients.get(connectionId);
+            if (sseClient) {
+                const event = {
+                    type: done ? "message" : "delta",
+                    content: text,
+                    sessionKey,
+                    turnId,
+                };
+                if (done) {
+                    const routeResult = getLastRouteResult();
+                    if (routeResult) {
+                        event.route = {
+                            model: routeResult.model,
+                            routerMode: routeResult.routerMode,
+                            ...(routeResult.tier !== null ? { tier: routeResult.tier } : {}),
+                            ...(routeResult.overrideName ? { overrideName: routeResult.overrideName } : {}),
+                        };
+                    }
+                }
+                sseClient.res.write(formatSseData(event));
+            }
+        }, attachments, (activity, turnId) => {
+            const sseClient = sseClients.get(connectionId);
+            if (sseClient) {
+                sseClient.res.write(formatSseData({ type: "activity", ...activity, sessionKey, ...(turnId ? { turnId } : {}) }));
+            }
+        }, (abortedTurnId) => {
+            const sseClient = sseClients.get(connectionId);
+            if (sseClient) {
+                sseClient.res.write(formatSseData({ type: "turn-interrupted", abortedTurnId, sessionKey }));
+            }
+        });
+        sendJson(res, StatusResponseSchema, { status: "interrupting" });
+    });
+    if (config.chatSseEnabled) {
+        /**
+         * POST /api/sessions/:key/turn
+         *
+         * Submit a new turn to the given session.  Returns `{ turnId }` immediately;
+         * the turn runs asynchronously and emits events on the per-session SSE stream.
+         *
+         * Body: `{ prompt, source?, attachments?, interrupt? }`
+         * Response: `{ turnId: string }`
+         */
+        router.post("/api/sessions/:key/turn", (req, res) => {
+            const sessionKey = Array.isArray(req.params.key) ? req.params.key[0] : req.params.key;
+            if (!sessionKey)
+                throw new BadRequestError("Missing session key");
+            const { prompt, attachments, interrupt } = parseRequest(turnRequestSchema, req.body);
+            const authUser = req.user;
+            const authHeader = req.headers.authorization ?? undefined;
+            const turnId = enqueueForSse({
+                sessionKey,
+                prompt,
+                attachments,
+                authUser,
+                authHeader,
+                interrupt: interrupt ?? false,
+            });
+            sendJson(res, SubmitTurnResponseSchema, { turnId });
+        });
+        /**
+         * GET /api/sessions/:key/stream
+         *
+         * Per-session SSE channel.  Delivers turn events:
+         *   `turn:started`, `turn:delta`, `turn:queued`, `turn:interrupted`,
+         *   `turn:complete`, `turn:error`
+         *
+         * Supports `Last-Event-ID` for reconnect replay:
+         *  - If the session ring buffer covers the requested range, replays from memory.
+         *  - Otherwise falls back to SQLite (covers completed-turn replay).
+         *
+         * Keep-alive comments are sent every 15 s.
+         * Multiple simultaneous subscribers (tabs) are supported.
+         */
+        router.get("/api/sessions/:key/stream", (req, res) => {
+            const sessionKey = Array.isArray(req.params.key) ? req.params.key[0] : req.params.key;
+            if (!sessionKey)
+                throw new BadRequestError("Missing session key");
+            const includeHistorical = req.query.include === "all";
+            res.setHeader("Content-Type", "text/event-stream");
+            res.setHeader("Cache-Control", "no-cache");
+            res.setHeader("Connection", "keep-alive");
+            res.setHeader("X-Accel-Buffering", "no");
+            res.flushHeaders();
+            // Parse Last-Event-ID for reconnect replay
+            const rawLastId = req.headers["last-event-id"];
+            const lastSeq = rawLastId && !Array.isArray(rawLastId) && /^\d+$/.test(rawLastId.trim())
+                ? parseInt(rawLastId.trim(), 10)
+                : undefined;
+            const maxCurrentSeq = getSessionMaxSeqFromDb(sessionKey, { includeHistorical });
+            const effectiveLastSeq = maxCurrentSeq !== undefined && lastSeq !== undefined && lastSeq > maxCurrentSeq
+                ? 0
+                : lastSeq;
+            // Helper: send a named SSE event with an id: field
+            const sendEvent = (event, seq) => {
+                const payload = JSON.stringify(event);
+                res.write(`id: ${seq}\ndata: ${payload}\n\n`);
+            };
+            // If Last-Event-ID is present and the session ring buffer doesn't cover it,
+            // fall back to SQLite for replay of completed turns.
+            let replayHighSeq = effectiveLastSeq;
+            if (effectiveLastSeq !== undefined) {
+                const oldestBuf = oldestSessionSeq(sessionKey);
+                const bufferMissesRange = oldestBuf === undefined || oldestBuf > effectiveLastSeq + 1;
+                if (bufferMissesRange) {
+                    // Replay from SQLite (completed turns)
+                    const dbEvents = getSessionEventsFromDb(sessionKey, effectiveLastSeq, { includeHistorical });
+                    for (const e of dbEvents) {
+                        sendEvent(e, e._seq);
+                        if (replayHighSeq === undefined || e._seq > replayHighSeq)
+                            replayHighSeq = e._seq;
+                    }
+                }
+            }
+            // Subscribe to session events (replays ring buffer for afterSeq, then live).
+            // Use replayHighSeq (not lastSeq) so ring-buffer replay starts after any DB
+            // events we already sent — avoids double-replay overlap (Fix 5).
+            setupSseCleanup((registerCleanup, cleanupNow) => {
+                registerCleanup(subscribeSession(sessionKey, (e) => {
+                    sendEvent(e, e._seq);
+                }, replayHighSeq));
+                // Send connected event
+                res.write(`: connected session=${sessionKey} run=${getCurrentRunId()}\n\n`);
+                // Keep-alive every 15 s
+                const keepAlive = setInterval(() => {
+                    res.write(`: keep-alive\n\n`);
+                }, 15_000);
+                registerCleanup(() => clearInterval(keepAlive));
+                req.on("close", cleanupNow);
+            });
+        });
+    }
+    else {
+        // Feature flag off — return 404 for both endpoints
+        router.post("/api/sessions/:key/turn", (_req, res) => {
+            res.status(404).json({ error: "Chat SSE not enabled. Set CHAPTERHOUSE_CHAT_SSE=1." });
+        });
+        router.get("/api/sessions/:key/stream", (_req, res) => {
+            res.status(404).json({ error: "Chat SSE not enabled. Set CHAPTERHOUSE_CHAT_SSE=1." });
+        });
+    }
+    router.get("/api/session/:sessionKey/messages", (req, res) => {
+        const sessionKey = Array.isArray(req.params.sessionKey)
+            ? req.params.sessionKey[0]
+            : req.params.sessionKey;
+        if (!sessionKey) {
+            throw new BadRequestError("Missing sessionKey");
+        }
+        const rawLimit = req.query.limit;
+        const limit = rawLimit !== undefined ? parseInt(String(rawLimit), 10) : undefined;
+        if (limit !== undefined && (!Number.isFinite(limit) || limit < 1)) {
+            throw new BadRequestError("'limit' must be a positive integer");
+        }
+        const includeParam = Array.isArray(req.query.include)
+            ? req.query.include[0]
+            : req.query.include;
+        const includeHistorical = includeParam !== "current";
+        const messages = getSessionMessages(sessionKey, limit, { includeHistorical });
+        sendJson(res, SessionMessagesResponseSchema, { sessionKey, messages });
+    });
+    return router;
+}
+//# sourceMappingURL=sessions.js.map

package/dist/api/routes/system.js

@@ -0,0 +1,82 @@
+import { Router } from "express";
+import { config } from "../../config.js";
+import { restartDaemon } from "../../daemon.js";
+import { BootstrapResponseSchema, HealthResponseSchema, OkResponseSchema, PublicConfigResponseSchema } from "../../shared/api-schemas.js";
+import { isFts5Available, isFts5Ready } from "../../store/db.js";
+import { childLogger } from "../../util/logger.js";
+import { ForbiddenError } from "../errors.js";
+import { getBootstrapAuthResponse } from "../auth.js";
+import { sendJson } from "../send-json.js";
+import { createHealthPayload, createPublicConfigPayload } from "../server-runtime.js";
+const log = childLogger("server");
+let restartInFlight = false;
+function isLoopbackHostname(hostname) {
+    return hostname === "127.0.0.1" || hostname === "localhost" || hostname === "::1";
+}
+function isLoopbackOrigin(req) {
+    const origin = req.headers.origin || req.headers.referer;
+    if (!origin) {
+        const remote = req.socket.remoteAddress || "";
+        return remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1";
+    }
+    try {
+        return isLoopbackHostname(new URL(origin).hostname);
+    }
+    catch {
+        return false;
+    }
+}
+export function createSystemRouter(options) {
+    const { apiToken } = options;
+    const router = Router();
+    router.get("/api/bootstrap", (req, res) => {
+        if (!isLoopbackOrigin(req)) {
+            throw new ForbiddenError("Bootstrap is loopback-only");
+        }
+        sendJson(res, BootstrapResponseSchema, getBootstrapAuthResponse(apiToken, {
+            entraAuthEnabled: config.entraAuthEnabled,
+            standaloneMode: config.standaloneMode,
+            entraTenantId: config.entraTenantId,
+            entraClientId: config.entraClientId,
+            entraRequiredRole: config.entraRequiredRole,
+            entraTeamLeadId: config.entraTeamLeadId,
+        }));
+    });
+    router.get("/api/config/public", (_req, res) => {
+        sendJson(res, PublicConfigResponseSchema, createPublicConfigPayload({
+            entraAuthEnabled: config.entraAuthEnabled,
+            standaloneMode: config.standaloneMode,
+            entraClientId: config.entraClientId,
+            entraTenantId: config.entraTenantId,
+            chatSseEnabled: config.chatSseEnabled,
+        }));
+    });
+    const handleHealth = (_req, res) => {
+        const fts5Ready = isFts5Ready();
+        if (!fts5Ready) {
+            res.status(503);
+        }
+        sendJson(res, HealthResponseSchema, {
+            ...createHealthPayload(new Date(), { fts5Ready }),
+            fts5Available: isFts5Available(),
+            fts5Ready,
+        });
+    };
+    router.get("/api/status", handleHealth);
+    router.get("/status", handleHealth);
+    router.get("/health", handleHealth);
+    router.post("/api/restart", (_req, res) => {
+        if (restartInFlight) {
+            res.status(503).json({ error: "Restart already in progress" });
+            return;
+        }
+        restartInFlight = true;
+        sendJson(res, OkResponseSchema, { ok: true });
+        restartDaemon().catch((err) => {
+            log.error({ err: err instanceof Error ? err.message : err }, "Restart failed");
+            restartInFlight = false;
+        });
+    });
+    return router;
+}
+//# sourceMappingURL=system.js.map