cyrus-edge-worker 0.2.51 → 0.2.53

package/dist/EdgeWorker.js

@@ -14,7 +14,7 @@ import { GeminiRunner } from "cyrus-gemini-runner";
 import { extractCommentAuthor, extractCommentBody, extractCommentId, extractCommentUrl, extractPRBaseBranchRef, extractPRBranchRef, extractPRNumber, extractPRTitle, extractRepoFullName, extractRepoName, extractRepoOwner, extractSessionKey, GitHubAppTokenProvider, GitHubCommentService, GitHubEventTransport, isCommentOnPullRequest, isIssueCommentPayload, isPullRequestReviewCommentPayload, isPullRequestReviewPayload, stripMention, } from "cyrus-github-event-transport";
 import { extractDiscussionId, extractSessionKey as extractGitLabSessionKey, extractMRBaseBranchRef, extractMRBranchRef, extractMRIid, extractMRTitle, extractNoteAuthor, extractNoteBody, extractNoteId, extractNoteUrl, extractProjectId, extractProjectPath, GitLabCommentService, GitLabEventTransport, isNoteOnMergeRequest, stripMention as stripGitLabMention, } from "cyrus-gitlab-event-transport";
 import { LinearEventTransport, LinearIssueTrackerService, } from "cyrus-linear-event-transport";
-import { createCyrusToolsServer, } from "cyrus-mcp-tools";
+import { createCyrusToolsServer, createFetchFailureModesClient, } from "cyrus-mcp-tools";
 import { SlackEventTransport, } from "cyrus-slack-event-transport";
 import { Sessions, streamableHttp } from "fastify-mcp";
 import { ActivityPoster } from "./ActivityPoster.js";
@@ -34,7 +34,7 @@ import { RepositoryRouter, } from "./RepositoryRouter.js";
 import { RunnerConfigBuilder } from "./RunnerConfigBuilder.js";
 import { RunnerSelectionService } from "./RunnerSelectionService.js";
 import { SharedApplicationServer } from "./SharedApplicationServer.js";
-import { SkillsPluginResolver } from "./SkillsPluginResolver.js";
+import { SkillsPluginResolver, } from "./SkillsPluginResolver.js";
 import { SlackChatAdapter } from "./SlackChatAdapter.js";
 import { LinearActivitySink } from "./sinks/LinearActivitySink.js";
 import { ToolPermissionResolver } from "./ToolPermissionResolver.js";
@@ -158,8 +158,22 @@ export class EdgeWorker extends EventEmitter {
         }
         // Initialize GitHub comment service for posting replies to GitHub PRs
         this.gitHubCommentService = new GitHubCommentService();
-        // Initialize GitLab comment service for posting replies to GitLab MRs
-        this.gitLabCommentService = new GitLabCommentService();
+        // Initialize GitLab comment service for posting replies to GitLab MRs.
+        // For Self-Managed GitLab the API base URL must be derived from the
+        // configured repos' gitlabUrl host; otherwise the service falls back to
+        // gitlab.com and 404s on every reply. Picks the first configured
+        // GitLab repo's host (single GitLab host per Cyrus instance).
+        const firstGitlabRepo = config.repositories.find((r) => r.gitlabUrl);
+        let gitlabApiBaseUrl;
+        if (firstGitlabRepo?.gitlabUrl) {
+            try {
+                gitlabApiBaseUrl = new URL(firstGitlabRepo.gitlabUrl).origin;
+            }
+            catch {
+                // malformed gitlabUrl — leave undefined and fall through to default
+            }
+        }
+        this.gitLabCommentService = new GitLabCommentService(gitlabApiBaseUrl ? { apiBaseUrl: gitlabApiBaseUrl } : undefined);
         // Initialize global session registry (centralized session storage)
         this.globalSessionRegistry = new GlobalSessionRegistry();
         // Initialize repository router with dependencies
@@ -234,7 +248,7 @@ export class EdgeWorker extends EventEmitter {
                 this.logger.error(`No repository found for child session ${childSessionId}`);
                 return;
             }
-            await this.handleResumeParentSession(parentSessionId, prompt, childSessionId, repo, this.agentSessionManager);
+            await this.handleResumeParentSession(parentSessionId, prompt, childSessionId);
         });
         // Initialize repositories with path resolution
         for (const repo of config.repositories) {
@@ -632,6 +646,9 @@ export class EdgeWorker extends EventEmitter {
                     fallbackModel: this.getDefaultFallbackModelForRunner(runnerType),
                 });
             },
+            // Live read so hot-reloaded config (`setConfig`) picks up new
+            // per-platform MCP paths without rebuilding the handler.
+            getPlatformMcpConfigOverrides: () => this.config.slackMcpConfigs,
             onWebhookStart: () => {
                 this.activeWebhookCount++;
             },
@@ -868,9 +885,11 @@ export class EdgeWorker extends EventEmitter {
             const systemPrompt = isPullRequestReview
                 ? this.buildGitHubChangeRequestSystemPrompt(event, branchRef, taskInstructions)
                 : this.buildGitHubSystemPrompt(event, branchRef, taskInstructions);
-            // Build allowed tools and directories
-            // Exclude Slack MCP tools from GitHub sessions
-            const allowedTools = this.buildAllowedTools(repository).filter((t) => t !== "mcp__slack");
+            // Build allowed tools using the GitHub platform resolver, which honors
+            // `githubAllowedTools` on the workspace config and falls back to
+            // `GITHUB_DEFAULT_ALLOWED_TOOLS` (which intentionally omits
+            // `mcp__slack` — no subtractive filtering needed).
+            const allowedTools = this.toolPermissionResolver.buildGithubAllowedTools(repository);
             const disallowedTools = this.buildDisallowedTools(repository);
             const allowedDirectories = [repository.repositoryPath];
             // Create agent runner using the standard config builder
@@ -878,7 +897,9 @@ export class EdgeWorker extends EventEmitter {
             undefined, // labels
             undefined, // issueDescription
             200, // maxTurns
-            { excludeSlackMcp: true });
+            undefined, // linearWorkspaceId
+            undefined, // skillContext
+            "github");
             const runner = this.createRunnerForType(runnerType, runnerConfig);
             // Store the runner in the session manager
             agentSessionManager.addAgentRunner(githubSessionId, runner);
@@ -1341,9 +1362,10 @@ ${taskSection}`;
             const systemPrompt = isMergeRequestEvent
                 ? this.buildGitLabChangeRequestSystemPrompt(event, branchRef, taskInstructions)
                 : this.buildGitLabSystemPrompt(event, branchRef, taskInstructions);
-            // Build allowed tools and directories
-            // Exclude Slack MCP tools from GitLab sessions
-            const allowedTools = this.buildAllowedTools(repository).filter((t) => t !== "mcp__slack");
+            // Build allowed tools using the GitHub platform resolver — GitLab and
+            // GitHub share the same PR-targeted, single-repo intent, so they use
+            // the same `githubAllowedTools` knob and the same `GITHUB_*` default.
+            const allowedTools = this.toolPermissionResolver.buildGithubAllowedTools(repository);
             const disallowedTools = this.buildDisallowedTools(repository);
             const allowedDirectories = [repository.repositoryPath];
             // Create agent runner using the standard config builder
@@ -1351,7 +1373,9 @@ ${taskSection}`;
             undefined, // labels
             undefined, // issueDescription
             200, // maxTurns
-            { excludeSlackMcp: true });
+            undefined, // linearWorkspaceId
+            undefined, // skillContext
+            "gitlab");
             const runner = this.createRunnerForType(runnerType, runnerConfig);
             // Store the runner in the session manager
             agentSessionManager.addAgentRunner(gitlabSessionId, runner);
@@ -1588,6 +1612,62 @@ ${taskSection}`;
         }
         return "idle";
     }
+    /**
+     * Test-only: dispatch a synthetic Slack webhook event through the chat
+     * session handler. Used by the F1 test harness to exercise the Slack →
+     * ClaudeRunner code path end-to-end without a real Slack signature.
+     */
+    async dispatchChatTestEvent(event) {
+        if (!this.chatSessionHandler) {
+            throw new Error("chatSessionHandler not initialized");
+        }
+        await this.chatSessionHandler.handleEvent(event);
+    }
+    /**
+     * Public accessor for the shared Fastify-based application server.
+     * Used by F1 to register test-only routes alongside production webhook routes.
+     */
+    getSharedApplicationServer() {
+        return this.sharedApplicationServer;
+    }
+    /**
+     * Test-only: list active chat threads (threadKey → sessionId).
+     */
+    listChatThreads() {
+        if (!this.chatSessionHandler)
+            return [];
+        return this.chatSessionHandler.listThreads();
+    }
+    /**
+     * Test-only: fetch the last assistant text reply for a chat thread.
+     * Returns null when the thread or runner is unknown, or no assistant
+     * message has been produced yet.
+     */
+    getChatThreadLastReply(threadKey) {
+        if (!this.chatSessionHandler)
+            return null;
+        const runner = this.chatSessionHandler.getRunnerForThread(threadKey);
+        if (!runner)
+            return null;
+        const messages = runner.getMessages();
+        const lastAssistant = [...messages]
+            .reverse()
+            .find((m) => m.type === "assistant");
+        let text = "";
+        if (lastAssistant &&
+            lastAssistant.type === "assistant" &&
+            "message" in lastAssistant) {
+            const msg = lastAssistant;
+            const block = msg.message.content?.find((b) => b.type === "text" && b.text);
+            if (block?.text)
+                text = block.text;
+        }
+        return {
+            text,
+            isRunning: runner.isRunning(),
+            messageCount: messages.length,
+        };
+    }
     /**
      * Stop the edge worker
      */
@@ -1752,7 +1832,7 @@ ${taskSection}`;
      * This is the core logic used by the resume parent session callback
      * Extracted to reduce duplication between constructor and addNewRepositories
      */
-    async handleResumeParentSession(parentSessionId, prompt, childSessionId, _childRepo, childAgentSessionManager) {
+    async handleResumeParentSession(parentSessionId, prompt, childSessionId) {
         const log = this.logger.withContext({ sessionId: parentSessionId });
         log.info(`Child session completed, resuming parent session ${parentSessionId}`);
         // Find parent session from the single session manager
@@ -1771,8 +1851,7 @@ ${taskSection}`;
         const parentWorkspaceId = requireLinearWorkspaceId(parentRepo);
         log.debug(`Found parent session - Issue: ${parentSession.issueId}, Workspace: ${parentSession.workspace.path}`);
         // Get the child session to access its workspace path
-        // Child session is in the child's manager (passed in from the callback)
-        const childSession = childAgentSessionManager.getSession(childSessionId);
+        const childSession = this.agentSessionManager.getSession(childSessionId);
         const childWorkspaceDirs = [];
         if (childSession) {
             childWorkspaceDirs.push(childSession.workspace.path);
@@ -2928,8 +3007,7 @@ ${taskSection}`;
             labels, // Pass labels for runner selection and model override
             fullIssue.description || undefined, // Description tags can override label selectors
             undefined, // maxTurns
-            undefined, // mcpOptions
-            linearWorkspaceId);
+            linearWorkspaceId, this.buildSkillSessionContext(primaryRepo, fullIssue));
             log.debug(`Label-based runner selection for new session: ${runnerType} (session ${sessionId})`);
             const runner = this.createRunnerForType(runnerType, runnerConfig);
             // Store runner by comment ID
@@ -3375,6 +3453,28 @@ ${taskSection}`;
     async fetchIssueLabels(issue) {
         return this.promptBuilder.fetchIssueLabels(issue);
     }
+    /**
+     * Build the session context used to evaluate per-skill scope restrictions.
+     *
+     * Skill scopes (persisted in `scope.json` sidecars by the config-updater)
+     * match against:
+     * - the active repository's Cyrus config ID,
+     * - the Linear team that owns the issue, and
+     * - the Linear label IDs attached to the issue.
+     */
+    buildSkillSessionContext(repository, fullIssue) {
+        const context = {
+            repositoryId: repository.id,
+        };
+        if (fullIssue?.teamId) {
+            context.linearTeamId = fullIssue.teamId;
+        }
+        if (Array.isArray(fullIssue?.labelIds) &&
+            (fullIssue?.labelIds?.length ?? 0) > 0) {
+            context.linearLabelIds = [...(fullIssue?.labelIds ?? [])];
+        }
+        return context;
+    }
     /**
      * Resolve default model for a given runner from config with sensible built-in defaults.
      * Supports legacy config keys for backwards compatibility.
@@ -3654,8 +3754,132 @@ ${taskSection}`;
         this.cyrusToolsMcpRegistered = true;
         console.log(`✅ Cyrus tools MCP endpoint registered at ${this.cyrusToolsMcpEndpoint}`);
     }
-    createCyrusToolsOptions(parentSessionId) {
+    failureModesClient = null;
+    /**
+     * Lazily build the HTTP client used by `log_failure_mode` to POST to
+     * cyrus-hosted. Uses `CYRUS_APP_URL` (the same env var the remote
+     * session-store client reads, see top of this file) so preview
+     * environments and prod share a single way to point at a control
+     * plane. Returns null when either the URL or the `CYRUS_API_KEY` are
+     * missing — in that mode the tool is simply not registered, so
+     * customer-mode CLI users without a control plane don't see a broken
+     * tool.
+     */
+    getFailureModesClient() {
+        if (this.failureModesClient)
+            return this.failureModesClient;
+        const apiKey = process.env.CYRUS_API_KEY?.trim();
+        const baseUrl = process.env.CYRUS_APP_URL?.trim();
+        if (!apiKey || !baseUrl)
+            return null;
+        this.failureModesClient = createFetchFailureModesClient({
+            baseUrl,
+            apiKey,
+        });
+        return this.failureModesClient;
+    }
+    /**
+     * Resolve a working-directory string to the agent session id that owns
+     * that workspace. The `log_failure_mode` MCP tool calls this with the
+     * agent's reported `cwd`. We normalize and compare against each known
+     * session's `workspace.path` (and any sub-repo paths the session opens).
+     */
+    /**
+     * Resolve a working-directory string to the rich session bundle a
+     * Cyrus team member needs to triage a failure-mode report: the
+     * internal session id (for dedup), the runner session id + runner
+     * type (so triage can pull the Claude/Gemini/Codex/Cursor transcript),
+     * the Linear AgentSession + source-issue identifiers (so triage can
+     * jump to the customer thread), and the workspace path (for repro).
+     *
+     * Returns null only when no session matches. We prefer an exact
+     * workspace-path or sub-repo-path match; if neither hits, we fall
+     * back to a prefix match for nested cwds (e.g. shells in a subdir).
+     */
+    /**
+     * Aggregator over every place active sessions live in this process.
+     * Today: the primary AgentSessionManager (issue sessions) and the
+     * ChatSessionHandler's private one (Slack / GitHub-PR-chat / future
+     * chat platforms). New session origins should be added here so
+     * downstream consumers (currently just resolveSessionFromCwd) keep
+     * working without modification — single open extension point (OCP),
+     * single responsibility (SRP: this method's only job is "where do
+     * sessions live?", separate from "how do we match one by cwd?").
+     */
+    getAllKnownSessions() {
+        return [
+            ...this.agentSessionManager.getAllSessions(),
+            ...(this.chatSessionHandler?.getAllChatSessions() ?? []),
+        ];
+    }
+    resolveSessionFromCwd(cwd) {
+        if (!cwd)
+            return null;
+        const normalize = (p) => p.replace(/\/+$/, "");
+        const target = normalize(cwd);
+        const sessions = this.getAllKnownSessions();
+        const exact = sessions.find((session) => {
+            if (normalize(session.workspace?.path ?? "") === target)
+                return true;
+            const repoPaths = session.workspace?.repoPaths;
+            if (repoPaths) {
+                for (const p of Object.values(repoPaths)) {
+                    if (typeof p === "string" && normalize(p) === target)
+                        return true;
+                }
+            }
+            return false;
+        });
+        const prefix = exact
+            ? undefined
+            : sessions.find((session) => {
+                const root = normalize(session.workspace?.path ?? "");
+                return root && target.startsWith(`${root}/`);
+            });
+        const session = exact ?? prefix;
+        if (!session)
+            return null;
+        const runnerType = session.claudeSessionId
+            ? "claude"
+            : session.geminiSessionId
+                ? "gemini"
+                : session.codexSessionId
+                    ? "codex"
+                    : session.cursorSessionId
+                        ? "cursor"
+                        : null;
+        const runnerSessionId = session.claudeSessionId ??
+            session.geminiSessionId ??
+            session.codexSessionId ??
+            session.cursorSessionId ??
+            null;
+        const sessionSource = session.id.startsWith("github-")
+            ? "github"
+            : session.id.startsWith("gitlab-")
+                ? "gitlab"
+                : session.id.startsWith("slack-")
+                    ? "slack"
+                    : (session.issueContext?.trackerId ?? "linear");
+        // For Linear-source sessions, `session.id` is already the Linear
+        // AgentSession id (they're literally the same UUID — the v3 rename
+        // from `linearAgentActivitySessionId` to `id` kept the value). So we
+        // don't surface a separate `linearAgentSessionId` — the server keys
+        // dedup on `session_id` and that *is* the Linear AgentSession id when
+        // `session_source === 'linear'`.
         return {
+            sessionId: session.id,
+            runnerSessionId,
+            runnerType,
+            sourceIssueIdentifier: session.issueContext?.issueIdentifier ??
+                session.issue?.identifier ??
+                null,
+            workspacePath: session.workspace?.path ?? null,
+            sessionSource,
+        };
+    }
+    createCyrusToolsOptions(parentSessionId) {
+        const failureModesClient = this.getFailureModesClient();
+        const options = {
             parentSessionId,
             onSessionCreated: (childSessionId, parentId) => {
                 this.handleChildSessionMapping(childSessionId, parentId);
@@ -3664,6 +3888,13 @@ ${taskSection}`;
                 return this.handleFeedbackDeliveryToChildSession(childSessionId, message);
             },
         };
+        if (failureModesClient) {
+            options.failureModes = {
+                resolveSessionFromCwd: (cwd) => this.resolveSessionFromCwd(cwd),
+                httpClient: failureModesClient,
+            };
+        }
+        return options;
     }
     handleChildSessionMapping(childSessionId, parentSessionId) {
         console.log(`[EdgeWorker] Agent session created: ${childSessionId}, mapping to parent ${parentSessionId}`);
@@ -3846,8 +4077,12 @@ ${taskSection}`;
             const sharedInstructions = await this.loadSharedInstructions();
             systemPrompt = sharedInstructions;
         }
-        // 3. Append skills guidance — instruct the agent to use skills based on context
-        systemPrompt += await this.skillsPluginResolver.buildSkillsGuidance();
+        // 3. Append skills guidance — instruct the agent to use skills based on context.
+        // Skills hidden by per-skill scope (repo / Linear team / Linear label) are
+        // omitted from the guidance so the model doesn't reference skills it
+        // cannot invoke.
+        const skillsContext = this.buildSkillSessionContext(repositories[0], input.fullIssue);
+        systemPrompt += await this.skillsPluginResolver.buildSkillsGuidance(undefined, skillsContext);
         // 4. Append agent context — dynamic values for skills to reference
         systemPrompt += this.buildAgentContextBlock();
         // 5. Build issue context using appropriate builder
@@ -4004,12 +4239,25 @@ ${input.userComment}
      * Delegates to RunnerConfigBuilder for shared config assembly.
      * @returns Object containing the runner config and runner type to use
      */
-    async buildAgentRunnerConfig(session, repository, sessionId, systemPrompt, allowedTools, allowedDirectories, disallowedTools, resumeSessionId, labels, issueDescription, maxTurns, mcpOptions, linearWorkspaceId) {
+    async buildAgentRunnerConfig(session, repository, sessionId, systemPrompt, allowedTools, allowedDirectories, disallowedTools, resumeSessionId, labels, issueDescription, maxTurns, linearWorkspaceId, skillContext, 
+    /**
+     * Which platform initiated the session — drives which
+     * `EdgeWorkerConfig.<platform>McpConfigs` override list applies.
+     * Defaults to `"linear"` (the pre-platform-aware behavior).
+     */
+    sessionPlatform = "linear") {
         const log = this.logger.withContext({
             sessionId,
             platform: session.issueContext?.trackerId,
             issueIdentifier: session.issueContext?.issueIdentifier,
         });
+        // Resolve plugins once so we can also derive the per-session scoped
+        // skill allow-list from the same filesystem snapshot.
+        const plugins = await this.skillsPluginResolver.resolve();
+        const resolvedSkillContext = skillContext ?? {
+            repositoryId: repository.id,
+        };
+        const allowedSkillNames = await this.skillsPluginResolver.discoverSkillNames(plugins, resolvedSkillContext);
         const result = this.runnerConfigBuilder.buildIssueConfig({
             session,
             repository,
@@ -4022,11 +4270,21 @@ ${input.userComment}
             labels,
             issueDescription,
             maxTurns,
-            mcpOptions,
+            // Per-platform MCP config paths — GitHub + GitLab share the
+            // `githubMcpConfigs` knob (single-repo PR contexts both); Linear
+            // gets `linearMcpConfigs`. Not a blanket override: the builder
+            // uses `repository.mcpConfigPath` when this repo has its own
+            // `allowedTools` override (so the repo's permission rules and
+            // MCP server set travel as a unit), and only falls through to
+            // this list when the repo inherits the platform allow-list.
+            platformMcpConfigOverrides: sessionPlatform === "linear"
+                ? this.config.linearMcpConfigs
+                : this.config.githubMcpConfigs,
             linearWorkspaceId,
             cyrusHome: this.cyrusHome,
             logger: log,
-            plugins: await this.skillsPluginResolver.resolve(),
+            plugins,
+            skills: allowedSkillNames,
             sandboxSettings: this.sdkSandboxSettings ?? undefined,
             egressCaCertPath: this.egressCaCertPath ?? undefined,
             onMessage: (message) => {
@@ -4220,8 +4478,21 @@ ${input.userComment}
                 // Build MCP config for this session (same as the live runner would use)
                 const linearWorkspaceId = requireLinearWorkspaceId(repo);
                 const mcpConfig = this.mcpConfigService.buildMcpConfig(repo.id, linearWorkspaceId, session.id);
-                // Merge any file-based MCP configs (reuses shared normalization)
-                const mcpConfigPath = this.mcpConfigService.buildMergedMcpConfigPath(repo);
+                // Merge any file-based MCP configs (reuses shared normalization).
+                // Warmup paths reconstruct Linear-triggered issue sessions:
+                // if the repo has its own `allowedTools` override its
+                // mcpConfigPath stays scoped to that repo, otherwise the
+                // team-level `linearMcpConfigs` list applies. Same coupling
+                // the live `buildIssueConfig` path uses.
+                const repoHasAllowedToolsOverride = Array.isArray(repo.allowedTools) && repo.allowedTools.length > 0;
+                const mcpConfigPath = repoHasAllowedToolsOverride
+                    ? this.mcpConfigService.buildMergedMcpConfigPath(repo)
+                    : this.config.linearMcpConfigs &&
+                        this.config.linearMcpConfigs.length > 0
+                        ? this.config.linearMcpConfigs.length === 1
+                            ? this.config.linearMcpConfigs[0]
+                            : [...this.config.linearMcpConfigs]
+                        : undefined;
                 let mcpServers = { ...mcpConfig };
                 if (mcpConfigPath) {
                     const paths = Array.isArray(mcpConfigPath)
@@ -4514,8 +4785,7 @@ ${input.userComment}
         const { config: runnerConfig, runnerType } = await this.buildAgentRunnerConfig(session, repository, sessionId, systemPrompt, allowedTools, allowedDirectories, disallowedTools, resumeSessionId, labels, // Always pass labels to preserve model override
         fullIssue.description || undefined, // Description tags can override label selectors
         maxTurns, // Pass maxTurns if specified
-        undefined, // mcpOptions
-        resolvedWorkspaceId);
+        resolvedWorkspaceId, this.buildSkillSessionContext(repository, fullIssue));
         // Create the appropriate runner based on session state
         const runner = this.createRunnerForType(runnerType, runnerConfig);
         // Store runner