doer-agent 0.4.2 → 0.4.3

package/dist/agent-codex-auth-rpc.js

@@ -0,0 +1,322 @@
+import { spawn } from "node:child_process";
+import { unlink } from "node:fs/promises";
+import path from "node:path";
+import { StringCodec } from "nats";
+const codexAuthRpcCodec = StringCodec();
+let pendingCodexDeviceAuth = null;
+function parseCodexDeviceAuthOutput(raw, stripAnsi) {
+    const text = stripAnsi(raw);
+    const urlMatch = text.match(/https?:\/\/[^\s]+/i);
+    const codeMatch = text.match(/\b[A-Z0-9]{4,}(?:-[A-Z0-9]{4,})+\b/);
+    return {
+        verificationUri: urlMatch?.[0] ?? null,
+        userCode: codeMatch?.[0] ?? null,
+    };
+}
+function pendingCodexDeviceAuthMessage(state, stripAnsi) {
+    const parsed = parseCodexDeviceAuthOutput(state.output, stripAnsi);
+    if (parsed.verificationUri && parsed.userCode) {
+        return `Waiting for approval. Enter code ${parsed.userCode} at ${parsed.verificationUri}`;
+    }
+    return stripAnsi(state.output).trim() || "Waiting for approval";
+}
+async function getLocalCodexLoginStatus(args) {
+    const result = await args.runLocalCodexCli(["login", "status"], 5000);
+    const merged = args.stripAnsi([result.stdout, result.stderr].filter(Boolean).join("\n")).trim();
+    return {
+        loggedIn: (result.code ?? 1) === 0,
+        output: merged || ((result.code ?? 1) === 0 ? "Logged in" : "Not logged in"),
+    };
+}
+async function waitForCodexDeviceCode(state, timeoutMs, stripAnsi) {
+    const startedAt = Date.now();
+    while (Date.now() - startedAt < timeoutMs) {
+        const parsed = parseCodexDeviceAuthOutput(state.output, stripAnsi);
+        if (parsed.verificationUri && parsed.userCode) {
+            return;
+        }
+        if (state.child.exitCode !== null) {
+            return;
+        }
+        await new Promise((resolve) => setTimeout(resolve, 100));
+    }
+}
+async function startLocalCodexDeviceAuth(args) {
+    if (pendingCodexDeviceAuth && pendingCodexDeviceAuth.child.exitCode === null) {
+        const parsed = parseCodexDeviceAuthOutput(pendingCodexDeviceAuth.output, args.stripAnsi);
+        return {
+            loggedIn: false,
+            output: pendingCodexDeviceAuthMessage(pendingCodexDeviceAuth, args.stripAnsi),
+            verificationUri: parsed.verificationUri,
+            userCode: parsed.userCode,
+        };
+    }
+    const child = spawn(args.buildLocalCodexCliCommand(["login", "--device-auth"]), {
+        cwd: args.workspaceRoot,
+        shell: args.resolveShellPath(),
+        detached: process.platform !== "win32",
+        env: {
+            ...process.env,
+            WORKSPACE: args.workspaceRoot,
+            CODEX_HOME: args.resolveCodexHomePath(),
+        },
+        stdio: ["ignore", "pipe", "pipe"],
+    });
+    child.stdout?.setEncoding("utf8");
+    child.stderr?.setEncoding("utf8");
+    const state = { child, output: "" };
+    pendingCodexDeviceAuth = state;
+    const appendOutput = (chunk) => {
+        state.output += chunk;
+    };
+    child.stdout?.on("data", appendOutput);
+    child.stderr?.on("data", appendOutput);
+    child.once("exit", () => {
+        if (pendingCodexDeviceAuth === state) {
+            pendingCodexDeviceAuth = null;
+        }
+    });
+    await waitForCodexDeviceCode(state, 8000, args.stripAnsi);
+    const parsed = parseCodexDeviceAuthOutput(state.output, args.stripAnsi);
+    if ((!parsed.verificationUri || !parsed.userCode) && state.child.exitCode !== null) {
+        throw new Error("Failed to read device code from Codex CLI");
+    }
+    return {
+        loggedIn: false,
+        output: pendingCodexDeviceAuthMessage(state, args.stripAnsi),
+        verificationUri: parsed.verificationUri,
+        userCode: parsed.userCode,
+    };
+}
+async function startLocalCodexLogin(args) {
+    const child = spawn(args.buildLocalCodexCliCommand(["login"]), {
+        cwd: args.workspaceRoot,
+        shell: args.resolveShellPath(),
+        detached: process.platform !== "win32",
+        env: {
+            ...process.env,
+            WORKSPACE: args.workspaceRoot,
+            CODEX_HOME: args.resolveCodexHomePath(),
+        },
+        stdio: ["ignore", "pipe", "pipe"],
+    });
+    let output = "";
+    child.stdout?.setEncoding("utf8");
+    child.stderr?.setEncoding("utf8");
+    child.stdout?.on("data", (chunk) => {
+        output += chunk;
+    });
+    child.stderr?.on("data", (chunk) => {
+        output += chunk;
+    });
+    const result = await new Promise((resolve, reject) => {
+        child.once("error", reject);
+        child.once("exit", (code) => resolve({ code, output }));
+    });
+    const normalized = args.stripAnsi(result.output).trim();
+    const parsed = parseCodexDeviceAuthOutput(result.output, args.stripAnsi);
+    if ((result.code ?? 1) === 0) {
+        const status = await args.getLocalCodexLoginStatus().catch(() => null);
+        return {
+            loggedIn: status?.loggedIn === true,
+            output: status?.output || normalized || "Login started",
+            verificationUri: parsed.verificationUri,
+            userCode: parsed.userCode,
+        };
+    }
+    throw new Error(normalized || `Codex login failed with code ${result.code ?? "null"}`);
+}
+async function loginLocalCodexWithApiKey(args) {
+    const result = await args.runLocalCodexCliWithInput(["login", "--with-api-key"], args.apiKey, 15000);
+    const normalized = args.stripAnsi([result.stdout, result.stderr].filter(Boolean).join("\n")).trim();
+    if ((result.code ?? 1) !== 0) {
+        throw new Error(normalized || `Codex API key login failed with code ${result.code ?? "null"}`);
+    }
+    const status = await args.getLocalCodexLoginStatus().catch(() => null);
+    return {
+        loggedIn: status?.loggedIn === true,
+        output: status?.output || normalized || "Logged in",
+        verificationUri: null,
+        userCode: null,
+    };
+}
+async function logoutLocalCodexAuth(args) {
+    if (pendingCodexDeviceAuth && pendingCodexDeviceAuth.child.exitCode === null) {
+        args.sendSignalToTaskProcess(pendingCodexDeviceAuth.child, "SIGTERM");
+        setTimeout(() => {
+            if (pendingCodexDeviceAuth?.child.exitCode === null) {
+                args.sendSignalToTaskProcess(pendingCodexDeviceAuth.child, "SIGKILL");
+            }
+        }, 1000);
+        pendingCodexDeviceAuth = null;
+    }
+    const result = await args.runLocalCodexCli(["logout"], 5000);
+    let merged = args.stripAnsi([result.stdout, result.stderr].filter(Boolean).join("\n")).trim();
+    const statusAfterLogout = await args.getLocalCodexLoginStatus().catch(() => null);
+    if (statusAfterLogout?.loggedIn) {
+        const authFile = path.join(args.resolveCodexHomePath(), "auth.json");
+        await unlink(authFile).catch(() => undefined);
+        const statusAfterDelete = await args.getLocalCodexLoginStatus().catch(() => null);
+        if (statusAfterDelete?.output) {
+            merged = [merged, statusAfterDelete.output].filter(Boolean).join("\n");
+        }
+    }
+    return {
+        loggedIn: false,
+        output: merged || "Logged out",
+    };
+}
+function normalizeCodexAuthRpcRequest(args) {
+    const requestId = typeof args.request.requestId === "string" ? args.request.requestId.trim() : "";
+    const responseSubject = typeof args.request.responseSubject === "string" ? args.request.responseSubject.trim() : "";
+    const requestAgentId = typeof args.request.agentId === "string" ? args.request.agentId.trim() : "";
+    const actionRaw = typeof args.request.action === "string" ? args.request.action.trim() : "";
+    const action = actionRaw === "start" || actionRaw === "logout" || actionRaw === "login_api_key" ? actionRaw : "status";
+    const apiKey = typeof args.request.apiKey === "string" && args.request.apiKey.trim() ? args.request.apiKey.trim() : null;
+    if (!requestId || !responseSubject || !requestAgentId || requestAgentId !== args.agentId) {
+        throw new Error("invalid codex auth rpc request");
+    }
+    if (action === "login_api_key" && !apiKey) {
+        throw new Error("api key is required");
+    }
+    return { requestId, responseSubject, action, apiKey };
+}
+function publishCodexAuthRpcResponse(args) {
+    args.nc.publish(args.responseSubject, codexAuthRpcCodec.encode(JSON.stringify(args.payload)));
+}
+async function handleCodexAuthRpcMessage(args) {
+    let requestId = "unknown";
+    let responseSubject = "";
+    try {
+        const payload = JSON.parse(codexAuthRpcCodec.decode(args.msg.data));
+        const request = normalizeCodexAuthRpcRequest({ request: payload, agentId: args.agentId });
+        requestId = request.requestId;
+        responseSubject = request.responseSubject;
+        const getStatus = () => getLocalCodexLoginStatus({
+            runLocalCodexCli: args.runLocalCodexCli,
+            stripAnsi: args.stripAnsi,
+        });
+        let result = null;
+        if (request.action === "login_api_key") {
+            result = await loginLocalCodexWithApiKey({
+                apiKey: request.apiKey ?? "",
+                runLocalCodexCliWithInput: args.runLocalCodexCliWithInput,
+                stripAnsi: args.stripAnsi,
+                getLocalCodexLoginStatus: getStatus,
+            });
+        }
+        else if (request.action === "start") {
+            const status = await getStatus();
+            if (status.loggedIn) {
+                result = { loggedIn: true, output: status.output };
+            }
+            else {
+                try {
+                    result = await startLocalCodexDeviceAuth({
+                        workspaceRoot: args.workspaceRoot,
+                        buildLocalCodexCliCommand: args.buildLocalCodexCliCommand,
+                        resolveShellPath: args.resolveShellPath,
+                        resolveCodexHomePath: args.resolveCodexHomePath,
+                        stripAnsi: args.stripAnsi,
+                    });
+                }
+                catch (error) {
+                    const message = error instanceof Error ? error.message : String(error);
+                    const normalized = message.toLowerCase();
+                    if (normalized.includes("operation not permitted") ||
+                        normalized.includes("failed to read device code") ||
+                        normalized.includes("panic") ||
+                        normalized.includes("null object")) {
+                        result = await startLocalCodexLogin({
+                            workspaceRoot: args.workspaceRoot,
+                            buildLocalCodexCliCommand: args.buildLocalCodexCliCommand,
+                            resolveShellPath: args.resolveShellPath,
+                            resolveCodexHomePath: args.resolveCodexHomePath,
+                            stripAnsi: args.stripAnsi,
+                            getLocalCodexLoginStatus: getStatus,
+                        });
+                    }
+                    else {
+                        throw error;
+                    }
+                }
+            }
+        }
+        else if (request.action === "logout") {
+            result = await logoutLocalCodexAuth({
+                sendSignalToTaskProcess: args.sendSignalToTaskProcess,
+                runLocalCodexCli: args.runLocalCodexCli,
+                stripAnsi: args.stripAnsi,
+                resolveCodexHomePath: args.resolveCodexHomePath,
+                getLocalCodexLoginStatus: getStatus,
+            });
+        }
+        else {
+            const status = await getStatus();
+            if (status.loggedIn) {
+                result = { loggedIn: true, output: status.output };
+            }
+            else if (pendingCodexDeviceAuth && pendingCodexDeviceAuth.child.exitCode === null) {
+                const parsed = parseCodexDeviceAuthOutput(pendingCodexDeviceAuth.output, args.stripAnsi);
+                result = {
+                    loggedIn: false,
+                    output: pendingCodexDeviceAuthMessage(pendingCodexDeviceAuth, args.stripAnsi),
+                    verificationUri: parsed.verificationUri,
+                    userCode: parsed.userCode,
+                };
+            }
+            else {
+                result = { loggedIn: false, output: status.output || "Not logged in" };
+            }
+        }
+        publishCodexAuthRpcResponse({
+            nc: args.nc,
+            responseSubject,
+            payload: {
+                requestId,
+                ok: true,
+                loggedIn: result.loggedIn,
+                output: result.output,
+                verificationUri: result.verificationUri ?? null,
+                userCode: result.userCode ?? null,
+            },
+        });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (responseSubject) {
+            publishCodexAuthRpcResponse({
+                nc: args.nc,
+                responseSubject,
+                payload: { requestId, ok: false, error: message },
+            });
+        }
+        args.onError(`codex auth rpc failed requestId=${requestId} error=${message}`);
+    }
+}
+export function subscribeToCodexAuthRpc(args) {
+    args.nc.subscribe(args.subject, {
+        callback: (error, msg) => {
+            if (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                args.onError(`codex auth rpc subscription error: ${message}`);
+                return;
+            }
+            void handleCodexAuthRpcMessage({
+                msg,
+                nc: args.nc,
+                agentId: args.agentId,
+                workspaceRoot: args.workspaceRoot,
+                buildLocalCodexCliCommand: args.buildLocalCodexCliCommand,
+                resolveShellPath: args.resolveShellPath,
+                resolveCodexHomePath: args.resolveCodexHomePath,
+                runLocalCodexCli: args.runLocalCodexCli,
+                runLocalCodexCliWithInput: args.runLocalCodexCliWithInput,
+                sendSignalToTaskProcess: args.sendSignalToTaskProcess,
+                stripAnsi: args.stripAnsi,
+                onError: args.onError,
+            });
+        },
+    });
+    args.onInfo(`codex auth rpc subscribed subject=${args.subject}`);
+}

package/dist/agent-codex-cli.js

@@ -0,0 +1,210 @@
+import { spawn, spawnSync } from "node:child_process";
+const ANSI_RE = /\u001b\[[0-9;]*m/g;
+function shellSingleQuote(value) {
+    return `'${value.replace(/'/g, `'"'"'`)}'`;
+}
+function toTomlStringLiteral(value) {
+    return `"${value.replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"`;
+}
+function hasDirectCodexBinary() {
+    const result = spawnSync("bash", ["-lc", "command -v codex >/dev/null 2>&1"], {
+        stdio: "ignore",
+    });
+    return result.status === 0;
+}
+export function stripAnsi(value) {
+    return value.replace(ANSI_RE, "");
+}
+export function normalizeCodexModel(value) {
+    const normalized = typeof value === "string" ? value.trim() : "";
+    return normalized || "gpt-5.4";
+}
+export function buildManagedCodexArgs(args) {
+    const promptArgs = ["--", args.prompt];
+    const fixedArgs = ["--dangerously-bypass-approvals-and-sandbox"];
+    const configArgs = [
+        ...(args.personality ? ["--config", `personality=${toTomlStringLiteral(args.personality)}`] : []),
+        ...(args.modelInstructionsFile
+            ? ["--config", `model_instructions_file=${toTomlStringLiteral(args.modelInstructionsFile)}`]
+            : []),
+    ];
+    const imageArgs = args.imagePaths.flatMap((imagePath) => ["--image", imagePath]);
+    return [
+        ...fixedArgs,
+        ...configArgs,
+        "--model",
+        args.model,
+        ...(args.sessionId
+            ? ["exec", "resume", ...imageArgs, args.sessionId, ...promptArgs]
+            : ["exec", ...imageArgs, ...promptArgs]),
+    ];
+}
+export function buildLocalCodexCliCommand(args) {
+    const quotedArgs = args.map(shellSingleQuote).join(" ");
+    const direct = `exec codex ${quotedArgs}`;
+    const fallback = `exec npm exec --yes --package doer-agent -- codex ${quotedArgs}`;
+    const script = [
+        "if command -v codex >/dev/null 2>&1; then",
+        `  ${direct}`,
+        "fi",
+        fallback,
+    ].join("\n");
+    return `bash -lc ${shellSingleQuote(script)}`;
+}
+export function spawnManagedCodexCommand(args) {
+    const env = {
+        ...args.env,
+        DOER_AGENT_TOKEN: args.agentToken,
+    };
+    const child = hasDirectCodexBinary()
+        ? spawn("codex", args.codexArgs, {
+            cwd: args.taskWorkspace,
+            detached: process.platform !== "win32",
+            env,
+            stdio: ["ignore", "pipe", "pipe"],
+        })
+        : spawn("npm", ["exec", "--yes", "--package", "doer-agent", "--", "codex", ...args.codexArgs], {
+            cwd: args.taskWorkspace,
+            detached: process.platform !== "win32",
+            env,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+    child.stdout?.setEncoding("utf8");
+    child.stderr?.setEncoding("utf8");
+    return child;
+}
+export function createLocalCodexCliTools(args) {
+    async function runLocalCodexCli(cmdArgs, timeoutMs, envPatch) {
+        const command = buildLocalCodexCliCommand(cmdArgs);
+        const workspaceRoot = args.resolveWorkspaceRoot();
+        const env = {
+            ...process.env,
+            ...(envPatch ?? {}),
+            WORKSPACE: workspaceRoot,
+            CODEX_HOME: args.resolveCodexHomePath(),
+        };
+        return await new Promise((resolve, reject) => {
+            const child = spawn(command, {
+                cwd: workspaceRoot,
+                shell: args.resolveShellPath(),
+                env,
+                stdio: ["ignore", "pipe", "pipe"],
+            });
+            let stdout = "";
+            let stderr = "";
+            let done = false;
+            let timedOut = false;
+            child.stdout.setEncoding("utf8");
+            child.stderr.setEncoding("utf8");
+            child.stdout.on("data", (chunk) => {
+                stdout += chunk;
+            });
+            child.stderr.on("data", (chunk) => {
+                stderr += chunk;
+            });
+            const timer = setTimeout(() => {
+                timedOut = true;
+                args.sendSignalToTaskProcess(child, "SIGTERM");
+                setTimeout(() => args.sendSignalToTaskProcess(child, "SIGKILL"), 1000);
+            }, Math.max(500, timeoutMs));
+            child.once("error", (error) => {
+                if (done) {
+                    return;
+                }
+                done = true;
+                clearTimeout(timer);
+                reject(error);
+            });
+            child.once("exit", (code) => {
+                if (done) {
+                    return;
+                }
+                done = true;
+                clearTimeout(timer);
+                resolve({ code, stdout, stderr, timedOut });
+            });
+        });
+    }
+    async function runLocalCodexCliWithInput(cmdArgs, input, timeoutMs, envPatch) {
+        const command = buildLocalCodexCliCommand(cmdArgs);
+        const workspaceRoot = args.resolveWorkspaceRoot();
+        const env = {
+            ...process.env,
+            ...(envPatch ?? {}),
+            WORKSPACE: workspaceRoot,
+            CODEX_HOME: args.resolveCodexHomePath(),
+        };
+        return await new Promise((resolve, reject) => {
+            const child = spawn(command, {
+                cwd: workspaceRoot,
+                shell: args.resolveShellPath(),
+                env,
+                stdio: ["pipe", "pipe", "pipe"],
+            });
+            let stdout = "";
+            let stderr = "";
+            let done = false;
+            let timedOut = false;
+            child.stdout.setEncoding("utf8");
+            child.stderr.setEncoding("utf8");
+            child.stdout.on("data", (chunk) => {
+                stdout += chunk;
+            });
+            child.stderr.on("data", (chunk) => {
+                stderr += chunk;
+            });
+            child.stdin?.write(input);
+            if (!input.endsWith("\n")) {
+                child.stdin?.write("\n");
+            }
+            child.stdin?.end();
+            const timer = setTimeout(() => {
+                timedOut = true;
+                args.sendSignalToTaskProcess(child, "SIGTERM");
+                setTimeout(() => args.sendSignalToTaskProcess(child, "SIGKILL"), 1000);
+            }, Math.max(500, timeoutMs));
+            child.once("error", (error) => {
+                if (done) {
+                    return;
+                }
+                done = true;
+                clearTimeout(timer);
+                reject(error);
+            });
+            child.once("exit", (code) => {
+                if (done) {
+                    return;
+                }
+                done = true;
+                clearTimeout(timer);
+                resolve({ code, stdout, stderr, timedOut });
+            });
+        });
+    }
+    return {
+        buildLocalCodexCliCommand,
+        runLocalCodexCli,
+        runLocalCodexCliWithInput,
+        stripAnsi,
+    };
+}
+export function normalizeShellRpcCodexAuthBundle(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    const row = value;
+    const authJson = typeof row.authJson === "string" ? row.authJson : null;
+    const authMode = row.authMode === "oauth" ? "oauth" : row.authMode === "api_key" ? "api_key" : undefined;
+    const apiKey = typeof row.apiKey === "string" || row.apiKey === null ? row.apiKey : undefined;
+    if (!authJson && authMode !== "api_key" && apiKey === undefined) {
+        return null;
+    }
+    return {
+        taskId: typeof row.taskId === "string" ? row.taskId : undefined,
+        authMode,
+        issuedAt: typeof row.issuedAt === "string" ? row.issuedAt : undefined,
+        expiresAt: typeof row.expiresAt === "string" ? row.expiresAt : undefined,
+        authJson: authJson ?? undefined,
+        apiKey,
+    };
+}