flowent 0.1.3 → 0.1.4

package/backend/src/flowent/static/index.html

@@ -6,8 +6,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Flowent</title>
     <meta name="description" content="Flowent application" />
-    <script type="module" crossorigin src="/assets/index-DjF2KBwE.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-P-bBpJG8.css">
+    <script type="module" crossorigin src="/assets/index-DSniOrhL.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-BREidonU.css">
   </head>
   <body>
     <div id="root"></div>

package/backend/src/flowent/storage.py

@@ -4,7 +4,7 @@ from pathlib import Path
 
 from pydantic import BaseModel, ConfigDict, Field
 
-from flowent.llm import ProviderFormat, ReasoningEffort
+from flowent.llm import ChatMessage, ProviderFormat, ReasoningEffort
 from flowent.paths import data_directory
 
 
@@ -75,6 +75,15 @@ class StoredWritablePath(BaseModel):
     path: str
 
 
+class StoredPermissionRequest(BaseModel):
+    model_config = ConfigDict(extra="forbid")
+
+    id: str
+    path: str
+    reason: str
+    tool_call_id: str | None = None
+
+
 class StoredProvider(BaseModel):
     model_config = ConfigDict(extra="forbid")
 
@@ -119,6 +128,20 @@ class StoredMessage(BaseModel):
     tools: list[StoredToolItem] = Field(default_factory=list)
 
 
+class StoredCompactionCheckpoint(BaseModel):
+    model_config = ConfigDict(extra="forbid")
+
+    created_at: int = 0
+    id: str
+    method: str
+    replacement_history: list[ChatMessage]
+    source_message_id: str | None = None
+    summary: str
+    token_after: int = 0
+    token_before: int = 0
+    trigger: str
+
+
 class StoredState(BaseModel):
     model_config = ConfigDict(extra="forbid")
 
@@ -127,6 +150,7 @@ class StoredState(BaseModel):
     mcp_servers: list[StoredMcpServer]
     messages: list[StoredMessage]
     providers: list[StoredProvider]
+    permission_requests: list[StoredPermissionRequest] = Field(default_factory=list)
     settings: StoredSettings
     skills: list[StoredSkill]
     telegram_bot: StoredTelegramBot
@@ -607,12 +631,120 @@ class StateStore:
                 VALUES (1, ?)
                 ON CONFLICT(id) DO UPDATE SET
                     compacted_summary = excluded.compacted_summary,
+                    active_compaction_id = NULL,
                     updated_at = unixepoch()
                 """,
                 (summary,),
             )
         return summary
 
+    def read_active_compaction_checkpoint(
+        self,
+    ) -> StoredCompactionCheckpoint | None:
+        with self.connect() as connection:
+            row = connection.execute(
+                """
+                SELECT
+                    checkpoint.id,
+                    checkpoint.trigger,
+                    checkpoint.method,
+                    checkpoint.summary,
+                    checkpoint.replacement_history,
+                    checkpoint.source_message_id,
+                    checkpoint.token_before,
+                    checkpoint.token_after,
+                    checkpoint.created_at
+                FROM workspace_context context
+                JOIN compaction_checkpoints checkpoint
+                    ON checkpoint.id = context.active_compaction_id
+                WHERE context.id = 1
+                """
+            ).fetchone()
+        if row is None:
+            return None
+        return StoredCompactionCheckpoint(
+            created_at=row["created_at"],
+            id=row["id"],
+            method=row["method"],
+            replacement_history=[
+                ChatMessage.model_validate(message)
+                for message in json.loads(row["replacement_history"] or "[]")
+            ],
+            source_message_id=row["source_message_id"],
+            summary=row["summary"],
+            token_after=row["token_after"],
+            token_before=row["token_before"],
+            trigger=row["trigger"],
+        )
+
+    def save_compaction_checkpoint(
+        self, checkpoint: StoredCompactionCheckpoint
+    ) -> StoredCompactionCheckpoint:
+        with self.connect() as connection:
+            connection.execute(
+                """
+                INSERT INTO compaction_checkpoints (
+                    id,
+                    trigger,
+                    method,
+                    summary,
+                    replacement_history,
+                    source_message_id,
+                    token_before,
+                    token_after
+                )
+                VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+                ON CONFLICT(id) DO UPDATE SET
+                    trigger = excluded.trigger,
+                    method = excluded.method,
+                    summary = excluded.summary,
+                    replacement_history = excluded.replacement_history,
+                    source_message_id = excluded.source_message_id,
+                    token_before = excluded.token_before,
+                    token_after = excluded.token_after
+                """,
+                (
+                    checkpoint.id,
+                    checkpoint.trigger,
+                    checkpoint.method,
+                    checkpoint.summary,
+                    json.dumps(
+                        [
+                            message.model_dump()
+                            for message in checkpoint.replacement_history
+                        ],
+                        ensure_ascii=False,
+                    ),
+                    checkpoint.source_message_id,
+                    checkpoint.token_before,
+                    checkpoint.token_after,
+                ),
+            )
+            connection.execute(
+                """
+                INSERT INTO workspace_context (
+                    id,
+                    compacted_summary,
+                    active_compaction_id
+                )
+                VALUES (1, ?, ?)
+                ON CONFLICT(id) DO UPDATE SET
+                    compacted_summary = excluded.compacted_summary,
+                    active_compaction_id = excluded.active_compaction_id,
+                    updated_at = unixepoch()
+                """,
+                (checkpoint.summary, checkpoint.id),
+            )
+            row = connection.execute(
+                """
+                SELECT created_at
+                FROM compaction_checkpoints
+                WHERE id = ?
+                """,
+                (checkpoint.id,),
+            ).fetchone()
+        return checkpoint.model_copy(update={"created_at": row["created_at"]})
+
     def _provider_models(
         self, connection: sqlite3.Connection, provider_id: str
     ) -> list[str]:
@@ -807,9 +939,22 @@ class StateStore:
             CREATE TABLE IF NOT EXISTS workspace_context (
                 id INTEGER PRIMARY KEY CHECK (id = 1),
                 compacted_summary TEXT NOT NULL DEFAULT '',
+                active_compaction_id TEXT,
                 updated_at INTEGER NOT NULL DEFAULT (unixepoch())
             );
 
+            CREATE TABLE IF NOT EXISTS compaction_checkpoints (
+                id TEXT PRIMARY KEY,
+                trigger TEXT NOT NULL,
+                method TEXT NOT NULL,
+                summary TEXT NOT NULL,
+                replacement_history TEXT NOT NULL DEFAULT '[]',
+                source_message_id TEXT,
+                token_before INTEGER NOT NULL DEFAULT 0,
+                token_after INTEGER NOT NULL DEFAULT 0,
+                created_at INTEGER NOT NULL DEFAULT (unixepoch())
+            );
+
             CREATE TABLE IF NOT EXISTS skill_settings (
                 id TEXT PRIMARY KEY,
                 enabled INTEGER NOT NULL DEFAULT 1,
@@ -861,3 +1006,11 @@ class StateStore:
                 "ALTER TABLE settings "
                 "ADD COLUMN reasoning_effort TEXT NOT NULL DEFAULT 'default'"
             )
+        workspace_context_columns = {
+            row["name"]
+            for row in connection.execute("PRAGMA table_info(workspace_context)")
+        }
+        if "active_compaction_id" not in workspace_context_columns:
+            connection.execute(
+                "ALTER TABLE workspace_context ADD COLUMN active_compaction_id TEXT"
+            )

package/backend/tests/test_agent_tools.py

@@ -1,5 +1,6 @@
 import asyncio
 import json
+import subprocess
 import time
 from pathlib import Path
 
@@ -226,6 +227,240 @@ def test_shell_command_has_network_by_default(tmp_path) -> None:
     assert "network-ready" in result.content
 
 
+def test_sandbox_command_keeps_proc_mount_when_preflight_succeeds(
+    tmp_path, monkeypatch
+) -> None:
+    runner = SandboxRunner(cwd=tmp_path)
+    monkeypatch.setattr("flowent.sandbox.sandbox_supports_proc_mount", lambda: True)
+
+    command = runner.build_command(["/bin/true"])
+
+    assert command.args[command.args.index("--proc") + 1] == "/proc"
+
+
+def test_sandbox_command_omits_proc_mount_when_preflight_reports_permission_error(
+    tmp_path, monkeypatch
+) -> None:
+    runner = SandboxRunner(cwd=tmp_path)
+    monkeypatch.setattr("flowent.sandbox.sandbox_supports_proc_mount", lambda: False)
+
+    command = runner.build_command(["/bin/true"])
+
+    assert "--proc" not in command.args
+
+
+def test_sandbox_proc_preflight_does_not_hide_non_proc_errors(
+    tmp_path, monkeypatch
+) -> None:
+    bwrap = tmp_path / "bwrap"
+    bwrap.write_text("#!/bin/sh\necho 'bwrap: unrelated startup failure' >&2\nexit 1\n")
+    bwrap.chmod(0o700)
+    monkeypatch.setattr("flowent.sandbox.sandbox_binary", lambda: str(bwrap))
+
+    assert SandboxRunner(cwd=tmp_path).build_command(["/bin/true"]).args[0:7] == [
+        str(bwrap),
+        "--ro-bind",
+        "/",
+        "/",
+        "--dev",
+        "/dev",
+        "--proc",
+    ]
+
+
+def test_shell_command_runs_without_proc_mount_after_preflight_fallback(
+    tmp_path, monkeypatch
+) -> None:
+    bwrap = tmp_path / "bwrap"
+    bwrap.write_text(
+        "#!/bin/sh\n"
+        'for arg in "$@"; do\n'
+        '  if [ "$arg" = --proc ]; then\n'
+        '    echo "bwrap: Can\'t mount proc on /newroot/proc: Operation not permitted" >&2\n'
+        "    exit 1\n"
+        "  fi\n"
+        "done\n"
+        'while [ "$#" -gt 0 ]; do\n'
+        '  if [ "$1" = -- ]; then\n'
+        "    shift\n"
+        '    exec "$@"\n'
+        "  fi\n"
+        "  shift\n"
+        "done\n"
+    )
+    bwrap.chmod(0o700)
+    monkeypatch.setattr("flowent.sandbox.sandbox_binary", lambda: str(bwrap))
+
+    result = SandboxRunner(cwd=tmp_path).run(["/bin/sh", "-c", "printf ok"])
+
+    assert result.exit_code == 0
+    assert result.stdout == "ok"
+
+
+def test_apply_patch_runs_without_proc_mount_after_preflight_fallback(
+    tmp_path, monkeypatch
+) -> None:
+    bwrap = tmp_path / "bwrap"
+    bwrap.write_text(
+        "#!/bin/sh\n"
+        'for arg in "$@"; do\n'
+        '  if [ "$arg" = --proc ]; then\n'
+        '    echo "bwrap: Can\'t mount proc on /newroot/proc: Operation not permitted" >&2\n'
+        "    exit 1\n"
+        "  fi\n"
+        "done\n"
+        'while [ "$#" -gt 0 ]; do\n'
+        '  if [ "$1" = -- ]; then\n'
+        "    shift\n"
+        '    exec "$@"\n'
+        "  fi\n"
+        "  shift\n"
+        "done\n"
+    )
+    bwrap.chmod(0o700)
+    monkeypatch.setattr("flowent.sandbox.sandbox_binary", lambda: str(bwrap))
+    target = tmp_path / "notes.txt"
+    target.write_text("alpha\n")
+    patch = """*** Begin Patch
+*** Update File: notes.txt
+@@
+-alpha
++beta
+*** End Patch
+"""
+
+    result = run_tool("apply_patch", {"patch": patch}, ToolContext(cwd=tmp_path))
+
+    assert result.ok
+    assert target.read_text() == "beta\n"
+
+
+def test_shell_command_environment_omits_development_variables(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.setenv("NODE_ENV", "production")
+    monkeypatch.setenv("VIRTUAL_ENV", "/tmp/flowent-venv")
+    monkeypatch.setenv("PYTHONPATH", "/tmp/flowent-pythonpath")
+    runner = SandboxRunner(cwd=tmp_path)
+    monkeypatch.setattr(
+        runner,
+        "build_command",
+        lambda command: SandboxCommand(command, seccomp_available=False),
+    )
+
+    result = runner.run(
+        [
+            "/bin/sh",
+            "-c",
+            'printf \'%s|%s|%s\' "${NODE_ENV-unset}" "${VIRTUAL_ENV-unset}" "${PYTHONPATH-unset}"',
+        ]
+    )
+
+    assert result.exit_code == 0
+    assert result.stdout == "unset|unset|unset"
+
+
+def test_shell_command_environment_omits_sensitive_variables(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.setenv("OPENAI_API_KEY", "sk-local")
+    monkeypatch.setenv("SECRET_TOKEN", "secret")
+    monkeypatch.setenv("NPM_TOKEN", "npm")
+    runner = SandboxRunner(cwd=tmp_path)
+    monkeypatch.setattr(
+        runner,
+        "build_command",
+        lambda command: SandboxCommand(command, seccomp_available=False),
+    )
+
+    result = runner.run(
+        [
+            "/bin/sh",
+            "-c",
+            'printf \'%s|%s|%s\' "${OPENAI_API_KEY-unset}" "${SECRET_TOKEN-unset}" "${NPM_TOKEN-unset}"',
+        ]
+    )
+
+    assert result.exit_code == 0
+    assert result.stdout == "unset|unset|unset"
+
+
+def test_shell_command_environment_keeps_core_variables(tmp_path, monkeypatch) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path / "home"))
+    monkeypatch.setenv("PATH", "/usr/local/bin:/usr/bin:/bin")
+    monkeypatch.setenv("SHELL", "/bin/sh")
+    monkeypatch.setenv("USER", "flowent")
+    runner = SandboxRunner(cwd=tmp_path)
+    monkeypatch.setattr(
+        runner,
+        "build_command",
+        lambda command: SandboxCommand(command, seccomp_available=False),
+    )
+
+    result = runner.run(
+        [
+            "/bin/sh",
+            "-c",
+            'printf \'%s|%s|%s|%s\' "$HOME" "$PATH" "$SHELL" "$USER"',
+        ]
+    )
+
+    assert result.exit_code == 0
+    assert (
+        result.stdout
+        == f"{tmp_path / 'home'}|/usr/local/bin:/usr/bin:/bin|/bin/sh|flowent"
+    )
+
+
+def test_shell_command_environment_uses_default_path_when_missing(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.delenv("PATH", raising=False)
+    runner = SandboxRunner(cwd=tmp_path)
+    captured_env: dict[str, str] = {}
+
+    def fake_run(*args, **kwargs):
+        captured_env.update(kwargs["env"])
+        return subprocess.CompletedProcess(
+            args=args[0], returncode=0, stdout="", stderr=""
+        )
+
+    monkeypatch.setattr(
+        runner,
+        "build_command",
+        lambda command: SandboxCommand(command, seccomp_available=False),
+    )
+    monkeypatch.setattr("subprocess.run", fake_run)
+
+    result = runner.run(["/bin/sh", "-c", "true"])
+
+    assert result.exit_code == 0
+    assert (
+        captured_env["PATH"]
+        == "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    )
+
+
+def test_shell_command_environment_accepts_explicit_overrides(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.delenv("FLOWENT_TOOL_VAR", raising=False)
+    runner = SandboxRunner(cwd=tmp_path)
+    monkeypatch.setattr(
+        runner,
+        "build_command",
+        lambda command: SandboxCommand(command, seccomp_available=False),
+    )
+
+    result = runner.run(
+        ["/bin/sh", "-c", "printf '%s' \"$FLOWENT_TOOL_VAR\""],
+        env={"FLOWENT_TOOL_VAR": "explicit"},
+    )
+
+    assert result.exit_code == 0
+    assert result.stdout == "explicit"
+
+
 @pytest.mark.anyio
 async def test_async_shell_command_does_not_block_other_tasks(
     tmp_path, monkeypatch

package/backend/tests/test_mcp.py

@@ -411,7 +411,10 @@ def test_disabled_mcp_server_does_not_connect_or_expose_tools(
     assert response.json()["status"] == "disabled"
 
 
-def test_enabled_mcp_server_connects_and_lists_tools(tmp_path, monkeypatch) -> None:
+@pytest.mark.anyio
+async def test_enabled_mcp_server_save_returns_starting_and_connects_in_background(
+    tmp_path, monkeypatch
+) -> None:
     monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path))
     transport = FakeMcpTransport()
     transport.tools_by_server["mcp-files"] = [
@@ -426,11 +429,20 @@ def test_enabled_mcp_server_connects_and_lists_tools(tmp_path, monkeypatch) -> N
     response = client.put("/api/mcp/servers", json=command_server_payload())
 
     assert response.status_code == 200
-    assert response.json()["status"] == "ready"
-    assert response.json()["tools"][0]["name"] == "read_file"
+    assert response.json()["status"] == "starting"
+    assert response.json()["tools"] == []
+    manager = client.app.state.mcp_manager
+    connected = await wait_for_status(
+        manager,
+        StoredMcpServer.model_validate(response.json()),
+        "ready",
+    )
+    assert connected.status == "ready"
+    assert connected.tools[0].name == "read_file"
 
 
-def test_mcp_connection_error_is_reported_in_state(tmp_path, monkeypatch) -> None:
+@pytest.mark.anyio
+async def test_mcp_connection_error_is_reported_in_state(tmp_path, monkeypatch) -> None:
     monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path))
     transport = FakeMcpTransport()
     transport.errors["mcp-files"] = "Command failed"
@@ -439,11 +451,19 @@ def test_mcp_connection_error_is_reported_in_state(tmp_path, monkeypatch) -> Non
     response = client.put("/api/mcp/servers", json=command_server_payload())
 
     assert response.status_code == 200
-    assert response.json()["status"] == "error"
-    assert response.json()["error"] == "Command failed"
+    assert response.json()["status"] == "starting"
+    manager = client.app.state.mcp_manager
+    errored = await wait_for_status(
+        manager,
+        StoredMcpServer.model_validate(response.json()),
+        "error",
+    )
+    assert errored.status == "error"
+    assert errored.error == "Command failed"
 
 
-def test_mcp_server_can_be_reconnected(tmp_path, monkeypatch) -> None:
+@pytest.mark.anyio
+async def test_mcp_server_can_be_reconnected(tmp_path, monkeypatch) -> None:
     monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path))
     transport = FakeMcpTransport()
     transport.tools_by_server["mcp-files"] = [
@@ -451,6 +471,13 @@ def test_mcp_server_can_be_reconnected(tmp_path, monkeypatch) -> None:
     ]
     client = TestClient(create_app(serve_frontend=False, mcp_transport=transport))
     client.put("/api/mcp/servers", json=command_server_payload())
+
+    connected = await wait_for_status(
+        client.app.state.mcp_manager,
+        StoredMcpServer.model_validate(command_server_payload()),
+        "ready",
+    )
+    assert connected.status == "ready"
     transport.tools_by_server["mcp-files"] = [
         {"inputSchema": {"type": "object"}, "name": "read_file"},
         {"inputSchema": {"type": "object"}, "name": "write_file"},
@@ -552,7 +579,8 @@ def test_mcp_server_delete_removes_saved_server_when_disconnect_fails(
     assert transport.disconnect_calls == ["mcp-files"]
 
 
-def test_ready_mcp_tools_are_included_in_workspace_request(
+@pytest.mark.anyio
+async def test_ready_mcp_tools_are_included_in_workspace_request(
     tmp_path, monkeypatch
 ) -> None:
     monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
@@ -583,6 +611,12 @@ def test_ready_mcp_tools_are_included_in_workspace_request(
     )
     configure_provider(client)
     client.put("/api/mcp/servers", json=command_server_payload())
+    connected = await wait_for_status(
+        client.app.state.mcp_manager,
+        StoredMcpServer.model_validate(command_server_payload()),
+        "ready",
+    )
+    assert connected.status == "ready"
 
     response = client.post("/api/workspace/respond", json={"content": "Read file"})
 
@@ -595,7 +629,8 @@ def test_ready_mcp_tools_are_included_in_workspace_request(
     assert mcp_tool_name("mcp-files", "read_file") in tool_names
 
 
-def test_mcp_tool_call_is_forwarded_and_result_returns_to_agent(
+@pytest.mark.anyio
+async def test_mcp_tool_call_is_forwarded_and_result_returns_to_agent(
     tmp_path, monkeypatch
 ) -> None:
     monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
@@ -632,6 +667,12 @@ def test_mcp_tool_call_is_forwarded_and_result_returns_to_agent(
     )
     configure_provider(client)
     client.put("/api/mcp/servers", json=command_server_payload())
+    connected = await wait_for_status(
+        client.app.state.mcp_manager,
+        StoredMcpServer.model_validate(command_server_payload()),
+        "ready",
+    )
+    assert connected.status == "ready"
 
     response = client.post("/api/workspace/respond", json={"content": "Use MCP"})
 
@@ -651,7 +692,10 @@ def test_mcp_tool_call_is_forwarded_and_result_returns_to_agent(
     assert events[3]["data"]["data"]["tool"] == "read_file"
 
 
-def test_mcp_tool_call_failure_is_reported_in_workspace(tmp_path, monkeypatch) -> None:
+@pytest.mark.anyio
+async def test_mcp_tool_call_failure_is_reported_in_workspace(
+    tmp_path, monkeypatch
+) -> None:
     monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
     captured_requests: list[dict[str, object]] = []
     transport = FakeMcpTransport()
@@ -686,6 +730,12 @@ def test_mcp_tool_call_failure_is_reported_in_workspace(tmp_path, monkeypatch) -
     )
     configure_provider(client)
     client.put("/api/mcp/servers", json=command_server_payload())
+    connected = await wait_for_status(
+        client.app.state.mcp_manager,
+        StoredMcpServer.model_validate(command_server_payload()),
+        "ready",
+    )
+    assert connected.status == "ready"
 
     response = client.post("/api/workspace/respond", json={"content": "Use MCP"})
 
@@ -720,3 +770,19 @@ async def test_mcp_server_reload_reconnects_saved_enabled_servers(
     assert connected.status == "ready"
     assert connected.tools[0].name == "read_file"
     assert transport.connect_calls[0].id == "mcp-files"
+
+
+@pytest.mark.anyio
+async def test_enabled_mcp_server_save_does_not_block_response(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path))
+    transport = FakeMcpTransport()
+    transport.sleep_on_connect.add("mcp-files")
+    client = TestClient(create_app(serve_frontend=False, mcp_transport=transport))
+
+    response = client.put("/api/mcp/servers", json=command_server_payload())
+
+    assert response.status_code == 200
+    assert response.json()["status"] == "starting"
+    assert response.json()["tools"] == []