machinaos 0.0.76 → 0.0.78

package/server/nodes/scraper/crawlee_scraper.py

@@ -15,7 +15,7 @@ from urllib.parse import urljoin
 from pydantic import BaseModel, ConfigDict, Field
 
 from core.logging import get_logger
-from services.plugin import ActionNode, NodeContext, Operation, TaskQueue
+from services.plugin import ActionNode, NodeContext, NodeUserError, Operation, TaskQueue
 
 logger = get_logger(__name__)
 
@@ -296,7 +296,7 @@ class CrawleeScraperNode(ActionNode):
     async def scrape(self, ctx: NodeContext, params: CrawleeScraperParams) -> CrawleeScraperOutput:
         url = (params.url or "").strip()
         if not url:
-            raise RuntimeError("URL is required")
+            raise NodeUserError("URL is required")
 
         crawler_type = params.crawler_type
         mode = params.mode
@@ -326,16 +326,16 @@ class CrawleeScraperNode(ActionNode):
                     max_concurrency, timeout_secs,
                 )
             else:
-                raise RuntimeError(f"Unknown crawler type: {crawler_type}")
+                raise NodeUserError(f"Unknown crawler type: {crawler_type}")
         except ImportError as e:
             msg = str(e).lower()
             if 'playwright' in msg:
-                raise RuntimeError(
+                raise NodeUserError(
                     "Playwright not installed. Run: "
                     "pip install 'crawlee[playwright]' && playwright install chromium",
                 )
             if 'crawlee' in msg:
-                raise RuntimeError(
+                raise NodeUserError(
                     "Crawlee not installed. Run: pip install 'crawlee[beautifulsoup]'",
                 )
             raise

package/server/nodes/search/brave_search.py

@@ -36,6 +36,10 @@ class BraveSearchCredential(ApiKeyCredential):
     key_name = "X-Subscription-Token"
     key_location = "header"
     docs_url = "https://api.search.brave.com/app/keys"
+    # Lightweight probe — minimal query, count=1 just to confirm the
+    # token authenticates against the web-search endpoint.
+    probe_url = "https://api.search.brave.com/res/v1/web/search"
+    probe_params = {"q": "ping", "count": 1}
 
 
 class BraveSearchResult(BaseModel):

package/server/nodes/search/perplexity_search.py

@@ -30,6 +30,15 @@ class PerplexityCredential(ApiKeyCredential):
     key_name = "Authorization"
     key_location = "bearer"
     docs_url = "https://docs.perplexity.ai/guides/getting-started"
+    # Cheapest valid request: minimal completion, max_tokens=1.
+    # Sonar is the always-available default model -- no entitlement gate.
+    probe_url = "https://api.perplexity.ai/chat/completions"
+    probe_method = "POST"
+    probe_json = {
+        "model": "sonar",
+        "messages": [{"role": "user", "content": "ping"}],
+        "max_tokens": 1,
+    }
 
 
 class PerplexityResult(BaseModel):

package/server/nodes/search/serper_search.py

@@ -23,6 +23,9 @@ class SerperCredential(ApiKeyCredential):
     key_name = "X-API-KEY"
     key_location = "header"
     docs_url = "https://serper.dev/api-key"
+    probe_url = "https://google.serper.dev/search"
+    probe_method = "POST"
+    probe_json = {"q": "ping", "num": 1}
 
 
 class SerperSearchResult(BaseModel):

package/server/nodes/skill/simple_memory.py

@@ -68,6 +68,18 @@ class SimpleMemoryParams(BaseModel):
         description="Number of relevant memories to retrieve from long-term storage",
         json_schema_extra={"displayOptions": {"show": {"long_term_enabled": [True]}}},
     )
+    last_session_id: Optional[str] = Field(
+        default=None,
+        title="Last Claude Session ID",
+        description=(
+            "Internal: the session UUID claude returned on the most "
+            "recent successful run. Drives `--resume <UUID>` on the "
+            "next spawn so claude finds and continues its own JSONL "
+            "transcript on disk. Hidden from the UI; clearing the "
+            "memory wipes this too."
+        ),
+        json_schema_extra={"hidden": True},
+    )
 
     model_config = ConfigDict(extra="ignore")
 

package/server/nodes/social/_base.py

@@ -7,7 +7,7 @@ Email, Matrix, Teams).
 
 Imported by :class:`nodes.social.social_receive.SocialReceiveNode` and
 :class:`nodes.social.social_send.SocialSendNode`. Calls into
-``services.whatsapp_service`` for the WhatsApp bridge stay unchanged — moving
+``nodes.whatsapp._service`` for the WhatsApp bridge stay unchanged — moving
 them out is a separate refactor.
 """
 
@@ -475,7 +475,7 @@ async def _send_via_whatsapp(
 
     Maps socialSend parameters to whatsappSend parameters.
     """
-    from services.whatsapp_service import handle_whatsapp_send as whatsapp_send_handler
+    from nodes.whatsapp._service import handle_whatsapp_send as whatsapp_send_handler
 
     # Map socialSend params to whatsappSend format
     whatsapp_params = {

package/server/nodes/stripe/__init__.py

@@ -0,0 +1,46 @@
+"""Plugins for the 'payments' palette group — Stripe.
+
+Self-contained Wave 12 plugin. All boilerplate (lifecycle WS handlers,
+status refresh, signature verification, CLI subprocess) lives in
+``services.events``. This package contributes only the Stripe-specific
+shapes: command builder, secret-capture regex, output reshape, the
+livemode filter, and the credential class.
+"""
+
+from __future__ import annotations
+
+from services.events import make_status_refresh, register_webhook_source
+from services.node_output_schemas import register_output_schema
+from services.status_broadcaster import register_service_refresh
+from services.ws_handler_registry import register_ws_handlers
+
+from ._credentials import StripeCredential
+from ._handlers import WS_HANDLERS
+from ._source import (
+    StripeListenSource,
+    StripeWebhookSource,
+    get_listen_source,
+    get_webhook_source,
+)
+
+from .stripe_action import StripeActionNode, StripeActionOutput
+from .stripe_receive import StripeReceiveNode, StripeReceiveOutput
+
+
+register_ws_handlers(WS_HANDLERS)
+register_webhook_source(get_webhook_source())
+register_service_refresh(make_status_refresh(
+    get_listen_source(), status_key="stripe", broadcast_type="stripe_status",
+))
+register_output_schema("stripeReceive", StripeReceiveOutput)
+register_output_schema("stripeAction", StripeActionOutput)
+
+
+__all__ = [
+    "StripeCredential",
+    "StripeListenSource",
+    "StripeWebhookSource",
+    "WS_HANDLERS",
+    "get_listen_source",
+    "get_webhook_source",
+]

package/server/nodes/stripe/_credentials.py

@@ -0,0 +1,33 @@
+"""Stripe credential — thin marker.
+
+The Stripe CLI manages its own auth state at
+``~/.config/stripe/config.toml`` (populated by ``stripe login`` and
+cleared by ``stripe logout``). MachinaOs doesn't store an API key
+itself — only the captured webhook signing secret rides along as an
+extra field so :class:`StripeWebhookSource` can verify
+``Stripe-Signature`` on incoming events.
+"""
+
+from __future__ import annotations
+
+from typing import Any, Dict
+
+from services.plugin.credential import Credential
+
+
+class StripeCredential(Credential):
+    id = "stripe"
+    display_name = "Stripe"
+    category = "Payments"
+    icon = "asset:stripe"
+    auth = "custom"
+    docs_url = "https://stripe.com/docs/cli"
+
+    @classmethod
+    async def resolve(cls, *, user_id: str = "owner") -> Dict[str, Any]:
+        """Return only the captured webhook signing secret. There is
+        no api_key — auth lives in the Stripe CLI's config file."""
+        from services.plugin.deps import get_auth_service
+
+        secret = await get_auth_service().get_api_key("stripe_webhook_secret")
+        return {"stripe_webhook_secret": secret} if secret else {}

package/server/nodes/stripe/_handlers.py

@@ -0,0 +1,270 @@
+"""Stripe WebSocket handlers.
+
+Login is a thin wrap around the Stripe CLI's two machine-friendly
+flags:
+
+* ``stripe login --non-interactive`` prints
+  ``{browser_url, verification_code, next_step}`` JSON and exits.
+* ``stripe login --complete <next_step>`` polls Stripe until the
+  user authorises in the browser, then writes credentials to
+  ``~/.config/stripe/config.toml`` and exits 0.
+
+The ``stripe_login`` handler runs step 1 synchronously, returns the
+URL and verification code to the frontend (same shape as Twitter /
+Google ``oauth_login`` handlers), then fires step 2 as a background
+task. When step 2 finishes, we kick the broadcaster's stripe-status
+refresh callback so the modal updates reactively.
+
+Every other lifecycle command (connect/disconnect/reconnect/status)
+comes from :func:`services.events.make_lifecycle_handlers`.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import json
+import shlex
+from typing import Any, Dict
+
+from fastapi import WebSocket
+
+from core.logging import get_logger
+from services.events import make_lifecycle_handlers, run_cli_command
+
+from ._install import ensure_stripe_cli, stripe_cli_path
+from ._source import (
+    get_listen_source,
+    is_logged_in,
+    stripe_config_path,
+)
+
+logger = get_logger(__name__)
+
+
+_LOGIN_TIMEOUT_SECONDS = 600
+
+
+async def _resolved_binary() -> str | None:
+    """Resolve the stripe binary path, downloading on first use.
+    Returns None on install failure (caller should surface error)."""
+    try:
+        return str(await ensure_stripe_cli())
+    except Exception as e:
+        logger.warning("[Stripe] CLI install failed: %s", e)
+        return None
+
+
+async def _status_snapshot() -> Dict[str, Any]:
+    """Compose the daemon-status + login-state dict the modal renders."""
+    src = get_listen_source()
+    status = await src.status()
+    status["logged_in"] = is_logged_in()
+    status["connected"] = bool(status.get("running")) and status["logged_in"]
+    return status
+
+
+# --- Catalogue-stored marker -------------------------------------------------
+#
+# The catalogue handler in routers/websocket.py keys its "stored" check off
+# `auth_service.get_oauth_tokens(status_hook)` for any provider with
+# `status_hook` set (the Google / Twitter pattern). The Stripe CLI manages
+# its own auth at ~/.config/stripe/config.toml — there are no real OAuth
+# tokens for us to store. We persist a synthetic marker via the same API
+# Google/Twitter use, so the catalogue's existing logic flips
+# `stored: true` after login without any node-specific code in the
+# catalogue handler.
+
+_MARKER_TOKEN = "cli-managed"
+
+
+async def _mark_logged_in() -> None:
+    from services.plugin.deps import get_auth_service
+    await get_auth_service().store_oauth_tokens(
+        provider="stripe",
+        access_token=_MARKER_TOKEN,
+        refresh_token=_MARKER_TOKEN,
+    )
+
+
+async def _mark_logged_out() -> None:
+    from services.plugin.deps import get_auth_service
+    await get_auth_service().remove_oauth_tokens("stripe")
+
+
+async def _broadcast_credential_event(event_type: str) -> None:
+    """Emit a CloudEvents-shaped credential mutation broadcast.
+
+    Wraps :class:`services.events.envelope.WorkflowEvent` via the canonical
+    helper :func:`StatusBroadcaster.broadcast_credential_event` — same
+    invariant that ``handle_save_api_key`` / ``handle_twitter_logout`` are
+    locked to in ``tests/credentials/test_credential_broadcasts.py``. The
+    frontend listens on ``case 'credential_catalogue_updated'`` (the
+    helper's outer wire-format type) and invalidates the catalogue query.
+    """
+    from services.status_broadcaster import get_status_broadcaster
+    await get_status_broadcaster().broadcast_credential_event(
+        event_type, provider="stripe",
+    )
+
+
+async def handle_stripe_trigger(data: Dict[str, Any], websocket: WebSocket) -> Dict[str, Any]:
+    """Run ``stripe trigger <event>`` for synthetic test events."""
+    event = data.get("event")
+    if not event:
+        return {"success": False, "error": "event required (e.g. 'charge.succeeded')"}
+    binary = await _resolved_binary()
+    if not binary:
+        return {"success": False, "error": "Stripe CLI install failed"}
+    return await run_cli_command(binary=binary, argv=["trigger", event])
+
+
+async def handle_stripe_login(data: Dict[str, Any], websocket: WebSocket) -> Dict[str, Any]:
+    """Step 1 of CLI OAuth: get the browser URL + verification code."""
+    logger.info("[Stripe] login flow: step 1/2 (--non-interactive) starting")
+    binary = await _resolved_binary()
+    if not binary:
+        logger.warning("[Stripe] login failed: CLI binary unavailable")
+        return {
+            "success": False,
+            "error": "Stripe CLI install failed. Manual install: https://stripe.com/docs/stripe-cli#install",
+        }
+    logger.info("[Stripe] using binary: %s", binary)
+    result = await run_cli_command(
+        binary=binary, argv=["login", "--non-interactive"], timeout=10.0,
+    )
+    if not result["success"]:
+        logger.warning(
+            "[Stripe] login step 1 CLI failure: %s | stderr=%r",
+            result.get("error"), (result.get("stderr") or "")[:300],
+        )
+        return result
+    try:
+        info = json.loads(result["stdout"])
+    except json.JSONDecodeError as e:
+        logger.warning("[Stripe] login step 1 unparseable stdout=%r", result["stdout"][:300])
+        return {"success": False, "error": f"unparseable stripe login response: {e}"}
+
+    next_step_raw = info.get("next_step")
+    url = info.get("browser_url") or info.get("url")
+    if not (url and next_step_raw):
+        logger.warning("[Stripe] login response missing url/next_step: keys=%s", list(info.keys()))
+        return {"success": False, "error": "stripe login response missing browser_url / next_step"}
+
+    # ``next_step`` is the LITERAL shell command the user would otherwise
+    # type, e.g.:
+    #     stripe login --complete 'https://dashboard.stripe.com/stripecli/auth/…?secret=…'
+    # Feeding the whole string into ``--complete`` makes the CLI try to
+    # URL-parse it and bail with "first path segment in URL cannot contain
+    # colon". Tokenise it and pass just the auth URL (the last argument)
+    # to ``--complete``.
+    try:
+        complete_url = shlex.split(next_step_raw)[-1]
+    except (ValueError, IndexError):
+        complete_url = next_step_raw
+    if not complete_url.startswith("http"):
+        logger.warning(
+            "[Stripe] could not extract auth URL from next_step=%r — falling back to raw value",
+            next_step_raw,
+        )
+        complete_url = next_step_raw
+
+    logger.info(
+        "[Stripe] login step 1 ok: code=%s, browser_url issued — opening on frontend; "
+        "spawning step 2 (--complete) in background (timeout=%ss)",
+        info.get("verification_code"), _LOGIN_TIMEOUT_SECONDS,
+    )
+    asyncio.create_task(_complete_login(binary, complete_url))
+    return {
+        "success": True,
+        "url": url,
+        "verification_code": info.get("verification_code"),
+    }
+
+
+async def _complete_login(binary: str, next_step: str) -> None:
+    """Step 2: block on ``stripe login --complete`` until the user
+    authorises (or the 10-min timeout fires). On success, write the
+    same kind of marker the Google / Twitter callbacks write so the
+    catalogue's stored-check flips, then auto-start the listen
+    daemon and trigger the generic catalogue refresh on the frontend."""
+    logger.info("[Stripe] login step 2/2 polling for browser confirmation")
+    try:
+        result = await run_cli_command(
+            binary=binary, argv=["login", "--complete", next_step],
+            timeout=_LOGIN_TIMEOUT_SECONDS,
+        )
+    except Exception as e:
+        # ``asyncio.create_task`` swallows exceptions silently — log them.
+        # Nothing was persisted, so no broadcast: catalogue state is unchanged.
+        logger.exception("[Stripe] login step 2 raised unexpectedly: %s", e)
+        return
+
+    if not result.get("success"):
+        logger.warning(
+            "[Stripe] login step 2 CLI failure: %s | stderr=%r",
+            result.get("error"), (result.get("stderr") or "")[:300],
+        )
+
+    if not is_logged_in():
+        logger.warning(
+            "[Stripe] step 2 finished but ``is_logged_in()`` is False — config file %s missing/empty; "
+            "user likely closed the browser before authorising",
+            stripe_config_path(),
+        )
+        return
+
+    logger.info(
+        "[Stripe] auth successful — credentials written to %s; persisting catalogue marker + starting listen daemon",
+        stripe_config_path(),
+    )
+    await _mark_logged_in()
+    logger.info("[Stripe] catalogue marker token persisted (auth_service.store_oauth_tokens)")
+    start_result = await get_listen_source().start()
+    if start_result.get("success"):
+        logger.info("[Stripe] listen daemon started (pid=%s)", start_result.get("status", {}).get("pid"))
+    else:
+        logger.warning("[Stripe] listen daemon failed to start: %s", start_result.get("error"))
+    await _broadcast_credential_event("credential.oauth.connected")
+
+
+async def handle_stripe_logout(data: Dict[str, Any], websocket: WebSocket) -> Dict[str, Any]:
+    """Stop the daemon (if running) and run ``stripe logout --all`` to
+    clear ``~/.config/stripe/config.toml``. Mirror the Google/Twitter
+    logout shape: drop the catalogue marker token + broadcast the
+    generic catalogue invalidation so the modal flips immediately."""
+    logger.info("[Stripe] logout starting: stopping daemon + running 'stripe logout --all'")
+    await get_listen_source().stop()
+    cached = stripe_cli_path()
+    if cached is None:
+        cfg = stripe_config_path()
+        if cfg.exists():
+            cfg.unlink(missing_ok=True)
+        result: Dict[str, Any] = {"success": True, "message": "Logged out (CLI not yet installed; cleared config file)"}
+        logger.info("[Stripe] logout fallback: CLI not installed; deleted %s", cfg)
+    else:
+        result = await run_cli_command(binary=str(cached), argv=["logout", "--all"], timeout=10.0)
+        logger.info(
+            "[Stripe] logout CLI result: success=%s err=%s",
+            result.get("success"), result.get("error"),
+        )
+    await _mark_logged_out()
+    await _broadcast_credential_event("credential.oauth.disconnected")
+    logger.info("[Stripe] logout complete: marker token removed + catalogue broadcast sent")
+    return result
+
+
+async def handle_stripe_status(data: Dict[str, Any], websocket: WebSocket) -> Dict[str, Any]:
+    """Augments the stock daemon-status with login-state."""
+    return {"success": True, "status": await _status_snapshot()}
+
+
+WS_HANDLERS = make_lifecycle_handlers(
+    prefix="stripe",
+    source=get_listen_source(),
+    extra={
+        "stripe_login": handle_stripe_login,
+        "stripe_logout": handle_stripe_logout,
+        "stripe_trigger": handle_stripe_trigger,
+    },
+)
+WS_HANDLERS["stripe_status"] = handle_stripe_status

package/server/nodes/stripe/_install.py

@@ -0,0 +1,127 @@
+"""Stripe CLI auto-installer.
+
+On first use, downloads the official Stripe CLI binary from GitHub
+releases (https://github.com/stripe/stripe-cli/releases) and caches
+it under the workspace dir at ``_stripe/bin/stripe[.exe]``. A system
+install on PATH (brew / scoop / apt / direct binary) is preferred —
+the download path only fires when no system binary is found.
+
+Pin a version here when bumping; pre-built archives are signed by
+Stripe and served over GitHub's CDN.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import io
+import platform
+import shutil
+import stat
+import tarfile
+import zipfile
+from pathlib import Path
+from typing import Optional, Tuple
+
+import httpx
+
+from core.logging import get_logger
+
+logger = get_logger(__name__)
+
+
+_VERSION = "1.40.9"
+_RELEASE_BASE = f"https://github.com/stripe/stripe-cli/releases/download/v{_VERSION}"
+
+# (system, machine) → (asset filename, archive type, member name to extract)
+_ASSETS: dict[Tuple[str, str], Tuple[str, str, str]] = {
+    ("Windows", "AMD64"):  (f"stripe_{_VERSION}_windows_x86_64.zip", "zip", "stripe.exe"),
+    ("Linux",   "x86_64"): (f"stripe_{_VERSION}_linux_x86_64.tar.gz", "tar", "stripe"),
+    ("Linux",   "aarch64"): (f"stripe_{_VERSION}_linux_arm64.tar.gz", "tar", "stripe"),
+    ("Linux",   "arm64"):  (f"stripe_{_VERSION}_linux_arm64.tar.gz", "tar", "stripe"),
+    ("Darwin",  "x86_64"): (f"stripe_{_VERSION}_mac-os_x86_64.tar.gz", "tar", "stripe"),
+    ("Darwin",  "arm64"):  (f"stripe_{_VERSION}_mac-os_arm64.tar.gz", "tar", "stripe"),
+}
+
+
+_cached_path: Optional[Path] = None
+_install_lock = asyncio.Lock()
+
+
+def _bin_dir() -> Path:
+    from core.config import Settings
+    p = Path(Settings().workspace_base_resolved).resolve() / "_stripe" / "bin"
+    p.mkdir(parents=True, exist_ok=True)
+    return p
+
+
+def stripe_cli_path() -> Optional[Path]:
+    """Sync getter for the resolved binary path. Returns ``None`` if
+    :func:`ensure_stripe_cli` hasn't run yet (or never resolved)."""
+    return _cached_path
+
+
+async def ensure_stripe_cli() -> Path:
+    """Return absolute path to the stripe binary, downloading it if
+    necessary. Idempotent + concurrent-safe.
+
+    Resolution order:
+      1. Cached path from a prior call (in-process).
+      2. ``shutil.which("stripe")`` — system install on PATH.
+      3. Workspace-local copy at ``_stripe/bin/stripe[.exe]``.
+      4. Fresh download from GitHub releases under
+         :data:`_VERSION`.
+    """
+    global _cached_path
+    if _cached_path and _cached_path.exists():
+        return _cached_path
+
+    sys_path = shutil.which("stripe")
+    if sys_path:
+        _cached_path = Path(sys_path)
+        logger.info("[Stripe] using system CLI at %s", _cached_path)
+        return _cached_path
+
+    binary_name = "stripe.exe" if platform.system() == "Windows" else "stripe"
+    target = _bin_dir() / binary_name
+
+    async with _install_lock:
+        if _cached_path and _cached_path.exists():
+            return _cached_path
+        if target.exists():
+            _cached_path = target
+            return target
+        await _download_release(target)
+        _cached_path = target
+        return target
+
+
+async def _download_release(target: Path) -> None:
+    key = (platform.system(), platform.machine())
+    asset = _ASSETS.get(key)
+    if asset is None:
+        raise RuntimeError(
+            f"No prebuilt Stripe CLI for {key}. Install manually from "
+            "https://stripe.com/docs/stripe-cli#install"
+        )
+    asset_name, kind, member = asset
+    url = f"{_RELEASE_BASE}/{asset_name}"
+    logger.info("[Stripe] downloading CLI v%s from %s", _VERSION, url)
+
+    async with httpx.AsyncClient(follow_redirects=True, timeout=120) as client:
+        resp = await client.get(url)
+        resp.raise_for_status()
+        archive = resp.content
+
+    if kind == "zip":
+        with zipfile.ZipFile(io.BytesIO(archive)) as z:
+            target.write_bytes(z.read(member))
+    else:
+        with tarfile.open(fileobj=io.BytesIO(archive), mode="r:gz") as t:
+            f = t.extractfile(member)
+            if f is None:
+                raise RuntimeError(f"Member {member!r} missing from {asset_name}")
+            target.write_bytes(f.read())
+
+    if platform.system() != "Windows":
+        target.chmod(target.stat().st_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
+    logger.info("[Stripe] CLI installed to %s", target)