nemoris 0.1.0 → 0.1.2

package/src/runtime/transport-server.js

@@ -1,311 +1,311 @@
-import http from "node:http";
-import path from "node:path";
-import { ensureDir, listFilesRecursive, readJson, writeJson } from "../utils/fs.js";
-import { buildRetentionPolicy, pruneJsonBuckets } from "./retention.js";
-import { TelegramInboundHandler } from "./telegram-inbound.js";
-import { SlackInboundHandler } from "./slack-inbound.js";
-
-function timestampKey() {
-  return new Date().toISOString().replace(/[:.]/g, "-");
-}
-
-function sendJson(response, statusCode, body) {
-  response.writeHead(statusCode, {
-    "content-type": "application/json"
-  });
-  response.end(`${JSON.stringify(body, null, 2)}\n`);
-}
-
-async function readJsonBody(request, { maxBodyBytes = 1024 * 1024, timeoutMs = 5000 } = {}) {
-  const chunks = [];
-  let total = 0;
-  const timeout = new Promise((_, reject) => setTimeout(() => reject(new Error("Request body timed out")), timeoutMs));
-  const reader = (async () => {
-    for await (const chunk of request) {
-      total += chunk.length;
-      if (total > maxBodyBytes) {
-        throw new Error("Request body too large");
-      }
-      chunks.push(chunk);
-    }
-    const raw = Buffer.concat(chunks).toString("utf8");
-    return raw ? JSON.parse(raw) : {};
-  })();
-  return Promise.race([reader, timeout]);
-}
-
-async function readRawBody(request, { maxBodyBytes = 1024 * 1024, timeoutMs = 5000 } = {}) {
-  const chunks = [];
-  let total = 0;
-  const timeout = new Promise((_, reject) => setTimeout(() => reject(new Error("Request body timed out")), timeoutMs));
-  const reader = (async () => {
-    for await (const chunk of request) {
-      total += chunk.length;
-      if (total > maxBodyBytes) {
-        throw new Error("Request body too large");
-      }
-      chunks.push(chunk);
-    }
-    return Buffer.concat(chunks).toString("utf8");
-  })();
-  return Promise.race([reader, timeout]);
-}
-
-export class StandaloneTransportServer {
-  constructor({ stateRoot, authToken = null, retention = {}, maxBodyBytes = 1024 * 1024, requestTimeoutMs = 5000, allowedTargetModes = null, rateLimit = {} } = {}) {
-    this.stateRoot = stateRoot;
-    this.authToken = authToken;
-    this.server = null;
-    this.shuttingDown = false;
-    this.retentionPolicy = buildRetentionPolicy(retention, {
-      ttlDays: 7,
-      maxFilesPerBucket: 1000
-    });
-    this.maxBodyBytes = maxBodyBytes;
-    this.requestTimeoutMs = requestTimeoutMs;
-    this.allowedTargetModes = new Set(allowedTargetModes || ["operator", "same_thread", "peer_agent", "scheduler_log"]);
-    this.rateLimit = {
-      windowMs: Number(rateLimit.windowMs ?? 60_000),
-      maxRequests: Number(rateLimit.maxRequests ?? 120)
-    };
-    this.rateBuckets = new Map();
-  }
-
-  get transportRoot() {
-    return path.join(this.stateRoot, "transport");
-  }
-
-  attachTelegramInbound({
-    stateStore,
-    telegramConfig,
-    availablePeers = [],
-    contextLedger = null,
-    agentNames = {},
-    routerConfig = null,
-    agentConfigs = null,
-  }) {
-    this.telegramHandler = new TelegramInboundHandler({
-      stateStore,
-      telegramConfig,
-      availablePeers,
-      contextLedger,
-      agentNames,
-      routerConfig,
-      agentConfigs,
-    });
-  }
-
-  attachSlackInbound({ stateStore, slackConfig, availablePeers = [] }) {
-    this.slackHandler = new SlackInboundHandler({ stateStore, slackConfig, availablePeers });
-  }
-
-  async handle(request, response) {
-    try {
-      if (this.shuttingDown) {
-        sendJson(response, 503, {
-          ok: false,
-          error: "Server shutting down"
-        });
-        return;
-      }
-
-      if (request.method === "GET" && request.url === "/health") {
-        const recentCount = (await listFilesRecursive(path.join(this.transportRoot, "inbox"))).length;
-        sendJson(response, 200, {
-          ok: true,
-          transport: "standalone_http",
-          recentMessages: recentCount
-        });
-        return;
-      }
-
-      // Telegram webhook — must return 200 synchronously before any processing
-      if (request.method === "POST" && request.url === "/telegram/webhook") {
-        if (!this.telegramHandler) {
-          sendJson(response, 404, { ok: false, error: "Telegram inbound not configured" });
-          return;
-        }
-        // Validate webhook secret if configured
-        const webhookSecret = process.env.NEMORIS_TELEGRAM_WEBHOOK_SECRET;
-        if (webhookSecret) {
-          const provided = request.headers["x-telegram-bot-api-secret-token"] || "";
-          if (provided !== webhookSecret) {
-            sendJson(response, 401, { ok: false, error: "Invalid webhook secret" });
-            return;
-          }
-        }
-        const update = await readJsonBody(request, {
-          maxBodyBytes: this.maxBodyBytes,
-          timeoutMs: this.requestTimeoutMs,
-        });
-        const result = await this.telegramHandler.handleUpdate(update);
-        // Always return 200 to Telegram — regardless of outcome
-        sendJson(response, 200, { ok: true, ...result });
-        return;
-      }
-
-      // Slack Events API
-      if (request.method === "POST" && request.url === "/slack/events") {
-        if (!this.slackHandler) {
-          sendJson(response, 404, { ok: false, error: "Slack inbound not configured" });
-          return;
-        }
-        const rawBody = await readRawBody(request, {
-          maxBodyBytes: this.maxBodyBytes,
-          timeoutMs: this.requestTimeoutMs,
-        });
-
-        if (!this.slackHandler.verifySignature(request.headers, rawBody)) {
-          sendJson(response, 401, { ok: false, error: "Invalid signature" });
-          return;
-        }
-
-        const payload = JSON.parse(rawBody);
-        const result = this.slackHandler.handleEvent(payload);
-
-        // Handle URL verification challenge
-        if (result.action === "challenge") {
-          sendJson(response, 200, { challenge: result.challenge });
-          return;
-        }
-
-        // Slack requires immediate 200 OK
-        sendJson(response, 200, { ok: true });
-        return;
-      }
-
-      // Slack Slash Commands
-      if (request.method === "POST" && request.url === "/slack/slash") {
-        if (!this.slackHandler) {
-          sendJson(response, 404, { ok: false, error: "Slack inbound not configured" });
-          return;
-        }
-        const rawBody = await readRawBody(request, {
-          maxBodyBytes: this.maxBodyBytes,
-          timeoutMs: this.requestTimeoutMs,
-        });
-
-        if (!this.slackHandler.verifySignature(request.headers, rawBody)) {
-          sendJson(response, 401, { ok: false, error: "Invalid signature" });
-          return;
-        }
-
-        const params = new URLSearchParams(rawBody);
-        const payload = Object.fromEntries(params.entries());
-        const reply = this.slackHandler.handleSlashCommand(payload);
-
-        // Slack renders 200 response body as an inline message
-        response.writeHead(200, { "Content-Type": "text/plain" });
-        response.end(reply);
-        return;
-      }
-
-      if (request.method === "POST" && request.url === "/messages") {
-        if (this.authToken) {
-          const header = request.headers.authorization || "";
-          if (header !== `Bearer ${this.authToken}`) {
-            sendJson(response, 401, {
-              ok: false,
-              error: "Unauthorized"
-            });
-            return;
-          }
-        }
-
-        const rateKey = request.socket.remoteAddress || request.headers.authorization || "anonymous";
-        if (!this.allowRequest(rateKey)) {
-          sendJson(response, 429, {
-            ok: false,
-            error: "Rate limit exceeded"
-          });
-          return;
-        }
-
-        const payload = await readJsonBody(request, {
-          maxBodyBytes: this.maxBodyBytes,
-          timeoutMs: this.requestTimeoutMs
-        });
-        const bucket = String(payload.target?.mode || "operator");
-        if (!this.allowedTargetModes.has(bucket)) {
-          sendJson(response, 400, {
-            ok: false,
-            error: "Invalid target mode"
-          });
-          return;
-        }
-        const filePath = path.join(this.transportRoot, "inbox", bucket, `${timestampKey()}.json`);
-        await writeJson(filePath, {
-          receivedAt: new Date().toISOString(),
-          ...payload
-        });
-        await pruneJsonBuckets(path.join(this.transportRoot, "inbox"), this.retentionPolicy);
-        sendJson(response, 202, {
-          ok: true,
-          stored: filePath,
-          bucket
-        });
-        return;
-      }
-
-      sendJson(response, 404, {
-        ok: false,
-        error: "Not found"
-      });
-    } catch (error) {
-      if (String(error.message || "").includes("too large")) {
-        sendJson(response, 413, {
-          ok: false,
-          error: error.message
-        });
-        return;
-      }
-      sendJson(response, 500, {
-        ok: false,
-        error: error.message
-      });
-    }
-  }
-
-  async listen(port = 4318, host = "127.0.0.1") {
-    await ensureDir(this.transportRoot);
-    this.server = http.createServer((request, response) => {
-      this.handle(request, response);
-    });
-
-    return new Promise((resolve, reject) => {
-      this.server.once("error", reject);
-      this.server.listen(port, host, () => {
-        const address = this.server.address();
-        resolve(address);
-      });
-    });
-  }
-
-  async close() {
-    if (!this.server) return;
-    this.shuttingDown = true;
-    await new Promise((resolve, reject) => {
-      this.server.close((error) => (error ? reject(error) : resolve()));
-    });
-    this.server = null;
-  }
-
-  async listInbox(limit = 20) {
-    const files = await listFilesRecursive(path.join(this.transportRoot, "inbox"));
-    const sorted = [...files].sort().reverse().slice(0, limit);
-    return Promise.all(sorted.map((filePath) => readJson(filePath, null)));
-  }
-
-  allowRequest(key) {
-    const now = Date.now();
-    const windowStart = now - this.rateLimit.windowMs;
-    const current = (this.rateBuckets.get(key) || []).filter((timestamp) => timestamp >= windowStart);
-    if (current.length >= this.rateLimit.maxRequests) {
-      this.rateBuckets.set(key, current);
-      return false;
-    }
-    current.push(now);
-    this.rateBuckets.set(key, current);
-    return true;
-  }
-}
+import http from "node:http";
+import path from "node:path";
+import { ensureDir, listFilesRecursive, readJson, writeJson } from "../utils/fs.js";
+import { buildRetentionPolicy, pruneJsonBuckets } from "./retention.js";
+import { TelegramInboundHandler } from "./telegram-inbound.js";
+import { SlackInboundHandler } from "./slack-inbound.js";
+
+function timestampKey() {
+  return new Date().toISOString().replace(/[:.]/g, "-");
+}
+
+function sendJson(response, statusCode, body) {
+  response.writeHead(statusCode, {
+    "content-type": "application/json"
+  });
+  response.end(`${JSON.stringify(body, null, 2)}\n`);
+}
+
+async function readJsonBody(request, { maxBodyBytes = 1024 * 1024, timeoutMs = 5000 } = {}) {
+  const chunks = [];
+  let total = 0;
+  const timeout = new Promise((_, reject) => setTimeout(() => reject(new Error("Request body timed out")), timeoutMs));
+  const reader = (async () => {
+    for await (const chunk of request) {
+      total += chunk.length;
+      if (total > maxBodyBytes) {
+        throw new Error("Request body too large");
+      }
+      chunks.push(chunk);
+    }
+    const raw = Buffer.concat(chunks).toString("utf8");
+    return raw ? JSON.parse(raw) : {};
+  })();
+  return Promise.race([reader, timeout]);
+}
+
+async function readRawBody(request, { maxBodyBytes = 1024 * 1024, timeoutMs = 5000 } = {}) {
+  const chunks = [];
+  let total = 0;
+  const timeout = new Promise((_, reject) => setTimeout(() => reject(new Error("Request body timed out")), timeoutMs));
+  const reader = (async () => {
+    for await (const chunk of request) {
+      total += chunk.length;
+      if (total > maxBodyBytes) {
+        throw new Error("Request body too large");
+      }
+      chunks.push(chunk);
+    }
+    return Buffer.concat(chunks).toString("utf8");
+  })();
+  return Promise.race([reader, timeout]);
+}
+
+export class StandaloneTransportServer {
+  constructor({ stateRoot, authToken = null, retention = {}, maxBodyBytes = 1024 * 1024, requestTimeoutMs = 5000, allowedTargetModes = null, rateLimit = {} } = {}) {
+    this.stateRoot = stateRoot;
+    this.authToken = authToken;
+    this.server = null;
+    this.shuttingDown = false;
+    this.retentionPolicy = buildRetentionPolicy(retention, {
+      ttlDays: 7,
+      maxFilesPerBucket: 1000
+    });
+    this.maxBodyBytes = maxBodyBytes;
+    this.requestTimeoutMs = requestTimeoutMs;
+    this.allowedTargetModes = new Set(allowedTargetModes || ["operator", "same_thread", "peer_agent", "scheduler_log"]);
+    this.rateLimit = {
+      windowMs: Number(rateLimit.windowMs ?? 60_000),
+      maxRequests: Number(rateLimit.maxRequests ?? 120)
+    };
+    this.rateBuckets = new Map();
+  }
+
+  get transportRoot() {
+    return path.join(this.stateRoot, "transport");
+  }
+
+  attachTelegramInbound({
+    stateStore,
+    telegramConfig,
+    availablePeers = [],
+    contextLedger = null,
+    agentNames = {},
+    routerConfig = null,
+    agentConfigs = null,
+  }) {
+    this.telegramHandler = new TelegramInboundHandler({
+      stateStore,
+      telegramConfig,
+      availablePeers,
+      contextLedger,
+      agentNames,
+      routerConfig,
+      agentConfigs,
+    });
+  }
+
+  attachSlackInbound({ stateStore, slackConfig, availablePeers = [] }) {
+    this.slackHandler = new SlackInboundHandler({ stateStore, slackConfig, availablePeers });
+  }
+
+  async handle(request, response) {
+    try {
+      if (this.shuttingDown) {
+        sendJson(response, 503, {
+          ok: false,
+          error: "Server shutting down"
+        });
+        return;
+      }
+
+      if (request.method === "GET" && request.url === "/health") {
+        const recentCount = (await listFilesRecursive(path.join(this.transportRoot, "inbox"))).length;
+        sendJson(response, 200, {
+          ok: true,
+          transport: "standalone_http",
+          recentMessages: recentCount
+        });
+        return;
+      }
+
+      // Telegram webhook — must return 200 synchronously before any processing
+      if (request.method === "POST" && request.url === "/telegram/webhook") {
+        if (!this.telegramHandler) {
+          sendJson(response, 404, { ok: false, error: "Telegram inbound not configured" });
+          return;
+        }
+        // Validate webhook secret if configured
+        const webhookSecret = process.env.NEMORIS_TELEGRAM_WEBHOOK_SECRET;
+        if (webhookSecret) {
+          const provided = request.headers["x-telegram-bot-api-secret-token"] || "";
+          if (provided !== webhookSecret) {
+            sendJson(response, 401, { ok: false, error: "Invalid webhook secret" });
+            return;
+          }
+        }
+        const update = await readJsonBody(request, {
+          maxBodyBytes: this.maxBodyBytes,
+          timeoutMs: this.requestTimeoutMs,
+        });
+        const result = await this.telegramHandler.handleUpdate(update);
+        // Always return 200 to Telegram — regardless of outcome
+        sendJson(response, 200, { ok: true, ...result });
+        return;
+      }
+
+      // Slack Events API
+      if (request.method === "POST" && request.url === "/slack/events") {
+        if (!this.slackHandler) {
+          sendJson(response, 404, { ok: false, error: "Slack inbound not configured" });
+          return;
+        }
+        const rawBody = await readRawBody(request, {
+          maxBodyBytes: this.maxBodyBytes,
+          timeoutMs: this.requestTimeoutMs,
+        });
+
+        if (!this.slackHandler.verifySignature(request.headers, rawBody)) {
+          sendJson(response, 401, { ok: false, error: "Invalid signature" });
+          return;
+        }
+
+        const payload = JSON.parse(rawBody);
+        const result = this.slackHandler.handleEvent(payload);
+
+        // Handle URL verification challenge
+        if (result.action === "challenge") {
+          sendJson(response, 200, { challenge: result.challenge });
+          return;
+        }
+
+        // Slack requires immediate 200 OK
+        sendJson(response, 200, { ok: true });
+        return;
+      }
+
+      // Slack Slash Commands
+      if (request.method === "POST" && request.url === "/slack/slash") {
+        if (!this.slackHandler) {
+          sendJson(response, 404, { ok: false, error: "Slack inbound not configured" });
+          return;
+        }
+        const rawBody = await readRawBody(request, {
+          maxBodyBytes: this.maxBodyBytes,
+          timeoutMs: this.requestTimeoutMs,
+        });
+
+        if (!this.slackHandler.verifySignature(request.headers, rawBody)) {
+          sendJson(response, 401, { ok: false, error: "Invalid signature" });
+          return;
+        }
+
+        const params = new URLSearchParams(rawBody);
+        const payload = Object.fromEntries(params.entries());
+        const reply = this.slackHandler.handleSlashCommand(payload);
+
+        // Slack renders 200 response body as an inline message
+        response.writeHead(200, { "Content-Type": "text/plain" });
+        response.end(reply);
+        return;
+      }
+
+      if (request.method === "POST" && request.url === "/messages") {
+        if (this.authToken) {
+          const header = request.headers.authorization || "";
+          if (header !== `Bearer ${this.authToken}`) {
+            sendJson(response, 401, {
+              ok: false,
+              error: "Unauthorized"
+            });
+            return;
+          }
+        }
+
+        const rateKey = request.socket.remoteAddress || request.headers.authorization || "anonymous";
+        if (!this.allowRequest(rateKey)) {
+          sendJson(response, 429, {
+            ok: false,
+            error: "Rate limit exceeded"
+          });
+          return;
+        }
+
+        const payload = await readJsonBody(request, {
+          maxBodyBytes: this.maxBodyBytes,
+          timeoutMs: this.requestTimeoutMs
+        });
+        const bucket = String(payload.target?.mode || "operator");
+        if (!this.allowedTargetModes.has(bucket)) {
+          sendJson(response, 400, {
+            ok: false,
+            error: "Invalid target mode"
+          });
+          return;
+        }
+        const filePath = path.join(this.transportRoot, "inbox", bucket, `${timestampKey()}.json`);
+        await writeJson(filePath, {
+          receivedAt: new Date().toISOString(),
+          ...payload
+        });
+        await pruneJsonBuckets(path.join(this.transportRoot, "inbox"), this.retentionPolicy);
+        sendJson(response, 202, {
+          ok: true,
+          stored: filePath,
+          bucket
+        });
+        return;
+      }
+
+      sendJson(response, 404, {
+        ok: false,
+        error: "Not found"
+      });
+    } catch (error) {
+      if (String(error.message || "").includes("too large")) {
+        sendJson(response, 413, {
+          ok: false,
+          error: error.message
+        });
+        return;
+      }
+      sendJson(response, 500, {
+        ok: false,
+        error: error.message
+      });
+    }
+  }
+
+  async listen(port = 4318, host = "127.0.0.1") {
+    await ensureDir(this.transportRoot);
+    this.server = http.createServer((request, response) => {
+      this.handle(request, response);
+    });
+
+    return new Promise((resolve, reject) => {
+      this.server.once("error", reject);
+      this.server.listen(port, host, () => {
+        const address = this.server.address();
+        resolve(address);
+      });
+    });
+  }
+
+  async close() {
+    if (!this.server) return;
+    this.shuttingDown = true;
+    await new Promise((resolve, reject) => {
+      this.server.close((error) => (error ? reject(error) : resolve()));
+    });
+    this.server = null;
+  }
+
+  async listInbox(limit = 20) {
+    const files = await listFilesRecursive(path.join(this.transportRoot, "inbox"));
+    const sorted = [...files].sort().reverse().slice(0, limit);
+    return Promise.all(sorted.map((filePath) => readJson(filePath, null)));
+  }
+
+  allowRequest(key) {
+    const now = Date.now();
+    const windowStart = now - this.rateLimit.windowMs;
+    const current = (this.rateBuckets.get(key) || []).filter((timestamp) => timestamp >= windowStart);
+    if (current.length >= this.rateLimit.maxRequests) {
+      this.rateBuckets.set(key, current);
+      return false;
+    }
+    current.push(now);
+    this.rateBuckets.set(key, current);
+    return true;
+  }
+}