nemoris 0.1.0

package/src/runtime/token-counter.js

@@ -0,0 +1,134 @@
+import { estimateInvocationTokens } from "./token-estimator.js";
+
+let jsTiktokenModulePromise = null;
+
+function normalizeModelId(modelId) {
+  return String(modelId || "").toLowerCase();
+}
+
+function extractOpenAiTokenizerModel(modelId) {
+  const normalized = normalizeModelId(modelId);
+  const candidates = [
+    "gpt-4.1-mini",
+    "gpt-4.1",
+    "gpt-4o-mini",
+    "gpt-4o",
+    "o3-mini",
+    "o3",
+    "o1-mini",
+    "o1",
+    "gpt-4-turbo",
+    "gpt-4",
+    "gpt-3.5-turbo"
+  ];
+
+  for (const candidate of candidates) {
+    if (normalized.includes(candidate)) {
+      return candidate;
+    }
+  }
+
+  return null;
+}
+
+function renderInvocationText(invocation) {
+  const sections = [];
+  if (invocation?.system) {
+    sections.push(`system\n${invocation.system}`);
+  }
+  for (const message of invocation?.messages || []) {
+    sections.push(`${message.role || "user"}\n${message.content || ""}`);
+  }
+  return sections.join("\n\n");
+}
+
+async function loadJsTiktoken() {
+  if (!jsTiktokenModulePromise) {
+    jsTiktokenModulePromise = import("js-tiktoken").catch(() => null);
+  }
+  return jsTiktokenModulePromise;
+}
+
+function countWithApproximateTokenizer(modelName, invocation) {
+  const rendered = renderInvocationText(invocation);
+  const textTokens = Math.max(1, Math.ceil(rendered.length / 4));
+  const framing = invocation?.messages?.length ? invocation.messages.length * 6 : 0;
+  return {
+    total: textTokens + framing,
+    mode: "model_specific",
+    source: `js-tiktoken:${modelName}`,
+    details: {
+      textTokens,
+      framing,
+      fallback: "approximate_model_specific",
+    }
+  };
+}
+
+async function countWithJsTiktoken(modelName, invocation) {
+  const jsTiktoken = await loadJsTiktoken();
+  if (!jsTiktoken?.encodingForModel) {
+    return countWithApproximateTokenizer(modelName, invocation);
+  }
+  const encoder = jsTiktoken.encodingForModel(modelName);
+  const rendered = renderInvocationText(invocation);
+  const textTokens = encoder.encode(rendered).length;
+  const framing = invocation?.messages?.length ? invocation.messages.length * 6 : 0;
+  return {
+    total: textTokens + framing,
+    mode: "model_specific",
+    source: `js-tiktoken:${modelName}`,
+    details: {
+      textTokens,
+      framing
+    }
+  };
+}
+
+export class TokenCounter {
+  async countInvocation({ providerId, invocation, adapter }) {
+    if (adapter && typeof adapter.countTokens === "function") {
+      try {
+        const total = await adapter.countTokens(invocation);
+        if (Number.isFinite(total) && total > 0) {
+          return {
+            total,
+            mode: "exact",
+            source: `${providerId}:count_tokens`,
+            details: {
+              providerId
+            }
+          };
+        }
+      } catch (error) {
+        const fallback = this.countHeuristic(invocation);
+        return {
+          ...fallback,
+          details: {
+            ...fallback.details,
+            fallbackReason: error.message
+          }
+        };
+      }
+    }
+
+    const tokenizerModel = extractOpenAiTokenizerModel(invocation?.model);
+    if (tokenizerModel) {
+      try {
+        return await countWithJsTiktoken(tokenizerModel, invocation);
+      } catch {}
+    }
+
+    return this.countHeuristic(invocation);
+  }
+
+  countHeuristic(invocation) {
+    const estimate = estimateInvocationTokens(invocation);
+    return {
+      total: estimate.total,
+      mode: "heuristic",
+      source: "multi_strategy_estimator",
+      details: estimate
+    };
+  }
+}

package/src/runtime/token-estimator.js

@@ -0,0 +1,59 @@
+function countMatches(text, pattern) {
+  return (text.match(pattern) || []).length;
+}
+
+export function estimateTextTokens(text) {
+  const raw = String(text || "");
+  if (!raw) {
+    return {
+      total: 0,
+      strategies: {
+        charBased: 0,
+        wordBased: 0,
+        denseText: 0,
+        cjkAware: 0
+      }
+    };
+  }
+
+  const words = raw.trim().split(/\s+/).filter(Boolean).length;
+  const punctuation = countMatches(raw, /[{}[\]():;,.]/g);
+  const operators = countMatches(raw, /[=+\-/*<>|&]/g);
+  const quotes = countMatches(raw, /["'`]/g);
+  const newlines = countMatches(raw, /\n/g);
+  const cjk = countMatches(raw, /[\p{Script=Han}\p{Script=Hiragana}\p{Script=Katakana}\p{Script=Hangul}]/gu);
+  const symbolRatio = raw.length ? (punctuation + operators + quotes) / raw.length : 0;
+
+  const charBased = Math.ceil(raw.length / 4);
+  const wordBased = Math.ceil(words * 1.28 + punctuation * 0.18 + operators * 0.2 + newlines * 0.12);
+  const denseDivisor = symbolRatio >= 0.12 ? 3.1 : 3.5;
+  const denseText = Math.ceil(raw.length / denseDivisor + quotes * 0.08);
+  const cjkAware = cjk ? Math.ceil(cjk * 1.15 + (raw.length - cjk) / 4.4) : 0;
+
+  return {
+    total: Math.max(charBased, wordBased, denseText, cjkAware),
+    strategies: {
+      charBased,
+      wordBased,
+      denseText,
+      cjkAware
+    }
+  };
+}
+
+export function estimateInvocationTokens(invocation) {
+  const system = estimateTextTokens(invocation?.system || "");
+  const messages = (invocation?.messages || []).map((message) => ({
+    role: message.role || "user",
+    ...estimateTextTokens(message.content || "")
+  }));
+  const messageTotal = messages.reduce((sum, message) => sum + message.total, 0);
+  const framing = invocation?.messages?.length ? invocation.messages.length * 6 : 0;
+
+  return {
+    total: system.total + messageTotal + framing,
+    system,
+    messages,
+    framing
+  };
+}

package/src/runtime/tool-loop.js

@@ -0,0 +1,200 @@
+import { ExecApprovalGate } from "./exec-approvals.js";
+
+export function parseToolUseBlocks(response) {
+  if (!response?.content || !Array.isArray(response.content)) return [];
+  return response.content
+    .filter((block) => block.type === "tool_use")
+    .map((block) => ({ id: block.id, name: block.name, input: block.input || {} }));
+}
+
+export function formatToolResults(results) {
+  return [{
+    role: "user",
+    content: results.map((result) => ({
+      type: "tool_result",
+      tool_use_id: result.toolUseId,
+      content: result.output,
+      ...(result.isError ? { is_error: true } : {}),
+    })),
+  }];
+}
+
+export function buildPendingApprovalOutput(results) {
+  if (results.length === 1) {
+    return results[0].output;
+  }
+  return [
+    "Multiple tool calls are waiting for approval before I can continue:",
+    ...results.map((result) => `- ${result.output}`),
+  ].join("\n");
+}
+
+export async function executeToolCalls(toolCalls, registry, policy, agentConfig = null, options = {}) {
+  const allowed = new Set(policy.allowed || []);
+  const blocked = new Set(policy.blocked || []);
+  const approvalGate = options.approvalGate || new ExecApprovalGate({ sendFn: async () => {} });
+
+  const promises = toolCalls.map(async (call) => {
+    if (policy.default === "deny" && !allowed.has(call.name)) {
+      return {
+        toolUseId: call.id,
+        name: call.name,
+        args: call.input,
+        output: `Tool '${call.name}' is not allowed by agent policy.`,
+        isError: true,
+      };
+    }
+    if (blocked.has(call.name)) {
+      return {
+        toolUseId: call.id,
+        name: call.name,
+        args: call.input,
+        output: `Tool '${call.name}' is blocked by agent policy.`,
+        isError: true,
+      };
+    }
+
+    if (approvalGate.requiresApproval(call.name, call.input, agentConfig)) {
+      const approvalRequest = approvalGate.requestApproval({
+        toolName: call.name,
+        toolInput: call.input,
+        jobId: options.jobId || "unknown",
+        agentId: options.agentId || agentConfig?.id || "unknown",
+        skipNotify: options.skipApprovalNotification === true,
+      });
+      const approvalId = approvalRequest?.approvalId || null;
+      void approvalRequest.catch(() => {});
+      return {
+        toolUseId: call.id,
+        name: call.name,
+        args: call.input,
+        output: approvalId
+          ? `Approval required for ${call.name}. Awaiting /exec_approve ${approvalId} or /exec_deny ${approvalId}.`
+          : `Approval required for ${call.name}. Use /exec_approve or /exec_deny.`,
+        isError: false,
+        pendingApproval: true,
+        approvalId,
+      };
+    }
+
+    const result = await registry.executeTool(call.name, call.input);
+    if (result.error) {
+      return {
+        toolUseId: call.id,
+        name: call.name,
+        args: call.input,
+        output: result.error,
+        isError: true,
+      };
+    }
+    return {
+      toolUseId: call.id,
+      name: call.name,
+      args: call.input,
+      output: result.output,
+      isError: false,
+    };
+  });
+
+  return Promise.allSettled(promises).then((settled) =>
+    settled.map((entry) => entry.status === "fulfilled"
+      ? entry.value
+      : {
+          toolUseId: "unknown",
+          name: "unknown",
+          args: {},
+          output: `Internal error: ${entry.reason}`,
+          isError: true,
+        })
+  );
+}
+
+export async function runToolLoop({
+  initialResponse,
+  adapter,
+  invocation,
+  registry,
+  policy,
+  agentConfig = null,
+  approvalGate = null,
+  options = {}
+}) {
+  if (!options.enabled) {
+    return {
+      finalResponse: initialResponse,
+      toolResults: [],
+      iterationCount: 0
+    };
+  }
+
+  let currentResponse = initialResponse;
+  let toolMessages = [];
+  let toolResults = [];
+  let toolCallCount = 0;
+  let iterationCount = 0;
+  const maxToolCalls = options.maxToolCalls || 20;
+  const maxIterations = options.maxIterations || Number.POSITIVE_INFINITY;
+
+  while (true) {
+    const toolCalls = parseToolUseBlocks(currentResponse);
+    if (toolCalls.length === 0) break;
+    if (iterationCount >= maxIterations) break;
+
+    toolCallCount += toolCalls.length;
+    if (toolCallCount > maxToolCalls) break;
+    iterationCount += 1;
+
+    const results = await executeToolCalls(toolCalls, registry, policy, agentConfig, {
+      approvalGate,
+      jobId: options.jobId,
+      agentId: options.agentId,
+      skipApprovalNotification: options.skipApprovalNotification === true,
+    });
+    toolResults = [...toolResults, ...results];
+
+    const pendingApprovals = results.filter((entry) => entry.pendingApproval);
+    if (pendingApprovals.length > 0) {
+      return {
+        finalResponse: currentResponse,
+        toolResults,
+        iterationCount,
+        pendingApprovalResult: {
+          summary: "Tool execution paused pending approval.",
+          output: buildPendingApprovalOutput(pendingApprovals),
+          nextActions: [
+            "Approve or deny the pending exec action from Telegram, then retry the request if needed."
+          ],
+          toolCalls: toolCalls.map((call, index) => ({
+            ...call,
+            output: results[index]?.output,
+            pendingApproval: results[index]?.pendingApproval || false,
+            approvalId: results[index]?.approvalId || null,
+          })),
+          pendingApproval: true,
+          raw: currentResponse,
+        }
+      };
+    }
+
+    const formattedResults = formatToolResults(results);
+    const continuationMessages = [
+      ...invocation.messages,
+      ...toolMessages,
+      { role: "assistant", content: currentResponse.content },
+      ...formattedResults,
+    ];
+    toolMessages = [
+      ...toolMessages,
+      { role: "assistant", content: currentResponse.content },
+      ...formattedResults,
+    ];
+
+    currentResponse = await adapter.invoke({ ...invocation, messages: continuationMessages });
+  }
+
+  return {
+    finalResponse: currentResponse,
+    toolResults,
+    iterationCount
+  };
+}

package/src/runtime/transport-server.js

@@ -0,0 +1,311 @@
+import http from "node:http";
+import path from "node:path";
+import { ensureDir, listFilesRecursive, readJson, writeJson } from "../utils/fs.js";
+import { buildRetentionPolicy, pruneJsonBuckets } from "./retention.js";
+import { TelegramInboundHandler } from "./telegram-inbound.js";
+import { SlackInboundHandler } from "./slack-inbound.js";
+
+function timestampKey() {
+  return new Date().toISOString().replace(/[:.]/g, "-");
+}
+
+function sendJson(response, statusCode, body) {
+  response.writeHead(statusCode, {
+    "content-type": "application/json"
+  });
+  response.end(`${JSON.stringify(body, null, 2)}\n`);
+}
+
+async function readJsonBody(request, { maxBodyBytes = 1024 * 1024, timeoutMs = 5000 } = {}) {
+  const chunks = [];
+  let total = 0;
+  const timeout = new Promise((_, reject) => setTimeout(() => reject(new Error("Request body timed out")), timeoutMs));
+  const reader = (async () => {
+    for await (const chunk of request) {
+      total += chunk.length;
+      if (total > maxBodyBytes) {
+        throw new Error("Request body too large");
+      }
+      chunks.push(chunk);
+    }
+    const raw = Buffer.concat(chunks).toString("utf8");
+    return raw ? JSON.parse(raw) : {};
+  })();
+  return Promise.race([reader, timeout]);
+}
+
+async function readRawBody(request, { maxBodyBytes = 1024 * 1024, timeoutMs = 5000 } = {}) {
+  const chunks = [];
+  let total = 0;
+  const timeout = new Promise((_, reject) => setTimeout(() => reject(new Error("Request body timed out")), timeoutMs));
+  const reader = (async () => {
+    for await (const chunk of request) {
+      total += chunk.length;
+      if (total > maxBodyBytes) {
+        throw new Error("Request body too large");
+      }
+      chunks.push(chunk);
+    }
+    return Buffer.concat(chunks).toString("utf8");
+  })();
+  return Promise.race([reader, timeout]);
+}
+
+export class StandaloneTransportServer {
+  constructor({ stateRoot, authToken = null, retention = {}, maxBodyBytes = 1024 * 1024, requestTimeoutMs = 5000, allowedTargetModes = null, rateLimit = {} } = {}) {
+    this.stateRoot = stateRoot;
+    this.authToken = authToken;
+    this.server = null;
+    this.shuttingDown = false;
+    this.retentionPolicy = buildRetentionPolicy(retention, {
+      ttlDays: 7,
+      maxFilesPerBucket: 1000
+    });
+    this.maxBodyBytes = maxBodyBytes;
+    this.requestTimeoutMs = requestTimeoutMs;
+    this.allowedTargetModes = new Set(allowedTargetModes || ["operator", "same_thread", "peer_agent", "scheduler_log"]);
+    this.rateLimit = {
+      windowMs: Number(rateLimit.windowMs ?? 60_000),
+      maxRequests: Number(rateLimit.maxRequests ?? 120)
+    };
+    this.rateBuckets = new Map();
+  }
+
+  get transportRoot() {
+    return path.join(this.stateRoot, "transport");
+  }
+
+  attachTelegramInbound({
+    stateStore,
+    telegramConfig,
+    availablePeers = [],
+    contextLedger = null,
+    agentNames = {},
+    routerConfig = null,
+    agentConfigs = null,
+  }) {
+    this.telegramHandler = new TelegramInboundHandler({
+      stateStore,
+      telegramConfig,
+      availablePeers,
+      contextLedger,
+      agentNames,
+      routerConfig,
+      agentConfigs,
+    });
+  }
+
+  attachSlackInbound({ stateStore, slackConfig, availablePeers = [] }) {
+    this.slackHandler = new SlackInboundHandler({ stateStore, slackConfig, availablePeers });
+  }
+
+  async handle(request, response) {
+    try {
+      if (this.shuttingDown) {
+        sendJson(response, 503, {
+          ok: false,
+          error: "Server shutting down"
+        });
+        return;
+      }
+
+      if (request.method === "GET" && request.url === "/health") {
+        const recentCount = (await listFilesRecursive(path.join(this.transportRoot, "inbox"))).length;
+        sendJson(response, 200, {
+          ok: true,
+          transport: "standalone_http",
+          recentMessages: recentCount
+        });
+        return;
+      }
+
+      // Telegram webhook — must return 200 synchronously before any processing
+      if (request.method === "POST" && request.url === "/telegram/webhook") {
+        if (!this.telegramHandler) {
+          sendJson(response, 404, { ok: false, error: "Telegram inbound not configured" });
+          return;
+        }
+        // Validate webhook secret if configured
+        const webhookSecret = process.env.NEMORIS_TELEGRAM_WEBHOOK_SECRET;
+        if (webhookSecret) {
+          const provided = request.headers["x-telegram-bot-api-secret-token"] || "";
+          if (provided !== webhookSecret) {
+            sendJson(response, 401, { ok: false, error: "Invalid webhook secret" });
+            return;
+          }
+        }
+        const update = await readJsonBody(request, {
+          maxBodyBytes: this.maxBodyBytes,
+          timeoutMs: this.requestTimeoutMs,
+        });
+        const result = await this.telegramHandler.handleUpdate(update);
+        // Always return 200 to Telegram — regardless of outcome
+        sendJson(response, 200, { ok: true, ...result });
+        return;
+      }
+
+      // Slack Events API
+      if (request.method === "POST" && request.url === "/slack/events") {
+        if (!this.slackHandler) {
+          sendJson(response, 404, { ok: false, error: "Slack inbound not configured" });
+          return;
+        }
+        const rawBody = await readRawBody(request, {
+          maxBodyBytes: this.maxBodyBytes,
+          timeoutMs: this.requestTimeoutMs,
+        });
+
+        if (!this.slackHandler.verifySignature(request.headers, rawBody)) {
+          sendJson(response, 401, { ok: false, error: "Invalid signature" });
+          return;
+        }
+
+        const payload = JSON.parse(rawBody);
+        const result = this.slackHandler.handleEvent(payload);
+
+        // Handle URL verification challenge
+        if (result.action === "challenge") {
+          sendJson(response, 200, { challenge: result.challenge });
+          return;
+        }
+
+        // Slack requires immediate 200 OK
+        sendJson(response, 200, { ok: true });
+        return;
+      }
+
+      // Slack Slash Commands
+      if (request.method === "POST" && request.url === "/slack/slash") {
+        if (!this.slackHandler) {
+          sendJson(response, 404, { ok: false, error: "Slack inbound not configured" });
+          return;
+        }
+        const rawBody = await readRawBody(request, {
+          maxBodyBytes: this.maxBodyBytes,
+          timeoutMs: this.requestTimeoutMs,
+        });
+
+        if (!this.slackHandler.verifySignature(request.headers, rawBody)) {
+          sendJson(response, 401, { ok: false, error: "Invalid signature" });
+          return;
+        }
+
+        const params = new URLSearchParams(rawBody);
+        const payload = Object.fromEntries(params.entries());
+        const reply = this.slackHandler.handleSlashCommand(payload);
+
+        // Slack renders 200 response body as an inline message
+        response.writeHead(200, { "Content-Type": "text/plain" });
+        response.end(reply);
+        return;
+      }
+
+      if (request.method === "POST" && request.url === "/messages") {
+        if (this.authToken) {
+          const header = request.headers.authorization || "";
+          if (header !== `Bearer ${this.authToken}`) {
+            sendJson(response, 401, {
+              ok: false,
+              error: "Unauthorized"
+            });
+            return;
+          }
+        }
+
+        const rateKey = request.socket.remoteAddress || request.headers.authorization || "anonymous";
+        if (!this.allowRequest(rateKey)) {
+          sendJson(response, 429, {
+            ok: false,
+            error: "Rate limit exceeded"
+          });
+          return;
+        }
+
+        const payload = await readJsonBody(request, {
+          maxBodyBytes: this.maxBodyBytes,
+          timeoutMs: this.requestTimeoutMs
+        });
+        const bucket = String(payload.target?.mode || "operator");
+        if (!this.allowedTargetModes.has(bucket)) {
+          sendJson(response, 400, {
+            ok: false,
+            error: "Invalid target mode"
+          });
+          return;
+        }
+        const filePath = path.join(this.transportRoot, "inbox", bucket, `${timestampKey()}.json`);
+        await writeJson(filePath, {
+          receivedAt: new Date().toISOString(),
+          ...payload
+        });
+        await pruneJsonBuckets(path.join(this.transportRoot, "inbox"), this.retentionPolicy);
+        sendJson(response, 202, {
+          ok: true,
+          stored: filePath,
+          bucket
+        });
+        return;
+      }
+
+      sendJson(response, 404, {
+        ok: false,
+        error: "Not found"
+      });
+    } catch (error) {
+      if (String(error.message || "").includes("too large")) {
+        sendJson(response, 413, {
+          ok: false,
+          error: error.message
+        });
+        return;
+      }
+      sendJson(response, 500, {
+        ok: false,
+        error: error.message
+      });
+    }
+  }
+
+  async listen(port = 4318, host = "127.0.0.1") {
+    await ensureDir(this.transportRoot);
+    this.server = http.createServer((request, response) => {
+      this.handle(request, response);
+    });
+
+    return new Promise((resolve, reject) => {
+      this.server.once("error", reject);
+      this.server.listen(port, host, () => {
+        const address = this.server.address();
+        resolve(address);
+      });
+    });
+  }
+
+  async close() {
+    if (!this.server) return;
+    this.shuttingDown = true;
+    await new Promise((resolve, reject) => {
+      this.server.close((error) => (error ? reject(error) : resolve()));
+    });
+    this.server = null;
+  }
+
+  async listInbox(limit = 20) {
+    const files = await listFilesRecursive(path.join(this.transportRoot, "inbox"));
+    const sorted = [...files].sort().reverse().slice(0, limit);
+    return Promise.all(sorted.map((filePath) => readJson(filePath, null)));
+  }
+
+  allowRequest(key) {
+    const now = Date.now();
+    const windowStart = now - this.rateLimit.windowMs;
+    const current = (this.rateBuckets.get(key) || []).filter((timestamp) => timestamp >= windowStart);
+    if (current.length >= this.rateLimit.maxRequests) {
+      this.rateBuckets.set(key, current);
+      return false;
+    }
+    current.push(now);
+    this.rateBuckets.set(key, current);
+    return true;
+  }
+}