open-agents-ai 0.185.74 → 0.185.76

package/dist/index.js

@@ -65550,6 +65550,9 @@ body {
   <div id="agent-events" style="font-size:0.78rem;line-height:1.5"></div>
 </div>
 <div id="jobs-panel" style="display:none;flex:1;overflow-y:auto;padding:12px 16px">
+  <div id="dashboard-health" style="display:flex;gap:12px;margin-bottom:16px;flex-wrap:wrap"></div>
+  <div id="dashboard-usage" style="margin-bottom:16px"></div>
+  <h3 style="color:#b2920a;font-size:0.7rem;margin-bottom:8px">Job History</h3>
   <div id="jobs-list" style="font-size:0.78rem"></div>
 </div>
 
@@ -65873,7 +65876,40 @@ async function abortAgentTask() {
   try { await fetch('/v1/runs/' + currentRunId, { method: 'DELETE', headers: headers() }); } catch {}
 }
 
+async function loadDashboard() {
+  // Health card
+  try {
+    const r = await fetch('/health', { headers: headers() });
+    const d = await r.json();
+    document.getElementById('dashboard-health').innerHTML =
+      '<div style="background:#1e1e22;border:1px solid #2a2a30;border-radius:3px;padding:8px 12px;flex:1;min-width:120px">' +
+      '<div style="color:#555;font-size:0.6rem">STATUS</div>' +
+      '<div style="color:#4ec94e;font-size:0.8rem">' + d.status + '</div></div>' +
+      '<div style="background:#1e1e22;border:1px solid #2a2a30;border-radius:3px;padding:8px 12px;flex:1;min-width:120px">' +
+      '<div style="color:#555;font-size:0.6rem">UPTIME</div>' +
+      '<div style="color:#b2920a;font-size:0.8rem">' + Math.floor(d.uptime_s/60) + 'm</div></div>' +
+      '<div style="background:#1e1e22;border:1px solid #2a2a30;border-radius:3px;padding:8px 12px;flex:1;min-width:120px">' +
+      '<div style="color:#555;font-size:0.6rem">VERSION</div>' +
+      '<div style="color:#b0b0b0;font-size:0.8rem">' + d.version + '</div></div>';
+  } catch {}
+  // Usage
+  try {
+    const r = await fetch('/v1/usage', { headers: headers() });
+    const d = await r.json();
+    document.getElementById('dashboard-usage').innerHTML =
+      '<div style="display:flex;gap:12px;flex-wrap:wrap">' +
+      '<div style="background:#1e1e22;border:1px solid #2a2a30;border-radius:3px;padding:8px 12px;flex:1">' +
+      '<div style="color:#555;font-size:0.6rem">TOKENS IN</div>' +
+      '<div style="color:#b2920a;font-size:0.8rem">' + (d.totalTokensIn || 0).toLocaleString() + '</div></div>' +
+      '<div style="background:#1e1e22;border:1px solid #2a2a30;border-radius:3px;padding:8px 12px;flex:1">' +
+      '<div style="color:#555;font-size:0.6rem">TOKENS OUT</div>' +
+      '<div style="color:#b2920a;font-size:0.8rem">' + (d.totalTokensOut || 0).toLocaleString() + '</div></div>' +
+      '</div>';
+  } catch {}
+}
+
 async function loadJobs() {
+  loadDashboard();
   const list = document.getElementById('jobs-list');
   try {
     const r = await fetch('/v1/runs', { headers: headers() });
@@ -65941,6 +65977,98 @@ var init_logger = __esm({
   }
 });
 
+// packages/cli/dist/api/openapi.js
+function getOpenApiSpec() {
+  return {
+    openapi: "3.0.3",
+    info: {
+      title: "Open Agents REST API",
+      description: "AI coding agent powered by open-weight models. Enterprise REST API for agentic task execution, OpenAI-compatible inference, and system management.",
+      version: "0.185.75",
+      license: { name: "CC-BY-NC-4.0", url: "https://creativecommons.org/licenses/by-nc/4.0/" }
+    },
+    servers: [{ url: "http://localhost:11435", description: "Local development" }],
+    security: [{ BearerAuth: [] }],
+    components: {
+      securitySchemes: {
+        BearerAuth: { type: "http", scheme: "bearer", description: "API key with scope (read/run/admin)" }
+      }
+    },
+    paths: {
+      "/health": { get: { summary: "Liveness probe", tags: ["Health"], security: [], responses: { 200: { description: "Server is alive" } } } },
+      "/health/ready": { get: { summary: "Readiness probe (checks backend)", tags: ["Health"], security: [], responses: { 200: { description: "Backend reachable" }, 503: { description: "Backend unreachable" } } } },
+      "/health/startup": { get: { summary: "Startup complete", tags: ["Health"], security: [], responses: { 200: { description: "Started" } } } },
+      "/version": { get: { summary: "Version info", tags: ["Health"], security: [], responses: { 200: { description: "Version, node, platform" } } } },
+      "/metrics": { get: { summary: "Prometheus metrics", tags: ["Health"], security: [], responses: { 200: { description: "Prometheus text format" } } } },
+      "/v1/models": { get: { summary: "List available models", tags: ["Inference"], security: [{ BearerAuth: [] }], responses: { 200: { description: "OpenAI-format model list" } } } },
+      "/v1/chat/completions": { post: { summary: "Chat completion (OpenAI-compatible)", tags: ["Inference"], security: [{ BearerAuth: [] }], requestBody: { required: true, content: { "application/json": { schema: { type: "object", required: ["model", "messages"], properties: { model: { type: "string" }, messages: { type: "array" }, stream: { type: "boolean" }, max_tokens: { type: "integer" }, temperature: { type: "number" } } } } } }, responses: { 200: { description: "Chat response" } } } },
+      "/v1/embeddings": { post: { summary: "Generate embeddings", tags: ["Inference"], responses: { 200: { description: "Embedding vectors" } } } },
+      "/v1/run": { post: { summary: "Submit agentic task", tags: ["Agentic"], requestBody: { required: true, content: { "application/json": { schema: { type: "object", required: ["task"], properties: { task: { type: "string" }, model: { type: "string" }, stream: { type: "boolean" }, profile: { type: "string" }, working_directory: { type: "string" }, isolate: { type: "boolean" } } } } } }, responses: { 202: { description: "Task accepted" } } } },
+      "/v1/runs": { get: { summary: "List all runs", tags: ["Agentic"], parameters: [{ name: "limit", in: "query", schema: { type: "integer" } }, { name: "offset", in: "query", schema: { type: "integer" } }, { name: "status", in: "query", schema: { type: "string" } }], responses: { 200: { description: "Run list with pagination" } } } },
+      "/v1/runs/{id}": { get: { summary: "Get run status", tags: ["Agentic"], parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }], responses: { 200: { description: "Run details" }, 404: { description: "Not found" } } }, delete: { summary: "Abort run", tags: ["Agentic"], responses: { 200: { description: "Aborted" } } } },
+      "/v1/config": { get: { summary: "Get configuration", tags: ["Config"], responses: { 200: { description: "Current config" } } }, patch: { summary: "Update configuration", tags: ["Config"], responses: { 200: { description: "Updated" } } } },
+      "/v1/config/model": { get: { summary: "Current model", tags: ["Config"], responses: { 200: { description: "Model name" } } }, put: { summary: "Switch model", tags: ["Config"], responses: { 200: { description: "Switched" } } } },
+      "/v1/config/endpoint": { get: { summary: "Current endpoint", tags: ["Config"], responses: { 200: { description: "Endpoint URL" } } }, put: { summary: "Switch endpoint", tags: ["Config"], responses: { 200: { description: "Switched" } } } },
+      "/v1/usage": { get: { summary: "Token usage and rate limits", tags: ["Metering"], responses: { 200: { description: "Usage stats" } } } },
+      "/v1/audit": { get: { summary: "Query audit log", tags: ["Audit"], parameters: [{ name: "since", in: "query", schema: { type: "string" } }, { name: "user", in: "query", schema: { type: "string" } }, { name: "limit", in: "query", schema: { type: "integer" } }], responses: { 200: { description: "Audit records" } } } },
+      "/v1/commands": { get: { summary: "List slash commands", tags: ["Commands"], responses: { 200: { description: "Command list" } } } },
+      "/v1/commands/{cmd}": { post: { summary: "Execute slash command", tags: ["Commands"], responses: { 200: { description: "Command output" } } } },
+      "/v1/profiles": { get: { summary: "List tool profiles", tags: ["Profiles"], responses: { 200: { description: "Profile list" } } }, post: { summary: "Create profile", tags: ["Profiles"], responses: { 201: { description: "Created" } } } },
+      "/v1/profiles/{name}": { get: { summary: "Get profile", tags: ["Profiles"], responses: { 200: { description: "Profile details" } } }, delete: { summary: "Delete profile", tags: ["Profiles"], responses: { 200: { description: "Deleted" } } } }
+    }
+  };
+}
+function getSwaggerUI() {
+  return `<!DOCTYPE html><html><head><title>OA API Docs</title>
+<style>body{font-family:'SF Mono',monospace;background:#1a1a1e;color:#b0b0b0;margin:0;padding:20px}
+h1{color:#b2920a;font-size:1.2rem}h2{color:#b2920a;font-size:0.9rem;margin-top:20px}
+.endpoint{background:#1e1e22;border:1px solid #2a2a30;border-radius:3px;padding:10px;margin:8px 0}
+.method{font-weight:bold;padding:2px 8px;border-radius:2px;font-size:0.75rem}
+.get{color:#4ec94e}.post{color:#b2920a}.put{color:#4e94c9}.patch{color:#c9944e}.delete{color:#c94e4e}
+.path{color:#b0b0b0;margin-left:8px}.summary{color:#888;font-size:0.75rem;margin-left:12px}
+.tag{margin-top:16px;border-bottom:1px solid #2a2a30;padding-bottom:4px}
+a{color:#b2920a}
+</style></head><body>
+<h1>Open Agents API</h1>
+<p>Interactive docs. For full spec: <a href="/openapi.json">/openapi.json</a></p>
+<div id="docs"></div>
+<script>
+fetch('/openapi.json').then(r=>r.json()).then(spec=>{
+  const docs=document.getElementById('docs');
+  const tags={};
+  for(const[path,methods]of Object.entries(spec.paths)){
+    for(const[method,op]of Object.entries(methods)){
+      const tag=(op.tags||['Other'])[0];
+      if(!tags[tag])tags[tag]=[];
+      tags[tag].push({method,path,summary:op.summary||''});
+    }
+  }
+  for(const[tag,endpoints]of Object.entries(tags)){
+    docs.innerHTML+='<div class="tag"><h2>'+tag+'</h2></div>';
+    for(const ep of endpoints){
+      docs.innerHTML+='<div class="endpoint"><span class="method '+ep.method+'">'+ep.method.toUpperCase()+'</span><span class="path">'+ep.path+'</span><span class="summary">'+ep.summary+'</span></div>';
+    }
+  }
+});
+</script></body></html>`;
+}
+var init_openapi = __esm({
+  "packages/cli/dist/api/openapi.js"() {
+    "use strict";
+  }
+});
+
+// packages/cli/dist/api/auth-oidc.js
+var OIDC_ISSUER, OIDC_AUDIENCE, OIDC_SCOPE_CLAIM;
+var init_auth_oidc = __esm({
+  "packages/cli/dist/api/auth-oidc.js"() {
+    "use strict";
+    OIDC_ISSUER = process.env["OA_OIDC_ISSUER"] || "";
+    OIDC_AUDIENCE = process.env["OA_OIDC_AUDIENCE"] || "";
+    OIDC_SCOPE_CLAIM = process.env["OA_OIDC_SCOPE_CLAIM"] || "scope";
+  }
+});
+
 // packages/cli/dist/api/profiles.js
 import { existsSync as existsSync53, readFileSync as readFileSync42, writeFileSync as writeFileSync25, mkdirSync as mkdirSync27, readdirSync as readdirSync20, unlinkSync as unlinkSync12 } from "node:fs";
 import { join as join70 } from "node:path";
@@ -66462,6 +66590,39 @@ function listJobs() {
   }
   return jobs;
 }
+function getKeyUsage(user) {
+  if (!perKeyUsage.has(user)) {
+    perKeyUsage.set(user, { requestTimestamps: [], tokensToday: 0, tokenDate: (/* @__PURE__ */ new Date()).toISOString().slice(0, 10), activeJobs: 0 });
+  }
+  const u = perKeyUsage.get(user);
+  const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+  if (u.tokenDate !== today) {
+    u.tokensToday = 0;
+    u.tokenDate = today;
+  }
+  return u;
+}
+function checkKeyRateLimit(auth) {
+  if (!auth.user || !auth.rpm)
+    return null;
+  const usage = getKeyUsage(auth.user);
+  const now = Date.now();
+  usage.requestTimestamps = usage.requestTimestamps.filter((t) => now - t < 6e4);
+  if (auth.rpm && usage.requestTimestamps.length >= auth.rpm) {
+    return `Rate limit exceeded for ${auth.user}: ${auth.rpm} RPM`;
+  }
+  if (auth.tpd && usage.tokensToday >= auth.tpd) {
+    return `Daily token limit exceeded for ${auth.user}: ${usage.tokensToday}/${auth.tpd}`;
+  }
+  return null;
+}
+function recordKeyUsage(user, tokens) {
+  if (!user)
+    return;
+  const usage = getKeyUsage(user);
+  usage.requestTimestamps.push(Date.now());
+  usage.tokensToday += tokens;
+}
 function resolveAuth(req) {
   const authHeader = req.headers["authorization"];
   const token = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
@@ -66470,9 +66631,17 @@ function resolveAuth(req) {
     if (!token)
       return { authenticated: false, scope: "read" };
     for (const entry of multiKeys.split(",")) {
-      const [key, scope, user] = entry.trim().split(":");
+      const parts = entry.trim().split(":");
+      const [key, scope, user, rpmStr, tpdStr, maxJobsStr] = parts;
       if (key === token) {
-        return { authenticated: true, scope: scope || "admin", user: user || void 0 };
+        return {
+          authenticated: true,
+          scope: scope || "admin",
+          user: user || void 0,
+          rpm: rpmStr ? parseInt(rpmStr, 10) : void 0,
+          tpd: tpdStr ? parseInt(tpdStr, 10) : void 0,
+          maxJobs: maxJobsStr ? parseInt(maxJobsStr, 10) : void 0
+        };
       }
     }
     return { authenticated: false, scope: "read" };
@@ -66835,6 +67004,20 @@ async function handleV1Run(req, res) {
     jsonResponse(res, 400, { error: "Missing required field: task" });
     return;
   }
+  if (task.length > 5e4) {
+    jsonResponse(res, 400, { error: "Task too long", message: "Max 50,000 characters", length: task.length });
+    return;
+  }
+  const sandbox = requestBody["sandbox"] || process.env["OA_DEFAULT_SANDBOX"] || "none";
+  if (sandbox === "container") {
+    try {
+      const { execSync: es } = __require("node:child_process");
+      es("docker --version", { stdio: "pipe", timeout: 5e3 });
+    } catch {
+      jsonResponse(res, 400, { error: "Container sandbox unavailable", message: "Docker not found. Install Docker or use sandbox:'none'." });
+      return;
+    }
+  }
   const id = `job-${randomBytes16(3).toString("hex")}`;
   const dir = jobsDir();
   const workingDir = requestBody["working_directory"] || req.headers["x-working-directory"];
@@ -66982,9 +67165,17 @@ async function handleV1Run(req, res) {
     jsonResponse(res, 202, { run_id: id, status: "running", pid: job.pid });
   }
 }
-function handleV1Runs(res) {
-  const jobs = listJobs();
-  jsonResponse(res, 200, { runs: jobs });
+function handleV1Runs(res, url) {
+  let jobs = listJobs();
+  const statusFilter = url?.searchParams.get("status");
+  if (statusFilter)
+    jobs = jobs.filter((j) => j.status === statusFilter);
+  jobs.sort((a, b) => new Date(b.startedAt ?? 0).getTime() - new Date(a.startedAt ?? 0).getTime());
+  const limit = parseInt(url?.searchParams.get("limit") ?? "50", 10);
+  const offset = parseInt(url?.searchParams.get("offset") ?? "0", 10);
+  const total = jobs.length;
+  jobs = jobs.slice(offset, offset + limit);
+  jsonResponse(res, 200, { runs: jobs, total, limit, offset });
 }
 function handleV1RunsById(res, id) {
   const job = loadJob(id);
@@ -67193,6 +67384,15 @@ async function handleRequest(req, res, ollamaUrl, verbose) {
       handleMetrics(res);
       return;
     }
+    if (pathname === "/openapi.json" && method === "GET") {
+      jsonResponse(res, 200, getOpenApiSpec());
+      return;
+    }
+    if (pathname === "/docs" && method === "GET") {
+      res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(getSwaggerUI());
+      return;
+    }
     if (pathname === "/" && method === "GET" && req.headers.accept?.includes("text/html")) {
       res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
       res.end(getWebUI());
@@ -67208,6 +67408,23 @@ async function handleRequest(req, res, ollamaUrl, verbose) {
         status = 401;
         return;
       }
+      const auth = resolveAuth(req);
+      const rateLimitMsg = checkKeyRateLimit(auth);
+      if (rateLimitMsg) {
+        status = 429;
+        jsonResponse(res, 429, { error: "Too Many Requests", message: rateLimitMsg });
+        return;
+      }
+      if (auth.user)
+        recordKeyUsage(auth.user, 0);
+    }
+    if ((method === "POST" || method === "PUT" || method === "PATCH") && req.headers["content-length"]) {
+      const bodySize = parseInt(req.headers["content-length"], 10);
+      if (bodySize > 1048576) {
+        status = 413;
+        jsonResponse(res, 413, { error: "Payload Too Large", message: "Request body exceeds 1MB limit" });
+        return;
+      }
     }
     if (pathname === "/v1/models" && method === "GET") {
       await handleV1Models(res, ollamaUrl);
@@ -67226,7 +67443,7 @@ async function handleRequest(req, res, ollamaUrl, verbose) {
       return;
     }
     if (pathname === "/v1/runs" && method === "GET") {
-      handleV1Runs(res);
+      handleV1Runs(res, urlObj);
       return;
     }
     const runsMatch = pathname.match(/^\/v1\/runs\/([a-zA-Z0-9_-]+)$/);
@@ -67425,6 +67642,30 @@ function startApiServer(options = {}) {
   const ollamaUrl = options.ollamaUrl ?? config.backendUrl;
   const cwd4 = process.cwd();
   initAuditLog(join71(cwd4, ".oa"));
+  const retentionDays = parseInt(process.env["OA_JOB_RETENTION_DAYS"] ?? "30", 10);
+  if (retentionDays > 0) {
+    try {
+      const jobsDir3 = join71(cwd4, ".oa", "jobs");
+      if (existsSync54(jobsDir3)) {
+        const cutoff = Date.now() - retentionDays * 864e5;
+        for (const f of readdirSync21(jobsDir3)) {
+          if (!f.endsWith(".json"))
+            continue;
+          try {
+            const jobPath = join71(jobsDir3, f);
+            const job = JSON.parse(readFileSync43(jobPath, "utf-8"));
+            const jobTime = new Date(job.startedAt ?? job.completedAt ?? 0).getTime();
+            if (jobTime > 0 && jobTime < cutoff && job.status !== "running") {
+              const { unlinkSync: unlinkSync13 } = __require("node:fs");
+              unlinkSync13(jobPath);
+            }
+          } catch {
+          }
+        }
+      }
+    } catch {
+    }
+  }
   const tlsCert = process.env["OA_TLS_CERT"];
   const tlsKey = process.env["OA_TLS_KEY"];
   const useTls = !!(tlsCert && tlsKey);
@@ -67573,7 +67814,7 @@ async function apiServeCommand(opts, config) {
     server.on("close", resolve36);
   });
 }
-var endpointRegistry, modelRouteMap, endpointUsage, metrics, startedAt, _corsOrigins, _corsLocalOnly, runningProcesses;
+var endpointRegistry, modelRouteMap, endpointUsage, metrics, startedAt, _corsOrigins, _corsLocalOnly, runningProcesses, perKeyUsage;
 var init_serve = __esm({
   "packages/cli/dist/api/serve.js"() {
     "use strict";
@@ -67581,6 +67822,8 @@ var init_serve = __esm({
     init_audit_log();
     init_web_ui();
     init_logger();
+    init_openapi();
+    init_auth_oidc();
     init_oa_directory();
     init_render();
     init_profiles();
@@ -67597,6 +67840,7 @@ var init_serve = __esm({
     _corsOrigins = (process.env["OA_CORS_ORIGINS"] || "").split(",").filter(Boolean);
     _corsLocalOnly = _corsOrigins.length === 0;
     runningProcesses = /* @__PURE__ */ new Map();
+    perKeyUsage = /* @__PURE__ */ new Map();
   }
 });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "open-agents-ai",
-  "version": "0.185.74",
+  "version": "0.185.76",
   "description": "AI coding agent powered by open-source models (Ollama/vLLM) — interactive TUI with agentic tool-calling loop",
   "type": "module",
   "main": "./dist/index.js",