openbot 0.3.6 → 0.4.2

package/dist/plugins/approval/index.js

@@ -1,159 +1,130 @@
-import { storageService } from '../../services/storage.js';
-export const DEFAULT_APPROVAL_RULES = [
-    {
-        action: 'action:shell_exec',
-        denyEvent: 'action:shell_exec:result',
-        message: 'The agent wants to run a terminal command.',
-        detailKeys: ['command', 'cwd', 'shell', 'timeoutMs'],
-        hiddenKeys: ['env'],
-        denyData: {
-            exitCode: null,
-            stdout: '',
-            stderr: 'Command execution was denied by the user.',
-            timedOut: false,
-        },
-    },
-];
-const asRecord = (value) => value && typeof value === 'object' && !Array.isArray(value)
-    ? value
-    : {};
-const getApprovalsFromState = (state) => {
-    const source = state.threadDetails?.state ?? state.channelDetails?.state;
-    const stateRecord = asRecord(source);
-    return asRecord(stateRecord.approvals);
-};
-const persistApprovals = async (state, approvals) => {
-    if (state.threadId) {
-        await storageService.patchThreadState({
-            channelId: state.channelId,
-            threadId: state.threadId,
-            state: { approvals },
-        });
-        return;
-    }
-    await storageService.patchChannelState({
-        channelId: state.channelId,
-        state: { approvals },
-    });
-};
-const buildApprovalPlugin = (rules) => (builder) => {
-    for (const rule of rules) {
-        builder.on(rule.action, async function* (event, context) {
-            const meta = asRecord(event.meta);
-            if (meta.approvalStatus === 'approved')
+import { randomUUID } from 'node:crypto';
+/**
+ * `approval` — gates protected tool calls behind a UI confirmation widget.
+ *
+ * This is a simplified version that intercepts specified actions (default: bash)
+ * and requires user approval before they are allowed to proceed.
+ */
+// In-memory tracking for pending approval IDs with TTL (shared across plugin instances)
+const pendingApprovals = new Map();
+const TTL_MS = 4 * 60 * 60 * 1000; // 4 hours
+export const approvalPlugin = {
+    id: 'approval',
+    name: 'Approval',
+    description: 'Gate protected tool calls behind a UI confirmation widget.',
+    factory: ({ config, storage }) => (builder) => {
+        // Actions that require approval. Defaults to bash.
+        const actionsToApprove = config.actions || ['action:bash'];
+        for (const action of actionsToApprove) {
+            builder.intercept(action, (event, context) => {
+                // If already approved in this flow, let it pass to the actual handler
+                if (event.meta?.approvalStatus === 'approved')
+                    return event;
+                // Otherwise, intercept and ask for approval via a UI widget
+                const displayData = JSON.stringify(event?.data) || '';
+                const widgetId = randomUUID();
+                pendingApprovals.set(widgetId, Date.now());
+                return {
+                    type: 'client:ui:widget',
+                    data: {
+                        widgetId,
+                        kind: 'message',
+                        title: `The agent wants to perform \`${action}\``,
+                        body: displayData,
+                        metadata: {
+                            type: 'approval:request',
+                            originalEvent: event,
+                        },
+                        actions: [
+                            { id: 'approve', label: 'Approve', variant: 'primary' },
+                            { id: 'deny', label: 'Deny', variant: 'danger' },
+                        ],
+                    },
+                    meta: { agentId: context.state.agentId, threadId: context.state.threadId },
+                };
+            });
+        }
+        // Handle the user's response from the UI widget
+        builder.on('client:ui:widget:response', async function* (event, context) {
+            const { widgetId, actionId } = event.data;
+            const metadata = event.data?.metadata;
+            if (metadata?.type !== 'approval:request')
                 return;
-            const eventData = asRecord(event.data);
-            const eventMeta = meta;
-            const approvalId = `approval_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
-            const widgetId = `widget_${approvalId}`;
-            const executeEvent = rule.executeEvent || rule.action;
-            const denyEvent = rule.denyEvent || `${rule.action}:result`;
-            const denyData = rule.denyData || {};
-            const hiddenKeys = new Set(rule.hiddenKeys || []);
-            const detailKeys = rule.detailKeys || Object.keys(eventData);
-            const details = detailKeys
-                .filter((key) => !hiddenKeys.has(key))
-                .map((key) => `- ${key}: ${String(eventData[key] ?? '')}`)
-                .join('\n');
-            const pendingApprovals = getApprovalsFromState(context.state);
-            pendingApprovals[approvalId] = {
-                id: approvalId,
-                action: rule.action,
-                executeEvent,
-                denyEvent,
-                denyData,
-                payload: eventData,
-                meta: eventMeta,
-                message: rule.message || `Approval required for ${rule.action}.`,
-                createdAt: new Date().toISOString(),
-                status: 'pending',
-            };
-            await persistApprovals(context.state, pendingApprovals);
+            // Verify the widget is still pending and hasn't expired
+            if (!widgetId || !pendingApprovals.has(widgetId)) {
+                console.warn(`[approval] Received response for unknown or already handled widget: ${widgetId}`);
+                return;
+            }
+            const timestamp = pendingApprovals.get(widgetId);
+            if (Date.now() - timestamp > TTL_MS) {
+                pendingApprovals.delete(widgetId);
+                console.warn(`[approval] Received response for expired widget: ${widgetId}`);
+                return;
+            }
+            // Mark as handled
+            pendingApprovals.delete(widgetId);
+            const originalEvent = metadata.originalEvent;
+            const approved = actionId === 'approve';
+            const displayData = JSON.stringify(event?.data) || '';
+            // Yield a "responded" widget update to the UI
             yield {
                 type: 'client:ui:widget',
                 data: {
-                    kind: 'choice',
                     widgetId,
-                    title: 'Approval Required',
-                    body: `${rule.message || 'A protected action requires approval.'}${details ? `\n\n${details}` : ''}`,
-                    metadata: { type: 'approval:request', approvalId, action: rule.action },
-                    actions: [
-                        { id: 'approve', label: 'Approve', variant: 'primary' },
-                        { id: 'deny', label: 'Deny', variant: 'danger' },
-                    ],
+                    kind: 'message',
+                    title: `Action ${approved ? 'Approved' : 'Denied'}`,
+                    body: displayData,
+                    state: approved ? 'submitted' : 'cancelled',
+                    display: 'collapsed',
+                    disabled: true,
+                    actions: [], // Clear actions to disable buttons in UI
                 },
-                meta: { ...(event.meta || {}), agentId: context.state.agentId },
-            };
-            yield {
-                type: 'agent:output',
-                data: { content: `Waiting for approval before running \`${rule.action}\`.` },
-                meta: { ...(event.meta || {}), agentId: context.state.agentId },
+                meta: { agentId: context.state.agentId, threadId: context.state.threadId },
             };
-            context.suspend();
+            if (approved) {
+                // Re-emit the original event with approved status so the actual handler can run
+                yield {
+                    ...originalEvent,
+                    meta: {
+                        ...(originalEvent.meta || {}),
+                        approvalStatus: 'approved',
+                    },
+                };
+            }
+            else {
+                // Manually store the original event with denied status so it's recorded in history
+                // but NOT re-emitted to the pipeline (to avoid actual execution).
+                if (storage) {
+                    await storage.storeEvent({
+                        channelId: context.state.channelId,
+                        threadId: context.state.threadId,
+                        event: {
+                            ...originalEvent,
+                            meta: {
+                                ...(originalEvent.meta || {}),
+                                approvalStatus: 'denied',
+                            },
+                        },
+                    });
+                }
+                // Emit a failure result event for the denied action to clear the pending tool batch
+                yield {
+                    type: `${originalEvent.type}:result`,
+                    data: {
+                        success: false,
+                        error: 'Action denied by user.',
+                        stderr: 'Action denied by user.',
+                        output: 'Action denied by user.',
+                    },
+                    meta: originalEvent.meta,
+                };
+                yield {
+                    type: 'agent:output',
+                    data: { content: `Action \`${originalEvent.type}\` was denied.` },
+                    meta: { agentId: context.state.agentId },
+                };
+            }
         });
-    }
-    builder.on('client:ui:widget:response', async function* (event, context) {
-        const metadata = asRecord(event.data?.metadata);
-        if (metadata.type !== 'approval:request')
-            return;
-        const approvalId = String(metadata.approvalId || '');
-        if (!approvalId)
-            return;
-        const approvals = getApprovalsFromState(context.state);
-        const approval = approvals[approvalId];
-        if (!approval || approval.status !== 'pending') {
-            yield {
-                type: 'agent:output',
-                data: { content: 'Approval request not found or already resolved.' },
-                meta: { ...(event.meta || {}), agentId: context.state.agentId },
-            };
-            return;
-        }
-        const approved = event.data.actionId === 'approve';
-        approvals[approvalId] = {
-            ...approval,
-            status: approved ? 'approved' : 'denied',
-        };
-        await persistApprovals(context.state, approvals);
-        if (approved) {
-            yield {
-                type: approval.executeEvent,
-                data: approval.payload,
-                meta: {
-                    ...(approval.meta || {}),
-                    approvalId,
-                    approvalStatus: 'approved',
-                },
-            };
-            return;
-        }
-        yield {
-            type: approval.denyEvent,
-            data: {
-                success: false,
-                approved: false,
-                error: 'Action denied by user approval.',
-                ...approval.denyData,
-            },
-            meta: { ...(approval.meta || {}), approvalId },
-        };
-        yield {
-            type: 'agent:output',
-            data: { content: 'Action denied by user approval.' },
-            meta: { ...(event.meta || {}), agentId: context.state.agentId },
-        };
-    });
-};
-const readRules = (config) => {
-    const raw = config.rules;
-    if (!Array.isArray(raw))
-        return DEFAULT_APPROVAL_RULES;
-    return raw.filter((entry) => !!entry && typeof entry === 'object' && typeof entry.action === 'string');
-};
-export const approvalPlugin = {
-    id: 'approval',
-    name: 'Approval',
-    description: 'Gate protected tool calls (e.g. shell_exec) behind a UI confirmation prompt.',
-    factory: ({ config }) => buildApprovalPlugin(readRules(config)),
+    },
 };
 export default approvalPlugin;

package/dist/plugins/bash/index.js

@@ -0,0 +1,195 @@
+import { z } from 'zod';
+import { spawn } from 'node:child_process';
+import { randomUUID } from 'node:crypto';
+import { resolvePath } from '../../app/config.js';
+const bashToolDefinitions = {
+    bash: {
+        description: 'Execute a bash command in a stateful session. The working directory and environment variables persist between calls. Use this for all system tasks, file operations, and running development servers.',
+        inputSchema: z.object({
+            command: z.string().describe('The bash command to execute.'),
+            restart: z
+                .boolean()
+                .optional()
+                .describe('Restart the bash session before running the command.'),
+        }),
+    },
+    bash_stop: {
+        description: 'Stop the bash session for the current or specified channel.',
+        inputSchema: z.object({
+            channelId: z.string().optional().describe('The channel ID to stop the session for.'),
+        }),
+    },
+    bash_list_sessions: {
+        description: 'List all active bash sessions.',
+        inputSchema: z.object({}),
+    },
+};
+const sessions = new Map();
+const getSession = (channelId, initialCwd) => {
+    let session = sessions.get(channelId);
+    if (!session) {
+        const childProcess = spawn('bash', ['--login'], {
+            cwd: initialCwd,
+            env: { ...process.env, PS1: '' },
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        session = {
+            process: childProcess,
+            cwd: initialCwd,
+            lastActivity: Date.now(),
+        };
+        sessions.set(channelId, session);
+        // Basic error handling for the process
+        childProcess.on('error', (err) => {
+            console.error(`[bash] Session error for channel ${channelId}:`, err);
+            sessions.delete(channelId);
+        });
+        childProcess.on('exit', () => {
+            sessions.delete(channelId);
+        });
+    }
+    return session;
+};
+const bashPluginRuntime = () => (builder) => {
+    builder.on('action:bash', async function* (event, context) {
+        const { command, restart } = event.data;
+        const channelId = context.state.channelId;
+        const initialCwd = resolvePath(context.state.channelDetails?.cwd || process.cwd());
+        if (restart) {
+            const oldSession = sessions.get(channelId);
+            if (oldSession) {
+                oldSession.process.kill();
+                sessions.delete(channelId);
+            }
+        }
+        const session = getSession(channelId, initialCwd);
+        session.lastActivity = Date.now();
+        try {
+            const result = await new Promise((resolve) => {
+                let stdout = '';
+                let stderr = '';
+                let timedOut = false;
+                const sentinel = `__OPENBOT_BASH_DONE_${Math.random().toString(36).substring(7)}__`;
+                const timeoutMs = 60000; // 1 minute timeout for tool calls
+                const timer = setTimeout(() => {
+                    timedOut = true;
+                    // We don't kill the session on timeout, just return what we have
+                    resolve({ exitCode: null, stdout, stderr, timedOut });
+                }, timeoutMs);
+                const onStdout = (data) => {
+                    const str = data.toString();
+                    if (str.includes(sentinel)) {
+                        const parts = str.split(sentinel);
+                        stdout += parts[0];
+                        const exitCodeMatch = parts[1].match(/EXIT:(\d+)/);
+                        const exitCode = exitCodeMatch ? parseInt(exitCodeMatch[1], 10) : 0;
+                        cleanup();
+                        resolve({ exitCode, stdout, stderr, timedOut: false });
+                    }
+                    else {
+                        stdout += str;
+                    }
+                };
+                const onStderr = (data) => {
+                    stderr += data.toString();
+                };
+                const cleanup = () => {
+                    clearTimeout(timer);
+                    session.process.stdout?.removeListener('data', onStdout);
+                    session.process.stderr?.removeListener('data', onStderr);
+                };
+                session.process.stdout?.on('data', onStdout);
+                session.process.stderr?.on('data', onStderr);
+                // Execute command and then echo the sentinel with exit code
+                session.process.stdin?.write(`${command}\necho "${sentinel}EXIT:$?"\n`);
+            });
+            yield {
+                type: 'action:bash:result',
+                data: {
+                    success: result.exitCode === 0 && !result.timedOut,
+                    exitCode: result.exitCode,
+                    stdout: result.stdout.trim(),
+                    stderr: result.stderr.trim(),
+                    timedOut: result.timedOut,
+                    output: result.stderr.trim() ? result.stderr.trim() : result.stdout.trim(),
+                },
+                meta: event.meta,
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : 'Unknown bash error';
+            yield {
+                type: 'action:bash:result',
+                data: {
+                    success: false,
+                    exitCode: -1,
+                    stdout: '',
+                    stderr: message,
+                    timedOut: false,
+                    error: message,
+                    output: message,
+                },
+                meta: event.meta,
+            };
+        }
+    });
+    // Add a tool to stop/kill the session
+    builder.on('action:bash_stop', async function* (event, context) {
+        const channelId = event.data?.channelId || context.state.channelId;
+        const session = sessions.get(channelId);
+        if (session) {
+            session.process.kill();
+            sessions.delete(channelId);
+        }
+        yield {
+            type: 'action:bash_stop:result',
+            data: { success: true, output: `Bash session for channel ${channelId} stopped.` },
+            meta: event.meta,
+        };
+    });
+    // Add a tool to list all active sessions
+    builder.on('action:bash_list_sessions', async function* (event, context) {
+        const activeSessions = Array.from(sessions.entries()).map(([channelId, session]) => ({
+            channelId,
+            cwd: session.cwd,
+            lastActivity: session.lastActivity,
+        }));
+        yield {
+            type: 'client:ui:widget',
+            data: {
+                widgetId: randomUUID(),
+                kind: 'list',
+                title: 'Active Bash Sessions',
+                description: `Found ${activeSessions.length} active bash session${activeSessions.length === 1 ? '' : 's'}.`,
+                items: activeSessions.map((s) => ({
+                    id: s.channelId,
+                    label: s.channelId,
+                    description: `CWD: ${s.cwd}`,
+                    status: 'done',
+                    metadata: {
+                        cwd: s.cwd,
+                        lastActivity: s.lastActivity,
+                    },
+                })),
+            },
+            meta: event.meta,
+        };
+        yield {
+            type: 'action:bash_list_sessions:result',
+            data: {
+                success: true,
+                sessions: activeSessions,
+                output: JSON.stringify(activeSessions),
+            },
+            meta: event.meta,
+        };
+    });
+};
+export const bashPlugin = {
+    id: 'bash',
+    name: 'Bash',
+    description: 'Stateful bash session for the channel.',
+    toolDefinitions: bashToolDefinitions,
+    factory: () => bashPluginRuntime(),
+};
+export default bashPlugin;

package/dist/plugins/delegation/index.js

@@ -1,40 +1,129 @@
-import z from 'zod';
-const handoffToolDefinitions = {
-    handoff: {
-        description: 'Transfer control to another agent. The target agent continues the task in this thread.',
+import { z } from 'zod';
+import { generateId } from 'melony';
+/**
+ * `delegation` — allows agents to delegate tasks to other agents.
+ *
+ * Only the 'system' agent is allowed to delegate by default.
+ * It uses runAgent to execute the delegated agent in its own isolated runtime,
+ * bridging events back to the caller's stream.
+ */
+const delegationToolDefinitions = {
+    delegate_task: {
+        description: 'Delegate a specific task or question to another specialized agent.',
         inputSchema: z.object({
-            agentId: z.string().describe('The ID of the target agent.'),
-            content: z.string().describe('The message or task to hand off.'),
+            agentId: z.string().describe('The ID of the agent to delegate to (e.g., "researcher", "coder").'),
+            prompt: z.string().describe('The instructions or question for the delegated agent.'),
         }),
     },
 };
-const handoffPluginRuntime = () => (builder) => {
-    builder.on('action:handoff', async function* (event, context) {
-        const { agentId, content } = event.data;
-        yield {
-            type: 'agent:output',
-            data: { content: `Handing off to **${agentId}**: ${content}` },
-            meta: { ...(event.meta || {}), agentId: context.state.agentId },
-        };
-        yield {
-            type: 'handoff:request',
-            data: { agentId, content },
-            meta: { ...(event.meta || {}), agentId: context.state.agentId },
-        };
-        if (event.meta?.toolCallId) {
-            yield {
-                type: 'action:handoff:result',
-                data: { success: true, agentId, accepted: true },
-                meta: { ...(event.meta || {}), agentId: context.state.agentId },
-            };
-        }
-    });
-};
 export const delegationPlugin = {
     id: 'delegation',
-    name: 'Handoff',
-    description: 'Hand off tasks to other agents on the bus.',
-    toolDefinitions: handoffToolDefinitions,
-    factory: () => handoffPluginRuntime(),
+    name: 'Delegation',
+    description: 'Allows agents to call upon other agents to solve sub-tasks.',
+    toolDefinitions: delegationToolDefinitions,
+    factory: (pluginContext) => (builder) => {
+        // Handle the tool execution
+        builder.on('action:delegate_task', async function* (event, context) {
+            const delegateEvent = event;
+            // POLICY: Only the 'system' agent can delegate
+            if (context.state.agentId !== 'system') {
+                yield {
+                    type: 'action:delegate_task:result',
+                    data: {
+                        success: false,
+                        error: 'Only the system agent can delegate.'
+                    },
+                    meta: delegateEvent.meta,
+                };
+                return;
+            }
+            const { agentId, prompt } = delegateEvent.data;
+            const toolCallId = delegateEvent.meta?.toolCallId;
+            if (!toolCallId)
+                return;
+            // Break circular dependency by dynamic import
+            const { runAgent } = await import('../../harness/index.js');
+            const runId = `dg_${generateId()}`;
+            let lastAgentOutput = '';
+            // Queue to bridge the async onEvent callback to this generator
+            const eventQueue = [];
+            let resolveNext = null;
+            let isFinished = false;
+            // Start the delegated agent in its own runtime.
+            // We don't await this immediately so we can yield events as they arrive.
+            const runPromise = runAgent({
+                runId,
+                agentId,
+                event: {
+                    type: 'agent:invoke',
+                    data: {
+                        role: 'user',
+                        content: prompt,
+                        agentId: agentId,
+                    },
+                    meta: {
+                        threadId: context.state.threadId,
+                        parentAgentId: context.state.agentId,
+                        parentToolCallId: toolCallId,
+                    },
+                },
+                channelId: context.state.channelId,
+                threadId: context.state.threadId,
+                publicBaseUrl: pluginContext.publicBaseUrl,
+                onEvent: async (outEvent) => {
+                    // Enrich events with parent metadata so the UI can track the hierarchy
+                    const enrichedEvent = {
+                        ...outEvent,
+                        meta: {
+                            ...outEvent.meta,
+                            parentAgentId: context.state.agentId,
+                            parentToolCallId: toolCallId,
+                        }
+                    };
+                    eventQueue.push(enrichedEvent);
+                    if (outEvent.type === 'agent:output') {
+                        lastAgentOutput = outEvent.data.content;
+                    }
+                    // Wake up the generator loop if it's waiting
+                    if (resolveNext) {
+                        resolveNext();
+                        resolveNext = null;
+                    }
+                }
+            }).catch(error => {
+                console.error(`[delegation] Error in delegated run ${runId}:`, error);
+            }).finally(() => {
+                isFinished = true;
+                if (resolveNext) {
+                    resolveNext();
+                    resolveNext = null;
+                }
+            });
+            // Yield events from the delegated agent as they arrive
+            while (!isFinished || eventQueue.length > 0) {
+                if (eventQueue.length === 0) {
+                    await new Promise(r => { resolveNext = r; });
+                }
+                while (eventQueue.length > 0) {
+                    yield eventQueue.shift();
+                }
+            }
+            // Ensure the run is fully complete (though isFinished already implies this)
+            await runPromise;
+            // Yield the result back to our own LLM runtime.
+            yield {
+                type: 'action:delegate_task:result',
+                data: {
+                    success: true,
+                    output: lastAgentOutput,
+                },
+                meta: {
+                    ...delegateEvent.meta,
+                    agentId: context.state.agentId,
+                    toolCallId: toolCallId,
+                },
+            };
+        });
+    },
 };
 export default delegationPlugin;