opencode-mem-agents 0.3.1 → 0.3.2

package/dist/worker/routes.js

@@ -0,0 +1,251 @@
+import { activityParamsSchema, contextSessionParamsSchema, memorySaveBodySchema, observationsBatchBodySchema, searchParamsSchema, timelineParamsSchema, tracesParamsSchema, toolResultBodySchema, } from "../contracts.js";
+import { DASHBOARD_HTML } from "../dashboard-html.js";
+import { parseSchema } from "./http.js";
+const ROLE_PRIORITY = {
+    lead: ["decision", "contract", "blocker", "review-finding"],
+    backend: ["contract", "feature", "bugfix", "refactor"],
+    frontend: ["feature", "bugfix", "refactor", "contract"],
+    database: ["contract", "decision", "bugfix", "refactor"],
+    test: ["test-result", "bugfix", "review-finding"],
+    security: ["review-finding", "blocker", "contract", "decision"],
+    reviewer: ["review-finding", "contract", "decision", "bugfix"],
+    default: ["decision", "contract", "blocker", "discovery"],
+};
+export function handleDashboard() {
+    return {
+        kind: "html",
+        status: 200,
+        body: DASHBOARD_HTML,
+    };
+}
+export function handleHealth(ctx) {
+    return {
+        kind: "json",
+        status: 200,
+        body: {
+            status: "ok",
+            version: ctx.version,
+            port: ctx.config.port,
+            dataDir: ctx.config.dataDir,
+            uptime: Date.now() - ctx.startedAt,
+            pid: process.pid,
+        },
+    };
+}
+export function handleSearch(ctx, paramsRaw) {
+    const params = parseSchema(searchParamsSchema, paramsRaw);
+    const result = ctx.repo.search(params);
+    return {
+        kind: "json",
+        status: 200,
+        body: {
+            observations: result.observations,
+            totalResults: result.totalResults,
+            query: params.query ?? "",
+            offset: params.offset,
+            limit: params.limit,
+            orderBy: params.orderBy,
+        },
+    };
+}
+function formatTimelineText(observations, anchorId, depthBefore, depthAfter) {
+    const lines = [
+        "# Timeline",
+        `Anchor: #${anchorId} | Window: ${depthBefore} before, ${depthAfter} after | Items: ${observations.length}`,
+        "",
+    ];
+    let currentDay = "";
+    for (const obs of observations) {
+        const d = new Date(obs.created_at_epoch);
+        const day = d.toISOString().slice(0, 10);
+        if (day !== currentDay) {
+            currentDay = day;
+            lines.push(`## ${day}`, "");
+        }
+        const time = d.toISOString().slice(11, 16);
+        const marker = obs.id === anchorId ? " <-- anchor" : "";
+        const content = obs.title || obs.text?.slice(0, 80) || "(no title)";
+        lines.push(`- **${time}** [${obs.type}] #${obs.id}: ${content}${marker}`);
+    }
+    return lines.join("\n");
+}
+export function handleTimeline(ctx, paramsRaw) {
+    const params = parseSchema(timelineParamsSchema, paramsRaw);
+    const timeline = ctx.repo.timeline(params);
+    if (timeline.observations.length === 0) {
+        if (params.format === "json") {
+            return {
+                kind: "json",
+                status: 200,
+                body: {
+                    anchorId: null,
+                    observations: [],
+                    depth_before: timeline.depthBefore,
+                    depth_after: timeline.depthAfter,
+                },
+            };
+        }
+        return {
+            kind: "text",
+            status: 200,
+            body: "No observations found.",
+        };
+    }
+    if (params.format === "json") {
+        return {
+            kind: "json",
+            status: 200,
+            body: {
+                anchorId: timeline.anchorId,
+                observations: timeline.observations,
+                depth_before: timeline.depthBefore,
+                depth_after: timeline.depthAfter,
+            },
+        };
+    }
+    return {
+        kind: "text",
+        status: 200,
+        body: formatTimelineText(timeline.observations, timeline.anchorId, timeline.depthBefore, timeline.depthAfter),
+    };
+}
+export function handleObservationsBatch(ctx, bodyRaw) {
+    const body = parseSchema(observationsBatchBodySchema, bodyRaw);
+    const observations = ctx.repo.getByIds(body.ids, body.project);
+    return {
+        kind: "json",
+        status: 200,
+        body: { observations },
+    };
+}
+export function handleMemorySave(ctx, bodyRaw) {
+    const body = parseSchema(memorySaveBodySchema, bodyRaw);
+    const result = ctx.repo.saveMemory(body);
+    return {
+        kind: "json",
+        status: 200,
+        body: { id: result.id, status: result.status },
+    };
+}
+export function handleToolResult(ctx, bodyRaw) {
+    const body = parseSchema(toolResultBodySchema, bodyRaw);
+    const result = ctx.repo.saveToolResult(body);
+    return {
+        kind: "json",
+        status: 200,
+        body: { id: result.id, status: result.status },
+    };
+}
+export function handleContextSession(ctx, paramsRaw) {
+    const params = parseSchema(contextSessionParamsSchema, paramsRaw);
+    const rows = ctx.repo.getContextRows(params);
+    if (rows.length === 0) {
+        return {
+            kind: "text",
+            status: 200,
+            body: "",
+        };
+    }
+    const lines = [
+        `# [opencode-mem] Recent context (${rows.length} observations)`,
+        "",
+    ];
+    const grouped = {};
+    for (const row of rows) {
+        (grouped[row.type] ??= []).push(row);
+    }
+    for (const [type, items] of Object.entries(grouped)) {
+        lines.push(`## ${type} (${items.length})`);
+        for (const item of items) {
+            const agentTag = item.agent ? ` [${item.agent}]` : "";
+            const sourceTag = item.session_id ? ` [session:${item.session_id}]` : "";
+            const content = item.title || item.text?.slice(0, 300) || "(empty)";
+            lines.push(`- #${item.id}${agentTag}${sourceTag}: ${content}`);
+        }
+        lines.push("");
+    }
+    return {
+        kind: "text",
+        status: 200,
+        body: lines.join("\n"),
+    };
+}
+export function handleActivity(ctx, paramsRaw) {
+    const params = parseSchema(activityParamsSchema, paramsRaw);
+    const rows = ctx.repo.getActivityRows(params);
+    const role = (params.role ?? "default").toLowerCase();
+    const preferred = ROLE_PRIORITY[role] ?? ROLE_PRIORITY.default;
+    const preferredSet = new Set(preferred);
+    const agents = {};
+    const fileRollups = {};
+    for (const row of rows) {
+        const agentName = row.agent || "unknown";
+        if (!agents[agentName]) {
+            agents[agentName] = {
+                observations: [],
+                files_modified: [],
+                last_active: 0,
+            };
+            fileRollups[agentName] = new Set();
+        }
+        agents[agentName].observations.push({
+            id: row.id,
+            type: row.type,
+            title: row.title,
+            signal: row.signal,
+            phase: row.phase,
+            task_id: row.task_id,
+            created_at_epoch: row.created_at_epoch,
+            role_priority: preferredSet.has(row.type) ? 0 : 1,
+        });
+        if (row.created_at_epoch > agents[agentName].last_active) {
+            agents[agentName].last_active = row.created_at_epoch;
+        }
+        const modifiedFiles = safeParseArray(row.files_modified);
+        for (const filePath of modifiedFiles) {
+            if (filePath)
+                fileRollups[agentName].add(filePath);
+        }
+    }
+    for (const [agentName, data] of Object.entries(agents)) {
+        data.observations.sort((a, b) => {
+            if (a.role_priority !== b.role_priority)
+                return a.role_priority - b.role_priority;
+            return b.created_at_epoch - a.created_at_epoch;
+        });
+        for (const obs of data.observations) {
+            delete obs.role_priority;
+        }
+        data.files_modified = Array.from(fileRollups[agentName]);
+    }
+    return {
+        kind: "json",
+        status: 200,
+        body: {
+            project: params.project ?? "",
+            since_id: params.since_id,
+            total_observations: rows.length,
+            role,
+            preferred_types: preferred,
+            agents,
+        },
+    };
+}
+export function handleTraces(ctx, paramsRaw) {
+    const params = parseSchema(tracesParamsSchema, paramsRaw);
+    const events = ctx.repo.getTraces(params);
+    return {
+        kind: "json",
+        status: 200,
+        body: { events },
+    };
+}
+function safeParseArray(raw) {
+    try {
+        const parsed = JSON.parse(raw);
+        return Array.isArray(parsed) ? parsed : [];
+    }
+    catch {
+        return [];
+    }
+}

package/dist/worker/server.d.ts

@@ -0,0 +1 @@
+export declare function startWorkerServer(): void;

package/dist/worker/server.js

@@ -0,0 +1,177 @@
+import { randomUUID } from "crypto";
+import { existsSync, readFileSync, unlinkSync, writeFileSync } from "fs";
+import http from "http";
+import { applyCors, InputValidationError, isAuthorized, readBody, requiresAuth, sendError, sendHtml, sendJson, sendText, } from "./http.js";
+import { WorkerRepository } from "./repository.js";
+import { readWorkerConfig, WORKER_VERSION } from "./config.js";
+import { parseQuery } from "./utils.js";
+import { handleActivity, handleContextSession, handleDashboard, handleHealth, handleMemorySave, handleObservationsBatch, handleSearch, handleTimeline, handleToolResult, handleTraces, } from "./routes.js";
+export function startWorkerServer() {
+    const config = readWorkerConfig();
+    lockPidFile(config.pidFile);
+    const startedAt = Date.now();
+    const repo = new WorkerRepository(config.dbPath, config.traceRetentionDays, config.traceMaxPayloadChars);
+    const routeCtx = {
+        config,
+        startedAt,
+        version: WORKER_VERSION,
+        repo,
+    };
+    const traceLog = (ctx, direction, status, payload, durationMs = 0) => {
+        repo.logTrace(ctx.traceId, direction, ctx.method, ctx.path, status, payload, durationMs);
+    };
+    const server = http.createServer(async (req, res) => {
+        const method = req.method ?? "GET";
+        const url = new URL(req.url ?? "/", `http://${config.host}:${config.port}`);
+        const path = url.pathname;
+        const requestCtx = {
+            traceId: randomUUID(),
+            method,
+            path,
+            startedAt: Date.now(),
+        };
+        const corsAllowed = applyCors(req, res, config.corsOrigin);
+        if (!corsAllowed) {
+            traceLog(requestCtx, "in", 0, { rejected: "cors", origin: req.headers.origin ?? "" });
+            sendError(requestCtx, res, 403, "FORBIDDEN_ORIGIN", "Origin is not allowed by CORS policy", traceLog);
+            return;
+        }
+        if (method === "OPTIONS") {
+            res.writeHead(204);
+            res.end();
+            traceLog(requestCtx, "out", 204, { preflight: true }, Date.now() - requestCtx.startedAt);
+            return;
+        }
+        if (requiresAuth(path, config.apiToken) && !isAuthorized(req, config.apiToken)) {
+            traceLog(requestCtx, "in", 0, { rejected: "auth", path });
+            sendError(requestCtx, res, 401, "UNAUTHORIZED", "Missing or invalid API token", traceLog);
+            return;
+        }
+        const queryParams = parseQuery(url);
+        traceLog(requestCtx, "in", 0, { query: queryParams });
+        try {
+            if (method === "GET") {
+                if (path === "/" || path === "/dashboard") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleDashboard());
+                }
+                if (path === "/api/health" || path === "/api/readiness") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleHealth(routeCtx));
+                }
+                if (path === "/api/search") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleSearch(routeCtx, queryParams));
+                }
+                if (path === "/api/timeline") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleTimeline(routeCtx, queryParams));
+                }
+                if (path === "/api/context/session") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleContextSession(routeCtx, queryParams));
+                }
+                if (path === "/api/activity") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleActivity(routeCtx, queryParams));
+                }
+                if (path === "/api/traces") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleTraces(routeCtx, queryParams));
+                }
+                sendError(requestCtx, res, 404, "NOT_FOUND", "Route not found", traceLog);
+                return;
+            }
+            if (method === "POST") {
+                let rawBody = "";
+                try {
+                    rawBody = await readBody(req, config.maxBodyBytes);
+                }
+                catch (error) {
+                    if (error instanceof InputValidationError) {
+                        sendError(requestCtx, res, 413, "PAYLOAD_TOO_LARGE", error.message, traceLog);
+                        return;
+                    }
+                    throw error;
+                }
+                let body = {};
+                if (rawBody.trim()) {
+                    try {
+                        body = JSON.parse(rawBody);
+                    }
+                    catch {
+                        sendError(requestCtx, res, 400, "INVALID_JSON", "Request body must be valid JSON", traceLog);
+                        return;
+                    }
+                }
+                traceLog(requestCtx, "in", 0, { body });
+                if (path === "/api/observations/batch") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleObservationsBatch(routeCtx, body));
+                }
+                if (path === "/api/memory/save") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleMemorySave(routeCtx, body));
+                }
+                if (path === "/api/session/tool-result") {
+                    return sendRouteResult(requestCtx, res, traceLog, handleToolResult(routeCtx, body));
+                }
+                sendError(requestCtx, res, 404, "NOT_FOUND", "Route not found", traceLog);
+                return;
+            }
+            sendError(requestCtx, res, 405, "METHOD_NOT_ALLOWED", `Method ${method} is not supported`, traceLog);
+        }
+        catch (error) {
+            if (error instanceof InputValidationError) {
+                sendError(requestCtx, res, 400, "INVALID_INPUT", error.message, traceLog);
+                return;
+            }
+            const message = error instanceof Error ? error.message : "Internal error";
+            console.error(`[opencode-mem] Error on ${requestCtx.path}:`, message);
+            traceLog(requestCtx, "error", 500, { message }, Date.now() - requestCtx.startedAt);
+            sendError(requestCtx, res, 500, "INTERNAL_ERROR", "Internal server error", traceLog);
+        }
+    });
+    server.listen(config.port, config.host, () => {
+        console.log(`[opencode-mem] Worker listening on http://${config.host}:${config.port}`);
+        console.log(`[opencode-mem] Database: ${config.dbPath}`);
+    });
+    const cleanup = () => {
+        try {
+            unlinkSync(config.pidFile);
+        }
+        catch {
+            // ignore
+        }
+        repo.close();
+    };
+    process.on("SIGTERM", () => {
+        console.log("[opencode-mem] Shutting down...");
+        server.close(() => {
+            cleanup();
+            process.exit(0);
+        });
+    });
+    process.on("SIGINT", () => {
+        server.close(() => {
+            cleanup();
+            process.exit(0);
+        });
+    });
+}
+function sendRouteResult(ctx, res, traceLog, result) {
+    if (result.kind === "json") {
+        sendJson(ctx, res, result.status, result.body, traceLog);
+        return;
+    }
+    if (result.kind === "text") {
+        sendText(ctx, res, result.status, result.body, traceLog);
+        return;
+    }
+    sendHtml(ctx, res, result.status, result.body, traceLog);
+}
+function lockPidFile(pidFile) {
+    if (existsSync(pidFile)) {
+        const existingPid = parseInt(readFileSync(pidFile, "utf-8").trim(), 10);
+        try {
+            process.kill(existingPid, 0);
+            console.log(`[opencode-mem] Worker already running (pid ${existingPid}), exiting`);
+            process.exit(0);
+        }
+        catch {
+            // stale pid file
+        }
+    }
+    writeFileSync(pidFile, String(process.pid));
+}

package/dist/worker/utils.d.ts

@@ -0,0 +1,8 @@
+export declare function parseQuery(url: URL): Record<string, string>;
+export declare function sanitizeText(value: string, max: number): string;
+export declare function sanitizeFtsQuery(query: string): string;
+export declare function safeSerialize(value: unknown, maxChars?: number): string;
+export declare function safeParseJson<T>(raw: string, fallback: T): T;
+export declare function toEpochMs(value: string | undefined): number | undefined;
+export declare function redactSensitive(value: unknown, depth?: number): unknown;
+export declare function prepareTracePayload(value: unknown, maxChars: number): string;

package/dist/worker/utils.js

@@ -0,0 +1,98 @@
+export function parseQuery(url) {
+    const query = {};
+    url.searchParams.forEach((value, key) => {
+        query[key] = value;
+    });
+    return query;
+}
+export function sanitizeText(value, max) {
+    return value.substring(0, max).replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "");
+}
+export function sanitizeFtsQuery(query) {
+    return query
+        .replace(/[*"():^]/g, " ")
+        .trim()
+        .split(/\s+/)
+        .filter(Boolean)
+        .map((term) => `"${term}"`)
+        .join(" ");
+}
+export function safeSerialize(value, maxChars = 4000) {
+    let text;
+    try {
+        text = JSON.stringify(value);
+    }
+    catch {
+        text = String(value);
+    }
+    if (text.length <= maxChars)
+        return text;
+    return `${text.slice(0, maxChars)}...[truncated ${text.length - maxChars} chars]`;
+}
+export function safeParseJson(raw, fallback) {
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return fallback;
+    }
+}
+export function toEpochMs(value) {
+    if (!value)
+        return undefined;
+    const epoch = Date.parse(value);
+    if (!Number.isFinite(epoch))
+        return undefined;
+    return epoch;
+}
+const SENSITIVE_KEY_PATTERN = /(^|[_-])(auth|authorization|token|secret|password|api[_-]?key|cookie|set-cookie)($|[_-])/i;
+function isSensitiveKey(key) {
+    return SENSITIVE_KEY_PATTERN.test(key);
+}
+function clampDepth(depth) {
+    return depth >= 10;
+}
+const SECRET_VALUE_PATTERNS = [
+    /\bsk-[a-z0-9_-]{8,}\b/gi,
+    /\bghp_[a-z0-9]{20,}\b/gi,
+    /\bgithub_pat_[a-z0-9_]{20,}\b/gi,
+    /\bAKIA[0-9A-Z]{16}\b/g,
+    /\bBearer\s+[a-z0-9._~+/=-]{8,}\b/gi,
+];
+function sanitizeTraceString(value) {
+    let sanitized = value;
+    if (/^bearer\s+/i.test(sanitized))
+        return "[redacted]";
+    for (const pattern of SECRET_VALUE_PATTERNS) {
+        sanitized = sanitized.replace(pattern, "[redacted]");
+    }
+    sanitized = sanitized.replace(/\b(api[_-]?key|token|secret|password)\s*[:=]\s*([^\s,;'"`]+)/gi, "$1=[redacted]");
+    return sanitized;
+}
+export function redactSensitive(value, depth = 0) {
+    if (value === null || value === undefined)
+        return value;
+    if (clampDepth(depth))
+        return "[depth-limited]";
+    if (typeof value === "string") {
+        return sanitizeTraceString(value);
+    }
+    if (typeof value !== "object")
+        return value;
+    if (Array.isArray(value)) {
+        return value.map((entry) => redactSensitive(entry, depth + 1));
+    }
+    const source = value;
+    const output = {};
+    for (const [key, entry] of Object.entries(source)) {
+        if (isSensitiveKey(key)) {
+            output[key] = "[redacted]";
+            continue;
+        }
+        output[key] = redactSensitive(entry, depth + 1);
+    }
+    return output;
+}
+export function prepareTracePayload(value, maxChars) {
+    return safeSerialize(redactSensitive(value), maxChars);
+}

package/dist/worker.d.ts

@@ -1,17 +1 @@
-/**
- * opencode-mem worker — Standalone HTTP server with SQLite + FTS5
- *
- * Runs as a daemon on port 37778 (configurable via OPENCODE_MEM_PORT).
- * Stores observations in ~/.opencode-mem/opencode-mem.db.
- *
- * Endpoints:
- *   GET  /api/health              — Health check
- *   GET  /api/search              — FTS5 + metadata search
- *   GET  /api/timeline            — Chronological window around anchor
- *   POST /api/observations/batch  — Get observations by IDs
- *   POST /api/memory/save         — Save an observation
- *   POST /api/session/tool-result — Capture tool result as observation
- *   GET  /api/context/session     — Formatted context for system prompt
- *   GET  /api/activity            — Team activity grouped by agent
- */
 export {};