palmier 0.5.1 → 0.5.3

package/src/task.ts

@@ -202,31 +202,66 @@ export function beginStreamingMessage(
   const filePath = path.join(taskDir, runId, "TASKRUN.md");
   const delimiter = `<!-- palmier:message role="assistant" time="${time}" -->`;
   fs.appendFileSync(filePath, `${delimiter}\n\n`, "utf-8");
-  return new StreamingMessageWriter(filePath, delimiter);
+  return new StreamingMessageWriter(filePath);
 }
 
 export class StreamingMessageWriter {
-  private delimiter: string;
-  constructor(private filePath: string, delimiter: string) {
-    this.delimiter = delimiter;
-  }
+  constructor(private filePath: string) {}
 
   /** Append a chunk of content to the current message. */
   write(chunk: string): void {
     fs.appendFileSync(this.filePath, chunk, "utf-8");
   }
 
-  /** Finalize the message. If attachments are provided, rewrites the delimiter to include them. */
+  /** Finalize the message. If attachments are provided, rewrites the last assistant delimiter to include them. */
   end(attachments?: string[]): void {
     fs.appendFileSync(this.filePath, "\n\n", "utf-8");
     if (attachments?.length) {
       const raw = fs.readFileSync(this.filePath, "utf-8");
-      const updated = raw.replace(this.delimiter, `${this.delimiter.slice(0, -4)} attachments="${attachments.join(",")}" -->`);
-      fs.writeFileSync(this.filePath, updated, "utf-8");
+      // Find the last assistant delimiter (may differ from the original if spliceUserMessage created a new one)
+      const pattern = /<!-- palmier:message role="assistant" time="\d+" -->/g;
+      let lastMatch: RegExpExecArray | null = null;
+      let m;
+      while ((m = pattern.exec(raw)) !== null) lastMatch = m;
+      if (lastMatch) {
+        const before = raw.slice(0, lastMatch.index);
+        const after = raw.slice(lastMatch.index + lastMatch[0].length);
+        const updated = before + `${lastMatch[0].slice(0, -4)} attachments="${attachments.join(",")}" -->` + after;
+        fs.writeFileSync(this.filePath, updated, "utf-8");
+      }
     }
   }
 }
 
+/**
+ * Splice a user message into a running assistant stream.
+ * Ends the current assistant block, writes the user message,
+ * then opens a new assistant block — all as direct file appends.
+ * The existing StreamingMessageWriter keeps working because its
+ * write() is just appendFileSync, so subsequent chunks land in
+ * the new assistant block.
+ */
+export function spliceUserMessage(
+  taskDir: string,
+  runId: string,
+  userMsg: ConversationMessage,
+  /** Optional text to append to the current assistant block before ending it. */
+  assistantAppend?: string,
+): void {
+  const filePath = path.join(taskDir, runId, "TASKRUN.md");
+  // 1. Optionally append to the current assistant block (e.g. the input questions)
+  if (assistantAppend) {
+    fs.appendFileSync(filePath, assistantAppend, "utf-8");
+  }
+  // 2. End the current assistant block
+  fs.appendFileSync(filePath, "\n\n", "utf-8");
+  // 3. Write the user message
+  appendRunMessage(taskDir, runId, userMsg);
+  // 4. Open a new assistant block for subsequent agent output
+  const delimiter = `<!-- palmier:message role="assistant" time="${Date.now()}" -->`;
+  fs.appendFileSync(filePath, `${delimiter}\n\n`, "utf-8");
+}
+
 /**
  * Read conversation messages from a run's TASKRUN.md file.
  */

package/src/transports/http-transport.ts

@@ -1,9 +1,10 @@
 import * as http from "node:http";
 import * as os from "os";
 import { StringCodec, type NatsConnection } from "nats";
-import { validateSession, addSession } from "../session-store.js";
+import { validateClient, addClient } from "../client-store.js";
 import { registerPending } from "../pending-requests.js";
-import { getTaskDir, parseTaskFile, appendRunMessage } from "../task.js";
+import * as fs from "node:fs";
+import { getTaskDir, parseTaskFile, spliceUserMessage } from "../task.js";
 import type { HostConfig, RpcMessage, RequiredPermission } from "../types.js";
 
 const PWA_ORIGIN = "https://app.palmier.me";
@@ -99,6 +100,18 @@ export function detectLanIp(): string {
   return "127.0.0.1";
 }
 
+/** Find the latest (highest-numbered) run directory for a task. */
+function findLatestRunId(taskDir: string): string | null {
+  try {
+    const dirs = fs.readdirSync(taskDir)
+      .filter((f) => /^\d+$/.test(f) && fs.statSync(`${taskDir}/${f}`).isDirectory())
+      .sort();
+    return dirs.length > 0 ? dirs[dirs.length - 1] : null;
+  } catch {
+    return null;
+  }
+}
+
 /**
  * Start the HTTP transport: server with RPC, SSE, PWA proxy, pairing, and
  * localhost-only agent endpoints (notify, request-input, confirmation, permission).
@@ -132,10 +145,10 @@ export async function startHttpTransport(
   function checkAuth(req: http.IncomingMessage): boolean {
     const auth = req.headers.authorization;
     if (!auth || !auth.startsWith("Bearer ")) return false;
-    return validateSession(auth.slice(7));
+    return validateClient(auth.slice(7));
   }
 
-  function extractSessionToken(req: http.IncomingMessage): string | undefined {
+  function extractClientToken(req: http.IncomingMessage): string | undefined {
     const auth = req.headers.authorization;
     if (!auth || !auth.startsWith("Bearer ")) return undefined;
     return auth.slice(7);
@@ -262,6 +275,9 @@ export async function startHttpTransport(
         const taskDir = getTaskDir(config.projectRoot, taskId);
         const task = parseTaskFile(taskDir);
 
+        // Resolve runId: use provided value, otherwise find the latest run directory
+        const effectiveRunId = runId ?? findLatestRunId(taskDir);
+
         const pendingPromise = registerPending(taskId, "input", descriptions);
 
         await publishEvent(taskId, {
@@ -273,17 +289,20 @@ export async function startHttpTransport(
 
         const response = await pendingPromise;
 
+        const questionsBlock = "\n\n" + descriptions.map((d) => `**${d}**`).join("\n");
+
         if (response.length === 1 && response[0] === "aborted") {
           await publishEvent(taskId, { event_type: "input-resolved", host_id: config.hostId, status: "aborted" });
-          if (runId) {
-            appendRunMessage(taskDir, runId, { role: "user", time: Date.now(), content: "Input request aborted.", type: "input" });
+          if (effectiveRunId) {
+            spliceUserMessage(taskDir, effectiveRunId, { role: "user", time: Date.now(), content: "Aborted", type: "input" }, questionsBlock);
+            await publishEvent(taskId, { event_type: "result-updated", run_id: effectiveRunId });
           }
           sendJson(res, 200, { aborted: true });
         } else {
           await publishEvent(taskId, { event_type: "input-resolved", host_id: config.hostId, status: "provided" });
-          if (runId) {
-            const lines = descriptions.map((desc, i) => `**${desc}** ${response[i]}`);
-            appendRunMessage(taskDir, runId, { role: "user", time: Date.now(), content: lines.join("\n"), type: "input" });
+          if (effectiveRunId) {
+            spliceUserMessage(taskDir, effectiveRunId, { role: "user", time: Date.now(), content: response.join("\n"), type: "input" }, questionsBlock);
+            await publishEvent(taskId, { event_type: "result-updated", run_id: effectiveRunId });
           }
           sendJson(res, 200, { values: response });
         }
@@ -375,11 +394,11 @@ export async function startHttpTransport(
         const pending = pendingPairs.get(code);
         if (!pending) { sendJson(res, 401, { error: "Invalid code" }); return; }
 
-        const session = addSession(label);
+        const client = addClient(label);
         const ip = detectLanIp();
         const response: Record<string, unknown> = {
           hostId: config.hostId,
-          sessionToken: session.token,
+          clientToken: client.token,
           directUrl: `http://${ip}:${port}`,
         };
 
@@ -457,11 +476,11 @@ export async function startHttpTransport(
         }
       } catch { sendJson(res, 400, { error: "Invalid JSON" }); return; }
 
-      const sessionToken = extractSessionToken(req);
+      const clientToken = extractClientToken(req);
       console.log(`[http] RPC: ${method}`);
 
       try {
-        const response = await handleRpc({ method, params, sessionToken, localhost: isLocalhost(req) });
+        const response = await handleRpc({ method, params, clientToken, localhost: isLocalhost(req) });
         console.log(`[http] RPC done: ${method}`, JSON.stringify(response).slice(0, 200));
         sendJson(res, 200, response);
       } catch (err) {

package/src/transports/nats-transport.ts

@@ -50,15 +50,15 @@ export async function startNatsTransport(
       }
     }
 
-    // Extract sessionToken from params (PWA includes it in the payload)
-    const sessionToken = typeof params.sessionToken === "string" ? params.sessionToken : undefined;
-    delete params.sessionToken;
+    // Extract clientToken from params (PWA includes it in the payload)
+    const clientToken = typeof params.clientToken === "string" ? params.clientToken : undefined;
+    delete params.clientToken;
 
     console.log(`[nats] RPC: ${method}`);
 
     let response: unknown;
     try {
-      response = await handleRpc({ method, params, sessionToken });
+      response = await handleRpc({ method, params, clientToken });
     } catch (err) {
       console.error(`[nats] RPC error (${method}):`, err);
       response = { error: String(err) };

package/src/types.ts

@@ -9,7 +9,7 @@ export interface HostConfig {
   // Detected agent CLIs
   agents?: Array<{ key: string; label: string }>;
 
-  // HTTP server port (default 7400)
+  // HTTP server port (default 9966)
   httpPort?: number;
   // Whether to accept non-localhost HTTP connections
   lanEnabled?: boolean;
@@ -23,6 +23,7 @@ export interface TaskFrontmatter {
   triggers: Trigger[];
   triggers_enabled: boolean;
   requires_confirmation: boolean;
+  yolo_mode?: boolean;
   permissions?: RequiredPermission[];
   command?: string;
 }
@@ -78,7 +79,7 @@ export interface ConversationMessage {
 export interface RpcMessage {
   method: string;
   params: Record<string, unknown>;
-  sessionToken?: string;
-  /** Trusted localhost request — skip session validation. */
+  clientToken?: string;
+  /** Trusted localhost request — skip client validation. */
   localhost?: boolean;
 }

package/test/agent-instructions.test.ts

@@ -0,0 +1,48 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import * as fs from "fs";
+import * as path from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const templatePath = path.join(__dirname, "..", "src", "agents", "agent-instructions.md");
+const template = fs.readFileSync(templatePath, "utf-8");
+
+/** Minimal replica of getAgentInstructions that doesn't need host.json */
+function buildInstructions(taskId: string, skipPermissions?: boolean): string {
+  let instructions = template
+    .replace(/\{\{PORT\}\}/g, "9966")
+    .replace(/\{\{TASK_ID\}\}/g, taskId);
+  if (skipPermissions) {
+    instructions = instructions.replace(/## Permissions\r?\n[\s\S]*?(?=## |\r?\n---)/m, "");
+  }
+  return instructions;
+}
+
+describe("getAgentInstructions", () => {
+  it("includes Permissions section by default", () => {
+    const result = buildInstructions("test-task-id");
+    assert.match(result, /## Permissions/);
+    assert.match(result, /PALMIER_PERMISSION/);
+  });
+
+  it("strips Permissions section when skipPermissions is true", () => {
+    const result = buildInstructions("test-task-id", true);
+    assert.doesNotMatch(result, /## Permissions/);
+    assert.doesNotMatch(result, /PALMIER_PERMISSION/);
+  });
+
+  it("preserves other sections when Permissions is stripped", () => {
+    const result = buildInstructions("test-task-id", true);
+    assert.match(result, /## Reporting Output/);
+    assert.match(result, /## Completion/);
+    assert.match(result, /## HTTP Endpoints/);
+  });
+
+  it("replaces template variables", () => {
+    const result = buildInstructions("my-task-123");
+    assert.match(result, /my-task-123/);
+    assert.doesNotMatch(result, /\{\{TASK_ID\}\}/);
+    assert.doesNotMatch(result, /\{\{PORT\}\}/);
+  });
+});

package/test/agent-output-parsing.test.ts

@@ -38,6 +38,11 @@ describe("parseReportFiles", () => {
   it("trims whitespace from file names", () => {
     assert.deepEqual(parseReportFiles("[PALMIER_REPORT]   report.md  "), ["report.md"]);
   });
+
+  it("ignores placeholder examples from echoed prompt", () => {
+    const output = "[PALMIER_REPORT] <filename>\n[PALMIER_REPORT] actual-report.md";
+    assert.deepEqual(parseReportFiles(output), ["actual-report.md"]);
+  });
 });
 
 describe("parsePermissions", () => {
@@ -57,5 +62,12 @@ describe("parsePermissions", () => {
   it("returns empty array when no permissions", () => {
     assert.deepEqual(parsePermissions("no permissions"), []);
   });
+
+  it("ignores placeholder examples from echoed prompt", () => {
+    const output = "[PALMIER_PERMISSION] <tool_name> | <description>\n[PALMIER_PERMISSION] Read | Read files";
+    const perms = parsePermissions(output);
+    assert.equal(perms.length, 1);
+    assert.deepEqual(perms[0], { name: "Read", description: "Read files" });
+  });
 });
 

package/dist/commands/sessions.d.ts

@@ -1,4 +0,0 @@
-export declare function sessionsListCommand(): Promise<void>;
-export declare function sessionsRevokeCommand(token: string): Promise<void>;
-export declare function sessionsRevokeAllCommand(): Promise<void>;
-//# sourceMappingURL=sessions.d.ts.map

package/dist/commands/sessions.js

@@ -1,27 +0,0 @@
-import { loadSessions, revokeSession, revokeAllSessions } from "../session-store.js";
-export async function sessionsListCommand() {
-    const sessions = loadSessions();
-    if (sessions.length === 0) {
-        console.log("No active sessions.");
-        return;
-    }
-    console.log(`${sessions.length} active session(s):\n`);
-    for (const s of sessions) {
-        const label = s.label ? ` (${s.label})` : "";
-        console.log(`  ${s.token}${label}  created ${s.createdAt}`);
-    }
-}
-export async function sessionsRevokeCommand(token) {
-    if (revokeSession(token)) {
-        console.log("Session revoked.");
-    }
-    else {
-        console.error("Session not found.");
-        process.exit(1);
-    }
-}
-export async function sessionsRevokeAllCommand() {
-    const count = revokeAllSessions();
-    console.log(`Revoked ${count} session(s).`);
-}
-//# sourceMappingURL=sessions.js.map

package/dist/session-store.d.ts

@@ -1,12 +0,0 @@
-export interface SessionEntry {
-    token: string;
-    createdAt: string;
-    label?: string;
-}
-export declare function loadSessions(): SessionEntry[];
-export declare function addSession(label?: string): SessionEntry;
-export declare function revokeSession(token: string): boolean;
-export declare function revokeAllSessions(): number;
-export declare function validateSession(token: string): boolean;
-export declare function hasSessions(): boolean;
-//# sourceMappingURL=session-store.d.ts.map

package/dist/session-store.js

@@ -1,57 +0,0 @@
-import * as fs from "fs";
-import * as path from "path";
-import { randomBytes } from "crypto";
-import { CONFIG_DIR } from "./config.js";
-const SESSIONS_FILE = path.join(CONFIG_DIR, "sessions.json");
-function readFile() {
-    try {
-        if (!fs.existsSync(SESSIONS_FILE))
-            return [];
-        const raw = fs.readFileSync(SESSIONS_FILE, "utf-8");
-        return JSON.parse(raw);
-    }
-    catch {
-        return [];
-    }
-}
-function writeFile(sessions) {
-    fs.mkdirSync(CONFIG_DIR, { recursive: true });
-    fs.writeFileSync(SESSIONS_FILE, JSON.stringify(sessions, null, 2), "utf-8");
-}
-export function loadSessions() {
-    return readFile();
-}
-export function addSession(label) {
-    const sessions = readFile();
-    const entry = {
-        token: randomBytes(32).toString("hex"),
-        createdAt: new Date().toISOString(),
-        ...(label ? { label } : {}),
-    };
-    sessions.push(entry);
-    writeFile(sessions);
-    return entry;
-}
-export function revokeSession(token) {
-    const sessions = readFile();
-    const idx = sessions.findIndex((s) => s.token === token);
-    if (idx === -1)
-        return false;
-    sessions.splice(idx, 1);
-    writeFile(sessions);
-    return true;
-}
-export function revokeAllSessions() {
-    const sessions = readFile();
-    const count = sessions.length;
-    writeFile([]);
-    return count;
-}
-export function validateSession(token) {
-    const sessions = readFile();
-    return sessions.some((s) => s.token === token);
-}
-export function hasSessions() {
-    return readFile().length > 0;
-}
-//# sourceMappingURL=session-store.js.map

package/src/commands/sessions.ts

@@ -1,29 +0,0 @@
-import { loadSessions, revokeSession, revokeAllSessions } from "../session-store.js";
-
-export async function sessionsListCommand(): Promise<void> {
-  const sessions = loadSessions();
-  if (sessions.length === 0) {
-    console.log("No active sessions.");
-    return;
-  }
-
-  console.log(`${sessions.length} active session(s):\n`);
-  for (const s of sessions) {
-    const label = s.label ? ` (${s.label})` : "";
-    console.log(`  ${s.token}${label}  created ${s.createdAt}`);
-  }
-}
-
-export async function sessionsRevokeCommand(token: string): Promise<void> {
-  if (revokeSession(token)) {
-    console.log("Session revoked.");
-  } else {
-    console.error("Session not found.");
-    process.exit(1);
-  }
-}
-
-export async function sessionsRevokeAllCommand(): Promise<void> {
-  const count = revokeAllSessions();
-  console.log(`Revoked ${count} session(s).`);
-}

package/src/session-store.ts

@@ -1,68 +0,0 @@
-import * as fs from "fs";
-import * as path from "path";
-import { randomBytes } from "crypto";
-import { CONFIG_DIR } from "./config.js";
-
-const SESSIONS_FILE = path.join(CONFIG_DIR, "sessions.json");
-
-export interface SessionEntry {
-  token: string;
-  createdAt: string;
-  label?: string;
-}
-
-function readFile(): SessionEntry[] {
-  try {
-    if (!fs.existsSync(SESSIONS_FILE)) return [];
-    const raw = fs.readFileSync(SESSIONS_FILE, "utf-8");
-    return JSON.parse(raw) as SessionEntry[];
-  } catch {
-    return [];
-  }
-}
-
-function writeFile(sessions: SessionEntry[]): void {
-  fs.mkdirSync(CONFIG_DIR, { recursive: true });
-  fs.writeFileSync(SESSIONS_FILE, JSON.stringify(sessions, null, 2), "utf-8");
-}
-
-export function loadSessions(): SessionEntry[] {
-  return readFile();
-}
-
-export function addSession(label?: string): SessionEntry {
-  const sessions = readFile();
-  const entry: SessionEntry = {
-    token: randomBytes(32).toString("hex"),
-    createdAt: new Date().toISOString(),
-    ...(label ? { label } : {}),
-  };
-  sessions.push(entry);
-  writeFile(sessions);
-  return entry;
-}
-
-export function revokeSession(token: string): boolean {
-  const sessions = readFile();
-  const idx = sessions.findIndex((s) => s.token === token);
-  if (idx === -1) return false;
-  sessions.splice(idx, 1);
-  writeFile(sessions);
-  return true;
-}
-
-export function revokeAllSessions(): number {
-  const sessions = readFile();
-  const count = sessions.length;
-  writeFile([]);
-  return count;
-}
-
-export function validateSession(token: string): boolean {
-  const sessions = readFile();
-  return sessions.some((s) => s.token === token);
-}
-
-export function hasSessions(): boolean {
-  return readFile().length > 0;
-}