quadwork 1.2.2 → 1.2.3

package/server/index.js

@@ -8,6 +8,7 @@ const pty = require("node-pty");
 const { spawn } = require("child_process");
 const { readConfig, resolveAgentCwd, resolveAgentCommand, resolveProjectChattr, resolveChattrSpawn, syncChattrToken, CONFIG_PATH } = require("./config");
 const routes = require("./routes");
+const { waitForAgentChattrReady, registerAgent, deregisterAgent } = require("./agentchattr-registry");
 
 const net = require("net");
 const config = readConfig();
@@ -207,6 +208,39 @@ const PERMISSION_FLAGS = {
  * Generate a per-agent MCP config file for Claude (--mcp-config).
  * Returns the absolute path to the written JSON file.
  */
+/**
+ * Per-agent registration tokens persisted across QuadWork restarts so
+ * #242 stale-slot reclaim works after a crash. Without this the
+ * in-memory _tokenCache is empty on startup and the family-name
+ * deregister returns 403 (app.py:2123-2135).
+ */
+function _agentTokenPath(projectId, agentId) {
+  const configDir = path.join(os.homedir(), ".quadwork", projectId);
+  return path.join(configDir, `agent-token-${agentId}.txt`);
+}
+
+function readPersistedAgentToken(projectId, agentId) {
+  try {
+    return fs.readFileSync(_agentTokenPath(projectId, agentId), "utf8").trim() || null;
+  } catch {
+    return null;
+  }
+}
+
+function writePersistedAgentToken(projectId, agentId, token) {
+  try {
+    const configDir = path.join(os.homedir(), ".quadwork", projectId);
+    if (!fs.existsSync(configDir)) fs.mkdirSync(configDir, { recursive: true });
+    fs.writeFileSync(_agentTokenPath(projectId, agentId), token, { mode: 0o600 });
+  } catch {
+    // non-fatal — stale-slot reclaim will degrade but registration still works
+  }
+}
+
+function clearPersistedAgentToken(projectId, agentId) {
+  try { fs.unlinkSync(_agentTokenPath(projectId, agentId)); } catch {}
+}
+
 function writeMcpConfigFile(projectId, agentId, mcpHttpPort, token) {
   const os = require("os");
   const configDir = path.join(os.homedir(), ".quadwork", projectId);
@@ -233,12 +267,14 @@ function writeMcpConfigFile(projectId, agentId, mcpHttpPort, token) {
 async function buildAgentArgs(projectId, agentId) {
   const cfg = readConfig();
   const project = cfg.projects?.find((p) => p.id === projectId);
-  if (!project) return [];
+  if (!project) return { args: [], acRegistrationName: null, acServerPort: null };
 
   const agentCfg = project.agents?.[agentId] || {};
   const command = agentCfg.command || "claude";
   const cliBase = command.split("/").pop().split(" ")[0]; // extract base CLI name
   const args = [];
+  let acRegistrationName = null;
+  let acServerPort = null;
 
   // Permission bypass flags
   if (agentCfg.auto_approve !== false) {
@@ -252,21 +288,63 @@ async function buildAgentArgs(projectId, agentId) {
   if (mcpHttpPort) {
     const injectMode = agentCfg.mcp_inject || (cliBase === "codex" ? "proxy_flag" : cliBase === "gemini" ? "env" : "flag");
     if (injectMode === "flag") {
-      // Claude/Kimi: write config file, pass --mcp-config
-      const mcpConfigPath = writeMcpConfigFile(projectId, agentId, mcpHttpPort, token);
+      // Claude/Kimi: register with AgentChattr to obtain a per-agent
+      // token (#239 — session_token is browser auth, not MCP auth) and
+      // write that into the per-agent MCP config file.
+      const chattrInfo = resolveProjectChattr(projectId);
+      acServerPort = Number(new URL(chattrInfo.url).port) || 8300;
+      await waitForAgentChattrReady(acServerPort);
+      // #242: best-effort deregister any stale registration of the
+      // canonical name (left over by a crashed previous QuadWork
+      // session) so the fresh register lands at slot 1 instead of
+      // head-2 / reviewer2-2. We need the previous agent's bearer
+      // token because app.py:2123 requires authenticated agent
+      // session for family names — load it from disk (persisted
+      // across restarts). Failures are non-fatal.
+      const stalePersistedToken = readPersistedAgentToken(projectId, agentId);
+      if (stalePersistedToken) {
+        await deregisterAgent(acServerPort, agentId, stalePersistedToken).catch(() => {});
+        clearPersistedAgentToken(projectId, agentId);
+      }
+      const registration = await registerAgent(acServerPort, agentId, agentCfg.display_name || null);
+      if (!registration) {
+        throw new Error(`Failed to register ${agentId}: ${registerAgent.lastError}`);
+      }
+      acRegistrationName = registration.name;
+      writePersistedAgentToken(projectId, agentId, registration.token);
+      const mcpConfigPath = writeMcpConfigFile(projectId, agentId, mcpHttpPort, registration.token);
       const flag = agentCfg.mcp_flag || "--mcp-config";
       args.push(flag, mcpConfigPath);
     } else if (injectMode === "proxy_flag") {
-      // Codex: start local auth proxy, pass proxy URL via -c flag
+      // Codex: register with AgentChattr first (#240) so the proxy
+      // injects a real per-agent token, not the global session token.
+      // Resolve via resolveProjectChattr so legacy/global-config
+      // projects without a per-project agentchattr_url still work.
+      const chattrInfo = resolveProjectChattr(projectId);
+      acServerPort = Number(new URL(chattrInfo.url).port) || 8300;
+      await waitForAgentChattrReady(acServerPort);
+      // #242: best-effort deregister stale canonical name first using
+      // the persisted bearer token from a previous session.
+      const stalePersistedToken = readPersistedAgentToken(projectId, agentId);
+      if (stalePersistedToken) {
+        await deregisterAgent(acServerPort, agentId, stalePersistedToken).catch(() => {});
+        clearPersistedAgentToken(projectId, agentId);
+      }
+      const registration = await registerAgent(acServerPort, agentId, agentCfg.display_name || null);
+      if (!registration) {
+        throw new Error(`Failed to register ${agentId}: ${registerAgent.lastError}`);
+      }
+      acRegistrationName = registration.name;
+      writePersistedAgentToken(projectId, agentId, registration.token);
       const upstreamUrl = `http://127.0.0.1:${mcpHttpPort}`;
-      const proxyUrl = await startMcpProxy(projectId, agentId, upstreamUrl, token);
+      const proxyUrl = await startMcpProxy(projectId, agentId, upstreamUrl, registration.token);
       if (proxyUrl) {
         args.push("-c", `mcp_servers.agentchattr.url="${proxyUrl}"`);
       }
     }
   }
 
-  return args;
+  return { args, acRegistrationName, acServerPort };
 }
 
 /**
@@ -313,7 +391,8 @@ async function spawnAgentPty(project, agent) {
   if (!cwd) return { ok: false, error: `Unknown agent: ${key}` };
 
   const command = resolveAgentCommand(project, agent) || (process.env.SHELL || "/bin/zsh");
-  const args = await buildAgentArgs(project, agent);
+  const built = await buildAgentArgs(project, agent);
+  const args = built.args;
   const extraEnv = buildAgentEnv(project, agent);
 
   try {
@@ -325,7 +404,16 @@ async function spawnAgentPty(project, agent) {
       env: { ...process.env, ...extraEnv },
     });
 
-    const session = { projectId: project, agentId: agent, term, ws: null, state: "running", error: null };
+    const session = {
+      projectId: project,
+      agentId: agent,
+      term,
+      ws: null,
+      state: "running",
+      error: null,
+      acRegistrationName: built.acRegistrationName,
+      acServerPort: built.acServerPort,
+    };
     agentSessions.set(key, session);
 
     term.onExit(({ exitCode }) => {
@@ -349,8 +437,11 @@ async function spawnAgentPty(project, agent) {
   }
 }
 
-// Helper: stop an agent session — kill PTY, close WS
-function stopAgentSession(key) {
+// Helper: stop an agent session — kill PTY, close WS, deregister.
+// Async because deregister must complete before a restart re-registers,
+// otherwise the old slot stays occupied and a fresh register lands at
+// head-2 instead of slot 1 (#241).
+async function stopAgentSession(key) {
   const session = agentSessions.get(key);
   if (!session) {
     agentSessions.set(key, { projectId: null, agentId: null, term: null, ws: null, state: "stopped", error: null });
@@ -366,6 +457,19 @@ function stopAgentSession(key) {
   session.ws = null;
   session.state = "stopped";
   session.error = null;
+  // Best-effort deregister from AgentChattr (#241) so the slot frees
+  // and the next register lands at slot 1 instead of head-2.
+  if (session.acRegistrationName && session.acServerPort) {
+    try {
+      await deregisterAgent(session.acServerPort, session.acRegistrationName);
+    } catch {
+      // best-effort — failures are non-fatal
+    }
+    if (session.projectId && session.agentId) {
+      clearPersistedAgentToken(session.projectId, session.agentId);
+    }
+    session.acRegistrationName = null;
+  }
   // Clean up MCP auth proxy if running
   const [projectId, agentId] = key.split("/");
   if (projectId && agentId) stopMcpProxy(projectId, agentId);
@@ -630,10 +734,10 @@ app.post("/api/agents/:project/:agent/start", async (req, res) => {
 
 // --- Lifecycle: stop kills PTY + closes WS ---
 
-app.post("/api/agents/:project/:agent/stop", (req, res) => {
+app.post("/api/agents/:project/:agent/stop", async (req, res) => {
   const { project, agent } = req.params;
   const key = `${project}/${agent}`;
-  stopAgentSession(key);
+  await stopAgentSession(key);
   res.json({ ok: true, state: "stopped" });
 });
 
@@ -643,16 +747,16 @@ app.post("/api/agents/:project/:agent/restart", async (req, res) => {
   const { project, agent } = req.params;
   const key = `${project}/${agent}`;
 
-  stopAgentSession(key);
+  // #241: must await deregister before respawn so the slot frees and
+  // the fresh register lands at slot 1 instead of head-2.
+  await stopAgentSession(key);
 
-  setTimeout(async () => {
-    const result = await spawnAgentPty(project, agent);
-    if (result.ok) {
-      res.json({ ok: true, state: "running", pid: result.pid });
-    } else {
-      res.status(500).json({ ok: false, state: "error", error: result.error });
-    }
-  }, 500);
+  const result = await spawnAgentPty(project, agent);
+  if (result.ok) {
+    res.json({ ok: true, state: "running", pid: result.pid });
+  } else {
+    res.status(500).json({ ok: false, state: "error", error: result.error });
+  }
 });
 
 // --- Sessions tracking (for /api/projects dashboard) ---