takos-control 1.0.0

package/src/runtime/container-hosts/executor-auth.ts

@@ -0,0 +1,161 @@
+/**
+ * Proxy authentication, capability mapping, and resource access validation
+ * for the executor-host subsystem.
+ */
+
+import type { ProxyCapability } from './executor-utils';
+
+// ---------------------------------------------------------------------------
+// Allowed path patterns for service-to-service proxy forwarding
+// ---------------------------------------------------------------------------
+
+export const ALLOWED_RUNTIME_PROXY_PATHS = [
+  /^\/session(?:\/|$)/,
+  /^\/status(?:\/|$)/,
+  /^\/repos(?:\/|$)/,
+  /^\/actions\/jobs\/[^/]+$/,
+  /^\/cli-proxy\/.+/,
+] as const;
+
+export const ALLOWED_BROWSER_PROXY_PATHS = [
+  /^\/create$/,
+  /^\/session\/[^/]+$/,
+  /^\/session\/[^/]+\/(?:goto|action|extract|pdf|tab\/new|tab\/close|tab\/switch)$/,
+  /^\/session\/[^/]+\/(?:html|screenshot|tabs)$/,
+] as const;
+
+// ---------------------------------------------------------------------------
+// Proxy capability resolution
+// ---------------------------------------------------------------------------
+
+export function getRequiredProxyCapability(path: string): ProxyCapability | null {
+  if (
+    path.startsWith('/proxy/db/')
+    || path.startsWith('/proxy/offload/')
+    || path.startsWith('/proxy/git-objects/')
+    || path.startsWith('/proxy/do/')
+    || path.startsWith('/proxy/vectorize/')
+    || path.startsWith('/proxy/ai/')
+    || path.startsWith('/proxy/egress/')
+    || path.startsWith('/proxy/runtime/')
+    || path.startsWith('/proxy/browser/')
+    || path.startsWith('/proxy/queue/')
+  ) {
+    return 'bindings';
+  }
+
+  if (
+    path === '/proxy/heartbeat'
+    || path === '/proxy/run/status'
+    || path === '/proxy/run/fail'
+    || path === '/proxy/run/reset'
+    || path === '/proxy/api-keys'
+    || path === '/proxy/billing/run-usage'
+    || path === '/rpc/control/heartbeat'
+    || path === '/rpc/control/run-status'
+    || path === '/rpc/control/run-record'
+    || path === '/rpc/control/run-bootstrap'
+    || path === '/rpc/control/run-fail'
+    || path === '/rpc/control/run-reset'
+    || path === '/rpc/control/api-keys'
+    || path === '/rpc/control/billing-run-usage'
+    || path === '/rpc/control/run-context'
+    || path === '/rpc/control/no-llm-complete'
+    || path === '/rpc/control/conversation-history'
+    || path === '/rpc/control/skill-plan'
+    || path === '/rpc/control/memory-activation'
+    || path === '/rpc/control/memory-finalize'
+    || path === '/rpc/control/add-message'
+    || path === '/rpc/control/update-run-status'
+    || path === '/rpc/control/current-session'
+    || path === '/rpc/control/is-cancelled'
+    || path === '/rpc/control/tool-catalog'
+    || path === '/rpc/control/tool-execute'
+    || path === '/rpc/control/tool-cleanup'
+    || path === '/rpc/control/run-event'
+  ) {
+    return 'control';
+  }
+
+  // Unknown proxy paths must be rejected — return null signals unauthorized
+  return null;
+}
+
+// ---------------------------------------------------------------------------
+// Resource-level access validation
+// ---------------------------------------------------------------------------
+
+export function validateProxyResourceAccess(
+  path: string,
+  claims: Record<string, unknown>,
+  body: Record<string, unknown>,
+): boolean {
+  const claimRunId = typeof claims.run_id === 'string' ? claims.run_id : null;
+
+  if (path === '/proxy/do/fetch') {
+    return body.namespace === 'RUN_NOTIFIER'
+      && typeof body.name === 'string'
+      && !!claimRunId
+      && body.name === claimRunId;
+  }
+
+  if (path === '/proxy/queue/send' || path === '/proxy/queue/send-batch') {
+    return body.queue === 'index';
+  }
+
+  if (path === '/proxy/runtime/fetch') {
+    if (typeof body.url !== 'string') {
+      return false;
+    }
+
+    try {
+      const runtimeUrl = new URL(body.url);
+      return runtimeUrl.hostname === 'runtime-host'
+        && ALLOWED_RUNTIME_PROXY_PATHS.some((pattern) => pattern.test(runtimeUrl.pathname));
+    } catch {
+      return false;
+    }
+  }
+
+  if (path === '/proxy/browser/fetch') {
+    if (typeof body.url !== 'string') {
+      return false;
+    }
+
+    try {
+      const browserUrl = new URL(body.url);
+      return browserUrl.hostname === 'browser-host.internal'
+        && ALLOWED_BROWSER_PROXY_PATHS.some((pattern) => pattern.test(browserUrl.pathname));
+    } catch {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+// ---------------------------------------------------------------------------
+// Claims / body matching
+// ---------------------------------------------------------------------------
+
+export function claimsMatchRequestBody(
+  claims: Record<string, unknown>,
+  body: Record<string, unknown>,
+): boolean {
+  const claimRunId = typeof claims.run_id === 'string' ? claims.run_id : null;
+  const claimServiceId = typeof claims.service_id === 'string'
+    ? claims.service_id
+    : typeof claims.worker_id === 'string'
+      ? claims.worker_id
+      : null;
+  const bodyRunId = typeof body.runId === 'string' ? body.runId : null;
+  const bodyServiceId = typeof body.serviceId === 'string'
+    ? body.serviceId
+    : typeof body.workerId === 'string'
+      ? body.workerId
+      : null;
+
+  if (claimRunId && bodyRunId && claimRunId !== bodyRunId) return false;
+  if (claimServiceId && bodyServiceId && claimServiceId !== bodyServiceId) return false;
+  return true;
+}

package/src/runtime/container-hosts/executor-control-rpc.ts

@@ -0,0 +1,449 @@
+/**
+ * Control-plane RPC handlers for the executor-host subsystem.
+ *
+ * These handle /rpc/control/* requests: conversation history, skill planning,
+ * memory graph activation/finalization, message persistence, tool execution,
+ * run status updates, and run event emission.
+ */
+
+import { getDb } from '../../infra/db';
+import { runs, runEvents } from '../../infra/db/schema';
+import { eq, and } from 'drizzle-orm';
+import { logError } from '../../shared/utils/logger';
+import { persistMessage } from '../../application/services/agent/message-persistence';
+import type { AgentMessage } from '../../application/services/agent/agent-models';
+import {
+  buildConversationHistory,
+  updateRunStatusImpl,
+} from '../../application/services/agent/runner';
+import { resolveSkillPlanForRun } from '../../application/services/agent/skills';
+import { createToolExecutor, type ToolExecutorLike } from '../../application/tools/executor';
+import { AGENT_DISABLED_BUILTIN_TOOLS } from '../../application/tools/tool-policy';
+import type { ToolCall } from '../../application/tools/tool-definitions';
+import {
+  getActiveClaims,
+  countEvidenceForClaims,
+  getPathsForClaim,
+  upsertClaim,
+  insertEvidence,
+} from '../../application/services/memory-graph/claim-store';
+import { buildActivationBundles, renderActivationSegment } from '../../application/services/memory-graph/activation';
+import {
+  buildRunNotifierEmitPayload,
+  buildRunNotifierEmitRequest,
+  getRunNotifierStub,
+} from '../../application/services/run-notifier';
+import type { IndexJobQueueMessage } from '../../shared/types';
+import { ok, err, classifyProxyError } from './executor-utils';
+import type { Env } from './executor-utils';
+import { getRunBootstrap } from './executor-run-state';
+
+// ---------------------------------------------------------------------------
+// Remote tool executor cache
+// ---------------------------------------------------------------------------
+
+const remoteToolExecutors = new Map<string, Promise<ToolExecutorLike>>();
+
+async function createRemoteToolExecutor(runId: string, env: Env): Promise<ToolExecutorLike> {
+  const bootstrap = await getRunBootstrap(env, runId);
+
+  return createToolExecutor(
+    env as unknown as Parameters<typeof createToolExecutor>[0],
+    env.DB,
+    env.TAKOS_OFFLOAD,
+    bootstrap.spaceId,
+    bootstrap.sessionId ?? undefined,
+    bootstrap.threadId,
+    runId,
+    bootstrap.userId,
+    {
+      disabledBuiltinTools: [...AGENT_DISABLED_BUILTIN_TOOLS],
+    },
+    undefined,
+    undefined,
+    {
+      minimumRole: 'admin',
+    },
+  );
+}
+
+async function getOrCreateRemoteToolExecutor(runId: string, env: Env): Promise<ToolExecutorLike> {
+  const existing = remoteToolExecutors.get(runId);
+  if (existing) {
+    return existing;
+  }
+
+  const pending = createRemoteToolExecutor(runId, env);
+  remoteToolExecutors.set(runId, pending);
+  try {
+    return await pending;
+  } catch (error) {
+    remoteToolExecutors.delete(runId);
+    throw error;
+  }
+}
+
+async function cleanupRemoteToolExecutor(runId: string): Promise<void> {
+  const existing = remoteToolExecutors.get(runId);
+  if (!existing) {
+    return;
+  }
+  remoteToolExecutors.delete(runId);
+  try {
+    const executor = await existing;
+    await executor.cleanup();
+  } catch {
+    // Best-effort cleanup.
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Handlers
+// ---------------------------------------------------------------------------
+
+export async function handleConversationHistory(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const {
+    runId,
+    threadId,
+    spaceId,
+    aiModel,
+  } = body as {
+    runId?: string;
+    threadId?: string;
+    spaceId?: string;
+    aiModel?: string;
+  };
+  if (!runId || !threadId || !spaceId || !aiModel) {
+    return err('Missing runId, threadId, spaceId, or aiModel', 400);
+  }
+
+  try {
+    const history = await buildConversationHistory({
+      db: env.DB,
+      env: env as unknown as Parameters<typeof buildConversationHistory>[0]['env'],
+      threadId,
+      runId,
+      spaceId,
+      aiModel,
+    });
+    return ok({ history });
+  } catch (e: unknown) {
+    logError('Conversation history RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}
+
+export async function handleSkillPlan(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const {
+    runId,
+    threadId,
+    spaceId,
+    agentType,
+    history,
+    availableToolNames,
+  } = body as {
+    runId?: string;
+    threadId?: string;
+    spaceId?: string;
+    agentType?: string;
+    history?: AgentMessage[];
+    availableToolNames?: string[];
+  };
+  if (!runId || !threadId || !spaceId || !agentType || !Array.isArray(history) || !Array.isArray(availableToolNames)) {
+    return err('Missing runId, threadId, spaceId, agentType, history, or availableToolNames', 400);
+  }
+
+  try {
+    const result = await resolveSkillPlanForRun(env.DB, {
+      runId,
+      threadId,
+      spaceId,
+      agentType,
+      history,
+      availableToolNames,
+    });
+    return ok(result);
+  } catch (e: unknown) {
+    logError('Skill plan RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}
+
+export async function handleMemoryActivation(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const { spaceId } = body as { spaceId?: string };
+  if (!spaceId) return err('Missing spaceId', 400);
+
+  try {
+    const claims = await getActiveClaims(env.DB, spaceId, 50);
+    if (claims.length === 0) {
+      return ok({ bundles: [], segment: '', hasContent: false });
+    }
+
+    const claimIds = claims.map((claim) => claim.id);
+    const topClaims = claims.slice(0, 20);
+    const [evidenceCounts, pathsArrays] = await Promise.all([
+      countEvidenceForClaims(env.DB, claimIds),
+      Promise.all(topClaims.map((claim) => getPathsForClaim(env.DB, spaceId, claim.id, 5))),
+    ]);
+
+    const pathsByClaim = new Map<string, (typeof pathsArrays)[number]>();
+    for (let i = 0; i < topClaims.length; i++) {
+      if (pathsArrays[i].length > 0) {
+        pathsByClaim.set(topClaims[i].id, pathsArrays[i]);
+      }
+    }
+
+    const bundles = buildActivationBundles(claims, evidenceCounts, pathsByClaim);
+    return ok(renderActivationSegment(bundles));
+  } catch (e: unknown) {
+    logError('Memory activation RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}
+
+export async function handleMemoryFinalize(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const {
+    runId,
+    spaceId,
+    claims,
+    evidence,
+  } = body as {
+    runId?: string;
+    spaceId?: string;
+    claims?: Array<Record<string, unknown>>;
+    evidence?: Array<Record<string, unknown>>;
+  };
+  if (!runId || !spaceId || !Array.isArray(claims) || !Array.isArray(evidence)) {
+    return err('Missing runId, spaceId, claims, or evidence', 400);
+  }
+
+  try {
+    for (const claim of claims) {
+      await upsertClaim(env.DB, {
+        id: String(claim.id),
+        accountId: String(claim.accountId ?? spaceId),
+        claimType: claim.claimType as 'fact' | 'preference' | 'decision' | 'observation',
+        subject: String(claim.subject ?? ''),
+        predicate: String(claim.predicate ?? ''),
+        object: String(claim.object ?? ''),
+        confidence: typeof claim.confidence === 'number' ? claim.confidence : 0.5,
+        status: (claim.status as 'active' | 'superseded' | 'retracted') ?? 'active',
+        supersededBy: typeof claim.supersededBy === 'string' ? claim.supersededBy : null,
+        sourceRunId: typeof claim.sourceRunId === 'string' ? claim.sourceRunId : runId,
+      });
+    }
+
+    for (const item of evidence) {
+      await insertEvidence(env.DB, {
+        id: String(item.id),
+        accountId: String(item.accountId ?? spaceId),
+        claimId: String(item.claimId),
+        kind: item.kind as 'supports' | 'contradicts' | 'context',
+        sourceType: item.sourceType as 'tool_result' | 'user_message' | 'agent_inference' | 'memory_recall',
+        sourceRef: typeof item.sourceRef === 'string' ? item.sourceRef : null,
+        content: String(item.content ?? ''),
+        trust: typeof item.trust === 'number' ? item.trust : 0.7,
+        taint: typeof item.taint === 'string' ? item.taint : null,
+      });
+    }
+
+    if (env.INDEX_QUEUE) {
+      await env.INDEX_QUEUE.send({
+        version: 1,
+        jobId: crypto.randomUUID(),
+        spaceId,
+        type: 'memory_build_paths',
+        targetId: runId,
+        timestamp: Date.now(),
+      } satisfies IndexJobQueueMessage);
+    }
+
+    return ok({ success: true });
+  } catch (e: unknown) {
+    logError('Memory finalize RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}
+
+export async function handleAddMessage(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const {
+    threadId,
+    message,
+    metadata,
+  } = body as {
+    threadId?: string;
+    message?: AgentMessage;
+    metadata?: Record<string, unknown>;
+  };
+  if (!threadId || !message || typeof message !== 'object') {
+    return err('Missing threadId or message', 400);
+  }
+  if (
+    (message.role !== 'user' && message.role !== 'assistant' && message.role !== 'system' && message.role !== 'tool')
+    || typeof message.content !== 'string'
+  ) {
+    return err('Invalid message payload', 400);
+  }
+
+  try {
+    await persistMessage(
+      { db: env.DB, env: env as unknown as Parameters<typeof persistMessage>[0]['env'], threadId },
+      message,
+      metadata,
+    );
+    return ok({ success: true });
+  } catch (e: unknown) {
+    logError('Add message RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}
+
+export async function handleUpdateRunStatus(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const {
+    runId,
+    status,
+    usage,
+    output,
+    error: errorMessage,
+  } = body as {
+    runId?: string;
+    status?: 'pending' | 'queued' | 'running' | 'completed' | 'failed' | 'cancelled';
+    usage?: { inputTokens?: number; outputTokens?: number };
+    output?: string;
+    error?: string;
+  };
+  if (!runId || !status) {
+    return err('Missing runId or status', 400);
+  }
+  if (!usage || typeof usage.inputTokens !== 'number' || typeof usage.outputTokens !== 'number') {
+    return err('Missing usage', 400);
+  }
+
+  try {
+    await updateRunStatusImpl(
+      env.DB,
+      runId,
+      {
+        inputTokens: usage.inputTokens,
+        outputTokens: usage.outputTokens,
+      },
+      status,
+      output,
+      errorMessage,
+    );
+    return ok({ success: true });
+  } catch (e: unknown) {
+    logError('Update run status RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}
+
+export async function handleToolCatalog(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const { runId } = body as { runId?: string };
+  if (!runId) return err('Missing runId', 400);
+
+  try {
+    const executor = await getOrCreateRemoteToolExecutor(runId, env);
+    return ok({
+      tools: executor.getAvailableTools(),
+      mcpFailedServers: executor.mcpFailedServers,
+    });
+  } catch (e: unknown) {
+    logError('Tool catalog RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}
+
+export async function handleToolExecute(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const { runId, toolCall } = body as { runId?: string; toolCall?: ToolCall };
+  if (!runId || !toolCall || typeof toolCall !== 'object') {
+    return err('Missing runId or toolCall', 400);
+  }
+  if (
+    typeof toolCall.id !== 'string'
+    || typeof toolCall.name !== 'string'
+    || typeof toolCall.arguments !== 'object'
+    || toolCall.arguments == null
+  ) {
+    return err('Invalid toolCall payload', 400);
+  }
+
+  try {
+    const executor = await getOrCreateRemoteToolExecutor(runId, env);
+    return ok(await executor.execute(toolCall));
+  } catch (e: unknown) {
+    logError('Tool execute RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}
+
+export async function handleToolCleanup(body: Record<string, unknown>): Promise<Response> {
+  const { runId } = body as { runId?: string };
+  if (!runId) return err('Missing runId', 400);
+
+  await cleanupRemoteToolExecutor(runId);
+  return ok({ success: true });
+}
+
+export async function handleRunEvent(body: Record<string, unknown>, env: Env): Promise<Response> {
+  const {
+    runId,
+    type,
+    data,
+    sequence,
+    skipDb,
+  } = body as {
+    runId?: string;
+    type?: AgentMessage['role'] | 'thinking' | 'tool_call' | 'tool_result' | 'message' | 'completed' | 'error' | 'progress' | 'started' | 'cancelled';
+    data?: Record<string, unknown>;
+    sequence?: number;
+    skipDb?: boolean;
+  };
+
+  if (!runId || !type || !data || typeof data !== 'object' || typeof sequence !== 'number') {
+    return err('Missing runId, type, data, or sequence', 400);
+  }
+
+  const now = new Date().toISOString();
+  const offloadEnabled = Boolean(env.TAKOS_OFFLOAD);
+  let legacyEventId: number | null = null;
+
+  try {
+    if (!skipDb && !offloadEnabled) {
+      const db = getDb(env.DB);
+      const persisted = await db.insert(runEvents).values({
+        runId,
+        type,
+        data: JSON.stringify({ ...data, _sequence: sequence }),
+        createdAt: now,
+      }).returning({ id: runEvents.id }).get();
+      legacyEventId = persisted?.id ?? null;
+    }
+
+    const stub = getRunNotifierStub(env as never, runId);
+    const emitResponse = await stub.fetch(
+      buildRunNotifierEmitRequest(
+        buildRunNotifierEmitPayload(runId, type, data, legacyEventId),
+      ) as never,
+    );
+
+    if (!emitResponse.ok) {
+      const text = await emitResponse.text().catch(() => '');
+      return err(`Run event emit failed: ${emitResponse.status} ${text}`.trim(), 502);
+    }
+
+    return ok({ success: true });
+  } catch (e: unknown) {
+    logError('Run event RPC error', e, { module: 'executor-host' });
+    const classified = classifyProxyError(e);
+    return err(classified.message, classified.status);
+  }
+}

package/src/runtime/container-hosts/executor-dispatch.ts

@@ -0,0 +1,84 @@
+export interface AgentExecutorDispatchPayload {
+  runId: string;
+  workerId: string;
+  serviceId?: string;
+  model?: string;
+  leaseVersion?: number;
+}
+
+export interface AgentExecutorControlConfig {
+  controlRpcBaseUrl?: string;
+  controlRpcToken: string;
+}
+
+export interface AgentExecutorStartPayload extends AgentExecutorDispatchPayload, AgentExecutorControlConfig {}
+
+export interface AgentExecutorDispatchResult {
+  ok: boolean;
+  status: number;
+  body: string;
+}
+
+export interface AgentExecutorDispatchTarget {
+  startAndWaitForPorts(ports?: number | number[]): Promise<void>;
+  fetch(request: Request): Promise<Response>;
+}
+
+export interface AgentExecutorDispatchStub {
+  dispatchStart(body: AgentExecutorDispatchPayload): Promise<AgentExecutorDispatchResult>;
+}
+
+export function resolveAgentExecutorServiceId(body: AgentExecutorDispatchPayload): string | null {
+  return body.serviceId?.trim() || body.workerId?.trim() || null;
+}
+
+export async function dispatchAgentExecutorStart(
+  target: AgentExecutorDispatchTarget,
+  body: AgentExecutorDispatchPayload,
+  controlConfig: AgentExecutorControlConfig,
+): Promise<AgentExecutorDispatchResult> {
+  const serviceId = resolveAgentExecutorServiceId(body);
+  if (!serviceId) {
+    return {
+      ok: false,
+      status: 400,
+      body: JSON.stringify({ error: 'Missing serviceId or workerId' }),
+    };
+  }
+  await target.startAndWaitForPorts(8080);
+
+  const startPayload: AgentExecutorStartPayload = {
+    ...body,
+    workerId: body.workerId || serviceId,
+    serviceId,
+    ...controlConfig,
+  };
+
+  const response = await target.fetch(new Request('https://executor/start', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(startPayload),
+  }));
+
+  return {
+    ok: response.ok,
+    status: response.status,
+    body: await response.text(),
+  };
+}
+
+export async function forwardAgentExecutorDispatch(
+  stub: AgentExecutorDispatchStub,
+  body: AgentExecutorDispatchPayload,
+): Promise<Response> {
+  try {
+    const result = await stub.dispatchStart(body);
+    return new Response(result.body, { status: result.status });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return new Response(JSON.stringify({ error: `Failed to start container: ${message}` }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+}