takos-runtime-service 1.0.0

package/src/routes/repos/write.ts

@@ -0,0 +1,274 @@
+import { Hono } from 'hono';
+import { runGitCommand } from '../../runtime/git.js';
+import { validateGitAuthorName, validateGitAuthorEmail } from '../../runtime/validation.js';
+import { mergeTempDirManager } from '../../utils/temp-dir.js';
+import { getErrorMessage } from 'takos-common/errors';
+import {
+  getVerifiedRepoPath,
+  validateRef,
+  resolveAndValidateWorkDir,
+  requireRepoParams,
+} from './repo-validation.js';
+import { isBoundaryViolationError } from '../../shared/errors.js';
+import { badRequest, forbidden, internalError } from 'takos-common/middleware/hono';
+import { ErrorCodes } from 'takos-common/errors';
+
+const app = new Hono();
+
+// ---------------------------------------------------------------------------
+// commit + push
+// ---------------------------------------------------------------------------
+
+app.post('/repos/commit', async (c) => {
+  try {
+    const { workDir, message, author } = await c.req.json() as {
+      workDir: string;
+      message: string;
+      author?: { name: string; email: string };
+    };
+
+    if (!workDir || !message) {
+      return badRequest(c, 'workDir and message are required');
+    }
+
+    const workDirResult = await resolveAndValidateWorkDir(c, workDir);
+    if ('error' in workDirResult) return workDirResult.error;
+    const resolvedWorkDir = workDirResult.resolved;
+
+    const gitEnv: Record<string, string> = {};
+    if (author) {
+      try {
+        validateGitAuthorName(author.name);
+        validateGitAuthorEmail(author.email);
+      } catch (err) {
+        return badRequest(c, getErrorMessage(err));
+      }
+
+      gitEnv.GIT_AUTHOR_NAME = author.name;
+      gitEnv.GIT_AUTHOR_EMAIL = author.email;
+      gitEnv.GIT_COMMITTER_NAME = author.name;
+      gitEnv.GIT_COMMITTER_EMAIL = author.email;
+    }
+
+    const addResult = await runGitCommand(['add', '-A'], resolvedWorkDir, gitEnv);
+    if (addResult.exitCode !== 0) {
+      return internalError(c, 'Failed to stage changes', { output: addResult.output });
+    }
+
+    const statusResult = await runGitCommand(['status', '--porcelain'], resolvedWorkDir, gitEnv);
+    if (statusResult.output.trim() === '') {
+      return c.json({ success: true, message: 'No changes to commit', committed: false });
+    }
+
+    const commitResult = await runGitCommand(['commit', '-m', message], resolvedWorkDir, gitEnv);
+    if (commitResult.exitCode !== 0) {
+      return internalError(c, 'Failed to commit changes', { output: commitResult.output });
+    }
+
+    const hashResult = await runGitCommand(['rev-parse', 'HEAD'], resolvedWorkDir, gitEnv);
+
+    return c.json({
+      success: true,
+      committed: true,
+      commitHash: hashResult.output.trim(),
+      message: 'Changes committed successfully',
+    });
+  } catch (err) {
+    if (isBoundaryViolationError(err)) {
+      return forbidden(c, 'Path escapes workdir boundary');
+    }
+    return internalError(c, getErrorMessage(err));
+  }
+});
+
+app.post('/repos/push', async (c) => {
+  try {
+    const { workDir, branch } = await c.req.json() as {
+      workDir: string;
+      branch?: string;
+    };
+
+    if (!workDir) {
+      return badRequest(c, 'workDir is required');
+    }
+
+    const workDirResult = await resolveAndValidateWorkDir(c, workDir);
+    if ('error' in workDirResult) return workDirResult.error;
+    const resolvedWorkDir = workDirResult.resolved;
+
+    let branchToPush = branch;
+    if (!branchToPush) {
+      const branchResult = await runGitCommand(
+        ['rev-parse', '--abbrev-ref', 'HEAD'],
+        resolvedWorkDir
+      );
+      branchToPush = branchResult.output.trim() || 'main';
+    }
+
+    const refErr = validateRef(c, branchToPush);
+    if (refErr) return refErr;
+
+    const { exitCode, output } = await runGitCommand(
+      ['push', 'origin', branchToPush],
+      resolvedWorkDir
+    );
+
+    if (exitCode !== 0) {
+      return internalError(c, 'Failed to push to origin', { output });
+    }
+
+    return c.json({
+      success: true,
+      branch: branchToPush,
+      message: 'Pushed to origin successfully',
+    });
+  } catch (err) {
+    if (isBoundaryViolationError(err)) {
+      return forbidden(c, 'Path escapes workdir boundary');
+    }
+    return internalError(c, getErrorMessage(err));
+  }
+});
+
+// ---------------------------------------------------------------------------
+// diff
+// ---------------------------------------------------------------------------
+
+app.get('/repos/:spaceId/:repoName/diff', async (c) => {
+  try {
+    const spaceId = c.req.param('spaceId');
+    const repoName = c.req.param('repoName');
+    const base = c.req.query('base');
+    const head = c.req.query('head');
+
+    const paramsErr = requireRepoParams(c, spaceId, repoName);
+    if (paramsErr) return paramsErr;
+
+    if (!base || !head) {
+      return badRequest(c, 'base and head query parameters are required');
+    }
+
+    const baseRefErr = validateRef(c, base);
+    if (baseRefErr) return baseRefErr;
+    const headRefErr = validateRef(c, head);
+    if (headRefErr) return headRefErr;
+
+    if (base.startsWith('--') || head.startsWith('--')) {
+      return badRequest(c, 'Invalid ref format');
+    }
+
+    const repoResult = await getVerifiedRepoPath(c, spaceId, repoName);
+    if ('error' in repoResult) return repoResult.error;
+    const gitPath = repoResult.gitPath;
+
+    const { exitCode, output } = await runGitCommand(['diff', `${base}...${head}`], gitPath);
+
+    if (exitCode !== 0) {
+      return internalError(c, 'Failed to generate diff', { output });
+    }
+
+    return c.json({ success: true, diff: output, base, head });
+  } catch (err) {
+    return internalError(c, getErrorMessage(err));
+  }
+});
+
+// ---------------------------------------------------------------------------
+// merge
+// ---------------------------------------------------------------------------
+
+function isConflictLine(line: string): boolean {
+  return ['UU', 'AA', 'DD'].some((prefix) => line.startsWith(prefix));
+}
+
+app.post('/repos/merge', async (c) => {
+  try {
+    const { spaceId, repoName, sourceBranch, targetBranch, message } = await c.req.json() as {
+      spaceId: string;
+      repoName: string;
+      sourceBranch: string;
+      targetBranch: string;
+      message?: string;
+    };
+
+    if (!spaceId || !repoName || !sourceBranch || !targetBranch) {
+      return badRequest(c, 'spaceId, repoName, sourceBranch, and targetBranch are required');
+    }
+
+    const sourceRefErr = validateRef(c, sourceBranch);
+    if (sourceRefErr) return sourceRefErr;
+    const targetRefErr = validateRef(c, targetBranch);
+    if (targetRefErr) return targetRefErr;
+
+    const repoResult = await getVerifiedRepoPath(c, spaceId, repoName);
+    if ('error' in repoResult) return repoResult.error;
+    const gitPath = repoResult.gitPath;
+
+    const tempDir = await mergeTempDirManager.createTempDirWithCleanup(
+      `takos-merge-${spaceId.slice(0, 8)}-`
+    );
+
+    try {
+      const cloneResult = await runGitCommand(['clone', gitPath, tempDir], '/');
+      if (cloneResult.exitCode !== 0) {
+        return internalError(c, 'Failed to clone repository for merge', { output: cloneResult.output });
+      }
+
+      const checkoutResult = await runGitCommand(['checkout', targetBranch], tempDir);
+      if (checkoutResult.exitCode !== 0) {
+        return badRequest(c, `Failed to checkout target branch: ${targetBranch}`, { output: checkoutResult.output });
+      }
+
+      const mergeArgs = ['merge', sourceBranch, '--no-edit'];
+      if (message) {
+        if (typeof message !== 'string' || message.length > 4096) {
+          return badRequest(c, 'Merge message must be a string of at most 4096 characters');
+        }
+        if (/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/.test(message)) {
+          return badRequest(c, 'Merge message contains invalid control characters');
+        }
+        mergeArgs.push('-m', message);
+      }
+
+      const mergeResult = await runGitCommand(mergeArgs, tempDir);
+
+      if (mergeResult.exitCode !== 0) {
+        const statusResult = await runGitCommand(['status', '--porcelain'], tempDir);
+        const statusLines = statusResult.output.split('\n');
+        const conflictFiles = statusLines.filter(isConflictLine).map((line) => line.slice(3).trim());
+
+        if (conflictFiles.length > 0) {
+          await runGitCommand(['merge', '--abort'], tempDir);
+          return c.json({ error: { code: ErrorCodes.CONFLICT, message: 'Merge conflict', details: { conflicts: conflictFiles, output: mergeResult.output } } }, 409);
+        }
+
+        return internalError(c, 'Failed to merge branches', { output: mergeResult.output });
+      }
+
+      const hashResult = await runGitCommand(['rev-parse', 'HEAD'], tempDir);
+      const commitHash = hashResult.output.trim();
+
+      const pushResult = await runGitCommand(['push', 'origin', targetBranch], tempDir);
+      if (pushResult.exitCode !== 0) {
+        return internalError(c, 'Merge succeeded but failed to push to origin', {
+          commitHash,
+          output: pushResult.output,
+        });
+      }
+
+      return c.json({
+        success: true,
+        commitHash,
+        sourceBranch,
+        targetBranch,
+        message: `Successfully merged ${sourceBranch} into ${targetBranch}`,
+      });
+    } finally {
+      await mergeTempDirManager.cleanupTempDir(tempDir);
+    }
+  } catch (err) {
+    return internalError(c, getErrorMessage(err));
+  }
+});
+
+export default app;

package/src/routes/runtime/exec.ts

@@ -0,0 +1,147 @@
+import { Hono } from 'hono';
+import {
+  MAX_EXEC_COMMANDS,
+  MAX_EXEC_FILE_BYTES,
+  MAX_EXEC_FILES,
+  MAX_EXEC_OUTPUTS,
+  MAX_EXEC_TOTAL_BYTES,
+} from '../../shared/config.js';
+import { writeAuditLog, type AuditEntry } from '../../utils/audit-log.js';
+import { badRequest, forbidden, internalError, notFound } from 'takos-common/middleware/hono';
+import { ErrorCodes } from 'takos-common/errors';
+import { createLogger } from 'takos-common/logger';
+import { hasSpaceScopeMismatch, SPACE_SCOPE_MISMATCH_ERROR } from '../../middleware/space-scope.js';
+import { validateRuntimeExecEnv } from '../../utils/sandbox-env.js';
+
+import {
+  type ExecInput,
+  getProcess,
+  isSpaceConcurrencyExceeded,
+  ensureProcessCapacity,
+  sanitizeErrorMessage,
+  runExec,
+} from '../../runtime/exec-runner.js';
+
+const logger = createLogger({ service: 'takos-runtime' });
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function fireAuditLog(entry: AuditEntry): void {
+  void writeAuditLog(entry).catch((err: unknown) => logger.error('[audit] writeAuditLog failed', { error: err }));
+}
+
+/**
+ * Validate the exec request body. Returns an error string if invalid, null if valid.
+ */
+function validateExecBody(body: ExecInput): string | null {
+  if (!body.space_id || !body.commands || body.commands.length === 0) {
+    return 'Missing required fields: space_id, commands';
+  }
+  if (body.commands.length > MAX_EXEC_COMMANDS) {
+    return `Too many commands (max ${MAX_EXEC_COMMANDS})`;
+  }
+  if (body.files && body.files.length > MAX_EXEC_FILES) {
+    return `Too many files (max ${MAX_EXEC_FILES})`;
+  }
+  if (body.return_outputs && body.return_outputs.length > MAX_EXEC_OUTPUTS) {
+    return `Too many output files requested (max ${MAX_EXEC_OUTPUTS})`;
+  }
+  if (body.files && body.files.length > 0) {
+    let totalBytes = 0;
+    for (const file of body.files) {
+      const bytes = Buffer.byteLength(file.content ?? '', 'utf-8');
+      if (bytes > MAX_EXEC_FILE_BYTES) {
+        return `File too large: ${file.path}`;
+      }
+      totalBytes += bytes;
+      if (totalBytes > MAX_EXEC_TOTAL_BYTES) {
+        return 'Total file size exceeded';
+      }
+    }
+  }
+  return null;
+}
+
+// ---------------------------------------------------------------------------
+// Router
+// ---------------------------------------------------------------------------
+
+const app = new Hono();
+
+app.post('/exec', async (c) => {
+  const execStartTime = Date.now();
+  try {
+    const body = await c.req.json() as ExecInput;
+
+    const validationError = validateExecBody(body);
+    if (validationError) {
+      return badRequest(c, validationError);
+    }
+
+    if (hasSpaceScopeMismatch(c, body.space_id)) {
+      return forbidden(c, SPACE_SCOPE_MISMATCH_ERROR);
+    }
+
+    // Validate user-supplied environment variables
+    if (body.env) {
+      const envValidation = validateRuntimeExecEnv(body.env as Record<string, string> | undefined);
+      if (envValidation.ok === false) {
+        return badRequest(c, envValidation.error);
+      }
+    }
+
+    const auditBase: Omit<AuditEntry, 'timestamp' | 'status'> = {
+      event: 'exec',
+      spaceId: body.space_id,
+      commands: body.commands,
+      ip: c.req.header('x-forwarded-for') || 'unknown',
+      requestId: c.get('requestId'),
+    };
+
+    fireAuditLog({ ...auditBase, timestamp: new Date().toISOString(), status: 'started' });
+
+    if (isSpaceConcurrencyExceeded(body.space_id)) {
+      return c.json({ error: { code: ErrorCodes.RATE_LIMITED, message: 'Space concurrency limit reached (max concurrent executions)' } }, 429);
+    }
+
+    if (!ensureProcessCapacity()) {
+      return c.json({ error: { code: ErrorCodes.SERVICE_UNAVAILABLE, message: 'Server at capacity. Please try again later.' } }, 503);
+    }
+
+    const result = await runExec(body);
+
+    fireAuditLog({
+      ...auditBase,
+      timestamp: new Date().toISOString(),
+      exitCode: result.exit_code,
+      durationMs: Date.now() - execStartTime,
+      status: result.status === 'completed' ? 'completed' : 'failed',
+      error: result.error,
+    });
+
+    return c.json(result);
+  } catch (err) {
+    c.get('log')?.error('Exec error', { error: err });
+    return internalError(c, sanitizeErrorMessage(err));
+  }
+});
+
+app.get('/status/:id', (c) => {
+  const proc = getProcess(c.req.param('id'));
+
+  if (!proc) {
+    return notFound(c, 'Process not found');
+  }
+
+  return c.json({
+    runtime_id: proc.id,
+    status: proc.status,
+    output: proc.output,
+    error: proc.error,
+    exit_code: proc.exit_code,
+  });
+});
+
+export default app;

package/src/routes/runtime/tools.ts

@@ -0,0 +1,113 @@
+import { Hono } from 'hono';
+import { Worker } from 'worker_threads';
+import { existsSync } from 'fs';
+import path from 'path';
+import { TOOL_NAME_PATTERN, DEFAULT_TIMEOUT_MS, MAX_TIMEOUT_MS } from '../../shared/config.js';
+import { getWorkerResourceLimits } from '../../runtime/validation.js';
+import { getErrorMessage } from 'takos-common/errors';
+import { badRequest } from 'takos-common/middleware/hono';
+import { createLogger } from 'takos-common/logger';
+const logger = createLogger({ service: 'takos-runtime' });
+
+interface ExecuteToolRequest {
+  code: string;
+  toolName: string;
+  parameters: Record<string, unknown>;
+  secrets: Record<string, string>;
+  config: Record<string, unknown>;
+  permissions: {
+    allowedDomains: string[];
+    filePermission: 'read' | 'write' | 'none';
+  };
+  timeout?: number;
+  maxMemory?: number;
+}
+
+interface ToolResult {
+  success: boolean;
+  output: string;
+  error?: string;
+  executionTime: number;
+}
+
+function resolveWorkerPath(): string {
+  const jsPath = path.join(__dirname, '../../runtime/tools/worker.js');
+  return existsSync(jsPath) ? jsPath : path.join(__dirname, '../../runtime/tools/worker.ts');
+}
+
+const app = new Hono();
+
+app.post('/execute-tool', async (c) => {
+  const startTime = Date.now();
+  const body = await c.req.json() as ExecuteToolRequest;
+
+  if (!body.code || !body.toolName) {
+    return badRequest(c, 'Missing required fields: code, toolName');
+  }
+
+  if (!TOOL_NAME_PATTERN.test(body.toolName)) {
+    return badRequest(c, 'Invalid toolName format');
+  }
+
+  const timeout = Math.min(body.timeout || DEFAULT_TIMEOUT_MS, MAX_TIMEOUT_MS);
+
+  try {
+    const result = await new Promise<ToolResult>((resolve, reject) => {
+      const worker = new Worker(resolveWorkerPath(), {
+        execArgv: process.execArgv,
+        resourceLimits: getWorkerResourceLimits(body.maxMemory),
+      });
+      let settled = false;
+
+      const hardTimeout = setTimeout(() => {
+        settle(() => reject(new Error(`Execution timed out after ${timeout}ms`)));
+      }, timeout + 1_000 /* hard timeout margin */);
+
+      function settle(action: () => void): void {
+        if (settled) return;
+        settled = true;
+        clearTimeout(hardTimeout);
+        // Await termination to ensure clean resource cleanup
+        worker.terminate().catch((err) => { logger.warn('Worker terminate failed (non-critical)', { module: 'runtime/tools', error: err }); });
+        action();
+      }
+
+      worker.on('message', (message) => {
+        settle(() => resolve(message as ToolResult));
+      });
+
+      worker.on('error', (err) => {
+        settle(() => reject(err));
+      });
+
+      worker.on('exit', (code) => {
+        if (code !== 0) {
+          settle(() => reject(new Error(`Tool worker exited with code ${code}`)));
+        }
+      });
+
+      worker.postMessage({
+        code: body.code,
+        toolName: body.toolName,
+        parameters: body.parameters,
+        secrets: body.secrets,
+        config: body.config,
+        allowedDomains: body.permissions?.allowedDomains || [],
+        timeout,
+      });
+    });
+
+    return c.json({
+      ...result,
+      executionTime: result.executionTime || Date.now() - startTime,
+    });
+  } catch (err) {
+    return c.json({
+      error: getErrorMessage(err),
+      output: '',
+      executionTime: Date.now() - startTime,
+    });
+  }
+});
+
+export default app;