taskode 0.4.0

package/src/app-server.js

@@ -0,0 +1,555 @@
+import readline from 'node:readline';
+import { spawn } from 'node:child_process';
+import { assertPathInsideRoot, assertRemotePathSafe } from './path-safety.js';
+import { resolveTurnSandboxPolicy } from './workflow.js';
+import { shellEscape, startSSHProcess } from './ssh.js';
+
+const NON_INTERACTIVE_ANSWER = 'This is a non-interactive session. Operator input is unavailable.';
+const TOOL_NAME_LINEAR_GRAPHQL = 'linear_graphql';
+
+export async function runAppServerSession({
+  command,
+  cwd,
+  issue,
+  tracker,
+  config,
+  prompt,
+  maxTurns,
+  runId,
+  store,
+  workerHost = null
+}) {
+  const safeCwd = workerHost ? assertRemotePathSafe(cwd) : assertPathInsideRoot(cwd, config.workspaceRoot);
+  const child = startProcess(command, safeCwd, workerHost);
+  const stream = new RpcStream({ child, runId, store, workerHost });
+  const startedAt = Date.now();
+  const telemetry = {
+    sessionId: null,
+    threadId: null,
+    turnId: null,
+    turnCount: 0,
+    inputTokens: 0,
+    outputTokens: 0,
+    totalTokens: 0,
+    lastEvent: null,
+    workerHost,
+    rateLimits: null
+  };
+
+  try {
+    await initializeSession(stream, safeCwd, tracker, config, telemetry);
+
+    let currentIssue = issue;
+    let currentPrompt = prompt;
+    let completedTurns = 0;
+
+    while (completedTurns < maxTurns) {
+      completedTurns += 1;
+      const turn = await startTurn(stream, safeCwd, currentIssue, currentPrompt, config, telemetry);
+      telemetry.turnCount = completedTurns;
+      telemetry.sessionId = `${telemetry.threadId}-${turn.id}`;
+      telemetry.turnId = turn.id;
+
+      const turnResult = await awaitTurnCompletion({
+        stream,
+        tracker,
+        config,
+        telemetry
+      });
+
+      if (turnResult.status !== 'succeeded') {
+        return {
+          status: 'failed',
+          code: turnResult.code,
+          output: stream.stdoutRaw,
+          error: turnResult.error || stream.stderrRaw,
+          durationMs: Date.now() - startedAt,
+          telemetry
+        };
+      }
+
+      const continuation = await maybeContinueIssue({
+        issue: currentIssue,
+        tracker,
+        config,
+        turnNumber: completedTurns,
+        maxTurns
+      });
+
+      if (!continuation.shouldContinue) {
+        return {
+          status: 'succeeded',
+          code: 0,
+          output: stream.stdoutRaw,
+          error: stream.stderrRaw,
+          durationMs: Date.now() - startedAt,
+          telemetry
+        };
+      }
+
+      currentIssue = continuation.issue;
+      currentPrompt = buildContinuationPrompt(completedTurns + 1, maxTurns);
+    }
+
+    return {
+      status: 'succeeded',
+      code: 0,
+      output: stream.stdoutRaw,
+      error: stream.stderrRaw,
+      durationMs: Date.now() - startedAt,
+      telemetry
+    };
+  } finally {
+    stream.close();
+  }
+}
+
+function startProcess(command, cwd, workerHost) {
+  if (workerHost) {
+    return startSSHProcess(workerHost, `cd ${shellEscape(cwd)} && exec ${command}`);
+  }
+
+  return spawn(command, { cwd, shell: '/bin/bash', stdio: ['pipe', 'pipe', 'pipe'] });
+}
+
+async function initializeSession(stream, cwd, tracker, config, telemetry) {
+  await stream.request(1, {
+    method: 'initialize',
+    params: {
+      capabilities: { experimentalApi: true },
+      clientInfo: {
+        name: 'taskode-orchestrator',
+        title: 'Taskode Orchestrator',
+        version: '0.4.0'
+      }
+    }
+  }, config.codex.readTimeoutMs);
+
+  stream.notify({ method: 'initialized', params: {} });
+
+  const response = await stream.request(2, {
+    method: 'thread/start',
+    params: {
+      approvalPolicy: config.codex.approvalPolicy,
+      sandbox: config.codex.threadSandbox,
+      cwd,
+      dynamicTools: dynamicToolsForTracker(config, tracker)
+    }
+  }, config.codex.readTimeoutMs);
+
+  const threadId = response?.thread?.id;
+  if (!threadId) {
+    throw new Error(`Invalid thread/start response: ${JSON.stringify(response)}`);
+  }
+
+  telemetry.threadId = threadId;
+}
+
+async function startTurn(stream, cwd, issue, prompt, config, telemetry) {
+  const requestId = stream.nextRequestId();
+  const response = await stream.request(requestId, {
+    method: 'turn/start',
+    params: {
+      threadId: telemetry.threadId,
+      input: [{ type: 'text', text: prompt }],
+      cwd,
+      title: `${issue.identifier}: ${issue.title}`,
+      approvalPolicy: config.codex.approvalPolicy,
+      sandboxPolicy: resolveTurnSandboxPolicy(config, cwd, { remote: Boolean(telemetry.workerHost) })
+    }
+  }, config.codex.readTimeoutMs);
+
+  const turnId = response?.turn?.id;
+  if (!turnId) {
+    throw new Error(`Invalid turn/start response: ${JSON.stringify(response)}`);
+  }
+
+  return { id: turnId };
+}
+
+async function awaitTurnCompletion({ stream, tracker, config, telemetry }) {
+  const autoApprove = config.codex.approvalPolicy === 'never';
+  const deadlineMs = Date.now() + config.codex.turnTimeoutMs;
+
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.max(config.codex.readTimeoutMs, deadlineMs - Date.now());
+    const message = await stream.nextEvent(remaining);
+
+    if (!message) {
+      continue;
+    }
+
+    integrateTelemetry(telemetry, message);
+
+    if (message.method === 'turn/completed') {
+      telemetry.lastEvent = 'turn/completed';
+      return { status: 'succeeded', code: 0 };
+    }
+
+    if (message.method === 'turn/failed' || message.method === 'turn/cancelled') {
+      telemetry.lastEvent = message.method;
+      return {
+        status: 'failed',
+        code: 1,
+        error: JSON.stringify(message.params || message)
+      };
+    }
+
+    if (handleTurnInputRequirement(message)) {
+      telemetry.lastEvent = message.method;
+      return {
+        status: 'failed',
+        code: 2,
+        error: `Turn requires operator input: ${message.method}`
+      };
+    }
+
+    if (await maybeHandleToolCall({ stream, message, tracker })) {
+      continue;
+    }
+
+    if (await maybeHandleApprovalRequest({ stream, message, autoApprove })) {
+      continue;
+    }
+  }
+
+  return { status: 'failed', code: 124, error: 'app-server turn timeout' };
+}
+
+async function maybeHandleToolCall({ stream, message, tracker }) {
+  if (message.method !== 'item/tool/call') return false;
+
+  const params = message.params || {};
+  const toolName = params.tool || params.name || null;
+  const result = await tracker.executeDynamicTool(toolName, params.arguments ?? {});
+  stream.respond(message.id, normalizeDynamicToolResult(result));
+  return true;
+}
+
+async function maybeHandleApprovalRequest({ stream, message, autoApprove }) {
+  const decisionMethods = new Map([
+    ['item/commandExecution/requestApproval', 'acceptForSession'],
+    ['execCommandApproval', 'approved_for_session'],
+    ['applyPatchApproval', 'approved_for_session'],
+    ['item/fileChange/requestApproval', 'acceptForSession']
+  ]);
+
+  if (decisionMethods.has(message.method)) {
+    if (!autoApprove) return false;
+    stream.respond(message.id, { decision: decisionMethods.get(message.method) });
+    return true;
+  }
+
+  if (message.method === 'item/tool/requestUserInput') {
+    const answers = autoApprove
+      ? approvalAnswers(message.params)
+      : unavailableAnswers(message.params);
+
+    if (!answers) return false;
+    stream.respond(message.id, { answers });
+    return true;
+  }
+
+  return false;
+}
+
+async function maybeContinueIssue({ issue, tracker, config, turnNumber, maxTurns }) {
+  if (config.tracker.kind === 'local') {
+    return { shouldContinue: false, issue };
+  }
+
+  if (turnNumber >= maxTurns) {
+    return { shouldContinue: false, issue };
+  }
+
+  const refreshed = await tracker.fetchByIds([issue.id]);
+  const nextIssue = refreshed[0] || issue;
+  const normalizedState = String(nextIssue.state || '').trim().toLowerCase();
+  const activeStates = new Set(config.tracker.activeStates.map((entry) => String(entry).trim().toLowerCase()));
+
+  return {
+    shouldContinue: activeStates.has(normalizedState),
+    issue: nextIssue
+  };
+}
+
+function buildContinuationPrompt(turnNumber, maxTurns) {
+  return [
+    'Continuation guidance:',
+    '',
+    '- The previous app-server turn completed normally, but the issue is still active.',
+    `- This is continuation turn ${turnNumber} of ${maxTurns}.`,
+    '- Resume from the current workspace and thread state instead of restarting.',
+    '- Focus only on the remaining work.'
+  ].join('\n');
+}
+
+function dynamicToolsForTracker(config, tracker) {
+  if (config.tracker.kind !== 'linear') {
+    return [];
+  }
+
+  if (typeof tracker.executeDynamicTool !== 'function') {
+    return [];
+  }
+
+  return [
+    {
+      name: TOOL_NAME_LINEAR_GRAPHQL,
+      description: 'Execute a raw GraphQL query or mutation against Linear using Taskode credentials.',
+      inputSchema: {
+        type: 'object',
+        additionalProperties: false,
+        required: ['query'],
+        properties: {
+          query: {
+            type: 'string',
+            description: 'GraphQL query or mutation document to execute against Linear.'
+          },
+          variables: {
+            type: ['object', 'null'],
+            description: 'Optional GraphQL variables object.',
+            additionalProperties: true
+          }
+        }
+      }
+    }
+  ];
+}
+
+function normalizeDynamicToolResult(result) {
+  if (result && typeof result === 'object' && typeof result.success === 'boolean') {
+    return {
+      ...result,
+      output: typeof result.output === 'string' ? result.output : JSON.stringify(result, null, 2),
+      contentItems: Array.isArray(result.contentItems)
+        ? result.contentItems
+        : [{ type: 'inputText', text: typeof result.output === 'string' ? result.output : JSON.stringify(result, null, 2) }]
+    };
+  }
+
+  const output = JSON.stringify(result, null, 2);
+  return {
+    success: false,
+    output,
+    contentItems: [{ type: 'inputText', text: output }]
+  };
+}
+
+function integrateTelemetry(telemetry, message) {
+  telemetry.lastEvent = message.method || telemetry.lastEvent;
+  const usage = message.usage || message.params?.usage || null;
+  if (usage && typeof usage === 'object') {
+    telemetry.inputTokens += Number(usage.input_tokens || usage.inputTokens || 0);
+    telemetry.outputTokens += Number(usage.output_tokens || usage.outputTokens || 0);
+    telemetry.totalTokens += Number(usage.total_tokens || usage.totalTokens || 0);
+  }
+
+  const rateLimits = message.rate_limits || message.params?.rate_limits || message.params?.rateLimits || null;
+  if (rateLimits && typeof rateLimits === 'object') {
+    telemetry.rateLimits = rateLimits;
+  }
+}
+
+function handleTurnInputRequirement(message) {
+  const method = String(message.method || '');
+  if (method.startsWith('turn/') && [
+    'turn/input_required',
+    'turn/needs_input',
+    'turn/need_input',
+    'turn/request_input',
+    'turn/request_response',
+    'turn/provide_input',
+    'turn/approval_required'
+  ].includes(method)) {
+    return true;
+  }
+
+  return Boolean(message.params?.requiresInput || message.params?.needs_input);
+}
+
+function approvalAnswers(params) {
+  const questions = Array.isArray(params?.questions) ? params.questions : [];
+  const answers = {};
+
+  for (const question of questions) {
+    const questionId = question?.id;
+    if (!questionId) return null;
+
+    const options = Array.isArray(question.options) ? question.options : [];
+    const option = options.find((entry) => entry.label === 'Approve this Session')
+      || options.find((entry) => entry.label === 'Approve Once')
+      || options.find((entry) => /^approve|^allow/i.test(String(entry.label || '').trim()));
+
+    if (!option?.label) return unavailableAnswers(params);
+    answers[questionId] = { answers: [option.label] };
+  }
+
+  return Object.keys(answers).length ? answers : null;
+}
+
+function unavailableAnswers(params) {
+  const questions = Array.isArray(params?.questions) ? params.questions : [];
+  const answers = {};
+
+  for (const question of questions) {
+    if (!question?.id) return null;
+    answers[question.id] = { answers: [NON_INTERACTIVE_ANSWER] };
+  }
+
+  return Object.keys(answers).length ? answers : null;
+}
+
+class RpcStream {
+  constructor({ child, runId, store, workerHost }) {
+    this.child = child;
+    this.runId = runId;
+    this.store = store;
+    this.workerHost = workerHost;
+    this.stdoutRaw = '';
+    this.stderrRaw = '';
+    this.nextId = 4;
+    this.pendingResponses = new Map();
+    this.eventQueue = [];
+    this.eventResolvers = [];
+    this.closed = false;
+
+    this.stdout = readline.createInterface({ input: child.stdout });
+    this.stdout.on('line', (line) => this.handleStdoutLine(line));
+    child.stderr.on('data', (chunk) => {
+      const text = String(chunk);
+      this.stderrRaw += text;
+      this.store.appendRunLog(this.runId, `[app-server/stderr] ${text.trimEnd()}`);
+    });
+    child.on('close', (code) => this.handleExit(code));
+    child.on('error', (error) => this.handleFatal(error));
+  }
+
+  nextRequestId() {
+    const value = this.nextId;
+    this.nextId += 1;
+    return value;
+  }
+
+  async request(id, payload, timeoutMs) {
+    const message = { id, ...payload };
+    const responsePromise = new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        this.pendingResponses.delete(id);
+        reject(new Error(`Response timeout for request ${id}`));
+      }, timeoutMs);
+
+      this.pendingResponses.set(id, {
+        resolve: (value) => {
+          clearTimeout(timer);
+          resolve(value);
+        },
+        reject: (error) => {
+          clearTimeout(timer);
+          reject(error);
+        }
+      });
+    });
+
+    this.send(message);
+    return responsePromise;
+  }
+
+  notify(payload) {
+    this.send(payload);
+  }
+
+  respond(id, result) {
+    this.send({ id, result });
+  }
+
+  async nextEvent(timeoutMs) {
+    if (this.eventQueue.length) {
+      return this.eventQueue.shift();
+    }
+
+    if (this.closed) {
+      return null;
+    }
+
+    return new Promise((resolve) => {
+      const timer = setTimeout(() => {
+        this.eventResolvers = this.eventResolvers.filter((entry) => entry.resolve !== resolve);
+        resolve(null);
+      }, timeoutMs);
+
+      this.eventResolvers.push({
+        resolve: (message) => {
+          clearTimeout(timer);
+          resolve(message);
+        }
+      });
+    });
+  }
+
+  close() {
+    if (this.closed) return;
+    this.closed = true;
+    this.stdout.close();
+    this.child.kill('SIGTERM');
+  }
+
+  send(message) {
+    if (this.child.stdin.destroyed) {
+      throw new Error('App-server stdin is closed');
+    }
+    const line = `${JSON.stringify(message)}\n`;
+    this.child.stdin.write(line);
+    this.store.appendRunLog(this.runId, `[app-server/out] ${JSON.stringify(message)}`);
+  }
+
+  handleStdoutLine(line) {
+    this.stdoutRaw += `${line}\n`;
+
+    let payload;
+    try {
+      payload = JSON.parse(line);
+    } catch {
+      this.store.appendRunLog(this.runId, `[app-server/raw] ${line}`);
+      return;
+    }
+
+    this.store.appendRunLog(this.runId, `[app-server/in] ${line}`);
+
+    if (payload.id && this.pendingResponses.has(payload.id) && ('result' in payload || 'error' in payload)) {
+      const waiter = this.pendingResponses.get(payload.id);
+      this.pendingResponses.delete(payload.id);
+      if (payload.error) {
+        waiter.reject(new Error(JSON.stringify(payload.error)));
+      } else {
+        waiter.resolve(payload.result);
+      }
+      return;
+    }
+
+    if (this.eventResolvers.length) {
+      const waiter = this.eventResolvers.shift();
+      waiter.resolve(payload);
+      return;
+    }
+
+    this.eventQueue.push(payload);
+  }
+
+  handleExit(code) {
+    this.closed = true;
+    for (const [, waiter] of this.pendingResponses) {
+      waiter.reject(new Error(`App-server exited with code ${code}`));
+    }
+    this.pendingResponses.clear();
+    while (this.eventResolvers.length) {
+      const waiter = this.eventResolvers.shift();
+      waiter.resolve(null);
+    }
+  }
+
+  handleFatal(error) {
+    this.stderrRaw += `${error.message}\n`;
+    this.handleExit(1);
+  }
+}

package/src/auth.js

@@ -0,0 +1,13 @@
+export function authMiddleware(config, store) {
+  return (req, res, next) => {
+    const token = config.auth.token;
+    if (!token) return next();
+
+    const provided = req.header('x-taskode-token') || req.header('authorization')?.replace(/^Bearer\s+/i, '');
+    if (provided !== token) {
+      store.appendAudit({ action: 'auth_failed', actor: req.ip, metadata: { path: req.path } });
+      return res.status(401).json({ error: 'unauthorized' });
+    }
+    return next();
+  };
+}