triflux 3.2.0-dev.9 → 3.3.0-dev.1

package/hub/pipeline/transitions.mjs

@@ -0,0 +1,114 @@
+// hub/pipeline/transitions.mjs — 파이프라인 단계 전이 규칙
+//
+// plan → prd → exec → verify → complete/fix
+// fix → exec/verify/complete/failed
+// complete, failed = 터미널 상태
+
+export const PHASES = ['plan', 'prd', 'exec', 'verify', 'fix', 'complete', 'failed'];
+
+export const TERMINAL = new Set(['complete', 'failed']);
+
+export const ALLOWED = {
+  'plan':     ['prd'],
+  'prd':      ['exec'],
+  'exec':     ['verify'],
+  'verify':   ['fix', 'complete', 'failed'],
+  'fix':      ['exec', 'verify', 'complete', 'failed'],
+  'complete': [],
+  'failed':   [],
+};
+
+/**
+ * 전이 가능 여부 확인
+ * @param {string} from - 현재 단계
+ * @param {string} to - 다음 단계
+ * @returns {boolean}
+ */
+export function canTransition(from, to) {
+  const targets = ALLOWED[from];
+  if (!targets) return false;
+  return targets.includes(to);
+}
+
+/**
+ * 상태 전이 실행 — fix loop 바운딩 포함
+ * @param {object} state - 파이프라인 상태 객체
+ * @param {string} nextPhase - 다음 단계
+ * @returns {{ ok: boolean, state?: object, error?: string }}
+ */
+export function transitionPhase(state, nextPhase) {
+  const current = state.phase;
+
+  if (!canTransition(current, nextPhase)) {
+    return {
+      ok: false,
+      error: `전이 불가: ${current} → ${nextPhase}. 허용: [${(ALLOWED[current] || []).join(', ')}]`,
+    };
+  }
+
+  const next = { ...state, phase: nextPhase, updated_at: Date.now() };
+
+  // fix 단계 진입 시 attempt 증가 + 바운딩
+  if (nextPhase === 'fix') {
+    next.fix_attempt = (state.fix_attempt || 0) + 1;
+    if (next.fix_attempt > (state.fix_max || 3)) {
+      return {
+        ok: false,
+        error: `fix loop 초과: ${next.fix_attempt}/${state.fix_max || 3}회. ralph loop로 승격 필요.`,
+      };
+    }
+  }
+
+  // fix → exec 재진입 시 (fix 후 재실행)
+  if (current === 'fix' && nextPhase === 'exec') {
+    // fix_attempt 유지 (이미 fix 진입 시 증가됨)
+  }
+
+  // verify → fix → ... → verify 반복 후 fix_max 초과 시 ralph loop
+  if (nextPhase === 'failed' && current === 'fix') {
+    // ralph loop 반복 증가
+    next.ralph_iteration = (state.ralph_iteration || 0) + 1;
+    if (next.ralph_iteration > (state.ralph_max || 10)) {
+      // 최종 실패 — ralph loop도 초과
+      next.phase = 'failed';
+    }
+  }
+
+  // phase_history 기록
+  const history = Array.isArray(state.phase_history) ? [...state.phase_history] : [];
+  history.push({ from: current, to: nextPhase, at: Date.now() });
+  next.phase_history = history;
+
+  return { ok: true, state: next };
+}
+
+/**
+ * ralph loop 재시작 전이
+ * fix_max 초과 시 plan으로 돌아가며 ralph_iteration 증가
+ * @param {object} state - 현재 상태
+ * @returns {{ ok: boolean, state?: object, error?: string }}
+ */
+export function ralphRestart(state) {
+  const iteration = (state.ralph_iteration || 0) + 1;
+  if (iteration > (state.ralph_max || 10)) {
+    return {
+      ok: false,
+      error: `ralph loop 초과: ${iteration}/${state.ralph_max || 10}회. 최종 실패.`,
+    };
+  }
+
+  const history = Array.isArray(state.phase_history) ? [...state.phase_history] : [];
+  history.push({ from: state.phase, to: 'plan', at: Date.now(), ralph_restart: true });
+
+  return {
+    ok: true,
+    state: {
+      ...state,
+      phase: 'plan',
+      fix_attempt: 0,
+      ralph_iteration: iteration,
+      phase_history: history,
+      updated_at: Date.now(),
+    },
+  };
+}

package/hub/schema.sql

@@ -78,3 +78,17 @@ CREATE INDEX IF NOT EXISTS idx_inbox_message ON message_inbox(message_id);
 CREATE INDEX IF NOT EXISTS idx_human_requests_state ON human_requests(state);
 CREATE INDEX IF NOT EXISTS idx_agents_status ON agents(status);
 CREATE INDEX IF NOT EXISTS idx_agents_lease ON agents(lease_expires_ms);
+
+-- 파이프라인 상태 테이블 (Phase 2)
+CREATE TABLE IF NOT EXISTS pipeline_state (
+  team_name TEXT PRIMARY KEY,
+  phase TEXT NOT NULL DEFAULT 'plan',
+  fix_attempt INTEGER DEFAULT 0,
+  fix_max INTEGER DEFAULT 3,
+  ralph_iteration INTEGER DEFAULT 0,
+  ralph_max INTEGER DEFAULT 10,
+  artifacts TEXT DEFAULT '{}',
+  phase_history TEXT DEFAULT '[]',
+  created_at INTEGER,
+  updated_at INTEGER
+);

package/hub/server.mjs

@@ -14,6 +14,15 @@ import { createRouter } from './router.mjs';
 import { createHitlManager } from './hitl.mjs';
 import { createPipeServer } from './pipe.mjs';
 import { createTools } from './tools.mjs';
+import {
+  ensurePipelineTable,
+  createPipeline,
+} from './pipeline/index.mjs';
+import {
+  readPipelineState,
+  initPipelineState,
+  listPipelineStates,
+} from './pipeline/state.mjs';
 import {
   teamInfo,
   teamTaskList,
@@ -43,6 +52,14 @@ async function parseBody(req) {
 
 const PID_DIR = join(homedir(), '.claude', 'cache', 'tfx-hub');
 const PID_FILE = join(PID_DIR, 'hub.pid');
+const TOKEN_FILE = join(homedir(), '.claude', '.tfx-hub-token');
+
+// localhost 계열 Origin만 허용
+const ALLOWED_ORIGIN_RE = /^https?:\/\/(localhost|127\.0\.0\.1|\[::1\])(:\d+)?$/;
+
+function isAllowedOrigin(origin) {
+  return origin && ALLOWED_ORIGIN_RE.test(origin);
+}
 
 /**
  * tfx-hub 시작
@@ -57,6 +74,11 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
     dbPath = join(PID_DIR, 'state.db');
   }
 
+  // 인증 토큰 생성 (환경변수 우선, 없으면 자동 생성)
+  const HUB_TOKEN = process.env.TFX_HUB_TOKEN || randomUUID();
+  mkdirSync(join(homedir(), '.claude'), { recursive: true });
+  writeFileSync(TOKEN_FILE, HUB_TOKEN, { mode: 0o600 });
+
   const store = createStore(dbPath);
   const router = createRouter(store);
   const pipe = createPipeServer({ router, store, sessionId });
@@ -100,12 +122,16 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
   }
 
   const httpServer = createHttpServer(async (req, res) => {
-    res.setHeader('Access-Control-Allow-Origin', '*');
-    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
-    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, mcp-session-id, Last-Event-ID');
+    // CORS: localhost 계열 Origin만 허용
+    const origin = req.headers['origin'];
+    if (isAllowedOrigin(origin)) {
+      res.setHeader('Access-Control-Allow-Origin', origin);
+      res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
+      res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, mcp-session-id, Last-Event-ID');
+    }
 
     if (req.method === 'OPTIONS') {
-      res.writeHead(204);
+      res.writeHead(isAllowedOrigin(origin) ? 204 : 403);
       return res.end();
     }
 
@@ -132,6 +158,14 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
     if (req.url.startsWith('/bridge')) {
       res.setHeader('Content-Type', 'application/json');
 
+      // Bearer 토큰 인증
+      const authHeader = req.headers['authorization'] || '';
+      const bearerToken = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : '';
+      if (bearerToken !== HUB_TOKEN) {
+        res.writeHead(401);
+        return res.end(JSON.stringify({ ok: false, error: 'Unauthorized' }));
+      }
+
       if (req.method !== 'POST' && req.method !== 'DELETE') {
         res.writeHead(405);
         return res.end(JSON.stringify({ ok: false, error: 'Method Not Allowed' }));
@@ -214,13 +248,13 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
         if (req.method === 'POST') {
           let teamResult = null;
           if (path === '/bridge/team/info' || path === '/bridge/team-info') {
-            teamResult = teamInfo(body);
+            teamResult = await teamInfo(body);
           } else if (path === '/bridge/team/task-list' || path === '/bridge/team-task-list') {
-            teamResult = teamTaskList(body);
+            teamResult = await teamTaskList(body);
           } else if (path === '/bridge/team/task-update' || path === '/bridge/team-task-update') {
-            teamResult = teamTaskUpdate(body);
+            teamResult = await teamTaskUpdate(body);
           } else if (path === '/bridge/team/send-message' || path === '/bridge/team-send-message') {
-            teamResult = teamSendMessage(body);
+            teamResult = await teamSendMessage(body);
           }
 
           if (teamResult) {
@@ -240,6 +274,41 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
             res.writeHead(404);
             return res.end(JSON.stringify({ ok: false, error: `Unknown team endpoint: ${path}` }));
           }
+
+          // ── 파이프라인 엔드포인트 ──
+          if (path === '/bridge/pipeline/state' && req.method === 'POST') {
+            ensurePipelineTable(store.db);
+            const { team_name } = body;
+            const state = readPipelineState(store.db, team_name);
+            res.writeHead(state ? 200 : 404);
+            return res.end(JSON.stringify(state
+              ? { ok: true, data: state }
+              : { ok: false, error: 'pipeline_not_found' }));
+          }
+
+          if (path === '/bridge/pipeline/advance' && req.method === 'POST') {
+            ensurePipelineTable(store.db);
+            const { team_name, phase } = body;
+            const pipeline = createPipeline(store.db, team_name);
+            const result = pipeline.advance(phase);
+            res.writeHead(result.ok ? 200 : 400);
+            return res.end(JSON.stringify(result));
+          }
+
+          if (path === '/bridge/pipeline/init' && req.method === 'POST') {
+            ensurePipelineTable(store.db);
+            const { team_name, fix_max, ralph_max } = body;
+            const state = initPipelineState(store.db, team_name, { fix_max, ralph_max });
+            res.writeHead(200);
+            return res.end(JSON.stringify({ ok: true, data: state }));
+          }
+
+          if (path === '/bridge/pipeline/list' && req.method === 'POST') {
+            ensurePipelineTable(store.db);
+            const states = listPipelineStates(store.db);
+            res.writeHead(200);
+            return res.end(JSON.stringify({ ok: true, data: states }));
+          }
         }
 
         if (path === '/bridge/context' && req.method === 'POST') {
@@ -408,6 +477,7 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
         await pipe.stop();
         store.close();
         try { unlinkSync(PID_FILE); } catch {}
+        try { unlinkSync(TOKEN_FILE); } catch {}
         await new Promise((resolveClose) => httpServer.close(resolveClose));
       };