uv-suite 0.30.0 → 0.32.0

package/watchtower/app/routers/ingest.py

@@ -1,16 +1,22 @@
 """Ingest router: hooks and `uvs` POST here. Writes events/sessions/approvals
-and emits a NOTIFY so connected dashboards update without polling."""
-import asyncpg
-from fastapi import APIRouter, Depends, Request
+and broadcasts to connected dashboards (in-process, no polling)."""
+import asyncio
+import json
+
+from fastapi import APIRouter, Request
 
 from app import db
-from app.models import ApprovalIn, SessionRegister, StateUpdate
+from app.models import ApprovalIn, SessionRegister, StateUpdate, TokensIn
 
 router = APIRouter()
 
+# Serializes the check-then-write in create_approval so concurrent hooks
+# (PermissionRequest + Notification fire together) collapse to one attention item.
+_approval_lock = asyncio.Lock()
+
 
 @router.post("/events")
-async def ingest_event(req: Request, con: asyncpg.Connection = Depends(db.db)) -> dict:
+async def ingest_event(req: Request) -> dict:
     body = await req.json()
 
     sid = body.get("uvs_session_id") or body.get("session_id")
@@ -25,78 +31,127 @@ async def ingest_event(req: Request, con: asyncpg.Connection = Depends(db.db)) -
     priority = body.get("session_priority") or body.get("priority")
     persona = body.get("persona")
 
-    await con.execute(
+    await db.execute(
         """INSERT INTO events (session_id, event_type, tool_name, command, payload)
-           VALUES ($1, $2, $3, $4, $5)""",
-        sid, event_type, tool_name, command, body,
+           VALUES (?, ?, ?, ?, ?)""",
+        sid, event_type, tool_name, command, json.dumps(body, default=str),
     )
 
     if sid:
-        await con.execute(
+        await db.execute(
             """INSERT INTO sessions (id, name, kind, purpose, priority, persona, cwd)
-               VALUES ($1, $2, $3, $4, $5, $6, $7)
+               VALUES (?, ?, ?, ?, ?, ?, ?)
                ON CONFLICT (id) DO UPDATE SET
-                 name     = COALESCE($2, sessions.name),
-                 kind     = COALESCE($3, sessions.kind),
-                 purpose  = COALESCE($4, sessions.purpose),
-                 priority = COALESCE($5, sessions.priority),
-                 persona  = COALESCE($6, sessions.persona),
-                 cwd      = COALESCE($7, sessions.cwd)""",
+                 name     = COALESCE(excluded.name, sessions.name),
+                 kind     = COALESCE(excluded.kind, sessions.kind),
+                 purpose  = COALESCE(excluded.purpose, sessions.purpose),
+                 priority = COALESCE(excluded.priority, sessions.priority),
+                 persona  = COALESCE(excluded.persona, sessions.persona),
+                 cwd      = COALESCE(excluded.cwd, sessions.cwd)""",
             sid, name, kind, purpose, priority, persona, cwd,
         )
 
-    await db.notify(con, {"type": "event", "session_id": sid, "event_type": event_type})
+    # The user responded → clear any pending attention item for this session.
+    if sid and event_type == "UserPromptSubmit":
+        pending = await db.fetch(
+            "SELECT id FROM approvals WHERE session_id = ? AND status = 'pending'", sid
+        )
+        for p in pending:
+            await db.execute(
+                "UPDATE approvals SET status = 'resolved', decided_at = CURRENT_TIMESTAMP WHERE id = ?",
+                p["id"],
+            )
+            db.notify({"type": "approval", "id": p["id"], "session_id": sid, "status": "resolved"})
+        if pending:
+            await db.execute("UPDATE sessions SET state = 'active' WHERE id = ?", sid)
+
+    db.notify({
+        "type": "event", "session_id": sid,
+        "event_type": event_type, "tool_name": tool_name, "command": command,
+    })
     return {"ok": True}
 
 
 @router.post("/sessions/register")
-async def register_session(s: SessionRegister, con: asyncpg.Connection = Depends(db.db)) -> dict:
-    await con.execute(
+async def register_session(s: SessionRegister) -> dict:
+    await db.execute(
         """INSERT INTO sessions (id, name, persona, cwd, worktree, branch, pid, tmux_target, state)
-           VALUES ($1, $2, $3, $4, $5, $6, $7, $8, 'active')
+           VALUES (?, ?, ?, ?, ?, ?, ?, ?, 'active')
            ON CONFLICT (id) DO UPDATE SET
-             name        = COALESCE($2, sessions.name),
-             persona     = COALESCE($3, sessions.persona),
-             cwd         = COALESCE($4, sessions.cwd),
-             worktree    = COALESCE($5, sessions.worktree),
-             branch      = COALESCE($6, sessions.branch),
-             pid         = COALESCE($7, sessions.pid),
-             tmux_target = COALESCE($8, sessions.tmux_target),
+             name        = COALESCE(excluded.name, sessions.name),
+             persona     = COALESCE(excluded.persona, sessions.persona),
+             cwd         = COALESCE(excluded.cwd, sessions.cwd),
+             worktree    = COALESCE(excluded.worktree, sessions.worktree),
+             branch      = COALESCE(excluded.branch, sessions.branch),
+             pid         = COALESCE(excluded.pid, sessions.pid),
+             tmux_target = COALESCE(excluded.tmux_target, sessions.tmux_target),
              state       = 'active'""",
         s.id, s.name, s.persona, s.cwd, s.worktree, s.branch, s.pid, s.tmux_target,
     )
-    await db.notify(con, {"type": "session", "session_id": s.id})
+    db.notify({"type": "session", "session_id": s.id})
     return {"ok": True}
 
 
 @router.post("/approvals")
-async def create_approval(a: ApprovalIn, con: asyncpg.Connection = Depends(db.db)) -> dict:
-    row = await con.fetchrow(
-        """INSERT INTO approvals (session_id, tool_name, command, request, status)
-           VALUES ($1, $2, $3, $4, 'pending')
-           RETURNING id""",
-        a.session_id, a.tool_name, a.command, a.request,
-    )
-    await con.execute(
-        "UPDATE sessions SET state = 'awaiting_human' WHERE id = $1", a.session_id
-    )
-    await db.notify(con, {
+async def create_approval(a: ApprovalIn) -> dict:
+    # One attention item per session: refresh the existing pending one rather than
+    # stacking duplicates (PermissionRequest + Notification fire together for one prompt).
+    # Locked so the concurrent pair can't both miss the existing row and insert twice.
+    req_json = json.dumps(a.request, default=str)
+    async with _approval_lock:
+        existing = await db.fetchrow(
+            "SELECT * FROM approvals WHERE session_id = ? AND status = 'pending' ORDER BY id DESC LIMIT 1",
+            a.session_id,
+        )
+        if existing:
+            approval_id = existing["id"]
+            # Prefer the tool-specific source (PermissionRequest) over a generic
+            # Notification, regardless of which arrives second.
+            tool = a.tool_name or existing["tool_name"]
+            command = a.command if a.tool_name else (existing["command"] or a.command)
+            await db.execute(
+                "UPDATE approvals SET tool_name = ?, command = ?, request = ?, "
+                "created_at = CURRENT_TIMESTAMP WHERE id = ?",
+                tool, command, req_json, approval_id,
+            )
+        else:
+            approval_id = await db.insert(
+                """INSERT INTO approvals (session_id, tool_name, command, request, status)
+                   VALUES (?, ?, ?, ?, 'pending')""",
+                a.session_id, a.tool_name, a.command, req_json,
+            )
+        await db.execute("UPDATE sessions SET state = 'awaiting_human' WHERE id = ?", a.session_id)
+    db.notify({
         "type": "approval",
-        "id": row["id"],
+        "id": approval_id,
         "session_id": a.session_id,
         "tool_name": a.tool_name,
         "command": a.command,
     })
-    return {"ok": True, "id": row["id"]}
+    return {"ok": True, "id": approval_id}
+
+
+@router.post("/sessions/{id}/tokens")
+async def update_tokens(id: str, t: TokensIn) -> dict:
+    await db.execute(
+        "UPDATE sessions SET input_tokens = ?, output_tokens = ? WHERE id = ?",
+        t.input_tokens, t.output_tokens, id,
+    )
+    db.notify({
+        "type": "session", "session_id": id,
+        "input_tokens": t.input_tokens, "output_tokens": t.output_tokens,
+    })
+    return {"ok": True}
 
 
 @router.post("/sessions/{id}/state")
-async def update_state(id: str, s: StateUpdate, con: asyncpg.Connection = Depends(db.db)) -> dict:
+async def update_state(id: str, s: StateUpdate) -> dict:
     if s.state == "terminated":
-        await con.execute(
-            "UPDATE sessions SET state = $2, ended_at = now() WHERE id = $1", id, s.state
+        await db.execute(
+            "UPDATE sessions SET state = ?, ended_at = CURRENT_TIMESTAMP WHERE id = ?",
+            s.state, id,
         )
     else:
-        await con.execute("UPDATE sessions SET state = $2 WHERE id = $1", id, s.state)
-    await db.notify(con, {"type": "session", "session_id": id, "state": s.state})
+        await db.execute("UPDATE sessions SET state = ? WHERE id = ?", s.state, id)
+    db.notify({"type": "session", "session_id": id, "state": s.state})
     return {"ok": True}

package/watchtower/app/routers/query.py

@@ -1,17 +1,31 @@
-"""Query router: read-only endpoints the dashboard polls/loads."""
+"""Query router: read-only endpoints the dashboard loads."""
+import json
 import os
+import re
 
-import asyncpg
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, HTTPException
+from fastapi.responses import PlainTextResponse
 
 from app import db
 
+
+def _decode(rows: list[dict], col: str) -> list[dict]:
+    """JSON columns are stored as TEXT; decode them back to objects for the API."""
+    for r in rows:
+        if isinstance(r.get(col), str):
+            try:
+                r[col] = json.loads(r[col])
+            except (ValueError, TypeError):
+                pass
+    return rows
+
+
 router = APIRouter()
 
 
 @router.get("/sessions")
-async def list_sessions(con: asyncpg.Connection = Depends(db.db)) -> list[dict]:
-    rows = await con.fetch(
+async def list_sessions() -> list[dict]:
+    return await db.fetch(
         """SELECT s.*,
                   (SELECT count(*) FROM events e
                      WHERE e.session_id = s.id AND e.tool_name IS NOT NULL) AS tool_calls,
@@ -22,36 +36,40 @@ async def list_sessions(con: asyncpg.Connection = Depends(db.db)) -> list[dict]:
               (SELECT max(e.created_at) FROM events e WHERE e.session_id = s.id),
               s.started_at) DESC"""
     )
-    return [dict(r) for r in rows]
 
 
 @router.get("/sessions/{id}")
-async def get_session(id: str, con: asyncpg.Connection = Depends(db.db)) -> dict:
-    row = await con.fetchrow("SELECT * FROM sessions WHERE id = $1", id)
+async def get_session(id: str) -> dict:
+    row = await db.fetchrow("SELECT * FROM sessions WHERE id = ?", id)
     if row is None:
         raise HTTPException(status_code=404, detail="session not found")
-    return dict(row)
+    return row
+
+
+@router.get("/events")
+async def list_events(limit: int = 60) -> list[dict]:
+    """Recent events across all sessions, oldest-first — backfill for the heartbeat."""
+    rows = await db.fetch(
+        "SELECT id, session_id, event_type, tool_name, command, created_at "
+        "FROM events ORDER BY id DESC LIMIT ?",
+        limit,
+    )
+    rows.reverse()
+    return rows
 
 
 @router.get("/sessions/{id}/events")
-async def get_session_events(
-    id: str, limit: int = 100, con: asyncpg.Connection = Depends(db.db)
-) -> list[dict]:
-    rows = await con.fetch(
-        """SELECT * FROM events
-            WHERE session_id = $1
-            ORDER BY created_at DESC
-            LIMIT $2""",
+async def get_session_events(id: str, limit: int = 100) -> list[dict]:
+    rows = await db.fetch(
+        "SELECT * FROM events WHERE session_id = ? ORDER BY created_at DESC LIMIT ?",
         id, limit,
     )
-    return [dict(r) for r in rows]
+    return _decode(rows, "payload")
 
 
 @router.get("/sessions/{id}/artifacts")
-async def get_session_artifacts(
-    id: str, con: asyncpg.Connection = Depends(db.db)
-) -> list[dict]:
-    row = await con.fetchrow("SELECT cwd FROM sessions WHERE id = $1", id)
+async def get_session_artifacts(id: str) -> list[dict]:
+    row = await db.fetchrow("SELECT cwd FROM sessions WHERE id = ?", id)
     if row is None:
         raise HTTPException(status_code=404, detail="session not found")
 
@@ -75,10 +93,41 @@ async def get_session_artifacts(
 
 
 @router.get("/approvals")
-async def list_approvals(
-    status: str = "pending", con: asyncpg.Connection = Depends(db.db)
-) -> list[dict]:
-    rows = await con.fetch(
-        "SELECT * FROM approvals WHERE status = $1 ORDER BY created_at DESC", status
+async def list_approvals(status: str = "pending") -> list[dict]:
+    rows = await db.fetch(
+        "SELECT * FROM approvals WHERE status = ? ORDER BY created_at DESC", status
     )
-    return [dict(r) for r in rows]
+    return _decode(rows, "request")
+
+
+async def _checkpoints_dir(id: str) -> str:
+    row = await db.fetchrow("SELECT cwd FROM sessions WHERE id = ?", id)
+    if row is None:
+        raise HTTPException(status_code=404, detail="session not found")
+    return os.path.join(row["cwd"] or "", "uv-out", "sessions", id, "checkpoints")
+
+
+@router.get("/sessions/{id}/checkpoints")
+async def list_checkpoints(id: str) -> list[dict]:
+    d = await _checkpoints_dir(id)
+    if not os.path.isdir(d):
+        return []
+    out = [
+        {"name": fn, "size": os.path.getsize(os.path.join(d, fn)),
+         "modified": os.path.getmtime(os.path.join(d, fn))}
+        for fn in os.listdir(d)
+        if os.path.isfile(os.path.join(d, fn))
+    ]
+    out.sort(key=lambda c: c["modified"], reverse=True)
+    return out
+
+
+@router.get("/sessions/{id}/checkpoints/{name}", response_class=PlainTextResponse)
+async def read_checkpoint(id: str, name: str) -> str:
+    if not re.fullmatch(r"[A-Za-z0-9._-]+", name) or ".." in name:
+        raise HTTPException(status_code=400, detail="invalid checkpoint name")
+    full = os.path.join(await _checkpoints_dir(id), name)
+    if not os.path.isfile(full):
+        raise HTTPException(status_code=404, detail="checkpoint not found")
+    with open(full) as f:
+        return f.read()

package/watchtower/app/routers/settings.py

@@ -0,0 +1,34 @@
+"""Settings router: small key-value config the dashboard reads/writes."""
+from fastapi import APIRouter, HTTPException
+from pydantic import BaseModel
+
+from app import db
+
+router = APIRouter()
+
+# Whitelisted settings and their permitted values — settings are not arbitrary writes.
+ALLOWED = {
+    "terminal_app": {"auto", "terminal", "iterm"},
+}
+
+
+class SettingIn(BaseModel):
+    key: str
+    value: str
+
+
+@router.get("/settings")
+async def get_settings() -> dict:
+    rows = await db.fetch("SELECT key, value FROM settings")
+    return {r["key"]: r["value"] for r in rows}
+
+
+@router.post("/settings")
+async def set_setting(s: SettingIn) -> dict:
+    allowed = ALLOWED.get(s.key)
+    if allowed is None:
+        raise HTTPException(status_code=400, detail=f"unknown setting: {s.key}")
+    if s.value not in allowed:
+        raise HTTPException(status_code=400, detail=f"invalid value for {s.key}: {s.value}")
+    await db.set_setting(s.key, s.value)
+    return {"ok": True, "key": s.key, "value": s.value}

package/watchtower/app/routers/stream.py

@@ -1,5 +1,5 @@
 """Stream router: a single WebSocket the dashboard connects to for live updates.
-NOTIFY payloads land on the broadcaster (see app/db.py) and fan out here."""
+Updates land on the in-process broadcaster (see app/db.py) and fan out here."""
 import asyncio
 import json
 
@@ -14,10 +14,8 @@ router = APIRouter()
 async def live(ws: WebSocket) -> None:
     await ws.accept()
 
-    async with db.pool.acquire() as con:
-        rows = await con.fetch("SELECT * FROM sessions ORDER BY started_at DESC")
-    snapshot = {"type": "snapshot", "sessions": [dict(r) for r in rows]}
-    await ws.send_text(json.dumps(snapshot, default=str))
+    sessions = await db.fetch("SELECT * FROM sessions ORDER BY started_at DESC")
+    await ws.send_text(json.dumps({"type": "snapshot", "sessions": sessions}, default=str))
 
     q = db.broadcaster.subscribe()
     try:

package/watchtower/app/services/checkpoint.py

@@ -1,9 +1,11 @@
 """Out-of-band session checkpoints.
 
 Writes a markdown checkpoint from the session's recent events + git state.
-No live session is required — everything is read from Postgres and the cwd's
+No live session is required — everything is read from the database and the cwd's
 git repo, so we can checkpoint a session we don't own (e.g. before closing it).
 """
+import collections
+import json
 import os
 import subprocess
 from datetime import datetime, timezone
@@ -36,38 +38,79 @@ def _git_state(cwd: str) -> str:
     )
 
 
+def _summarize(events: list) -> str:
+    """Derive 'what was done' from event payloads: the prompts the user sent (the
+    actual asks), files edited, and a tool breakdown. Events arrive newest-first."""
+    prompts, files, tools = [], collections.Counter(), collections.Counter()
+    for e in events:
+        raw = e.get("payload")
+        try:
+            p = json.loads(raw) if isinstance(raw, str) else (raw or {})
+        except (ValueError, TypeError):
+            p = {}
+
+        if e.get("event_type") == "UserPromptSubmit":
+            txt = (p.get("prompt") or p.get("user_prompt") or "").strip()
+            if txt:
+                prompts.append(" ".join(txt.split())[:240])
+
+        tool = e.get("tool_name") or p.get("tool_name")
+        if tool:
+            tools[tool] += 1
+            fp = (p.get("tool_input") or {}).get("file_path")
+            if fp and tool in ("Edit", "Write", "MultiEdit"):
+                files[fp] += 1
+
+    parts = []
+    if prompts:
+        asks = "\n".join(f"- {t}" for t in reversed(prompts[:12]))  # chronological
+        parts.append(f"**Asked ({len(prompts)}):**\n{asks}")
+    if files:
+        touched = "\n".join(f"- `{f}` ({n}×)" for f, n in files.most_common(15))
+        parts.append(f"**Files changed:**\n{touched}")
+    if tools:
+        breakdown = ", ".join(f"{n}× {t}" for t, n in tools.most_common(10))
+        parts.append(f"**Tool usage:** {breakdown}")
+    return "\n\n".join(parts) if parts else "_No recorded activity yet._"
+
+
 def _render(session: dict, events: list, git_state: str, created: str) -> str:
     sid = session["id"]
     name = session.get("name") or sid
 
-    lines = []
-    for e in events:
-        ts = e["created_at"].isoformat() if e["created_at"] else ""
-        bits = [e["event_type"] or "Event"]
-        if e["tool_name"]:
-            bits.append(e["tool_name"])
-        if e["command"]:
-            bits.append(f"`{e['command']}`")
-        lines.append(f"- {ts} — {' '.join(bits)}")
-    activity = "\n".join(lines) if lines else "_No recorded events._"
+    meta_rows = [
+        ("Name", session.get("name")),
+        ("Kind", session.get("kind")),
+        ("Purpose", session.get("purpose")),
+        ("Priority", session.get("priority")),
+        ("Persona", session.get("persona")),
+        ("Parent", session.get("parent_id")),
+        ("Started", session.get("started_at")),
+        ("cwd", session.get("cwd")),
+    ]
+    meta = "\n".join(f"- **{k}:** {v}" for k, v in meta_rows if v)
+
+    work = _summarize(events)
 
     return f"""---
 session: {sid}
+name: {session.get("name") or ""}
+kind: {session.get("kind") or ""}
+priority: {session.get("priority") or ""}
+parent: {session.get("parent_id") or ""}
 created: {created}
 source: watchtower
 ---
 
 # Checkpoint: {name}
 
-## What's in progress
+## Session
 
-<!-- TODO: optional semantic summary via `claude -p --model haiku`.
-     v1 is mechanical (events + git). Do not depend on `claude` being present. -->
-_Mechanical checkpoint — see recent activity and git state below._
+{meta}
 
-## Recent activity
+## What was done
 
-{activity}
+{work}
 
 ## Git state
 
@@ -79,15 +122,14 @@ async def write_checkpoint(session: dict) -> str:
     sid = session["id"]
     cwd = session.get("cwd") or os.getcwd()
 
-    rows = await db.pool.fetch(
-        """SELECT event_type, tool_name, command, created_at
+    events = await db.fetch(
+        """SELECT event_type, tool_name, command, payload, created_at
              FROM events
-            WHERE session_id = $1
+            WHERE session_id = ?
          ORDER BY created_at DESC
-            LIMIT 50""",
+            LIMIT 200""",
         sid,
     )
-    events = [dict(r) for r in rows]
 
     now = datetime.now(timezone.utc)
     created = now.isoformat()

package/watchtower/requirements.txt

@@ -1,3 +1,3 @@
 fastapi==0.115.6
 uvicorn[standard]==0.34.0
-asyncpg==0.30.0
+aiosqlite==0.20.0