veryfront 0.1.64 → 0.1.67

package/src/src/channels/invoke.ts

@@ -1,18 +1,16 @@
-import * as dntShim from "../../_dnt.shims.js";
 import type { Agent, AgentMessage as Message, AgentResponse } from "../agent/index.js";
 import { fromError } from "../errors/veryfront-error.js";
 import type { HandlerContext } from "../types/index.js";
 import { serverLogger } from "../utils/index.js";
-import { base64urlEncodeBytes } from "../utils/base64url.js";
 import { z } from "zod";
 import {
   getAgent as getRegisteredAgent,
   getAllAgentIds as getRegisteredAgentIds,
 } from "../agent/composition/composition.js";
+import { listRuntimeAgents, type RuntimeAgentDiscoveryDeps } from "./control-plane.js";
 import { ensureProjectDiscovery as ensureProjectDiscoveryForProject } from "../server/handlers/request/api/project-discovery.js";
 
 const logger = serverLogger.component("channels-invoke");
-const SIGNATURE_SKEW_SECONDS = 5;
 
 const rawHistoryPartSchema = z.object({
   type: z.string(),
@@ -125,37 +123,13 @@ export const ChannelInvokeResponseSchema = z.object({
   }).optional(),
 });
 
-const dispatchHeaderSchema = z.object({
-  alg: z.literal("EdDSA"),
-  typ: z.string().optional(),
-  kid: z.string().optional(),
-});
-
-const dispatchClaimsSchema = z.object({
-  iss: z.string(),
-  aud: z.string(),
-  sub: z.string(),
-  project_id: z.string(),
-  platform: z.string(),
-  body_sha256: z.string(),
-  iat: z.number().int(),
-  exp: z.number().int(),
-});
-
 export type ChannelInvokeRequest = z.infer<typeof ChannelInvokeRequestSchema>;
 export type ChannelInvokeResponse = z.infer<typeof ChannelInvokeResponseSchema>;
 export type ChannelAssistantsRequest = z.infer<typeof ChannelAssistantsRequestSchema>;
 export type ChannelAssistantsResponse = z.infer<typeof ChannelAssistantsResponseSchema>;
 
 type ChannelResponsePart = z.infer<typeof ChannelResponsePartSchema>;
-type DispatchClaims = z.infer<typeof dispatchClaimsSchema>;
-type ChannelAssistant = z.infer<typeof ChannelAssistantSchema>;
-
-export interface ChannelInvokeDeps {
-  ensureProjectDiscovery: (ctx: HandlerContext) => Promise<void>;
-  getAgent: (id: string) => Agent | undefined;
-  getAllAgentIds: () => string[];
-}
+export interface ChannelInvokeDeps extends RuntimeAgentDiscoveryDeps {}
 
 export const defaultChannelInvokeDeps: ChannelInvokeDeps = {
   ensureProjectDiscovery: ensureProjectDiscoveryForProject,
@@ -163,142 +137,23 @@ export const defaultChannelInvokeDeps: ChannelInvokeDeps = {
   getAllAgentIds: getRegisteredAgentIds,
 };
 
-function getAssistantMetadata(agent: Agent): ChannelAssistant {
-  const rawConfig = agent.config as unknown as Record<string, unknown>;
-
-  return ChannelAssistantSchema.parse({
-    id: agent.id,
-    name: typeof rawConfig.name === "string" && rawConfig.name.trim().length > 0
-      ? rawConfig.name
-      : agent.id,
-    description: typeof rawConfig.description === "string" ? rawConfig.description : null,
-    model: agent.config.model ?? null,
-  });
-}
-
 export async function listChannelAssistants(
   ctx: HandlerContext,
   deps: ChannelInvokeDeps,
 ): Promise<ChannelAssistantsResponse> {
-  await deps.ensureProjectDiscovery(ctx);
-
-  const assistants = deps.getAllAgentIds()
-    .map((id) => deps.getAgent(id))
-    .filter((agent): agent is Agent => Boolean(agent))
-    .map(getAssistantMetadata)
-    .sort((left, right) => left.name.localeCompare(right.name));
-
-  return ChannelAssistantsResponseSchema.parse({ assistants });
-}
-
-function base64urlDecodeToBytes(input: string): ArrayBuffer {
-  const normalized = input
-    .replaceAll("-", "+")
-    .replaceAll("_", "/")
-    .padEnd(Math.ceil(input.length / 4) * 4, "=");
-
-  return toArrayBuffer(Uint8Array.from(atob(normalized), (char) => char.charCodeAt(0)));
-}
-
-function toArrayBuffer(bytes: Uint8Array): ArrayBuffer {
-  const buffer = new ArrayBuffer(bytes.byteLength);
-  new Uint8Array(buffer).set(bytes);
-  return buffer;
-}
-
-function pemToDer(pem: string, label: string): ArrayBuffer {
-  const body = pem
-    .replace(`-----BEGIN ${label}-----`, "")
-    .replace(`-----END ${label}-----`, "")
-    .replace(/\s/g, "");
-
-  return toArrayBuffer(Uint8Array.from(atob(body), (char) => char.charCodeAt(0)));
-}
-
-async function importEd25519PublicKey(pem: string): Promise<dntShim.CryptoKey> {
-  return dntShim.crypto.subtle.importKey(
-    "spki",
-    pemToDer(pem, "PUBLIC KEY"),
-    "Ed25519",
-    false,
-    ["verify"],
+  const response = await listRuntimeAgents(ctx, deps);
+  const assistants = response.agents.map((agent) =>
+    ChannelAssistantSchema.parse({
+      id: agent.id,
+      name: agent.name,
+      description: agent.description ?? null,
+      model: agent.model ?? null,
+    })
   );
-}
-
-async function sha256Base64url(body: string): Promise<string> {
-  const hash = await dntShim.crypto.subtle.digest("SHA-256", new TextEncoder().encode(body));
-  return base64urlEncodeBytes(new Uint8Array(hash));
-}
 
-export async function verifyDispatchJws(
-  jws: string,
-  body: string,
-  options: {
-    audience: string;
-    publicKeyPem: string;
-    maxAgeSeconds: number;
-    expectedProjectId?: string;
-  },
-): Promise<DispatchClaims> {
-  const parts = jws.split(".");
-  if (parts.length !== 3) {
-    throw new Error("Channel dispatch signature must be a compact JWS");
-  }
-
-  const encodedHeader = parts[0];
-  const encodedPayload = parts[1];
-  const encodedSignature = parts[2];
-  if (!encodedHeader || !encodedPayload || !encodedSignature) {
-    throw new Error("Channel dispatch signature must include header, payload, and signature");
-  }
-  const header = dispatchHeaderSchema.parse(
-    JSON.parse(new TextDecoder().decode(base64urlDecodeToBytes(encodedHeader))),
-  );
-  const claims = dispatchClaimsSchema.parse(
-    JSON.parse(new TextDecoder().decode(base64urlDecodeToBytes(encodedPayload))),
-  );
-
-  if (header.alg !== "EdDSA") {
-    throw new Error("Unsupported channel dispatch JWS algorithm");
-  }
-
-  const signingInput = new TextEncoder().encode(`${encodedHeader}.${encodedPayload}`);
-  const signature = base64urlDecodeToBytes(encodedSignature);
-  const publicKey = await importEd25519PublicKey(options.publicKeyPem);
-  const verified = await dntShim.crypto.subtle.verify("Ed25519", publicKey, signature, signingInput);
-
-  if (!verified) {
-    throw new Error("Channel dispatch signature verification failed");
-  }
-
-  if (claims.aud !== options.audience) {
-    throw new Error("Channel dispatch audience mismatch");
-  }
-
-  if (options.expectedProjectId && claims.project_id !== options.expectedProjectId) {
-    throw new Error("Channel dispatch project mismatch");
-  }
-
-  const now = Math.floor(Date.now() / 1000);
-  if (claims.exp <= now) {
-    throw new Error("Channel dispatch signature expired");
-  }
-
-  if (claims.iat > now + SIGNATURE_SKEW_SECONDS) {
-    throw new Error("Channel dispatch signature issued in the future");
-  }
-
-  if (now - claims.iat > options.maxAgeSeconds) {
-    throw new Error("Channel dispatch signature is too old");
-  }
-
-  const bodySha256 = await sha256Base64url(body);
-  if (claims.body_sha256 !== bodySha256) {
-    throw new Error("Channel dispatch body hash mismatch");
-  }
-
-  return claims;
+  return ChannelAssistantsResponseSchema.parse({ assistants });
 }
+export { verifyDispatchJws } from "./control-plane.js";
 
 function normalizeConversationPart(
   part: z.infer<typeof rawHistoryPartSchema>,

package/src/src/internal-agents/ag-ui-sse.ts

@@ -0,0 +1,327 @@
+import * as dntShim from "../../_dnt.shims.js";
+import type { AgentResponse } from "../agent/index.js";
+import { serverLogger } from "../utils/index.js";
+import { z } from "zod";
+
+const encoder = new TextEncoder();
+const logger = serverLogger.component("internal-agents-ag-ui-sse");
+
+type RuntimeDataEvent = Record<string, unknown> & { type: string };
+
+export interface RunFinishedMetadata {
+  provider?: string;
+  model?: string;
+  inputTokens?: number;
+  outputTokens?: number;
+  totalTokens?: number;
+  finishReason?: string;
+}
+
+export interface StreamTransformState {
+  messageId: string | null;
+  textOpen: boolean;
+  stepIndex: number;
+  sawTerminalError: boolean;
+  metadata: RunFinishedMetadata;
+}
+
+export function createStreamTransformState(): StreamTransformState {
+  return {
+    messageId: null,
+    textOpen: false,
+    stepIndex: 0,
+    sawTerminalError: false,
+    metadata: {},
+  };
+}
+
+const agUiEventPayloadSchemas = {
+  RunStarted: z.object({
+    runId: z.string().min(1),
+    threadId: z.string().min(1),
+    agentId: z.string().min(1),
+  }),
+  TextMessageStart: z.object({
+    messageId: z.string().min(1),
+    role: z.literal("assistant"),
+  }),
+  TextMessageContent: z.object({
+    messageId: z.string().min(1),
+    delta: z.string(),
+  }),
+  TextMessageEnd: z.object({
+    messageId: z.string().min(1),
+  }),
+  ToolCallStart: z.object({
+    toolCallId: z.string().min(1),
+    toolCallName: z.string().min(1),
+  }),
+  ToolCallArgs: z.object({
+    toolCallId: z.string().min(1),
+    delta: z.string(),
+  }),
+  ToolCallEnd: z.object({
+    toolCallId: z.string().min(1),
+  }),
+  ToolCallResult: z.object({
+    toolCallId: z.string().min(1),
+    result: z.unknown(),
+    isError: z.boolean().optional(),
+  }),
+  StepStarted: z.object({
+    stepIndex: z.number().int().positive(),
+  }),
+  StepFinished: z.object({
+    stepIndex: z.number().int().positive(),
+  }),
+  RunError: z.object({
+    code: z.string().min(1).optional(),
+    message: z.string().min(1),
+  }),
+  RunFinished: z.object({
+    metadata: z.object({
+      provider: z.string().optional(),
+      model: z.string().optional(),
+      inputTokens: z.number().int().nonnegative().optional(),
+      outputTokens: z.number().int().nonnegative().optional(),
+      totalTokens: z.number().int().nonnegative().optional(),
+      finishReason: z.string().optional(),
+    }),
+  }),
+} as const satisfies Record<string, z.ZodType<Record<string, unknown>>>;
+
+type AgUiEventName = keyof typeof agUiEventPayloadSchemas;
+
+export function formatAgUiEvent(event: string, payload: Record<string, unknown>): Uint8Array {
+  const schema = agUiEventPayloadSchemas[event as AgUiEventName];
+  const validatedPayload = schema ? schema.parse(payload) : payload;
+  return encoder.encode(`event: ${event}\ndata: ${JSON.stringify(validatedPayload)}\n\n`);
+}
+
+export function parseSseJsonEvents(chunk: string): {
+  events: RuntimeDataEvent[];
+  remainder: string;
+} {
+  const blocks = chunk.split("\n\n");
+  const remainder = blocks.pop() ?? "";
+  const events = blocks.flatMap((block) => {
+    const dataLines = block.split("\n")
+      .filter((line) => line.startsWith("data:"))
+      .map((line) => line.slice(5).trimStart());
+
+    if (!dataLines.length) {
+      return [];
+    }
+
+    try {
+      const payload = JSON.parse(dataLines.join("\n")) as RuntimeDataEvent;
+      return [payload];
+    } catch (error) {
+      logger.warn("Skipping malformed runtime SSE event payload", {
+        error,
+        dataLength: dataLines.join("\n").length,
+      });
+      return [];
+    }
+  });
+
+  return { events, remainder };
+}
+
+function getMessageId(state: StreamTransformState, event: RuntimeDataEvent): string {
+  if (typeof event.messageId === "string") {
+    state.messageId = event.messageId;
+    return event.messageId;
+  }
+
+  if (!state.messageId && typeof event.id === "string") {
+    state.messageId = event.id;
+  }
+
+  if (!state.messageId) {
+    state.messageId = dntShim.crypto.randomUUID();
+  }
+
+  return state.messageId;
+}
+
+function applyDataMetadata(state: StreamTransformState, event: RuntimeDataEvent): void {
+  const data = event.data && typeof event.data === "object" && !Array.isArray(event.data)
+    ? event.data as Record<string, unknown>
+    : event;
+
+  if (typeof data.model === "string") {
+    state.metadata.model = data.model;
+    const provider = data.model.split("/")[0];
+    if (provider) {
+      state.metadata.provider = provider;
+    }
+  }
+}
+
+function applyResponseMetadata(state: StreamTransformState, response: AgentResponse | null): void {
+  if (!response) return;
+
+  if (response.usage) {
+    state.metadata.inputTokens = response.usage.promptTokens;
+    state.metadata.outputTokens = response.usage.completionTokens;
+    state.metadata.totalTokens = response.usage.totalTokens;
+  }
+
+  const finishReason = response.metadata && typeof response.metadata === "object"
+    ? response.metadata.finishReason
+    : undefined;
+  if (typeof finishReason === "string") {
+    state.metadata.finishReason = finishReason;
+  }
+}
+
+export function mapRuntimeEventToAgUi(
+  state: StreamTransformState,
+  event: RuntimeDataEvent,
+): Array<{ event: string; payload: Record<string, unknown> }> {
+  switch (event.type) {
+    case "message-start":
+      getMessageId(state, event);
+      return [];
+
+    case "text-start": {
+      if (state.textOpen) return [];
+      const messageId = getMessageId(state, event);
+      state.textOpen = true;
+      return [{
+        event: "TextMessageStart",
+        payload: { messageId, role: "assistant" },
+      }];
+    }
+
+    case "text-delta": {
+      const messageId = getMessageId(state, event);
+      if (!state.textOpen) {
+        state.textOpen = true;
+        return [
+          { event: "TextMessageStart", payload: { messageId, role: "assistant" } },
+          {
+            event: "TextMessageContent",
+            payload: { messageId, delta: typeof event.delta === "string" ? event.delta : "" },
+          },
+        ];
+      }
+
+      return [{
+        event: "TextMessageContent",
+        payload: { messageId, delta: typeof event.delta === "string" ? event.delta : "" },
+      }];
+    }
+
+    case "text-end": {
+      if (!state.textOpen) return [];
+      state.textOpen = false;
+      return [{
+        event: "TextMessageEnd",
+        payload: { messageId: getMessageId(state, event) },
+      }];
+    }
+
+    case "tool-input-start":
+      return [{
+        event: "ToolCallStart",
+        payload: {
+          toolCallId: event.toolCallId,
+          toolCallName: event.toolName,
+        },
+      }];
+
+    case "tool-input-delta":
+      return [{
+        event: "ToolCallArgs",
+        payload: {
+          toolCallId: event.toolCallId,
+          delta: typeof event.inputTextDelta === "string" ? event.inputTextDelta : "",
+        },
+      }];
+
+    case "tool-input-available":
+      return [{
+        event: "ToolCallEnd",
+        payload: { toolCallId: event.toolCallId },
+      }];
+
+    case "tool-output-available":
+      return [{
+        event: "ToolCallResult",
+        payload: {
+          toolCallId: event.toolCallId,
+          result: event.output,
+        },
+      }];
+
+    case "tool-output-error":
+      return [{
+        event: "ToolCallResult",
+        payload: {
+          toolCallId: event.toolCallId,
+          result: { error: event.errorText },
+          isError: true,
+        },
+      }];
+
+    case "step-start":
+      state.stepIndex += 1;
+      return [{
+        event: "StepStarted",
+        payload: { stepIndex: state.stepIndex },
+      }];
+
+    case "step-end":
+      return [{
+        event: "StepFinished",
+        payload: { stepIndex: state.stepIndex },
+      }];
+
+    case "data":
+      applyDataMetadata(state, event);
+      return [];
+
+    case "error":
+      state.sawTerminalError = true;
+      return [{
+        event: "RunError",
+        payload: {
+          message: typeof event.error === "string" ? event.error : "Agent run failed",
+        },
+      }];
+
+    default:
+      return [];
+  }
+}
+
+export function finalizeRunEvents(
+  state: StreamTransformState,
+  response: AgentResponse | null,
+): Array<{ event: string; payload: Record<string, unknown> }> {
+  applyResponseMetadata(state, response);
+
+  if (state.sawTerminalError) {
+    return [];
+  }
+
+  const events: Array<{ event: string; payload: Record<string, unknown> }> = [];
+  if (state.textOpen) {
+    state.textOpen = false;
+    events.push({
+      event: "TextMessageEnd",
+      payload: { messageId: getMessageId(state, { type: "text-end" }) },
+    });
+  }
+
+  events.push({
+    event: "RunFinished",
+    payload: {
+      metadata: state.metadata,
+    },
+  });
+
+  return events;
+}

package/src/src/internal-agents/control-plane-auth.ts

@@ -0,0 +1,82 @@
+import * as dntShim from "../../_dnt.shims.js";
+import { verifyControlPlaneJws } from "../channels/control-plane.js";
+import type { HandlerContext } from "../types/index.js";
+import { serverLogger } from "../utils/index.js";
+import { HTTP_INTERNAL_SERVER_ERROR } from "../utils/constants/index.js";
+
+const CONTROL_PLANE_JWS_HEADER = "x-veryfront-control-plane-jws";
+const MAX_CONTROL_PLANE_SIGNATURE_AGE_SECONDS = 60;
+const logger = serverLogger.component("internal-agents-auth");
+
+export class ControlPlaneRequestError extends Error {
+  readonly status: number;
+
+  constructor(status: number, message: string) {
+    super(message);
+    this.status = status;
+    this.name = "ControlPlaneRequestError";
+  }
+}
+
+export async function verifyControlPlaneRequest(
+  req: dntShim.Request,
+  ctx: HandlerContext,
+  rawBody: string,
+  options: {
+    expectedSubject?: string;
+    expectedSurface?: "studio" | "channels" | "a2a" | "mcp";
+  } = {},
+) {
+  const publicKeyPem = ctx.adapter.env.get("CHANNEL_DISPATCH_SIGNING_PUBLIC_KEY");
+  if (!publicKeyPem) {
+    throw new ControlPlaneRequestError(
+      HTTP_INTERNAL_SERVER_ERROR,
+      "Control-plane verification is not configured",
+    );
+  }
+
+  const projectSlug = ctx.projectSlug;
+  if (!projectSlug) {
+    throw new ControlPlaneRequestError(400, "Project context is unavailable");
+  }
+
+  const controlPlaneJws = req.headers.get(CONTROL_PLANE_JWS_HEADER);
+  if (!controlPlaneJws) {
+    throw new ControlPlaneRequestError(401, "Missing control-plane signature");
+  }
+
+  try {
+    return await verifyControlPlaneJws(controlPlaneJws, rawBody, {
+      audience: projectSlug,
+      expectedProjectId: ctx.projectId,
+      expectedSubject: options.expectedSubject,
+      expectedSurface: options.expectedSurface,
+      publicKeyPem,
+      maxAgeSeconds: MAX_CONTROL_PLANE_SIGNATURE_AGE_SECONDS,
+    });
+  } catch (error) {
+    const isAuthError = error instanceof Error && (
+      error.message.includes("Control-plane") ||
+      error.message.includes("Unsupported")
+    );
+
+    if (isAuthError) {
+      logger.warn("Invalid control-plane signature", {
+        error,
+        projectSlug,
+        expectedSubject: options.expectedSubject,
+        expectedSurface: options.expectedSurface,
+      });
+      throw new ControlPlaneRequestError(401, "Invalid control-plane signature");
+    }
+
+    logger.error("Unexpected error during control-plane verification", {
+      error,
+      projectSlug,
+    });
+    throw new ControlPlaneRequestError(
+      HTTP_INTERNAL_SERVER_ERROR,
+      "Internal error during request verification",
+    );
+  }
+}

package/src/src/internal-agents/request-body.ts

@@ -0,0 +1,42 @@
+import * as dntShim from "../../_dnt.shims.js";
+import { VeryfrontError } from "../errors/types.js";
+import { readBodyWithLimit } from "../security/index.js";
+import {
+  DEFAULT_MAX_BODY_SIZE_BYTES,
+  HTTP_PAYLOAD_TOO_LARGE,
+} from "../utils/constants/index.js";
+
+export const INTERNAL_AGENT_STREAM_MAX_BODY_BYTES = DEFAULT_MAX_BODY_SIZE_BYTES;
+export const INTERNAL_AGENT_CONTROL_PLANE_MAX_BODY_BYTES = 128 * 1024;
+
+export class InternalAgentRequestBodyTooLargeError extends Error {
+  readonly status = HTTP_PAYLOAD_TOO_LARGE;
+
+  constructor(message = "Payload too large") {
+    super(message);
+    this.name = "InternalAgentRequestBodyTooLargeError";
+  }
+}
+
+export async function readInternalAgentRequestBody(
+  request: dntShim.Request,
+  maxBodyBytes = INTERNAL_AGENT_STREAM_MAX_BODY_BYTES,
+): Promise<string> {
+  if (!request.body) {
+    return "";
+  }
+
+  try {
+    return await readBodyWithLimit(request, maxBodyBytes);
+  } catch (error) {
+    if (
+      error instanceof VeryfrontError &&
+      error.slug === "input-validation-failed" &&
+      error.detail === "Request body exceeds size limit"
+    ) {
+      throw new InternalAgentRequestBodyTooLargeError();
+    }
+
+    throw error;
+  }
+}