work-agent 0.1.0

package/app/api/pi-chat/route.ts

@@ -0,0 +1,443 @@
+/**
+ * PI-Powered Chat API
+ *
+ * Intelligent chat endpoint using pi-coding-agent SDK for natural language understanding.
+ *
+ * Features:
+ * - General-purpose AI assistant with tool-based command execution
+ * - Dangerous commands are intercepted and require approval (via create_ticket tool or spawnHook)
+ * - All command executions are logged for audit
+ */
+
+import { NextRequest } from 'next/server';
+import { getOrCreateSession, eventToSSE, abortSession, searchKnowledgeContent } from '@/lib/pi-session';
+import { loadSkillContentByName as loadSkillContentByNameLoader } from '@/lib/skill-loader';
+import { updateSessionTitle, getUserByFeishuUnionId } from '@/lib/db';
+import { randomUUID } from 'crypto';
+
+// UUID 生成函数
+function generateUUID(): string {
+	return randomUUID();
+}
+
+/**
+ * 解析消息中的 @mentions，提取 skill 和知识库引用
+ */
+function parseMentions(message: string, userId?: string): {
+	enhancedMessage: string;
+	mentionedSkills: string[];
+	mentionedKb: { keywords: string; title: string }[];
+} {
+	const mentionedSkills: string[] = [];
+	const mentionedKb: { keywords: string; title: string }[] = [];
+	
+	// 提取 skill 提及（如 @docker 或 @美欣达仿真平台）
+	const skillMatches = message.matchAll(/@([\w\u4e00-\u9fa5]+)/g);
+	for (const match of skillMatches) {
+		const skillName = match[1];
+		// 排除已经在 skills 参数中指定的
+		if (!mentionedSkills.includes(skillName)) {
+			mentionedSkills.push(skillName);
+		}
+	}
+	
+	// 提取知识库提及（如 @doc:Docker）
+	const kbMatches = message.matchAll(/@doc:([^@\s]+)/g);
+	for (const match of kbMatches) {
+		const title = match[1];
+		mentionedKb.push({ keywords: title, title });
+	}
+	
+	// 动态加载 skill 内容并构建增强消息
+	let enhancedMessage = message;
+	
+	// 处理 skill 提及
+	for (const skillName of mentionedSkills) {
+		const skillContent = loadSkillContentByNameLoader(skillName, userId);
+		if (skillContent) {
+			// 在消息末尾注入 skill 内容作为参考
+			enhancedMessage += `\n\n--- 参考：Skill [${skillName}] ---\n${skillContent}`;
+		}
+	}
+	
+	// 处理知识库提及
+	for (const kb of mentionedKb) {
+		const kbContent = searchKnowledgeContent(kb.keywords);
+		if (kbContent) {
+			enhancedMessage += `\n\n--- 参考：知识库 [${kb.title}] ---\n${kbContent}`;
+		}
+	}
+	
+	return { enhancedMessage, mentionedSkills, mentionedKb };
+}
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+/**
+ * POST /api/pi-chat - Intelligent chat with PI agent
+ *
+ * Request body:
+ * {
+ *   message: string,
+ *   sessionId?: string,
+ *   userId?: string,
+ *   skills?: string[],
+ *   abort?: boolean  // If true, abort current operation before sending
+ * }
+ *
+ * Returns: Server-Sent Events stream
+ */
+export async function POST(request: NextRequest) {
+	try {
+		const body = await request.json();
+		const { message, sessionId, userId, skills = [], abort = false, source, sourceUserId } = body as {
+			message: string;
+			sessionId?: string;
+			userId?: string;
+			skills?: string[];
+			abort?: boolean;
+			source?: 'web' | 'feishu_bot' | 'api';
+			sourceUserId?: string;
+		};
+
+		if (!message || typeof message !== 'string') {
+			return Response.json(
+				{ error: 'Message is required and must be a string' },
+				{ status: 400 },
+			);
+		}
+
+		// 自动通过 unionId 映射系统用户ID
+		let effectiveUserId = userId || 'user';
+		if (source === 'feishu_bot' && sourceUserId) {
+			const feishuUser = getUserByFeishuUnionId(sourceUserId);
+			if (feishuUser) {
+				effectiveUserId = feishuUser.id;
+				console.log('[pi-chat] Mapped unionId to userId:', { sourceUserId, effectiveUserId });
+			} else {
+				console.log('[pi-chat] UnionId not found, using sourceUserId as userId:', { sourceUserId });
+			}
+		}
+
+		console.log('[pi-chat] Request:', { message, sessionId, userId: effectiveUserId, source, sourceUserId, skillsCount: skills.length, abort });
+
+		// 解析消息中的 @mentions（skill 和知识库）
+		const { enhancedMessage, mentionedSkills, mentionedKb } = parseMentions(message, userId);
+		console.log('[pi-chat] Parsed mentions:', { mentionedSkills, mentionedKb });
+
+		// Generate session ID if not provided
+		const effectiveSessionId = sessionId || generateUUID();
+		console.log('[pi-chat] Session ID:', effectiveSessionId);
+
+		// Get or create PI session
+		let sessionResult;
+		try {
+			sessionResult = await getOrCreateSession(effectiveSessionId, {
+				userId: effectiveUserId,
+				skills,
+				source,
+				sourceUserId,
+			});
+			console.log('[pi-chat] Session created/retrieved:', { isNew: sessionResult.isNew, restored: sessionResult.restored });
+		} catch (error) {
+			console.error('[pi-chat] Session creation error:', error);
+			return Response.json(
+				{ error: `Failed to create session: ${error instanceof Error ? error.message : 'Unknown error'}` },
+				{ status: 500 },
+			);
+		}
+
+		const { session, isNew, restored } = sessionResult;
+
+		// If abort flag is set, abort current operation first
+		if (abort) {
+			try {
+				await abortSession(effectiveSessionId);
+				console.log('[pi-chat] Aborted previous operation');
+			} catch (error) {
+				console.error('[pi-chat] Abort error:', error);
+			}
+		}
+
+		// Generate and save title for new sessions
+		// Use the user message directly since JSONL hasn't been written yet
+		if (isNew) {
+			try {
+				// Clean the message by removing @mentions and knowledge references
+				const cleanMessage = message
+					.replace(/@[\w\u4e00-\u9fa5]+/g, '') // Remove @mentions
+					.replace(/@doc:[^\s]+/g, '')        // Remove @doc references
+					.trim();
+
+				// Generate title from cleaned message (max 40 chars)
+				const title = cleanMessage.length > 40
+					? cleanMessage.substring(0, 40) + '...'
+					: cleanMessage;
+
+				updateSessionTitle(effectiveSessionId, title);
+				console.log('[pi-chat] Generated title for new session:', title);
+			} catch (error) {
+				console.warn('[pi-chat] Failed to generate title:', error);
+			}
+		}
+
+		// Create SSE stream
+		const encoder = new TextEncoder();
+		const stream = new ReadableStream({
+			async start(controller) {
+				// Track controller state to prevent operations on closed controller
+				let isControllerClosed = false;
+
+				// Heartbeat configuration
+				const HEARTBEAT_INTERVAL = 10000; // 10 seconds
+				const PROMPT_TIMEOUT = 5 * 60 * 1000; // 5 minutes
+				let heartbeatTimer: NodeJS.Timeout | null = null;
+				let timeoutTimer: NodeJS.Timeout | null = null;
+
+				// Helper to start heartbeat
+				const startHeartbeat = () => {
+					if (heartbeatTimer) return; // Prevent duplicate timers
+					heartbeatTimer = setInterval(() => {
+						safeEnqueue(encoder.encode(': heartbeat\n\n'));
+					}, HEARTBEAT_INTERVAL);
+				};
+
+				// Helper to stop heartbeat
+				const stopHeartbeat = () => {
+					if (heartbeatTimer) {
+						clearInterval(heartbeatTimer);
+						heartbeatTimer = null;
+					}
+				};
+
+				// Helper to start timeout protection
+				const startTimeout = (cleanup: () => void) => {
+					if (timeoutTimer) return;
+					timeoutTimer = setTimeout(() => {
+						console.error('[pi-chat] Prompt timeout after 5 minutes, aborting');
+						stopHeartbeat();
+						cleanup();
+						safeClose();
+					}, PROMPT_TIMEOUT);
+				};
+
+				// Helper to stop timeout protection
+				const stopTimeout = () => {
+					if (timeoutTimer) {
+						clearTimeout(timeoutTimer);
+						timeoutTimer = null;
+					}
+				};
+
+				// Helper to safely enqueue data
+				const safeEnqueue = (data: Uint8Array) => {
+					if (!isControllerClosed) {
+						try {
+							controller.enqueue(data);
+						} catch (error) {
+							// Controller may have been closed by client disconnect
+							isControllerClosed = true;
+							stopHeartbeat();
+							stopTimeout();
+							console.log('[pi-chat] Enqueue failed (controller likely closed):', error);
+						}
+					}
+				};
+
+				// Helper to safely close controller
+				const safeClose = () => {
+					if (!isControllerClosed) {
+						isControllerClosed = true;
+						stopHeartbeat();
+						stopTimeout();
+						try {
+							controller.close();
+						} catch (error) {
+							// Already closed, ignore
+						}
+					}
+				};
+
+				// Send session info if new or restored
+				if (isNew) {
+					safeEnqueue(
+						encoder.encode(
+							`data: ${JSON.stringify({ type: 'session_start', sessionId: effectiveSessionId })}\n\n`,
+						),
+					);
+				} else if (restored) {
+					// Session was restored after server restart
+					safeEnqueue(
+						encoder.encode(
+							`data: ${JSON.stringify({ type: 'session_restored', sessionId: effectiveSessionId })}\n\n`,
+						),
+					);
+				}
+
+				let agentFinished = false;
+
+				// Subscribe to PI events
+				const unsubscribe = session.subscribe((event) => {
+					console.log('[pi-chat] SSE event:', event.type,
+						event.type === 'message_end' ? JSON.stringify(event.message) : '');
+					const sse = eventToSSE(event);
+					if (sse) {
+						safeEnqueue(encoder.encode(sse));
+					}
+
+					// Detect when agent finishes
+					if (event.type === 'agent_end') {
+						agentFinished = true;
+					}
+				});
+
+				// Start heartbeat and timeout protection
+				startHeartbeat();
+				startTimeout(unsubscribe);
+
+				// Send the prompt to PI (使用增强后的消息)
+				try {
+					console.log('[pi-chat] Sending prompt:', enhancedMessage.substring(0, 100));
+					await session.prompt(enhancedMessage);
+					console.log('[pi-chat] Prompt completed');
+
+					// Wait a bit for any remaining events, then close
+					setTimeout(() => {
+						stopHeartbeat();
+						stopTimeout();
+						unsubscribe();
+						safeClose();
+					}, 500);
+				} catch (error) {
+					console.error('[pi-chat] Prompt error:', error);
+					// Log full error details for debugging
+					if (error instanceof Error) {
+						console.error('[pi-chat] Error name:', error.name);
+						console.error('[pi-chat] Error message:', error.message);
+						console.error('[pi-chat] Error stack:', error.stack);
+						// Check for API error details
+						const anyError = error as any;
+						if (anyError.status) {
+							console.error('[pi-chat] Error status:', anyError.status);
+						}
+						if (anyError.response) {
+							console.error('[pi-chat] Error response:', anyError.response);
+						}
+						if (anyError.body) {
+							console.error('[pi-chat] Error body:', anyError.body);
+						}
+					}
+					safeEnqueue(
+						encoder.encode(
+							`data: ${JSON.stringify({
+								type: 'error',
+								error: error instanceof Error ? error.message : 'Unknown error',
+								details: error instanceof Error ? error.name : undefined,
+							})}\n\n`,
+						),
+					);
+					stopHeartbeat();
+					stopTimeout();
+					unsubscribe();
+					safeClose();
+				}
+			},
+		});
+
+		return new Response(stream, {
+			headers: {
+				'Content-Type': 'text/event-stream',
+				'Cache-Control': 'no-cache',
+				'Connection': 'keep-alive',
+				'X-Accel-Buffering': 'no', // Disable nginx buffering
+			},
+		});
+	} catch (error) {
+		console.error('[pi-chat] Request error:', error);
+		return Response.json(
+			{
+				error: error instanceof Error ? error.message : 'Chat request failed',
+				details: error instanceof Error ? error.stack : undefined,
+			},
+			{ status: 500 },
+		);
+	}
+}
+
+/**
+ * GET /api/pi-chat - Get session info
+ *
+ * Query params:
+ * - sessionId: The session ID to query
+ */
+export async function GET(request: NextRequest) {
+	const { searchParams } = new URL(request.url);
+	const sessionId = searchParams.get('sessionId');
+
+	if (!sessionId) {
+		return Response.json(
+			{ error: 'sessionId is required' },
+			{ status: 400 },
+		);
+	}
+
+	const { getActiveSessions, hasSession } = await import('@/lib/pi-session');
+
+	return Response.json({
+		sessionId,
+		exists: hasSession(sessionId),
+		allSessions: getActiveSessions(),
+	});
+}
+
+/**
+ * PUT /api/pi-chat - Abort current operation
+ *
+ * Query params:
+ * - sessionId: The session ID to abort
+ */
+export async function PUT(request: NextRequest) {
+	const { searchParams } = new URL(request.url);
+	const sessionId = searchParams.get('sessionId');
+
+	if (!sessionId) {
+		return Response.json(
+			{ error: 'sessionId is required' },
+			{ status: 400 },
+		);
+	}
+
+	try {
+		await abortSession(sessionId);
+		return Response.json({ success: true, message: 'Session aborted' });
+	} catch (error) {
+		return Response.json(
+			{ error: error instanceof Error ? error.message : 'Abort failed' },
+			{ status: 500 },
+		);
+	}
+}
+
+/**
+ * DELETE /api/pi-chat - Clean up a session
+ *
+ * Query params:
+ * - sessionId: The session ID to delete
+ */
+export async function DELETE(request: NextRequest) {
+	const { searchParams } = new URL(request.url);
+	const sessionId = searchParams.get('sessionId');
+
+	if (!sessionId) {
+		return Response.json(
+			{ error: 'sessionId is required' },
+			{ status: 400 },
+		);
+	}
+
+	const { cleanupSession } = await import('@/lib/pi-session');
+	cleanupSession(sessionId);
+
+	return Response.json({ success: true, sessionId });
+}

package/app/api/recommend/route.ts

@@ -0,0 +1,38 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { recommendForContext, getPersonalizedRecommendations, getPopularSkills } from '@/lib/recommendation';
+
+export async function GET(request: NextRequest) {
+	try {
+		const userId = request.nextUrl.searchParams.get('userId');
+		const query = request.nextUrl.searchParams.get('query');
+		const type = request.nextUrl.searchParams.get('type') || 'popular';
+		const limit = parseInt(request.nextUrl.searchParams.get('limit') || '5');
+
+		let recommendations;
+
+		if (type === 'context' && query) {
+			// 基于上下文的推荐
+			if (!userId) {
+				return NextResponse.json(
+					{ error: '需要userId参数' },
+					{ status: 400 }
+				);
+			}
+			recommendations = recommendForContext(query, userId);
+		} else if (type === 'personalized' && userId) {
+			// 个性化推荐
+			recommendations = getPersonalizedRecommendations(userId, limit);
+		} else {
+			// 热门推荐（默认）
+			recommendations = getPopularSkills(limit);
+		}
+
+		return NextResponse.json({ recommendations });
+	} catch (error) {
+		console.error('Get recommendations failed:', error);
+		return NextResponse.json(
+			{ error: '获取推荐失败' },
+			{ status: 500 }
+		);
+	}
+}

package/app/api/scheduled-tasks/[id]/execute/route.ts

@@ -0,0 +1,132 @@
+/**
+ * 手动执行定时任务 API - POST
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getScheduledTask, createAuditLog } from '@/lib/db';
+import { triggerTaskExecution } from '@/lib/scheduler';
+
+type RouteContext = {
+	params: Promise<{ id: string }>;
+};
+
+/**
+ * 检查请求是否来自浏览器
+ */
+function isBrowserRequest(request: NextRequest): boolean {
+	const userAgent = request.headers.get('user-agent') || '';
+
+	// 检查是否是常见的程序化调用工具
+	const automatedAgents = ['curl', 'wget', 'python', 'node', 'axios', 'fetch', 'httpie'];
+	const isAutomated = automatedAgents.some(agent =>
+		userAgent.toLowerCase().includes(agent)
+	);
+
+	// 如果是程序化调用，返回 false
+	if (isAutomated) {
+		return false;
+	}
+
+	// 检查是否有 Origin 或 Referer header（浏览器请求通常会有）
+	const origin = request.headers.get('origin');
+	const referer = request.headers.get('referer');
+
+	// 有 origin 或 referer 的话很可能是浏览器
+	return !!(origin || referer);
+}
+
+/**
+ * POST /api/scheduled-tasks/[id]/execute - 手动执行定时任务
+ */
+export async function POST(request: NextRequest, context: RouteContext) {
+	try {
+		const { id } = await context.params;
+		const body = await request.json();
+		const { userId } = body;
+
+		// CRITICAL-1: 安全检查 - 执行请求必须来自浏览器
+		if (!isBrowserRequest(request)) {
+			console.warn(`[execute] Blocked automated execution request for scheduled task ${id}. User-Agent: ${request.headers.get('user-agent')}`);
+
+			await createAuditLog({
+				action: 'blocked_automated_execution',
+				userId: userId || 'unknown',
+				details: {
+					taskId: id,
+					userAgent: request.headers.get('user-agent'),
+					reason: 'Execution must be done through the web interface'
+				},
+				status: 'failure',
+			});
+
+			return NextResponse.json(
+				{
+					error: '执行操作必须通过网页界面进行',
+					message: '出于安全考虑，执行定时任务不能通过 API 自动调用。请在定时任务管理界面进行执行。'
+				},
+				{ status: 403 },
+			);
+		}
+
+		// IMPORTANT-3: 输入验证 - userId 必填
+		if (!userId || typeof userId !== 'string' || userId.trim().length === 0) {
+			return NextResponse.json(
+				{ error: '缺少必填字段: userId' },
+				{ status: 400 },
+			);
+		}
+
+		// 获取任务
+		const task = await getScheduledTask(id);
+		if (!task) {
+			return NextResponse.json(
+				{ error: '定时任务不存在' },
+				{ status: 404 },
+			);
+		}
+
+		// IMPORTANT-1: 验证任务状态 - 只有激活状态的任务可以手动执行
+		if (task.status !== 'active') {
+			return NextResponse.json(
+				{
+					error: `任务状态为 ${task.status}，无法执行。只有激活状态的任务可以手动执行。`
+				},
+				{ status: 400 },
+			);
+		}
+
+		// 触发执行
+		const result = await triggerTaskExecution(id);
+
+		if (!result.success) {
+			return NextResponse.json(
+				{ error: result.error || '执行失败' },
+				{ status: 500 },
+			);
+		}
+
+		// IMPORTANT-2: 只在成功执行后才创建审计日志
+		await createAuditLog({
+			action: 'scheduled_task_manual_trigger',
+			userId,
+			details: {
+				taskId: id,
+				title: task.title,
+				command: task.command,
+			},
+			status: 'success',
+		});
+
+		return NextResponse.json({
+			success: true,
+			message: '任务已开始执行',
+		});
+	} catch (error) {
+		console.error('[scheduled-task-execute] Error executing task:', error);
+
+		return NextResponse.json(
+			{ error: error instanceof Error ? error.message : '执行定时任务失败' },
+			{ status: 500 },
+		);
+	}
+}