beadhub 0.1.0__py3-none-any.whl

beadhub/routes/init.py

@@ -0,0 +1,348 @@
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from uuid import UUID
+
+from aweb.auth import validate_project_slug
+from aweb.bootstrap import BootstrapIdentityResult, bootstrap_identity
+from fastapi import APIRouter, Depends, HTTPException, Request
+from pydantic import BaseModel, ConfigDict, Field, field_validator
+
+from beadhub.beads_sync import is_valid_alias, is_valid_human_name
+from beadhub.db import DatabaseInfra, get_db_infra
+from beadhub.names import CLASSIC_NAMES
+from beadhub.rate_limit import enforce_init_rate_limit
+from beadhub.redis_client import get_redis
+from beadhub.roles import ROLE_MAX_LENGTH, is_valid_role, normalize_role, role_to_alias_prefix
+from beadhub.routes.repos import canonicalize_git_url, extract_repo_name
+
+router = APIRouter(prefix="/v1/init", tags=["init"])
+
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+class InitRequest(BaseModel):
+    """Bootstrap an aweb identity and (optionally) a BeadHub workspace."""
+
+    model_config = ConfigDict(extra="forbid")
+
+    # aweb identity fields (protocol)
+    project_slug: str = Field(default="", max_length=256)
+    project_name: str = Field(default="", max_length=256)
+    alias: str | None = Field(default=None, min_length=1, max_length=64)
+    human_name: str = Field(default="", max_length=64)
+    agent_type: str = Field(default="agent", max_length=32)
+
+    # beadhub extension fields (optional)
+    repo_origin: str | None = Field(default=None, max_length=2048)
+    role: str = Field(default="agent", max_length=ROLE_MAX_LENGTH)
+    hostname: str = Field(default="", max_length=255)
+    workspace_path: str = Field(default="", max_length=4096)
+
+    @field_validator("project_slug")
+    @classmethod
+    def _validate_project_slug(cls, v: str) -> str:
+        v = (v or "").strip()
+        if not v:
+            return ""
+        return validate_project_slug(v)
+
+    @field_validator("alias")
+    @classmethod
+    def _validate_alias(cls, v: str | None) -> str | None:
+        if v is None:
+            return None
+        v = v.strip()
+        if not v:
+            return None
+        if not is_valid_alias(v):
+            raise ValueError("Invalid alias format")
+        return v
+
+    @field_validator("human_name")
+    @classmethod
+    def _validate_human_name(cls, v: str) -> str:
+        v = (v or "").strip()
+        if v and not is_valid_human_name(v):
+            raise ValueError("Invalid human_name format")
+        return v
+
+    @field_validator("role")
+    @classmethod
+    def _validate_role(cls, v: str) -> str:
+        v = normalize_role((v or "").strip()) or "agent"
+        if not is_valid_role(v):
+            raise ValueError("Invalid role format")
+        return v
+
+    @field_validator("hostname")
+    @classmethod
+    def _validate_hostname(cls, v: str) -> str:
+        v = (v or "").strip()
+        if v and ("\x00" in v or any(ord(c) < 32 for c in v)):
+            raise ValueError(
+                "hostname contains invalid characters (null bytes or control characters)"
+            )
+        return v
+
+    @field_validator("workspace_path")
+    @classmethod
+    def _validate_workspace_path(cls, v: str) -> str:
+        v = (v or "").strip()
+        if v and ("\x00" in v or any(ord(c) < 32 and c not in "\t\n" for c in v)):
+            raise ValueError(
+                "workspace_path contains invalid characters (null bytes or control characters)"
+            )
+        return v
+
+
+class InitResponse(BaseModel):
+    status: str = "ok"
+    created_at: str
+    api_key: str
+    project_id: str
+    project_slug: str
+    agent_id: str
+    repo_id: str | None = None
+    canonical_origin: str | None = None
+    workspace_id: str | None = None
+    alias: str
+    created: bool = False
+    workspace_created: bool = False
+
+
+async def _infer_project_slug_from_repo(
+    db_infra: DatabaseInfra, *, canonical_origin: str
+) -> str | None:
+    server_db = db_infra.get_manager("server")
+    row = await server_db.fetch_one(
+        """
+        SELECT p.slug
+        FROM {{tables.repos}} r
+        JOIN {{tables.projects}} p ON r.project_id = p.id AND p.deleted_at IS NULL
+        WHERE r.canonical_origin = $1 AND r.deleted_at IS NULL
+        """,
+        canonical_origin,
+    )
+    if not row:
+        return None
+    slug = (row.get("slug") or "").strip()
+    return slug or None
+
+
+async def _suggest_name_prefix_for_project(db_infra: DatabaseInfra, *, project_id: str) -> str:
+    aweb_db = db_infra.get_manager("aweb")
+    rows = await aweb_db.fetch_all(
+        """
+        SELECT alias
+        FROM {{tables.agents}}
+        WHERE project_id = $1 AND deleted_at IS NULL
+        ORDER BY alias
+        """,
+        UUID(project_id),
+    )
+
+    used_prefixes: set[str] = set()
+    for row in rows:
+        alias = (row.get("alias") or "").strip()
+        if not alias:
+            continue
+        parts = alias.split("-")
+        if len(parts) >= 2 and parts[1].isdigit():
+            prefix = f"{parts[0]}-{parts[1]}".lower()
+        else:
+            prefix = parts[0].lower()
+        if prefix:
+            used_prefixes.add(prefix)
+
+    for name in CLASSIC_NAMES:
+        if name not in used_prefixes:
+            return name
+
+    for num in range(1, 100):
+        for name in CLASSIC_NAMES:
+            numbered = f"{name}-{num:02d}"
+            if numbered not in used_prefixes:
+                return numbered
+
+    raise HTTPException(
+        status_code=409,
+        detail=f"All name prefixes are taken (tried {len(CLASSIC_NAMES)} names × 100 variants).",
+    )
+
+
+@router.post("", response_model=InitResponse)
+async def init(
+    request: Request,
+    payload: InitRequest,
+    db_infra: DatabaseInfra = Depends(get_db_infra),
+    redis=Depends(get_redis),
+) -> InitResponse:
+    """Bootstrap identity and optionally register a BeadHub workspace.
+
+    - Always mints a new `aw_sk_*` API key for the created/ensured agent.
+    - If `repo_origin` is provided, also ensures the repo and creates a BeadHub workspace
+      using `workspace_id = agent_id` (v1 mapping).
+    """
+    await enforce_init_rate_limit(request, redis)
+
+    canonical_origin: str | None = None
+    if payload.repo_origin is not None:
+        canonical_origin = canonicalize_git_url(payload.repo_origin)
+
+    project_slug = payload.project_slug
+    if not project_slug:
+        if canonical_origin is None:
+            raise HTTPException(status_code=422, detail="project_slug is required")
+        inferred = await _infer_project_slug_from_repo(db_infra, canonical_origin=canonical_origin)
+        if inferred is None:
+            raise HTTPException(status_code=422, detail="project_not_found: repo not registered")
+        project_slug = inferred
+
+    alias = (payload.alias or "").strip() or None
+    if alias is None and canonical_origin is not None:
+        from aweb.bootstrap import ensure_project
+
+        ensured = await ensure_project(
+            db_infra, project_slug=project_slug, project_name=payload.project_name or project_slug
+        )
+        prefix = await _suggest_name_prefix_for_project(db_infra, project_id=ensured.project_id)
+        alias = f"{prefix}-{role_to_alias_prefix(payload.role)}"
+
+    identity: BootstrapIdentityResult = await bootstrap_identity(
+        db_infra,
+        project_slug=project_slug,
+        project_name=payload.project_name or project_slug,
+        alias=alias,
+        human_name=payload.human_name or "",
+        agent_type=payload.agent_type,
+    )
+
+    if canonical_origin is None:
+        return InitResponse(
+            created_at=_now_iso(),
+            api_key=identity.api_key,
+            project_id=identity.project_id,
+            project_slug=identity.project_slug,
+            agent_id=identity.agent_id,
+            alias=identity.alias,
+            created=identity.created,
+        )
+
+    server_db = db_infra.get_manager("server")
+
+    repo_name = extract_repo_name(canonical_origin)
+    workspace_created = False
+
+    async with server_db.transaction() as tx:
+        await tx.execute(
+            """
+            INSERT INTO {{tables.projects}} (id, tenant_id, slug, name, deleted_at)
+            VALUES ($1, NULL, $2, $3, NULL)
+            ON CONFLICT (id)
+            DO UPDATE SET slug = EXCLUDED.slug, name = EXCLUDED.name, deleted_at = NULL
+            """,
+            UUID(identity.project_id),
+            identity.project_slug,
+            identity.project_name or None,
+        )
+
+        repo = await tx.fetch_one(
+            """
+            INSERT INTO {{tables.repos}} (project_id, origin_url, canonical_origin, name)
+            VALUES ($1, $2, $3, $4)
+            ON CONFLICT (project_id, canonical_origin)
+            DO UPDATE SET origin_url = EXCLUDED.origin_url, deleted_at = NULL
+            RETURNING id
+            """,
+            UUID(identity.project_id),
+            payload.repo_origin,
+            canonical_origin,
+            repo_name,
+        )
+        repo_id = str(repo["id"])
+
+        existing = await tx.fetch_one(
+            """
+            SELECT
+                w.workspace_id,
+                w.repo_id,
+                w.alias,
+                r.canonical_origin AS existing_canonical_origin
+            FROM {{tables.workspaces}} w
+            LEFT JOIN {{tables.repos}} r ON w.repo_id = r.id
+            WHERE w.workspace_id = $1 AND w.project_id = $2
+            """,
+            UUID(identity.agent_id),
+            UUID(identity.project_id),
+        )
+
+        if existing is None:
+            workspace_created = True
+            await tx.execute(
+                """
+                INSERT INTO {{tables.workspaces}}
+                    (workspace_id, project_id, repo_id, alias, human_name, role, hostname, workspace_path)
+                VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
+                """,
+                UUID(identity.agent_id),
+                UUID(identity.project_id),
+                UUID(repo_id),
+                identity.alias,
+                payload.human_name or "",
+                payload.role,
+                payload.hostname or None,
+                payload.workspace_path or None,
+            )
+        else:
+            existing_repo_id = existing.get("repo_id")
+            existing_canonical = existing.get("existing_canonical_origin")
+            if existing_repo_id is None or str(existing_repo_id) != repo_id:
+                raise HTTPException(
+                    status_code=409,
+                    detail=(
+                        "workspace_repo_mismatch: "
+                        f"alias '{identity.alias}' (workspace_id={identity.agent_id}) is already registered "
+                        f"for repo '{existing_canonical or existing_repo_id}'. "
+                        f"Cannot initialize the same agent for repo '{canonical_origin}'. "
+                        "Choose a different alias (new agent/worktree) or initialize from the original repo."
+                    ),
+                )
+
+            await tx.execute(
+                """
+                UPDATE {{tables.workspaces}}
+                SET repo_id = $3,
+                    alias = $4,
+                    human_name = $5,
+                    role = $6,
+                    hostname = $7,
+                    workspace_path = $8,
+                    deleted_at = NULL
+                WHERE workspace_id = $1 AND project_id = $2
+                """,
+                UUID(identity.agent_id),
+                UUID(identity.project_id),
+                UUID(repo_id),
+                identity.alias,
+                payload.human_name or "",
+                payload.role,
+                payload.hostname or None,
+                payload.workspace_path or None,
+            )
+
+    return InitResponse(
+        created_at=_now_iso(),
+        api_key=identity.api_key,
+        project_id=identity.project_id,
+        project_slug=identity.project_slug,
+        agent_id=identity.agent_id,
+        repo_id=repo_id,
+        canonical_origin=canonical_origin,
+        workspace_id=identity.agent_id,
+        alias=identity.alias,
+        created=identity.created,
+        workspace_created=workspace_created,
+    )

beadhub/routes/mcp.py

@@ -0,0 +1,338 @@
+from __future__ import annotations
+
+import json
+import logging
+from typing import Any
+from uuid import UUID
+
+from fastapi import APIRouter, Depends, HTTPException, Request
+from redis.asyncio import Redis
+
+from beadhub.auth import verify_workspace_access
+
+from ..db import DatabaseInfra, get_db_infra
+from ..presence import (
+    get_workspace_ids_by_project_id,
+    list_agent_presences_by_workspace_ids,
+    update_agent_presence,
+)
+from ..redis_client import get_redis
+from .beads import beads_ready as http_beads_ready
+from .beads import get_issue_by_bead_id as http_get_issue
+from .escalations import (
+    CreateEscalationRequest,
+    CreateEscalationResponse,
+    create_escalation,
+)
+from .escalations import get_escalation as http_get_escalation
+from .status import status as http_status
+from .subscriptions import SubscribeRequest
+from .subscriptions import list_subscriptions as http_list_subscriptions
+from .subscriptions import subscribe as http_subscribe
+from .subscriptions import unsubscribe as http_unsubscribe
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(tags=["mcp"])
+
+
+def _rpc_error(id_value: Any, code: int, message: str, data: Any | None = None) -> dict[str, Any]:
+    error: dict[str, Any] = {"code": code, "message": message}
+    if data is not None:
+        error["data"] = data
+    return {"jsonrpc": "2.0", "id": id_value, "error": error}
+
+
+def _rpc_result(id_value: Any, payload: Any) -> dict[str, Any]:
+    # MCP clients expect text content with a JSON string payload.
+    return {
+        "jsonrpc": "2.0",
+        "id": id_value,
+        "result": {"content": [{"type": "text", "text": json.dumps(payload)}]},
+    }
+
+
+@router.post("/mcp")
+async def mcp_entry(
+    request: Request,
+    payload: dict[str, Any],
+    redis: Redis = Depends(get_redis),
+    db_infra: DatabaseInfra = Depends(get_db_infra),
+) -> dict[str, Any]:
+    """JSON-RPC 2.0 entrypoint for BeadHub MCP tools.
+
+    Clean-slate split:
+    - mail/chat/locks live in aweb and are not exposed here
+    - this surface is bead/workspace specific (ready issues, subscriptions, status, escalations)
+    """
+    rpc_id = payload.get("id")
+    if payload.get("jsonrpc") != "2.0":
+        return _rpc_error(rpc_id, -32600, "Invalid jsonrpc version")
+    if payload.get("method") != "tools/call":
+        return _rpc_error(rpc_id, -32601, "Method not found")
+
+    params = payload.get("params") or {}
+    name = params.get("name")
+    arguments = params.get("arguments") or {}
+    if not isinstance(name, str):
+        return _rpc_error(rpc_id, -32602, "Tool name must be a string")
+    if not isinstance(arguments, dict):
+        return _rpc_error(rpc_id, -32602, "Tool arguments must be an object")
+
+    try:
+        if name == "register_agent":
+            result = await _tool_register_agent(request, redis, db_infra, arguments)
+        elif name == "list_agents":
+            result = await _tool_list_agents(request, redis, db_infra, arguments)
+        elif name == "status":
+            result = await _tool_status(request, redis, db_infra, arguments)
+        elif name == "get_ready_issues":
+            result = await _tool_get_ready_issues(request, db_infra, arguments)
+        elif name == "get_issue":
+            result = await _tool_get_issue(request, db_infra, arguments)
+        elif name == "subscribe_to_bead":
+            result = await _tool_subscribe_to_bead(request, db_infra, arguments)
+        elif name == "list_subscriptions":
+            result = await _tool_list_subscriptions(request, db_infra, arguments)
+        elif name == "unsubscribe":
+            result = await _tool_unsubscribe(request, db_infra, arguments)
+        elif name == "escalate":
+            result = await _tool_escalate(request, redis, db_infra, arguments)
+        elif name == "get_escalation":
+            result = await _tool_get_escalation(request, db_infra, arguments)
+        else:
+            return _rpc_error(rpc_id, -32601, f"Unknown tool: {name}")
+    except HTTPException as exc:
+        return _rpc_error(rpc_id, exc.status_code, str(exc.detail))
+    except Exception:
+        logger.exception("MCP tool call failed: %s", name)
+        return _rpc_error(rpc_id, -32000, "Internal error")
+
+    return _rpc_result(rpc_id, result)
+
+
+async def _tool_register_agent(
+    request: Request,
+    redis: Redis,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    workspace_id = str(args.get("workspace_id") or "").strip()
+    alias = str(args.get("alias") or "").strip()
+    human_name = str(args.get("human_name") or "").strip()
+    program = str(args.get("program") or "").strip() or None
+    model = str(args.get("model") or "").strip() or None
+    role = str(args.get("role") or "").strip() or None
+
+    if not workspace_id or not alias:
+        raise HTTPException(status_code=422, detail="workspace_id and alias are required")
+
+    project_id = await verify_workspace_access(request, workspace_id, db_infra)
+    await update_agent_presence(
+        redis,
+        workspace_id=workspace_id,
+        alias=alias,
+        human_name=human_name,
+        project_id=project_id,
+        project_slug=None,
+        repo_id=None,
+        program=program,
+        model=model,
+        current_branch=None,
+        role=role,
+        ttl_seconds=1800,
+    )
+    return {"ok": True}
+
+
+async def _tool_list_agents(
+    request: Request,
+    redis: Redis,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    workspace_id = str(args.get("workspace_id") or "").strip()
+    if not workspace_id:
+        raise HTTPException(status_code=422, detail="workspace_id is required")
+    project_id = await verify_workspace_access(request, workspace_id, db_infra)
+    workspace_ids = await get_workspace_ids_by_project_id(redis, project_id)
+    agents = await list_agent_presences_by_workspace_ids(redis, workspace_ids)
+    return {"agents": agents}
+
+
+async def get_workspace_project_id_or_404(db_infra: DatabaseInfra, workspace_id: str) -> str:
+    server_db = db_infra.get_manager("server")
+    row = await server_db.fetch_one(
+        "SELECT project_id, deleted_at FROM {{tables.workspaces}} WHERE workspace_id = $1",
+        workspace_id,
+    )
+    if not row:
+        raise HTTPException(status_code=404, detail="Workspace not found")
+    if row.get("deleted_at") is not None:
+        raise HTTPException(status_code=410, detail="Workspace was deleted")
+    return str(row["project_id"])
+
+
+async def _tool_status(
+    request: Request,
+    redis: Redis,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    workspace_id = str(args.get("workspace_id") or "").strip()
+    if not workspace_id:
+        raise HTTPException(status_code=422, detail="workspace_id is required")
+    await verify_workspace_access(request, workspace_id, db_infra)
+    return await http_status(request, workspace_id=workspace_id, redis=redis, db_infra=db_infra)
+
+
+async def _tool_get_ready_issues(
+    request: Request,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    workspace_id = str(args.get("workspace_id") or "").strip()
+    repo = str(args.get("repo") or "").strip() or None
+    branch = str(args.get("branch") or "").strip() or None
+    limit_raw = args.get("limit")
+    limit = 10
+    if limit_raw is not None:
+        try:
+            limit = int(limit_raw)
+        except (TypeError, ValueError):
+            raise HTTPException(status_code=422, detail="limit must be an integer")
+    if not workspace_id:
+        raise HTTPException(status_code=422, detail="workspace_id is required")
+    await verify_workspace_access(request, workspace_id, db_infra)
+    return await http_beads_ready(
+        request,
+        workspace_id=workspace_id,
+        repo=repo,
+        branch=branch,
+        limit=limit,
+        db_infra=db_infra,
+    )
+
+
+async def _tool_get_issue(
+    request: Request,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    bead_id = str(args.get("bead_id") or "").strip()
+    if not bead_id:
+        raise HTTPException(status_code=422, detail="bead_id is required")
+    # get_issue endpoint already enforces project scoping.
+    return await http_get_issue(bead_id=bead_id, request=request, db_infra=db_infra)
+
+
+async def _tool_subscribe_to_bead(
+    request: Request,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    workspace_id = str(args.get("workspace_id") or "").strip()
+    bead_id = str(args.get("bead_id") or "").strip()
+    repo = args.get("repo")
+    event_types = args.get("event_types")
+    if not workspace_id or not bead_id:
+        raise HTTPException(status_code=422, detail="workspace_id and bead_id are required")
+    project_id = await verify_workspace_access(request, workspace_id, db_infra)
+    alias = await _get_workspace_alias_or_403(db_infra, project_id, workspace_id)
+    payload_kwargs: dict[str, Any] = {
+        "workspace_id": workspace_id,
+        "alias": alias,
+        "bead_id": bead_id,
+        "repo": repo,
+    }
+    if isinstance(event_types, list):
+        payload_kwargs["event_types"] = event_types
+    payload = SubscribeRequest.model_validate(payload_kwargs)
+    response = await http_subscribe(payload=payload, request=request, db_infra=db_infra)
+    return response.model_dump()
+
+
+async def _tool_list_subscriptions(
+    request: Request,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    workspace_id = str(args.get("workspace_id") or "").strip()
+    if not workspace_id:
+        raise HTTPException(status_code=422, detail="workspace_id is required")
+    project_id = await verify_workspace_access(request, workspace_id, db_infra)
+    alias = await _get_workspace_alias_or_403(db_infra, project_id, workspace_id)
+    response = await http_list_subscriptions(
+        request=request,
+        workspace_id=workspace_id,
+        alias=alias,
+        db_infra=db_infra,
+    )
+    return response.model_dump()
+
+
+async def _tool_unsubscribe(
+    request: Request,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    workspace_id = str(args.get("workspace_id") or "").strip()
+    subscription_id = str(args.get("subscription_id") or "").strip()
+    if not workspace_id or not subscription_id:
+        raise HTTPException(status_code=422, detail="workspace_id and subscription_id are required")
+    project_id = await verify_workspace_access(request, workspace_id, db_infra)
+    alias = await _get_workspace_alias_or_403(db_infra, project_id, workspace_id)
+    response = await http_unsubscribe(
+        request=request,
+        subscription_id=subscription_id,
+        workspace_id=workspace_id,
+        alias=alias,
+        db_infra=db_infra,
+    )
+    return response.model_dump()
+
+
+async def _get_workspace_alias_or_403(
+    db_infra: DatabaseInfra, project_id: str, workspace_id: str
+) -> str:
+    server_db = db_infra.get_manager("server")
+    row = await server_db.fetch_one(
+        """
+        SELECT alias
+        FROM {{tables.workspaces}}
+        WHERE workspace_id = $1 AND project_id = $2 AND deleted_at IS NULL
+        """,
+        UUID(workspace_id),
+        UUID(project_id),
+    )
+    if not row:
+        raise HTTPException(
+            status_code=403, detail="Workspace not found or does not belong to your project"
+        )
+    return row["alias"]
+
+
+async def _tool_escalate(
+    request: Request,
+    redis: Redis,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    payload = CreateEscalationRequest.model_validate(args)
+    response: CreateEscalationResponse = await create_escalation(
+        request=request, payload=payload, redis=redis, db_infra=db_infra
+    )
+    return response.model_dump()
+
+
+async def _tool_get_escalation(
+    request: Request,
+    db_infra: DatabaseInfra,
+    args: dict[str, Any],
+) -> dict[str, Any]:
+    escalation_id = str(args.get("escalation_id") or "").strip()
+    if not escalation_id:
+        raise HTTPException(status_code=422, detail="escalation_id is required")
+    return await http_get_escalation(
+        escalation_id=escalation_id, request=request, db_infra=db_infra
+    )