codex-autorunner 1.0.0__py3-none-any.whl → 1.2.0__py3-none-any.whl

codex_autorunner/surfaces/web/routes/repos.py

@@ -0,0 +1,197 @@
+"""
+Repository run control routes: start, stop, resume, reset, kill.
+"""
+
+from typing import Optional
+
+from fastapi import APIRouter, HTTPException, Request
+
+from ....core.runtime import LockError, clear_stale_lock
+from ....core.state import RunnerState, load_state, now_iso, save_state, state_lock
+from ..schemas import (
+    RunControlRequest,
+    RunControlResponse,
+    RunResetResponse,
+    RunStatusResponse,
+)
+
+
+def _normalize_override(value: Optional[str]) -> Optional[str]:
+    if not isinstance(value, str):
+        return None
+    trimmed = value.strip()
+    return trimmed or None
+
+
+def _apply_run_overrides(request: Request, payload: RunControlRequest) -> None:
+    engine = request.app.state.engine
+    agent = _normalize_override(payload.agent)
+    model = _normalize_override(payload.model)
+    reasoning = _normalize_override(payload.reasoning)
+    fields_set = getattr(payload, "model_fields_set", set())
+    agent_set = "agent" in fields_set
+    model_set = "model" in fields_set
+    reasoning_set = "reasoning" in fields_set
+    if not (agent_set or model_set or reasoning_set):
+        return
+    with state_lock(engine.state_path):
+        state = load_state(engine.state_path)
+        new_state = RunnerState(
+            last_run_id=state.last_run_id,
+            status=state.status,
+            last_exit_code=state.last_exit_code,
+            last_run_started_at=state.last_run_started_at,
+            last_run_finished_at=state.last_run_finished_at,
+            autorunner_agent_override=(
+                agent if agent_set else state.autorunner_agent_override
+            ),
+            autorunner_model_override=(
+                model if model_set else state.autorunner_model_override
+            ),
+            autorunner_effort_override=(
+                reasoning if reasoning_set else state.autorunner_effort_override
+            ),
+            autorunner_approval_policy=state.autorunner_approval_policy,
+            autorunner_sandbox_mode=state.autorunner_sandbox_mode,
+            autorunner_workspace_write_network=state.autorunner_workspace_write_network,
+            runner_pid=state.runner_pid,
+            sessions=state.sessions,
+            repo_to_session=state.repo_to_session,
+        )
+        save_state(engine.state_path, new_state)
+
+
+def build_repos_routes() -> APIRouter:
+    """Build routes for run control."""
+    router = APIRouter()
+
+    @router.post("/api/run/start", response_model=RunControlResponse)
+    def start_run(request: Request, payload: Optional[RunControlRequest] = None):
+        manager = request.app.state.manager
+        logger = request.app.state.logger
+        once = payload.once if payload else False
+        try:
+            logger.info("run/start once=%s", once)
+        except Exception:
+            pass
+        if payload:
+            _apply_run_overrides(request, payload)
+        try:
+            manager.start(once=once)
+        except LockError as exc:
+            raise HTTPException(status_code=409, detail=str(exc)) from exc
+        return {"running": manager.running, "once": once}
+
+    @router.post("/api/run/stop", response_model=RunStatusResponse)
+    def stop_run(request: Request):
+        manager = request.app.state.manager
+        logger = request.app.state.logger
+        try:
+            logger.info("run/stop requested")
+        except Exception:
+            pass
+        manager.stop()
+        return {"running": manager.running}
+
+    @router.post("/api/run/kill", response_model=RunStatusResponse)
+    def kill_run(request: Request):
+        engine = request.app.state.engine
+        manager = request.app.state.manager
+        logger = request.app.state.logger
+        try:
+            logger.info("run/kill requested")
+        except Exception:
+            pass
+        manager.kill()
+        with state_lock(engine.state_path):
+            state = load_state(engine.state_path)
+            new_state = RunnerState(
+                last_run_id=state.last_run_id,
+                status="error",
+                last_exit_code=137,
+                last_run_started_at=state.last_run_started_at,
+                last_run_finished_at=now_iso(),
+                autorunner_agent_override=state.autorunner_agent_override,
+                autorunner_model_override=state.autorunner_model_override,
+                autorunner_effort_override=state.autorunner_effort_override,
+                autorunner_approval_policy=state.autorunner_approval_policy,
+                autorunner_sandbox_mode=state.autorunner_sandbox_mode,
+                autorunner_workspace_write_network=state.autorunner_workspace_write_network,
+                runner_pid=None,
+                sessions=state.sessions,
+                repo_to_session=state.repo_to_session,
+            )
+            save_state(engine.state_path, new_state)
+        clear_stale_lock(engine.lock_path)
+        engine.reconcile_run_index()
+        return {"running": manager.running}
+
+    @router.post("/api/run/clear-lock", response_model=RunStatusResponse)
+    def clear_lock(request: Request):
+        manager = request.app.state.manager
+        logger = request.app.state.logger
+        try:
+            logger.info("run/clear-lock requested")
+        except Exception:
+            pass
+        assessment = manager.clear_freeable_lock()
+        if not assessment.freeable:
+            detail = "Lock is still active; cannot clear."
+            if assessment.pid:
+                detail = f"Lock pid {assessment.pid} is still active; cannot clear."
+            raise HTTPException(status_code=409, detail=detail)
+        return {"running": manager.running}
+
+    @router.post("/api/run/resume", response_model=RunControlResponse)
+    def resume_run(request: Request, payload: Optional[RunControlRequest] = None):
+        manager = request.app.state.manager
+        logger = request.app.state.logger
+        once = payload.once if payload else False
+        try:
+            logger.info("run/resume once=%s", once)
+        except Exception:
+            pass
+        try:
+            manager.resume(once=once)
+        except LockError as exc:
+            raise HTTPException(status_code=409, detail=str(exc)) from exc
+        return {"running": manager.running, "once": once}
+
+    @router.post("/api/run/reset", response_model=RunResetResponse)
+    def reset_runner(request: Request):
+        engine = request.app.state.engine
+        manager = request.app.state.manager
+        logger = request.app.state.logger
+        if manager.running:
+            raise HTTPException(
+                status_code=409, detail="Cannot reset while runner is active"
+            )
+        try:
+            logger.info("run/reset requested")
+        except Exception:
+            pass
+        with state_lock(engine.state_path):
+            current_state = load_state(engine.state_path)
+            engine.lock_path.unlink(missing_ok=True)
+            initial_state = RunnerState(
+                last_run_id=None,
+                status="idle",
+                last_exit_code=None,
+                last_run_started_at=None,
+                last_run_finished_at=None,
+                autorunner_agent_override=current_state.autorunner_agent_override,
+                autorunner_model_override=current_state.autorunner_model_override,
+                autorunner_effort_override=current_state.autorunner_effort_override,
+                autorunner_approval_policy=current_state.autorunner_approval_policy,
+                autorunner_sandbox_mode=current_state.autorunner_sandbox_mode,
+                autorunner_workspace_write_network=current_state.autorunner_workspace_write_network,
+                runner_pid=None,
+                sessions=current_state.sessions,
+                repo_to_session=current_state.repo_to_session,
+            )
+            save_state(engine.state_path, initial_state)
+        if engine.log_path.exists():
+            engine.log_path.unlink()
+        return {"status": "ok", "message": "Runner reset complete"}
+
+    return router

codex_autorunner/surfaces/web/routes/review.py

@@ -0,0 +1,148 @@
+"""
+Review workflow routes.
+"""
+
+from pathlib import Path
+
+from fastapi import APIRouter, HTTPException, Query, Request
+from fastapi.responses import FileResponse
+
+from ..review import ReviewBusyError, ReviewError, ReviewService
+from ..schemas import (
+    ReviewControlResponse,
+    ReviewStartRequest,
+    ReviewStatusResponse,
+)
+
+
+def _review(request: Request) -> ReviewService:
+    """Get a ReviewService instance from request."""
+    manager = getattr(request.app.state, "review_manager", None)
+    if manager is None:
+        engine = request.app.state.engine
+        manager = ReviewService(
+            engine,
+            app_server_supervisor=getattr(
+                request.app.state, "app_server_supervisor", None
+            ),
+            opencode_supervisor=getattr(request.app.state, "opencode_supervisor", None),
+            logger=getattr(request.app.state, "logger", None),
+        )
+        request.app.state.review_manager = manager
+    return manager
+
+
+def build_review_routes() -> APIRouter:
+    """Build routes for review workflow."""
+    router = APIRouter()
+
+    @router.get("/api/review/status")
+    async def review_status(request: Request):
+        try:
+            service = _review(request)
+            status = service.status()
+            return ReviewStatusResponse(review=status)
+        except ReviewError as exc:
+            raise HTTPException(status_code=exc.status_code, detail=str(exc)) from exc
+        except Exception as exc:
+            raise HTTPException(status_code=500, detail=str(exc)) from exc
+
+    @router.post("/api/review/start")
+    async def review_start(request: Request, payload: ReviewStartRequest):
+        try:
+            service = _review(request)
+            state = service.start(payload=payload.model_dump(exclude_none=True))
+            return ReviewControlResponse(
+                status=state.get("status", "unknown"),
+                detail="Review started",
+            )
+        except ReviewBusyError as exc:
+            raise HTTPException(status_code=exc.status_code, detail=str(exc)) from exc
+        except ReviewError as exc:
+            raise HTTPException(status_code=exc.status_code, detail=str(exc)) from exc
+        except Exception as exc:
+            raise HTTPException(status_code=500, detail=str(exc)) from exc
+
+    @router.post("/api/review/stop")
+    async def review_stop(request: Request):
+        try:
+            service = _review(request)
+            state = service.stop()
+            return ReviewControlResponse(
+                status=state.get("status", "unknown"),
+                detail="Review stopped",
+            )
+        except ReviewError as exc:
+            raise HTTPException(status_code=exc.status_code, detail=str(exc)) from exc
+        except Exception as exc:
+            raise HTTPException(status_code=500, detail=str(exc)) from exc
+
+    @router.post("/api/review/reset")
+    async def review_reset(request: Request):
+        try:
+            service = _review(request)
+            state = service.reset()
+            return ReviewControlResponse(
+                status=state.get("status", "idle"),
+                detail="Review state reset",
+            )
+        except ReviewBusyError as exc:
+            raise HTTPException(status_code=exc.status_code, detail=str(exc)) from exc
+        except ReviewError as exc:
+            raise HTTPException(status_code=exc.status_code, detail=str(exc)) from exc
+        except Exception as exc:
+            raise HTTPException(status_code=500, detail=str(exc)) from exc
+
+    @router.get("/api/review/artifact")
+    async def review_artifact(
+        request: Request,
+        kind: str = Query(
+            ..., description="final_report|workflow_log|scratchpad_bundle"
+        ),
+    ):
+        try:
+            service = _review(request)
+            status = service.status()
+
+            mapping = {
+                "final_report": status.get("final_output_path"),
+                "workflow_log": status.get("run_dir"),
+                "scratchpad_bundle": status.get("scratchpad_bundle_path"),
+            }
+
+            raw_path = mapping.get(kind)
+            if not raw_path:
+                raise HTTPException(status_code=404, detail="Artifact not found")
+
+            target = Path(raw_path).expanduser().resolve()
+            allowed_root = request.app.state.engine.repo_root.resolve()
+
+            try:
+                target.relative_to(allowed_root)
+                if ".codex-autorunner" not in target.parts:
+                    raise HTTPException(status_code=403, detail="Access denied")
+            except ValueError:
+                raise HTTPException(status_code=403, detail="Access denied") from None
+
+            if not target.exists():
+                raise HTTPException(status_code=404, detail="Artifact not found")
+
+            if kind == "workflow_log" and target.is_dir():
+                target = target / "review.log"
+
+            media_type = "text/plain"
+            if target.suffix == ".md":
+                media_type = "text/markdown"
+            elif target.suffix == ".zip":
+                media_type = "application/zip"
+
+            return FileResponse(target, media_type=media_type, filename=target.name)
+
+        except ReviewError as exc:
+            raise HTTPException(status_code=exc.status_code, detail=str(exc)) from exc
+        except HTTPException:
+            raise
+        except Exception as exc:
+            raise HTTPException(status_code=500, detail=str(exc)) from exc
+
+    return router

codex_autorunner/surfaces/web/routes/sessions.py

@@ -0,0 +1,176 @@
+"""
+Terminal session registry routes.
+"""
+
+import logging
+import time
+from pathlib import Path
+
+from fastapi import APIRouter, HTTPException, Request
+
+from ....core.state import persist_session_registry
+from ..schemas import (
+    SessionsResponse,
+    SessionStopRequest,
+    SessionStopResponse,
+)
+
+logger = logging.getLogger("codex_autorunner.routes.sessions")
+
+
+def _relative_repo_path(repo_path: str, repo_root: Path) -> str:
+    path = Path(repo_path)
+    if not path.is_absolute():
+        return repo_path
+    try:
+        rel = path.resolve().relative_to(repo_root)
+        return rel.as_posix() or "."
+    except ValueError as exc:
+        logger.debug("Failed to resolve relative path: %s", exc)
+        return path.name
+
+
+def _relative_repo_key(repo_key: str, repo_root: Path) -> str:
+    """
+    Format repo_to_session keys for display in API responses.
+
+    Keys are either:
+    - `<repo_path>` for the default codex agent (backwards compatible)
+    - `<repo_path>:<agent>` for non-default agents (e.g. opencode)
+    """
+    if ":" not in repo_key:
+        return _relative_repo_path(repo_key, repo_root)
+    repo_path, agent = repo_key.split(":", 1)
+    rel = _relative_repo_path(repo_path, repo_root)
+    agent = agent.strip().lower()
+    if not agent or agent == "codex":
+        return rel
+    return f"{rel}:{agent}"
+
+
+def _allow_abs_paths(request: Request, include_abs_paths: bool) -> bool:
+    if not include_abs_paths:
+        return False
+    return bool(getattr(request.app.state, "auth_token", None))
+
+
+def _session_payload(
+    session_id: str,
+    record,
+    terminal_sessions: dict,
+    repo_root: Path,
+    include_abs_paths: bool,
+) -> dict:
+    active = terminal_sessions.get(session_id)
+    alive = bool(active and active.pty.isalive())
+    payload = {
+        "session_id": session_id,
+        "repo_path": _relative_repo_path(record.repo_path, repo_root),
+        "created_at": record.created_at,
+        "last_seen_at": record.last_seen_at,
+        "status": record.status,
+        "alive": alive,
+    }
+    if include_abs_paths:
+        payload["abs_repo_path"] = record.repo_path
+    return payload
+
+
+def build_sessions_routes() -> APIRouter:
+    router = APIRouter()
+
+    @router.get("/api/sessions", response_model=SessionsResponse)
+    def list_sessions(request: Request, include_abs_paths: bool = False):
+        terminal_sessions = request.app.state.terminal_sessions
+        session_registry = request.app.state.session_registry
+        repo_to_session = request.app.state.repo_to_session
+        repo_root = Path(request.app.state.engine.repo_root)
+        allow_abs = _allow_abs_paths(request, include_abs_paths)
+        sessions = [
+            _session_payload(
+                session_id, record, terminal_sessions, repo_root, allow_abs
+            )
+            for session_id, record in session_registry.items()
+        ]
+        repo_to_session_payload = {
+            _relative_repo_key(repo_key, repo_root): session_id
+            for repo_key, session_id in repo_to_session.items()
+        }
+        payload = {
+            "sessions": sessions,
+            "repo_to_session": repo_to_session_payload,
+        }
+        if allow_abs:
+            payload["abs_repo_to_session"] = dict(repo_to_session)
+        return {
+            **payload,
+        }
+
+    @router.post("/api/sessions/stop", response_model=SessionStopResponse)
+    async def stop_session(request: Request, payload: SessionStopRequest):
+        session_id = payload.session_id
+        repo_path = payload.repo_path
+        if not session_id and not repo_path:
+            raise HTTPException(
+                status_code=400, detail="Provide session_id or repo_path"
+            )
+
+        terminal_sessions = request.app.state.terminal_sessions
+        session_registry = request.app.state.session_registry
+        repo_to_session = request.app.state.repo_to_session
+        terminal_lock = request.app.state.terminal_lock
+        engine = request.app.state.engine
+
+        if repo_path and isinstance(repo_path, str):
+            repo_root = Path(request.app.state.engine.repo_root)
+            normalized_repo_path = repo_path.strip()
+            if normalized_repo_path:
+                raw_path = Path(normalized_repo_path)
+                try:
+                    # Reject absolute paths outright to prevent symlink traversal attacks
+                    if raw_path.is_absolute():
+                        raise ValueError("Absolute paths are not allowed")
+                    # Only process relative paths, join with repo_root and resolve
+                    resolved = (repo_root / raw_path).resolve()
+                    # Verify the resolved path is still under repo_root
+                    resolved.relative_to(repo_root)
+                except (OSError, RuntimeError, ValueError):
+                    # On any resolution or containment failure, treat as invalid
+                    normalized_repo_path = ""
+                else:
+                    normalized_repo_path = str(resolved)
+            candidates: list[str] = []
+            if normalized_repo_path:
+                candidates.extend(
+                    [normalized_repo_path, f"{normalized_repo_path}:opencode"]
+                )
+            for key in candidates:
+                mapped = repo_to_session.get(key)
+                if mapped:
+                    session_id = mapped
+                    break
+        if not isinstance(session_id, str) or not session_id:
+            raise HTTPException(status_code=404, detail="Session not found")
+        if session_id not in session_registry and session_id not in terminal_sessions:
+            raise HTTPException(status_code=404, detail="Session not found")
+
+        async with terminal_lock:
+            session = terminal_sessions.get(session_id)
+            if session:
+                session.close()
+                await session.wait_closed()
+                terminal_sessions.pop(session_id, None)
+            session_registry.pop(session_id, None)
+            repo_to_session = {
+                repo: sid for repo, sid in repo_to_session.items() if sid != session_id
+            }
+            request.app.state.repo_to_session = repo_to_session
+            persist_session_registry(
+                engine.state_path, session_registry, repo_to_session
+            )
+            request.app.state.session_state_last_write = time.time()
+            request.app.state.session_state_dirty = False
+
+        return {"status": "stopped", "session_id": session_id}
+
+    return router

codex_autorunner/surfaces/web/routes/settings.py

@@ -0,0 +1,169 @@
+"""
+Session settings routes for autorunner overrides.
+"""
+
+from typing import Optional
+
+from fastapi import APIRouter, HTTPException, Request
+
+from ....core.state import RunnerState, load_state, save_state, state_lock
+from ..schemas import SessionSettingsRequest, SessionSettingsResponse
+
+ALLOWED_APPROVAL_POLICIES = {"never", "unlessTrusted"}
+ALLOWED_SANDBOX_MODES = {"dangerFullAccess", "workspaceWrite"}
+
+
+def _normalize_optional_string(value: object, field: str) -> Optional[str]:
+    if value is None:
+        return None
+    if not isinstance(value, str):
+        raise HTTPException(status_code=400, detail=f"{field} must be a string")
+    cleaned = value.strip()
+    return cleaned or None
+
+
+def build_settings_routes() -> APIRouter:
+    router = APIRouter()
+
+    @router.get("/api/session/settings", response_model=SessionSettingsResponse)
+    def get_session_settings(request: Request):
+        state = load_state(request.app.state.engine.state_path)
+        return {
+            "autorunner_model_override": state.autorunner_model_override,
+            "autorunner_effort_override": state.autorunner_effort_override,
+            "autorunner_approval_policy": state.autorunner_approval_policy,
+            "autorunner_sandbox_mode": state.autorunner_sandbox_mode,
+            "autorunner_workspace_write_network": state.autorunner_workspace_write_network,
+            "runner_stop_after_runs": state.runner_stop_after_runs,
+        }
+
+    @router.post("/api/session/settings", response_model=SessionSettingsResponse)
+    def update_session_settings(request: Request, payload: SessionSettingsRequest):
+        updates = payload.model_dump(exclude_unset=True)
+        engine = request.app.state.engine
+        manager = request.app.state.manager
+        registry = request.app.state.app_server_threads
+        with state_lock(engine.state_path):
+            state = load_state(engine.state_path)
+            model_override = (
+                _normalize_optional_string(
+                    updates.get("autorunner_model_override"),
+                    "autorunner_model_override",
+                )
+                if "autorunner_model_override" in updates
+                else state.autorunner_model_override
+            )
+            effort_override = (
+                _normalize_optional_string(
+                    updates.get("autorunner_effort_override"),
+                    "autorunner_effort_override",
+                )
+                if "autorunner_effort_override" in updates
+                else state.autorunner_effort_override
+            )
+            approval_policy = (
+                _normalize_optional_string(
+                    updates.get("autorunner_approval_policy"),
+                    "autorunner_approval_policy",
+                )
+                if "autorunner_approval_policy" in updates
+                else state.autorunner_approval_policy
+            )
+            if approval_policy and approval_policy not in ALLOWED_APPROVAL_POLICIES:
+                raise HTTPException(
+                    status_code=400,
+                    detail="approval policy must be never or unlessTrusted",
+                )
+            sandbox_mode = (
+                _normalize_optional_string(
+                    updates.get("autorunner_sandbox_mode"),
+                    "autorunner_sandbox_mode",
+                )
+                if "autorunner_sandbox_mode" in updates
+                else state.autorunner_sandbox_mode
+            )
+            if sandbox_mode and sandbox_mode not in ALLOWED_SANDBOX_MODES:
+                raise HTTPException(
+                    status_code=400,
+                    detail="sandbox mode must be dangerFullAccess or workspaceWrite",
+                )
+            workspace_write_network = (
+                updates.get("autorunner_workspace_write_network")
+                if "autorunner_workspace_write_network" in updates
+                else state.autorunner_workspace_write_network
+            )
+            if (
+                "autorunner_workspace_write_network" in updates
+                and workspace_write_network is not None
+                and not isinstance(workspace_write_network, bool)
+            ):
+                raise HTTPException(
+                    status_code=400,
+                    detail="autorunner_workspace_write_network must be a boolean",
+                )
+            runner_stop_after_runs = (
+                updates.get("runner_stop_after_runs")
+                if "runner_stop_after_runs" in updates
+                else state.runner_stop_after_runs
+            )
+            if (
+                "runner_stop_after_runs" in updates
+                and runner_stop_after_runs is not None
+                and (
+                    not isinstance(runner_stop_after_runs, int)
+                    or isinstance(runner_stop_after_runs, bool)
+                    or runner_stop_after_runs <= 0
+                )
+            ):
+                raise HTTPException(
+                    status_code=400,
+                    detail="runner_stop_after_runs must be a positive integer",
+                )
+
+            thread_reset_required = any(
+                (
+                    model_override != state.autorunner_model_override,
+                    effort_override != state.autorunner_effort_override,
+                    approval_policy != state.autorunner_approval_policy,
+                    sandbox_mode != state.autorunner_sandbox_mode,
+                    workspace_write_network != state.autorunner_workspace_write_network,
+                    runner_stop_after_runs != state.runner_stop_after_runs,
+                )
+            )
+            if thread_reset_required and manager.running:
+                raise HTTPException(
+                    status_code=409,
+                    detail="Cannot change autorunner settings while a run is active",
+                )
+
+            new_state = RunnerState(
+                last_run_id=state.last_run_id,
+                status=state.status,
+                last_exit_code=state.last_exit_code,
+                last_run_started_at=state.last_run_started_at,
+                last_run_finished_at=state.last_run_finished_at,
+                autorunner_agent_override=state.autorunner_agent_override,
+                autorunner_model_override=model_override,
+                autorunner_effort_override=effort_override,
+                autorunner_approval_policy=approval_policy,
+                autorunner_sandbox_mode=sandbox_mode,
+                autorunner_workspace_write_network=workspace_write_network,
+                runner_stop_after_runs=runner_stop_after_runs,
+                runner_pid=state.runner_pid,
+                sessions=state.sessions,
+                repo_to_session=state.repo_to_session,
+            )
+            save_state(engine.state_path, new_state)
+            if thread_reset_required:
+                registry.reset_thread("autorunner")
+
+        return {
+            "autorunner_model_override": model_override,
+            "autorunner_effort_override": effort_override,
+            "autorunner_approval_policy": approval_policy,
+            "autorunner_sandbox_mode": sandbox_mode,
+            "autorunner_workspace_write_network": workspace_write_network,
+            "runner_stop_after_runs": runner_stop_after_runs,
+        }
+
+    return router