Commit Graph
76 Commits
Author SHA1 Message Date
Gabriel Brown ea56b29453 refactor(web): extract reusable XtermSession from WorkspaceTerminal 2026-07-11 12:43:08 -04:00
Gabriel Brown 27019dc1d3 feat(web): /api/box status, lifecycle, tree, file, terminal-token routes 2026-07-11 12:36:56 -04:00
Gabriel Brown 11e93ade5f feat(web): box terminal token mint + ownership proxy helpers 2026-07-11 12:32:10 -04:00
Gabriel Brown 2c6a605646 feat(worker): user-scoped /box/terminal websocket bridge
Add a USER-scoped `/box/terminal` WebSocket that acquires the user's box
and opens a login shell rooted at `~`. Extract the shared real-TTY PTY
bridging (buffered input, dockerode exec/start, resize, forward, cleanup)
out of the job `bridge()` into `runShellBridge`, parameterized by how the
box is acquired, the working directory, and the env; `bridge()` and the
new `bridgeBox()` both call it so the job path is unchanged.

The `/box/terminal` upgrade reads the username FROM the token
(`parseBoxTokenUsername`, part[2] of the 4-part token), then verifies the
whole token with `verifyBoxTerminalToken`; on success `bridgeBox` derives
`boxHomePaths(username)`, seeds a minimal `.bash_profile` via a shared
`ensureBashProfile` (extracted from `materializeUserHome`), acquires the
box, and opens the shell at `containerHome` with `TERM`+`HOME` only (no
per-job secrets). Cleanup releases the box handle.

Manual verification (dockerode PTY I/O is daemon-dependent):
- `bun run test:unit` 105 passed (incl. new `parseBoxTokenUsername` tests),
  `bun run typecheck` clean.
- Raw upgrade against a live server: valid box token -> `101 Switching
  Protocols`; bad token -> refused (no upgrade). Job `/jobs/:id/terminal`
  branch unchanged.
- `bridgeBox` path exercised: `acquireUserBox` created `spoon-box-<user>`
  and `ensureBashProfile` seeded `~/.bash_profile`. Interactive typing/
  resize could not be observed on this host because dockerode cannot reach
  the podman API socket (same mechanism the job terminal uses, so no
  regression) — full browser flow is covered by later tasks.

Claude-Session: https://claude.ai/code/session_01ScyZ1NhfN84LAnHpwhfEQk
2026-07-11 12:25:32 -04:00
Gabriel Brown 192f547be5 feat(worker): /box status, lifecycle, tree, and file HTTP routes
Wire the box helpers into the worker HTTP server as /box/* routes,
authed by the internal bearer token like every other worker route.
Adds a boxRoute matcher (/^\/box\/(status|lifecycle|tree|file)$/) and
dispatches before jobRoute; missing user -> 400, unknown lifecycle
action -> 400, containment throws -> 400 (server keeps serving).

Manual verification (harness on :3922, internal token, user gabriel):
  GET  /box/status?user=gabriel        -> 200 {"status":{...running:false...}}
  GET  /box/status  (no user)          -> 400 {"error":"Missing user"}
  (no Authorization header)            -> 401
  POST /box/lifecycle {"action":"bogus"} -> 400 {"error":"Unknown action"}
  GET  /box/tree?user=gabriel          -> 200 {"tree":{"name":"~",...}}
  PUT  /box/file {"path":"spoon-test.txt","content":"hi from task4"} -> 200 {"success":true}
  GET  /box/file?path=spoon-test.txt   -> 200 {"path":...,"content":"hi from task4"}
  GET  /box/file?path=../../../../../etc/passwd -> 400 {"error":"Refusing to access path outside home: ..."}
  GET  /box/status after escape        -> 200 (no crash)
  GET  /box/other?user=gabriel         -> 404 {"error":"Not found"}
2026-07-11 12:13:50 -04:00
Gabriel Brown bf0276b1f3 feat(worker): home-scoped box file tree/read/write with realpath containment 2026-07-11 12:05:04 -04:00
Gabriel Brown 6439e5200b feat(worker): per-user box status and lifecycle helpers
Centralize per-user box home-path derivation, status inspection, and
lifecycle (start/stop/restart) in a new box.ts so the HTTP routes and the
terminal WS bridge share one source of truth. Add inspectUserBoxStatus to
docker.ts (single `inspect --format` call, all-null/false on non-zero exit)
and resetBox to user-container.ts (clears the idle timer and drops the
registry entry so a stopped box isn't treated as held).

Manual verification (docker required, after Task 4 wires the routes): with
the worker running and a box up,
`curl -H "Authorization: Bearer $TOKEN" localhost:3921/box/status?user=<you>`
shows running:true + image + startedAt; `POST /box/lifecycle {"action":"stop"}`
flips status to running:false; `start` brings it back.
2026-07-11 11:57:57 -04:00
Gabriel Brown d4303e652e feat(worker): user-scoped box terminal token verification 2026-07-11 11:52:26 -04:00
Gabriel Brown 432e3b501e fix(worker): don't double-append streamed answer when completed event carries content 2026-07-11 11:47:11 -04:00
Gabriel Brown 2311679802 fix(worker): chmod materialized env file to 0600 even when it pre-exists 2026-07-11 11:36:03 -04:00
Gabriel Brown 58c815a7a7 fix(worker): materialize env files 0600, re-materialize per run, delete on stop 2026-07-11 11:36:03 -04:00
Gabriel Brown 424307c5af build(agent-job): pin Claude Code CLI; smoke one turn per runtime
Add @anthropic-ai/claude-code@2.1.207 to the job image global npm install,
extend the smoke script with claude --version plus a documented per-runtime
turn block, and reconcile OpenCode/Claude adapter flags against the real CLIs
(all assumed flags confirmed). Document the anthropic_oauth_json credential
snapshot pattern in the README.
2026-07-11 11:25:44 -04:00
Gabriel Brown 702e53a4ba feat(web): per-thread/per-spoon runtime picker and Anthropic OAuth provider profile 2026-07-11 11:20:33 -04:00
Gabriel Brown 0716a224ef fix(worker): codex prepareAuth skips auth.json for api_key profiles 2026-07-11 11:00:08 -04:00
Gabriel Brown c0f107c4cf feat(backend): queue-time runtime/profile validation; job.runtime authoritative in worker 2026-07-11 10:58:05 -04:00
Gabriel Brown 76886621b5 feat(worker): ClaudeCodeAdapter runs claude -p stream-json in the per-user box 2026-07-11 10:35:56 -04:00
Gabriel Brown c9ee2e6cde refactor(worker): delete per-job OpenCode container path, host_port split, and dead docker helpers
Claude-Session: https://claude.ai/code/session_01ScyZ1NhfN84LAnHpwhfEQk
2026-07-11 10:26:58 -04:00
Gabriel Brown ff0425cf4b feat(worker): OpenCodeAdapter runs opencode in the per-user box (no side container) 2026-07-11 10:07:58 -04:00
Gabriel Brown 949a036d13 fix(worker): surface nonzero-exit agent turns as failed even when text streamed 2026-07-11 10:07:14 -04:00
Gabriel Brown e5bba720b4 refactor(worker): move Codex turn logic into CodexAdapter behind AgentRuntime 2026-07-11 02:53:26 -04:00
Gabriel Brown c1e816741d fix(worker): marked-command survives tail-exec; kill script excludes itself 2026-07-10 18:53:00 -04:00
Gabriel Brown bab87cc2d0 feat(worker): in-box process-group marker + kill helpers for agent turns 2026-07-10 18:53:00 -04:00
Gabriel Brown 38431155b2 refactor(worker): extract AgentRuntime interface, shared provider helpers, and adapter registry 2026-07-10 18:28:41 -04:00
Gabriel Brown ac68484059 fix(worker): make cancellation teardown failure-safe 2026-07-10 18:04:40 -04:00
Gabriel Brown 470af043fa fix(agent-jobs): add heartbeat cancel and stale recovery 2026-07-10 18:03:45 -04:00
Gabriel Brown 8af33fc9e0 fix(worker): always release stopped workspaces 2026-07-10 17:35:33 -04:00
Gabriel Brown 00f96a126e fix(agent-jobs): close maintenance jobs after decision 2026-07-10 17:35:33 -04:00
Gabriel Brown 926008fd3a fix(workspace): skip queries for missing jobs 2026-07-10 17:24:32 -04:00
Gabriel Brown 2beeeb1732 fix(app): handle nullable detail consumers 2026-07-10 17:24:32 -04:00
Gabriel Brown ed21126eea fix(app): add friendly not-found handling 2026-07-10 17:24:32 -04:00
Gabriel Brown c4d0f5219a fix(terminal): use real TTY exec and resize 2026-07-10 17:21:52 -04:00
Gabriel Brown 57c175aecd fix(worker): contain workspace paths against symlinks 2026-07-10 17:11:00 -04:00
Gabriel Brown d4a3856083 fix(workspace): key shell by job 2026-07-10 17:06:33 -04:00
Gabriel Brown feb3723753 fix(terminal): preserve animation-frame first fit 2026-07-10 17:06:33 -04:00
Gabriel Brown 75d06394ce fix(terminal): refit after fonts load 2026-07-10 17:06:33 -04:00
Gabriel Brown 0b5a2c0411 fix(worker): ensure reconciled boxes before acquire 2026-07-10 17:04:41 -04:00
Gabriel Brown 284f7ea52b fix(worker): serialize box failure and idle reaping 2026-07-10 17:00:22 -04:00
Gabriel Brown 9e7a8722f3 fix(worker): make user-box lifecycle concurrency-safe 2026-07-10 16:54:55 -04:00
Gabriel Brown daec4d6dfa fix(worker): make workspace cleanup layout-aware 2026-07-10 15:55:11 -04:00
Gabriel Brown b09295570d Fix terminal issue
Build and Push Spoon Images / quality (push) Successful in 1m40s
Build and Push Spoon Images / build-images (push) Successful in 3m53s
2026-06-25 00:30:11 -04:00
Gabriel Brown 3f1fee4e44 Fix some issues with local dev
Build and Push Spoon Images / quality (push) Successful in 1m32s
Build and Push Spoon Images / build-images (push) Successful in 6m33s
2026-06-24 22:40:26 -04:00
Gabriel Brown 573246ce98 Fix pipeline
Build and Push Spoon Images / quality (push) Successful in 1m34s
Build and Push Spoon Images / build-images (push) Successful in 7m44s
2026-06-24 21:49:13 -04:00
Gabriel Brown c6b27063a4 Phase 2: single per-user box container for every thread
Every thread (agent turns + terminal + project commands) now execs into one
persistent per-user container (spoon-box-{username}) instead of ephemeral
docker run --rm — so the agent and terminal share the exact same running
environment, filesystem, and in-session installs.

- docker.ts: ensureUserContainer (persistent box) + streamExecInContainer/
  runExecInContainer (docker exec, streaming) sharing a factored streamSubprocess
- user-container.ts: reference-counted box lifecycle (held while any thread
  workspace is active or a terminal is connected; idle-reaped after
  SPOON_AGENT_BOX_IDLE_MS, default 30m)
- worker.ts: runClaim acquires the box; codex turn + runProjectCommand exec into
  it; release on stop/PR/failure
- terminal.ts: execs into the shared box (dockerode TTY) instead of a per-job
  container; materializeUserHome runs the dotfiles setup in the box
- Verified: agent + terminal run in the same box, share fs, dotfiles + tmux load
2026-06-24 10:30:40 -04:00
Gabriel Brown c103430c7d Self-host VictorMono Nerd Font icons for the terminal + editor
- Add Symbols-Only Nerd Font Mono (woff2) under public/fonts; @font-face scoped
  by unicode-range to the Nerd Font glyph ranges, so the ~1.1MB file only loads
  when an icon actually renders (latin text stays on Victor Mono)
- Terminal + editor font stacks fall back to it for icons; terminal prewarms it
  and repaints so powerline/oh-my-posh/eza/nvim icons show
- No server/env changes; ships in the spoon-next image (public/)
2026-06-24 10:17:25 -04:00
Gabriel Brown 2cd03b6a83 Settings: Dotfiles file-browser workspace
- New Settings → Dotfiles section: a mini-workspace rooted at home/{firstName}
  reusing FileTree + the Monaco CodeEditor
- Drag-and-drop files/folders (FileSystem entries API) or upload a folder
  (webkitdirectory) / files; edit in-place; new file; delete
- Files stored relative to HOME via the encrypted userDotfiles API
- Repo & setup panel (public repo URL + ref + setup script path) writing
  userEnvironment; secrets nudge toward the Secrets feature
2026-06-24 09:57:11 -04:00
Gabriel Brown 4c0de2cbf3 Worker: persistent per-user home + dotfiles materialization
- Each job/terminal now mounts a persistent per-user home (${workdir}/homes/
  {username}) at /home/{username}; the thread checkout lives at
  ~/Code/{spoon}/{branch} so every thread shows up as a folder in one home and
  dotfiles/tools/nvim plugins persist across sessions
- docker.ts helpers + git.ts cloneRepository take container home/cwd + dir name
  (backward-compatible defaults); codex/opencode/terminal use the per-user paths
- new user-environment.ts: fetchUserEnvironment (worker-token Convex action) +
  materializeUserHome — ensures ~/.bash_profile, applies the editable overlay
  files, and (hashed/idempotent) clones the public dotfiles repo + runs the
  setup command inside the job image
- stopWorkspace no longer deletes the home; only the container stops
- Verified: codex runs a real turn under the new /home/{user} + ~/Code layout;
  overlay .bashrc loads in the interactive shell
2026-06-24 09:51:39 -04:00
Gabriel Brown 65aae85369 Update formatting on worker
Build and Push Spoon Images / quality (push) Successful in 1m27s
Build and Push Spoon Images / build-images (push) Successful in 7m13s
2026-06-24 08:40:52 -04:00
Gabriel Brown fd48dcfc28 Not sure what this change is but hey 2026-06-24 08:38:23 -04:00
Gabriel Brown 15407e7e9c Workspace Terminal tab: xterm front end + short-lived token route
- New Terminal tab in the workspace shell, backed by xterm.js, that connects
  to the worker's PTY WebSocket using a short-lived token minted by
  /api/agent-jobs/:id/terminal-token (owner-auth'd, never exposes the worker
  secret to the browser)
- Site-matched xterm theme (light/dark, live theme switching), Victor Mono,
  binary stdin + JSON resize protocol, reconnect, graceful 'not configured'
  state when NEXT_PUBLIC_SPOON_AGENT_WORKER_WS_URL is unset
- env: NEXT_PUBLIC_SPOON_AGENT_WORKER_WS_URL (client), SPOON_AGENT_TERMINAL_SECRET
2026-06-24 08:23:58 -04:00
Gabriel Brown c1263b2e69 Worker: interactive terminal WebSocket bridge (PTY in workspace container)
- attachTerminalServer() upgrades /jobs/:id/terminal WS connections, verifying a
  short-lived job-scoped HMAC token (verifyTerminalToken) so the browser never
  holds the worker secret
- Bridges the socket to a bash PTY via dockerode exec (Tty) in a persistent
  per-job shell container (spoon-agent-term-<id>) mounting the workspace; binary
  frames = stdin, JSON text frames = resize; idle containers reaped after 30m
- New env: SPOON_AGENT_TERMINAL_IMAGE/SECRET/IDLE_MS (secret falls back to the
  shared worker internal token)
2026-06-24 08:16:39 -04:00