diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 19d97fd..1018181 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,6 +5,9 @@ on: branches: [main] pull_request: +permissions: + contents: read + jobs: test: runs-on: ubuntu-latest diff --git a/bin/claudebox b/bin/claudebox new file mode 100755 index 0000000..0a250be --- /dev/null +++ b/bin/claudebox @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +# ClaudeBox launcher — runs the server with auto-update restart loop. +# +# Usage: +# claudebox [--http-only] [--no-auto-update] [--profiles=X,Y] [...] +# +# The server exits with code 75 when auto-update pulls new code. +# This script restarts it automatically. + +set -euo pipefail + +# Resolve the repo directory (this script lives in /bin/) +SCRIPT_DIR="$(cd "$(dirname "$(readlink -f "$0" 2>/dev/null || realpath "$0" 2>/dev/null || echo "$0")")" && pwd)" +REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" + +# Source env file if it exists (secrets, config) +ENV_FILE="$HOME/.claudebox/env" +if [ -f "$ENV_FILE" ]; then + set -a + source "$ENV_FILE" + set +a +fi + +# Default to auto-update unless explicitly disabled +AUTO_UPDATE="--auto-update" +ARGS=() +for arg in "$@"; do + if [ "$arg" = "--no-auto-update" ]; then + AUTO_UPDATE="" + else + ARGS+=("$arg") + fi +done + +cd "$REPO_DIR" + +while true; do + echo "─── claudebox starting ($(git rev-parse --short HEAD 2>/dev/null || echo '?')) ───" + set +e + node --experimental-strip-types --no-warnings server.ts $AUTO_UPDATE "${ARGS[@]}" + EXIT_CODE=$? + set -e + + if [ "$EXIT_CODE" = "75" ]; then + echo "─── auto-update: restarting ───" + sleep 1 + continue + fi + + echo "─── claudebox exited ($EXIT_CODE) ───" + exit $EXIT_CODE +done diff --git a/bin/refresh-oauth.sh b/bin/refresh-oauth.sh new file mode 100755 index 0000000..5898335 --- /dev/null +++ b/bin/refresh-oauth.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +# Refresh OAuth token by briefly launching claude in a PTY +# script -c allocates a pseudo-TTY so claude thinks it's interactive + +export HOME=/mnt/user-data/claude +export PATH="$HOME/.local/bin:$PATH" + +script -qec "claude" /dev/null & +PID=$! +sleep 10 +kill $PID 2>/dev/null +wait $PID 2>/dev/null +echo "[$(date -Is)] OAuth token refreshed (pid=$PID)" diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..7d312d5 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash +# Bootstrap ClaudeBox — install dependencies. +# Called by install.sh and by auto-update after pulling new code. +set -euo pipefail + +cd "$(dirname "$0")" + +# Install/update npm deps (skip if node_modules is fresh) +if [ package.json -nt node_modules/.package-lock.json ] 2>/dev/null || [ ! -d node_modules ]; then + echo "[bootstrap] npm install..." + npm install --no-audit --no-fund --prefer-offline 2>&1 | tail -3 +else + echo "[bootstrap] Dependencies up to date." +fi diff --git a/cli.ts b/cli.ts index df65e62..ab2ca08 100644 --- a/cli.ts +++ b/cli.ts @@ -1716,6 +1716,193 @@ async function streamLogs(server: { url: string; user: string; password: string } } +// ── Creds command ──────────────────────────────────────────────── + +const CREDS_DIR = join(homedir(), ".claudebox", "credentials"); +const CLAUDE_DIR = join(homedir(), ".claude"); +const CLAUDE_CREDS = join(CLAUDE_DIR, ".credentials.json"); + +function credsSlots(): { name: string; path: string }[] { + if (!existsSync(CREDS_DIR)) return []; + return readdirSync(CREDS_DIR) + .filter(d => existsSync(join(CREDS_DIR, d, ".credentials.json"))) + .sort() + .map(name => ({ name, path: join(CREDS_DIR, name) })); +} + +function readCredsMeta(credPath: string): { email: string; expires: string; expired: boolean } { + try { + const creds = JSON.parse(readFileSync(join(credPath, ".credentials.json"), "utf-8")); + const oauth = creds.claudeAiOauth || {}; + const expiresAt = oauth.expiresAt || 0; + const expired = expiresAt < Date.now(); + const expiresDate = expiresAt ? new Date(expiresAt).toISOString().replace("T", " ").slice(0, 19) : "unknown"; + + // Try to read email from .claude.json in the slot + let email = ""; + const claudeJson = join(credPath, ".claude.json"); + if (existsSync(claudeJson)) { + try { + const cfg = JSON.parse(readFileSync(claudeJson, "utf-8")); + email = cfg.oauthAccount?.emailAddress || ""; + } catch {} + } + // Fallback: check the token prefix for differentiation + if (!email) { + const token = (oauth.accessToken || "").slice(0, 25); + email = token ? `token:${token}...` : "unknown"; + } + return { email, expires: expiresDate, expired }; + } catch { + return { email: "error", expires: "error", expired: true }; + } +} + +function activeSlotName(): string | null { + if (!existsSync(CLAUDE_CREDS)) return null; + try { + const activeCreds = readFileSync(CLAUDE_CREDS, "utf-8"); + const activeToken = JSON.parse(activeCreds).claudeAiOauth?.refreshToken || ""; + if (!activeToken) return null; + for (const slot of credsSlots()) { + try { + const slotCreds = JSON.parse(readFileSync(join(slot.path, ".credentials.json"), "utf-8")); + if ((slotCreds.claudeAiOauth?.refreshToken || "") === activeToken) return slot.name; + } catch {} + } + } catch {} + return null; +} + +async function credsCommand(args: string[]): Promise { + const sub = args[0]; + + if (sub === "list" || sub === "ls" || !sub) { + const slots = credsSlots(); + if (!slots.length) { + console.log(`No credential slots found.\n\nSet up slots:\n mkdir -p ${CREDS_DIR}/account-1\n cp ~/.claude/.credentials.json ${CREDS_DIR}/account-1/`); + return; + } + const active = activeSlotName(); + const pad = Math.max(...slots.map(s => s.name.length), 4); + + console.log(`\n ${"SLOT".padEnd(pad)} ${"IDENTITY".padEnd(30)} ${"EXPIRES".padEnd(19)} STATUS`); + console.log(` ${"─".repeat(pad)} ${"─".repeat(30)} ${"─".repeat(19)} ──────`); + for (const slot of slots) { + const meta = readCredsMeta(slot.path); + const isActive = slot.name === active; + const marker = isActive ? "● " : " "; + const statusParts: string[] = []; + if (isActive) statusParts.push("\x1b[32mactive\x1b[0m"); + if (meta.expired) statusParts.push("\x1b[31mexpired\x1b[0m"); + else statusParts.push("\x1b[32mvalid\x1b[0m"); + console.log(`${marker}${slot.name.padEnd(pad)} ${meta.email.padEnd(30)} ${meta.expires} ${statusParts.join(" ")}`); + } + console.log(); + return; + } + + if (sub === "use" || sub === "promote") { + const slotName = args[1]; + if (!slotName) { console.error("Usage: claudebox creds use "); process.exit(1); } + + const slot = credsSlots().find(s => s.name === slotName); + if (!slot) { console.error(`Slot "${slotName}" not found. Run: claudebox creds list`); process.exit(1); } + + const srcCreds = join(slot.path, ".credentials.json"); + if (!existsSync(srcCreds)) { console.error(`No .credentials.json in slot "${slotName}"`); process.exit(1); } + + // Back up current credentials to a slot if not already tracked + const active = activeSlotName(); + if (active && active !== slotName) { + // Current creds are already in a slot, just switch + console.log(` Deactivating: ${active}`); + } else if (!active && existsSync(CLAUDE_CREDS)) { + // Current creds aren't in any slot — save them + const backupName = `backup-${Date.now()}`; + const backupDir = join(CREDS_DIR, backupName); + mkdirSync(backupDir, { recursive: true }); + writeFileSync(join(backupDir, ".credentials.json"), readFileSync(CLAUDE_CREDS)); + chmodSync(join(backupDir, ".credentials.json"), 0o600); + console.log(` Backed up current credentials → ${backupName}`); + } + + // Copy slot credentials to active location + writeFileSync(CLAUDE_CREDS, readFileSync(srcCreds)); + chmodSync(CLAUDE_CREDS, 0o600); + + // Also copy .claude.json if the slot has one + const srcClaudeJson = join(slot.path, ".claude.json"); + const dstClaudeJson = join(homedir(), ".claude.json"); + if (existsSync(srcClaudeJson)) { + writeFileSync(dstClaudeJson, readFileSync(srcClaudeJson)); + chmodSync(dstClaudeJson, 0o600); + } + + const meta = readCredsMeta(slot.path); + console.log(` ● Activated: ${slotName} (${meta.email})`); + if (meta.expired) console.log(` ⚠ Token is expired — Claude will refresh on next use`); + console.log(); + return; + } + + if (sub === "save") { + const slotName = args[1]; + if (!slotName) { console.error("Usage: claudebox creds save "); process.exit(1); } + if (!/^[a-z0-9][a-z0-9._-]*$/i.test(slotName)) { console.error("Invalid slot name (use alphanumeric, hyphens, dots)"); process.exit(1); } + + const slotDir = join(CREDS_DIR, slotName); + mkdirSync(slotDir, { recursive: true }); + + if (!existsSync(CLAUDE_CREDS)) { console.error("No active credentials to save"); process.exit(1); } + + writeFileSync(join(slotDir, ".credentials.json"), readFileSync(CLAUDE_CREDS)); + chmodSync(join(slotDir, ".credentials.json"), 0o600); + + // Also save .claude.json for the account identity + const claudeJson = join(homedir(), ".claude.json"); + if (existsSync(claudeJson)) { + writeFileSync(join(slotDir, ".claude.json"), readFileSync(claudeJson)); + chmodSync(join(slotDir, ".claude.json"), 0o600); + } + + const meta = readCredsMeta(slotDir); + console.log(` Saved current credentials → ${slotName}`); + console.log(); + return; + } + + if (sub === "rm" || sub === "remove") { + const slotName = args[1]; + if (!slotName) { console.error("Usage: claudebox creds rm "); process.exit(1); } + + const slot = credsSlots().find(s => s.name === slotName); + if (!slot) { console.error(`Slot "${slotName}" not found`); process.exit(1); } + + const active = activeSlotName(); + if (active === slotName) { console.error(`Cannot remove active slot. Switch first: claudebox creds use `); process.exit(1); } + + const { rmSync } = await import("fs"); + rmSync(slot.path, { recursive: true }); + console.log(` Removed slot: ${slotName}`); + console.log(); + return; + } + + console.log(`claudebox creds — manage Claude OAuth credentials + +Usage: + claudebox creds List all credential slots + claudebox creds list List all credential slots + claudebox creds use Activate a credential slot + claudebox creds save Save current credentials to a slot + claudebox creds rm Remove a credential slot + +Slots are stored in: ${CREDS_DIR}/ +Each slot is a directory containing .credentials.json (and optionally .claude.json). +`); +} + // ── Main ──────────────────────────────────────────────────────── const [command, ...args] = process.argv.slice(2); @@ -1774,6 +1961,10 @@ switch (command) { case "register": registerCommand(args).catch(e => { console.error(e.message); process.exit(1); }); break; + case "creds": + case "credentials": + credsCommand(args).catch(e => { console.error(e.message); process.exit(1); }); + break; default: console.log(`ClaudeBox CLI @@ -1795,6 +1986,7 @@ Usage: claudebox register --user-id --server-url Register for DM routing claudebox status Health check / local summary claudebox profiles List available profiles + claudebox creds [list|use|save|rm] Manage OAuth credentials claudebox config [value] Get/set config Sessions are identified by name (session/) or worktree ID. diff --git a/container-entrypoint.sh b/container-entrypoint.sh index e068e63..473076f 100755 --- a/container-entrypoint.sh +++ b/container-entrypoint.sh @@ -40,9 +40,10 @@ cat > /tmp/mcp.json < /workspace/.claude/CLAUDE.md < ~/.claude/claudebox/repo +# cd ~/.claude/claudebox/repo +# ./install.sh +# +# What this does: +# 1. Runs bootstrap.sh (npm install) +# 2. Creates data directories +# 3. Symlinks bin/claudebox → ~/.local/bin/claudebox +# 4. Optionally sets up systemd user service +# +# After install: +# claudebox # start server (auto-updates from origin/next) +# claudebox --http-only # no Slack +# claudebox --no-auto-update # disable git pull loop + +set -euo pipefail + +REPO_DIR="$(cd "$(dirname "$0")" && pwd)" +BIN_DIR="$HOME/.local/bin" +DATA_DIR="$HOME/.claudebox" +ENV_FILE="$DATA_DIR/env" + +echo "ClaudeBox installer" +echo " Repo: $REPO_DIR" +echo "" + +# 1. Bootstrap +echo "[1/4] Installing dependencies..." +"$REPO_DIR/bootstrap.sh" + +# 2. Create data directories +echo "[2/4] Creating data directories..." +mkdir -p "$DATA_DIR/sessions" "$DATA_DIR/worktrees" "$DATA_DIR/stats" + +# 3. Symlink bin +echo "[3/4] Linking claudebox to $BIN_DIR..." +mkdir -p "$BIN_DIR" +ln -sf "$REPO_DIR/bin/claudebox" "$BIN_DIR/claudebox" + +# Check PATH +if ! echo "$PATH" | tr ':' '\n' | grep -qx "$BIN_DIR"; then + echo "" + echo " ⚠ $BIN_DIR is not in your PATH. Add to your shell profile:" + echo " export PATH=\"$BIN_DIR:\$PATH\"" + echo "" +fi + +# 4. Env file +if [ ! -f "$ENV_FILE" ]; then + echo "[4/4] Creating env file..." + cat > "$ENV_FILE" << 'EOF' +# ClaudeBox environment — sourced by systemd service. +# Required: +CLAUDEBOX_SESSION_PASS= +CLAUDEBOX_API_SECRET= +GH_TOKEN= + +# Slack (not needed with --http-only): +SLACK_BOT_TOKEN= +SLACK_APP_TOKEN= + +# Optional: +# CLAUDEBOX_PORT=3000 +# CLAUDEBOX_HOST=claudebox.work +# CLAUDEBOX_DOCKER_IMAGE=devbox:latest +EOF + chmod 600 "$ENV_FILE" + echo " Created $ENV_FILE — edit and fill in secrets." +else + echo "[4/4] Env file exists: $ENV_FILE" +fi + +echo "" +echo "Done! Run:" +echo " claudebox # start server" +echo " claudebox --http-only # without Slack" +echo "" +echo "Optional systemd setup:" +echo " ./scripts/setup-systemd.sh" diff --git a/packages/libclaudebox/auto-update.ts b/packages/libclaudebox/auto-update.ts new file mode 100644 index 0000000..21a1de4 --- /dev/null +++ b/packages/libclaudebox/auto-update.ts @@ -0,0 +1,87 @@ +/** + * Auto-updater for ClaudeBox. + * + * Polls origin/next. When new commits are found: + * 1. git fetch origin next + * 2. git reset --hard origin/next + * 3. ./bootstrap.sh + * 4. Exit with code 75 (EX_TEMPFAIL) — systemd or wrapper restarts us + */ + +import { execFileSync, execSync } from "child_process"; + +const POLL_INTERVAL = 60_000; // 1 minute +const BRANCH = "origin/next"; +const RESTART_EXIT_CODE = 75; // EX_TEMPFAIL — signals "restart me" + +let repoDir = ""; +let updating = false; + +function git(...args: string[]): string { + return execFileSync("git", args, { + cwd: repoDir, + encoding: "utf-8", + timeout: 30_000, + }).trim(); +} + +function checkAndUpdate(): void { + if (updating) return; + updating = true; + + try { + const before = git("rev-parse", "HEAD"); + + git("fetch", "origin", "next", "--quiet"); + + const after = git("rev-parse", BRANCH); + if (before === after) { + updating = false; + return; + } + + console.log(`[AUTOUPDATE] ${before.slice(0, 8)} → ${after.slice(0, 8)}`); + + try { + const log = git("log", "--oneline", `${before}..${after}`, "--max-count=10"); + if (log) console.log(`[AUTOUPDATE] Changes:\n${log}`); + } catch {} + + git("reset", "--hard", BRANCH); + console.log(`[AUTOUPDATE] Reset to ${BRANCH}`); + + console.log("[AUTOUPDATE] Running bootstrap.sh..."); + execSync("./bootstrap.sh", { + cwd: repoDir, + stdio: "inherit", + timeout: 120_000, + }); + + console.log("[AUTOUPDATE] Exiting for restart..."); + process.exit(RESTART_EXIT_CODE); + } catch (e: any) { + console.error(`[AUTOUPDATE] Error: ${e.message}`); + updating = false; + } +} + +/** + * Start the auto-updater. Call once from server.ts. + * @param dir - The repo directory to update + */ +export function startAutoUpdate(dir?: string): void { + repoDir = dir || process.cwd(); + + try { + git("rev-parse", "--git-dir"); + } catch { + console.warn("[AUTOUPDATE] Not a git repo, disabled"); + return; + } + + const head = git("rev-parse", "HEAD").slice(0, 8); + console.log(` Auto-update: enabled (${head}, poll ${POLL_INTERVAL / 1000}s)`); + + setTimeout(checkAndUpdate, 10_000); + setInterval(checkAndUpdate, POLL_INTERVAL); +} diff --git a/packages/libclaudebox/config.ts b/packages/libclaudebox/config.ts index c7463e9..ff626d8 100644 --- a/packages/libclaudebox/config.ts +++ b/packages/libclaudebox/config.ts @@ -6,16 +6,17 @@ import { homedir } from "os"; // centralized in libcreds / libcreds-host. Do NOT read them here. export const SLACK_APP_TOKEN = process.env.SLACK_APP_TOKEN!; export const API_SECRET = process.env.CLAUDEBOX_API_SECRET || ""; +export const GITHUB_WEBHOOK_SECRET = process.env.GITHUB_WEBHOOK_SECRET || ""; export const HTTP_PORT = parseInt(process.env.CLAUDEBOX_PORT || "3000", 10); export const INTERNAL_PORT = parseInt(process.env.CLAUDEBOX_INTERNAL_PORT || String(HTTP_PORT + 2), 10); export const MAX_CONCURRENT = 10; // ── Paths ─────────────────────────────────────────────────────── export const REPO_DIR = process.env.CLAUDE_REPO_DIR ?? join(homedir(), "repo"); -export const SESSIONS_DIR = join(REPO_DIR, ".claude", "claudebox", "sessions"); export const DOCKER_IMAGE = process.env.CLAUDEBOX_DOCKER_IMAGE || "devbox:latest"; export const CLAUDEBOX_DIR = join(homedir(), ".claudebox"); -export const CLAUDEBOX_SESSIONS_DIR = join(CLAUDEBOX_DIR, "sessions"); // legacy +export const SESSIONS_DIR = join(CLAUDEBOX_DIR, "sessions"); +export const CLAUDEBOX_SESSIONS_DIR = SESSIONS_DIR; // alias for back-compat export const CLAUDEBOX_WORKTREES_DIR = join(CLAUDEBOX_DIR, "worktrees"); export const CLAUDEBOX_STATS_DIR = join(CLAUDEBOX_DIR, "stats"); // Parent of packages/libclaudebox/ — the root claudebox directory @@ -33,9 +34,10 @@ export const SESSION_PAGE_PASS = process.env.CLAUDEBOX_SESSION_PASS || ""; // The logId format is -, so we extract the worktreeId prefix. export const LOG_BASE_URL = `https://${CLAUDEBOX_HOST}`; export function buildLogUrl(logId: string): string { - // Extract worktreeId from logId (e.g. "d9441073aae158ae-3" → "d9441073aae158ae") + // Extract worktreeId and seq from logId (e.g. "d9441073aae158ae-3" → worktree "d9441073aae158ae", run "3") const worktreeId = logId.replace(/-\d+$/, ""); - return `${LOG_BASE_URL}/s/${worktreeId}`; + const seq = logId.match(/-(\d+)$/)?.[1] || ""; + return `${LOG_BASE_URL}/s/${worktreeId}${seq ? `?run=${seq}` : ""}`; } export const DEFAULT_BASE_BRANCH = process.env.CLAUDEBOX_DEFAULT_BRANCH || "main"; diff --git a/packages/libclaudebox/docker.ts b/packages/libclaudebox/docker.ts index 42e0e73..d8407ad 100644 --- a/packages/libclaudebox/docker.ts +++ b/packages/libclaudebox/docker.ts @@ -14,6 +14,7 @@ import { buildLogUrl, } from "./config.ts"; import { incrActiveSessions, decrActiveSessions } from "./runtime.ts"; +import { updateGithubOnCompletion } from "./github-completion.ts"; // Token env vars — sourced from libcreds-host (the only package that reads token env vars). import { getContainerTokens } from "../libcreds-host/index.ts"; @@ -124,6 +125,21 @@ export class DockerService { const wt = store.getOrCreateWorktree(opts.worktreeId); const { worktreeId, workspaceDir, claudeProjectsDir } = wt; + // Kill any leftover containers from previous runs on this worktree + const prevSessions = store.listByWorktree(worktreeId); + for (const prev of prevSessions) { + if (prev.status === "running" && prev._log_id) { + const prevContainer = prev.container || `claudebox-${prev._log_id}`; + const prevSidecar = prev.sidecar || `claudebox-sidecar-${prev._log_id}`; + const prevNetwork = `claudebox-net-${prev._log_id}`; + this.stopAndRemoveSync(prevContainer, 3); + this.stopAndRemoveSync(prevSidecar, 3); + this.removeNetworkSync(prevNetwork); + store.update(prev._log_id, { status: "cancelled", exit_code: 137, finished: new Date().toISOString() }); + console.log(`[DOCKER] Cleaned up previous run ${prev._log_id} on worktree ${worktreeId}`); + } + } + const logId = store.nextSessionLogId(worktreeId); const sessionUuid = randomUUID(); const networkName = `claudebox-net-${logId}`; @@ -180,6 +196,9 @@ export class DockerService { slack_channel_name: opts.slackChannelName || "", slack_thread_ts: opts.slackThreadTs || "", slack_message_ts: opts.slackMessageTs || "", + run_comment_id: opts.runCommentId || "", + comment_id: opts.commentId || "", + repo: basename(REPO_DIR) === "aztec-packages" ? "AztecProtocol/aztec-packages" : "", claude_session_id: sessionUuid, worktree_id: worktreeId, base_branch: baseBranch, @@ -221,6 +240,15 @@ export class DockerService { `${CLAUDEBOX_DIR}:${CONTAINER_HOME}/.claudebox:rw`, ]; sidecarBinds.push(`${join(REPO_DIR, ".git")}:/reference-repo/.git:ro`); + // Mount yarn-project node_modules + prettier config for format tools + const ypNodeModules = join(REPO_DIR, "yarn-project/node_modules"); + if (existsSync(ypNodeModules)) { + sidecarBinds.push(`${ypNodeModules}:/reference-repo/yarn-project/node_modules:ro`); + } + const prettierConfig = join(REPO_DIR, "yarn-project/foundation/.prettierrc.json"); + if (existsSync(prettierConfig)) { + sidecarBinds.push(`${prettierConfig}:/reference-repo/yarn-project/foundation/.prettierrc.json:ro`); + } // Server URL for sidecar → server communication (internal port, not exposed to internet) const serverUrl = `http://host.docker.internal:${INTERNAL_PORT}`; @@ -302,6 +330,7 @@ export class DockerService { "-e", `PARENT_LOG_ID=${logId}`, "-e", `CLAUDEBOX_PROFILE=${profileDir}`, "-e", `CLAUDEBOX_MODEL=${opts.model || ""}`, + "-e", `CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1`, ]; // Pass tag categories to sidecar const tagCats = profile.tagCategories || []; @@ -418,6 +447,9 @@ export class DockerService { writeFileSync(metaPath, JSON.stringify(m, null, 2)); } catch {} + // Update GitHub PR comment on completion + updateGithubOnCompletion(store, logId, worktreeId, exitCode) + .catch((e) => console.warn(`[DOCKER] GitHub completion update failed: ${e.message}`)); resolve(exitCode); }); @@ -431,6 +463,168 @@ export class DockerService { } } + // Set of logIds being monitored by recoverRunningSessions — prevents reconcile + // from interfering with sessions we've already re-attached to. + private recoveredSessions = new Set(); + + /** Check if a session is being monitored by recovery (for reconcile to skip). */ + isRecovered(logId: string): boolean { + return this.recoveredSessions.has(logId); + } + + /** + * Recover sessions that are still running in Docker after a server restart. + * Re-attaches session streamers and exit monitors for orphaned containers. + */ + async recoverRunningSessions(store: WorktreeStore): Promise { + const all = store.listAll(); + const running = all.filter(s => s.status === "running" && s.container); + + if (!running.length) { + console.log("[RECOVER] No running sessions to recover."); + return; + } + + console.log(`[RECOVER] Found ${running.length} session(s) marked running — checking containers...`); + + for (const session of running) { + const logId = session._log_id!; + const containerName = session.container!; + const worktreeId = session.worktree_id; + + try { + // Check if the Docker container is actually still running + const { running: isRunning, exitCode } = this.inspectContainerSync(containerName); + + if (!isRunning) { + // Container already exited — just update the session status + const sidecarName = session.sidecar || `claudebox-sidecar-${logId}`; + const networkName = `claudebox-net-${logId}`; + this.forceRemoveSync(containerName); + this.forceRemoveSync(sidecarName); + this.removeNetworkSync(networkName); + store.update(logId, { + status: "completed", + exit_code: exitCode, + finished: new Date().toISOString(), + }); + console.log(`[RECOVER] ${logId}: container already exited (code=${exitCode}) — marked completed`); + continue; + } + + // Container is still running — re-attach! + console.log(`[RECOVER] ${logId}: container ${containerName} still running — re-attaching...`); + incrActiveSessions(); + this.recoveredSessions.add(logId); + + // Shared exit handler — used by both with-worktree and without-worktree paths + const onContainerExit = (code: number, streamer?: SessionStreamer, cacheLogProc?: ChildProcess | null) => { + this.recoveredSessions.delete(logId); + decrActiveSessions(); + console.log(`[RECOVER] Container ${containerName} exited: ${code}`); + + // Stop streamer and cache_log + if (streamer) streamer.stop(); + if (cacheLogProc) setTimeout(() => { cacheLogProc.stdin?.end(); }, 500); + + // Clean up containers/network + const sidecarName = session.sidecar || `claudebox-sidecar-${logId}`; + const networkName = `claudebox-net-${logId}`; + this.forceRemoveSync(containerName); + this.stopAndRemoveSync(sidecarName, 5); + this.removeNetworkSync(networkName); + + // Only update status if not already cancelled (e.g. by cancelSession) + const current = store.get(logId); + if (current && current.status === "running") { + store.update(logId, { + status: "completed", + finished: new Date().toISOString(), + exit_code: code, + }); + } + + // Record activity line count + if (worktreeId) { + try { + const actLines = store.readActivity(worktreeId).length; + const metaPath = join(store.worktreesDir, worktreeId, "meta.json"); + const m = store.getWorktreeMeta(worktreeId); + m.activity_synced_lines = actLines; + writeFileSync(metaPath, JSON.stringify(m, null, 2)); + } catch {} + + // Update GitHub PR comment on completion + updateGithubOnCompletion(store, logId, worktreeId, code) + .catch((e) => console.warn(`[RECOVER] GitHub completion update failed: ${e.message}`)); + } + }; + + // Set up streamer + exit monitor + let streamer: SessionStreamer | undefined; + let cacheLogProc: ChildProcess | null = null; + + if (worktreeId) { + try { + const workspaceDir = join(store.worktreesDir, worktreeId, "workspace"); + const claudeProjectsDir = join(store.worktreesDir, worktreeId, "claude-projects"); + const activityLog = join(workspaceDir, "activity.jsonl"); + + // Start cache_log if available + const cacheLogBin = join(REPO_DIR, "ci3", "cache_log"); + if (existsSync(cacheLogBin)) { + cacheLogProc = spawn(cacheLogBin, ["claudebox", logId], { + stdio: ["pipe", "inherit", "inherit"], + env: { ...process.env, DUP: "1" }, + }); + } + + streamer = new SessionStreamer({ + projectDir: claudeProjectsDir, + activityLog, + repoDir: REPO_DIR, + parentLogId: logId, + onOutput: (text) => { cacheLogProc?.stdin?.write(text); }, + }); + streamer.start().catch(() => {}); + } catch (e: any) { + console.warn(`[RECOVER] ${logId}: failed to start streamer: ${e.message}`); + } + } + + // Spawn `docker wait` to monitor container exit + // Works even if container already exited between inspect and now — returns immediately + const capturedStreamer = streamer; + const capturedCacheLog = cacheLogProc; + let exited = false; + const waiter = spawn("docker", ["wait", containerName], { + stdio: ["ignore", "pipe", "ignore"], + }); + + // Accumulate stdout (docker wait may deliver exit code in chunks) + // and parse on close to avoid double-firing onContainerExit + let waiterBuf = ""; + waiter.stdout?.on("data", (d: Buffer) => { waiterBuf += d.toString(); }); + waiter.on("close", () => { + if (exited) return; + exited = true; + const code = parseInt(waiterBuf.trim(), 10) || 1; + onContainerExit(code, capturedStreamer, capturedCacheLog); + }); + + waiter.on("error", () => { + if (exited) return; + exited = true; + onContainerExit(1, capturedStreamer, capturedCacheLog); + }); + + console.log(`[RECOVER] ${logId}: re-attached streamer + exit monitor`); + } catch (e: any) { + console.warn(`[RECOVER] ${logId}: error during recovery: ${e.message}`); + } + } + } + /** Cancel a running session by stopping its containers. */ cancelSession(id: string, session: RunMeta, store: WorktreeStore): boolean { const logId = session._log_id || id; diff --git a/packages/libclaudebox/github-completion.ts b/packages/libclaudebox/github-completion.ts new file mode 100644 index 0000000..b5762c8 --- /dev/null +++ b/packages/libclaudebox/github-completion.ts @@ -0,0 +1,117 @@ +/** + * GitHub PR comment updates on session completion. + * + * Updates the run_comment_id with final status + response, + * and posts a new comment linking to the completed run. + */ + +import type { WorktreeStore } from "./worktree-store.ts"; +import { getHostCreds } from "../libcreds-host/index.ts"; +import { sessionUrl } from "./util.ts"; + +/** Extract PR number from a GitHub link like https://github.com/org/repo/pull/123 */ +function prNumberFromLink(link: string): number | null { + const m = link.match(/\/pull\/(\d+)/); + return m ? parseInt(m[1], 10) : null; +} + +/** Extract repo from a link like https://github.com/AztecProtocol/aztec-packages/... */ +function repoFromLink(link: string): string | null { + const m = link.match(/github\.com\/([^/]+\/[^/]+)/); + return m ? m[1] : null; +} + +export async function updateGithubOnCompletion( + store: WorktreeStore, + logId: string, + worktreeId: string, + exitCode: number, +): Promise { + const session = store.get(logId); + if (!session) return; + + // Determine repo + PR number from session metadata + const link = session.link || ""; + const repo = session.repo || repoFromLink(link) || ""; + const prNumber = prNumberFromLink(link); + if (!repo || !prNumber) return; + + const creds = getHostCreds(); + if (!creds.github.hasToken) return; + + const statusEmoji = exitCode === 0 ? "\u2705" : "\u26A0\uFE0F"; + const statusText = exitCode === 0 ? "completed" : `error (exit ${exitCode})`; + + // Elapsed time + const started = session.started; + const elapsed = (() => { + if (!started) return ""; + const ms = Date.now() - new Date(started).getTime(); + if (ms < 0) return ""; + const mins = Math.floor(ms / 60000); + if (mins < 1) return "<1m"; + if (mins < 60) return `${mins}m`; + return `${Math.floor(mins / 60)}h${mins % 60}m`; + })(); + + const currentSeq = logId.match(/-(\d+)$/)?.[1] || "1"; + const baseUrl = sessionUrl(worktreeId) + `?run=${currentSeq}`; + + // Get latest response from activity + const activity = store.readActivity(worktreeId).reverse(); // oldest first + const currentActivity = activity.filter(a => a.log_id === logId); + const lastResponse = currentActivity.filter(a => a.type === "response").pop(); + const artifacts = currentActivity.filter(a => a.type === "artifact"); + + // Build the run comment body + const lines: string[] = []; + const elapsedSuffix = elapsed ? ` (${elapsed})` : ""; + lines.push(`${statusEmoji} **Run #${currentSeq}** — ${statusText}${elapsedSuffix}`); + lines.push(`[Live status](${baseUrl})`); + + // Response + if (lastResponse?.text) { + const text = lastResponse.text.length > 600 ? lastResponse.text.slice(0, 600) + "\u2026" : lastResponse.text; + lines.push(""); + lines.push(text); + } + + // Artifacts + if (artifacts.length > 0) { + const artifactLinks: string[] = []; + const seenUrls = new Set(); + for (const a of artifacts) { + const urlMatch = a.text.match(/(https?:\/\/[^\s)>\]]+)/); + if (!urlMatch) continue; + const url = urlMatch[1].replace(/[.,;:!?]+$/, ""); + if (seenUrls.has(url)) continue; + seenUrls.add(url); + const prMatch = url.match(/\/pull\/(\d+)/); + if (prMatch) { artifactLinks.push(`[PR #${prMatch[1]}](${url})`); continue; } + const issueMatch = url.match(/\/issues\/(\d+)/); + if (issueMatch) { artifactLinks.push(`[Issue #${issueMatch[1]}](${url})`); continue; } + if (url.includes("gist.github")) { artifactLinks.push(`[Gist](${url})`); continue; } + artifactLinks.push(`[Link](${url})`); + } + if (artifactLinks.length) { + lines.push(""); + lines.push(artifactLinks.join(" \u00B7 ")); + } + } + + const body = lines.join("\n"); + + try { + // Update existing run_comment_id if we have one + if (session.run_comment_id) { + await creds.github.updateIssueComment(repo, session.run_comment_id, body); + console.log(`[GITHUB] Updated run comment ${session.run_comment_id} on ${repo}#${prNumber}`); + } else { + // Post a new comment on the PR + await creds.github.addIssueComment(repo, prNumber, body); + console.log(`[GITHUB] Posted completion comment on ${repo}#${prNumber}`); + } + } catch (e: any) { + console.warn(`[GITHUB] Failed to update PR comment: ${e.message}`); + } +} diff --git a/packages/libclaudebox/html/dashboard.ts b/packages/libclaudebox/html/dashboard.ts index 7f6c98c..491da47 100644 --- a/packages/libclaudebox/html/dashboard.ts +++ b/packages/libclaudebox/html/dashboard.ts @@ -94,6 +94,7 @@ a{color:#7aa2f7;text-decoration:none}a:hover{text-decoration:underline} .thread-sessions{border-top:1px solid #0d0d0d} .thread-msg-link{color:#333;font-size:10px;margin-left:6px;text-decoration:none;flex-shrink:0} .thread-msg-link:hover{color:#7aa2f7} +.thread-artifacts{display:flex;gap:3px;flex-shrink:0} /* Card grid (used by skeleton only) */ .card-grid{display:grid;grid-template-columns:repeat(auto-fill,minmax(380px,1fr));gap:8px} @@ -142,6 +143,18 @@ a{color:#7aa2f7;text-decoration:none}a:hover{text-decoration:underline} .badge-tag{color:#bb9af7;border-color:#1a1a2a;background:#0d0a0d;cursor:pointer} .badge-tag:hover{border-color:#bb9af7} +/* Card artifacts */ +.card-artifacts{display:flex;gap:4px;margin-top:6px;flex-wrap:wrap} +.card-artifact{font-size:10px;padding:2px 8px;border-radius:10px;text-decoration:none;transition:all 0.15s} +.card-artifact:hover{opacity:0.85;text-decoration:none} +.card-artifact.a-pr{color:#9ece6a;border:1px solid #1a2a1a;background:#0a0d0a} +.card-artifact.a-issue{color:#f7768e;border:1px solid #2a1a1a;background:#0d0a0a} +.card-artifact.a-gist{color:#bb9af7;border:1px solid #1a1a2a;background:#0d0a0d} +.card-artifact.a-link{color:#7dcfff;border:1px solid #1a2a2a;background:#0a0d0d} + +/* Card reply */ +.card-reply{font-size:11px;color:#555;margin-top:6px;padding:6px 8px;background:#050505;border-left:2px solid #1a1a1a;border-radius:0 2px 2px 0;word-break:break-word;max-height:60px;overflow:hidden;line-height:1.4} + /* Kebab menu */ .kebab{color:#333;cursor:pointer;padding:2px 6px;font-size:16px;line-height:1;border-radius:2px;flex-shrink:0} .kebab:hover{color:#888;background:#111} @@ -347,6 +360,20 @@ function WorkspaceCard({ w, onRefresh, nested }) { \${!nested && w.origin === "github" ? html\`github\` : null} \${w.profile ? html\`\${w.profile}\` : null} + \${w.artifacts && w.artifacts.length > 0 ? html\` +
+ \${w.artifacts.map(a => html\` + e.stopPropagation()}>\${a.text} + \`)} +
+ \` : null} + \${w.statusText && !w.lastReply ? html\` +
\${w.statusText}
+ \` : null} + \${w.lastReply ? html\` +
\${w.lastReply}
+ \` : null} \${menuOpen ? html\`
@@ -371,7 +398,18 @@ function ThreadCard({ thread, onRefresh }) { : thread.origin === "github" ? "github" : "http"; const threadSlackLink = latest.slackChannel && latest.slackThreadTs ? "https://" + (window.__slackDomain || "slack") + ".slack.com/archives/" + latest.slackChannel + "/p" + latest.slackThreadTs.replace(".", "") - : null; + : (latest.link && latest.link.indexOf(".slack.com/") !== -1 ? latest.link : null); + + // Collect all artifacts across sessions for collapsed view + const allArtifacts = useMemo(() => { + const seen = new Map(); + for (const s of thread.sessions) { + for (const a of (s.artifacts || [])) { + if (!seen.has(a.url)) seen.set(a.url, a); + } + } + return [...seen.values()]; + }, [thread.sessions]); // Fetch Slack thread context on first expand useEffect(() => { @@ -386,28 +424,35 @@ function ThreadCard({ thread, onRefresh }) { .catch(() => setThreadMsgs([])); }, [expanded]); - // Build session lookup by worktreeId for non-Slack threads - const sessionMap = useMemo(() => { - const m = {}; - for (const s of thread.sessions) m[s.worktreeId] = s; - return m; - }, [thread.sessions]); + const statusCls = thread.sessions.some(w => w.status === "running") ? "running" + : latest.status === "error" ? "error" : latest.status || ""; return html\`
setExpanded(p => !p)}> \${expanded ? "\\u25BC" : "\\u25B6"} + \${originLabel} \${latest.name || latest.prompt.slice(0, 100) || "Unnamed"} - \${thread.sessions.length} run\${thread.sessions.length > 1 ? "s" : ""} + \${allArtifacts.length > 0 ? html\` + e.stopPropagation()}> + \${allArtifacts.map(a => html\`\${a.text}\`)} + + \` : null} + \${thread.sessions.length > 1 ? thread.sessions.length + " runs" : ""} \${latest.user} \${timeAgo(latest.started)} \${threadSlackLink ? html\` e.stopPropagation()}>\\u2197\` : null} \${!threadSlackLink && latest.link ? html\` e.stopPropagation()}>\\u2197\` : null} - \${thread.sessions.some(w => w.status === "running") ? html\`\` : null}
+ \${!expanded && latest.statusText && !latest.lastReply ? html\` +
setExpanded(true)}>\${latest.statusText}
+ \` : null} + \${!expanded && latest.lastReply ? html\` +
setExpanded(true)}>\${latest.lastReply}
+ \` : null} \${expanded ? html\` \${threadMsgs && threadMsgs.length > 0 ? html\`
@@ -485,10 +530,7 @@ function WorkspaceList({ workspaces, onRefresh }) { } return html\` - \${threads.map(t => t.sessions.length === 1 && !t.sessions[0].threadKey - ? html\`<\${WorkspaceCard} key=\${t.sessions[0].worktreeId} w=\${t.sessions[0]} onRefresh=\${onRefresh} />\` - : html\`<\${ThreadCard} key=\${t.sessions[0].threadKey || t.sessions[0].worktreeId} thread=\${t} onRefresh=\${onRefresh} />\` - )} + \${threads.map(t => html\`<\${ThreadCard} key=\${t.sessions[0].threadKey || t.sessions[0].worktreeId} thread=\${t} onRefresh=\${onRefresh} />\`)} \`; } diff --git a/packages/libclaudebox/html/shared.ts b/packages/libclaudebox/html/shared.ts index a23051e..aba7d1d 100644 --- a/packages/libclaudebox/html/shared.ts +++ b/packages/libclaudebox/html/shared.ts @@ -117,7 +117,7 @@ function compactArtifact(text: string): string { const issueMatch = text.match(/^(?:Closed )?[Ii]ssue #(\d+).*?(https?:\/\/\S+)/); if (issueMatch) { const prefix = text.startsWith("Closed") ? "Closed " : ""; - return `${prefix}#${issueMatch[1]}`; + return `${prefix}Issue #${issueMatch[1]}`; } // Cross-ref: "Cross-ref #70: context" @@ -222,4 +222,10 @@ export interface WorkspaceCard { slackThreadTs?: string; /** GitHub link (PR or action run URL) */ link?: string; + /** Last session_status text from activity */ + statusText?: string; + /** Latest response text (truncated) */ + lastReply?: string; + /** Artifacts (issues, PRs, gists) */ + artifacts?: Array<{ type: string; text: string; url: string }>; } diff --git a/packages/libclaudebox/html/workspace.ts b/packages/libclaudebox/html/workspace.ts index 6388c30..75182ac 100644 --- a/packages/libclaudebox/html/workspace.ts +++ b/packages/libclaudebox/html/workspace.ts @@ -79,6 +79,13 @@ a{color:inherit;text-decoration:none}a:hover{text-decoration:underline} .act-agent-body{display:none;border-top:1px solid rgba(167,139,250,0.1);padding:4px 8px} .act-agent-card.expanded .act-agent-body{display:block} .agent-dot-inline{width:6px;height:6px;border-radius:50%;background:#a78bfa;display:inline-block;animation:pulse 2s infinite} +.act-team-card{background:#0f1018;border:1px solid rgba(167,139,250,0.2);border-radius:6px;margin:4px 0;overflow:hidden} +.act-team-header{display:flex;align-items:center;gap:8px;padding:6px 10px;cursor:pointer;font-size:12px;font-family:'SF Mono',monospace;color:#a78bfa} +.act-team-header:hover{background:rgba(167,139,250,0.05)} +.act-team-card.expanded .act-agent-chevron{transform:rotate(90deg)} +.act-team-body{display:none;border-top:1px solid rgba(167,139,250,0.1);padding:4px 4px} +.act-team-card.expanded .act-team-body{display:block} +.act-team-body .act-agent-card{margin:2px 0;border-color:rgba(167,139,250,0.1)} .tool-name{color:#FAD979;font-weight:500} .tool-args{color:#9CA3AF} .tool-bash{color:#61D668} @@ -87,8 +94,8 @@ a{color:inherit;text-decoration:none}a:hover{text-decoration:underline} .act-tool-group{border-left:2px solid rgba(250,217,121,0.2);margin-left:6px;padding-left:6px;margin-bottom:2px} .act-tool-group.act-tool-group-error{border-left-color:rgba(233,69,96,0.4)} .act-tool-group.act-tool-group-bash{border-left-color:rgba(97,214,104,0.25)} -.act-result{background:#1E1E24;border:1px solid #333;border-radius:6px;margin:2px 0 4px 0;padding:6px 10px;font-size:11px;color:#9CA3AF;font-family:'SF Mono',monospace;line-height:1.5;white-space:pre-wrap;word-break:break-all;max-height:60px;overflow:hidden;cursor:pointer;transition:max-height 0.15s} -.act-result.expanded{max-height:none} +.act-result{background:#1E1E24;border:1px solid #282830;border-radius:4px;margin:1px 0 3px 0;padding:2px 10px;font-size:11px;color:#666;font-family:'SF Mono',monospace;line-height:1.5;white-space:pre-wrap;word-break:break-all;max-height:18px;overflow:hidden;cursor:pointer;transition:max-height 0.15s} +.act-result.expanded{max-height:none;color:#9CA3AF} .act-result.act-result-error{border-color:rgba(233,69,96,0.4);color:#E94560;background:rgba(233,69,96,0.06)} .act-row.act-status{color:#5FA7F1} .artifact-chips{display:flex;gap:6px;flex-wrap:wrap;padding:4px 20px 8px} @@ -131,6 +138,7 @@ a{color:inherit;text-decoration:none}a:hover{text-decoration:underline} .run-label{font-weight:600;color:#ccc;white-space:nowrap} .run-status{color:#666;font-size:12px} .run-exit{color:#E94560;font-size:12px} +.run-context-link{color:#7ab8ff;font-size:11px;text-decoration:none;padding:1px 6px;border-radius:3px;border:1px solid rgba(122,184,255,0.2);background:rgba(122,184,255,0.05)}.run-context-link:hover{background:rgba(122,184,255,0.15);text-decoration:none} .run-slack-link{color:#555;font-size:11px;text-decoration:none;padding:2px 4px;border-radius:3px}.run-slack-link:hover{color:#5FA7F1;background:rgba(95,167,241,0.1)} .run-time{color:#444;margin-left:auto;font-size:11px;flex-shrink:0} .run-summary{padding:8px 20px 16px;font-size:14px;line-height:1.6;cursor:pointer} @@ -227,6 +235,7 @@ export function workspacePageHTML(data: WorkspacePageData): string { log_id: s._log_id, status: s.status, started: s.started, user: s.user, exit_code: s.exit_code ?? null, prompt: stripSlackContext(s.prompt || ""), + link: s.link || "", slack_channel: s.slack_channel || "", slack_message_ts: s.slack_message_ts || "", slack_thread_ts: s.slack_thread_ts || "", @@ -289,7 +298,7 @@ function compactArtifact(text){ if(prMd)return ''+(isUpdated?'\\u2191 ':'')+'PR #'+prMd[1]+''; // Issue: "Issue #N: title — url" or "Closed issue #N: ..." var issueM=text.match(/^(?:Closed )?[Ii]ssue #(\\d+).*?(https?:\\/\\/\\S+)/); - if(issueM){var pre=text.indexOf("Closed")===0?"Closed ":"";return ''+pre+'#'+issueM[1]+'';} + if(issueM){var pre=text.indexOf("Closed")===0?"Closed ":"";return ''+pre+'Issue #'+issueM[1]+'';} // Cross-ref var xref=text.match(/^Cross-ref #(\\d+)/); if(xref){var u=text.match(/(https?:\\/\\/\\S+)/);if(u)return 'Cross-ref #'+xref[1]+'';return 'Cross-ref #'+xref[1]+'';} @@ -394,9 +403,10 @@ function timeAgo(iso){ return Math.floor(ms/86400000)+"d ago"; } -function msgId(text){ +function msgId(text,ts){ var h=0; - for(var i=0;i\${t}
\`; } +// ── Link context label (PR #N, Issue #N, CI run, etc.) ────────── +function linkLabel(url){ + if(!url)return null; + if(url.match(/\\.slack\\.com\\//))return{text:"Slack",url:url}; + var pr=url.match(/\\/pull\\/(\\d+)/); + if(pr)return{text:"PR #"+pr[1],url:url}; + var issue=url.match(/\\/issues\\/(\\d+)/); + if(issue)return{text:"Issue #"+issue[1],url:url}; + var run=url.match(/\\/actions\\/runs\\/(\\d+)/); + if(run)return{text:"CI run",url:url}; + return{text:"link",url:url}; +} + // ── PromptCard component (flat, with Slack link) ──────────────── function PromptCard({text, time, user, slackLink}){ @@ -582,6 +605,27 @@ function AgentSection({text, agentId, time, children}){
\`; } +// ── AgentTeam — multiple parallel agents grouped ──────────────── +function AgentTeam({agents, teamId, time}){ + const [expanded,setExpanded]=useState(false); + const ref=useRef(null); + return html\`
+
setExpanded(p=>!p)}> + \u25B6 + + Agent team + (\${agents.length} agents) + \${time} +
+
+ \${agents.map(a=>html\`
+ + \${a.text} +
\`)} +
+
\`; +} + // ── Group tool_use + tool_result into bordered containers ───── function renderActivityItems(activity){ var out=[]; @@ -589,22 +633,38 @@ function renderActivityItems(activity){ var item=activity[i]; var entry=item.entry; var key=item.id||("a"+i); - // Agent sections — collect subsequent tool/subagent entries + // Agent team — detect consecutive agent_start entries (parallel agents) if(entry.type==="agent_start"){ - var agentChildren=[]; + // Look ahead for more consecutive agent_starts + var agents=[{text:entry.text||"",key:key,ts:entry.ts}]; var j=i+1; + while(j\${grouped}\`); + if(agents.length>1){ + // Render as a team card + out.push(html\`<\${AgentTeam} key=\${key} agents=\${agents} teamId=\${key} time=\${entry.ts?timeAgo(entry.ts):""} />\`); + }else{ + // Single agent — collect children for AgentSection + var agentChildren=[]; + var k=i+1; + while(k\${grouped}\`); + } i=j-1; continue; } @@ -664,11 +724,13 @@ function runBg(i){return RUN_COLORS[i%RUN_COLORS.length];} function RunCard({run, lastReply, selected, onSelect, onOpen, runArtifacts, priorPrNums}){ const st=run.status||"unknown"; const replyText=lastReply?slackToMd(lastReply):""; + const ctx=linkLabel(run.link); return html\`
onOpen(run.index)}>
run \${run.index+1}\${run.total>1?"/"+run.total:""} + \${ctx?html\`e.stopPropagation()}>\${ctx.text}\`:null} \${st} \${run.exitCode!=null&&run.exitCode!==0?html\`exit \${run.exitCode}\`:null} \${run.slackLink?html\`e.stopPropagation()} title="View in Slack">\u2197\`:null} @@ -689,6 +751,7 @@ function RunCard({run, lastReply, selected, onSelect, onOpen, runArtifacts, prio function RunDetail({run, activity, onBack, runArtifacts, priorPrNums}){ const st=run.status||"unknown"; + const ctx=linkLabel(run.link); const bodyRef=useRef(null); const prevActivityLen=useRef(0); @@ -699,17 +762,25 @@ function RunDetail({run, activity, onBack, runArtifacts, priorPrNums}){ if(activity.length!==prevActivityLen.current){ const nearBottom=el.scrollHeight-el.scrollTop-el.clientHeight<200; if(nearBottom||prevActivityLen.current===0){ - requestAnimationFrame(()=>{el.scrollTop=el.scrollHeight;}); + // Double-RAF to ensure DOM has painted before scrolling + requestAnimationFrame(()=>{requestAnimationFrame(()=>{el.scrollTop=el.scrollHeight;});}); } prevActivityLen.current=activity.length; } },[activity.length]); + // Also scroll on mount after content settles + useEffect(()=>{ + if(!bodyRef.current)return; + const el=bodyRef.current; + setTimeout(()=>{el.scrollTop=el.scrollHeight;},100); + },[]); return html\`
run \${run.index+1}/\${run.total} + \${ctx?html\`\${ctx.text}\`:null} \${st} \${run.exitCode!=null&&run.exitCode!==0?html\`exit \${run.exitCode}\`:null} \${run.slackLink?html\`\u2197 Slack\`:null} @@ -825,7 +896,8 @@ function Sidebar({open, status, exitCode, user, baseBranch, sessions, artifacts, // ── ChatArea — runs driven by D.sessions ──────────────────────── function ChatArea({runs, selectedRun, activityByRun, lastReplyByRun, artifactsByRun, onSelectRun, onBack}){ - const [selectedCard,setSelectedCard]=useState(null); + const listRef=useRef(null); + const [selectedCard,setSelectedCard]=useState(()=>runs.length>1?runs.length-1:null); if(!runs.length)return html\`
No runs yet
\`; // Compute cumulative PR numbers seen before each run (for detecting updates) @@ -840,6 +912,12 @@ function ChatArea({runs, selectedRun, activityByRun, lastReplyByRun, artifactsBy return result; },[runs,artifactsByRun]); + // Scroll list view to bottom on mount (highlight last run) + useEffect(()=>{ + if(selectedRun!=null||!listRef.current)return; + setTimeout(()=>{if(listRef.current)listRef.current.scrollTop=listRef.current.scrollHeight;},50); + },[]); + // Detail view: full activity for selected run if(selectedRun!=null&&runs[selectedRun]){ const run=runs[selectedRun]; @@ -855,7 +933,7 @@ function ChatArea({runs, selectedRun, activityByRun, lastReplyByRun, artifactsBy } // List view: all run cards with prompt + reply summaries - return html\`
+ return html\`
\${runs.map((run,i)=>html\`<\${RunCard} key=\${run.logId||i} run=\${run} @@ -910,20 +988,28 @@ function WorkspacePage(){ const [runs,setRuns]=useState(()=>{ const sessionsOldest=[...D.sessions].reverse(); const total=sessionsOldest.length; - return sessionsOldest.map((s,i)=>({ - logId:s.log_id, index:i, total:total, - status:s.status, exitCode:s.exit_code, started:s.started, - prompt:s.prompt||"", user:s.user||D.user, - slackLink:slackPermalink(s), - })); + return sessionsOldest.map((s,i)=>{ + var sl=slackPermalink(s); + var lnk=s.link||""; + // If link is a Slack URL and we have no slackLink, use it as slackLink + if(!sl&&lnk&&/\\.slack\\.com\\//.test(lnk)){sl=lnk;lnk="";} + return{logId:s.log_id, index:i, total:total, + status:s.status, exitCode:s.exit_code, started:s.started, + prompt:s.prompt||"", user:s.user||D.user, + link:lnk, slackLink:sl}; + }); }); - // Deeplink: ?run= opens detail view, otherwise list view (null) + // Extract run sequence number from logId (e.g. "abc123-3" → "3") + function runSeq(logId){var m=logId&&logId.match(/-(\d+)$/);return m?m[1]:logId;} + + // Deeplink: ?run= opens detail view const [selectedRun,setSelectedRun]=useState(()=>{ const p=new URLSearchParams(window.location.search); const runParam=p.get("run")||""; if(runParam){ - const idx=runs.findIndex(r=>r.logId===runParam); + // Match by seq number or full logId for backwards compat + const idx=runs.findIndex(r=>runSeq(r.logId)===runParam||r.logId===runParam); if(idx>=0)return idx; } // Single run: auto-open detail view; multiple runs: list view @@ -936,7 +1022,7 @@ function WorkspacePage(){ useEffect(()=>{ const url=new URL(window.location); if(selectedRun!=null&&runs[selectedRun]){ - url.searchParams.set("run",runs[selectedRun].logId); + url.searchParams.set("run",runSeq(runs[selectedRun].logId)); }else{ url.searchParams.delete("run"); } @@ -999,7 +1085,7 @@ function WorkspacePage(){ } return null; } - const mid=msgId(e.text); + const mid=msgId(e.text,e.ts); if(seenRef.current.has(mid))return null; seenRef.current.add(mid); const agentLogUrl=e.type==="agent_start"?agentLogUrlsRef.current.shift():undefined; @@ -1080,9 +1166,10 @@ function WorkspacePage(){ const handleSSE=useCallback((d)=>{ if(d.type==="activity"&&d.entry){ - const sessionsOldest=[...D.sessions].reverse(); - const currentLogId=sessionsOldest.length?sessionsOldest[sessionsOldest.length-1].log_id:null; - const result=processEntry(d.entry, currentLogId); + // Use entry's own log_id if it matches a known session; otherwise fall back to newest + const ownLogId=d.entry.log_id&&D.sessions.find(s=>s.log_id===d.entry.log_id)?d.entry.log_id:null; + const fallbackLogId=(()=>{const o=[...D.sessions].reverse();return o.length?o[o.length-1].log_id:null;})(); + const result=processEntry(d.entry, ownLogId||fallbackLogId); if(result)addActivityItems([result]); if(d.entry.type==="artifact")setArtifacts(prev=>[...prev,d.entry]); }else if(d.type==="status"){ diff --git a/packages/libclaudebox/http-routes.ts b/packages/libclaudebox/http-routes.ts index ad84e3b..63a8167 100644 --- a/packages/libclaudebox/http-routes.ts +++ b/packages/libclaudebox/http-routes.ts @@ -1,10 +1,11 @@ import { createServer, type IncomingMessage, type ServerResponse } from "http"; import { SignJWT, jwtVerify, type JWTPayload } from "jose"; -import { API_SECRET, SESSION_PAGE_USER, SESSION_PAGE_PASS, MAX_CONCURRENT, DEFAULT_BASE_BRANCH } from "./config.ts"; +import { createHmac, timingSafeEqual } from "crypto"; +import { API_SECRET, SESSION_PAGE_USER, SESSION_PAGE_PASS, MAX_CONCURRENT, DEFAULT_BASE_BRANCH, GITHUB_WEBHOOK_SECRET } from "./config.ts"; import { getActiveSessions, getChannelBranches } from "./runtime.ts"; import { getHostCreds } from "../libcreds-host/index.ts"; import { dmAuthor } from "../libcreds-host/slack.ts"; -import { existsSync, readFileSync, readdirSync, statSync, watch, mkdirSync } from "fs"; +import { existsSync, readFileSync, readdirSync, statSync, watch, mkdirSync, openSync, readSync, fstatSync, closeSync } from "fs"; import { join } from "path"; import type { WorktreeStore } from "./worktree-store.ts"; import type { DockerService } from "./docker.ts"; @@ -128,6 +129,27 @@ function getSlackChannelInfo(channelId: string): SlackChannelInfo | null { return null; // unknown channel — no info } +/** Resolve channel info via Slack API and cache it. */ +async function resolveSlackChannelInfo(channelId: string): Promise { + if (channelInfoCache.has(channelId)) return channelInfoCache.get(channelId)!; + if (channelId.startsWith("D")) { const info = { name: "", isDm: true }; channelInfoCache.set(channelId, info); return info; } + if (!SLACK_BOT_TOKEN || !channelId) return null; + try { + const resp = await fetch(`https://slack.com/api/conversations.info?channel=${channelId}`, { + headers: { "Authorization": `Bearer ${SLACK_BOT_TOKEN}` }, + }); + const data = await resp.json() as any; + if (data.ok) { + const ch = data.channel || {}; + const isDm = !!ch.is_im || !!ch.is_mpim; + const info: SlackChannelInfo = { name: ch.name || "", isDm }; + channelInfoCache.set(channelId, info); + return info; + } + } catch {} + return null; +} + /** Strip "Slack thread context..." suffix from prompts for display */ function stripSlackContext(prompt: string): string { // Match any variant: "Slack thread context:", "Slack thread context (recent):", etc. @@ -171,10 +193,10 @@ async function buildDashboardData(store: WorktreeStore, profileFilter?: string): if (channelId) channelIds.add(channelId); } const channelInfoMap = new Map(); - for (const id of channelIds) { - const info = getSlackChannelInfo(id); + await Promise.all([...channelIds].map(async (id) => { + const info = await resolveSlackChannelInfo(id); if (info) channelInfoMap.set(id, info); - } + })); // Build flat workspace list const workspaces: WorkspaceCard[] = []; @@ -196,10 +218,41 @@ async function buildDashboardData(store: WorktreeStore, profileFilter?: string): if (slackChannel && slackThread) { origin = "slack"; threadKey = `${slackChannel}:${slackThread}`; + } else if (link && /\.slack\.com\//.test(link)) { + origin = "slack"; } else if (link) { origin = "github"; } + // Extract artifacts, latest reply, and last status text from activity + let lastReply = ""; + let statusText = ""; + const artifactMap = new Map(); + if (worktreeId) { + const activity = store.readActivity(worktreeId); // newest first + for (const a of activity) { + if (a.type === "response" && !lastReply) { + lastReply = a.text.length > 300 ? a.text.slice(0, 300) + "..." : a.text; + } + if (a.type === "status" && !statusText) { + statusText = a.text.length > 120 ? a.text.slice(0, 120) + "..." : a.text; + } + if (a.type === "artifact") { + const urlMatch = a.text.match(/(https?:\/\/[^\s)>\]]+)/); + if (urlMatch) { + const url = urlMatch[1].replace(/[.,;:!?]+$/, ''); + if (!artifactMap.has(url)) { + const prMatch = url.match(/\/pull\/(\d+)/); + const issueMatch = url.match(/\/issues\/(\d+)/); + const type = url.includes("gist.github") ? "gist" : prMatch ? "pr" : issueMatch ? "issue" : "link"; + const label = prMatch ? `PR #${prMatch[1]}` : issueMatch ? `Issue #${issueMatch[1]}` : type === "gist" ? "gist" : "link"; + artifactMap.set(url, { type, text: label, url }); + } + } + } + } + } + workspaces.push({ worktreeId: worktreeId || latest._log_id || "?", name: meta.name || null, @@ -219,6 +272,9 @@ async function buildDashboardData(store: WorktreeStore, profileFilter?: string): slackChannel: slackChannel || undefined, slackThreadTs: slackThread || undefined, link: link || undefined, + statusText: statusText || undefined, + lastReply: lastReply || undefined, + artifacts: artifactMap.size > 0 ? [...artifactMap.values()] : undefined, }); } @@ -363,6 +419,111 @@ const routes: Route[] = [ }, }, + // POST /api/github/webhook — GitHub webhook for label-triggered reviews + { + method: "POST", pattern: /^\/api\/github\/webhook$/, auth: "none", + handler: async (req, res, _params, { store, docker }) => { + const event = req.headers["x-github-event"] as string; + const sig = req.headers["x-hub-signature-256"] as string; + const rawBody = await readBody(req); + + // Verify HMAC signature + if (GITHUB_WEBHOOK_SECRET) { + if (!sig) { json(res, 401, { error: "missing signature" }); return; } + const expected = "sha256=" + createHmac("sha256", GITHUB_WEBHOOK_SECRET).update(rawBody).digest("hex"); + if (!timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) { + json(res, 401, { error: "invalid signature" }); + return; + } + } + + // Only process pull_request labeled events + if (event !== "pull_request") { json(res, 200, { ignored: true, reason: `event=${event}` }); return; } + + let payload: any; + try { payload = JSON.parse(rawBody); } catch { json(res, 400, { error: "invalid JSON" }); return; } + + if (payload.action !== "labeled") { json(res, 200, { ignored: true, reason: `action=${payload.action}` }); return; } + + const labelName = payload.label?.name; + if (labelName !== "claude-review") { json(res, 200, { ignored: true, reason: `label=${labelName}` }); return; } + + const pr = payload.pull_request; + if (!pr) { json(res, 400, { error: "missing pull_request" }); return; } + + const prNumber = pr.number; + const prTitle = pr.title || ""; + const prAuthor = pr.user?.login || "unknown"; + const prUrl = pr.html_url || `https://github.com/${payload.repository?.full_name}/pull/${prNumber}`; + const repo = payload.repository?.full_name || "AztecProtocol/aztec-packages"; + const headRef = pr.head?.ref || ""; + + console.log(`[WEBHOOK] claude-review label on ${repo}#${prNumber} "${prTitle}" by ${prAuthor}`); + + // Capacity check + if (getActiveSessions() >= MAX_CONCURRENT) { + json(res, 503, { error: "at capacity" }); + return; + } + + // Dedup: check if a session is already running for this PR + const prKey = prKeyFromUrl(prUrl); + if (prKey) { + const bound = store.getPrBinding(prKey); + if (bound) { + const prev = store.findByWorktreeId(bound); + if (prev?.status === "running") { + json(res, 409, { error: "review session already running for this PR" }); + return; + } + } + } + + const prompt = `Review PR #${prNumber}: ${prTitle} +${prUrl} + +Author: ${prAuthor} +Head branch: ${headRef} + +## Instructions + +1. Fetch and read the full PR diff, description, and all comments +2. Read any linked or attached issues referenced in the PR body or comments +3. For each changed file, read the FULL file to understand surrounding context +4. Look at recent git history (last 20 commits) for the changed files to understand evolution +5. Check CI status with ci_failures +6. Do a thorough review — assume every line is suspect. Focus on non-obvious bugs: + - Edge cases (zero values, empty collections, overflow) + - Concurrency issues (races, missing locks, ordering assumptions) + - Security (missing validation, injection, unsafe patterns) + - Correctness (off-by-one, wrong operator, inverted conditions) + - Compatibility (breaking changes, API drift, constant sync) +7. If you find a clear, direct fix, create a PR with it +8. When done, call manage_review_labels(pr_number=${prNumber}) to swap labels +9. Create a gist with your full review +10. Call respond_to_user with a terse summary + gist link`; + + let responded = false; + docker.runContainerSession({ + prompt, + userName: `review/${prAuthor}`, + link: prUrl, + targetRef: `origin/${headRef}`, + profile: "review", + }, store, undefined, (logUrl, worktreeId) => { + if (prKey) store.bindPr(prKey, worktreeId); + if (!responded) { + responded = true; + console.log(`[WEBHOOK] Review session started: ${logUrl}`); + json(res, 202, { ok: true, log_url: logUrl, worktree_id: worktreeId, pr: prNumber }); + } + }).catch((e) => { + console.error(`[WEBHOOK] Session error: ${e}`); + if (!responded) { responded = true; json(res, 500, { error: "internal error" }); } + }); + }, + }, + // GET /session/:id — session status (JSON API) { method: "GET", pattern: /^\/session\/([a-f0-9][\w-]+)$/, auth: "api", @@ -576,7 +737,7 @@ const routes: Route[] = [ user: session.user || "unknown", sessions: sessions.map(s => ({ log_id: s._log_id, status: s.status, exit_code: s.exit_code, - started: s.started, prompt: s.prompt, user: s.user, log_url: s.log_url, + started: s.started, prompt: s.prompt, user: s.user, log_url: s.log_url, link: s.link || "", })), }); }, @@ -598,34 +759,78 @@ const routes: Route[] = [ "X-Accel-Buffering": "no", }); - // Send current state as initial event - const activity = store.readActivity(worktreeId).reverse(); // oldest first + // Send current state as initial event — deduplicate entries caused by + // cumulative progress events in the session streamer (same type+text+log_id + // appearing many times within seconds). Uses last-seen timestamp per key; + // entries >30s apart with the same text are kept (legitimate repeated calls). + const rawActivity = store.readActivity(worktreeId).reverse(); // oldest first + const lastSeen = new Map(); + const activity = rawActivity.filter(e => { + const key = `${e.type}|${e.log_id || ""}|${(e.text || "").slice(0, 80)}`; + const ts = e.ts ? new Date(e.ts).getTime() : 0; + const prev = lastSeen.get(key); + lastSeen.set(key, ts); + if (prev !== undefined && ts && Math.abs(ts - prev) < 30_000) return false; + return true; + }); const currentSession = store.findByWorktreeId(worktreeId); + let currentLogId = currentSession?._log_id || session._log_id || ""; res.write(`data: ${JSON.stringify({ type: "init", activity, status: currentSession?.status || "unknown", exit_code: currentSession?.exit_code ?? null })}\n\n`); - let lineCount = activity.length; const activityPath = join(store.worktreesDir, worktreeId, "workspace", "activity.jsonl"); + // Track byte offset for incremental reads (avoids re-reading entire file) + let byteOffset = 0; + let leftover = ""; + try { if (existsSync(activityPath)) byteOffset = statSync(activityPath).size; } catch {} + let lastStatus = currentSession?.status || "unknown"; + let lastExitCode = currentSession?.exit_code ?? null; // Poll for new lines (fs.watch is unreliable in Docker bind mounts) const poll = setInterval(() => { try { - if (!existsSync(activityPath)) return; - const lines = readFileSync(activityPath, "utf-8").split("\n").filter(l => l.trim()); - if (lines.length > lineCount) { - const newEntries = lines.slice(lineCount).map(l => { try { return JSON.parse(l); } catch { return null; } }).filter(Boolean); - for (const entry of newEntries) { - res.write(`data: ${JSON.stringify({ type: "activity", entry })}\n\n`); - // Auto-set workspace name from Claude's set_workspace_name tool - if (entry.type === "name" && entry.text && worktreeId) { - store.setWorktreeName(worktreeId, entry.text); - } + // Read new activity bytes incrementally + if (existsSync(activityPath)) { + const fileSize = statSync(activityPath).size; + if (fileSize > byteOffset) { + const fd = openSync(activityPath, "r"); + try { + const buf = Buffer.alloc(fileSize - byteOffset); + readSync(fd, buf, 0, buf.length, byteOffset); + byteOffset = fileSize; + const text = leftover + buf.toString("utf-8"); + const parts = text.split("\n"); + leftover = parts.pop() ?? ""; + for (const line of parts) { + if (!line.trim()) continue; + try { + const entry = JSON.parse(line); + res.write(`data: ${JSON.stringify({ type: "activity", entry })}\n\n`); + if (entry.type === "name" && entry.text && worktreeId) { + store.setWorktreeName(worktreeId, entry.text); + } + } catch {} + } + } finally { closeSync(fd); } } - lineCount = lines.length; } - // Also check for status changes - const latest = store.findByWorktreeId(worktreeId); + + // Check status — read single session file instead of listing all + // Also detect if a new session started (e.g., resume) + const latest = store.get(currentLogId); if (latest) { - res.write(`data: ${JSON.stringify({ type: "status", status: latest.status || "unknown", exit_code: latest.exit_code ?? null })}\n\n`); + const s = latest.status || "unknown"; + const ec = latest.exit_code ?? null; + if (s !== lastStatus || ec !== lastExitCode) { + lastStatus = s; lastExitCode = ec; + res.write(`data: ${JSON.stringify({ type: "status", status: s, exit_code: ec })}\n\n`); + // If this session ended, check for a newer one (resume) + if (s !== "running") { + const newer = store.findByWorktreeId(worktreeId); + if (newer?._log_id && newer._log_id !== currentLogId) { + currentLogId = newer._log_id; + } + } + } } } catch {} }, 1500); @@ -1087,12 +1292,12 @@ const routes: Route[] = [ for (const s of all) { if (s.slack_channel) channelIds.add(s.slack_channel); } - // Resolve channel names + // Resolve channel names (async via Slack API) const channelNameMap = new Map(); - for (const id of channelIds) { - const info = getSlackChannelInfo(id); + await Promise.all([...channelIds].map(async (id) => { + const info = await resolveSlackChannelInfo(id); if (info) channelNameMap.set(id, info); - } + })); // Group by worktree first (like buildDashboardData), then enrich const worktreeMap = new Map(); @@ -1129,7 +1334,7 @@ const routes: Route[] = [ const prMatch = url.match(/\/pull\/(\d+)/); const issueMatch = url.match(/\/issues\/(\d+)/); const type = url.includes("gist.github") ? "gist" : prMatch ? "pr" : issueMatch ? "issue" : "link"; - const label = prMatch ? `#${prMatch[1]}` : issueMatch ? `#${issueMatch[1]}` : type === "gist" ? "gist" : "link"; + const label = prMatch ? `PR #${prMatch[1]}` : issueMatch ? `Issue #${issueMatch[1]}` : type === "gist" ? "gist" : "link"; artifactMap.set(url, { type, text: label, url }); } } @@ -1316,16 +1521,26 @@ const routes: Route[] = [ // ── Internal API: Root comment update (sidecar → server) ───── { method: "POST", pattern: /^\/api\/internal\/comment$/, auth: "api", internal: true, - handler: async (req, res) => { + handler: async (req, res, _params, { store }) => { let body: any; try { body = JSON.parse(await readBody(req)); } catch { json(res, 400, { error: "invalid JSON" }); return; } - const { status, sections, trackedPRs, otherArtifacts, session } = body; + const { status, sections, trackedPRs, otherArtifacts, session: sidecarSession } = body; const results: string[] = []; + // Enrich session info from the store — sidecar doesn't have Slack/GitHub metadata + const logId = sidecarSession?.log_id || ""; + const storedSession = logId ? store.get(logId) : null; + const session = { ...sidecarSession, ...storedSession }; + + const worktreeId = session?.worktree_id; + const host = session?.host || "claudebox.work"; + const runSeq = session?.log_id?.match(/-(\d+)$/)?.[1] || ""; + const baseUrl = worktreeId ? `https://${host}/s/${worktreeId}${runSeq ? `?run=${runSeq}` : ""}` : ""; + // Build Slack text from sections - const buildSlackTextFromSections = () => { + const buildSlackTextFromSections = (elapsedStr?: string) => { const parts: string[] = []; if (sections?.response) { parts.push(sections.response.length > 600 ? sections.response.slice(0, 600) + "…" : sections.response); @@ -1333,32 +1548,39 @@ const routes: Route[] = [ parts.push(status.length > 600 ? status.slice(0, 600) + "…" : status); } const footer: string[] = []; - const prLinks = (trackedPRs || []).map((pr: any) => `<${pr.url}|#${pr.num}>`); + const prLinks = (trackedPRs || []).map((pr: any) => `<${pr.url}|PR #${pr.num}>`); if (prLinks.length) footer.push(prLinks.join(" ")); - const worktreeId = session?.worktree_id; - const host = session?.host || "claudebox.work"; - if (worktreeId) footer.push(``); + if (baseUrl) footer.push(`<${baseUrl}|status>`); + if (elapsedStr) footer.push(elapsedStr); if (footer.length) parts.push(footer.join(" \u2502 ")); return parts.join("\n"); }; + // Elapsed time since session started + const elapsed = (() => { + const started = session?.started; + if (!started) return ""; + const ms = Date.now() - new Date(started).getTime(); + if (ms < 0) return ""; + const mins = Math.floor(ms / 60000); + if (mins < 1) return "<1m"; + if (mins < 60) return `${mins}m`; + return `${Math.floor(mins / 60)}h${mins % 60}m`; + })(); + // Build GitHub body from sections + const currentSeq = runSeq; const buildGhBodyFromSections = () => { const lines: string[] = []; - const worktreeId = session?.worktree_id; - const host = session?.host || "claudebox.work"; - const logUrl = session?.log_url || ""; - const links: string[] = []; - if (worktreeId) links.push(`[Live status](https://${host}/s/${worktreeId})`); - if (logUrl) links.push(`[Log](${logUrl})`); - if (links.length) lines.push(links.join(" · ")); - if (sections?.status) { lines.push(""); lines.push(`**Status:** ${sections.status}`); } - if (sections?.response) { lines.push(""); lines.push(`**Response:** ${sections.response}`); } + const elapsedSuffix = elapsed ? ` (${elapsed})` : ""; + lines.push(`\u23F3 **Run #${currentSeq || "?"}** — ${sections?.status || status || "running"}${elapsedSuffix}`); + if (baseUrl) lines.push(`[Live status](${baseUrl})`); + if (sections?.response) { lines.push(""); lines.push(sections.response); } const prLines = (trackedPRs || []).map((pr: any) => { const label = pr.action === "created" ? "Created" : "Updated"; - return `- **${label}** [#${pr.num}: ${pr.title}](${pr.url})`; + return `- **${label}** [PR #${pr.num}: ${pr.title}](${pr.url})`; }); - if (prLines.length) { lines.push(""); lines.push("**Pull Requests**"); lines.push(...prLines); } + if (prLines.length) { lines.push(""); lines.push(prLines.join("\n")); } if (otherArtifacts?.length) lines.push(...otherArtifacts); return lines.join("\n"); }; @@ -1367,7 +1589,7 @@ const routes: Route[] = [ if (session?.slack_channel && session?.slack_message_ts) { try { const slackCreds = getHostCreds({ slackChannel: session.slack_channel, slackMessageTs: session.slack_message_ts }); - const d = await slackCreds.slack.updateMessage(buildSlackTextFromSections(), { channel: session.slack_channel, ts: session.slack_message_ts }); + const d = await slackCreds.slack.updateMessage(buildSlackTextFromSections(elapsed), { channel: session.slack_channel, ts: session.slack_message_ts }); results.push(d?.ok ? "Slack updated" : `Slack: ${d?.error || "unknown"}`); } catch (e: any) { results.push(`Slack: ${e.message}`); } } @@ -1387,12 +1609,16 @@ const routes: Route[] = [ // ── Internal API: DM author on completion ───────────────────── { method: "POST", pattern: /^\/api\/internal\/dm$/, auth: "api", internal: true, - handler: async (req, res) => { + handler: async (req, res, _params, { store }) => { let body: any; try { body = JSON.parse(await readBody(req)); } catch { json(res, 400, { error: "invalid JSON" }); return; } - const { status, trackedPRs, session } = body; + const { status, trackedPRs, session: sidecarSession } = body; + // Enrich with stored session data (sidecar lacks Slack metadata) + const logId = sidecarSession?.log_id || ""; + const storedSession = logId ? store.get(logId) : null; + const session = { ...sidecarSession, ...storedSession }; try { const result = await dmAuthor(session, status, trackedPRs); json(res, 200, result); @@ -1430,18 +1656,47 @@ const routes: Route[] = [ try { const { spawnSync } = await import("child_process"); - const { join } = await import("path"); - const repoDir = process.env.CLAUDE_REPO_DIR || join(process.env.HOME || "", "repo"); - const ciSh = join(repoDir, "ci.sh"); - const result = spawnSync("bash", ["-c", `cd "${repoDir}" && "${ciSh}" dlog "${key}"`], { - encoding: "utf-8", timeout: 30_000, stdio: ["pipe", "pipe", "pipe"], + const { gunzipSync } = await import("zlib"); + const redisHost = process.env.CI_REDIS || "localhost"; + + // Direct redis GET — no shell, no ci.sh, no untrusted code + const result = spawnSync("redis-cli", ["--raw", "-h", redisHost, "GET", key], { + timeout: 15_000, maxBuffer: 50 * 1024 * 1024, }); if (result.status !== 0) { - json(res, 502, { error: (result.stderr || "").trim().slice(0, 500) }); + json(res, 502, { error: `redis-cli failed: ${(result.stderr || "").toString().trim().slice(0, 300)}`, key }); + return; + } + + let buf = result.stdout as Buffer; + // redis-cli --raw appends a trailing newline — strip it before length check + if (buf && buf.length > 0 && buf[buf.length - 1] === 0x0a) buf = buf.subarray(0, -1); + + if (!buf || buf.length === 0) { + // Fallback: HTTP log server + const ciPassword = process.env.CI_PASSWORD; + if (ciPassword) { + const resp = await fetch(`http://ci.aztec-labs.com/${key}.txt`, { + headers: { "Authorization": `Basic ${Buffer.from(`aztec:${ciPassword}`).toString("base64")}` }, + }); + if (resp.ok) { + res.writeHead(200, { "Content-Type": "text/plain" }); + res.end(await resp.text()); + return; + } + } + json(res, 404, { error: "Key not found", key }); return; } - // Strip ci.sh startup noise (Slack listener, PID lines) - let output = (result.stdout || "").replace(/^(?:Starting Slack listener\.\.\.\n|Started \(PID \d+\)\n)*/m, ""); + + // Decompress if gzipped (magic bytes 1f 8b) + let output: string; + if (buf[0] === 0x1f && buf[1] === 0x8b) { + output = gunzipSync(buf).toString("utf-8"); + } else { + output = buf.toString("utf-8"); + } + res.writeHead(200, { "Content-Type": "text/plain" }); res.end(output); } catch (e: any) { diff --git a/packages/libclaudebox/mcp/activity.ts b/packages/libclaudebox/mcp/activity.ts index e1e2960..71d3b4b 100644 --- a/packages/libclaudebox/mcp/activity.ts +++ b/packages/libclaudebox/mcp/activity.ts @@ -102,7 +102,7 @@ export function truncateForSlack(text: string, maxLen = 600): string { function buildArtifactsSlack(): string { const prLinks: string[] = []; for (const [num, pr] of trackedPRs) { - prLinks.push(`<${pr.url}|#${num}>`); + prLinks.push(`<${pr.url}|PR #${num}>`); } const lines: string[] = []; if (prLinks.length) lines.push(prLinks.join(" ")); diff --git a/packages/libclaudebox/mcp/build-tools.ts b/packages/libclaudebox/mcp/build-tools.ts new file mode 100644 index 0000000..9bb2468 --- /dev/null +++ b/packages/libclaudebox/mcp/build-tools.ts @@ -0,0 +1,406 @@ +/** + * Build tool registration for MCP sidecars. + * + * Provides `build`, `build_cpp`, and `run_test` tools for building + * aztec-packages via Makefile (next+) or bootstrap.sh fallback (v4). + */ + +import { spawn } from "child_process"; +import { existsSync, readFileSync } from "fs"; +import { join } from "path"; +import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; +import { z } from "zod"; + +import { sanitizeError } from "./helpers.ts"; + +// ── Helpers ───────────────────────────────────────────────────── + +const MAX_OUTPUT = 100_000; +const BUILD_TIMEOUT = 600_000; // 10 min +const CONFIGURE_TIMEOUT = 120_000; // 2 min + +/** Run a command asynchronously, capturing output. */ +function runCmd(cmd: string, args: string[], cwd: string, timeoutMs = BUILD_TIMEOUT): Promise<{ ok: boolean; code: number | null; text: string }> { + return new Promise((resolve) => { + const chunks: string[] = []; + const child = spawn(cmd, args, { cwd, stdio: ["ignore", "pipe", "pipe"] }); + + const timer = setTimeout(() => { child.kill("SIGTERM"); }, timeoutMs); + + child.stdout?.on("data", (d: Buffer) => chunks.push(d.toString())); + child.stderr?.on("data", (d: Buffer) => chunks.push(d.toString())); + + child.on("close", (code) => { + clearTimeout(timer); + let text = chunks.join("").trim(); + if (text.length > MAX_OUTPUT) + text = text.slice(0, MAX_OUTPUT) + "\n\n...(truncated — use write_log for full output)"; + text = sanitizeError(text); + resolve({ ok: code === 0, code, text }); + }); + + child.on("error", (err) => { + clearTimeout(timer); + resolve({ ok: false, code: null, text: sanitizeError(err.message) }); + }); + }); +} + +/** Resolve cmake build directory for a preset by walking CMakePresets.json inheritance. */ +function resolveBuildDir(cppDir: string, preset: string): string { + try { + const presets = JSON.parse(readFileSync(join(cppDir, "CMakePresets.json"), "utf-8")); + const find = (name: string): any => presets.configurePresets?.find((p: any) => p.name === name); + let p = find(preset); + while (p) { + if (p.binaryDir) return join(cppDir, p.binaryDir.replace("${sourceDir}/", "")); + p = p.inherits ? find(Array.isArray(p.inherits) ? p.inherits[0] : p.inherits) : null; + } + } catch {} + return join(cppDir, "build"); +} + +// ── Target → bootstrap.sh fallback (branches without Makefile) ── +// Each entry: [projectPath] or [projectPath, bootstrapFunction] + +const BOOTSTRAP_TARGETS: Record = { + "yarn-project": ["yarn-project"], + "noir": ["noir"], + "l1-contracts": ["l1-contracts"], + "l1-contracts-src": ["l1-contracts", "build_src"], + "l1-contracts-verifier": ["l1-contracts", "build_verifier"], + "noir-projects": ["noir-projects"], + "noir-protocol-circuits": ["noir-projects/noir-protocol-circuits"], + "noir-contracts": ["noir-projects/noir-contracts"], + "mock-protocol-circuits": ["noir-projects/mock-protocol-circuits"], + "aztec-nr": ["noir-projects/aztec-nr"], + "avm-transpiler-native": ["avm-transpiler", "build_native"], + "bb-cpp-native": ["barretenberg/cpp", "build_native"], + "bb-cpp-native-objects": ["barretenberg/cpp", "build_native_objects"], + "bb-cpp-wasm": ["barretenberg/cpp", "build_wasm"], + "bb-cpp-wasm-threads": ["barretenberg/cpp", "build_wasm_threads"], + "bb-ts": ["barretenberg/ts"], + "bb-rs": ["barretenberg/rust"], + "bb-sol": ["barretenberg/sol"], + "bb-crs": ["barretenberg/crs"], + "bb-bbup": ["barretenberg/bbup"], + "bb-docs": ["barretenberg/docs"], + "bb-acir": ["barretenberg/acir_tests"], + "barretenberg": ["barretenberg"], + "boxes": ["boxes"], + "playground": ["playground"], + "docs": ["docs"], + "release-image": ["release-image"], + "aztec-up": ["aztec-up"], +}; + +// ── Tool registration ─────────────────────────────────────────── + +export interface BuildToolConfig { + workspace: string; + /** Path to a repo checkout that has yarn-project/node_modules installed (for prettier). */ + referenceRepo?: string; +} + +/** Format changed files only. Exported so PR hooks can call it. */ +export async function formatChangedFiles(ws: string, referenceRepo?: string): Promise<{ ok: boolean; text: string }> { + const results: string[] = []; + + // Detect which areas have changes + const diff = await runCmd("git", ["diff", "--name-only", "HEAD"], ws, 10_000); + const staged = await runCmd("git", ["diff", "--name-only", "--cached"], ws, 10_000); + const allFiles = (diff.text + "\n" + staged.text).trim(); + if (!allFiles) return { ok: true, text: "No changed files to format." }; + + const files = allFiles.split("\n").filter(Boolean); + const hasYarnProject = files.some(f => f.startsWith("yarn-project/")); + const hasBarretenberg = files.some(f => f.startsWith("barretenberg/cpp/")); + + // ── yarn-project: prettier ── + if (hasYarnProject) { + const tsFiles = files + .filter(f => f.startsWith("yarn-project/") && /\.(ts|js|mjs|cjs|json)$/.test(f)) + .map(f => join(ws, f)) + .filter(f => existsSync(f)); + if (tsFiles.length > 0) { + // Use prettier from the reference repo (has node_modules installed) + const prettierBase = referenceRepo || ws; + const prettierBin = join(prettierBase, "yarn-project/node_modules/.bin/prettier"); + if (existsSync(prettierBin)) { + // Resolve config from reference repo so plugins are found relative to it + const configFile = join(prettierBase, "yarn-project/foundation/.prettierrc.json"); + const args = ["--log-level", "warn", "-w"]; + if (existsSync(configFile)) args.push("--config", configFile); + args.push(...tsFiles); + const r = await runCmd(prettierBin, args, ws, 120_000); + results.push(r.ok + ? `yarn-project: formatted ${tsFiles.length} files` + : `yarn-project: prettier failed (exit ${r.code}): ${r.text.slice(0, 300)}`); + } else { + results.push(`yarn-project: prettier not found at ${prettierBin}, skipping`); + } + } + } + + // ── barretenberg: clang-format ── + if (hasBarretenberg) { + const cppFiles = files + .filter(f => f.startsWith("barretenberg/cpp/") && /\.(cpp|hpp|tcc)$/.test(f)) + .map(f => join(ws, f)) + .filter(f => existsSync(f)); + if (cppFiles.length > 0) { + const formatSh = join(ws, "barretenberg/cpp/format.sh"); + if (existsSync(formatSh)) { + const r = await runCmd(formatSh, ["changed"], join(ws, "barretenberg/cpp"), 120_000); + results.push(r.ok + ? `barretenberg: formatted ${cppFiles.length} C++ files` + : `barretenberg: format.sh failed (exit ${r.code}): ${r.text.slice(0, 300)}`); + } else { + results.push("barretenberg: format.sh not found, skipping"); + } + } + } + + if (results.length === 0) return { ok: true, text: "No formattable files changed." }; + return { ok: true, text: results.join("\n") }; +} + +export function registerBuildTools(server: McpServer, config: BuildToolConfig): void { + const ws = config.workspace; + + // ── build ───────────────────────────────────────────────────── + server.tool("build", + `Build a project. Uses 'make ' when available, falls back to bootstrap.sh on older branches (v4). + +IMPORTANT: Run submodule_update() before your first build — most targets depend on submodules (noir/noir-repo, l1-contracts/lib/*, etc.). + +Aggregate targets: + fast — Full default build (barretenberg + boxes + playground + docs + aztec-up + all tests) + full — fast + bb-full-tests + bb-cpp-full + yarn-project-benches + release — fast + cross-compiled bb binaries + +Barretenberg C++ targets: + bb-cpp-native — Native build (bb + bb-avm binaries) + bb-cpp-native-objects — Just compile objects (no link) + bb-cpp-wasm — WASM single-threaded build + bb-cpp-wasm-threads — WASM multi-threaded build + bb-cpp — All of: native + wasm + wasm-threads + bb-cpp-full — native + wasm + wasm-threads + gcc + smt + fuzzing + bb-cpp-asan — Address sanitizer build + bb-cpp-gcc — GCC build + bb-cpp-smt — SMT solver build + bb-cpp-fuzzing — Fuzzing build + bb-cpp-release-dir — Release directory layout + bb-cpp-cross-* — Cross-compilation (amd64-macos, arm64-macos, arm64-linux, arm64-android, etc.) + +Barretenberg other: + barretenberg — All BB sub-projects (cpp + ts + rs + acir + docs + sol + bbup + crs) + bb-ts — TypeScript bindings + bb-rs — Rust bindings + bb-sol — Solidity verifier + bb-acir — ACIR tests + bb-docs — BB documentation + bb-crs — Common reference string + bb-bbup — BB version manager + +Noir: + noir — Noir compiler + noir-projects — All Noir circuits (protocol + contracts + mock + aztec-nr) + noir-protocol-circuits — Protocol circuits only + noir-contracts — Contract circuits only + mock-protocol-circuits — Mock circuits + aztec-nr — Aztec Noir library + +Other projects: + yarn-project — TS packages (depends on bb-ts, noir-projects, l1-contracts) + l1-contracts — L1 Ethereum contracts (full) + l1-contracts-src — L1 contracts source only (fast, no deps) + l1-contracts-verifier — Verifier contract only + avm-transpiler-native — AVM transpiler native build + playground — Playground app (produces dist/) + boxes — Starter boxes + docs — Documentation site + release-image — Docker release image + aztec-up — aztec-up installer + +Test targets (output test commands, don't run them): + bb-tests, bb-full-tests, bb-cpp-native-tests, bb-cpp-asan-tests, bb-cpp-smt-tests, + bb-cpp-wasm-threads-tests, bb-cpp-wasm-threads-benches, bb-ts-tests, bb-rs-tests, + bb-sol-tests, bb-acir-tests, bb-bbup-tests, bb-docs-tests, + yarn-project-tests, yarn-project-benches, l1-contracts-tests, + boxes-tests, playground-tests, docs-tests, aztec-up-tests, + noir-protocol-circuits-tests, noir-projects-txe-tests, release-image-tests + +Use 'build_cpp' for building individual C++ cmake targets (faster for single binaries/tests).`, + { + target: z.string().regex(/^[a-zA-Z0-9_-]+$/).describe("Build target"), + jobs: z.number().optional().describe("Parallel jobs (-jN)"), + }, + async ({ target, jobs }) => { + if (!existsSync(join(ws, ".git"))) + return { content: [{ type: "text", text: `No repo at ${ws}. Run clone_repo first.` }], isError: true }; + + // Prefer Makefile (next branch+), fall back to bootstrap.sh (v4) + if (!existsSync(join(ws, "Makefile"))) { + const entry = BOOTSTRAP_TARGETS[target]; + if (!entry) { + const known = Object.keys(BOOTSTRAP_TARGETS).join(", "); + return { content: [{ type: "text", text: `No Makefile and no bootstrap mapping for '${target}'. Known: ${known}` }], isError: true }; + } + const [project, func] = entry; + const dir = join(ws, project); + if (!existsSync(join(dir, "bootstrap.sh"))) + return { content: [{ type: "text", text: `No bootstrap.sh at ${project}` }], isError: true }; + + const r = await runCmd("./bootstrap.sh", func ? [func] : [], dir); + return r.ok + ? { content: [{ type: "text", text: `Build '${target}' via ${project}/bootstrap.sh ${func || ""} succeeded.\n${r.text}` }] } + : { content: [{ type: "text", text: `${project}/bootstrap.sh ${func || ""} failed (exit ${r.code}):\n${r.text}` }], isError: true }; + } + + const args = jobs ? [`-j${jobs}`, target] : [target]; + const r = await runCmd("make", args, ws); + return r.ok + ? { content: [{ type: "text", text: `Build '${target}' succeeded.\n${r.text}` }] } + : { content: [{ type: "text", text: `Build '${target}' failed (exit ${r.code}):\n${r.text}` }], isError: true }; + }); + + // ── build_cpp ───────────────────────────────────────────────── + server.tool("build_cpp", + `Build a single C++ cmake target in barretenberg/cpp. Faster than 'build bb-cpp-native'. +Auto-configures cmake on first run. + +Targets: bb, bb-avm, _tests (e.g. ultra_honk_tests), barretenberg, bb-external +Presets: clang20 (default), clang20-no-avm, debug, debug-fast, asan-fast`, + { + target: z.string().regex(/^[a-zA-Z0-9_.-]+$/).describe("CMake target (e.g. 'bb', 'ultra_honk_tests')"), + preset: z.string().regex(/^[a-zA-Z0-9_-]+$/).default("clang20").describe("CMake preset"), + jobs: z.number().optional().describe("Parallel jobs"), + }, + async ({ target, preset, jobs }) => { + if (!existsSync(join(ws, ".git"))) + return { content: [{ type: "text", text: `No repo at ${ws}. Run clone_repo first.` }], isError: true }; + + const cppDir = join(ws, "barretenberg/cpp"); + if (!existsSync(cppDir)) + return { content: [{ type: "text", text: "barretenberg/cpp not found" }], isError: true }; + + const buildDir = resolveBuildDir(cppDir, preset); + + // Configure if no build system generated yet + if (!existsSync(join(buildDir, "build.ninja")) && !existsSync(join(buildDir, "Makefile"))) { + const cfg = await runCmd("cmake", ["--preset", preset], cppDir, CONFIGURE_TIMEOUT); + if (!cfg.ok) + return { content: [{ type: "text", text: `cmake configure failed:\n${cfg.text}` }], isError: true }; + } + + const args = ["--build", "--preset", preset, "--target", target]; + if (jobs) args.push("-j", String(jobs)); + + const r = await runCmd("cmake", args, cppDir); + if (!r.ok) + return { content: [{ type: "text", text: `build_cpp '${target}' failed (exit ${r.code}):\n${r.text}` }], isError: true }; + + const bin = join(buildDir, "bin", target); + const loc = existsSync(bin) ? `\nBinary: ${bin}` : ""; + return { content: [{ type: "text", text: `build_cpp '${target}' (${preset}) succeeded.${loc}\n${r.text}` }] }; + }); + + // ── run_test ────────────────────────────────────────────────── + server.tool("run_test", + `Run a C++ test binary. Build it first with build_cpp. +Example: run_test(binary="ultra_honk_tests", filter="*Basic*")`, + { + binary: z.string().regex(/^[a-zA-Z0-9_.-]+$/).describe("Test binary name"), + filter: z.string().optional().describe("GTest filter (e.g. '*Merkle*')"), + preset: z.string().regex(/^[a-zA-Z0-9_-]+$/).default("clang20").describe("Preset used to build"), + }, + async ({ binary, filter, preset }) => { + if (!existsSync(join(ws, ".git"))) + return { content: [{ type: "text", text: `No repo at ${ws}. Run clone_repo first.` }], isError: true }; + + const buildDir = resolveBuildDir(join(ws, "barretenberg/cpp"), preset); + const bin = join(buildDir, "bin", binary); + if (!existsSync(bin)) + return { content: [{ type: "text", text: `Not found: ${bin}\nBuild first: build_cpp(target="${binary}")` }], isError: true }; + + const args = filter ? [`--gtest_filter=${filter}`] : []; + const r = await runCmd(bin, args, buildDir); + return r.ok + ? { content: [{ type: "text", text: `Test '${binary}' passed.\n${r.text}` }] } + : { content: [{ type: "text", text: `Test '${binary}' failed (exit ${r.code}):\n${r.text}` }], isError: true }; + }); + + // ── yarn_project_format ──────────────────────────────────────── + server.tool("yarn_project_format", + `Format yarn-project TypeScript/JavaScript files with prettier. +Formats only changed files by default, or specific packages if listed.`, + { + packages: z.array(z.string()).optional().describe("Specific packages to format (e.g. ['aztec.js', 'sequencer-client']). Omit to format all changed files."), + }, + async ({ packages }) => { + if (!existsSync(join(ws, ".git"))) + return { content: [{ type: "text", text: `No repo at ${ws}. Run clone_repo first.` }], isError: true }; + + const ypDir = join(ws, "yarn-project"); + if (!existsSync(ypDir)) + return { content: [{ type: "text", text: "yarn-project/ not found" }], isError: true }; + + const prettierBase = config.referenceRepo || ws; + const prettierBin = join(prettierBase, "yarn-project/node_modules/.bin/prettier"); + if (!existsSync(prettierBin)) + return { content: [{ type: "text", text: `prettier not found at ${prettierBin}. Reference repo may not have node_modules installed.` }], isError: true }; + + let files: string[]; + if (packages && packages.length > 0) { + // Format specific packages — find all formattable files + const findArgs = packages.flatMap(p => [join(ypDir, p, "src")]).filter(d => existsSync(d)); + if (findArgs.length === 0) + return { content: [{ type: "text", text: `None of the specified packages have a src/ directory` }], isError: true }; + const found = await runCmd("find", [...findArgs, "-type", "f", "-regex", ".*\\.\\(json\\|js\\|mjs\\|cjs\\|ts\\)$"], ws, 30_000); + files = found.text.split("\n").filter(Boolean); + } else { + // Format only changed files + const diff = await runCmd("git", ["diff", "--name-only", "HEAD"], ws, 10_000); + files = diff.text.split("\n") + .filter(f => f.startsWith("yarn-project/") && /\.(ts|js|mjs|cjs|json)$/.test(f)) + .map(f => join(ws, f)) + .filter(f => existsSync(f)); + } + + if (files.length === 0) + return { content: [{ type: "text", text: "No files to format." }] }; + + const configFile = join(prettierBase, "yarn-project/foundation/.prettierrc.json"); + const args = ["--log-level", "warn", "-w"]; + if (existsSync(configFile)) args.push("--config", configFile); + args.push(...files); + const r = await runCmd(prettierBin, args, ws, 120_000); + return r.ok + ? { content: [{ type: "text", text: `Formatted ${files.length} files.\n${r.text}` }] } + : { content: [{ type: "text", text: `prettier failed (exit ${r.code}):\n${r.text}` }], isError: true }; + }); + + // ── barretenberg_format ──────────────────────────────────────── + server.tool("barretenberg_format", + `Format barretenberg C++ files with clang-format. +Formats changed files by default using barretenberg/cpp/format.sh.`, + { + mode: z.enum(["changed", "staged", "check"]).default("changed") + .describe("'changed' = format changed files, 'staged' = format staged files, 'check' = dry-run check"), + }, + async ({ mode }) => { + if (!existsSync(join(ws, ".git"))) + return { content: [{ type: "text", text: `No repo at ${ws}. Run clone_repo first.` }], isError: true }; + + const cppDir = join(ws, "barretenberg/cpp"); + const formatSh = join(cppDir, "format.sh"); + if (!existsSync(formatSh)) + return { content: [{ type: "text", text: "barretenberg/cpp/format.sh not found" }], isError: true }; + + const r = await runCmd("./format.sh", [mode], cppDir, 120_000); + return r.ok + ? { content: [{ type: "text", text: `barretenberg format (${mode}) succeeded.\n${r.text}` }] } + : { content: [{ type: "text", text: `barretenberg format (${mode}) failed (exit ${r.code}):\n${r.text}` }], isError: true }; + }); +} diff --git a/packages/libclaudebox/mcp/env.ts b/packages/libclaudebox/mcp/env.ts index cf8fffe..5cfd70a 100644 --- a/packages/libclaudebox/mcp/env.ts +++ b/packages/libclaudebox/mcp/env.ts @@ -33,7 +33,10 @@ export function hasScope(name: string): boolean { return _scopes.has(name); } -export const statusPageUrl = WORKTREE_ID ? `https://${CLAUDEBOX_HOST}/s/${WORKTREE_ID}` : ""; +const _runSeq = (process.env.CLAUDEBOX_LOG_ID || "").match(/-(\d+)$/)?.[1] || ""; +export const statusPageUrl = WORKTREE_ID + ? `https://${CLAUDEBOX_HOST}/s/${WORKTREE_ID}${_runSeq ? `?run=${_runSeq}` : ""}` + : ""; // ── Per-session metadata directory ─────────────────────────────── if (WORKTREE_ID) { diff --git a/packages/libclaudebox/mcp/git-tools.ts b/packages/libclaudebox/mcp/git-tools.ts index 3062dd7..5e8ff89 100644 --- a/packages/libclaudebox/mcp/git-tools.ts +++ b/packages/libclaudebox/mcp/git-tools.ts @@ -21,7 +21,9 @@ export function cloneRepoCheckoutAndInit(targetDir: string, ref: string, fallbac execFileSync("git", ["-C", targetDir, "checkout", "--detach", ref], { timeout: 30_000, stdio: "pipe" }); } catch { try { - execFileSync("git", ["-C", targetDir, "fetch", "origin", ref], { timeout: 120_000, stdio: "pipe" }); + // Strip origin/ prefix — it's a local tracking name, not a remote refspec + const fetchRef = ref.replace(/^origin\//, ""); + execFileSync("git", ["-C", targetDir, "fetch", "origin", fetchRef], { timeout: 120_000, stdio: "pipe" }); execFileSync("git", ["-C", targetDir, "checkout", "--detach", "FETCH_HEAD"], { timeout: 30_000, stdio: "pipe" }); } catch { try { @@ -33,7 +35,7 @@ export function cloneRepoCheckoutAndInit(targetDir: string, ref: string, fallbac } } const head = execFileSync("git", ["-C", targetDir, "rev-parse", "--short", "HEAD"], { encoding: "utf-8", timeout: 5_000 }).trim(); - const refNote = checkedOutRef !== ref ? ` (WARNING: ${ref} not found, fell back to ${checkedOutRef})` : ""; + const refNote = checkedOutRef !== ref ? ` (used ${checkedOutRef} — ${ref} not found)` : ""; let submoduleMsg = ""; if (opts?.initSubmodules) { @@ -95,6 +97,46 @@ export async function pushToRemote(workspace: string, repo: string, branch: stri await getCreds().github.pushToRemote(workspace, repo, branch, forcePush); } +// ── Issue tool config + registration ───────────────────────────── + +export interface IssueToolConfig { + /** Tool name, e.g. "aztec_packages_create_issue" */ + name: string; + /** GitHub repo, e.g. "AztecProtocol/aztec-packages" */ + repo: string; + /** Tool description */ + description?: string; + /** Default labels to add */ + defaultLabels?: string[]; +} + +export function registerIssueTools(server: McpServer, configs: IssueToolConfig[]): void { + for (const config of configs) { + const desc = config.description || `Create a GitHub issue in ${config.repo}.`; + server.tool(config.name, desc, + { + title: z.string().describe("Issue title"), + body: z.string().describe("Issue body (Markdown). Use real newlines, not literal \\n."), + labels: z.array(z.string()).optional().describe("Labels to add"), + }, + async ({ title, body: rawBody, labels }) => { + if (!getCreds().github.hasToken) return { content: [{ type: "text", text: "No GitHub access configured" }], isError: true }; + // Unescape literal \n sequences the model sometimes sends + const body = rawBody ? rawBody.replace(/\\n/g, "\n") : rawBody; + try { + const allLabels = [...(config.defaultLabels || []), ...(labels || [])]; + const issue = await getCreds().github.createIssue(config.repo, { + title, body, labels: allLabels.length ? allLabels : undefined, + }); + logActivity("artifact", `Issue #${issue.number}: ${title} — ${issue.html_url}`); + return { content: [{ type: "text", text: `${issue.html_url}\n#${issue.number}` }] }; + } catch (e: any) { + return { content: [{ type: "text", text: `${config.name}: ${sanitizeError(e.message)}` }], isError: true }; + } + }); + } +} + // ── Config interfaces ─────────────────────────────────────────── export interface CloneToolConfig { @@ -120,6 +162,8 @@ export interface PRToolConfig { label?: string; createDescription?: string; updateDescription?: string; + /** If set, runs before staging in create_pr/update_pr. Fails gracefully. */ + formatBeforePush?: () => Promise<{ ok: boolean; text: string }>; } // ── registerCloneRepo ─────────────────────────────────────────── @@ -219,7 +263,7 @@ export function registerGitProxy(server: McpServer, config: { workspace: string } }); - server.tool("submodule_update", "Initialize and update git submodules recursively, optionally to a specific commit.", + server.tool("submodule_update", "Initialize and update all git submodules (shallow, parallel). Optionally target a single submodule. Run this before 'build' — most targets depend on submodules.", { path: z.string().optional().describe("Submodule path (e.g. 'noir/noir-repo'). If omitted, updates all submodules."), commit: z.string().optional().describe("Checkout submodule to this commit/ref after update"), @@ -230,7 +274,7 @@ export function registerGitProxy(server: McpServer, config: { workspace: string return { content: [{ type: "text", text: "No repo at " + workspace }], isError: true }; } try { - const args = ["-C", workspace, "submodule", "update", "--init", "--recursive"]; + const args = ["-C", workspace, "submodule", "update", "--init", "--recursive", "--depth", "1", "--jobs", "8"]; if (path) args.push("--", path); const out = gitWithAuth(args, 300_000); let result = "Submodule" + (path ? " " + path : "s") + " initialized and updated.\n" + out; @@ -275,9 +319,9 @@ export function registerLogTools(server: McpServer, config: { workspace: string } server.tool("read_log", - `Read a CI log by key/hash. Use instead of curling ci.aztec-labs.com or using CI_PASSWORD.`, + `Read a CI log by key/hash. Use instead of using CI_PASSWORD or curling the log server directly.`, { - key: z.string().regex(/^[a-zA-Z0-9._-]+$/).describe("Log key/hash from a ci.aztec-labs.com URL"), + key: z.string().regex(/^[a-zA-Z0-9._-]+$/).describe("Log key/hash from a CI log URL"), tail: z.number().optional().describe("Only return the last N lines"), head: z.number().optional().describe("Only return the first N lines"), }, @@ -293,8 +337,13 @@ export function registerLogTools(server: McpServer, config: { workspace: string headers: { "Authorization": `Bearer ${serverToken}` }, }); if (!resp.ok) { - const err = await resp.text(); - return { content: [{ type: "text", text: `read_log failed: ${err.slice(0, 500)}` }], isError: true }; + const raw = await resp.text(); + let msg: string; + try { + const parsed = JSON.parse(raw); + msg = parsed.error || raw; + } catch { msg = raw; } + return { content: [{ type: "text", text: `read_log failed (HTTP ${resp.status}) for key '${key}': ${msg.slice(0, 800)}` }], isError: true }; } let output = await resp.text(); @@ -320,14 +369,13 @@ export function registerLogTools(server: McpServer, config: { workspace: string }); server.tool("write_log", - `Write content to a CI log (ci.aztec-labs.com). Creates a persistent, shareable log link. + `Write content to a CI log. Creates a persistent, shareable log link. Use this instead of create_gist for: - Build output and CI logs - Large command output - Anything that needs a quick shareable link without creating a GitHub gist -The log is accessible at ci.aztec-labs.com/. Returns the log URL.`, { content: z.string().describe("Content to write to the log"), @@ -357,7 +405,8 @@ Returns the log URL.`, return { content: [{ type: "text", text: `write_log failed (exit ${result.status}): ${err.slice(0, 500)}` }], isError: true }; } - const url = `http://ci.aztec-labs.com/${logKey}`; + const logBase = process.env.CI_LOG_BASE_URL || "https://ci.aztec-labs.com"; + const url = `${logBase}/${logKey}`; logActivity("artifact", `Log: ${url}`); return { content: [{ type: "text", text: `${url}\nKey: ${logKey}` }] }; } catch (e: any) { @@ -372,7 +421,7 @@ export function registerPRTools(server: McpServer, config: PRToolConfig): void { // ── create_pr ── const createSchema: Record = { title: z.string().describe("PR title"), - body: z.string().describe("PR description"), + body: z.string().describe("PR description (Markdown). Use real newlines, not literal \\n."), base: z.string().default(config.defaultBase).describe(`Base branch (default: ${config.defaultBase})`), closes: z.array(z.number()).optional().describe("Issue numbers to close"), force_push: z.boolean().optional().describe("Force-push to the branch"), @@ -384,7 +433,9 @@ export function registerPRTools(server: McpServer, config: PRToolConfig): void { config.createDescription || "Push workspace commits and create a draft PR.", createSchema, async (params: any) => { - const { title, body, closes, force_push, include_claude_files, include_noir_submodule } = params; + const { title, closes, force_push, include_claude_files, include_noir_submodule } = params; + // Unescape literal \n sequences the model sometimes sends (double-escaped in JSON) + const body: string = (params.body || "").replace(/\\n/g, "\n"); let base: string = params.base; if (/^v\d+/.test(base)) base = `backport-to-${base}-staging`; if (!getCreds().github.hasToken) return { content: [{ type: "text", text: "No GitHub access configured" }], isError: true }; @@ -407,6 +458,13 @@ export function registerPRTools(server: McpServer, config: PRToolConfig): void { } try { + if (config.formatBeforePush) { + try { + const fmt = await config.formatBeforePush(); + if (fmt.text) console.log(`[create_pr] format: ${fmt.text}`); + } catch (e: any) { console.error(`[create_pr] format failed (continuing): ${e.message}`); } + } + const branch = `${config.branchPrefix}${workspaceName || SESSION_META.log_id || Date.now()}`; const stage = stageAndCommit(config.workspace, title, { @@ -449,7 +507,7 @@ export function registerPRTools(server: McpServer, config: PRToolConfig): void { pr_number: z.number().describe("PR number"), push: z.boolean().optional().describe("Push current workspace commits to the PR's branch"), title: z.string().optional().describe("New title"), - body: z.string().optional().describe("New body"), + body: z.string().optional().describe("New body (Markdown). Use real newlines, not literal \\n."), base: z.string().optional().describe("New base branch"), state: z.enum(["open", "closed"]).optional().describe("PR state"), force_push: z.boolean().optional(), @@ -461,7 +519,9 @@ export function registerPRTools(server: McpServer, config: PRToolConfig): void { config.updateDescription || "Push workspace commits and/or update an existing PR.", updateSchema, async (params: any) => { - const { pr_number, push, title, body, state, force_push, include_claude_files, include_noir_submodule } = params; + const { pr_number, push, title, state, force_push, include_claude_files, include_noir_submodule } = params; + // Unescape literal \n sequences the model sometimes sends + const body: string | undefined = params.body ? (params.body as string).replace(/\\n/g, "\n") : undefined; let base: string | undefined = params.base; if (base && /^v\d+/.test(base)) base = `backport-to-${base}-staging`; if (!getCreds().github.hasToken) return { content: [{ type: "text", text: "No GitHub access configured" }], isError: true }; @@ -487,6 +547,13 @@ export function registerPRTools(server: McpServer, config: PRToolConfig): void { const branch = prData.head?.ref; if (!branch) return { content: [{ type: "text", text: "Cannot determine PR branch" }], isError: true }; + if (config.formatBeforePush) { + try { + const fmt = await config.formatBeforePush(); + if (fmt.text) console.log(`[update_pr] format: ${fmt.text}`); + } catch (e: any) { console.error(`[update_pr] format failed (continuing): ${e.message}`); } + } + const stage = stageAndCommit(config.workspace, title || `update PR #${pr_number}`, { blockClaudeFiles: config.blockClaudeFiles, includeClaudeFiles: include_claude_files, blockGithubFiles: config.blockGithubFiles, diff --git a/packages/libclaudebox/mcp/tools.ts b/packages/libclaudebox/mcp/tools.ts index 10a6433..24fecf7 100644 --- a/packages/libclaudebox/mcp/tools.ts +++ b/packages/libclaudebox/mcp/tools.ts @@ -51,15 +51,15 @@ export function registerCommonTools(server: McpServer, opts: ProfileOpts): void logActivity("status", status); addProgress("status", status); const results = await updateRootComment(status); - return { content: [{ type: "text", text: results.length ? results.join("\n") : "No channels configured" }] }; + return { content: [{ type: "text", text: results.length ? results.join("\n") : "Status updated" }] }; }); // ── set_workspace_name ───────────────────────────────────────── server.tool("set_workspace_name", - `Set a short, descriptive name for this workspace. Call this early (right after cloning). + `MANDATORY — call immediately after clone_repo. Sets the workspace name used as the git branch name (e.g. "claudebox/" or "audit/") and displayed in the dashboard and Slack. The name should be a concise slug describing the task (2-5 words, lowercase, hyphens). Examples: "fix-flaky-p2p-test", "audit-polynomial-commitment", "add-g0-flag" -The name is used as the git branch name and appears in the dashboard and Slack.`, +If you skip this, branches will have ugly auto-generated IDs instead of meaningful names.`, { name: z.string().describe("Short descriptive slug, e.g. fix-flaky-p2p-test") }, async ({ name }) => { const slug = name.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "").slice(0, 60); @@ -87,24 +87,27 @@ Choose the tag that best describes the work being done.`, server.tool("respond_to_user", `Send your final response to the user. Updates the Slack message inline. You MUST call this before ending. -Your response appears directly in Slack (not quoted). Keep it concise but informative — a few sentences is fine. For detailed analysis, print to stdout and link to the log. +Keep it to 1-3 SHORT sentences. **Never send long explanations** — put details in a gist (create_gist) and link it. ALWAYS reference PRs and issues as full GitHub links (https://github.com/${repo}/pull/123), never just "#123". This makes messages clickable in Slack. PRs you create/update are automatically shown as compact #NNN links — no need to repeat them unless adding context. - GOOD: "Fixed flaky test — race condition in p2p layer. Applied the same pattern from the stdlib fix." -- GOOD: "Found 3 PRs needing manual backport — " +- GOOD: "Reviewed 12 files. Filed 3 issues. Full analysis: " +- BAD: Multi-paragraph explanations (use create_gist instead) - BAD: "Created PR #5678" — not clickable, and PR is already shown -Avoid code blocks and long bullet lists — those belong in the log.`, - { message: z.string().describe(`Concise response. Use full GitHub URLs for PRs/issues (https://github.com/${repo}/pull/123), not #123.`) }, - async ({ message }) => { +No code blocks, bullet lists, or long text — those belong in a gist.`, + { message: z.string().describe(`1-3 sentences max. Use full GitHub URLs. Put long analysis in create_gist.`) }, + async (params) => { + // Unescape literal \n sequences the model sometimes sends + const message = params.message.replace(/\\n/g, "\n"); setRespondToUserCalled(true); logActivity("response", message); addProgress("response", message); const results = await updateRootComment(message); - if (!results.length) results.push("No channels configured — message printed to log only"); + if (!results.length) results.push("Response recorded"); return { content: [{ type: "text", text: results.join("\n") }] }; }); @@ -275,9 +278,10 @@ For writes, use dedicated tools: create_pr, update_pr, create_gist, create_issue return { content: [{ type: "text", text: `A gist was already created this session: ${sessionGistUrl}\nUse update_gist(gist_id="${sessionGistId}", ...) to add or update files instead of creating another gist.` }], isError: true }; } + // Unescape literal \n sequences the model sometimes sends const gistFiles: Record = {}; for (const [name, content] of Object.entries(files)) { - gistFiles[name] = { content }; + gistFiles[name] = { content: content.replace(/\\n/g, "\n") }; } try { @@ -303,9 +307,10 @@ For writes, use dedicated tools: create_pr, update_pr, create_gist, create_issue async ({ gist_id, description, files }) => { if (!hasGhToken()) return { content: [{ type: "text", text: "No GitHub access configured" }], isError: true }; + // Unescape literal \n sequences the model sometimes sends const gistFiles: Record = {}; for (const [name, content] of Object.entries(files)) { - gistFiles[name] = { content }; + gistFiles[name] = { content: content.replace(/\\n/g, "\n") }; } try { diff --git a/packages/libclaudebox/session-streamer.ts b/packages/libclaudebox/session-streamer.ts index 124957d..f9abd0f 100644 --- a/packages/libclaudebox/session-streamer.ts +++ b/packages/libclaudebox/session-streamer.ts @@ -90,6 +90,11 @@ export class SessionStreamer { private stopped = false; private cacheLogBin: string; private denoiseScript: string; + // Track tool_use IDs already written to activity.jsonl to prevent duplicates + // from cumulative progress events + final assistant events + private seenToolUseIds = new Set(); + // Directory for the current main session's subagents (set in start()) + private mainSessionDir = ""; constructor(opts: StreamerOpts) { this.opts = opts; @@ -142,6 +147,10 @@ export class SessionStreamer { if (msg.type === "assistant" && Array.isArray(msg.message?.content)) { for (const item of msg.message.content) { if (item.type === "tool_use") { + // Deduplicate — progress events are cumulative, so the same tool_use + // appears in multiple progress events and again in the final assistant event + if (item.id && this.seenToolUseIds.has(item.id)) continue; + if (item.id) this.seenToolUseIds.add(item.id); const name = item.name ?? "?"; const inp = item.input ?? {}; const desc = inp.description ?? inp.command ?? inp.file_path ?? inp.pattern ?? ""; @@ -203,13 +212,21 @@ export class SessionStreamer { } if (it === "text" && item.text?.trim()) { - if (!isSubagent) { - this.writeActivity("context", item.text.trim()); + const trimmed = item.text.trim(); + // Filter out boilerplate non-responses from Claude + const isBoilerplate = /^No response requested\.?$/i.test(trimmed); + if (!isSubagent && !isBoilerplate) { + this.writeActivity("context", trimmed); } - this.emit(`CLAUDE: ${item.text}`); + if (!isBoilerplate) this.emit(`CLAUDE: ${item.text}`); } if (it === "tool_use") { + // Deduplicate — same tool_use appears in progress events (cumulative) + // and then again in the final assistant event + if (item.id && this.seenToolUseIds.has(item.id)) continue; + if (item.id) this.seenToolUseIds.add(item.id); + const name = item.name ?? "?"; const inp = item.input ?? {}; @@ -254,7 +271,7 @@ export class SessionStreamer { w("tool_use", `Grep ${trunc(inp.pattern || "", 60)} ${path}`); } else if (["Read", "Glob"].includes(name)) { const target = inp.file_path || inp.pattern || inp.path || ""; - w("tool_use", `${name} ${trunc(target, 80)}`); + w("tool_use", `${name} ${trunc(target, 200)}`); } else if (["Edit", "Write"].includes(name)) { w("tool_use", `${name} ${inp.file_path || ""}`); } else if (name === "ToolSearch") { @@ -262,7 +279,7 @@ export class SessionStreamer { } else if (name.startsWith("mcp__claudebox__")) { const short = name.replace("mcp__claudebox__", ""); const args = Object.entries(inp).filter(([_, v]) => v !== undefined && v !== "").map(([k, v]) => { - const s = String(v); + const s = typeof v === "object" ? JSON.stringify(v) : String(v); return `${k}=${s.length > 60 ? s.slice(0, 60) + "…" : s}`; }).join(" "); w("tool_use", `${short}${args ? " " + args : ""}`); @@ -324,6 +341,11 @@ export class SessionStreamer { this.emit(`━━━ Claude Session Output ━━━`); + // Track the main session's UUID directory for scoped subagent discovery + // e.g. /projects/c0356fe6-e688-4a6f-a0b7-b558a7b03e0b.jsonl → UUID = c0356fe6-... + const mainSessionId = basename(jsonlPath, ".jsonl"); + this.mainSessionDir = join(projectDir, mainSessionId); + const mainTailer = new JsonlTailer(jsonlPath, "", (d) => this.processEntry(d, false)); this.tailers.set(jsonlPath, mainTailer); mainTailer.drain(); @@ -369,10 +391,12 @@ export class SessionStreamer { } private discoverNewFiles(): void { - const { projectDir } = this.opts; - if (!existsSync(projectDir)) return; + // Only discover subagent JSONL files within the current session's directory. + // Without this, old session JSONL files would be re-processed on every run, + // duplicating all activity entries from previous runs. + if (!this.mainSessionDir || !existsSync(this.mainSessionDir)) return; - for (const f of findAllJsonl(projectDir)) { + for (const f of findAllJsonl(this.mainSessionDir)) { if (this.tailers.has(f)) continue; const isSubagent = f.includes("/subagents/"); const label = isSubagent diff --git a/packages/libclaudebox/slack/handlers.ts b/packages/libclaudebox/slack/handlers.ts index f242c65..61b03c8 100644 --- a/packages/libclaudebox/slack/handlers.ts +++ b/packages/libclaudebox/slack/handlers.ts @@ -96,6 +96,12 @@ export function registerSlackHandlers(app: App, store: WorktreeStore, docker: Do // ── @mention in channels ────────────────────────────────────── app.event("app_mention", async ({ event, client, say }) => { + // Ignore messages from bots/apps (including our own) + if ((event as any).bot_id || (event as any).subtype) { + console.log(`[MENTION] Ignoring bot/subtype message: bot_id=${(event as any).bot_id || "none"} subtype=${(event as any).subtype || "none"}`); + return; + } + const channel = event.channel; const text = event.text ?? ""; const isReply = !!(event as any).thread_ts; diff --git a/packages/libclaudebox/slack/helpers.ts b/packages/libclaudebox/slack/helpers.ts index 6cab876..7907240 100644 --- a/packages/libclaudebox/slack/helpers.ts +++ b/packages/libclaudebox/slack/helpers.ts @@ -61,10 +61,10 @@ function extractArtifactLinks(artifacts: { text: string }[]): string[] { seenUrls.add(url); const prMatch = url.match(/\/pull\/(\d+)/); - if (prMatch) { linkParts.push(`<${url}|#${prMatch[1]}>`); continue; } + if (prMatch) { linkParts.push(`<${url}|PR #${prMatch[1]}>`); continue; } if (url.includes("gist.github")) { linkParts.push(`<${url}|gist>`); continue; } const issueMatch = url.match(/\/issues\/(\d+)/); - if (issueMatch) { linkParts.push(`<${url}|#${issueMatch[1]}>`); continue; } + if (issueMatch) { linkParts.push(`<${url}|Issue #${issueMatch[1]}>`); continue; } linkParts.push(`<${url}|link>`); } return linkParts; @@ -95,10 +95,26 @@ export function buildSlackStatusFromActivity( const artifacts = activity.filter(a => a.type === "artifact" && (!currentLogId || !a.log_id || a.log_id === currentLogId)); const linkParts = extractArtifactLinks(artifacts); - // Footer: artifacts + status link + status + // Footer: artifacts + status link + elapsed + status const footer: string[] = []; if (linkParts.length) footer.push(linkParts.join(" \u2022 ")); - if (worktreeId) footer.push(`<${sessionUrl(worktreeId)}|status>`); + // Status link — include ?run=N when we know the run sequence + if (worktreeId) { + const seq = logId?.match(/-(\d+)$/)?.[1]; + const url = sessionUrl(worktreeId) + (seq ? `?run=${seq}` : ""); + footer.push(`<${url}|status>`); + } + // Elapsed time scoped to current run (not entire worktree lifetime) + const runActivity = currentLogId ? activity.filter(a => a.log_id === currentLogId) : activity; + const firstTs = runActivity.length > 0 ? runActivity[0].ts : ""; + if (firstTs) { + const ms = Date.now() - new Date(firstTs).getTime(); + if (ms > 0) { + const mins = Math.floor(ms / 60000); + const elapsed = mins < 1 ? "<1m" : mins < 60 ? `${mins}m` : `${Math.floor(mins / 60)}h${mins % 60}m`; + footer.push(elapsed); + } + } footer.push(`_${status}_`); parts.push(footer.join(" \u2502 ")); diff --git a/packages/libclaudebox/worktree-store.ts b/packages/libclaudebox/worktree-store.ts index 0e0fbf9..bb1b6fa 100644 --- a/packages/libclaudebox/worktree-store.ts +++ b/packages/libclaudebox/worktree-store.ts @@ -97,18 +97,40 @@ export class WorktreeStore { /** List all sessions, newest first. */ listAll(): RunMeta[] { - if (!existsSync(this.sessionsDir)) return []; - return readdirSync(this.sessionsDir) - .filter(f => f.endsWith(".json")) - .map(f => { + const results: RunMeta[] = []; + const seen = new Set(); + + // Read from primary sessions dir (flat .json files) + if (existsSync(this.sessionsDir)) { + for (const f of readdirSync(this.sessionsDir)) { + if (!f.endsWith(".json")) continue; try { const s: RunMeta = JSON.parse(readFileSync(join(this.sessionsDir, f), "utf-8")); s._log_id = basename(f, ".json"); - return s; - } catch { return null; } - }) - .filter((s): s is RunMeta => s !== null) - .sort((a, b) => (b.started || "").localeCompare(a.started || "")); + seen.add(s._log_id); + results.push(s); + } catch {} + } + } + + // Read legacy subdirectory format (/meta.json) in same sessions dir + if (existsSync(this.sessionsDir)) { + for (const d of readdirSync(this.sessionsDir)) { + const metaPath = join(this.sessionsDir, d, "meta.json"); + if (!existsSync(metaPath)) continue; + try { + const s: RunMeta = JSON.parse(readFileSync(metaPath, "utf-8")); + const logId = s._log_id || s.log_id || `${d}-1`; + if (seen.has(logId)) continue; + s._log_id = logId; + if (!s.worktree_id) s.worktree_id = d; + seen.add(logId); + results.push(s); + } catch {} + } + } + + return results.sort((a, b) => (b.started || "").localeCompare(a.started || "")); } /** List all sessions for a given worktree_id, newest first. */ @@ -524,6 +546,9 @@ export class WorktreeStore { const startedMs = meta.started ? new Date(meta.started).getTime() : 0; if (startedMs && Date.now() - startedMs < 2 * 60_000) continue; + // Skip sessions being monitored by recovery — they have their own exit handler + if (docker.isRecovered(logId)) continue; + const containerName = meta.container; if (!containerName) { meta.status = "cancelled"; diff --git a/packages/libcreds/github.ts b/packages/libcreds/github.ts index dbc8d68..6bf2651 100644 --- a/packages/libcreds/github.ts +++ b/packages/libcreds/github.ts @@ -205,6 +205,11 @@ export class GitHubClient { return this.ghJson(`repos/${repo}/issues/${issueNumber}/labels`, { method: "POST", body: { labels } }); } + async removeLabel(repo: string, issueNumber: number, label: string): Promise { + audit("github", "write", `DELETE repos/${repo}/issues/${issueNumber}/labels/${label}`, true); + await this.ghFetch(`repos/${repo}/issues/${issueNumber}/labels/${encodeURIComponent(label)}`, { method: "DELETE" }); + } + async createLabel(repo: string, opts: { name: string; color: string; description?: string }): Promise { audit("github", "write", `POST repos/${repo}/labels`, true); return this.ghJson(`repos/${repo}/labels`, { method: "POST", body: opts }); diff --git a/profiles/barretenberg-audit/CLAUDE.md b/profiles/barretenberg-audit/CLAUDE.md index d7fef1a..a65469b 100644 --- a/profiles/barretenberg-audit/CLAUDE.md +++ b/profiles/barretenberg-audit/CLAUDE.md @@ -1,7 +1,9 @@ You are ClaudeBox (Audit Mode), an automated security auditor in a Docker container. You have no interactive user — work autonomously. -**YOUR VERY FIRST ACTION must be `clone_repo`.** The workspace is EMPTY — no repo, no files, no git. Every other tool will fail until you clone. Do not run Bash, Read, Glob, Grep, git, or ls first. Call `clone_repo` immediately. +**ALWAYS call `session_status` as your very first action** — post what you're about to do. The user sees nothing until you call this. + +**Then call `clone_repo` immediately.** The workspace is EMPTY — no repo, no files, no git. Every other tool will fail until you clone. Do not run Bash, Read, Glob, Grep, git, or ls first. Call `clone_repo` immediately. ## Scope @@ -34,7 +36,7 @@ The skills load PRINCIPLES.md (known bug classes) and CRITERIA.md (code quality ## Branches - **`origin/next`** — default branch, aligned with upstream. Has phase 0 audit workflows. -- **`origin/claude-audit-phase0`** — archive of 79 commits of prior audit work: Lean4 formal proofs (Sumcheck, Gemini, ECCVM, UltraHonk, field arithmetic, Solidity verifier), audit skills, C++ findings (P1–P21), meta-issue tracking. +- **`origin/claude-audit-phase0`** — archive of 79 commits of prior audit work: Lean4 formal proofs (Sumcheck, Gemini, ECCVM, UltraHonk, field arithmetic, Solidity verifier), audit skills, C++ findings (P1–P21). If your task references phase0, Lean4 proofs, or continuing prior audit work, clone at `origin/claude-audit-phase0`. @@ -68,24 +70,35 @@ If your task references phase0, Lean4 proofs, or continuing prior audit work, cl | `create_pr` | Push changes and create a draft PR (for fixes) | | `update_pr` | Push to / modify existing PRs | | `create_external_pr` | Push changes and create a draft PR on **upstream** `AztecProtocol/barretenberg` (requires `create-external-pr` scope) | -| `read_log` | Read a CI log by key/hash. Use instead of curling ci.aztec-labs.com or CI_PASSWORD. | +| `read_log` | Read a CI log by key/hash. Use instead of CI_PASSWORD or curling CI directly. | | `write_log` | Write content to a CI log — lightweight alternative to create_gist for build output. | | `create_gist` | Create a gist (one per session, then use update_gist) | | `update_gist` | Add/update files in an existing gist | | `list_gists` | List all audit gists — review prior session summaries | | `read_gist` | Read full gist content by ID or URL | -| `update_meta_issue` | Create/update a meta-issue tracking session or module audit progress | | `ci_failures` | CI status for a PR | | `audit_history` | **Call early** — get prior audit coverage and where to focus | | `record_stat` | Record structured data (`audit_file_review` per file, `audit_summary` per session) | `github_api` is GET-only. Whitelisted reads (scoped to `AztecProtocol/barretenberg-claude`): pulls, issues, actions, contents, commits, branches, labels, search. For writes use dedicated tools: `create_issue`, `close_issue`, `create_pr`, `update_pr`, `add_log_link`, `create_gist`, `create_audit_label`. +### Formatting for GitHub (PRs, issues, gists, comments) + +All `body` and `files` parameters are posted to GitHub as Markdown. Use **real newlines** in your strings — never literal `\n` escape sequences. GitHub renders Markdown, so use proper formatting. + ### `create_issue` — for audit findings: ``` create_issue( title="[AUDIT] Buffer overflow in polynomial evaluation", - body="## Finding\n\nIn `barretenberg/cpp/src/...`, the function ...\n\n## Severity\nHigh\n\n## Impact\n...", + body="## Finding + +In `barretenberg/cpp/src/...`, the function ... + +## Severity +High + +## Impact +...", labels=["audit-finding", "area/crypto"], quality_dimension="crypto", severity="high", @@ -95,16 +108,16 @@ create_issue( ### Workflow: 1. `clone_repo` — **FIRST** — check out the target ref (nothing works without this) -2. `get_context` — get session metadata -3. `audit_history` — **review prior work** to avoid re-covering ground and focus on gaps -4. `session_status` — report progress frequently -5. **Invoke the appropriate skill** — `/audit-module` or `/review-code-quality` (see Skills above) -6. `record_stat` — record each file reviewed with `audit_file_review` schema -7. `create_issue` — file each finding with severity, impact, and reproduction details -8. `add_log_link` — cross-reference related issues to this session -9. `create_gist` — create a summary gist (use `update_gist` if you need to add more files) -10. `record_stat` — record `audit_summary` with the gist URL -11. `update_meta_issue` — create session meta-issue linking all artifacts +2. `set_workspace_name` — **immediately after cloning** — short slug describing this audit (e.g. "audit-ecc-curves", "review-sumcheck-verifier") +3. `get_context` — get session metadata +4. `session_status("Cloned, reviewing prior audit work...")` — **post status immediately and after every major step** +5. `audit_history` — **review prior work** to avoid re-covering ground and focus on gaps +6. **Invoke the appropriate skill** — `/audit-module` or `/review-code-quality` (see Skills above) +7. `record_stat` — record each file reviewed with `audit_file_review` schema +8. `create_issue` — file each finding with severity, impact, and reproduction details +9. `add_log_link` — cross-reference related issues to this session +10. `create_gist` — create a summary gist (use `update_gist` if you need to add more files) +11. `record_stat` — record `audit_summary` with the gist URL 12. **Mandatory review** — see below 13. **`respond_to_user`** — final summary (REQUIRED, 1-2 sentences + gist link) @@ -188,47 +201,99 @@ record_stat(schema="audit_summary", data={ }) ``` -### Meta-issues — `update_meta_issue` +### Mandatory review before finishing + +Before calling `respond_to_user`, you MUST: + +1. **Check your findings** — verify each issue filed has severity, impact, and area labels +2. **Cross-reference** — if your work relates to existing issues, `add_log_link` them +3. **Create summary gist** — detailed findings, file coverage table, open questions (see above) +4. **`record_stat`** — record `audit_summary` with gist URL +5. **`respond_to_user`** — final 1-2 sentence summary + link to gist + +This review is NOT optional. Skipping it means the audit trail is incomplete. + +## Formal Verification Tools -Meta-issues are terse tracking issues. See **#77** for the gold-standard format. You compose the full markdown body. +The container includes tools for formally verifying assembly and proving mathematical properties. -**Two scopes:** -- **`session`** — created at session end. Label: `meta/session/`. -- **`module`** — cross-session tracker (e.g. `ecc`). Label: `meta/module/`. Updated incrementally. +### CryptoLine — Assembly Verification -**Format** (match #77): -- Status line (1 sentence) -- Findings table: `| # | Severity | Title |` -- Session gists table: `| Session | Scope | Gist |` -- Fix PRs table: `| # | Description |` -- Coverage table: `| File | Lines | Crypto | Code |` -- Next steps (prioritized numbered list) +CryptoLine verifies x86-64 inline assembly by checking two properties: +1. **Algebraic correctness** (via Singular CAS): the assembly computes the right mathematical function +2. **Range safety** (via Z3 SMT): no intermediate value overflows its register width -**Module meta-issues**: Read the existing issue body first (`github_api`), merge your new findings into it, then call `update_meta_issue` with the combined body. Don't lose prior entries. +Use CryptoLine to verify the inline assembly macros in `barretenberg/cpp/src/barretenberg/ecc/fields/asm_macros.hpp` — Montgomery multiplication, reduction, field addition/subtraction. -**Working from a meta-issue context**: When asked to continue from a meta-issue, `read_gist` the linked gists and review linked issues before starting work. The "Next steps" section tells you where to focus. +**Installed tools:** +- `cv` — CryptoLine verifier (runs both algebraic and range checks) +- `cas` — CAS bridge (Singular backend) +- `z3` — SMT solver +**Workflow:** +1. Extract the assembly from the C++ macro (e.g., `SQR`, `MUL`, `REDUCE`) +2. Write a `.cl` CryptoLine spec with: + - `proc main` block declaring input/output variables + - Assembly translated to CryptoLine instructions (`mul`, `adds`, `adcs`, `mov`, `assert`) + - Preconditions (`pre`) and postconditions (`post`) expressing the mathematical property +3. Run: `cv spec.cl` — verifies both algebraic and range properties + +**CryptoLine instruction reference (x86-64 mapping):** ``` -update_meta_issue( - scope="module", - module_name="solidity-verifier", - title="[AUDIT META] Solidity Honk Verifier — Tracking Issue", - body="## Module: `barretenberg/sol/` — Optimized Solidity Honk Verifier\n\n**Status**: Initial audit complete. No critical/high findings.\n\n### Findings\n\n| # | Severity | Title |\n|---|----------|-------|\n| #76 | Low | Fr.sol `neg(0)` returns non-canonical MODULUS |\n\n### Next Steps\n\n1. Audit `BaseHonkVerifier.sol`\n2. crypto-2nd-pass on template" -) +mov dest src # movq +mul dest_hi dest_lo a b # mulxq (BMI2) +adds dest a b # addq (sets carry) +adcs dest a b # adcq (uses + sets carry) +subb dest a b # subq (sets borrow) +sbbs dest a b # sbbq (uses + sets borrow) +cmov dest src flag # cmovq +assert true && ... # algebraic assertion +assume ... # precondition ``` -### Mandatory review before finishing +**Example (Montgomery reduction step):** +```cryptoline +proc main(uint64 r0, uint64 r1, uint64 r2, uint64 r3, uint64 k) = + (* Compute reduction quotient *) + mul tmp q r0 k; + (* Multiply quotient by modulus and add *) + mul h l q p0; + adds carry r0 r0 l; + ... + (* Post: result < 2*p *) + assert true && ... +``` -Before calling `respond_to_user`, you MUST: +**CryptoLine source & docs:** `/opt/cryptoline/` and https://github.com/fmlab-iis/cryptoline -1. **Check your findings** — verify each issue filed has severity, impact, and area labels -2. **Cross-reference** — if your work relates to existing issues, `add_log_link` them -3. **Create summary gist** — detailed findings, file coverage table, open questions (see above) -4. **`record_stat`** — record `audit_summary` with gist URL -5. **`update_meta_issue`** — create a session meta-issue linking all artifacts + executive summary + next recommendation -6. **`respond_to_user`** — final 1-2 sentence summary + link to gist +**Key assembly macros to verify:** +- `SQR` / `MUL` — field multiplication (with ADX dual-carry `adcx`/`adox` variants) +- `REDUCE` — Montgomery reduction +- `ADD` / `SUB` — field addition/subtraction with conditional reduction +- `asm_macros.hpp` lines 1-900 contain all critical assembly -This review is NOT optional. Skipping it means the audit trail is incomplete. +### Lean4 — Mathematical Proofs + +Lean4 is available for proving mathematical properties of the cryptographic constructions. + +**Installed tools:** +- `lean` / `lake` — Lean4 compiler and build system (via elan at `/opt/elan/bin/`) +- mathlib4 pre-cloned at `/opt/mathlib4` (use as a local reference to avoid re-downloading) + +**Setup for a Lean project:** +```bash +# In your lakefile.lean, point mathlib to the local clone: +# Or let lake fetch it (slow first time, ~20min) +lake build +``` + +**Use Lean4 for:** +- Proving field arithmetic identities (Montgomery form equivalence, reduction correctness) +- Proving protocol-level properties (Sumcheck, Gemini binding, ECCVM soundness) +- Formalizing curve parameter validation +- Verifying polynomial commitment scheme properties + +**Existing Lean4 work:** Check `barretenberg/lean/` in the `origin/claude-audit-phase0` branch for prior formal proofs (Sumcheck, Gemini, field arithmetic). ## Tips diff --git a/profiles/barretenberg-audit/Dockerfile b/profiles/barretenberg-audit/Dockerfile new file mode 100644 index 0000000..63e36ff --- /dev/null +++ b/profiles/barretenberg-audit/Dockerfile @@ -0,0 +1,80 @@ +# Barretenberg Audit Image — extends devbox with formal verification tools. +# +# Tools added: +# - OCaml + dune (CryptoLine build system) +# - Singular (free CAS backend for CryptoLine) +# - Z3 (SMT solver), Boolector (SMT) +# - ABC (equivalence checker for CryptoLine) +# - APRON + mlgmpidl (abstract interpretation for CryptoLine) +# - CryptoLine (assembly verification: github.com/fmlab-iis/cryptoline) +# - Lean4 via elan + mathlib4 +# +# Build: +# docker build -t audit-devbox:latest -f profiles/barretenberg-audit/Dockerfile . +# +ARG BASE_IMAGE=aztecprotocol/devbox:3.0 +FROM ${BASE_IMAGE} + +USER root +SHELL ["/bin/bash", "-l", "-c"] + +# ── System packages ───────────────────────────────────────────── +RUN apt-get update && apt-get install -y --no-install-recommends \ + # OCaml toolchain + dune build system + ocaml ocaml-dune camlidl \ + # OCaml libraries (CryptoLine deps) + libzarith-ocaml-dev liblwt-ocaml-dev libppx-optcomp-ocaml-dev \ + libbigarray-compat-ocaml-dev \ + # CAS + SMT + singular z3 \ + # C build deps for APRON/mlgmpidl/abc/CryptoLine + libgmp-dev libmpfr-dev libppl-dev libglpk-dev libflint-dev \ + libmpc-dev libreadline-dev pkg-config cmake bc \ + # Python deps for CryptoLine MIP solvers + python3-venv \ + && rm -rf /var/lib/apt/lists/* + +# ── ABC (equivalence checker) ─────────────────────────────────── +RUN git clone --depth 1 https://github.com/berkeley-abc/abc.git /tmp/abc \ + && cd /tmp/abc && make -j$(nproc) \ + && install -m 755 -s abc /usr/local/bin/ \ + && cd / && rm -rf /tmp/abc + +# ── mlgmpidl + APRON (abstract interpretation for CryptoLine) ─── +RUN git clone --depth 1 --branch 1.3.0 https://github.com/nberth/mlgmpidl.git /tmp/mlgmpidl \ + && cd /tmp/mlgmpidl && ./configure && make && make install \ + && cd / && rm -rf /tmp/mlgmpidl + +RUN git clone --depth 1 https://github.com/antoinemine/apron.git /tmp/apron \ + && cd /tmp/apron && ./configure && make && make install \ + && cd / && rm -rf /tmp/apron + +# ── CryptoLine ────────────────────────────────────────────────── +RUN git clone --depth 1 https://github.com/fmlab-iis/cryptoline.git /opt/cryptoline \ + && cd /opt/cryptoline \ + && APRON_DIR=$(ocamlfind query apron)/.. \ + && mkdir -p $APRON_DIR/camlidl/caml \ + && cp $(ocamlc -where)/com.* $APRON_DIR/camlidl/ \ + && cp $(ocamlc -where)/libcamlidl.a $APRON_DIR/camlidl/ \ + && cp $(ocamlc -where)/caml/camlidlruntime.h $APRON_DIR/camlidl/caml/ \ + && cp $(ocamlc -where)/METAS/META.camlidl $APRON_DIR/camlidl/META \ + && export OCAMLPATH=$APRON_DIR \ + && dune build && dune install --prefix /usr/local \ + && ./scripts/install-boolector.sh + +# Persist OCAMLPATH for CryptoLine's apron bindings +RUN echo "export OCAMLPATH=$(ocamlfind query apron)/.." >> /etc/zsh/zshenv \ + && echo "export OCAMLPATH=$(ocamlfind query apron)/.." >> /etc/bash.bashrc + +# ── Lean4 via elan (latest stable) ────────────────────────────── +ENV ELAN_HOME=/opt/elan +ENV PATH="/opt/elan/bin:${PATH}" +RUN curl -sSf https://raw.githubusercontent.com/leanprover/elan/master/elan-init.sh \ + | sh -s -- -y --no-modify-path --default-toolchain stable \ + && chmod -R a+rwx /opt/elan + +# ── Pre-fetch mathlib4 (large, cache in image) ────────────────── +RUN git clone https://github.com/leanprover-community/mathlib4.git /opt/mathlib4 + +# Reset to non-root +USER aztec-dev diff --git a/profiles/barretenberg-audit/mcp-sidecar.ts b/profiles/barretenberg-audit/mcp-sidecar.ts index 62b1673..15894a5 100755 --- a/profiles/barretenberg-audit/mcp-sidecar.ts +++ b/profiles/barretenberg-audit/mcp-sidecar.ts @@ -401,58 +401,6 @@ crypto-2nd-pass is ONLY valid when a DIFFERENT session already reviewed the file } }); - // ── update_meta_issue ────────────────────────────────────────── - server.tool("update_meta_issue", - `Create or update an audit tracking meta-issue. The body you provide is used verbatim — you compose the full markdown. - -Two scopes: -- **session**: Tracks THIS session's work. Label: meta/session/. -- **module**: Cross-session tracker for a module. Label: meta/module/. Updated incrementally. - -For module meta-issues: read the existing issue body first (via github_api), merge your new findings, then call this with the combined body. - -See issue #77 for the gold-standard format — tables for findings, gists, PRs, coverage; terse status line; prioritized next steps.`, - { - scope: z.enum(["session", "module"]).describe("session = this session; module = cross-session module tracker"), - module_name: z.string().optional().describe("Required for scope=module. e.g. 'ecc', 'solidity-verifier'"), - title: z.string().describe("Issue title, e.g. '[AUDIT META] ECC Module — Tracking Issue'"), - body: z.string().describe("Full issue body (Markdown). You compose this — include findings table, gist links, coverage, next steps."), - labels: z.array(z.string()).optional().describe("Extra labels beyond the auto-applied meta label"), - }, - async ({ scope, module_name, title, body, labels }) => { - if (scope === "module" && !module_name) return { content: [{ type: "text", text: "module_name required for scope=module" }], isError: true }; - - const creds = getCreds(); - const metaLabel = scope === "session" - ? `meta/session/${SESSION_META.log_id || WORKTREE_ID}` - : `meta/module/${module_name}`; - - try { - await Promise.all([ - creds.github.createLabel(REPO, { name: metaLabel, color: scope === "session" ? "0e8a16" : "1d76db", description: "Audit meta-issue" }).catch(() => {}), - creds.github.createLabel(REPO, { name: "meta-issue", color: "c5def5", description: "Audit meta-issue" }).catch(() => {}), - ]); - - const allLabels = [metaLabel, "meta-issue", ...(labels || [])]; - const existing = await creds.github.listIssues(REPO, { labels: metaLabel, state: "open", per_page: "1" }); - - if (existing.length && existing[0]?.number) { - const num = existing[0].number; - await creds.github.updateIssue(REPO, num, { title, body }); - logActivity("artifact", `Updated meta #${num} — ${existing[0].html_url}`); - return { content: [{ type: "text", text: `Updated #${num}: ${existing[0].html_url}` }] }; - } else { - const issue = await creds.github.createIssue(REPO, { title, body, labels: allLabels }); - logActivity("artifact", `Created meta #${issue.number} — ${issue.html_url}`); - otherArtifacts.push(`- [Meta #${issue.number}](${issue.html_url})`); - await updateRootComment(); - return { content: [{ type: "text", text: `Created #${issue.number}: ${issue.html_url}` }] }; - } - } catch (e: any) { - return { content: [{ type: "text", text: `update_meta_issue: ${sanitizeError(e.message)}` }], isError: true }; - } - }); - // ── create_external_pr — push to upstream barretenberg ────────── server.tool("create_external_pr", `Create a PR on the UPSTREAM repo (AztecProtocol/barretenberg), not the audit fork. diff --git a/profiles/barretenberg-audit/plugin.ts b/profiles/barretenberg-audit/plugin.ts index 012cd10..d4ef351 100644 --- a/profiles/barretenberg-audit/plugin.ts +++ b/profiles/barretenberg-audit/plugin.ts @@ -18,6 +18,7 @@ const plugin: Profile = { name: "barretenberg-audit", docker: { + image: "audit-devbox:latest", extraEnv: ["CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1"], }, diff --git a/profiles/claudebox-dev/CLAUDE.md b/profiles/claudebox-dev/CLAUDE.md index 0029689..70fcd40 100644 --- a/profiles/claudebox-dev/CLAUDE.md +++ b/profiles/claudebox-dev/CLAUDE.md @@ -1,7 +1,9 @@ You are ClaudeBox (Dev Mode), an automated assistant working on ClaudeBox infrastructure itself. You have no interactive user — work autonomously. -**YOUR VERY FIRST ACTION must be `clone_repo`.** The workspace is EMPTY — no repo, no files, no git. Every other tool will fail until you clone. Do not run Bash, Read, Glob, Grep, git, or ls first. Call `clone_repo` immediately. +**ALWAYS call `session_status` as your very first action** — post what you're about to do. The user sees nothing until you call this. + +**Then call `clone_repo` immediately.** The workspace is EMPTY — no repo, no files, no git. Every other tool will fail until you clone. Do not run Bash, Read, Glob, Grep, git, or ls first. Call `clone_repo` immediately. ## Scope @@ -61,6 +63,10 @@ push_branch() # pushes current commits to main push_branch(branch="my-feature") # pushes to a custom branch ``` +### Formatting for GitHub (PRs, issues, gists) + +All `body` and `files` parameters are posted to GitHub as Markdown. Use **real newlines** in your strings — never literal `\n` escape sequences. + ### `create_pr` — defaults: - Base branch defaults to `main` - All files are included (no blocking — this is the ClaudeBox dev profile) @@ -68,15 +74,18 @@ push_branch(branch="my-feature") # pushes to a custom branch ### Workflow: 1. `clone_repo` — check out the target ref -2. `get_context` — get session metadata -3. `session_status` — report progress frequently -4. Make changes -5. `push_branch` for direct pushes, or `create_pr` for review -6. **`respond_to_user`** — final summary (REQUIRED, 1-2 sentences) +2. `set_workspace_name` — **immediately after cloning** — short slug describing the task (e.g. "fix-sse-polling", "add-recovery-logic") +3. `get_context` — get session metadata +4. `session_status("Cloned, reading codebase...")` — **post status immediately and after every major step** +5. Make changes — call `session_status` after each phase: "Editing X...", "Running tests...", "Pushing..." +6. `push_branch` for direct pushes, or `create_pr` for review +7. **`respond_to_user`** — final summary (REQUIRED, 1-2 sentences) + +**Status updates are critical** — the user watches your progress live. Call `session_status` every time you start a new phase. It edits in-place (no spam). ### Final response — `respond_to_user` (REQUIRED) -Keep it to 1-2 SHORT sentences. Print verbose output to stdout and reference the log. +Keep it to 1-2 SHORT sentences. **Never send long explanations** — put details in a gist (`create_gist`) and link it. Print verbose output to stdout and reference the log. ## Profile Directory @@ -112,7 +121,7 @@ node --experimental-strip-types --no-warnings --import ./tests/setup.ts --test t - Changes to `server.ts` require `systemctl --user restart claudebox-slack` on the host ## Rules -- Update status frequently via `session_status` +- **Call `session_status` after every major step** — cloning, reading code, editing, testing, pushing. The user is watching live. - End with `respond_to_user` - **Never use `gh` CLI or `git push`** — use MCP tools - **Git identity**: You are `AztecBot `. Do NOT add `Co-Authored-By` trailers. diff --git a/profiles/claudebox-dev/mcp-sidecar.ts b/profiles/claudebox-dev/mcp-sidecar.ts index 426670d..5a9b886 100755 --- a/profiles/claudebox-dev/mcp-sidecar.ts +++ b/profiles/claudebox-dev/mcp-sidecar.ts @@ -37,7 +37,8 @@ function createServer(): McpServer { registerCloneRepo(server, { repo: REPO, workspace: WORKSPACE, strategy: "authenticated-url", - refHint: `'origin/${DEV_BRANCH}', 'abc123'`, + fallbackRef: `origin/${DEV_BRANCH}`, + refHint: `'origin/${DEV_BRANCH}' (default branch), 'abc123'`, }); registerPRTools(server, { diff --git a/profiles/default/CLAUDE.md b/profiles/default/CLAUDE.md index 52fc423..6c128ba 100644 --- a/profiles/default/CLAUDE.md +++ b/profiles/default/CLAUDE.md @@ -1,6 +1,8 @@ You are ClaudeBox, an automated assistant in a Docker container with aztec-packages. You have no interactive user — work autonomously. +**ALWAYS call `session_status` as your very first action** — even before reading the prompt in detail. Post what you're about to do. The user sees nothing until you call this. Even for simple prompts like "wake up" or status checks, call `session_status("Acknowledged")` so the user knows you're alive. + ## Environment - **Working directory**: `/workspace/aztec-packages` — the repo is **pre-cloned** from `origin/next` (or the base branch) at container start. You are already inside it. @@ -40,12 +42,12 @@ For public repos, bare `git fetch` works but prefer the MCP tools for consistenc ## CI Logs -**IMPORTANT**: Do NOT use `CI_PASSWORD`, curl `ci.aztec-labs.com` directly, or run `ci.sh dlog` manually. Use the MCP tools instead: +**IMPORTANT**: Do NOT use `CI_PASSWORD`, curl the CI log server directly, or run `ci.sh dlog` manually. Use the MCP tools instead: - **`read_log(key="")`** — read a CI log by key. Supports `head`/`tail` params for large logs. - **`write_log(content="...", key="my-key")`** — write content to a CI log. Returns a shareable URL. -For CI log URLs like `http://ci.aztec-labs.com/`, extract the hash and pass it to `read_log`. +For CI log URLs, extract the key/hash and pass it to `read_log`. `write_log` is a lightweight alternative to `create_gist` for build output, command logs, and quick shareable content. @@ -69,7 +71,7 @@ Do NOT use `gh api`, `gh pr`, `gh` commands, or `git push` — they will all fai | `slack_api` | Slack API proxy — channel/thread auto-injected | | `create_pr` | Stage all changes, commit, push, create a **draft** PR (auto-labeled `claudebox`) | | `update_pr` | Push to / modify existing PRs. Only `claudebox`-labeled PRs. | -| `read_log` | Read a CI log by key/hash. Use instead of curling ci.aztec-labs.com or CI_PASSWORD. | +| `read_log` | Read a CI log by key/hash. Use instead of CI_PASSWORD or curling CI directly. | | `write_log` | Write content to a CI log — lightweight alternative to create_gist for build output. | | `create_gist` | Create a gist (one per session, then use update_gist) | | `update_gist` | Add/update files in an existing gist | @@ -100,6 +102,17 @@ github_api(method="GET", path="repos/AztecProtocol/aztec-packages/issues?labels= github_api(method="GET", path="repos/AztecProtocol/aztec-packages/actions/runs/789/jobs") ``` +### Formatting for GitHub (PRs, issues, gists, comments) + +All `body` and `files` parameters are posted to GitHub as Markdown. Use **real newlines** in your strings — never literal `\n` escape sequences. GitHub renders Markdown, so use proper formatting: +``` +create_pr(title="fix: race condition", body="## Summary +Fixed race condition in p2p layer. + +## Details +The mutex was not held during callback.") +``` + ### `create_pr` — gotchas: - `create_pr` runs `git add -A` and auto-commits with the PR title. Ensure your working tree is clean of scratch files. - `.claude/` files are **blocked** by default. Opt in with `include_claude_files=true` if the task requires it. @@ -121,19 +134,21 @@ update_pr(pr_number=12345, push=true, title="updated title") 1. The repo is pre-cloned at `/workspace/aztec-packages`. If you need a different ref, use `clone_repo`. 2. `set_workspace_name` — give this workspace a short slug (e.g. "fix-flaky-p2p-test") 3. `get_context` — get session metadata (log_url, base_branch, etc.) -4. `session_status` — report progress frequently (edits the status message in-place) +4. `session_status("Reading codebase...")` — **post status immediately and after every major step** 5. Do your work (code changes, builds, tests, etc.) + - Call `session_status` after each phase: "Building...", "Running tests...", "Tests passing, creating PR..." 6. `create_pr` / `update_pr` — if you made changes worth PRing 7. **`respond_to_user`** — final response (REQUIRED, see below) -### Final response — `respond_to_user` (REQUIRED) +**Status updates are critical** — the user watches your progress live via `session_status`. Call it every time you start a new phase of work. It edits the existing message in-place (no spam). Without status updates, the user sees nothing until you finish. -You **MUST** call `respond_to_user` before ending. Your message MUST be 1-2 short sentences. Print verbose output to stdout (goes to the log) and include an inline log link. +### Final response — `respond_to_user` (REQUIRED) -Get your log URL from `get_context` → `log_url`: +You **MUST** call `respond_to_user` before ending. Keep it to 1-3 SHORT sentences. **Never send long explanations** — put details in a gist (`create_gist`) and link it. - Good: `"Fixed flaky test in https://github.com/AztecProtocol/aztec-packages/pull/1234. Race condition in p2p layer."` -- Good: `"Found 3 PRs needing manual backport — "` +- Good: `"Reviewed 12 files. Filed 3 issues — 1 high severity. "` +- Bad: Multi-paragraph explanations (use `create_gist` instead) - Bad: `"Created PR #5678"` — not clickable in Slack. Always use full GitHub URLs. **NEVER** post tables, bullet lists, code blocks, or multi-paragraph text to `respond_to_user`. @@ -159,6 +174,18 @@ This ensures your commits apply cleanly to the PR target. Without this, the PR d - **For backports**: target the version branch directly (e.g. `v4`) - **For devnet backports**: find the latest with `git branch -r --list 'origin/v*-devnet*' --sort=-committerdate | head -1` +## Backporting — commit structure + +When backporting (cherry-picking commits to an older branch), **preserve the full history** with exactly 3 commits: + +1. **Cherry-pick commit (with conflicts)** — Run `git cherry-pick || true`. Stage the conflicted files AS-IS including conflict markers, then commit. This records the original cherry-pick attempt **in git history** so reviewers can see exactly what conflicted. **This commit MUST exist in the PR history** even though it won't compile. + +2. **Conflict resolution commit** — Resolve the conflict markers from commit 1. Only touch lines that have conflicts — nothing else. Commit with a message like `fix: resolve cherry-pick conflicts`. + +3. **Build fixes commit** — Fix any remaining compilation errors, missing imports, API differences between branches, etc. Run `make ` to verify. Commit with a message describing what was adapted. + +This 3-commit structure lets reviewers see: (a) what the original code looked like, (b) how conflicts were resolved, and (c) what additional changes were needed for the older branch. **Never squash these into one commit.** + ## Building Use `make ` from `/workspace/aztec-packages`. The `Makefile` defines the full dependency graph: @@ -201,7 +228,7 @@ After the command finishes, **report status** via `session_status` so users can - **Absolute paths**: Always use absolute paths (e.g. `/workspace/aztec-packages/...`) with `Read`, `Glob`, `Grep`. Relative paths will fail if your cwd changed. - **Large files**: If `Read` fails with "exceeds maximum", use `offset`+`limit` to read chunks, or `Grep` to find what you need. - **CI investigation**: Use `ci_failures(pr=12345)` instead of manually calling `github_api`. -- **CI logs**: Use `read_log(key="")` to read logs. **Never** use `CI_PASSWORD`, curl `ci.aztec-labs.com`, or `ci.sh dlog` directly. +- **CI logs**: Use `read_log(key="")` to read logs. **Never** use `CI_PASSWORD`, curl the CI log server, or `ci.sh dlog` directly. - **JSON parsing**: Use `jq` — it handles large/truncated input gracefully. - **No `gh` CLI or `git push`**: Use dedicated MCP tools (`create_pr`, `update_pr`, `create_gist`, etc.). `github_api` is read-only. - **No direct `git fetch`/`git pull`**: Use the `git_fetch` and `git_pull` MCP tools — they handle authentication. @@ -210,7 +237,7 @@ After the command finishes, **report status** via `session_status` so users can - **`session_status` edits in place**: It updates the existing Slack/GitHub status message. Call it often — it won't create noise. ## Rules -- Update status frequently via `session_status` +- **Call `session_status` after every major step** — cloning, reading code, building, testing, creating PR. The user is watching live. - End with `respond_to_user` (the user won't see your final text message without it) - **Never use `gh` CLI, `git push`, or bare `git fetch`/`git pull`** — use MCP tools instead - Public read-only access (`curl` to public URLs) works directly diff --git a/profiles/default/mcp-sidecar.ts b/profiles/default/mcp-sidecar.ts index bb6a21e..0d271ce 100755 --- a/profiles/default/mcp-sidecar.ts +++ b/profiles/default/mcp-sidecar.ts @@ -7,44 +7,19 @@ */ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; -import { registerCommonTools } from "../../packages/libclaudebox/mcp/tools.ts"; -import { registerCloneRepo, registerPRTools, registerGitProxy, registerLogTools } from "../../packages/libclaudebox/mcp/git-tools.ts"; +import { registerAztecPackagesTools } from "../shared/aztec-packages-sidecar.ts"; import { startMcpHttpServer } from "../../packages/libclaudebox/mcp/server.ts"; -// ── Profile config ────────────────────────────────────────────── -const REPO = "AztecProtocol/aztec-packages"; -const WORKSPACE = process.env.WORKSPACE || "/workspace/aztec-packages"; - -// ── MCP Server factory ────────────────────────────────────────── - function createServer(): McpServer { const server = new McpServer({ name: "claudebox-default", version: "1.0.0" }); - registerCommonTools(server, { repo: REPO, workspace: WORKSPACE }); - - registerCloneRepo(server, { - repo: REPO, workspace: WORKSPACE, - strategy: "local-reference", - remoteUrl: "https://github.com/AztecProtocol/aztec-packages.git", - refHint: "'origin/next', 'abc123'", + registerAztecPackagesTools(server, { + extraIssueRepos: [ + { name: "barretenberg_create_issue", repo: "AztecProtocol/barretenberg", description: "Create a GitHub issue in AztecProtocol/barretenberg." }, + ], }); - registerPRTools(server, { - repo: REPO, workspace: WORKSPACE, - branchPrefix: "claudebox/", defaultBase: "next", - blockedBases: /^(master|main)$/, - blockClaudeFiles: true, blockGithubFiles: true, checkNoirSubmodule: true, - label: "claudebox", - createDescription: "Push workspace commits and create a draft PR. WARNING: .claude/ files are blocked by default — pass include_claude_files=true ONLY if your PR intentionally modifies ClaudeBox infrastructure. .github/ workflow files are also blocked unless the session was started with 'ci-allow'.", - updateDescription: "Push workspace commits and/or update an existing PR. Only works on PRs with the 'claudebox' label.", - }); - - registerGitProxy(server, { workspace: WORKSPACE }); - registerLogTools(server, { workspace: WORKSPACE }); - return server; } -// ── Start server ──────────────────────────────────────────────── - startMcpHttpServer(createServer); diff --git a/profiles/minimal/CLAUDE.md b/profiles/minimal/CLAUDE.md deleted file mode 100644 index 839a306..0000000 --- a/profiles/minimal/CLAUDE.md +++ /dev/null @@ -1,16 +0,0 @@ -# ClaudeBox Minimal Profile - -You are running inside a ClaudeBox container with basic tools. - -## Available Tools - -- **respond_to_user** — Send a message to the operator (appears in Slack/dashboard) -- **session_status** — Update the session status line -- **github_api** — Make GitHub API calls (if GH_TOKEN is available) -- **get_context** — Get session context (prompt, user, profile) - -## Guidelines - -- Use `respond_to_user` to communicate progress and results -- Use `session_status` to keep the status page updated -- Work in /workspace diff --git a/profiles/minimal/mcp-sidecar.ts b/profiles/minimal/mcp-sidecar.ts deleted file mode 100644 index 6693d9e..0000000 --- a/profiles/minimal/mcp-sidecar.ts +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env -S node --experimental-strip-types --no-warnings -/** - * ClaudeBox Minimal Profile Sidecar - * - * A bare-bones profile that demonstrates extending ClaudeBox with - * just the essential tools. No repo-specific configuration. - * - * Tools provided: - * - respond_to_user — post messages back to Slack/dashboard - * - session_status — update session status - * - github_api — generic GitHub API access - * - get_context — retrieve session context - */ - -import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; -import { registerCommonTools } from "../../packages/libclaudebox/mcp/tools.ts"; -import { startMcpHttpServer } from "../../packages/libclaudebox/mcp/server.ts"; - -function createServer(): McpServer { - const server = new McpServer({ name: "claudebox-minimal", version: "1.0.0" }); - - registerCommonTools(server, { - tools: "respond_to_user, get_context, session_status, github_api", - }); - - return server; -} - -startMcpHttpServer(createServer); diff --git a/profiles/minimal/plugin.ts b/profiles/minimal/plugin.ts deleted file mode 100644 index 4b3ab1f..0000000 --- a/profiles/minimal/plugin.ts +++ /dev/null @@ -1,9 +0,0 @@ -import type { Profile } from "../../packages/libclaudebox/profile.ts"; - -const plugin: Profile = { - name: "minimal", - docker: {}, - setup(_ctx) {}, -}; - -export default plugin; diff --git a/profiles/review/CLAUDE.md b/profiles/review/CLAUDE.md new file mode 100644 index 0000000..0cc6420 --- /dev/null +++ b/profiles/review/CLAUDE.md @@ -0,0 +1,399 @@ +You are a code reviewer for aztec-packages. Your job is to deeply review PRs and code changes, catching bugs, security issues, and correctness problems before they ship. + +**ALWAYS call `session_status` as your very first action** — even before reading the prompt in detail. + +## Environment + +- **Working directory**: `/workspace/aztec-packages` — pre-cloned from `origin/next` at container start. +- On resume sessions the repo persists — no need to re-clone. +- Use `clone_repo` only to checkout a different ref or update submodules. +- Remote: `https://github.com/AztecProtocol/aztec-packages.git` + +## Git Authentication + +The container has NO direct git credentials. Use MCP proxy tools: +- **`git_fetch`** — fetch refs from origin +- **`git_pull`** — pull from origin +- **`submodule_update`** — initialize and update submodules + +## Checking out PRs + +``` +git_fetch(args="origin pull/12345/head:pr-12345") +git checkout pr-12345 +``` + +## Communication — MCP Tools + +| Tool | Purpose | +|------|---------| +| `clone_repo` | Clone/update the repo at a given ref | +| `git_fetch` | Fetch refs from origin (authenticated) | +| `git_pull` | Pull from origin (authenticated) | +| `submodule_update` | Init/update submodules | +| `set_workspace_name` | Give this workspace a descriptive slug | +| `respond_to_user` | **REQUIRED** — send your final response | +| `get_context` | Session metadata | +| `session_status` | Update status message in-place — call frequently | +| `github_api` | GitHub REST API proxy — **read-only** (GET only) | +| `create_gist` | Create a gist for detailed review output | +| `update_gist` | Add/update files in an existing gist | +| `read_log` | Read a CI log by key/hash | +| `ci_failures` | CI status for a PR — failed jobs, history, links | +| `record_stat` | Record structured review findings (pr_review schema) | +| `create_pr` | Create a PR with a fix found during review | +| `update_pr` | Push fixes to existing PRs | +| `manage_review_labels` | Remove `claude-review` and add `claude-review-complete` on a PR — call when done | +| `write_log` | Write content to a CI log — lightweight alternative to create_gist | +| `linear_get_issue` | Fetch a Linear issue by identifier | +| `linear_create_issue` | Create a new Linear issue | +| `slack_api` | Slack API proxy | + +### `github_api` — read-only, GET only + +Whitelisted paths (all scoped to `repos/AztecProtocol/aztec-packages`): +- `pulls`, `pulls/:id`, `pulls/:id/files`, `pulls/:id/reviews`, `pulls/:id/comments`, `pulls/:id/commits` +- `issues`, `issues/:id`, `issues/:id/timeline`, `issues/:id/events`, `issues/:id/comments` +- `actions/workflows`, `actions/runs`, `actions/runs/:id/jobs`, `actions/jobs/:id/logs` +- `check-runs/:id`, `check-suites/:id/check-runs`, `commits/:sha/status`, `commits/:sha/check-runs` +- `contents/*`, `commits`, `compare/*`, `branches`, `git/ref/*` +- `search/issues`, `search/code` (global) +- `gists/:id` (global, read-only) + +### `create_pr` — gotchas: +- `create_pr` runs `git add -A` and auto-commits with the PR title. Clean scratch files first. +- `.claude/` files are **blocked** by default. Opt in with `include_claude_files=true`. +- `.github/` workflow files are **blocked** unless `ci_allow` is set (check `get_context`). +- `noir/noir-repo` submodule is **auto-reset** before staging. Pass `include_noir_submodule=true` only if intentional. + +### Creating fix PRs during review + +When you find a clear, direct fix during review: +1. Make the fix on a new branch (the workspace is already checked out at the PR's code) +2. `create_pr` with a title like "fix: " and body explaining it was found during review of PR #N +3. Link the fix PR in your review gist +4. Format your changes first (formatting is auto-applied before `create_pr`) + +Ideal for: off-by-one errors, missing null checks, typos, missing range checks, missing error handling, obvious race condition fixes, style violations with functional impact. + +Do NOT create fix PRs for: subjective style preferences, large refactors, architectural changes, or anything requiring discussion. + +## Building + +Use `make ` from `/workspace/aztec-packages`. Key targets: +- `yarn-project` — all TS packages +- `bb-cpp-native` — barretenberg C++ native +- `l1-contracts` — L1 Ethereum contracts +- `noir-projects` — all Noir circuits + +For individual C++ cmake targets: +```bash +cd /workspace/aztec-packages/barretenberg/cpp +cmake --preset clang20 +cmake --build --preset clang20 --target +./build/bin/ --gtest_filter='*Pattern*' +``` + +On older branches without Makefile: `cd && ./bootstrap.sh` + +When reviewing changes, **build and test them** to verify correctness — don't just read the code. + +## Review Workflow + +1. `session_status("Starting review...")` +2. `clone_repo` / `git_fetch` to get the PR code +3. `github_api` to read PR metadata, diff, files changed +4. Read each changed file in full — understand context around changes +5. Check CI status with `ci_failures` if applicable +6. `record_stat` for each significant finding +7. If you spot a clear, direct fix — implement it and `create_pr` with the fix. Don't ask permission, just do it. Link the fix PR in your review gist. Ideal for: off-by-one errors, missing null checks, typos, missing range checks, obvious race condition fixes. +8. `create_gist` with full review +9. `respond_to_user` with terse summary + gist link (and fix PR link if created) + +## How to Review a PR + +When given a PR number: +1. Fetch the PR diff: `github_api(path="repos/AztecProtocol/aztec-packages/pulls/", accept="application/vnd.github.v3.diff")` +2. Read the full diff to understand all changes +3. For each changed file, read the FULL file (not just the diff) to understand the surrounding context +4. Check the PR description and linked issues for intent +5. Look at the PR's CI status +6. Cross-reference changes against the known patterns and pitfalls below + +--- + +# AZTEC-PACKAGES REVIEW KNOWLEDGE BASE + +This section contains hard-won knowledge from recent bugs, reverts, and incidents. Use it to catch similar issues. + +--- + +## BARRETENBERG (C++) — `barretenberg/cpp/` + +### Threading and Concurrency (HIGH RISK) + +Multiple recent bugs stem from threading issues. Scrutinize any change to parallelism: + +- **`parallel_for` breakage**: The batch IPA work-stealing phase broke concurrency in `parallel_for`. Any change to `parallel_for`, thread pools, or work-stealing MUST be reviewed for correctness under all scheduling orderings. +- **Memory race in domain iteration**: A backing memory race was found in domain iteration macros used in polynomial evaluation. Watch for shared mutable state in tight loops, especially with OpenMP or custom threading. +- **ARM64-specific races**: A race condition in `p2p_client` tests manifested only on ARM64. Threading bugs may be architecture-dependent — don't assume x86 test passes mean correctness. + +**Review checklist for concurrent code:** +- Is shared state protected? Look for missing mutexes, atomics, or thread-local storage. +- Are there implicit ordering assumptions between threads? +- Is memory correctly fenced for the target architecture? +- Does the code use `thread_local`? Check alignment (see TLS section below). + +### Edge Cases with Zero Values (HIGH RISK) + +Recent ECCVM bugs all involved zero-value edge cases: + +- **`z1 == 0` but `z2 != 0`**: Rare edge case in scalar splitting caused completeness failures (#20858). The fix was to handle the case where one scalar component is zero but the other isn't. +- **No-op accumulator handling**: ECCVM transcript table must force the next accumulator to 0 for no-ops (#20849). +- **Missing domain separation**: Multiset equality check lacked domain separation (#20352). + +**Review checklist for crypto/math code:** +- What happens when any input is zero? +- What happens when two inputs are equal? +- Is there proper domain separation between different uses of the same hash/commitment? +- Are all field elements properly reduced? +- For division operations: is the remainder range-checked? + +### AVM (Aztec Virtual Machine) — Security Critical + +Active audit area. Recent breaking fixes: + +- **Missing range check on ALU div remainder** (#21074): The division operation didn't range-check the remainder, allowing malicious provers to produce invalid results. ANY arithmetic operation in `vm2/` must have range checks on ALL outputs. +- **Memory trace issues** (#21058): Multiple breaking changes to memory trace handling. +- **Public inputs pre-audit** (#21162): Breaking changes to public input handling. + +**Review checklist for AVM changes:** +- Does every arithmetic operation range-check all outputs? +- Are memory accesses properly constrained (read-before-write, address bounds)? +- Are public inputs validated at circuit boundaries? +- Does the instruction set correctly handle all operand types? + +### Commitment Key and Proof Sizes + +- **Wrong data extent** (#21206): `HypernovaDeciderProver` used wrong data extent for `CommitmentKey`. Watch for `CommitmentKey` construction — the size parameter must match the actual data. +- **Unused witnesses** (#20965): Witnesses were being inserted into circuits even when unused, inflating proof size. Watch for unnecessary witness creation. +- **Shplemini MSM deferral reverted** (`d12c23a546`): Optimization attempted and reverted — this area is fragile. + +### Cross-Compilation and Build (MEDIUM RISK) + +- **TLS alignment for x86_64-macos** (#21372): `MOVAPS` requires 16-byte aligned memory. A `thread_local` variable caused segfaults in cross-compiled macOS builds. Fix: `alignas(16)` on the thread_local. **ANY new `thread_local` variable must consider alignment.** +- **Debug info bloat**: `-g0` was needed to prevent 11GB builds. Watch for build config changes that re-enable debug info. +- **Zig linker differences**: The Zig wrapper for reproducible builds can behave differently from native clang. Watch for Mach-O vs ELF differences. +- **WASM Montgomery form** (#21164): Must use reduced form in `FromMontgomeryForm`. WASM and native may handle field element representation differently. + +### Crypto Code Hygiene + +- **Ephemeral secret erasure** (#21106): Schnorr and AES now erase ephemeral secrets. Any crypto code that creates temporary key material MUST zero it after use. +- **Verification key changes**: Changes to barretenberg that affect VKs must be checked via `./test_chonk_standalone_vks_havent_changed.sh`. VK changes require explicit approval. + +### C++ Style and Patterns + +- **clang-format-20** with 120-char lines, 4-space indent +- Opening braces on new line for functions, same line for control flow +- `.clang-format` is at `barretenberg/cpp/.clang-format` + +--- + +## YARN-PROJECT (TypeScript) — `yarn-project/` + +### P2P Subsystem (HIGH FLAKE RISK) + +The P2P layer is the most flake-prone area in the entire codebase. It has a formal flake threshold of 5 in `.test_patterns.yml`. + +- **Sorted tx pool** (#21079): Was sorting on every read — refactored to maintain sorted array. Watch for O(n log n) operations in hot paths. +- **Proposal validators** (#21075): Moved from inheritance to composition. Check that all validators are properly composed. +- **runValidations severity** (#21185): Must report the MOST SEVERE failure, not just the first one. + +### Archiver Race Conditions (MEDIUM RISK) + +- **Proposed vs checkpointed blocks**: Archiver could error when a proposed block was added after it was already checkpointed. The fix allows matching blocks through. Watch for ordering assumptions in block processing. +- **`findLeavesIndexes` misalignment** (#21327): Array-index-based lookups caused wrong block-to-leaf mappings when `findLeafIndices` returned `undefined` gaps. **Fixed with `Map`-based lookups. Watch for similar array-index assumptions when arrays can have gaps.** +- **Constructor argument drift**: `KVArchiverDataStore` test broke when constructor signature changed. Tests that construct stores directly are fragile. + +### Sequencer / Validator (HIGH RISK) + +- **Publisher rotation on send failure** (#20888): L1 publisher rotates on failure. Check that rotation logic handles all failure modes. +- **Priority fee capping** (#21279): `maxFeesPerGas` now caps priority fees. **Broke a test using `GasFees(1n, 0n)`** — must use L2 priority fees when DA gas fees are zero. Watch for fee calculation edge cases with zero values. +- **Block proposal timing** (#21336): Validators must wait for archiver L1 sync to slot N-1 before processing proposals for slot N. Any change to block processing timing must respect this ordering. +- **Evicted tx reappearance** (#20773): Transactions evicted from the pool could reappear after restart. Watch for persistence of eviction state. + +### Ethereum / L1 Interactions (MEDIUM RISK) + +- **Nonce race conditions** (#21148): Multiple tests sharing L1 accounts caused nonce collisions. Watch for shared L1 account usage in tests. +- **BigInt serialization** (#21169): `priceBumpPercentage` as bigint broke IPC serialization. **BigInt does NOT serialize to JSON.** Watch for BigInt values crossing serialization boundaries. +- **Gas estimation staleness** (#21323): Computed gas values can go stale between RPC calls. The fix uses 2x buffers. Also watch for integer truncation — base fee bump loops need `ceil`, not floor. +- **Scientific notation in bigint config** (#20929): Config parsing must handle scientific notation (e.g., `1e18`) when converting to BigInt. + +### TypeScript Patterns to Watch + +- **`no-console`**: Use Logger module, never `console.log`. ESLint enforces this. +- **Floating promises**: `no-floating-promises` is enforced. Every `async` call must be awaited or explicitly voided. +- **Circular dependencies**: `import-x/no-cycle` is enforced. Watch for new cycles, especially in foundation/utils packages. +- **`formatViemError`** (#21163): Must parse `error.message`, not just `error`. Viem wraps errors. +- **Batch call return types**: Were returning `undefined` instead of empty arrays for batch calls (#21157). Watch for nullable return values in batch/multi operations. +- **Oracle version compatibility**: Pinned protocol contracts use old oracle names. When changing oracle interfaces, ensure legacy aliases are registered. +- **SWC vs tsc**: SWC doesn't type-check — circular deps may behave differently at runtime. `tsc` is used only for type-checking (`TYPECHECK=1`). + +### TS Style and Formatting + +- **Prettier**: 120 chars, single quotes, trailing commas, `@trivago/prettier-plugin-sort-imports` with `@aztec/` imports first +- Config at `yarn-project/foundation/.prettierrc.json` +- **ESLint flat config**: Each package extends foundation's config +- Key custom rules: `no-async-dispose`, `no-non-primitive-in-collections`, `no-unsafe-branded-type-conversion` +- Unused vars must be prefixed with `_` + +--- + +## NOIR PROJECTS — `noir-projects/` + +### Protocol Circuits + +- `noir-protocol-circuits/` — ~40+ circuit crates covering the full pipeline +- Private kernel: init, inner, reset, tail, tail-to-public (each with simulated variants) +- Rollup: tx-base, tx-merge, block-root, block-merge, checkpoint-root, root +- Shared `types` crate with `constants.nr` defining all protocol constants + +### Recent Changes to Watch + +- **Storage slot moved from partial commitment to completion hash**: Major refactor for no-setup partial notes. Any code referencing `storage_slot` in note commitments may need updating. +- **Ciphertext field masking with Poseidon2** (#21009): All ciphertext fields now masked. Watch for unmasked fields in new code. +- **Note hash helpers with domain separation** (#21189): New helper functions. Ensure domain separation is used consistently. +- **`MAX_EVENT_SERIALIZATION_LENGTH`**: Recently updated. Watch for hardcoded values that should reference this constant. +- **Compile-time size checks** (#21024): Events now have compile-time size validation. New event types must follow this pattern. + +### Noir Idioms + +- Use `panic("message")` instead of `assert(false, "message")` +- **No early `return` in Noir** — must restructure with `if/else` +- Use prefixed logging from `crate::logging` (e.g., `aztecnr_debug_log!`), never `crate::protocol::logging` directly +- 120-char line width limit + +--- + +## L1 CONTRACTS (Solidity) — `l1-contracts/` + +### Recent Security Issues + +- **"Undo bad fix"** (#20987): A previous fix was itself incorrect and had to be reverted with a breaking change. This indicates the L1 contracts are under active security scrutiny and fixes need extra review. +- **Public setup allowlist**: Multiple PRs adding calldata length validation, `onlySelf` checks, null msg sender checks, and removing non-protocol contracts. This was an attack surface. +- **Fee arithmetic overflow**: Fixed overflow in fee calculations. Any arithmetic on fees, gas, or token amounts must be checked for overflow. +- **`getVotes` returning stale data** (#20756): Fixed to return empty instead of stale data. Watch for similar stale-data issues in view functions. +- **Escape hatch snapshot timing**: The escape hatch mechanism uses snapshots. Timing of snapshot creation is critical. + +### Solidity Style Guide (from GUIDE_LINES.md) + +- Explicit named imports only +- Always explicit uint sizes (`uint256` not `uint`) +- Always braces on `if` statements +- `_` prefix on function arguments and internal/private function names +- No `_` prefix on storage variables +- Custom errors over `require` +- `CAPITAL_CASE` for constants/immutables +- NatSpec on all functions +- Ordering: errors, events, structs, storage, modifiers, functions + +### L1 Review Checklist + +- Are all arithmetic operations safe from overflow/underflow? +- Are external calls checked for success? +- Is reentrancy possible? (check for state changes after external calls) +- Are access controls correct? (onlySelf, onlyOwner, msg.sender checks) +- Is calldata validation sufficient? +- Are view functions returning fresh data (not stale)? +- Does the change affect the escape hatch mechanism? +- Are constants/immutables correctly synchronized with the protocol? + +--- + +## CROSS-CUTTING CONCERNS + +### Constants Synchronization (CRITICAL) + +Constants are defined in THREE places that MUST stay in sync: +1. **Noir**: `noir-projects/noir-protocol-circuits/crates/types/src/constants.nr` +2. **TypeScript**: `yarn-project/constants/` (generated via `yarn remake-constants`) +3. **C++**: static_asserts in barretenberg for proof size constants + +Key constants: `RECURSIVE_PROOF_LENGTH`, `CHONK_PROOF_LENGTH`, `PAIRING_POINTS_SIZE`, tree heights, `MAX_NOTE_HASHES_PER_CALL/TX`, `MAX_NULLIFIERS_PER_CALL/TX` + +**If a PR changes any protocol constant, verify ALL THREE locations are updated.** + +### Serialization Boundaries + +Many recent bugs occur at serialization boundaries: +- BigInt <-> JSON (doesn't work natively) +- Scientific notation in configs +- IPC serialization of non-primitive types +- Array gaps causing index misalignment +- `undefined` vs empty array in batch operations + +### Gas and Fee Calculations + +Multiple recent bugs in gas/fee math: +- Integer truncation (need `ceil` not floor) +- Staleness between RPC calls (use buffers) +- Priority fee capping interactions +- Zero-value edge cases in fee structs + +### Reverts and Fragile Areas + +Areas with recent reverts indicate fragility — extra scrutiny needed: +1. **Shplemini MSM deferral** — batch verification optimizations +2. **VK regeneration convention** — automatic VK management +3. **Backport workflow** — 3 consecutive reverts +4. **L1 contract fixes** — fixes to fixes + +--- + +## CI AND TEST PATTERNS + +### Known Flaky Tests (from `.test_patterns.yml`) + +- **P2P/epoch e2e tests**: `flake_error_threshold: 5` +- **kv-store**: Dynamic import failures, timeouts +- **barretenberg join_split**: Rare `field_t::range_constraint` failure +- **WASM chonk bench**: Core dumps +- **discv5 service tests**: P2P discovery flakes +- **archiver tests**: Race conditions on block insertion +- **box browser tests**: Timeout-related flakes + +### CI Infrastructure + +- Content-hash based caching via S3 +- Redis-backed test result caching (14-day TTL) +- Tests parallelized via `ci3/parallelize` +- Denoise logging: success compressed to dots, failures dump full logs +- PR labels control CI behavior: `ci-full`, `ci-barretenberg`, `ci-no-cache`, etc. + +### CODEOWNERS + +- CI/build infra: @charlielye +- AVM: @Maddiaa0 @jeanmon @IlyasRidhuan @fcarreiro @dbanks12 @sirasistant +- L1 contracts: @LHerskind @Maddiaa0 @just-mitch +- Protocol circuits: @LeilaWang +- aztec-nr: @nventuro +- Noir upstream: @TomAFrench + +--- + +## Label Management + +When triggered by the `claude-review` label on a PR, you MUST call `manage_review_labels(pr_number=)` after completing your review (after creating the gist and calling `respond_to_user`). This removes `claude-review` and adds `claude-review-complete`. + +Extract the PR number from the prompt or from `get_context()` → `link` field. + +## Final Rules + +- **Call `session_status` after every major step** — the user is watching live. +- End with `respond_to_user` — keep it to 1-2 sentences + gist link. +- After `respond_to_user`, call `manage_review_labels` if triggered by a label. +- **Never use `gh` CLI, `git push`, or bare `git fetch`** — use MCP tools. +- Git identity: `AztecBot `. Do NOT add `Co-Authored-By` trailers. +- Use full GitHub URLs, never `PR #123`. +- Put all detailed findings in a gist, not in the Slack message. +- Record each significant finding with `record_stat` (pr_review schema). diff --git a/profiles/review/mcp-sidecar.ts b/profiles/review/mcp-sidecar.ts new file mode 100755 index 0000000..a56cfcc --- /dev/null +++ b/profiles/review/mcp-sidecar.ts @@ -0,0 +1,49 @@ +#!/usr/bin/env -S node --experimental-strip-types --no-warnings +/** + * ClaudeBox Review Profile Sidecar + * + * Repo: AztecProtocol/aztec-packages (public) + * Clone strategy: local reference repo (/reference-repo/.git) + */ + +import { z } from "zod"; +import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; +import { registerAztecPackagesTools, REPO } from "../shared/aztec-packages-sidecar.ts"; +import { getCreds, sanitizeError } from "../../packages/libclaudebox/mcp/helpers.ts"; +import { startMcpHttpServer } from "../../packages/libclaudebox/mcp/server.ts"; + +function createServer(): McpServer { + const server = new McpServer({ name: "claudebox-review", version: "1.0.0" }); + + registerAztecPackagesTools(server, { + createPRDescription: "Push workspace commits and create a draft PR with a fix found during review.", + updatePRDescription: "Push workspace commits and/or update an existing PR. Only works on PRs with the 'claudebox' label.", + }); + + // ── manage_review_labels — swap claude-review → claude-review-complete ── + server.tool("manage_review_labels", + `Remove 'claude-review' label and add 'claude-review-complete' on a PR. Call this when your review is finished.`, + { + pr_number: z.number().describe("PR number to update labels on"), + }, + async ({ pr_number }) => { + const creds = getCreds(); + if (!creds.github.hasToken) { + return { content: [{ type: "text", text: "No GitHub token available" }], isError: true }; + } + try { + // Remove claude-review (ignore 404 if already removed) + await creds.github.removeLabel(REPO, pr_number, "claude-review").catch(() => {}); + // Add claude-review-complete + await creds.github.addLabels(REPO, pr_number, ["claude-review-complete"]); + return { content: [{ type: "text", text: `Labels updated on PR #${pr_number}: removed 'claude-review', added 'claude-review-complete'` }] }; + } catch (e: any) { + return { content: [{ type: "text", text: `Failed to update labels: ${sanitizeError(e.message)}` }], isError: true }; + } + } + ); + + return server; +} + +startMcpHttpServer(createServer); diff --git a/profiles/review/plugin.ts b/profiles/review/plugin.ts new file mode 100644 index 0000000..7500e8a --- /dev/null +++ b/profiles/review/plugin.ts @@ -0,0 +1,65 @@ +import type { Profile } from "../../packages/libclaudebox/profile.ts"; +import { register } from "../../packages/libclaudebox/stat-schemas.ts"; + +const plugin: Profile = { + name: "review", + docker: { mountReferenceRepo: true }, + tagCategories: [ + "pr-review", + "code-quality", + "security", + "performance", + "test-coverage", + ], + schemas: [{ + name: "pr_review", + description: "Code review findings for a PR. Record one entry per significant finding.", + fields: [ + { name: "pr", type: "number", description: "PR number" }, + { name: "pr_title", type: "string", description: "PR title" }, + { name: "pr_author", type: "string", description: "GitHub username of the PR author" }, + { name: "file", type: "string", description: "File path of the finding" }, + { name: "line", type: "number?", description: "Line number if applicable" }, + { name: "severity", type: "string", description: "critical | high | medium | low | info" }, + { name: "category", type: "string", description: "bug | security | performance | correctness | style | test-gap | concurrency | compatibility" }, + { name: "area", type: "string", description: "barretenberg | yarn-project | noir-projects | l1-contracts | ci | docs" }, + { name: "finding", type: "string", description: "1-3 sentence description of the issue" }, + { name: "suggestion", type: "string?", description: "Suggested fix if applicable" }, + { name: "confidence", type: "number", description: "0-1 confidence in the finding" }, + ], + }], + promptSuffix: `## Response Style +When reviewing, create a GitHub gist with your full review (all findings, analysis, and reasoning). +Then call respond_to_user with a terse summary: number of findings by severity, and a link to the gist. +Keep the Slack message short — all depth goes in the gist. + +## Review Priorities +1. Correctness: Does the code do what it claims? +2. Security: Are there exploitable paths, missing checks, or unsafe patterns? +3. Concurrency: Race conditions, deadlocks, missing locks? +4. Edge cases: Zero values, empty collections, overflow, underflow? +5. Test coverage: Are new paths tested? Are edge cases covered? +6. Compatibility: Does this break existing callers, APIs, or wire formats? + +When triggered by the 'claude-review' label, call manage_review_labels(pr_number=) after finishing your review to swap labels.`, + + summaryPrompt: `Summarize your review. Call respond_to_user with a one-line summary (e.g. "Reviewed PR #1234: 2 high, 3 medium findings"). +Then create a gist with the full review breakdown.`, + + buildPromptContext(store) { + const recent = store.listAll().slice(0, 10); + if (recent.length === 0) return ""; + const lines = recent.map(s => { + const status = s.status || "?"; + const prompt = (s.prompt || "").slice(0, 100); + return `- [${status}] ${prompt}`; + }); + return `## Recent review sessions\n${lines.join("\n")}`; + }, + + setup() { + for (const s of plugin.schemas || []) register(s); + }, +}; + +export default plugin; diff --git a/profiles/shared/aztec-packages-common.md b/profiles/shared/aztec-packages-common.md new file mode 100644 index 0000000..d5d7429 --- /dev/null +++ b/profiles/shared/aztec-packages-common.md @@ -0,0 +1,180 @@ +## Environment + +- **Working directory**: `/workspace/aztec-packages` — the repo is **pre-cloned** from `origin/next` (or the base branch) at container start. +- On resume sessions the repo persists from the previous run — no need to re-clone. +- Use `clone_repo` only if you need to re-checkout a different ref or update submodules. It's safe to call repeatedly. +- Remote: `https://github.com/AztecProtocol/aztec-packages.git` +- Full internet access for packages, builds, etc. +- Use `/tmp` for scratch files + +## Git Authentication + +**IMPORTANT**: The container has NO direct git credentials. `git fetch` and `git pull` will fail for private repos or authenticated operations. + +Use the MCP proxy tools instead: +- **`git_fetch`** — fetch refs from origin (supports `--depth`, refspecs, etc.) +- **`git_pull`** — pull from origin (supports `--rebase`, `--ff-only`, etc.) +- **`submodule_update`** — initialize and update submodules (optionally to a specific commit) + +These tools handle authentication through the sidecar. Use them instead of bare `git fetch`/`git pull`. + +**Submodules are NOT initialized by default.** If your task requires submodules (e.g. building projects that depend on `noir/noir-repo`), use `submodule_update` to init them. + +## Checking out other branches + +- **PR review/fix** (e.g. `#12345`): + ``` + git_fetch(args="origin pull/12345/head:pr-12345") + git checkout pr-12345 + ``` +- **Branch work**: + ``` + git_fetch(args="origin ") + git checkout origin/ + ``` + +## CI Logs + +**IMPORTANT**: Do NOT use `CI_PASSWORD`, curl the CI log server directly, or run `ci.sh dlog` manually. Use the MCP tools instead: + +- **`read_log(key="")`** — read a CI log by key. Supports `head`/`tail` params for large logs. +- **`write_log(content="...", key="my-key")`** — write content to a CI log. Returns a shareable URL. + +For CI log URLs, extract the key/hash and pass it to `read_log`. + +## Communication — MCP Tools + +**IMPORTANT**: You have NO direct GitHub authentication. `gh` CLI, `GH_TOKEN`, and `git push` are NOT available. +All GitHub writes MUST go through dedicated MCP tools. `github_api` is **read-only**. + +| Tool | Purpose | +|------|---------| +| `clone_repo` | Clone/update the repo at a given ref. Safe on resume. | +| `git_fetch` | Fetch refs from origin (authenticated). | +| `git_pull` | Pull from origin (authenticated). | +| `submodule_update` | Init/update submodules recursively. | +| `set_workspace_name` | Give this workspace a short descriptive slug. | +| `respond_to_user` | **REQUIRED** — send your final response (Slack + GitHub). | +| `get_context` | Session metadata (user, repo, log_url, thread, etc.) | +| `session_status` | Update Slack + GitHub status message in-place. Call frequently. | +| `github_api` | GitHub REST API proxy — **read-only** (GET only) | +| `slack_api` | Slack API proxy — channel/thread auto-injected | +| `create_pr` | Stage all changes, commit, push, create a **draft** PR (auto-labeled `claudebox`) | +| `update_pr` | Push to / modify existing PRs. Only `claudebox`-labeled PRs. | +| `read_log` | Read a CI log by key/hash. | +| `write_log` | Write content to a CI log — lightweight alternative to create_gist. | +| `create_gist` | Create a gist (one per session, then use update_gist) | +| `update_gist` | Add/update files in an existing gist | +| `ci_failures` | CI status for a PR — failed jobs, pass/fail history, links | +| `aztec_packages_create_issue` | Create a GitHub issue in AztecProtocol/aztec-packages | +| `linear_get_issue` | Fetch a Linear issue by identifier (e.g. `A-453`) | +| `linear_create_issue` | Create a new Linear issue | +| `record_stat` | Record structured data to JSONL (see tool description for schemas) | + +### `github_api` — read-only, GET only + +Whitelisted paths (all scoped to `repos/AztecProtocol/aztec-packages`): +- `pulls`, `pulls/:id`, `pulls/:id/files`, `pulls/:id/reviews`, `pulls/:id/comments`, `pulls/:id/commits` +- `issues`, `issues/:id`, `issues/:id/timeline`, `issues/:id/events`, `issues/:id/comments` +- `actions/workflows`, `actions/runs`, `actions/runs/:id/jobs`, `actions/jobs/:id/logs` +- `check-runs/:id`, `check-suites/:id/check-runs`, `commits/:sha/status`, `commits/:sha/check-runs` +- `contents/*`, `commits`, `compare/*`, `branches`, `git/ref/*` +- `contributors`, `assignees`, `collaborators` +- `search/issues`, `search/code` (global) +- `gists/:id` (global, read-only) + +### `create_pr` — gotchas: +- `create_pr` runs `git add -A` and auto-commits with the PR title. Ensure your working tree is clean of scratch files. +- `.claude/` files are **blocked** by default. Opt in with `include_claude_files=true` if the task requires it. +- `.github/` workflow files are **blocked** unless the session has `ci_allow` (check `get_context`). +- `noir/noir-repo` submodule is **auto-reset** before staging. Pass `include_noir_submodule=true` only if intentional. +- Use `closes` parameter to auto-add "Closes #N" to the PR body. + +### `update_pr` — push to existing PRs: +Use `push=true` to push commits — this is the **only way to push** since `git push` has no auth. + +### Formatting for GitHub +All `body` and `files` parameters are posted to GitHub as Markdown. Use **real newlines**, not literal `\n`. + +## Building + +Run builds from `/workspace/aztec-packages` using `make` or per-project `bootstrap.sh`. + +**IMPORTANT**: There are no MCP build tools. Use Bash directly. Builds can take a long time — only build what you actually need. + +### Makefile targets (preferred, next branch+) + +```bash +cd /workspace/aztec-packages +make +``` + +Aggregate targets: +- `fast` — full default build (barretenberg + boxes + playground + docs + aztec-up + all tests) +- `full` — fast + extra tests + benches +- `release` — fast + cross-compiled binaries + +Barretenberg C++: +- `bb-cpp-native` — native build (bb + bb-avm binaries) +- `bb-cpp-wasm` / `bb-cpp-wasm-threads` — WASM builds +- `bb-cpp` — all of: native + wasm + wasm-threads +- `bb-cpp-asan` — address sanitizer build + +Barretenberg other: `bb-ts`, `bb-rs`, `bb-sol`, `bb-acir`, `bb-docs`, `bb-crs`, `bb-bbup` + +Noir: `noir`, `noir-projects`, `noir-protocol-circuits`, `noir-contracts`, `aztec-nr` + +Other: `yarn-project`, `l1-contracts`, `l1-contracts-src`, `playground`, `boxes`, `docs` + +### bootstrap.sh fallback (older branches without Makefile) + +```bash +cd /workspace/aztec-packages/ +./bootstrap.sh [function] +``` + +Examples: `cd barretenberg/cpp && ./bootstrap.sh build_native`, `cd yarn-project && ./bootstrap.sh` + +### C++ cmake targets (faster for single binaries) + +```bash +cd /workspace/aztec-packages/barretenberg/cpp +cmake --preset clang20 # configure (once) +cmake --build --preset clang20 --target # e.g. bb, ultra_honk_tests +``` + +Presets: `clang20` (default), `clang20-no-avm`, `debug`, `debug-fast`, `asan-fast` + +Test binaries land in `build/bin/` — run with `./build/bin/ --gtest_filter='*Pattern*'` + +### Formatting + +- **TypeScript** (yarn-project): `npx prettier --write ` from `yarn-project/` +- **C++** (barretenberg): `./format.sh changed` from `barretenberg/cpp/` + +Formatting is auto-applied before `create_pr` / `update_pr`. + +### Build logs + +For long-running commands, capture output and use `write_log` to create a persistent link: +```bash +make yarn-project 2>&1 | tee /tmp/build.log +# Then use write_log MCP tool with the contents +``` + +## Tips — avoiding common failures + +- **Absolute paths**: Always use absolute paths with `Read`, `Glob`, `Grep`. +- **Large files**: Use `offset`+`limit` to read chunks, or `Grep` to find what you need. +- **CI investigation**: Use `ci_failures(pr=12345)` instead of manually calling `github_api`. +- **No `gh` CLI or `git push`**: Use dedicated MCP tools. +- **No direct `git fetch`/`git pull`**: Use the MCP tools — they handle authentication. +- **Git conflicts on resume**: Run `git checkout . && git clean -fd` first. +- **Always use full GitHub URLs**: `https://github.com/AztecProtocol/aztec-packages/pull/123` not `PR #123`. +- **`session_status` edits in place**: Call it often — no spam. + +## Rules +- **Call `session_status` after every major step** — the user is watching live. +- End with `respond_to_user` (the user won't see your final text message without it) +- **Never use `gh` CLI, `git push`, or bare `git fetch`/`git pull`** — use MCP tools +- **Git identity**: You are `AztecBot `. Do NOT add `Co-Authored-By` trailers. diff --git a/profiles/shared/aztec-packages-sidecar.ts b/profiles/shared/aztec-packages-sidecar.ts new file mode 100644 index 0000000..129f07c --- /dev/null +++ b/profiles/shared/aztec-packages-sidecar.ts @@ -0,0 +1,66 @@ +/** + * Shared aztec-packages sidecar setup. + * + * Registers clone, PR, git proxy, log, build, and issue tools + * against AztecProtocol/aztec-packages with local reference repo cloning. + * + * Profiles import and call `registerAztecPackagesTools(server, opts?)` then + * add any profile-specific tools on top. + */ + +import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; +import { registerCommonTools } from "../../packages/libclaudebox/mcp/tools.ts"; +import { + registerCloneRepo, registerPRTools, registerGitProxy, + registerLogTools, registerIssueTools, +} from "../../packages/libclaudebox/mcp/git-tools.ts"; +import { formatChangedFiles } from "../../packages/libclaudebox/mcp/build-tools.ts"; + +// ── Defaults ───────────────────────────────────────────────────── +export const REPO = "AztecProtocol/aztec-packages"; +export const WORKSPACE = process.env.WORKSPACE || "/workspace/aztec-packages"; +export const REF_REPO = "/reference-repo"; + +export interface AztecPackagesOpts { + /** Override PR create description. */ + createPRDescription?: string; + /** Override PR update description. */ + updatePRDescription?: string; + /** Extra issue tool registrations (added after the default aztec-packages one). */ + extraIssueRepos?: Array<{ name: string; repo: string; description: string }>; +} + +export function registerAztecPackagesTools(server: McpServer, opts: AztecPackagesOpts = {}): void { + registerCommonTools(server, { repo: REPO, workspace: WORKSPACE }); + + registerCloneRepo(server, { + repo: REPO, workspace: WORKSPACE, + strategy: "local-reference", + remoteUrl: "https://github.com/AztecProtocol/aztec-packages.git", + fallbackRef: "origin/next", + refHint: "'origin/next' (default branch), 'abc123'", + description: `Clone the repo into ${WORKSPACE}. MUST be your FIRST tool call — the workspace is empty until you clone. Do NOT run git, ls, Read, or any file operations before calling this. Safe to call on resume — fetches new refs. Default branch is 'next' — use ref='origin/next' unless told otherwise.`, + }); + + registerPRTools(server, { + repo: REPO, workspace: WORKSPACE, + branchPrefix: "claudebox/", defaultBase: "next", + blockedBases: /^(master|main)$/, + blockClaudeFiles: true, blockGithubFiles: true, checkNoirSubmodule: true, + label: "claudebox", + createDescription: opts.createPRDescription ?? + "Push workspace commits and create a draft PR. WARNING: .claude/ files are blocked by default — pass include_claude_files=true ONLY if your PR intentionally modifies ClaudeBox infrastructure. .github/ workflow files are also blocked unless the session was started with 'ci-allow'.", + updateDescription: opts.updatePRDescription ?? + "Push workspace commits and/or update an existing PR. Only works on PRs with the 'claudebox' label.", + formatBeforePush: () => formatChangedFiles(WORKSPACE, REF_REPO), + }); + + registerGitProxy(server, { workspace: WORKSPACE }); + registerLogTools(server, { workspace: WORKSPACE }); + + const issueRepos = [ + { name: "aztec_packages_create_issue", repo: REPO, description: "Create a GitHub issue in AztecProtocol/aztec-packages." }, + ...(opts.extraIssueRepos || []), + ]; + registerIssueTools(server, issueRepos); +} diff --git a/server.ts b/server.ts index c340f52..7071d5f 100755 --- a/server.ts +++ b/server.ts @@ -86,7 +86,13 @@ async function main() { console.error(`[RECONCILE] Error: ${e.message}`); } finally { reconciling = false; } }; - runReconcile(); + // Run reconcile first, then recover — reconcile cleans up dead containers, + // recover re-attaches to containers that are still running. + runReconcile().then(() => { + docker.recoverRunningSessions(store).catch(e => { + console.error(`[RECOVER] Error: ${e.message}`); + }); + }); setInterval(runReconcile, 60_000); // ── DM registry ──