mark/vibn-agent-runner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
419af40ca20613295189ef0942e296f37a3cf435
vibn-agent-runner/dist/tools.js
mawkone d9368e4abd fix: compile dist from source in Docker, fix ChatResult interface 
- Dockerfile now runs tsc during build so committed dist/ is never stale
- ChatResult interface was missing history[] and memoryUpdates[] fields
- Re-add missing MemoryUpdate import in orchestrator.ts
- Rebuild dist/ with all new fields included

Made-with: Cursor
2026-02-27 19:27:42 -08:00

772 lines
32 KiB
JavaScript
Raw Blame History

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.ALL_TOOLS = void 0;
exports.executeTool = executeTool;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const cp = __importStar(require("child_process"));
const util = __importStar(require("util"));
const minimatch_1 = require("minimatch");
const execAsync = util.promisify(cp.exec);
// =============================================================================
// SECURITY GUARDRAILS — Protected VIBN Platform Resources
//
// These repos and Coolify resources belong to the Vibn platform itself.
// Agents must never be allowed to push code or trigger deployments here.
// Read-only operations (list, read file, get status) are still permitted
// so agents can observe the platform state, but all mutations are blocked.
// =============================================================================
/** Gitea repos that agents can NEVER push to, commit to, or write issues on. */
const PROTECTED_GITEA_REPOS = new Set([
'mark/vibn-frontend',
'mark/theia-code-os',
'mark/vibn-agent-runner',
'mark/vibn-api',
'mark/master-ai',
]);
/** Coolify project UUID for the VIBN platform — agents cannot deploy here. */
const PROTECTED_COOLIFY_PROJECT = 'f4owwggokksgw0ogo0844os0';
/**
* Specific Coolify app UUIDs that must never be deployed by an agent.
* This is a belt-and-suspenders check in case the project UUID filter is bypassed.
*/
const PROTECTED_COOLIFY_APPS = new Set([
'y4cscsc8s08c8808go0448s0', // vibn-frontend
'kggs4ogckc0w8ggwkkk88kck', // vibn-postgres
'o4wwck0g0c04wgoo4g4s0004', // gitea
]);
function assertGiteaWritable(repo) {
if (PROTECTED_GITEA_REPOS.has(repo)) {
throw new Error(`SECURITY: Repo "${repo}" is a protected Vibn platform repo. ` +
`Agents cannot push code or modify issues in this repository.`);
}
}
function assertCoolifyDeployable(appUuid) {
if (PROTECTED_COOLIFY_APPS.has(appUuid)) {
throw new Error(`SECURITY: App "${appUuid}" is a protected Vibn platform application. ` +
`Agents cannot trigger deployments for this application.`);
}
}
exports.ALL_TOOLS = [
{
name: 'read_file',
description: 'Read the complete content of a file in the workspace. Always read before editing.',
parameters: {
type: 'object',
properties: {
path: { type: 'string', description: 'Relative path from workspace root (e.g. "src/index.ts")' }
},
required: ['path']
}
},
{
name: 'write_file',
description: 'Write complete content to a file. Creates parent directories if needed. Overwrites existing files.',
parameters: {
type: 'object',
properties: {
path: { type: 'string', description: 'Relative path from workspace root' },
content: { type: 'string', description: 'Complete new file content' }
},
required: ['path', 'content']
}
},
{
name: 'replace_in_file',
description: 'Replace an exact string in a file. The old_content must match character-for-character. Read the file first.',
parameters: {
type: 'object',
properties: {
path: { type: 'string', description: 'Relative path from workspace root' },
old_content: { type: 'string', description: 'Exact text to replace' },
new_content: { type: 'string', description: 'Replacement text' }
},
required: ['path', 'old_content', 'new_content']
}
},
{
name: 'list_directory',
description: 'List files and subdirectories in a directory. Directories have trailing "/".',
parameters: {
type: 'object',
properties: {
path: { type: 'string', description: 'Relative path from workspace root. Use "." for root.' }
},
required: ['path']
}
},
{
name: 'find_files',
description: 'Find files matching a glob pattern in the workspace. Returns up to 200 relative paths.',
parameters: {
type: 'object',
properties: {
pattern: { type: 'string', description: 'Glob pattern e.g. "**/*.ts", "src/**/*.test.js"' }
},
required: ['pattern']
}
},
{
name: 'search_code',
description: 'Search file contents for a string or regex pattern. Returns file path, line number, and matching line.',
parameters: {
type: 'object',
properties: {
query: { type: 'string', description: 'Search term or regex' },
file_extensions: {
type: 'array',
items: { type: 'string' },
description: 'Optional: limit to these extensions e.g. ["ts","js"]'
}
},
required: ['query']
}
},
{
name: 'execute_command',
description: 'Run a shell command in the workspace and return stdout + stderr. 120s timeout. Use for: npm install, npm test, git status, building, etc.',
parameters: {
type: 'object',
properties: {
command: { type: 'string', description: 'Shell command to run' },
working_directory: { type: 'string', description: 'Optional: relative subdirectory to run in' }
},
required: ['command']
}
},
{
name: 'git_commit_and_push',
description: 'Stage all changes, commit with a message, and push to the remote. Call this when work is complete.',
parameters: {
type: 'object',
properties: {
message: { type: 'string', description: 'Commit message describing the changes made' }
},
required: ['message']
}
},
{
name: 'coolify_list_projects',
description: 'List all projects in the Coolify instance. Returns project names and UUIDs.',
parameters: { type: 'object', properties: {} }
},
{
name: 'coolify_list_applications',
description: 'List applications in a Coolify project.',
parameters: {
type: 'object',
properties: {
project_uuid: { type: 'string', description: 'Project UUID from coolify_list_projects' }
},
required: ['project_uuid']
}
},
{
name: 'coolify_deploy',
description: 'Trigger a deployment for a Coolify application.',
parameters: {
type: 'object',
properties: {
application_uuid: { type: 'string', description: 'Application UUID to deploy' }
},
required: ['application_uuid']
}
},
{
name: 'coolify_get_logs',
description: 'Get recent deployment logs for a Coolify application.',
parameters: {
type: 'object',
properties: {
application_uuid: { type: 'string', description: 'Application UUID' }
},
required: ['application_uuid']
}
},
{
name: 'gitea_create_issue',
description: 'Create a new issue in a Gitea repository.',
parameters: {
type: 'object',
properties: {
repo: { type: 'string', description: 'Repository in "owner/name" format' },
title: { type: 'string', description: 'Issue title' },
body: { type: 'string', description: 'Issue body (markdown)' },
labels: { type: 'array', items: { type: 'string' }, description: 'Optional label names' }
},
required: ['repo', 'title', 'body']
}
},
{
name: 'gitea_list_issues',
description: 'List open issues in a Gitea repository.',
parameters: {
type: 'object',
properties: {
repo: { type: 'string', description: 'Repository in "owner/name" format' },
state: { type: 'string', description: '"open", "closed", or "all". Default: "open"' }
},
required: ['repo']
}
},
{
name: 'gitea_close_issue',
description: 'Close an issue in a Gitea repository.',
parameters: {
type: 'object',
properties: {
repo: { type: 'string', description: 'Repository in "owner/name" format' },
issue_number: { type: 'number', description: 'Issue number to close' }
},
required: ['repo', 'issue_number']
}
},
{
name: 'spawn_agent',
description: 'Dispatch a sub-agent job to run in the background. Returns a job ID. Use this to delegate specialized work to Coder, PM, or Marketing agents.',
parameters: {
type: 'object',
properties: {
agent: { type: 'string', description: '"Coder", "PM", or "Marketing"' },
task: { type: 'string', description: 'Detailed task description for the agent' },
repo: { type: 'string', description: 'Gitea repo in "owner/name" format the agent should work on' }
},
required: ['agent', 'task', 'repo']
}
},
// -------------------------------------------------------------------------
// Orchestrator-only tools — project-wide awareness
// -------------------------------------------------------------------------
{
name: 'list_repos',
description: 'List all Git repositories in the Gitea organization. Returns repo names, descriptions, and last update time.',
parameters: { type: 'object', properties: {} }
},
{
name: 'list_all_issues',
description: 'List open issues across all repos or a specific repo. Use this to understand what work is queued or in progress.',
parameters: {
type: 'object',
properties: {
repo: { type: 'string', description: 'Optional: "owner/name" to scope to one repo. Omit for all repos.' },
state: { type: 'string', description: '"open", "closed", or "all". Default: "open"' }
}
}
},
{
name: 'list_all_apps',
description: 'List all Coolify applications across all projects with their status (running/stopped/error) and domain.',
parameters: { type: 'object', properties: {} }
},
{
name: 'get_app_status',
description: 'Get the current deployment status and recent logs for a specific Coolify application by name or UUID.',
parameters: {
type: 'object',
properties: {
app_name: { type: 'string', description: 'Application name (e.g. "vibn-frontend") or UUID' }
},
required: ['app_name']
}
},
{
name: 'read_repo_file',
description: 'Read a file from any Gitea repository without cloning it. Useful for understanding project structure.',
parameters: {
type: 'object',
properties: {
repo: { type: 'string', description: 'Repo in "owner/name" format' },
path: { type: 'string', description: 'File path within the repo (e.g. "src/app/page.tsx")' }
},
required: ['repo', 'path']
}
},
{
name: 'get_job_status',
description: 'Check the status of a previously spawned agent job by job ID.',
parameters: {
type: 'object',
properties: {
job_id: { type: 'string', description: 'Job ID returned by spawn_agent' }
},
required: ['job_id']
}
},
{
name: 'deploy_app',
description: 'Trigger a Coolify deployment for an app by name. Use after an agent commits code.',
parameters: {
type: 'object',
properties: {
app_name: { type: 'string', description: 'Application name (e.g. "vibn-frontend")' }
},
required: ['app_name']
}
},
{
name: 'save_memory',
description: 'Persist an important fact about this project to long-term memory. Use this to save decisions, tech stack choices, feature descriptions, constraints, or goals so they are remembered across conversations.',
parameters: {
type: 'object',
properties: {
key: { type: 'string', description: 'Short unique label (e.g. "primary_language", "auth_strategy", "deploy_target")' },
type: {
type: 'string',
enum: ['tech_stack', 'decision', 'feature', 'goal', 'constraint', 'note'],
description: 'Category of the memory item'
},
value: { type: 'string', description: 'The fact to remember (1-3 sentences)' }
},
required: ['key', 'type', 'value']
}
}
];
// ---------------------------------------------------------------------------
// Tool executor — routes call.name → implementation
// ---------------------------------------------------------------------------
async function executeTool(name, args, ctx) {
switch (name) {
case 'read_file': return readFile(String(args.path), ctx);
case 'write_file': return writeFile(String(args.path), String(args.content), ctx);
case 'replace_in_file': return replaceInFile(String(args.path), String(args.old_content), String(args.new_content), ctx);
case 'list_directory': return listDirectory(String(args.path), ctx);
case 'find_files': return findFiles(String(args.pattern), ctx);
case 'search_code': return searchCode(String(args.query), args.file_extensions, ctx);
case 'execute_command': return executeCommand(String(args.command), args.working_directory, ctx);
case 'git_commit_and_push': return gitCommitAndPush(String(args.message), ctx);
case 'coolify_list_projects': return coolifyListProjects(ctx);
case 'coolify_list_applications': return coolifyListApplications(String(args.project_uuid), ctx);
case 'coolify_deploy': return coolifyDeploy(String(args.application_uuid), ctx);
case 'coolify_get_logs': return coolifyGetLogs(String(args.application_uuid), ctx);
case 'gitea_create_issue': return giteaCreateIssue(String(args.repo), String(args.title), String(args.body), args.labels, ctx);
case 'gitea_list_issues': return giteaListIssues(String(args.repo), args.state || 'open', ctx);
case 'gitea_close_issue': return giteaCloseIssue(String(args.repo), Number(args.issue_number), ctx);
case 'spawn_agent': return spawnAgentTool(String(args.agent), String(args.task), String(args.repo), ctx);
// Orchestrator tools
case 'list_repos': return listRepos(ctx);
case 'list_all_issues': return listAllIssues(args.repo, args.state || 'open', ctx);
case 'list_all_apps': return listAllApps(ctx);
case 'get_app_status': return getAppStatus(String(args.app_name), ctx);
case 'read_repo_file': return readRepoFile(String(args.repo), String(args.path), ctx);
case 'get_job_status': return getJobStatus(String(args.job_id));
case 'deploy_app': return deployApp(String(args.app_name), ctx);
default:
return { error: `Unknown tool: ${name}` };
}
}
// ---------------------------------------------------------------------------
// Implementations
// ---------------------------------------------------------------------------
const EXCLUDED = new Set(['node_modules', '.git', 'dist', 'build', 'lib', '.cache', 'coverage']);
function safeResolve(root, rel) {
const resolved = path.resolve(root, rel);
if (!resolved.startsWith(path.resolve(root))) {
throw new Error(`Path escapes workspace: ${rel}`);
}
return resolved;
}
async function readFile(filePath, ctx) {
const abs = safeResolve(ctx.workspaceRoot, filePath);
try {
return fs.readFileSync(abs, 'utf8');
}
catch {
return JSON.stringify({ error: `File not found: ${filePath}` });
}
}
async function writeFile(filePath, content, ctx) {
const abs = safeResolve(ctx.workspaceRoot, filePath);
fs.mkdirSync(path.dirname(abs), { recursive: true });
fs.writeFileSync(abs, content, 'utf8');
return { success: true, path: filePath, bytes: Buffer.byteLength(content) };
}
async function replaceInFile(filePath, oldContent, newContent, ctx) {
const abs = safeResolve(ctx.workspaceRoot, filePath);
const current = fs.readFileSync(abs, 'utf8');
if (!current.includes(oldContent)) {
return { error: 'old_content not found in file. Read the file again to get the current content.' };
}
fs.writeFileSync(abs, current.replace(oldContent, newContent), 'utf8');
return { success: true, path: filePath };
}
async function listDirectory(dirPath, ctx) {
const abs = safeResolve(ctx.workspaceRoot, dirPath);
try {
const entries = fs.readdirSync(abs, { withFileTypes: true });
return entries
.filter(e => !EXCLUDED.has(e.name))
.map(e => e.isDirectory() ? `${e.name}/` : e.name);
}
catch {
return { error: `Directory not found: ${dirPath}` };
}
}
async function findFiles(pattern, ctx) {
const matcher = new minimatch_1.Minimatch(pattern, { dot: false });
const results = [];
function walk(dir) {
if (results.length >= 200)
return;
let entries;
try {
entries = fs.readdirSync(dir, { withFileTypes: true });
}
catch {
return;
}
for (const e of entries) {
if (EXCLUDED.has(e.name))
continue;
const abs = path.join(dir, e.name);
const rel = path.relative(ctx.workspaceRoot, abs).split(path.sep).join('/');
if (e.isDirectory()) {
walk(abs);
}
else if (matcher.match(rel)) {
results.push(rel);
}
}
}
walk(ctx.workspaceRoot);
return { files: results, truncated: results.length >= 200 };
}
async function searchCode(query, extensions, ctx) {
const globPatterns = extensions?.map(e => `*.${e}`) || [];
const args = ['--line-number', '--no-heading', '--color=never', '--max-count=30'];
for (const ex of EXCLUDED) {
args.push('--glob', `!${ex}`);
}
if (globPatterns.length > 0) {
for (const g of globPatterns)
args.push('--glob', g);
}
args.push('--fixed-strings', query, ctx.workspaceRoot);
try {
const { stdout } = await execAsync(`rg ${args.map(a => `'${a}'`).join(' ')}`, { cwd: ctx.workspaceRoot, timeout: 15000 });
const lines = stdout.trim().split('\n').filter(Boolean).map(line => {
const m = line.match(/^(.+?):(\d+):(.*)$/);
if (!m)
return null;
return { file: path.relative(ctx.workspaceRoot, m[1]).split(path.sep).join('/'), line: parseInt(m[2]), content: m[3].trim() };
}).filter(Boolean);
return lines;
}
catch (err) {
if (err.code === 1)
return []; // ripgrep exit 1 = no matches
return { error: `Search failed: ${err.message}` };
}
}
async function executeCommand(command, workingDir, ctx) {
const BLOCKED = ['rm -rf /', 'mkfs', ':(){:|:&};:'];
if (BLOCKED.some(b => command.includes(b))) {
return { error: 'Command blocked for safety.' };
}
const cwd = workingDir ? safeResolve(ctx.workspaceRoot, workingDir) : ctx.workspaceRoot;
try {
const { stdout, stderr } = await execAsync(command, { cwd, timeout: 120000, maxBuffer: 1024 * 1024 });
return { exitCode: 0, stdout: stdout.trim(), stderr: stderr.trim() };
}
catch (err) {
return { exitCode: err.code, stdout: (err.stdout || '').trim(), stderr: (err.stderr || '').trim(), error: err.message };
}
}
async function gitCommitAndPush(message, ctx) {
const cwd = ctx.workspaceRoot;
const { apiUrl, apiToken, username } = ctx.gitea;
try {
// Check the remote URL before committing — block pushes to protected repos
let remoteCheck = '';
try {
remoteCheck = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
}
catch { /* ok */ }
for (const protectedRepo of PROTECTED_GITEA_REPOS) {
const repoPath = protectedRepo.replace('mark/', '');
if (remoteCheck.includes(`/${repoPath}`) || remoteCheck.includes(`/${repoPath}.git`)) {
return {
error: `SECURITY: This workspace is linked to a protected Vibn platform repo (${protectedRepo}). ` +
`Agents cannot push to platform repos. Only user project repos are writable.`
};
}
}
await execAsync('git add -A', { cwd });
await execAsync(`git commit -m "${message.replace(/"/g, '\\"')}"`, { cwd });
// Get current remote URL, strip any existing credentials, re-inject cleanly
let remoteUrl = '';
try {
remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
}
catch { /* no remote yet */ }
const cleanUrl = remoteUrl.replace(/https:\/\/[^@]+@/, 'https://');
const baseUrl = cleanUrl || apiUrl;
const authedUrl = baseUrl.replace('https://', `https://${username}:${apiToken}@`);
await execAsync(`git remote set-url origin "${authedUrl}"`, { cwd }).catch(async () => {
await execAsync(`git remote add origin "${authedUrl}"`, { cwd });
});
const branch = (await execAsync('git rev-parse --abbrev-ref HEAD', { cwd })).stdout.trim();
await execAsync(`git push -u origin "${branch}"`, { cwd, timeout: 60000 });
return { success: true, message, branch };
}
catch (err) {
const cleaned = (err.message || '').replace(new RegExp(apiToken, 'g'), '***');
return { error: `Git operation failed: ${cleaned}` };
}
}
// ---------------------------------------------------------------------------
// Coolify tools
// ---------------------------------------------------------------------------
async function coolifyFetch(path, ctx, method = 'GET', body) {
const res = await fetch(`${ctx.coolify.apiUrl}/api/v1${path}`, {
method,
headers: {
'Authorization': `Bearer ${ctx.coolify.apiToken}`,
'Content-Type': 'application/json',
'Accept': 'application/json'
},
body: body ? JSON.stringify(body) : undefined
});
if (!res.ok)
return { error: `Coolify API error: ${res.status} ${res.statusText}` };
return res.json();
}
async function coolifyListProjects(ctx) {
const projects = await coolifyFetch('/projects', ctx);
if (!Array.isArray(projects))
return projects;
// Filter out the protected VIBN project entirely — agents don't need to see it
return projects.filter((p) => p.uuid !== PROTECTED_COOLIFY_PROJECT);
}
async function coolifyListApplications(projectUuid, ctx) {
const all = await coolifyFetch('/applications', ctx);
if (!Array.isArray(all))
return all;
return all.filter((a) => a.project_uuid === projectUuid);
}
async function coolifyDeploy(appUuid, ctx) {
assertCoolifyDeployable(appUuid);
// Also check the app belongs to the right project
const apps = await coolifyFetch('/applications', ctx);
if (Array.isArray(apps)) {
const app = apps.find((a) => a.uuid === appUuid);
if (app?.project_uuid === PROTECTED_COOLIFY_PROJECT) {
return { error: `SECURITY: App "${appUuid}" belongs to the protected Vibn project. Agents cannot deploy platform apps.` };
}
}
return coolifyFetch(`/applications/${appUuid}/deploy`, ctx, 'POST');
}
async function coolifyGetLogs(appUuid, ctx) {
return coolifyFetch(`/applications/${appUuid}/logs?limit=50`, ctx);
}
// ---------------------------------------------------------------------------
// Gitea tools
// ---------------------------------------------------------------------------
async function giteaFetch(path, ctx, method = 'GET', body) {
const res = await fetch(`${ctx.gitea.apiUrl}/api/v1${path}`, {
method,
headers: {
'Authorization': `token ${ctx.gitea.apiToken}`,
'Content-Type': 'application/json',
'Accept': 'application/json'
},
body: body ? JSON.stringify(body) : undefined
});
if (!res.ok)
return { error: `Gitea API error: ${res.status} ${res.statusText}` };
return res.json();
}
async function giteaCreateIssue(repo, title, body, labels, ctx) {
assertGiteaWritable(repo);
return giteaFetch(`/repos/${repo}/issues`, ctx, 'POST', { title, body, labels });
}
async function giteaListIssues(repo, state, ctx) {
return giteaFetch(`/repos/${repo}/issues?state=${state}&limit=20`, ctx);
}
async function giteaCloseIssue(repo, issueNumber, ctx) {
assertGiteaWritable(repo);
return giteaFetch(`/repos/${repo}/issues/${issueNumber}`, ctx, 'PATCH', { state: 'closed' });
}
// ---------------------------------------------------------------------------
// Spawn agent (used by Orchestrator to delegate to specialists)
// Calls back to the AgentRunner HTTP API to queue a new job.
// ---------------------------------------------------------------------------
async function spawnAgentTool(agent, task, repo, _ctx) {
const runnerUrl = process.env.AGENT_RUNNER_URL || 'http://localhost:3333';
try {
const res = await fetch(`${runnerUrl}/api/agent/run`, {
method: 'POST',
headers: { 'Content-Type': 'application/json', 'X-Internal': 'true' },
body: JSON.stringify({ agent, task, repo })
});
const data = await res.json();
return { jobId: data.jobId, agent, status: 'dispatched' };
}
catch (err) {
return { error: `Failed to spawn agent: ${err instanceof Error ? err.message : String(err)}` };
}
}
// ---------------------------------------------------------------------------
// Orchestrator tools — project-wide awareness
// ---------------------------------------------------------------------------
async function listRepos(ctx) {
const res = await fetch(`${ctx.gitea.apiUrl}/api/v1/repos/search?limit=50&token=${ctx.gitea.apiToken}`, {
headers: { 'Authorization': `token ${ctx.gitea.apiToken}` }
});
const data = await res.json();
return (data.data || [])
// Hide protected platform repos from agent's view entirely
.filter((r) => !PROTECTED_GITEA_REPOS.has(r.full_name))
.map((r) => ({
name: r.full_name,
description: r.description,
default_branch: r.default_branch,
updated: r.updated,
stars: r.stars_count,
open_issues: r.open_issues_count
}));
}
async function listAllIssues(repo, state, ctx) {
if (repo) {
if (PROTECTED_GITEA_REPOS.has(repo)) {
return { error: `SECURITY: "${repo}" is a protected Vibn platform repo. Agents cannot access its issues.` };
}
return giteaFetch(`/repos/${repo}/issues?state=${state}&limit=20`, ctx);
}
// Fetch across all non-protected repos
const repos = await listRepos(ctx);
const allIssues = [];
for (const r of repos.slice(0, 10)) {
const issues = await giteaFetch(`/repos/${r.name}/issues?state=${state}&limit=10`, ctx);
if (Array.isArray(issues)) {
allIssues.push(...issues.map((i) => ({
repo: r.name,
number: i.number,
title: i.title,
state: i.state,
labels: i.labels?.map((l) => l.name),
created: i.created_at
})));
}
}
return allIssues;
}
async function listAllApps(ctx) {
const apps = await coolifyFetch('/applications', ctx);
if (!Array.isArray(apps))
return apps;
return apps
// Filter out apps that belong to the protected VIBN project
.filter((a) => a.project_uuid !== PROTECTED_COOLIFY_PROJECT && !PROTECTED_COOLIFY_APPS.has(a.uuid))
.map((a) => ({
uuid: a.uuid,
name: a.name,
fqdn: a.fqdn,
status: a.status,
repo: a.git_repository,
branch: a.git_branch
}));
}
async function getAppStatus(appName, ctx) {
const apps = await coolifyFetch('/applications', ctx);
if (!Array.isArray(apps))
return apps;
const app = apps.find((a) => a.name?.toLowerCase() === appName.toLowerCase() || a.uuid === appName);
if (!app)
return { error: `App "${appName}" not found` };
if (PROTECTED_COOLIFY_APPS.has(app.uuid) || app.project_uuid === PROTECTED_COOLIFY_PROJECT) {
return { error: `SECURITY: "${appName}" is a protected Vibn platform app. Status is not exposed to agents.` };
}
const logs = await coolifyFetch(`/applications/${app.uuid}/logs?limit=20`, ctx);
return { name: app.name, uuid: app.uuid, status: app.status, fqdn: app.fqdn, logs };
}
async function readRepoFile(repo, filePath, ctx) {
try {
const res = await fetch(`${ctx.gitea.apiUrl}/api/v1/repos/${repo}/contents/${filePath}`, {
headers: { 'Authorization': `token ${ctx.gitea.apiToken}` }
});
if (!res.ok)
return { error: `File not found: ${filePath} in ${repo}` };
const data = await res.json();
const content = Buffer.from(data.content, 'base64').toString('utf8');
return { repo, path: filePath, content };
}
catch (err) {
return { error: `Failed to read ${filePath}: ${err instanceof Error ? err.message : String(err)}` };
}
}
async function getJobStatus(jobId) {
const runnerUrl = process.env.AGENT_RUNNER_URL || 'http://localhost:3333';
try {
const res = await fetch(`${runnerUrl}/api/jobs/${jobId}`);
const job = await res.json();
return {
id: job.id,
agent: job.agent,
status: job.status,
progress: job.progress,
toolCalls: job.toolCalls?.length,
result: job.result,
error: job.error
};
}
catch (err) {
return { error: `Failed to get job: ${err instanceof Error ? err.message : String(err)}` };
}
}
function saveMemory(key, type, value, ctx) {
ctx.memoryUpdates.push({ key, type, value });
return { saved: true, key, type };
}
async function deployApp(appName, ctx) {
const apps = await coolifyFetch('/applications', ctx);
if (!Array.isArray(apps))
return apps;
const app = apps.find((a) => a.name?.toLowerCase() === appName.toLowerCase() || a.uuid === appName);
if (!app)
return { error: `App "${appName}" not found` };
// Block deployment to protected VIBN platform apps
if (PROTECTED_COOLIFY_APPS.has(app.uuid) || app.project_uuid === PROTECTED_COOLIFY_PROJECT) {
return {
error: `SECURITY: "${appName}" is a protected Vibn platform application. ` +
`Agents can only deploy user project apps, not platform infrastructure.`
};
}
const result = await fetch(`${ctx.coolify.apiUrl}/api/v1/deploy?uuid=${app.uuid}&force=false`, {
headers: { 'Authorization': `Bearer ${ctx.coolify.apiToken}` }
});
return result.json();
}
Reference in New Issue View Git Blame Copy Permalink