mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

Compare commits

base: mosaicstack:fix/populate-known-packages-list
Branches Tags
mosaicstack:main mosaicstack:release/mosaic-v0.0.29 mosaicstack:fix/installer-idempotent-creds mosaicstack:feat/framework-superpowers-enforcement mosaicstack:feat/install-ux-intent mosaicstack:feat/install-ux-polish mosaicstack:docs/iuv-m01-complete mosaicstack:fix/build-vitest-allowdefault mosaicstack:fix/bootstrap-hotfix mosaicstack:docs/install-ux-v2-scaffold mosaicstack:release/mosaic-v0.0.25 mosaicstack:docs/iuh-mission-complete mosaicstack:feat/unified-first-run mosaicstack:docs/iuh-m02-complete mosaicstack:feat/wizard-remediation mosaicstack:feat/mosaic-macp-cli mosaicstack:fix/gateway-token-recovery-review mosaicstack:feat/mosaic-auth-cli mosaicstack:feat/mosaic-forge-cli-v2 mosaicstack:feat/mosaic-storage-cli mosaicstack:feat/mosaic-memory-cli mosaicstack:feat/gateway-token-recovery mosaicstack:feat/mosaic-forge-cli mosaicstack:feat/mosaic-config-command mosaicstack:feat/mosaic-queue-cli mosaicstack:feat/mosaic-brain-cli mosaicstack:feat/mosaic-help-alphabetize mosaicstack:docs/gateway-token-recovery-plan mosaicstack:chore/bump-mosaic-0.0.21 mosaicstack:fix/populate-known-packages-list mosaicstack:fix/publish-loud-errors mosaicstack:fix/gitea-org-rename mosaicstack:fix/gateway-install-ux mosaicstack:fix/rename-mosaic-scope-391 mosaicstack:fix/db-memory-queue-publish-drift mosaicstack:fix/updater-wrapper-gitea-387 mosaicstack:fix/config-package-version-drift mosaicstack:fix/updater-mosaic-package-382 mosaicstack:fix/merge-cli-into-mosaic mosaicstack:fix/metapackage-cli-dep mosaicstack:chore/bump-cli-mosaic-0.0.16 mosaicstack:fix/gateway-deprecation-warnings mosaicstack:fix/gateway-install-prefix-eacces mosaicstack:chore/gateway-default-port-14242 mosaicstack:fix/gateway-scoped-registry mosaicstack:fix/gateway-install-registry mosaicstack:chore/bump-0.0.11 mosaicstack:feat/gateway-local-tier mosaicstack:feat/task-1775219952-fix-add-build-tools-to-ci-install-step-for-better-sqlite3 mosaicstack:fix/pnpm-build-scripts mosaicstack:fix/storage-sqlite-ci mosaicstack:feat/storage-abstraction mosaicstack:fix/idempotent-init
mosaicstack:mosaic-v0.0.29 mosaicstack:mosaic-v0.0.28 mosaicstack:mosaic-v0.0.27 mosaicstack:mosaic-v0.0.26 mosaicstack:mosaic-v0.0.25 mosaicstack:mosaic-v0.0.24 mosaicstack:v0.2.0 mosaicstack:v0.1.0 mosaicstack:v0.0.8 mosaicstack:v0.0.7 mosaicstack:v0.0.6 mosaicstack:v0.0.5 mosaicstack:v0.0.4
..
compare: mosaicstack:ca5c98cb0a4f3dba31e297fc2630ddcf958a7bcb
Branches Tags
mosaicstack:main mosaicstack:release/mosaic-v0.0.29 mosaicstack:fix/installer-idempotent-creds mosaicstack:feat/framework-superpowers-enforcement mosaicstack:feat/install-ux-intent mosaicstack:feat/install-ux-polish mosaicstack:docs/iuv-m01-complete mosaicstack:fix/build-vitest-allowdefault mosaicstack:fix/bootstrap-hotfix mosaicstack:docs/install-ux-v2-scaffold mosaicstack:release/mosaic-v0.0.25 mosaicstack:docs/iuh-mission-complete mosaicstack:feat/unified-first-run mosaicstack:docs/iuh-m02-complete mosaicstack:feat/wizard-remediation mosaicstack:feat/mosaic-macp-cli mosaicstack:fix/gateway-token-recovery-review mosaicstack:feat/mosaic-auth-cli mosaicstack:feat/mosaic-forge-cli-v2 mosaicstack:feat/mosaic-storage-cli mosaicstack:feat/mosaic-memory-cli mosaicstack:feat/gateway-token-recovery mosaicstack:feat/mosaic-forge-cli mosaicstack:feat/mosaic-config-command mosaicstack:feat/mosaic-queue-cli mosaicstack:feat/mosaic-brain-cli mosaicstack:feat/mosaic-help-alphabetize mosaicstack:docs/gateway-token-recovery-plan mosaicstack:chore/bump-mosaic-0.0.21 mosaicstack:fix/populate-known-packages-list mosaicstack:fix/publish-loud-errors mosaicstack:fix/gitea-org-rename mosaicstack:fix/gateway-install-ux mosaicstack:fix/rename-mosaic-scope-391 mosaicstack:fix/db-memory-queue-publish-drift mosaicstack:fix/updater-wrapper-gitea-387 mosaicstack:fix/config-package-version-drift mosaicstack:fix/updater-mosaic-package-382 mosaicstack:fix/merge-cli-into-mosaic mosaicstack:fix/metapackage-cli-dep mosaicstack:chore/bump-cli-mosaic-0.0.16 mosaicstack:fix/gateway-deprecation-warnings mosaicstack:fix/gateway-install-prefix-eacces mosaicstack:chore/gateway-default-port-14242 mosaicstack:fix/gateway-scoped-registry mosaicstack:fix/gateway-install-registry mosaicstack:chore/bump-0.0.11 mosaicstack:feat/gateway-local-tier mosaicstack:feat/task-1775219952-fix-add-build-tools-to-ci-install-step-for-better-sqlite3 mosaicstack:fix/pnpm-build-scripts mosaicstack:fix/storage-sqlite-ci mosaicstack:feat/storage-abstraction mosaicstack:fix/idempotent-init
mosaicstack:mosaic-v0.0.29 mosaicstack:mosaic-v0.0.28 mosaicstack:mosaic-v0.0.27 mosaicstack:mosaic-v0.0.26 mosaicstack:mosaic-v0.0.25 mosaicstack:mosaic-v0.0.24 mosaicstack:v0.2.0 mosaicstack:v0.1.0 mosaicstack:v0.0.8 mosaicstack:v0.0.7 mosaicstack:v0.0.6 mosaicstack:v0.0.5 mosaicstack:v0.0.4

1 Commits
fix/popula ... ca5c98cb0a

Author SHA1 Message Date
Jason Woltje
ca5c98cb0a feat(M3-002): implement AnthropicAdapter for Claude Sonnet 4.6, Opus 4.6, and Haiku 4.5
Some checks failed
ci/woodpecker/pr/ci Pipeline failed
Details
ci/woodpecker/push/ci Pipeline failed
Details 
Adds AnthropicAdapter implementing IProviderAdapter. Installs @anthropic-ai/sdk,
registers the three Claude models with the Pi ModelRegistry, implements healthCheck()
via client.models.list(), and createCompletion() with streaming via messages.stream().
Replaces the legacy inline registerAnthropicProvider() method in ProviderService.
Gracefully skips registration when ANTHROPIC_API_KEY is not set.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 16:33:33 -05:00
735 changed files with 1584 additions and 93333 deletions
Expand all files Collapse all files

12
.env.example
View File

@@ -23,8 +23,8 @@ VALKEY_URL=redis://localhost:6380
# ─── Gateway ─────────────────────────────────────────────────────────────────
# TCP port the NestJS/Fastify gateway listens on (default: 14242)
GATEWAY_PORT=14242
# TCP port the NestJS/Fastify gateway listens on (default: 4000)
GATEWAY_PORT=4000
# Comma-separated list of allowed CORS origins.
# Must include the web app origin in production.
@@ -37,12 +37,12 @@ GATEWAY_CORS_ORIGIN=http://localhost:3000
BETTER_AUTH_SECRET=change-me-to-a-random-32-char-string
# Public base URL of the gateway (used by BetterAuth for callback URLs)
BETTER_AUTH_URL=http://localhost:14242
BETTER_AUTH_URL=http://localhost:4000
# ─── Web App (Next.js) ───────────────────────────────────────────────────────
# Public gateway URL — accessible from the browser, not just the server.
NEXT_PUBLIC_GATEWAY_URL=http://localhost:14242
NEXT_PUBLIC_GATEWAY_URL=http://localhost:4000
# ─── OpenTelemetry ───────────────────────────────────────────────────────────
@@ -121,12 +121,12 @@ OTEL_SERVICE_NAME=mosaic-gateway
# ─── Discord Plugin (optional — set DISCORD_BOT_TOKEN to enable) ─────────────
# DISCORD_BOT_TOKEN=
# DISCORD_GUILD_ID=
# DISCORD_GATEWAY_URL=http://localhost:14242
# DISCORD_GATEWAY_URL=http://localhost:4000
# ─── Telegram Plugin (optional — set TELEGRAM_BOT_TOKEN to enable) ───────────
# TELEGRAM_BOT_TOKEN=
# TELEGRAM_GATEWAY_URL=http://localhost:14242
# TELEGRAM_GATEWAY_URL=http://localhost:4000
# ─── SSO Providers (add credentials to enable) ───────────────────────────────

2
.npmrc
View File

@@ -1 +1 @@
@mosaicstack:registry=https://git.mosaicstack.dev/api/packages/mosaicstack/npm/
@mosaic:registry=https://git.mosaicstack.dev/api/packages/mosaic/npm/

31
.woodpecker/ci.yml
View File

@@ -15,7 +15,6 @@ steps:
image: *node_image
commands:
- corepack enable
- apk add --no-cache python3 make g++
- pnpm install --frozen-lockfile
typecheck:
@@ -45,30 +44,18 @@ steps:
test:
image: *node_image
environment:
DATABASE_URL: postgresql://mosaic:mosaic@postgres:5432/mosaic
commands:
- *enable_pnpm
# Install postgresql-client for pg_isready
- apk add --no-cache postgresql-client
# Wait up to 30s for postgres to be ready
- |
for i in $(seq 1 30); do
pg_isready -h postgres -p 5432 -U mosaic && break
echo "Waiting for postgres ($i/30)..."
sleep 1
done
# Run migrations (DATABASE_URL is set in environment above)
- pnpm --filter @mosaicstack/db run db:migrate
# Run all tests
- pnpm test
depends_on:
- typecheck
services:
postgres:
image: pgvector/pgvector:pg17
environment:
POSTGRES_USER: mosaic
POSTGRES_PASSWORD: mosaic
POSTGRES_DB: mosaic
build:
image: *node_image
commands:
- *enable_pnpm
- pnpm build
depends_on:
- lint
- format
- test

134
.woodpecker/publish.yml
View File

@@ -1,134 +0,0 @@
# Build, publish npm packages, and push Docker images
# Runs only on main branch push/tag
variables:
- &node_image 'node:22-alpine'
- &enable_pnpm 'corepack enable'
when:
- branch: [main]
event: [push, manual, tag]
steps:
install:
image: *node_image
commands:
- corepack enable
- pnpm install --frozen-lockfile
build:
image: *node_image
commands:
- *enable_pnpm
- pnpm build
depends_on:
- install
publish-npm:
image: *node_image
environment:
NPM_TOKEN:
from_secret: gitea_token
commands:
- *enable_pnpm
# Configure auth for Gitea npm registry
- |
echo "//git.mosaicstack.dev/api/packages/mosaicstack/npm/:_authToken=$NPM_TOKEN" > ~/.npmrc
echo "@mosaicstack:registry=https://git.mosaicstack.dev/api/packages/mosaicstack/npm/" >> ~/.npmrc
# Publish non-private packages to Gitea.
#
# The only publish failure we tolerate is "version already exists" —
# that legitimately happens when only some packages were bumped in
# the merge. Any other failure (registry 404, auth error, network
# error) MUST fail the pipeline loudly: the previous
# `|| echo "... continuing"` fallback silently hid a 404 from the
# Gitea org rename and caused every @mosaicstack/* publish to fall
# on the floor while CI still reported green.
- |
set +e
pnpm --filter "@mosaicstack/*" --filter "!@mosaicstack/web" publish --no-git-checks --access public 2>&1 | tee /tmp/publish.log
EXIT=${PIPESTATUS[0]}
set -e
if [ "$EXIT" -eq 0 ]; then
echo "[publish] all packages published successfully"
exit 0
fi
# Any hard registry/auth/network error fails the pipeline.
if grep -qE "E404|E401|ENEEDAUTH|ECONNREFUSED|ETIMEDOUT|ENOTFOUND" /tmp/publish.log; then
echo "[publish] FATAL: registry/auth/network error detected — failing pipeline" >&2
exit 1
fi
# Tolerate only the specific "version already published" case.
if grep -qE "EPUBLISHCONFLICT|cannot publish over|previously published" /tmp/publish.log; then
echo "[publish] some packages already at this version — continuing (non-fatal)"
exit 0
fi
echo "[publish] FATAL: publish failed with unrecognized error — failing pipeline" >&2
exit 1
depends_on:
- build
# TODO: Uncomment when ready to publish to npmjs.org
# publish-npmjs:
# image: *node_image
# environment:
# NPM_TOKEN:
# from_secret: npmjs_token
# commands:
# - *enable_pnpm
# - apk add --no-cache jq bash
# - bash scripts/publish-npmjs.sh
# depends_on:
# - build
# when:
# - event: [tag]
build-gateway:
image: gcr.io/kaniko-project/executor:debug
environment:
REGISTRY_USER:
from_secret: gitea_username
REGISTRY_PASS:
from_secret: gitea_password
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
CI_COMMIT_SHA: ${CI_COMMIT_SHA}
commands:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASS\"}}}" > /kaniko/.docker/config.json
- |
DESTINATIONS="--destination git.mosaicstack.dev/mosaicstack/mosaic-stack/gateway:sha-${CI_COMMIT_SHA:0:7}"
if [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaicstack/mosaic-stack/gateway:latest"
fi
if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaicstack/mosaic-stack/gateway:$CI_COMMIT_TAG"
fi
/kaniko/executor --context . --dockerfile docker/gateway.Dockerfile $DESTINATIONS
depends_on:
- build
build-web:
image: gcr.io/kaniko-project/executor:debug
environment:
REGISTRY_USER:
from_secret: gitea_username
REGISTRY_PASS:
from_secret: gitea_password
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
CI_COMMIT_SHA: ${CI_COMMIT_SHA}
commands:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASS\"}}}" > /kaniko/.docker/config.json
- |
DESTINATIONS="--destination git.mosaicstack.dev/mosaicstack/mosaic-stack/web:sha-${CI_COMMIT_SHA:0:7}"
if [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaicstack/mosaic-stack/web:latest"
fi
if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaicstack/mosaic-stack/web:$CI_COMMIT_TAG"
fi
/kaniko/executor --context . --dockerfile docker/web.Dockerfile $DESTINATIONS
depends_on:
- build

10
AGENTS.md
View File

@@ -21,10 +21,10 @@ Mosaic Stack is a self-hosted, multi-user AI agent platform. TypeScript monorepo
| `apps/web` | Next.js dashboard | React 19, Tailwind |
| `packages/types` | Shared TypeScript contracts | class-validator |
| `packages/db` | Drizzle ORM schema + migrations | drizzle-orm, postgres |
| `packages/auth` | BetterAuth configuration | better-auth, @mosaicstack/db |
| `packages/brain` | Data layer (PG-backed) | @mosaicstack/db |
| `packages/auth` | BetterAuth configuration | better-auth, @mosaic/db |
| `packages/brain` | Data layer (PG-backed) | @mosaic/db |
| `packages/queue` | Valkey task queue + MCP | ioredis |
| `packages/coord` | Mission coordination | @mosaicstack/queue |
| `packages/coord` | Mission coordination | @mosaic/queue |
| `packages/cli` | Unified CLI + Pi TUI | Ink, Pi SDK |
| `plugins/discord` | Discord channel plugin | discord.js |
| `plugins/telegram` | Telegram channel plugin | Telegraf |
@@ -33,9 +33,9 @@ Mosaic Stack is a self-hosted, multi-user AI agent platform. TypeScript monorepo
1. Gateway is the single API surface — all clients connect through it
2. Pi SDK is ESM-only — gateway and CLI must use ESM
3. Socket.IO typed events defined in `@mosaicstack/types` enforce compile-time contracts
3. Socket.IO typed events defined in `@mosaic/types` enforce compile-time contracts
4. OTEL auto-instrumentation loads before NestJS bootstrap
5. BetterAuth manages auth tables; schema defined in `@mosaicstack/db`
5. BetterAuth manages auth tables; schema defined in `@mosaic/db`
6. Docker Compose provides PG (5433), Valkey (6380), OTEL Collector (4317/4318), Jaeger (16686)
7. Explicit `@Inject()` decorators required in NestJS (tsx/esbuild doesn't emit decorator metadata)

8
CLAUDE.md
View File

@@ -26,13 +26,13 @@ pnpm test # Vitest (all packages)
pnpm build # Build all packages
# Database
pnpm --filter @mosaicstack/db db:push # Push schema to PG (dev)
pnpm --filter @mosaicstack/db db:generate # Generate migrations
pnpm --filter @mosaicstack/db db:migrate # Run migrations
pnpm --filter @mosaic/db db:push # Push schema to PG (dev)
pnpm --filter @mosaic/db db:generate # Generate migrations
pnpm --filter @mosaic/db db:migrate # Run migrations
# Dev
docker compose up -d # Start PG, Valkey, OTEL, Jaeger
pnpm --filter @mosaicstack/gateway exec tsx src/main.ts # Start gateway
pnpm --filter @mosaic/gateway exec tsx src/main.ts # Start gateway
```
## Conventions

244
README.md
View File

@@ -1,244 +0,0 @@
# Mosaic Stack
Self-hosted, multi-user AI agent platform. One config, every runtime, same standards.
Mosaic gives you a unified launcher for Claude Code, Codex, OpenCode, and Pi — injecting consistent system prompts, guardrails, skills, and mission context into every session. A NestJS gateway provides the API surface, a Next.js dashboard gives you the UI, and a plugin system connects Discord, Telegram, and more.
## Quick Install
```bash
bash <(curl -fsSL https://git.mosaicstack.dev/mosaic/mosaic-stack/raw/branch/main/tools/install.sh)
```
This installs both components:
| Component | What | Where |
| -------------------- | ----------------------------------------------------- | -------------------- |
| **Framework** | Bash launcher, guides, runtime configs, tools, skills | `~/.config/mosaic/` |
| **@mosaicstack/cli** | TUI, gateway client, wizard, auto-updater | `~/.npm-global/bin/` |
After install, set up your agent identity:
```bash
mosaic init # Interactive wizard
```
### Requirements
- Node.js ≥ 20
- npm (for global @mosaicstack/cli install)
- One or more runtimes: [Claude Code](https://docs.anthropic.com/en/docs/claude-code), [Codex](https://github.com/openai/codex), [OpenCode](https://opencode.ai), or [Pi](https://github.com/mariozechner/pi-coding-agent)
## Usage
### Launching Agent Sessions
```bash
mosaic pi # Launch Pi with Mosaic injection
mosaic claude # Launch Claude Code with Mosaic injection
mosaic codex # Launch Codex with Mosaic injection
mosaic opencode # Launch OpenCode with Mosaic injection
mosaic yolo claude # Claude with dangerous-permissions mode
mosaic yolo pi # Pi in yolo mode
```
The launcher verifies your config, checks for `SOUL.md`, injects your `AGENTS.md` standards into the runtime, and forwards all arguments.
### TUI & Gateway
```bash
mosaic tui # Interactive TUI connected to the gateway
mosaic login # Authenticate with a gateway instance
mosaic sessions list # List active agent sessions
```
### Management
```bash
mosaic doctor # Health audit — detect drift and missing files
mosaic sync # Sync skills from canonical source
mosaic update # Check for and install CLI updates
mosaic wizard # Full guided setup wizard
mosaic bootstrap <path> # Bootstrap a repo with Mosaic standards
mosaic coord init # Initialize a new orchestration mission
mosaic prdy init # Create a PRD via guided session
```
## Development
### Prerequisites
- Node.js ≥ 20
- pnpm 10.6+
- Docker & Docker Compose
### Setup
```bash
git clone git@git.mosaicstack.dev:mosaic/mosaic-stack.git
cd mosaic-stack
# Start infrastructure (Postgres, Valkey, Jaeger)
docker compose up -d
# Install dependencies
pnpm install
# Run migrations
pnpm --filter @mosaicstack/db run db:migrate
# Start all services in dev mode
pnpm dev
```
### Infrastructure
Docker Compose provides:
| Service | Port | Purpose |
| --------------------- | --------- | ---------------------- |
| PostgreSQL (pgvector) | 5433 | Primary database |
| Valkey | 6380 | Task queue + caching |
| Jaeger | 16686 | Distributed tracing UI |
| OTEL Collector | 4317/4318 | Telemetry ingestion |
### Quality Gates
```bash
pnpm typecheck # TypeScript type checking (all packages)
pnpm lint # ESLint (all packages)
pnpm test # Vitest (all packages)
pnpm format:check # Prettier check
pnpm format # Prettier auto-fix
```
### CI
Woodpecker CI runs on every push:
- `pnpm install --frozen-lockfile`
- Database migration against a fresh Postgres
- `pnpm test` (Turbo-orchestrated across all packages)
npm packages are published to the Gitea package registry on main merges.
## Architecture
```
mosaic-stack/
├── apps/
│ ├── gateway/ NestJS API + WebSocket hub (Fastify, Socket.IO, OTEL)
│ └── web/ Next.js dashboard (React 19, Tailwind)
├── packages/
│ ├── cli/ Mosaic CLI — TUI, gateway client, wizard
│ ├── mosaic/ Framework — wizard, runtime detection, update checker
│ ├── types/ Shared TypeScript contracts (Socket.IO typed events)
│ ├── db/ Drizzle ORM schema + migrations (pgvector)
│ ├── auth/ BetterAuth configuration
│ ├── brain/ Data layer (PG-backed)
│ ├── queue/ Valkey task queue + MCP
│ ├── coord/ Mission coordination
│ ├── forge/ Multi-stage AI pipeline (intake → board → plan → code → review)
│ ├── macp/ MACP protocol — credential resolution, gate runner, events
│ ├── agent/ Agent session management
│ ├── memory/ Agent memory layer
│ ├── log/ Structured logging
│ ├── prdy/ PRD creation and validation
│ ├── quality-rails/ Quality templates (TypeScript, Next.js, monorepo)
│ └── design-tokens/ Shared design tokens
├── plugins/
│ ├── discord/ Discord channel plugin (discord.js)
│ ├── telegram/ Telegram channel plugin (Telegraf)
│ ├── macp/ OpenClaw MACP runtime plugin
│ └── mosaic-framework/ OpenClaw framework injection plugin
├── tools/
│ └── install.sh Unified installer (framework + npm CLI)
├── scripts/agent/ Agent session lifecycle scripts
├── docker-compose.yml Dev infrastructure
└── .woodpecker/ CI pipeline configs
```
### Key Design Decisions
- **Gateway is the single API surface** — all clients (TUI, web, Discord, Telegram) connect through it
- **ESM everywhere** — `"type": "module"`, `.js` extensions in imports, NodeNext resolution
- **Socket.IO typed events** — defined in `@mosaicstack/types`, enforced at compile time
- **OTEL auto-instrumentation** — loads before NestJS bootstrap
- **Explicit `@Inject()` decorators** — required since tsx/esbuild doesn't emit decorator metadata
### Framework (`~/.config/mosaic/`)
The framework is the bash-based standards layer installed to every developer machine:
```
~/.config/mosaic/
├── AGENTS.md ← Central standards (loaded into every runtime)
├── SOUL.md ← Agent identity (name, style, guardrails)
├── USER.md ← User profile (name, timezone, preferences)
├── TOOLS.md ← Machine-level tool reference
├── bin/mosaic ← Unified launcher (claude, codex, opencode, pi, yolo)
├── guides/ ← E2E delivery, orchestrator protocol, PRD, etc.
├── runtime/ ← Per-runtime configs (claude/, codex/, opencode/, pi/)
├── skills/ ← Universal skills (synced from agent-skills repo)
├── tools/ ← Tool suites (orchestrator, git, quality, prdy, etc.)
└── memory/ ← Persistent agent memory (preserved across upgrades)
```
### Forge Pipeline
Forge is a multi-stage AI pipeline for autonomous feature delivery:
```
Intake → Discovery → Board Review → Planning (3 stages) → Coding → Review → Remediation → Test → Deploy
```
Each stage has a dispatch mode (`exec` for research/review, `yolo` for coding), quality gates, and timeouts. The board review uses multiple AI personas (CEO, CTO, CFO, COO + specialists) to evaluate briefs before committing resources.
## Upgrading
Run the installer again — it handles upgrades automatically:
```bash
bash <(curl -fsSL https://git.mosaicstack.dev/mosaic/mosaic-stack/raw/branch/main/tools/install.sh)
```
Or use the CLI:
```bash
mosaic update # Check + install CLI updates
mosaic update --check # Check only, don't install
```
The CLI also performs a background update check on every invocation (cached for 1 hour).
### Installer Flags
```bash
bash tools/install.sh --check # Version check only
bash tools/install.sh --framework # Framework only (skip npm CLI)
bash tools/install.sh --cli # npm CLI only (skip framework)
bash tools/install.sh --ref v1.0 # Install from a specific git ref
```
## Contributing
```bash
# Create a feature branch
git checkout -b feat/my-feature
# Make changes, then verify
pnpm typecheck && pnpm lint && pnpm test && pnpm format:check
# Commit (husky runs lint-staged automatically)
git commit -m "feat: description of change"
# Push and create PR
git push -u origin feat/my-feature
```
DTOs go in `*.dto.ts` files at module boundaries. Scratchpads (`docs/scratchpads/`) are mandatory for non-trivial tasks. See `AGENTS.md` for the full standards reference.
## License
Proprietary — all rights reserved.

50
apps/gateway/package.json
View File

@@ -1,23 +1,9 @@
{
"name": "@mosaicstack/gateway",
"version": "0.0.6",
"repository": {
"type": "git",
"url": "https://git.mosaicstack.dev/mosaicstack/mosaic-stack.git",
"directory": "apps/gateway"
},
"name": "@mosaic/gateway",
"version": "0.0.0",
"private": true,
"type": "module",
"main": "dist/main.js",
"bin": {
"mosaic-gateway": "dist/main.js"
},
"files": [
"dist"
],
"publishConfig": {
"registry": "https://git.mosaicstack.dev/api/packages/mosaicstack/npm/",
"access": "public"
},
"scripts": {
"build": "tsc",
"dev": "tsx watch src/main.ts",
@@ -28,28 +14,26 @@
"dependencies": {
"@anthropic-ai/sdk": "^0.80.0",
"@fastify/helmet": "^13.0.2",
"@mariozechner/pi-ai": "^0.65.0",
"@mariozechner/pi-coding-agent": "^0.65.0",
"@mariozechner/pi-ai": "~0.57.1",
"@mariozechner/pi-coding-agent": "~0.57.1",
"@modelcontextprotocol/sdk": "^1.27.1",
"@mosaicstack/auth": "workspace:^",
"@mosaicstack/brain": "workspace:^",
"@mosaicstack/config": "workspace:^",
"@mosaicstack/coord": "workspace:^",
"@mosaicstack/db": "workspace:^",
"@mosaicstack/discord-plugin": "workspace:^",
"@mosaicstack/log": "workspace:^",
"@mosaicstack/memory": "workspace:^",
"@mosaicstack/queue": "workspace:^",
"@mosaicstack/storage": "workspace:^",
"@mosaicstack/telegram-plugin": "workspace:^",
"@mosaicstack/types": "workspace:^",
"@mosaic/auth": "workspace:^",
"@mosaic/brain": "workspace:^",
"@mosaic/coord": "workspace:^",
"@mosaic/db": "workspace:^",
"@mosaic/discord-plugin": "workspace:^",
"@mosaic/log": "workspace:^",
"@mosaic/memory": "workspace:^",
"@mosaic/queue": "workspace:^",
"@mosaic/telegram-plugin": "workspace:^",
"@mosaic/types": "workspace:^",
"@nestjs/common": "^11.0.0",
"@nestjs/core": "^11.0.0",
"@nestjs/platform-fastify": "^11.0.0",
"@nestjs/platform-socket.io": "^11.0.0",
"@nestjs/throttler": "^6.5.0",
"@nestjs/websockets": "^11.0.0",
"@opentelemetry/auto-instrumentations-node": "^0.72.0",
"@opentelemetry/auto-instrumentations-node": "^0.71.0",
"@opentelemetry/exporter-metrics-otlp-http": "^0.213.0",
"@opentelemetry/exporter-trace-otlp-http": "^0.213.0",
"@opentelemetry/resources": "^2.6.0",
@@ -58,13 +42,11 @@
"@opentelemetry/semantic-conventions": "^1.40.0",
"@sinclair/typebox": "^0.34.48",
"better-auth": "^1.5.5",
"bullmq": "^5.71.0",
"class-transformer": "^0.5.1",
"class-validator": "^0.15.1",
"dotenv": "^17.3.1",
"fastify": "^5.0.0",
"node-cron": "^4.2.1",
"openai": "^6.32.0",
"reflect-metadata": "^0.2.0",
"rxjs": "^7.8.0",
"socket.io": "^4.8.0",

2
apps/gateway/src/__tests__/conversation-persistence.test.ts
View File

@@ -12,7 +12,7 @@ import { BadRequestException, NotFoundException } from '@nestjs/common';
import { describe, expect, it, vi, beforeEach } from 'vitest';
import type { ConversationHistoryMessage } from '../agent/agent.service.js';
import { ConversationsController } from '../conversations/conversations.controller.js';
import type { Message } from '@mosaicstack/brain';
import type { Message } from '@mosaic/brain';
// ---------------------------------------------------------------------------
// Shared test data

269
apps/gateway/src/__tests__/cross-user-isolation.test.ts
View File

@@ -17,14 +17,14 @@
* pgvector enabled and the Mosaic schema already applied.
*/
import { afterAll, beforeAll, beforeEach, describe, expect, it } from 'vitest';
import { createDb } from '@mosaicstack/db';
import { createConversationsRepo } from '@mosaicstack/brain';
import { createAgentsRepo } from '@mosaicstack/brain';
import { createPreferencesRepo, createInsightsRepo } from '@mosaicstack/memory';
import { users, conversations, messages, agents, preferences, insights } from '@mosaicstack/db';
import { eq } from '@mosaicstack/db';
import type { DbHandle } from '@mosaicstack/db';
import { afterAll, beforeAll, describe, expect, it } from 'vitest';
import { createDb } from '@mosaic/db';
import { createConversationsRepo } from '@mosaic/brain';
import { createAgentsRepo } from '@mosaic/brain';
import { createPreferencesRepo, createInsightsRepo } from '@mosaic/memory';
import { users, conversations, messages, agents, preferences, insights } from '@mosaic/db';
import { eq } from '@mosaic/db';
import type { DbHandle } from '@mosaic/db';
// ─── Fixed IDs so the afterAll cleanup is deterministic ──────────────────────
@@ -45,148 +45,133 @@ const INSIGHT_B_ID = 'bbbbbbbb-0000-0000-0000-000000000005';
// ─── Test fixture ─────────────────────────────────────────────────────────────
let handle: DbHandle;
let dbAvailable = false;
beforeAll(async () => {
try {
handle = createDb();
const db = handle.db;
handle = createDb();
const db = handle.db;
// Insert two users
await db
.insert(users)
.values([
{
id: USER_A_ID,
name: 'Isolation Test User A',
email: 'test-iso-user-a@example.invalid',
emailVerified: false,
},
{
id: USER_B_ID,
name: 'Isolation Test User B',
email: 'test-iso-user-b@example.invalid',
emailVerified: false,
},
])
.onConflictDoNothing();
// Insert two users
await db
.insert(users)
.values([
{
id: USER_A_ID,
name: 'Isolation Test User A',
email: 'test-iso-user-a@example.invalid',
emailVerified: false,
},
{
id: USER_B_ID,
name: 'Isolation Test User B',
email: 'test-iso-user-b@example.invalid',
emailVerified: false,
},
])
.onConflictDoNothing();
// Conversations — one per user
await db
.insert(conversations)
.values([
{ id: CONV_A_ID, userId: USER_A_ID, title: 'User A conversation' },
{ id: CONV_B_ID, userId: USER_B_ID, title: 'User B conversation' },
])
.onConflictDoNothing();
// Conversations — one per user
await db
.insert(conversations)
.values([
{ id: CONV_A_ID, userId: USER_A_ID, title: 'User A conversation' },
{ id: CONV_B_ID, userId: USER_B_ID, title: 'User B conversation' },
])
.onConflictDoNothing();
// Messages — one per conversation
await db
.insert(messages)
.values([
{
id: MSG_A_ID,
conversationId: CONV_A_ID,
role: 'user',
content: 'Hello from User A',
},
{
id: MSG_B_ID,
conversationId: CONV_B_ID,
role: 'user',
content: 'Hello from User B',
},
])
.onConflictDoNothing();
// Messages — one per conversation
await db
.insert(messages)
.values([
{
id: MSG_A_ID,
conversationId: CONV_A_ID,
role: 'user',
content: 'Hello from User A',
},
{
id: MSG_B_ID,
conversationId: CONV_B_ID,
role: 'user',
content: 'Hello from User B',
},
])
.onConflictDoNothing();
// Agent configs — private agents (one per user) + one system agent
await db
.insert(agents)
.values([
{
id: AGENT_A_ID,
name: 'Agent A (private)',
provider: 'test',
model: 'test-model',
ownerId: USER_A_ID,
isSystem: false,
},
{
id: AGENT_B_ID,
name: 'Agent B (private)',
provider: 'test',
model: 'test-model',
ownerId: USER_B_ID,
isSystem: false,
},
{
id: AGENT_SYS_ID,
name: 'Shared System Agent',
provider: 'test',
model: 'test-model',
ownerId: null,
isSystem: true,
},
])
.onConflictDoNothing();
// Agent configs — private agents (one per user) + one system agent
await db
.insert(agents)
.values([
{
id: AGENT_A_ID,
name: 'Agent A (private)',
provider: 'test',
model: 'test-model',
ownerId: USER_A_ID,
isSystem: false,
},
{
id: AGENT_B_ID,
name: 'Agent B (private)',
provider: 'test',
model: 'test-model',
ownerId: USER_B_ID,
isSystem: false,
},
{
id: AGENT_SYS_ID,
name: 'Shared System Agent',
provider: 'test',
model: 'test-model',
ownerId: null,
isSystem: true,
},
])
.onConflictDoNothing();
// Preferences — one per user (same key, different values)
await db
.insert(preferences)
.values([
{
id: PREF_A_ID,
userId: USER_A_ID,
key: 'theme',
value: 'dark',
category: 'appearance',
},
{
id: PREF_B_ID,
userId: USER_B_ID,
key: 'theme',
value: 'light',
category: 'appearance',
},
])
.onConflictDoNothing();
// Preferences — one per user (same key, different values)
await db
.insert(preferences)
.values([
{
id: PREF_A_ID,
userId: USER_A_ID,
key: 'theme',
value: 'dark',
category: 'appearance',
},
{
id: PREF_B_ID,
userId: USER_B_ID,
key: 'theme',
value: 'light',
category: 'appearance',
},
])
.onConflictDoNothing();
// Insights — no embedding to keep the fixture simple; embedding-based search
// is tested separately with a zero-vector that falls outside maxDistance
await db
.insert(insights)
.values([
{
id: INSIGHT_A_ID,
userId: USER_A_ID,
content: 'User A insight',
source: 'user',
category: 'general',
relevanceScore: 1.0,
},
{
id: INSIGHT_B_ID,
userId: USER_B_ID,
content: 'User B insight',
source: 'user',
category: 'general',
relevanceScore: 1.0,
},
])
.onConflictDoNothing();
dbAvailable = true;
} catch {
// Database is not reachable (e.g., CI environment without Postgres on port 5433).
// All tests in this suite will be skipped.
}
});
// Skip all tests in this file when the database is not reachable (e.g., CI without Postgres).
beforeEach((ctx) => {
if (!dbAvailable) {
ctx.skip();
}
// Insights — no embedding to keep the fixture simple; embedding-based search
// is tested separately with a zero-vector that falls outside maxDistance
await db
.insert(insights)
.values([
{
id: INSIGHT_A_ID,
userId: USER_A_ID,
content: 'User A insight',
source: 'user',
category: 'general',
relevanceScore: 1.0,
},
{
id: INSIGHT_B_ID,
userId: USER_B_ID,
content: 'User B insight',
source: 'user',
category: 'general',
relevanceScore: 1.0,
},
])
.onConflictDoNothing();
});
afterAll(async () => {

377
apps/gateway/src/__tests__/session-hardening.test.ts
View File

@@ -1,377 +0,0 @@
/**
* M5-008: Session hardening verification tests.
*
* Verifies:
* 1. /model command switches model → session:info reflects updated modelId
* 2. /agent command switches agent config → system prompt / agentName changes
* 3. Session resume binds to a conversation (history injected via conversationHistory option)
* 4. Session metrics track token usage and message count correctly
*/
import { describe, it, expect, vi, beforeEach } from 'vitest';
import type {
AgentSession,
AgentSessionOptions,
ConversationHistoryMessage,
} from '../agent/agent.service.js';
import type { SessionInfoDto, SessionMetrics, SessionTokenMetrics } from '../agent/session.dto.js';
// ---------------------------------------------------------------------------
// Helpers — minimal AgentSession fixture
// ---------------------------------------------------------------------------
function makeMetrics(overrides?: Partial<SessionMetrics>): SessionMetrics {
return {
tokens: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
modelSwitches: 0,
messageCount: 0,
lastActivityAt: new Date().toISOString(),
...overrides,
};
}
function makeSession(overrides?: Partial<AgentSession>): AgentSession {
return {
id: 'session-001',
provider: 'anthropic',
modelId: 'claude-3-5-sonnet-20241022',
piSession: {} as AgentSession['piSession'],
listeners: new Set(),
unsubscribe: vi.fn(),
createdAt: Date.now(),
promptCount: 0,
channels: new Set(),
skillPromptAdditions: [],
sandboxDir: '/tmp',
allowedTools: null,
metrics: makeMetrics(),
...overrides,
};
}
function sessionToInfo(session: AgentSession): SessionInfoDto {
return {
id: session.id,
provider: session.provider,
modelId: session.modelId,
...(session.agentName ? { agentName: session.agentName } : {}),
createdAt: new Date(session.createdAt).toISOString(),
promptCount: session.promptCount,
channels: Array.from(session.channels),
durationMs: Date.now() - session.createdAt,
metrics: { ...session.metrics },
};
}
// ---------------------------------------------------------------------------
// Replicated AgentService methods (tested in isolation without full DI setup)
// ---------------------------------------------------------------------------
function updateSessionModel(session: AgentSession, modelId: string): void {
session.modelId = modelId;
session.metrics.modelSwitches += 1;
session.metrics.lastActivityAt = new Date().toISOString();
}
function applyAgentConfig(
session: AgentSession,
agentConfigId: string,
agentName: string,
modelId?: string,
): void {
session.agentConfigId = agentConfigId;
session.agentName = agentName;
if (modelId) {
updateSessionModel(session, modelId);
}
}
function recordTokenUsage(session: AgentSession, tokens: SessionTokenMetrics): void {
session.metrics.tokens.input += tokens.input;
session.metrics.tokens.output += tokens.output;
session.metrics.tokens.cacheRead += tokens.cacheRead;
session.metrics.tokens.cacheWrite += tokens.cacheWrite;
session.metrics.tokens.total += tokens.total;
session.metrics.lastActivityAt = new Date().toISOString();
}
function recordMessage(session: AgentSession): void {
session.metrics.messageCount += 1;
session.metrics.lastActivityAt = new Date().toISOString();
}
// ---------------------------------------------------------------------------
// 1. /model command — switches model → session:info updated
// ---------------------------------------------------------------------------
describe('/model command — model switch reflected in session:info', () => {
let session: AgentSession;
beforeEach(() => {
session = makeSession();
});
it('updates modelId when /model is called with a model name', () => {
updateSessionModel(session, 'claude-opus-4-5-20251001');
expect(session.modelId).toBe('claude-opus-4-5-20251001');
});
it('increments modelSwitches metric after /model command', () => {
expect(session.metrics.modelSwitches).toBe(0);
updateSessionModel(session, 'gpt-4o');
expect(session.metrics.modelSwitches).toBe(1);
updateSessionModel(session, 'claude-3-5-sonnet-20241022');
expect(session.metrics.modelSwitches).toBe(2);
});
it('session:info DTO reflects the new modelId after switch', () => {
updateSessionModel(session, 'claude-haiku-3-5-20251001');
const info = sessionToInfo(session);
expect(info.modelId).toBe('claude-haiku-3-5-20251001');
expect(info.metrics.modelSwitches).toBe(1);
});
it('lastActivityAt is updated after model switch', () => {
const before = session.metrics.lastActivityAt;
// Ensure at least 1ms passes
vi.setSystemTime(Date.now() + 1);
updateSessionModel(session, 'new-model');
vi.useRealTimers();
expect(session.metrics.lastActivityAt).not.toBe(before);
});
});
// ---------------------------------------------------------------------------
// 2. /agent command — switches agent config → system prompt / agentName updated
// ---------------------------------------------------------------------------
describe('/agent command — agent config applied to session', () => {
let session: AgentSession;
beforeEach(() => {
session = makeSession();
});
it('sets agentConfigId and agentName on the session', () => {
applyAgentConfig(session, 'agent-uuid-001', 'CodeReviewer');
expect(session.agentConfigId).toBe('agent-uuid-001');
expect(session.agentName).toBe('CodeReviewer');
});
it('also updates modelId when agent config carries a model', () => {
applyAgentConfig(session, 'agent-uuid-002', 'DataAnalyst', 'gpt-4o-mini');
expect(session.agentName).toBe('DataAnalyst');
expect(session.modelId).toBe('gpt-4o-mini');
expect(session.metrics.modelSwitches).toBe(1);
});
it('does NOT update modelId when agent config has no model', () => {
const originalModel = session.modelId;
applyAgentConfig(session, 'agent-uuid-003', 'Planner', undefined);
expect(session.modelId).toBe(originalModel);
expect(session.metrics.modelSwitches).toBe(0);
});
it('session:info DTO reflects agentName after /agent switch', () => {
applyAgentConfig(session, 'agent-uuid-004', 'DevBot');
const info = sessionToInfo(session);
expect(info.agentName).toBe('DevBot');
});
it('multiple /agent calls update to the latest agent', () => {
applyAgentConfig(session, 'agent-001', 'FirstAgent');
applyAgentConfig(session, 'agent-002', 'SecondAgent');
expect(session.agentConfigId).toBe('agent-002');
expect(session.agentName).toBe('SecondAgent');
});
});
// ---------------------------------------------------------------------------
// 3. Session resume — binds to conversation via conversationHistory
// ---------------------------------------------------------------------------
describe('Session resume — binds to conversation', () => {
it('conversationHistory option is preserved in session options', () => {
const history: ConversationHistoryMessage[] = [
{
role: 'user',
content: 'Hello, what is TypeScript?',
createdAt: new Date('2026-01-01T00:01:00Z'),
},
{
role: 'assistant',
content: 'TypeScript is a typed superset of JavaScript.',
createdAt: new Date('2026-01-01T00:01:05Z'),
},
];
const options: AgentSessionOptions = {
conversationHistory: history,
provider: 'anthropic',
modelId: 'claude-3-5-sonnet-20241022',
};
expect(options.conversationHistory).toHaveLength(2);
expect(options.conversationHistory![0]!.role).toBe('user');
expect(options.conversationHistory![1]!.role).toBe('assistant');
});
it('session with conversationHistory option carries the conversation binding', () => {
const CONV_ID = 'conv-resume-001';
const history: ConversationHistoryMessage[] = [
{ role: 'user', content: 'Prior question', createdAt: new Date('2026-01-01T00:01:00Z') },
];
// Simulate what ChatGateway does: pass conversationId + history to createSession
const options: AgentSessionOptions = {
conversationHistory: history,
};
// The session ID is the conversationId in the gateway
const session = makeSession({ id: CONV_ID });
expect(session.id).toBe(CONV_ID);
expect(options.conversationHistory).toHaveLength(1);
});
it('empty conversationHistory is valid (new conversation)', () => {
const options: AgentSessionOptions = {
conversationHistory: [],
};
expect(options.conversationHistory).toHaveLength(0);
});
it('resumed session preserves all message roles', () => {
const history: ConversationHistoryMessage[] = [
{ role: 'system', content: 'You are a helpful assistant.', createdAt: new Date() },
{ role: 'user', content: 'Question 1', createdAt: new Date() },
{ role: 'assistant', content: 'Answer 1', createdAt: new Date() },
{ role: 'user', content: 'Question 2', createdAt: new Date() },
];
const roles = history.map((m) => m.role);
expect(roles).toEqual(['system', 'user', 'assistant', 'user']);
});
});
// ---------------------------------------------------------------------------
// 4. Session metrics — token usage and message count
// ---------------------------------------------------------------------------
describe('Session metrics — token usage and message count', () => {
let session: AgentSession;
beforeEach(() => {
session = makeSession();
});
it('starts with zero metrics', () => {
expect(session.metrics.tokens.input).toBe(0);
expect(session.metrics.tokens.output).toBe(0);
expect(session.metrics.tokens.total).toBe(0);
expect(session.metrics.messageCount).toBe(0);
expect(session.metrics.modelSwitches).toBe(0);
});
it('accumulates token usage across multiple turns', () => {
recordTokenUsage(session, {
input: 100,
output: 50,
cacheRead: 0,
cacheWrite: 0,
total: 150,
});
recordTokenUsage(session, {
input: 200,
output: 80,
cacheRead: 10,
cacheWrite: 5,
total: 295,
});
expect(session.metrics.tokens.input).toBe(300);
expect(session.metrics.tokens.output).toBe(130);
expect(session.metrics.tokens.cacheRead).toBe(10);
expect(session.metrics.tokens.cacheWrite).toBe(5);
expect(session.metrics.tokens.total).toBe(445);
});
it('increments message count with each recordMessage call', () => {
expect(session.metrics.messageCount).toBe(0);
recordMessage(session);
expect(session.metrics.messageCount).toBe(1);
recordMessage(session);
recordMessage(session);
expect(session.metrics.messageCount).toBe(3);
});
it('session:info DTO exposes correct metrics snapshot', () => {
recordTokenUsage(session, {
input: 500,
output: 100,
cacheRead: 20,
cacheWrite: 10,
total: 630,
});
recordMessage(session);
recordMessage(session);
updateSessionModel(session, 'claude-haiku-3-5-20251001');
const info = sessionToInfo(session);
expect(info.metrics.tokens.input).toBe(500);
expect(info.metrics.tokens.output).toBe(100);
expect(info.metrics.tokens.total).toBe(630);
expect(info.metrics.messageCount).toBe(2);
expect(info.metrics.modelSwitches).toBe(1);
});
it('metrics are independent per session', () => {
const sessionA = makeSession({ id: 'session-A' });
const sessionB = makeSession({ id: 'session-B' });
recordTokenUsage(sessionA, { input: 100, output: 50, cacheRead: 0, cacheWrite: 0, total: 150 });
recordMessage(sessionA);
// Session B should remain at zero
expect(sessionB.metrics.tokens.input).toBe(0);
expect(sessionB.metrics.messageCount).toBe(0);
// Session A should have updated values
expect(sessionA.metrics.tokens.input).toBe(100);
expect(sessionA.metrics.messageCount).toBe(1);
});
it('lastActivityAt is updated after recording tokens', () => {
const before = session.metrics.lastActivityAt;
vi.setSystemTime(new Date(Date.now() + 100));
recordTokenUsage(session, { input: 10, output: 5, cacheRead: 0, cacheWrite: 0, total: 15 });
vi.useRealTimers();
expect(session.metrics.lastActivityAt).not.toBe(before);
});
it('lastActivityAt is updated after recording a message', () => {
const before = session.metrics.lastActivityAt;
vi.setSystemTime(new Date(Date.now() + 100));
recordMessage(session);
vi.useRealTimers();
expect(session.metrics.lastActivityAt).not.toBe(before);
});
});

4
apps/gateway/src/admin/admin-health.controller.ts
View File

@@ -1,6 +1,6 @@
import { Controller, Get, Inject, UseGuards } from '@nestjs/common';
import { sql, type Db } from '@mosaicstack/db';
import { createQueue } from '@mosaicstack/queue';
import { sql, type Db } from '@mosaic/db';
import { createQueue } from '@mosaic/queue';
import { DB } from '../database/database.module.js';
import { AgentService } from '../agent/agent.service.js';
import { ProviderService } from '../agent/provider.service.js';

128
apps/gateway/src/admin/admin-jobs.controller.ts
View File

@@ -1,128 +0,0 @@
import {
Controller,
Get,
HttpCode,
HttpStatus,
Inject,
NotFoundException,
Optional,
Param,
Post,
Query,
UseGuards,
} from '@nestjs/common';
import { AdminGuard } from './admin.guard.js';
import { QueueService } from '../queue/queue.service.js';
import type { JobDto, JobListDto, JobStatus, QueueListDto } from '../queue/queue-admin.dto.js';
@Controller('api/admin/jobs')
@UseGuards(AdminGuard)
export class AdminJobsController {
constructor(
@Optional()
@Inject(QueueService)
private readonly queueService: QueueService | null,
) {}
/**
* GET /api/admin/jobs
* List jobs across all queues. Optional ?status=active|completed|failed|waiting|delayed
*/
@Get()
async listJobs(@Query('status') status?: string): Promise<JobListDto> {
if (!this.queueService) {
return { jobs: [], total: 0 };
}
const validStatuses: JobStatus[] = ['active', 'completed', 'failed', 'waiting', 'delayed'];
const normalised = status as JobStatus | undefined;
if (normalised && !validStatuses.includes(normalised)) {
return { jobs: [], total: 0 };
}
const jobs: JobDto[] = await this.queueService.listJobs(normalised);
return { jobs, total: jobs.length };
}
/**
* POST /api/admin/jobs/:id/retry
* Retry a specific failed job. The id is "<queue>__<bullmq-job-id>".
*/
@Post(':id/retry')
@HttpCode(HttpStatus.OK)
async retryJob(@Param('id') id: string): Promise<{ ok: boolean; message: string }> {
if (!this.queueService) {
throw new NotFoundException('Queue service is not available');
}
const result = await this.queueService.retryJob(id);
if (!result.ok) {
throw new NotFoundException(result.message);
}
return result;
}
/**
* GET /api/admin/jobs/queues
* Return status for all managed queues.
*/
@Get('queues')
async listQueues(): Promise<QueueListDto> {
if (!this.queueService) {
return { queues: [] };
}
const health = await this.queueService.getHealthStatus();
const queues = Object.entries(health.queues).map(([name, stats]) => ({
name,
waiting: stats.waiting,
active: stats.active,
completed: stats.completed,
failed: stats.failed,
delayed: 0,
paused: stats.paused,
}));
return { queues };
}
/**
* POST /api/admin/jobs/queues/:name/pause
* Pause the named queue.
*/
@Post('queues/:name/pause')
@HttpCode(HttpStatus.OK)
async pauseQueue(@Param('name') name: string): Promise<{ ok: boolean; message: string }> {
if (!this.queueService) {
throw new NotFoundException('Queue service is not available');
}
const result = await this.queueService.pauseQueue(name);
if (!result.ok) {
throw new NotFoundException(result.message);
}
return result;
}
/**
* POST /api/admin/jobs/queues/:name/resume
* Resume the named queue.
*/
@Post('queues/:name/resume')
@HttpCode(HttpStatus.OK)
async resumeQueue(@Param('name') name: string): Promise<{ ok: boolean; message: string }> {
if (!this.queueService) {
throw new NotFoundException('Queue service is not available');
}
const result = await this.queueService.resumeQueue(name);
if (!result.ok) {
throw new NotFoundException(result.message);
}
return result;
}
}

90
apps/gateway/src/admin/admin-tokens.controller.ts
View File

@@ -1,90 +0,0 @@
import {
Body,
Controller,
Delete,
Get,
HttpCode,
HttpStatus,
Inject,
Param,
Post,
UseGuards,
} from '@nestjs/common';
import { randomBytes, createHash } from 'node:crypto';
import { eq, type Db, adminTokens } from '@mosaicstack/db';
import { v4 as uuid } from 'uuid';
import { DB } from '../database/database.module.js';
import { AdminGuard } from './admin.guard.js';
import { CurrentUser } from '../auth/current-user.decorator.js';
import type {
CreateTokenDto,
TokenCreatedDto,
TokenDto,
TokenListDto,
} from './admin-tokens.dto.js';
function hashToken(plaintext: string): string {
return createHash('sha256').update(plaintext).digest('hex');
}
function toTokenDto(row: typeof adminTokens.$inferSelect): TokenDto {
return {
id: row.id,
label: row.label,
scope: row.scope,
expiresAt: row.expiresAt?.toISOString() ?? null,
lastUsedAt: row.lastUsedAt?.toISOString() ?? null,
createdAt: row.createdAt.toISOString(),
};
}
@Controller('api/admin/tokens')
@UseGuards(AdminGuard)
export class AdminTokensController {
constructor(@Inject(DB) private readonly db: Db) {}
@Post()
async create(
@Body() dto: CreateTokenDto,
@CurrentUser() user: { id: string },
): Promise<TokenCreatedDto> {
const plaintext = randomBytes(32).toString('hex');
const tokenHash = hashToken(plaintext);
const id = uuid();
const expiresAt = dto.expiresInDays
? new Date(Date.now() + dto.expiresInDays * 24 * 60 * 60 * 1000)
: null;
const [row] = await this.db
.insert(adminTokens)
.values({
id,
userId: user.id,
tokenHash,
label: dto.label ?? 'CLI token',
scope: dto.scope ?? 'admin',
expiresAt,
})
.returning();
return { ...toTokenDto(row!), plaintext };
}
@Get()
async list(@CurrentUser() user: { id: string }): Promise<TokenListDto> {
const rows = await this.db
.select()
.from(adminTokens)
.where(eq(adminTokens.userId, user.id))
.orderBy(adminTokens.createdAt);
return { tokens: rows.map(toTokenDto), total: rows.length };
}
@Delete(':id')
@HttpCode(HttpStatus.NO_CONTENT)
async revoke(@Param('id') id: string, @CurrentUser() _user: { id: string }): Promise<void> {
await this.db.delete(adminTokens).where(eq(adminTokens.id, id));
}
}

33
apps/gateway/src/admin/admin-tokens.dto.ts
View File

@@ -1,33 +0,0 @@
import { IsString, IsOptional, IsInt, Min } from 'class-validator';
export class CreateTokenDto {
@IsString()
label!: string;
@IsOptional()
@IsString()
scope?: string;
@IsOptional()
@IsInt()
@Min(1)
expiresInDays?: number;
}
export interface TokenDto {
id: string;
label: string;
scope: string;
expiresAt: string | null;
lastUsedAt: string | null;
createdAt: string;
}
export interface TokenCreatedDto extends TokenDto {
plaintext: string;
}
export interface TokenListDto {
tokens: TokenDto[];
total: number;
}

4
apps/gateway/src/admin/admin.controller.ts
View File

@@ -13,8 +13,8 @@ import {
Post,
UseGuards,
} from '@nestjs/common';
import { eq, type Db, users as usersTable } from '@mosaicstack/db';
import type { Auth } from '@mosaicstack/auth';
import { eq, type Db, users as usersTable } from '@mosaic/db';
import type { Auth } from '@mosaic/auth';
import { AUTH } from '../auth/auth.tokens.js';
import { DB } from '../database/database.module.js';
import { AdminGuard } from './admin.guard.js';

75
apps/gateway/src/admin/admin.guard.ts
View File

@@ -6,11 +6,10 @@ import {
Injectable,
UnauthorizedException,
} from '@nestjs/common';
import { createHash } from 'node:crypto';
import { fromNodeHeaders } from 'better-auth/node';
import type { Auth } from '@mosaicstack/auth';
import type { Db } from '@mosaicstack/db';
import { eq, adminTokens, users as usersTable } from '@mosaicstack/db';
import type { Auth } from '@mosaic/auth';
import type { Db } from '@mosaic/db';
import { eq, users as usersTable } from '@mosaic/db';
import type { FastifyRequest } from 'fastify';
import { AUTH } from '../auth/auth.tokens.js';
import { DB } from '../database/database.module.js';
@@ -20,8 +19,6 @@ interface UserWithRole {
role?: string;
}
type AuthenticatedRequest = FastifyRequest & { user: unknown; session: unknown };
@Injectable()
export class AdminGuard implements CanActivate {
constructor(
@@ -31,64 +28,8 @@ export class AdminGuard implements CanActivate {
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<FastifyRequest>();
// Try bearer token auth first
const authHeader = request.raw.headers['authorization'];
if (authHeader?.startsWith('Bearer ')) {
return this.validateBearerToken(request, authHeader.slice(7));
}
// Fall back to BetterAuth session
return this.validateSession(request);
}
private async validateBearerToken(request: FastifyRequest, plaintext: string): Promise<boolean> {
const tokenHash = createHash('sha256').update(plaintext).digest('hex');
const [row] = await this.db
.select({
tokenId: adminTokens.id,
userId: adminTokens.userId,
scope: adminTokens.scope,
expiresAt: adminTokens.expiresAt,
userName: usersTable.name,
userEmail: usersTable.email,
userRole: usersTable.role,
})
.from(adminTokens)
.innerJoin(usersTable, eq(adminTokens.userId, usersTable.id))
.where(eq(adminTokens.tokenHash, tokenHash))
.limit(1);
if (!row) {
throw new UnauthorizedException('Invalid API token');
}
if (row.expiresAt && row.expiresAt < new Date()) {
throw new UnauthorizedException('API token expired');
}
if (row.userRole !== 'admin') {
throw new ForbiddenException('Admin access required');
}
// Update last-used timestamp (fire-and-forget)
this.db
.update(adminTokens)
.set({ lastUsedAt: new Date() })
.where(eq(adminTokens.id, row.tokenId))
.then(() => {})
.catch(() => {});
const req = request as AuthenticatedRequest;
req.user = { id: row.userId, name: row.userName, email: row.userEmail, role: row.userRole };
req.session = { id: `token:${row.tokenId}`, userId: row.userId };
return true;
}
private async validateSession(request: FastifyRequest): Promise<boolean> {
const headers = fromNodeHeaders(request.raw.headers);
const result = await this.auth.api.getSession({ headers });
if (!result) {
@@ -97,6 +38,8 @@ export class AdminGuard implements CanActivate {
const user = result.user as UserWithRole;
// Ensure the role field is populated. better-auth should include additionalFields
// in the session, but as a fallback, fetch the role from the database if needed.
let userRole = user.role;
if (!userRole) {
const [dbUser] = await this.db
@@ -105,6 +48,7 @@ export class AdminGuard implements CanActivate {
.where(eq(usersTable.id, user.id))
.limit(1);
userRole = dbUser?.role ?? 'member';
// Update the session user object with the fetched role
(user as UserWithRole).role = userRole;
}
@@ -112,9 +56,8 @@ export class AdminGuard implements CanActivate {
throw new ForbiddenException('Admin access required');
}
const req = request as AuthenticatedRequest;
req.user = result.user;
req.session = result.session;
(request as FastifyRequest & { user: unknown; session: unknown }).user = result.user;
(request as FastifyRequest & { user: unknown; session: unknown }).session = result.session;
return true;
}

11
apps/gateway/src/admin/admin.module.ts
View File

@@ -1,19 +1,10 @@
import { Module } from '@nestjs/common';
import { AdminController } from './admin.controller.js';
import { AdminHealthController } from './admin-health.controller.js';
import { AdminJobsController } from './admin-jobs.controller.js';
import { AdminTokensController } from './admin-tokens.controller.js';
import { BootstrapController } from './bootstrap.controller.js';
import { AdminGuard } from './admin.guard.js';
@Module({
controllers: [
AdminController,
AdminHealthController,
AdminJobsController,
AdminTokensController,
BootstrapController,
],
controllers: [AdminController, AdminHealthController],
providers: [AdminGuard],
})
export class AdminModule {}

101
apps/gateway/src/admin/bootstrap.controller.ts
View File

@@ -1,101 +0,0 @@
import {
Body,
Controller,
ForbiddenException,
Get,
Inject,
InternalServerErrorException,
Post,
} from '@nestjs/common';
import { randomBytes, createHash } from 'node:crypto';
import { count, eq, type Db, users as usersTable, adminTokens } from '@mosaicstack/db';
import type { Auth } from '@mosaicstack/auth';
import { v4 as uuid } from 'uuid';
import { AUTH } from '../auth/auth.tokens.js';
import { DB } from '../database/database.module.js';
import type { BootstrapSetupDto, BootstrapStatusDto, BootstrapResultDto } from './bootstrap.dto.js';
@Controller('api/bootstrap')
export class BootstrapController {
constructor(
@Inject(AUTH) private readonly auth: Auth,
@Inject(DB) private readonly db: Db,
) {}
@Get('status')
async status(): Promise<BootstrapStatusDto> {
const [result] = await this.db.select({ total: count() }).from(usersTable);
return { needsSetup: (result?.total ?? 0) === 0 };
}
@Post('setup')
async setup(@Body() dto: BootstrapSetupDto): Promise<BootstrapResultDto> {
// Only allow setup when zero users exist
const [result] = await this.db.select({ total: count() }).from(usersTable);
if ((result?.total ?? 0) > 0) {
throw new ForbiddenException('Setup already completed — users exist');
}
// Create admin user via BetterAuth API
const authApi = this.auth.api as unknown as {
createUser: (opts: {
body: { name: string; email: string; password: string; role?: string };
}) => Promise<{
user: { id: string; name: string; email: string };
}>;
};
const created = await authApi.createUser({
body: {
name: dto.name,
email: dto.email,
password: dto.password,
role: 'admin',
},
});
// Verify user was created
const [user] = await this.db
.select()
.from(usersTable)
.where(eq(usersTable.id, created.user.id))
.limit(1);
if (!user) throw new InternalServerErrorException('User created but not found');
// Ensure role is admin (createUser may not set it via BetterAuth)
if (user.role !== 'admin') {
await this.db.update(usersTable).set({ role: 'admin' }).where(eq(usersTable.id, user.id));
}
// Generate admin API token
const plaintext = randomBytes(32).toString('hex');
const tokenHash = createHash('sha256').update(plaintext).digest('hex');
const tokenId = uuid();
const [token] = await this.db
.insert(adminTokens)
.values({
id: tokenId,
userId: user.id,
tokenHash,
label: 'Initial setup token',
scope: 'admin',
})
.returning();
return {
user: {
id: user.id,
name: user.name,
email: user.email,
role: 'admin',
},
token: {
id: token!.id,
plaintext,
label: token!.label,
},
};
}
}

31
apps/gateway/src/admin/bootstrap.dto.ts
View File

@@ -1,31 +0,0 @@
import { IsString, IsEmail, MinLength } from 'class-validator';
export class BootstrapSetupDto {
@IsString()
name!: string;
@IsEmail()
email!: string;
@IsString()
@MinLength(8)
password!: string;
}
export interface BootstrapStatusDto {
needsSetup: boolean;
}
export interface BootstrapResultDto {
user: {
id: string;
name: string;
email: string;
role: string;
};
token: {
id: string;
plaintext: string;
label: string;
};
}

770
apps/gateway/src/agent/__tests__/provider-adapters.test.ts
View File

@@ -1,770 +0,0 @@
/**
* Provider Adapter Integration Tests — M3-012
*
* Verifies that all five provider adapters (Anthropic, OpenAI, OpenRouter, Z.ai, Ollama)
* are properly integrated: registration, model listing, graceful degradation without
* API keys, capability matrix correctness, and ProviderCredentialsService behaviour.
*
* These tests are designed to run in CI with no real API keys; they test graceful
* degradation and static configuration rather than live network calls.
*/
import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
import { ModelRegistry, AuthStorage } from '@mariozechner/pi-coding-agent';
import { AnthropicAdapter } from '../adapters/anthropic.adapter.js';
import { OpenAIAdapter } from '../adapters/openai.adapter.js';
import { OpenRouterAdapter } from '../adapters/openrouter.adapter.js';
import { ZaiAdapter } from '../adapters/zai.adapter.js';
import { OllamaAdapter } from '../adapters/ollama.adapter.js';
import { ProviderService } from '../provider.service.js';
import {
getModelCapability,
MODEL_CAPABILITIES,
findModelsByCapability,
} from '../model-capabilities.js';
// ---------------------------------------------------------------------------
// Environment helpers
// ---------------------------------------------------------------------------
const ALL_PROVIDER_KEYS = [
'ANTHROPIC_API_KEY',
'OPENAI_API_KEY',
'OPENROUTER_API_KEY',
'ZAI_API_KEY',
'ZAI_BASE_URL',
'OLLAMA_BASE_URL',
'OLLAMA_HOST',
'OLLAMA_MODELS',
'BETTER_AUTH_SECRET',
] as const;
type EnvKey = (typeof ALL_PROVIDER_KEYS)[number];
function saveAndClearEnv(): Map<EnvKey, string | undefined> {
const saved = new Map<EnvKey, string | undefined>();
for (const key of ALL_PROVIDER_KEYS) {
saved.set(key, process.env[key]);
delete process.env[key];
}
return saved;
}
function restoreEnv(saved: Map<EnvKey, string | undefined>): void {
for (const key of ALL_PROVIDER_KEYS) {
const value = saved.get(key);
if (value === undefined) {
delete process.env[key];
} else {
process.env[key] = value;
}
}
}
function makeRegistry(): ModelRegistry {
return ModelRegistry.inMemory(AuthStorage.inMemory());
}
// ---------------------------------------------------------------------------
// 1. Adapter registration tests
// ---------------------------------------------------------------------------
describe('AnthropicAdapter', () => {
let savedEnv: Map<EnvKey, string | undefined>;
beforeEach(() => {
savedEnv = saveAndClearEnv();
});
afterEach(() => {
restoreEnv(savedEnv);
});
it('skips registration gracefully when ANTHROPIC_API_KEY is missing', async () => {
const adapter = new AnthropicAdapter(makeRegistry());
await expect(adapter.register()).resolves.toBeUndefined();
expect(adapter.listModels()).toEqual([]);
});
it('registers and listModels returns expected models when ANTHROPIC_API_KEY is set', async () => {
process.env['ANTHROPIC_API_KEY'] = 'sk-ant-test';
const adapter = new AnthropicAdapter(makeRegistry());
await adapter.register();
const models = adapter.listModels();
expect(models.length).toBeGreaterThan(0);
const ids = models.map((m) => m.id);
expect(ids).toContain('claude-opus-4-6');
expect(ids).toContain('claude-sonnet-4-6');
expect(ids).toContain('claude-haiku-4-5');
for (const model of models) {
expect(model.provider).toBe('anthropic');
expect(model.contextWindow).toBe(200000);
}
});
it('healthCheck returns down with error when ANTHROPIC_API_KEY is missing', async () => {
const adapter = new AnthropicAdapter(makeRegistry());
const health = await adapter.healthCheck();
expect(health.status).toBe('down');
expect(health.error).toMatch(/ANTHROPIC_API_KEY/);
expect(health.lastChecked).toBeTruthy();
});
it('adapter name is "anthropic"', () => {
expect(new AnthropicAdapter(makeRegistry()).name).toBe('anthropic');
});
});
describe('OpenAIAdapter', () => {
let savedEnv: Map<EnvKey, string | undefined>;
beforeEach(() => {
savedEnv = saveAndClearEnv();
});
afterEach(() => {
restoreEnv(savedEnv);
});
it('skips registration gracefully when OPENAI_API_KEY is missing', async () => {
const adapter = new OpenAIAdapter(makeRegistry());
await expect(adapter.register()).resolves.toBeUndefined();
expect(adapter.listModels()).toEqual([]);
});
it('registers and listModels returns Codex model when OPENAI_API_KEY is set', async () => {
process.env['OPENAI_API_KEY'] = 'sk-openai-test';
const adapter = new OpenAIAdapter(makeRegistry());
await adapter.register();
const models = adapter.listModels();
expect(models.length).toBeGreaterThan(0);
const ids = models.map((m) => m.id);
expect(ids).toContain(OpenAIAdapter.CODEX_MODEL_ID);
const codex = models.find((m) => m.id === OpenAIAdapter.CODEX_MODEL_ID)!;
expect(codex.provider).toBe('openai');
expect(codex.contextWindow).toBe(128_000);
expect(codex.maxTokens).toBe(16_384);
});
it('healthCheck returns down with error when OPENAI_API_KEY is missing', async () => {
const adapter = new OpenAIAdapter(makeRegistry());
const health = await adapter.healthCheck();
expect(health.status).toBe('down');
expect(health.error).toMatch(/OPENAI_API_KEY/);
});
it('adapter name is "openai"', () => {
expect(new OpenAIAdapter(makeRegistry()).name).toBe('openai');
});
});
describe('OpenRouterAdapter', () => {
let savedEnv: Map<EnvKey, string | undefined>;
beforeEach(() => {
savedEnv = saveAndClearEnv();
// Prevent real network calls during registration — stub global fetch
vi.stubGlobal(
'fetch',
vi.fn().mockResolvedValue({
ok: true,
json: () =>
Promise.resolve({
data: [
{
id: 'openai/gpt-4o',
name: 'GPT-4o',
context_length: 128000,
top_provider: { max_completion_tokens: 4096 },
pricing: { prompt: '0.000005', completion: '0.000015' },
architecture: { input_modalities: ['text', 'image'] },
},
],
}),
}),
);
});
afterEach(() => {
restoreEnv(savedEnv);
vi.unstubAllGlobals();
});
it('skips registration gracefully when OPENROUTER_API_KEY is missing', async () => {
vi.unstubAllGlobals(); // no fetch call expected
const adapter = new OpenRouterAdapter();
await expect(adapter.register()).resolves.toBeUndefined();
expect(adapter.listModels()).toEqual([]);
});
it('registers and listModels returns models when OPENROUTER_API_KEY is set', async () => {
process.env['OPENROUTER_API_KEY'] = 'sk-or-test';
const adapter = new OpenRouterAdapter();
await adapter.register();
const models = adapter.listModels();
expect(models.length).toBeGreaterThan(0);
const first = models[0]!;
expect(first.provider).toBe('openrouter');
expect(first.id).toBe('openai/gpt-4o');
expect(first.inputTypes).toContain('image');
});
it('healthCheck returns down with error when OPENROUTER_API_KEY is missing', async () => {
vi.unstubAllGlobals(); // no fetch call expected
const adapter = new OpenRouterAdapter();
const health = await adapter.healthCheck();
expect(health.status).toBe('down');
expect(health.error).toMatch(/OPENROUTER_API_KEY/);
});
it('continues registration with empty model list when model fetch fails', async () => {
process.env['OPENROUTER_API_KEY'] = 'sk-or-test';
vi.stubGlobal(
'fetch',
vi.fn().mockResolvedValue({
ok: false,
status: 500,
}),
);
const adapter = new OpenRouterAdapter();
await expect(adapter.register()).resolves.toBeUndefined();
expect(adapter.listModels()).toEqual([]);
});
it('adapter name is "openrouter"', () => {
expect(new OpenRouterAdapter().name).toBe('openrouter');
});
});
describe('ZaiAdapter', () => {
let savedEnv: Map<EnvKey, string | undefined>;
beforeEach(() => {
savedEnv = saveAndClearEnv();
});
afterEach(() => {
restoreEnv(savedEnv);
});
it('skips registration gracefully when ZAI_API_KEY is missing', async () => {
const adapter = new ZaiAdapter();
await expect(adapter.register()).resolves.toBeUndefined();
expect(adapter.listModels()).toEqual([]);
});
it('registers and listModels returns glm-5 when ZAI_API_KEY is set', async () => {
process.env['ZAI_API_KEY'] = 'zai-test-key';
const adapter = new ZaiAdapter();
await adapter.register();
const models = adapter.listModels();
expect(models.length).toBeGreaterThan(0);
const ids = models.map((m) => m.id);
expect(ids).toContain('glm-5');
const glm = models.find((m) => m.id === 'glm-5')!;
expect(glm.provider).toBe('zai');
});
it('healthCheck returns down with error when ZAI_API_KEY is missing', async () => {
const adapter = new ZaiAdapter();
const health = await adapter.healthCheck();
expect(health.status).toBe('down');
expect(health.error).toMatch(/ZAI_API_KEY/);
});
it('adapter name is "zai"', () => {
expect(new ZaiAdapter().name).toBe('zai');
});
});
describe('OllamaAdapter', () => {
let savedEnv: Map<EnvKey, string | undefined>;
beforeEach(() => {
savedEnv = saveAndClearEnv();
});
afterEach(() => {
restoreEnv(savedEnv);
});
it('skips registration gracefully when OLLAMA_BASE_URL is missing', async () => {
const adapter = new OllamaAdapter(makeRegistry());
await expect(adapter.register()).resolves.toBeUndefined();
expect(adapter.listModels()).toEqual([]);
});
it('registers via OLLAMA_HOST fallback when OLLAMA_BASE_URL is absent', async () => {
process.env['OLLAMA_HOST'] = 'http://localhost:11434';
const adapter = new OllamaAdapter(makeRegistry());
await adapter.register();
const models = adapter.listModels();
expect(models.length).toBeGreaterThan(0);
});
it('registers default models (llama3.2, codellama, mistral) + embedding models', async () => {
process.env['OLLAMA_BASE_URL'] = 'http://localhost:11434';
const adapter = new OllamaAdapter(makeRegistry());
await adapter.register();
const models = adapter.listModels();
const ids = models.map((m) => m.id);
// Default completion models
expect(ids).toContain('llama3.2');
expect(ids).toContain('codellama');
expect(ids).toContain('mistral');
// Embedding models
expect(ids).toContain('nomic-embed-text');
expect(ids).toContain('mxbai-embed-large');
for (const model of models) {
expect(model.provider).toBe('ollama');
}
});
it('registers custom OLLAMA_MODELS list', async () => {
process.env['OLLAMA_BASE_URL'] = 'http://localhost:11434';
process.env['OLLAMA_MODELS'] = 'phi3,gemma2';
const adapter = new OllamaAdapter(makeRegistry());
await adapter.register();
const completionIds = adapter.listModels().map((m) => m.id);
expect(completionIds).toContain('phi3');
expect(completionIds).toContain('gemma2');
expect(completionIds).not.toContain('llama3.2');
});
it('healthCheck returns down with error when OLLAMA_BASE_URL is missing', async () => {
const adapter = new OllamaAdapter(makeRegistry());
const health = await adapter.healthCheck();
expect(health.status).toBe('down');
expect(health.error).toMatch(/OLLAMA_BASE_URL/);
});
it('adapter name is "ollama"', () => {
expect(new OllamaAdapter(makeRegistry()).name).toBe('ollama');
});
});
// ---------------------------------------------------------------------------
// 2. ProviderService integration
// ---------------------------------------------------------------------------
describe('ProviderService — adapter array integration', () => {
let savedEnv: Map<EnvKey, string | undefined>;
beforeEach(() => {
savedEnv = saveAndClearEnv();
});
afterEach(() => {
restoreEnv(savedEnv);
});
it('contains all 5 adapters (ollama, anthropic, openai, openrouter, zai)', async () => {
const service = new ProviderService(null);
await service.onModuleInit();
// Exercise getAdapter for all five known provider names
const expectedProviders = ['ollama', 'anthropic', 'openai', 'openrouter', 'zai'];
for (const name of expectedProviders) {
const adapter = service.getAdapter(name);
expect(adapter, `Expected adapter "${name}" to be registered`).toBeDefined();
expect(adapter!.name).toBe(name);
}
});
it('healthCheckAll runs without crashing and returns status for all 5 providers', async () => {
const service = new ProviderService(null);
await service.onModuleInit();
const results = await service.healthCheckAll();
expect(typeof results).toBe('object');
const expectedProviders = ['ollama', 'anthropic', 'openai', 'openrouter', 'zai'];
for (const name of expectedProviders) {
const health = results[name];
expect(health, `Expected health result for provider "${name}"`).toBeDefined();
expect(['healthy', 'degraded', 'down']).toContain(health!.status);
expect(health!.lastChecked).toBeTruthy();
}
});
it('healthCheckAll reports "down" for all providers when no keys are set', async () => {
const service = new ProviderService(null);
await service.onModuleInit();
const results = await service.healthCheckAll();
// All unconfigured providers should be down (not healthy)
for (const [, health] of Object.entries(results)) {
expect(['down', 'degraded']).toContain(health.status);
}
});
it('getProvidersHealth returns entries for all 5 providers', async () => {
const service = new ProviderService(null);
await service.onModuleInit();
const healthList = service.getProvidersHealth();
const names = healthList.map((h) => h.name);
for (const expected of ['ollama', 'anthropic', 'openai', 'openrouter', 'zai']) {
expect(names).toContain(expected);
}
for (const entry of healthList) {
expect(entry).toHaveProperty('name');
expect(entry).toHaveProperty('status');
expect(entry).toHaveProperty('lastChecked');
expect(typeof entry.modelCount).toBe('number');
}
});
it('service initialises without error when all env keys are absent', async () => {
const service = new ProviderService(null);
await expect(service.onModuleInit()).resolves.toBeUndefined();
service.onModuleDestroy();
});
});
// ---------------------------------------------------------------------------
// 3. Model capability matrix
// ---------------------------------------------------------------------------
describe('Model capability matrix', () => {
const expectedModels: Array<{
id: string;
provider: string;
tier: string;
contextWindow: number;
reasoning?: boolean;
vision?: boolean;
embedding?: boolean;
}> = [
{
id: 'claude-opus-4-6',
provider: 'anthropic',
tier: 'premium',
contextWindow: 200000,
reasoning: true,
vision: true,
},
{
id: 'claude-sonnet-4-6',
provider: 'anthropic',
tier: 'standard',
contextWindow: 200000,
reasoning: true,
vision: true,
},
{
id: 'claude-haiku-4-5',
provider: 'anthropic',
tier: 'cheap',
contextWindow: 200000,
reasoning: false,
vision: true,
},
{
id: 'codex-gpt-5.4',
provider: 'openai',
tier: 'premium',
contextWindow: 128000,
},
{
id: 'glm-5',
provider: 'zai',
tier: 'standard',
contextWindow: 128000,
},
{
id: 'llama3.2',
provider: 'ollama',
tier: 'local',
contextWindow: 128000,
},
{
id: 'codellama',
provider: 'ollama',
tier: 'local',
contextWindow: 16000,
},
{
id: 'mistral',
provider: 'ollama',
tier: 'local',
contextWindow: 32000,
},
{
id: 'nomic-embed-text',
provider: 'ollama',
tier: 'local',
contextWindow: 8192,
embedding: true,
},
{
id: 'mxbai-embed-large',
provider: 'ollama',
tier: 'local',
contextWindow: 8192,
embedding: true,
},
];
it('MODEL_CAPABILITIES contains all expected model IDs', () => {
const allIds = MODEL_CAPABILITIES.map((m) => m.id);
for (const { id } of expectedModels) {
expect(allIds, `Expected model "${id}" in capability matrix`).toContain(id);
}
});
it('getModelCapability() returns correct tier and context window for each model', () => {
for (const expected of expectedModels) {
const cap = getModelCapability(expected.id);
expect(cap, `getModelCapability("${expected.id}") should be defined`).toBeDefined();
expect(cap!.provider).toBe(expected.provider);
expect(cap!.tier).toBe(expected.tier);
expect(cap!.contextWindow).toBe(expected.contextWindow);
}
});
it('Anthropic models have correct capability flags (tools, streaming, vision, reasoning)', () => {
for (const expected of expectedModels.filter((m) => m.provider === 'anthropic')) {
const cap = getModelCapability(expected.id)!;
expect(cap.capabilities.tools).toBe(true);
expect(cap.capabilities.streaming).toBe(true);
if (expected.vision !== undefined) {
expect(cap.capabilities.vision).toBe(expected.vision);
}
if (expected.reasoning !== undefined) {
expect(cap.capabilities.reasoning).toBe(expected.reasoning);
}
}
});
it('Embedding models have embedding flag=true and other flags=false', () => {
for (const expected of expectedModels.filter((m) => m.embedding)) {
const cap = getModelCapability(expected.id)!;
expect(cap.capabilities.embedding).toBe(true);
expect(cap.capabilities.tools).toBe(false);
expect(cap.capabilities.streaming).toBe(false);
expect(cap.capabilities.reasoning).toBe(false);
}
});
it('findModelsByCapability filters by tier correctly', () => {
const premiumModels = findModelsByCapability({ tier: 'premium' });
expect(premiumModels.length).toBeGreaterThan(0);
for (const m of premiumModels) {
expect(m.tier).toBe('premium');
}
});
it('findModelsByCapability filters by provider correctly', () => {
const anthropicModels = findModelsByCapability({ provider: 'anthropic' });
expect(anthropicModels.length).toBe(3);
for (const m of anthropicModels) {
expect(m.provider).toBe('anthropic');
}
});
it('findModelsByCapability filters by capability flags correctly', () => {
const reasoningModels = findModelsByCapability({ capabilities: { reasoning: true } });
expect(reasoningModels.length).toBeGreaterThan(0);
for (const m of reasoningModels) {
expect(m.capabilities.reasoning).toBe(true);
}
const embeddingModels = findModelsByCapability({ capabilities: { embedding: true } });
expect(embeddingModels.length).toBeGreaterThan(0);
for (const m of embeddingModels) {
expect(m.capabilities.embedding).toBe(true);
}
});
it('getModelCapability returns undefined for unknown model IDs', () => {
expect(getModelCapability('not-a-real-model')).toBeUndefined();
expect(getModelCapability('')).toBeUndefined();
});
it('all Anthropic models have maxOutputTokens > 0', () => {
const anthropicModels = MODEL_CAPABILITIES.filter((m) => m.provider === 'anthropic');
for (const m of anthropicModels) {
expect(m.maxOutputTokens).toBeGreaterThan(0);
}
});
});
// ---------------------------------------------------------------------------
// 4. ProviderCredentialsService — unit-level tests (encrypt/decrypt logic)
// ---------------------------------------------------------------------------
describe('ProviderCredentialsService — encryption helpers', () => {
let savedEnv: Map<EnvKey, string | undefined>;
beforeEach(() => {
savedEnv = saveAndClearEnv();
});
afterEach(() => {
restoreEnv(savedEnv);
});
/**
* The service uses module-level functions (encrypt/decrypt) that depend on
* BETTER_AUTH_SECRET. We test the behaviour through the service's public API
* using an in-memory mock DB so no real Postgres connection is needed.
*/
it('store/retrieve/remove work correctly with mock DB and BETTER_AUTH_SECRET set', async () => {
process.env['BETTER_AUTH_SECRET'] = 'test-secret-for-unit-tests-only';
// Build a minimal in-memory DB mock
const rows = new Map<
string,
{
encryptedValue: string;
credentialType: string;
expiresAt: Date | null;
metadata: null;
createdAt: Date;
updatedAt: Date;
}
>();
// We import the service but mock its DB dependency manually
// by testing the encrypt/decrypt indirectly — using the real module.
const { ProviderCredentialsService } = await import('../provider-credentials.service.js');
// Capture stored value from upsert call
let storedEncryptedValue = '';
let storedCredentialType = '';
const captureInsert = vi.fn().mockImplementation(() => ({
values: vi
.fn()
.mockImplementation((data: { encryptedValue: string; credentialType: string }) => {
storedEncryptedValue = data.encryptedValue;
storedCredentialType = data.credentialType;
rows.set('user1:anthropic', {
encryptedValue: data.encryptedValue,
credentialType: data.credentialType,
expiresAt: null,
metadata: null,
createdAt: new Date(),
updatedAt: new Date(),
});
return {
onConflictDoUpdate: vi.fn().mockResolvedValue(undefined),
};
}),
}));
const captureSelect = vi.fn().mockReturnValue({
from: vi.fn().mockReturnValue({
where: vi.fn().mockReturnValue({
limit: vi.fn().mockImplementation(() => {
const row = rows.get('user1:anthropic');
return Promise.resolve(row ? [row] : []);
}),
}),
}),
});
const captureDelete = vi.fn().mockReturnValue({
where: vi.fn().mockResolvedValue(undefined),
});
const db = {
insert: captureInsert,
select: captureSelect,
delete: captureDelete,
};
const service = new ProviderCredentialsService(db as never);
// store
await service.store('user1', 'anthropic', 'api_key', 'sk-ant-secret-value');
// verify encrypted value is not plain text
expect(storedEncryptedValue).not.toBe('sk-ant-secret-value');
expect(storedEncryptedValue.length).toBeGreaterThan(0);
expect(storedCredentialType).toBe('api_key');
// retrieve
const retrieved = await service.retrieve('user1', 'anthropic');
expect(retrieved).toBe('sk-ant-secret-value');
// remove (clears the row)
rows.delete('user1:anthropic');
const afterRemove = await service.retrieve('user1', 'anthropic');
expect(afterRemove).toBeNull();
});
it('retrieve returns null when no credential is stored', async () => {
process.env['BETTER_AUTH_SECRET'] = 'test-secret-for-unit-tests-only';
const { ProviderCredentialsService } = await import('../provider-credentials.service.js');
const emptyDb = {
select: vi.fn().mockReturnValue({
from: vi.fn().mockReturnValue({
where: vi.fn().mockReturnValue({
limit: vi.fn().mockResolvedValue([]),
}),
}),
}),
};
const service = new ProviderCredentialsService(emptyDb as never);
const result = await service.retrieve('user-nobody', 'anthropic');
expect(result).toBeNull();
});
it('listProviders returns only metadata, never decrypted values', async () => {
process.env['BETTER_AUTH_SECRET'] = 'test-secret-for-unit-tests-only';
const { ProviderCredentialsService } = await import('../provider-credentials.service.js');
const fakeRow = {
provider: 'anthropic',
credentialType: 'api_key',
expiresAt: null,
metadata: null,
createdAt: new Date(),
updatedAt: new Date(),
};
const listDb = {
select: vi.fn().mockReturnValue({
from: vi.fn().mockReturnValue({
where: vi.fn().mockResolvedValue([fakeRow]),
}),
}),
};
const service = new ProviderCredentialsService(listDb as never);
const providers = await service.listProviders('user1');
expect(providers).toHaveLength(1);
expect(providers[0]!.provider).toBe('anthropic');
expect(providers[0]!.credentialType).toBe('api_key');
expect(providers[0]!.exists).toBe(true);
// Critically: no encrypted or plain-text value is exposed
expect(providers[0]).not.toHaveProperty('encryptedValue');
expect(providers[0]).not.toHaveProperty('value');
expect(providers[0]).not.toHaveProperty('apiKey');
});
});

25
apps/gateway/src/agent/__tests__/provider.service.test.ts
View File

@@ -35,7 +35,7 @@ describe('ProviderService', () => {
});
it('skips API-key providers when env vars are missing (no models become available)', async () => {
const service = new ProviderService(null);
const service = new ProviderService();
await service.onModuleInit();
// Pi's built-in registry may include model definitions for all providers, but
@@ -57,7 +57,7 @@ describe('ProviderService', () => {
it('registers Anthropic provider with correct models when ANTHROPIC_API_KEY is set', async () => {
process.env['ANTHROPIC_API_KEY'] = 'test-anthropic';
const service = new ProviderService(null);
const service = new ProviderService();
await service.onModuleInit();
const providers = service.listProviders();
@@ -65,41 +65,42 @@ describe('ProviderService', () => {
expect(anthropic).toBeDefined();
expect(anthropic!.available).toBe(true);
expect(anthropic!.models.map((m) => m.id)).toEqual([
'claude-opus-4-6',
'claude-sonnet-4-6',
'claude-opus-4-6',
'claude-haiku-4-5',
]);
// All Anthropic models have 200k context window
// contextWindow override from Pi built-in (200000)
for (const m of anthropic!.models) {
expect(m.contextWindow).toBe(200000);
// maxTokens capped at 8192 per task spec
expect(m.maxTokens).toBe(8192);
}
});
it('registers OpenAI provider with correct models when OPENAI_API_KEY is set', async () => {
process.env['OPENAI_API_KEY'] = 'test-openai';
const service = new ProviderService(null);
const service = new ProviderService();
await service.onModuleInit();
const providers = service.listProviders();
const openai = providers.find((p) => p.id === 'openai');
expect(openai).toBeDefined();
expect(openai!.available).toBe(true);
expect(openai!.models.map((m) => m.id)).toEqual(['codex-gpt-5-4']);
expect(openai!.models.map((m) => m.id)).toEqual(['gpt-4o', 'gpt-4o-mini', 'o3-mini']);
});
it('registers Z.ai provider with correct models when ZAI_API_KEY is set', async () => {
process.env['ZAI_API_KEY'] = 'test-zai';
const service = new ProviderService(null);
const service = new ProviderService();
await service.onModuleInit();
const providers = service.listProviders();
const zai = providers.find((p) => p.id === 'zai');
expect(zai).toBeDefined();
expect(zai!.available).toBe(true);
// Pi's registry may include additional glm variants; verify our registered model is present
expect(zai!.models.map((m) => m.id)).toContain('glm-5');
expect(zai!.models.map((m) => m.id)).toEqual(['glm-4.5', 'glm-4.5-air', 'glm-4.5-flash']);
});
it('registers all three providers when all keys are set', async () => {
@@ -107,7 +108,7 @@ describe('ProviderService', () => {
process.env['OPENAI_API_KEY'] = 'test-openai';
process.env['ZAI_API_KEY'] = 'test-zai';
const service = new ProviderService(null);
const service = new ProviderService();
await service.onModuleInit();
const providerIds = service.listProviders().map((p) => p.id);
@@ -119,7 +120,7 @@ describe('ProviderService', () => {
it('can find registered Anthropic models by provider+id', async () => {
process.env['ANTHROPIC_API_KEY'] = 'test-anthropic';
const service = new ProviderService(null);
const service = new ProviderService();
await service.onModuleInit();
const sonnet = service.findModel('anthropic', 'claude-sonnet-4-6');
@@ -131,7 +132,7 @@ describe('ProviderService', () => {
it('can find registered Z.ai models by provider+id', async () => {
process.env['ZAI_API_KEY'] = 'test-zai';
const service = new ProviderService(null);
const service = new ProviderService();
await service.onModuleInit();
const glm = service.findModel('zai', 'glm-4.5');

2
apps/gateway/src/agent/__tests__/routing.service.test.ts
View File

@@ -1,6 +1,6 @@
import { describe, it, expect, beforeEach, vi } from 'vitest';
import { RoutingService } from '../routing.service.js';
import type { ModelInfo } from '@mosaicstack/types';
import type { ModelInfo } from '@mosaic/types';
const mockModels: ModelInfo[] = [
{

2
apps/gateway/src/agent/adapters/anthropic.adapter.ts
View File

@@ -7,7 +7,7 @@ import type {
IProviderAdapter,
ModelInfo,
ProviderHealth,
} from '@mosaicstack/types';
} from '@mosaic/types';
/**
* Anthropic provider adapter.

3
apps/gateway/src/agent/adapters/index.ts
View File

@@ -1,5 +1,2 @@
export { OllamaAdapter } from './ollama.adapter.js';
export { AnthropicAdapter } from './anthropic.adapter.js';
export { OpenAIAdapter } from './openai.adapter.js';
export { OpenRouterAdapter } from './openrouter.adapter.js';
export { ZaiAdapter } from './zai.adapter.js';

80
apps/gateway/src/agent/adapters/ollama.adapter.ts
View File

@@ -6,30 +6,13 @@ import type {
IProviderAdapter,
ModelInfo,
ProviderHealth,
} from '@mosaicstack/types';
/** Embedding models that Ollama ships with out of the box */
const OLLAMA_EMBEDDING_MODELS: ReadonlyArray<{
id: string;
contextWindow: number;
dimensions: number;
}> = [
{ id: 'nomic-embed-text', contextWindow: 8192, dimensions: 768 },
{ id: 'mxbai-embed-large', contextWindow: 512, dimensions: 1024 },
];
interface OllamaEmbeddingResponse {
embedding?: number[];
}
} from '@mosaic/types';
/**
* Ollama provider adapter.
*
* Registers local Ollama models with the Pi ModelRegistry via the OpenAI-compatible
* completions API. Also exposes embedding models and an `embed()` method for
* vector generation (used by EmbeddingService / M3-009).
*
* Configuration is driven by environment variables:
* completions API. Configuration is driven by environment variables:
* OLLAMA_BASE_URL or OLLAMA_HOST — base URL of the Ollama instance
* OLLAMA_MODELS — comma-separated list of model IDs (default: llama3.2,codellama,mistral)
*/
@@ -69,8 +52,7 @@ export class OllamaAdapter implements IProviderAdapter {
})),
});
// Chat / completion models
const completionModels: ModelInfo[] = modelIds.map((id) => ({
this.registeredModels = modelIds.map((id) => ({
id,
provider: 'ollama',
name: id,
@@ -81,24 +63,8 @@ export class OllamaAdapter implements IProviderAdapter {
cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
}));
// Embedding models (tracked in registeredModels but not in Pi registry,
// which only handles completion models)
const embeddingModels: ModelInfo[] = OLLAMA_EMBEDDING_MODELS.map((em) => ({
id: em.id,
provider: 'ollama',
name: em.id,
reasoning: false,
contextWindow: em.contextWindow,
maxTokens: 0,
inputTypes: ['text'] as ('text' | 'image')[],
cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
}));
this.registeredModels = [...completionModels, ...embeddingModels];
this.logger.log(
`Ollama provider registered at ${ollamaUrl} with models: ${modelIds.join(', ')} ` +
`and embedding models: ${OLLAMA_EMBEDDING_MODELS.map((em) => em.id).join(', ')}`,
`Ollama provider registered at ${ollamaUrl} with models: ${modelIds.join(', ')}`,
);
}
@@ -144,44 +110,6 @@ export class OllamaAdapter implements IProviderAdapter {
}
}
/**
* Generate an embedding vector for the given text using Ollama's /api/embeddings endpoint.
*
* Defaults to 'nomic-embed-text' when no model is specified.
* Intended for use by EmbeddingService (M3-009).
*
* @param text - The input text to embed.
* @param model - Optional embedding model ID (default: 'nomic-embed-text').
* @returns A float array representing the embedding vector.
*/
async embed(text: string, model = 'nomic-embed-text'): Promise<number[]> {
const ollamaUrl = process.env['OLLAMA_BASE_URL'] ?? process.env['OLLAMA_HOST'];
if (!ollamaUrl) {
throw new Error('OllamaAdapter: OLLAMA_BASE_URL not configured');
}
const embeddingUrl = `${ollamaUrl}/api/embeddings`;
const res = await fetch(embeddingUrl, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ model, prompt: text }),
signal: AbortSignal.timeout(30000),
});
if (!res.ok) {
throw new Error(`OllamaAdapter.embed: request failed with HTTP ${res.status}`);
}
const json = (await res.json()) as OllamaEmbeddingResponse;
if (!Array.isArray(json.embedding)) {
throw new Error('OllamaAdapter.embed: unexpected response — missing embedding array');
}
return json.embedding;
}
/**
* createCompletion is reserved for future direct-completion use.
* The current integration routes completions through Pi SDK's ModelRegistry/AgentSession.

201
apps/gateway/src/agent/adapters/openai.adapter.ts
View File

@@ -1,201 +0,0 @@
import { Logger } from '@nestjs/common';
import OpenAI from 'openai';
import type { ModelRegistry } from '@mariozechner/pi-coding-agent';
import type {
CompletionEvent,
CompletionParams,
IProviderAdapter,
ModelInfo,
ProviderHealth,
} from '@mosaicstack/types';
/**
* OpenAI provider adapter.
*
* Registers OpenAI models (including Codex gpt-5.4) with the Pi ModelRegistry.
* Configuration is driven by environment variables:
* OPENAI_API_KEY — OpenAI API key (required; adapter skips registration when absent)
*/
export class OpenAIAdapter implements IProviderAdapter {
readonly name = 'openai';
private readonly logger = new Logger(OpenAIAdapter.name);
private registeredModels: ModelInfo[] = [];
private client: OpenAI | null = null;
/** Model ID used for Codex gpt-5.4 in the Pi registry. */
static readonly CODEX_MODEL_ID = 'codex-gpt-5-4';
constructor(private readonly registry: ModelRegistry) {}
async register(): Promise<void> {
const apiKey = process.env['OPENAI_API_KEY'];
if (!apiKey) {
this.logger.debug('Skipping OpenAI provider registration: OPENAI_API_KEY not set');
return;
}
this.client = new OpenAI({ apiKey });
const codexModel = {
id: OpenAIAdapter.CODEX_MODEL_ID,
name: 'Codex gpt-5.4',
/** OpenAI-compatible completions API */
api: 'openai-completions' as never,
reasoning: false,
input: ['text', 'image'] as ('text' | 'image')[],
cost: { input: 0.003, output: 0.012, cacheRead: 0.0015, cacheWrite: 0 },
contextWindow: 128_000,
maxTokens: 16_384,
};
this.registry.registerProvider('openai', {
apiKey,
baseUrl: 'https://api.openai.com/v1',
models: [codexModel],
});
this.registeredModels = [
{
id: OpenAIAdapter.CODEX_MODEL_ID,
provider: 'openai',
name: 'Codex gpt-5.4',
reasoning: false,
contextWindow: 128_000,
maxTokens: 16_384,
inputTypes: ['text', 'image'] as ('text' | 'image')[],
cost: { input: 0.003, output: 0.012, cacheRead: 0.0015, cacheWrite: 0 },
},
];
this.logger.log(`OpenAI provider registered with model: ${OpenAIAdapter.CODEX_MODEL_ID}`);
}
listModels(): ModelInfo[] {
return this.registeredModels;
}
async healthCheck(): Promise<ProviderHealth> {
const apiKey = process.env['OPENAI_API_KEY'];
if (!apiKey) {
return {
status: 'down',
lastChecked: new Date().toISOString(),
error: 'OPENAI_API_KEY not configured',
};
}
const start = Date.now();
try {
// Lightweight call — list models to verify key validity
const res = await fetch('https://api.openai.com/v1/models', {
method: 'GET',
headers: {
Authorization: `Bearer ${apiKey}`,
'Content-Type': 'application/json',
},
signal: AbortSignal.timeout(5000),
});
const latencyMs = Date.now() - start;
if (!res.ok) {
return {
status: 'degraded',
latencyMs,
lastChecked: new Date().toISOString(),
error: `HTTP ${res.status}`,
};
}
return { status: 'healthy', latencyMs, lastChecked: new Date().toISOString() };
} catch (err) {
const latencyMs = Date.now() - start;
const error = err instanceof Error ? err.message : String(err);
return { status: 'down', latencyMs, lastChecked: new Date().toISOString(), error };
}
}
/**
* Stream a completion from OpenAI using the chat completions API.
*
* Maps OpenAI streaming chunks to the Mosaic CompletionEvent format.
*/
async *createCompletion(params: CompletionParams): AsyncIterable<CompletionEvent> {
if (!this.client) {
throw new Error(
'OpenAIAdapter: client not initialized. ' +
'Ensure OPENAI_API_KEY is set and register() was called.',
);
}
const stream = await this.client.chat.completions.create({
model: params.model,
messages: params.messages.map((m) => ({
role: m.role,
content: m.content,
})),
...(params.temperature !== undefined && { temperature: params.temperature }),
...(params.maxTokens !== undefined && { max_tokens: params.maxTokens }),
...(params.tools &&
params.tools.length > 0 && {
tools: params.tools.map((t) => ({
type: 'function' as const,
function: {
name: t.name,
description: t.description,
parameters: t.parameters,
},
})),
}),
stream: true,
stream_options: { include_usage: true },
});
let inputTokens = 0;
let outputTokens = 0;
for await (const chunk of stream) {
const choice = chunk.choices[0];
// Accumulate usage when present (final chunk with stream_options.include_usage)
if (chunk.usage) {
inputTokens = chunk.usage.prompt_tokens;
outputTokens = chunk.usage.completion_tokens;
}
if (!choice) continue;
const delta = choice.delta;
// Text content delta
if (delta.content) {
yield { type: 'text_delta', content: delta.content };
}
// Tool call delta — emit when arguments are complete
if (delta.tool_calls) {
for (const toolCallDelta of delta.tool_calls) {
if (toolCallDelta.function?.name && toolCallDelta.function.arguments !== undefined) {
yield {
type: 'tool_call',
name: toolCallDelta.function.name,
arguments: toolCallDelta.function.arguments,
};
}
}
}
// Stream finished
if (choice.finish_reason === 'stop' || choice.finish_reason === 'tool_calls') {
yield {
type: 'done',
usage: { inputTokens, outputTokens },
};
return;
}
}
// Fallback done event when stream ends without explicit finish_reason
yield { type: 'done', usage: { inputTokens, outputTokens } };
}
}

212
apps/gateway/src/agent/adapters/openrouter.adapter.ts
View File

@@ -1,212 +0,0 @@
import { Logger } from '@nestjs/common';
import OpenAI from 'openai';
import type {
CompletionEvent,
CompletionParams,
IProviderAdapter,
ModelInfo,
ProviderHealth,
} from '@mosaicstack/types';
const OPENROUTER_BASE_URL = 'https://openrouter.ai/api/v1';
interface OpenRouterModel {
id: string;
name?: string;
context_length?: number;
top_provider?: {
max_completion_tokens?: number;
};
pricing?: {
prompt?: string | number;
completion?: string | number;
};
architecture?: {
input_modalities?: string[];
};
}
interface OpenRouterModelsResponse {
data?: OpenRouterModel[];
}
/**
* OpenRouter provider adapter.
*
* Routes completions through OpenRouter's OpenAI-compatible API.
* Configuration is driven by the OPENROUTER_API_KEY environment variable.
*/
export class OpenRouterAdapter implements IProviderAdapter {
readonly name = 'openrouter';
private readonly logger = new Logger(OpenRouterAdapter.name);
private client: OpenAI | null = null;
private registeredModels: ModelInfo[] = [];
async register(): Promise<void> {
const apiKey = process.env['OPENROUTER_API_KEY'];
if (!apiKey) {
this.logger.debug('Skipping OpenRouter provider registration: OPENROUTER_API_KEY not set');
return;
}
this.client = new OpenAI({
apiKey,
baseURL: OPENROUTER_BASE_URL,
defaultHeaders: {
'HTTP-Referer': 'https://mosaic.ai',
'X-Title': 'Mosaic',
},
});
try {
this.registeredModels = await this.fetchModels(apiKey);
this.logger.log(`OpenRouter provider registered with ${this.registeredModels.length} models`);
} catch (err) {
this.logger.warn(
`OpenRouter model discovery failed: ${err instanceof Error ? err.message : String(err)}. Registering with empty model list.`,
);
this.registeredModels = [];
}
}
listModels(): ModelInfo[] {
return this.registeredModels;
}
async healthCheck(): Promise<ProviderHealth> {
const apiKey = process.env['OPENROUTER_API_KEY'];
if (!apiKey) {
return {
status: 'down',
lastChecked: new Date().toISOString(),
error: 'OPENROUTER_API_KEY not configured',
};
}
const start = Date.now();
try {
const res = await fetch(`${OPENROUTER_BASE_URL}/models`, {
method: 'GET',
headers: {
Authorization: `Bearer ${apiKey}`,
Accept: 'application/json',
},
signal: AbortSignal.timeout(5000),
});
const latencyMs = Date.now() - start;
if (!res.ok) {
return {
status: 'degraded',
latencyMs,
lastChecked: new Date().toISOString(),
error: `HTTP ${res.status}`,
};
}
return { status: 'healthy', latencyMs, lastChecked: new Date().toISOString() };
} catch (err) {
const latencyMs = Date.now() - start;
const error = err instanceof Error ? err.message : String(err);
return { status: 'down', latencyMs, lastChecked: new Date().toISOString(), error };
}
}
/**
* Stream a completion through OpenRouter's OpenAI-compatible API.
*/
async *createCompletion(params: CompletionParams): AsyncIterable<CompletionEvent> {
if (!this.client) {
throw new Error('OpenRouterAdapter is not initialized. Ensure OPENROUTER_API_KEY is set.');
}
const stream = await this.client.chat.completions.create({
model: params.model,
messages: params.messages.map((m) => ({ role: m.role, content: m.content })),
temperature: params.temperature,
max_tokens: params.maxTokens,
stream: true,
});
let inputTokens = 0;
let outputTokens = 0;
for await (const chunk of stream) {
const choice = chunk.choices[0];
if (!choice) continue;
const delta = choice.delta;
if (delta.content) {
yield { type: 'text_delta', content: delta.content };
}
if (choice.finish_reason === 'stop') {
const usage = (chunk as { usage?: { prompt_tokens?: number; completion_tokens?: number } })
.usage;
if (usage) {
inputTokens = usage.prompt_tokens ?? 0;
outputTokens = usage.completion_tokens ?? 0;
}
}
}
yield {
type: 'done',
usage: { inputTokens, outputTokens },
};
}
// ---------------------------------------------------------------------------
// Private helpers
// ---------------------------------------------------------------------------
private async fetchModels(apiKey: string): Promise<ModelInfo[]> {
const res = await fetch(`${OPENROUTER_BASE_URL}/models`, {
method: 'GET',
headers: {
Authorization: `Bearer ${apiKey}`,
Accept: 'application/json',
},
signal: AbortSignal.timeout(10000),
});
if (!res.ok) {
throw new Error(`OpenRouter models endpoint returned HTTP ${res.status}`);
}
const json = (await res.json()) as OpenRouterModelsResponse;
const data = json.data ?? [];
return data.map((model): ModelInfo => {
const inputPrice = model.pricing?.prompt
? parseFloat(String(model.pricing.prompt)) * 1000
: 0;
const outputPrice = model.pricing?.completion
? parseFloat(String(model.pricing.completion)) * 1000
: 0;
const inputModalities = model.architecture?.input_modalities ?? ['text'];
const inputTypes = inputModalities.includes('image')
? (['text', 'image'] as const)
: (['text'] as const);
return {
id: model.id,
provider: 'openrouter',
name: model.name ?? model.id,
reasoning: false,
contextWindow: model.context_length ?? 4096,
maxTokens: model.top_provider?.max_completion_tokens ?? 4096,
inputTypes: [...inputTypes],
cost: {
input: inputPrice,
output: outputPrice,
cacheRead: 0,
cacheWrite: 0,
},
};
});
}
}

187
apps/gateway/src/agent/adapters/zai.adapter.ts
View File

@@ -1,187 +0,0 @@
import { Logger } from '@nestjs/common';
import OpenAI from 'openai';
import type {
CompletionEvent,
CompletionParams,
IProviderAdapter,
ModelInfo,
ProviderHealth,
} from '@mosaicstack/types';
import { getModelCapability } from '../model-capabilities.js';
/**
* Default Z.ai API base URL.
* Z.ai (BigModel / Zhipu AI) exposes an OpenAI-compatible API at this endpoint.
* Can be overridden via the ZAI_BASE_URL environment variable.
*/
const DEFAULT_ZAI_BASE_URL = 'https://open.bigmodel.cn/api/paas/v4';
/**
* GLM-5 model identifier on the Z.ai platform.
*/
const GLM5_MODEL_ID = 'glm-5';
/**
* Z.ai (Zhipu AI / BigModel) provider adapter.
*
* Z.ai exposes an OpenAI-compatible REST API. This adapter uses the `openai`
* SDK with a custom base URL and the ZAI_API_KEY environment variable.
*
* Configuration:
* ZAI_API_KEY — required; Z.ai API key
* ZAI_BASE_URL — optional; override the default API base URL
*/
export class ZaiAdapter implements IProviderAdapter {
readonly name = 'zai';
private readonly logger = new Logger(ZaiAdapter.name);
private client: OpenAI | null = null;
private registeredModels: ModelInfo[] = [];
async register(): Promise<void> {
const apiKey = process.env['ZAI_API_KEY'];
if (!apiKey) {
this.logger.debug('Skipping Z.ai provider registration: ZAI_API_KEY not set');
return;
}
const baseURL = process.env['ZAI_BASE_URL'] ?? DEFAULT_ZAI_BASE_URL;
this.client = new OpenAI({ apiKey, baseURL });
this.registeredModels = this.buildModelList();
this.logger.log(`Z.ai provider registered with ${this.registeredModels.length} model(s)`);
}
listModels(): ModelInfo[] {
return this.registeredModels;
}
async healthCheck(): Promise<ProviderHealth> {
const apiKey = process.env['ZAI_API_KEY'];
if (!apiKey) {
return {
status: 'down',
lastChecked: new Date().toISOString(),
error: 'ZAI_API_KEY not configured',
};
}
const baseURL = process.env['ZAI_BASE_URL'] ?? DEFAULT_ZAI_BASE_URL;
const start = Date.now();
try {
const res = await fetch(`${baseURL}/models`, {
method: 'GET',
headers: {
Authorization: `Bearer ${apiKey}`,
Accept: 'application/json',
},
signal: AbortSignal.timeout(5000),
});
const latencyMs = Date.now() - start;
if (!res.ok) {
return {
status: 'degraded',
latencyMs,
lastChecked: new Date().toISOString(),
error: `HTTP ${res.status}`,
};
}
return { status: 'healthy', latencyMs, lastChecked: new Date().toISOString() };
} catch (err) {
const latencyMs = Date.now() - start;
const error = err instanceof Error ? err.message : String(err);
return { status: 'down', latencyMs, lastChecked: new Date().toISOString(), error };
}
}
/**
* Stream a completion through Z.ai's OpenAI-compatible API.
*/
async *createCompletion(params: CompletionParams): AsyncIterable<CompletionEvent> {
if (!this.client) {
throw new Error('ZaiAdapter is not initialized. Ensure ZAI_API_KEY is set.');
}
const stream = await this.client.chat.completions.create({
model: params.model,
messages: params.messages.map((m) => ({ role: m.role, content: m.content })),
temperature: params.temperature,
max_tokens: params.maxTokens,
stream: true,
});
let inputTokens = 0;
let outputTokens = 0;
for await (const chunk of stream) {
const choice = chunk.choices[0];
if (!choice) continue;
const delta = choice.delta;
if (delta.content) {
yield { type: 'text_delta', content: delta.content };
}
if (choice.finish_reason === 'stop') {
const usage = (chunk as { usage?: { prompt_tokens?: number; completion_tokens?: number } })
.usage;
if (usage) {
inputTokens = usage.prompt_tokens ?? 0;
outputTokens = usage.completion_tokens ?? 0;
}
}
}
yield {
type: 'done',
usage: { inputTokens, outputTokens },
};
}
// ---------------------------------------------------------------------------
// Private helpers
// ---------------------------------------------------------------------------
private buildModelList(): ModelInfo[] {
const capability = getModelCapability(GLM5_MODEL_ID);
if (!capability) {
this.logger.warn(`Model capability entry not found for '${GLM5_MODEL_ID}'; using defaults`);
return [
{
id: GLM5_MODEL_ID,
provider: 'zai',
name: 'GLM-5',
reasoning: false,
contextWindow: 128000,
maxTokens: 8192,
inputTypes: ['text'],
cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
},
];
}
return [
{
id: capability.id,
provider: 'zai',
name: capability.displayName,
reasoning: capability.capabilities.reasoning,
contextWindow: capability.contextWindow,
maxTokens: capability.maxOutputTokens,
inputTypes: capability.capabilities.vision ? ['text', 'image'] : ['text'],
cost: {
input: capability.costPer1kInput ?? 0,
output: capability.costPer1kOutput ?? 0,
cacheRead: 0,
cacheWrite: 0,
},
},
];
}
}

100
apps/gateway/src/agent/agent-config.dto.ts
View File

@@ -11,51 +11,6 @@ import {
const agentStatuses = ['idle', 'active', 'error', 'offline'] as const;
// ─── Agent Capability Declarations (M4-011) ───────────────────────────────────
/**
* Agent specialization capability fields.
* Stored inside the agent's `config` JSON as `capabilities`.
*/
export class AgentCapabilitiesDto {
/**
* Domains this agent specializes in, e.g. ['frontend', 'backend', 'devops'].
* Used by the routing engine to bias toward this agent for matching domains.
*/
@IsOptional()
@IsArray()
@IsString({ each: true })
domains?: string[];
/**
* Default model identifier for this agent.
* Influences routing when no explicit rule overrides the choice.
*/
@IsOptional()
@IsString()
@MaxLength(255)
preferredModel?: string;
/**
* Default provider for this agent.
* Influences routing when no explicit rule overrides the choice.
*/
@IsOptional()
@IsString()
@MaxLength(255)
preferredProvider?: string;
/**
* Tool categories this agent has access to, e.g. ['web-search', 'code-exec'].
*/
@IsOptional()
@IsArray()
@IsString({ each: true })
toolSets?: string[];
}
// ─── Create DTO ───────────────────────────────────────────────────────────────
export class CreateAgentConfigDto {
@IsString()
@MaxLength(255)
@@ -94,40 +49,11 @@ export class CreateAgentConfigDto {
@IsBoolean()
isSystem?: boolean;
/**
* General config blob. May include `capabilities` (AgentCapabilitiesDto)
* for agent specialization declarations (M4-011).
*/
@IsOptional()
@IsObject()
config?: Record<string, unknown>;
// ─── Capability shorthand fields (M4-011) ──────────────────────────────────
// These are convenience top-level fields that get merged into config.capabilities.
@IsOptional()
@IsArray()
@IsString({ each: true })
domains?: string[];
@IsOptional()
@IsString()
@MaxLength(255)
preferredModel?: string;
@IsOptional()
@IsString()
@MaxLength(255)
preferredProvider?: string;
@IsOptional()
@IsArray()
@IsString({ each: true })
toolSets?: string[];
}
// ─── Update DTO ───────────────────────────────────────────────────────────────
export class UpdateAgentConfigDto {
@IsOptional()
@IsString()
@@ -165,33 +91,7 @@ export class UpdateAgentConfigDto {
@IsArray()
skills?: string[] | null;
/**
* General config blob. May include `capabilities` (AgentCapabilitiesDto)
* for agent specialization declarations (M4-011).
*/
@IsOptional()
@IsObject()
config?: Record<string, unknown> | null;
// ─── Capability shorthand fields (M4-011) ──────────────────────────────────
@IsOptional()
@IsArray()
@IsString({ each: true })
domains?: string[] | null;
@IsOptional()
@IsString()
@MaxLength(255)
preferredModel?: string | null;
@IsOptional()
@IsString()
@MaxLength(255)
preferredProvider?: string | null;
@IsOptional()
@IsArray()
@IsString({ each: true })
toolSets?: string[] | null;
}

89
apps/gateway/src/agent/agent-configs.controller.ts
View File

@@ -13,59 +13,12 @@ import {
Post,
UseGuards,
} from '@nestjs/common';
import type { Brain } from '@mosaicstack/brain';
import type { Brain } from '@mosaic/brain';
import { BRAIN } from '../brain/brain.tokens.js';
import { AuthGuard } from '../auth/auth.guard.js';
import { CurrentUser } from '../auth/current-user.decorator.js';
import { CreateAgentConfigDto, UpdateAgentConfigDto } from './agent-config.dto.js';
// ─── M4-011 helpers ──────────────────────────────────────────────────────────
type CapabilityFields = {
domains?: string[] | null;
preferredModel?: string | null;
preferredProvider?: string | null;
toolSets?: string[] | null;
};
/** Extract capability shorthand fields from the DTO (undefined if none provided). */
function buildCapabilities(dto: CapabilityFields): Record<string, unknown> | undefined {
const hasAny =
dto.domains !== undefined ||
dto.preferredModel !== undefined ||
dto.preferredProvider !== undefined ||
dto.toolSets !== undefined;
if (!hasAny) return undefined;
const cap: Record<string, unknown> = {};
if (dto.domains !== undefined) cap['domains'] = dto.domains;
if (dto.preferredModel !== undefined) cap['preferredModel'] = dto.preferredModel;
if (dto.preferredProvider !== undefined) cap['preferredProvider'] = dto.preferredProvider;
if (dto.toolSets !== undefined) cap['toolSets'] = dto.toolSets;
return cap;
}
/** Merge capabilities into the config object, preserving other config keys. */
function mergeCapabilities(
existing: Record<string, unknown> | null | undefined,
capabilities: Record<string, unknown> | undefined,
): Record<string, unknown> | undefined {
if (capabilities === undefined && existing === undefined) return undefined;
if (capabilities === undefined) return existing ?? undefined;
const base = existing ?? {};
const existingCap =
typeof base['capabilities'] === 'object' && base['capabilities'] !== null
? (base['capabilities'] as Record<string, unknown>)
: {};
return {
...base,
capabilities: { ...existingCap, ...capabilities },
};
}
@Controller('api/agents')
@UseGuards(AuthGuard)
export class AgentConfigsController {
@@ -88,22 +41,10 @@ export class AgentConfigsController {
@Post()
async create(@Body() dto: CreateAgentConfigDto, @CurrentUser() user: { id: string }) {
// Merge capability shorthand fields into config.capabilities (M4-011)
const capabilities = buildCapabilities(dto);
const config = mergeCapabilities(dto.config, capabilities);
return this.brain.agents.create({
name: dto.name,
provider: dto.provider,
model: dto.model,
status: dto.status,
projectId: dto.projectId,
systemPrompt: dto.systemPrompt,
allowedTools: dto.allowedTools,
skills: dto.skills,
isSystem: false,
config,
...dto,
ownerId: user.id,
isSystem: false,
});
}
@@ -122,32 +63,10 @@ export class AgentConfigsController {
throw new ForbiddenException('Agent does not belong to the current user');
}
// Merge capability shorthand fields into config.capabilities (M4-011)
const capabilities = buildCapabilities(dto);
const baseConfig =
dto.config !== undefined
? dto.config
: (agent.config as Record<string, unknown> | null | undefined);
const config = mergeCapabilities(baseConfig ?? undefined, capabilities);
// Pass ownerId for user agents so the repo WHERE clause enforces ownership.
// For system agents (admin path) pass undefined so the WHERE matches only on id.
const ownerId = agent.isSystem ? undefined : user.id;
const updated = await this.brain.agents.update(
id,
{
name: dto.name,
provider: dto.provider,
model: dto.model,
status: dto.status,
projectId: dto.projectId,
systemPrompt: dto.systemPrompt,
allowedTools: dto.allowedTools,
skills: dto.skills,
config: capabilities !== undefined || dto.config !== undefined ? config : undefined,
},
ownerId,
);
const updated = await this.brain.agents.update(id, dto, ownerId);
if (!updated) throw new NotFoundException('Agent not found');
return updated;
}

23
apps/gateway/src/agent/agent.module.ts
View File

@@ -1,14 +1,11 @@
import { Global, Module } from '@nestjs/common';
import { AgentService } from './agent.service.js';
import { ProviderService } from './provider.service.js';
import { ProviderCredentialsService } from './provider-credentials.service.js';
import { RoutingService } from './routing.service.js';
import { RoutingEngineService } from './routing/routing-engine.service.js';
import { SkillLoaderService } from './skill-loader.service.js';
import { ProvidersController } from './providers.controller.js';
import { SessionsController } from './sessions.controller.js';
import { AgentConfigsController } from './agent-configs.controller.js';
import { RoutingController } from './routing/routing.controller.js';
import { CoordModule } from '../coord/coord.module.js';
import { McpClientModule } from '../mcp-client/mcp-client.module.js';
import { SkillsModule } from '../skills/skills.module.js';
@@ -17,22 +14,8 @@ import { GCModule } from '../gc/gc.module.js';
@Global()
@Module({
imports: [CoordModule, McpClientModule, SkillsModule, GCModule],
providers: [
ProviderService,
ProviderCredentialsService,
RoutingService,
RoutingEngineService,
SkillLoaderService,
AgentService,
],
controllers: [ProvidersController, SessionsController, AgentConfigsController, RoutingController],
exports: [
AgentService,
ProviderService,
ProviderCredentialsService,
RoutingService,
RoutingEngineService,
SkillLoaderService,
],
providers: [ProviderService, RoutingService, SkillLoaderService, AgentService],
controllers: [ProvidersController, SessionsController, AgentConfigsController],
exports: [AgentService, ProviderService, RoutingService, SkillLoaderService],
})
export class AgentModule {}

115
apps/gateway/src/agent/agent.service.ts
View File

@@ -7,8 +7,8 @@ import {
type AgentSessionEvent,
type ToolDefinition,
} from '@mariozechner/pi-coding-agent';
import type { Brain } from '@mosaicstack/brain';
import type { Memory } from '@mosaicstack/memory';
import type { Brain } from '@mosaic/brain';
import type { Memory } from '@mosaic/memory';
import { BRAIN } from '../brain/brain.tokens.js';
import { MEMORY } from '../memory/memory.tokens.js';
import { EmbeddingService } from '../memory/embedding.service.js';
@@ -23,8 +23,7 @@ import { createFileTools } from './tools/file-tools.js';
import { createGitTools } from './tools/git-tools.js';
import { createShellTools } from './tools/shell-tools.js';
import { createWebTools } from './tools/web-tools.js';
import { createSearchTools } from './tools/search-tools.js';
import type { SessionInfoDto, SessionMetrics } from './session.dto.js';
import type { SessionInfoDto } from './session.dto.js';
import { SystemOverrideService } from '../preferences/system-override.service.js';
import { PreferencesService } from '../preferences/preferences.service.js';
import { SessionGCService } from '../gc/session-gc.service.js';
@@ -94,12 +93,6 @@ export interface AgentSession {
allowedTools: string[] | null;
/** User ID that owns this session, used for preference lookups. */
userId?: string;
/** Agent config ID applied to this session, if any (M5-001). */
agentConfigId?: string;
/** Human-readable agent name applied to this session, if any (M5-001). */
agentName?: string;
/** M5-007: per-session metrics. */
metrics: SessionMetrics;
}
@Injectable()
@@ -147,7 +140,6 @@ export class AgentService implements OnModuleDestroy {
...createGitTools(sandboxDir),
...createShellTools(sandboxDir),
...createWebTools(),
...createSearchTools(),
];
}
@@ -192,13 +184,11 @@ export class AgentService implements OnModuleDestroy {
sessionId: string,
options?: AgentSessionOptions,
): Promise<AgentSession> {
// Merge DB agent config when agentConfigId is provided (M5-001)
// Merge DB agent config when agentConfigId is provided
let mergedOptions = options;
let resolvedAgentName: string | undefined;
if (options?.agentConfigId) {
const agentConfig = await this.brain.agents.findById(options.agentConfigId);
if (agentConfig) {
resolvedAgentName = agentConfig.name;
mergedOptions = {
provider: options.provider ?? agentConfig.provider,
modelId: options.modelId ?? agentConfig.model,
@@ -207,8 +197,6 @@ export class AgentService implements OnModuleDestroy {
sandboxDir: options.sandboxDir,
isAdmin: options.isAdmin,
agentConfigId: options.agentConfigId,
userId: options.userId,
conversationHistory: options.conversationHistory,
};
this.logger.log(
`Merged agent config "${agentConfig.name}" (${agentConfig.id}) into session ${sessionId}`,
@@ -342,23 +330,10 @@ export class AgentService implements OnModuleDestroy {
sandboxDir,
allowedTools,
userId: mergedOptions?.userId,
agentConfigId: mergedOptions?.agentConfigId,
agentName: resolvedAgentName,
metrics: {
tokens: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
modelSwitches: 0,
messageCount: 0,
lastActivityAt: new Date().toISOString(),
},
};
this.sessions.set(sessionId, session);
this.logger.log(`Agent session ${sessionId} ready (${providerName}/${modelId})`);
if (resolvedAgentName) {
this.logger.log(
`Agent session ${sessionId} using agent config "${resolvedAgentName}" (M5-001)`,
);
}
return session;
}
@@ -483,12 +458,10 @@ export class AgentService implements OnModuleDestroy {
id: s.id,
provider: s.provider,
modelId: s.modelId,
...(s.agentName ? { agentName: s.agentName } : {}),
createdAt: new Date(s.createdAt).toISOString(),
promptCount: s.promptCount,
channels: Array.from(s.channels),
durationMs: now - s.createdAt,
metrics: { ...s.metrics },
}));
}
@@ -499,93 +472,13 @@ export class AgentService implements OnModuleDestroy {
id: s.id,
provider: s.provider,
modelId: s.modelId,
...(s.agentName ? { agentName: s.agentName } : {}),
createdAt: new Date(s.createdAt).toISOString(),
promptCount: s.promptCount,
channels: Array.from(s.channels),
durationMs: Date.now() - s.createdAt,
metrics: { ...s.metrics },
};
}
/**
* Record token usage for a session turn (M5-007).
* Accumulates tokens across the session lifetime.
*/
recordTokenUsage(
sessionId: string,
tokens: { input: number; output: number; cacheRead: number; cacheWrite: number; total: number },
): void {
const session = this.sessions.get(sessionId);
if (!session) return;
session.metrics.tokens.input += tokens.input;
session.metrics.tokens.output += tokens.output;
session.metrics.tokens.cacheRead += tokens.cacheRead;
session.metrics.tokens.cacheWrite += tokens.cacheWrite;
session.metrics.tokens.total += tokens.total;
session.metrics.lastActivityAt = new Date().toISOString();
}
/**
* Record a model switch event for a session (M5-007).
*/
recordModelSwitch(sessionId: string): void {
const session = this.sessions.get(sessionId);
if (!session) return;
session.metrics.modelSwitches += 1;
session.metrics.lastActivityAt = new Date().toISOString();
}
/**
* Increment message count for a session (M5-007).
*/
recordMessage(sessionId: string): void {
const session = this.sessions.get(sessionId);
if (!session) return;
session.metrics.messageCount += 1;
session.metrics.lastActivityAt = new Date().toISOString();
}
/**
* Update the model tracked on a live session (M5-002).
* This records the model change in the session metadata so subsequent
* session:info emissions reflect the new model. The Pi session itself is
* not reconstructed — the model is used on the next createSession call for
* the same conversationId when the session is torn down or a new one is created.
*/
updateSessionModel(sessionId: string, modelId: string): void {
const session = this.sessions.get(sessionId);
if (!session) return;
const prev = session.modelId;
session.modelId = modelId;
this.recordModelSwitch(sessionId);
this.logger.log(`Session ${sessionId}: model updated ${prev}${modelId} (M5-002)`);
}
/**
* Apply a new agent config to a live session mid-conversation (M5-003).
* Updates agentName, agentConfigId, and modelId on the session object.
* System prompt and tools take effect when the next session is created for
* this conversationId (they are baked in at session creation time).
*/
applyAgentConfig(
sessionId: string,
agentConfigId: string,
agentName: string,
modelId?: string,
): void {
const session = this.sessions.get(sessionId);
if (!session) return;
session.agentConfigId = agentConfigId;
session.agentName = agentName;
if (modelId) {
this.updateSessionModel(sessionId, modelId);
}
this.logger.log(
`Session ${sessionId}: agent switched to "${agentName}" (${agentConfigId}) (M5-003)`,
);
}
addChannel(sessionId: string, channel: string): void {
const session = this.sessions.get(sessionId);
if (session) {

2
apps/gateway/src/agent/model-capabilities.ts
View File

@@ -1,4 +1,4 @@
import type { ModelCapability } from '@mosaicstack/types';
import type { ModelCapability } from '@mosaic/types';
/**
* Comprehensive capability matrix for all target models.

23
apps/gateway/src/agent/provider-credentials.dto.ts
View File

@@ -1,23 +0,0 @@
/** DTO for storing a provider credential. */
export interface StoreCredentialDto {
/** Provider identifier (e.g., 'anthropic', 'openai', 'openrouter', 'zai') */
provider: string;
/** Credential type */
type: 'api_key' | 'oauth_token';
/** Plain-text credential value — will be encrypted before storage */
value: string;
/** Optional extra config (e.g., base URL overrides) */
metadata?: Record<string, unknown>;
}
/** DTO returned in list/existence responses — never contains decrypted values. */
export interface ProviderCredentialSummaryDto {
provider: string;
credentialType: 'api_key' | 'oauth_token';
/** Whether a credential is stored for this provider */
exists: boolean;
expiresAt?: string | null;
metadata?: Record<string, unknown> | null;
createdAt: string;
updatedAt: string;
}

175
apps/gateway/src/agent/provider-credentials.service.ts
View File

@@ -1,175 +0,0 @@
import { Inject, Injectable, Logger } from '@nestjs/common';
import { createCipheriv, createDecipheriv, createHash, randomBytes } from 'node:crypto';
import type { Db } from '@mosaicstack/db';
import { providerCredentials, eq, and } from '@mosaicstack/db';
import { DB } from '../database/database.module.js';
import type { ProviderCredentialSummaryDto } from './provider-credentials.dto.js';
const ALGORITHM = 'aes-256-gcm';
const IV_LENGTH = 12; // 96-bit IV for GCM
const TAG_LENGTH = 16; // 128-bit auth tag
/**
* Derive a 32-byte AES-256 key from BETTER_AUTH_SECRET using SHA-256.
* The secret is assumed to be set in the environment.
*/
function deriveEncryptionKey(): Buffer {
const secret = process.env['BETTER_AUTH_SECRET'];
if (!secret) {
throw new Error('BETTER_AUTH_SECRET is not set — cannot derive encryption key');
}
return createHash('sha256').update(secret).digest();
}
/**
* Encrypt a plain-text value using AES-256-GCM.
* Output format: base64(iv + authTag + ciphertext)
*/
function encrypt(plaintext: string): string {
const key = deriveEncryptionKey();
const iv = randomBytes(IV_LENGTH);
const cipher = createCipheriv(ALGORITHM, key, iv);
const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
const authTag = cipher.getAuthTag();
// Combine iv (12) + authTag (16) + ciphertext and base64-encode
const combined = Buffer.concat([iv, authTag, encrypted]);
return combined.toString('base64');
}
/**
* Decrypt a value encrypted by `encrypt()`.
* Throws on authentication failure (tampered data).
*/
function decrypt(encoded: string): string {
const key = deriveEncryptionKey();
const combined = Buffer.from(encoded, 'base64');
const iv = combined.subarray(0, IV_LENGTH);
const authTag = combined.subarray(IV_LENGTH, IV_LENGTH + TAG_LENGTH);
const ciphertext = combined.subarray(IV_LENGTH + TAG_LENGTH);
const decipher = createDecipheriv(ALGORITHM, key, iv);
decipher.setAuthTag(authTag);
const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
return decrypted.toString('utf8');
}
@Injectable()
export class ProviderCredentialsService {
private readonly logger = new Logger(ProviderCredentialsService.name);
constructor(@Inject(DB) private readonly db: Db) {}
/**
* Encrypt and store (or update) a credential for the given user + provider.
* Uses an upsert pattern: one row per (userId, provider).
*/
async store(
userId: string,
provider: string,
type: 'api_key' | 'oauth_token',
value: string,
metadata?: Record<string, unknown>,
): Promise<void> {
const encryptedValue = encrypt(value);
await this.db
.insert(providerCredentials)
.values({
userId,
provider,
credentialType: type,
encryptedValue,
metadata: metadata ?? null,
})
.onConflictDoUpdate({
target: [providerCredentials.userId, providerCredentials.provider],
set: {
credentialType: type,
encryptedValue,
metadata: metadata ?? null,
updatedAt: new Date(),
},
});
this.logger.log(`Credential stored for user=${userId} provider=${provider}`);
}
/**
* Decrypt and return the plain-text credential value for the given user + provider.
* Returns null if no credential is stored.
*/
async retrieve(userId: string, provider: string): Promise<string | null> {
const rows = await this.db
.select()
.from(providerCredentials)
.where(
and(eq(providerCredentials.userId, userId), eq(providerCredentials.provider, provider)),
)
.limit(1);
if (rows.length === 0) return null;
const row = rows[0]!;
// Skip expired OAuth tokens
if (row.expiresAt && row.expiresAt < new Date()) {
this.logger.warn(`Credential for user=${userId} provider=${provider} has expired`);
return null;
}
try {
return decrypt(row.encryptedValue);
} catch (err) {
this.logger.error(
`Failed to decrypt credential for user=${userId} provider=${provider}`,
err instanceof Error ? err.message : String(err),
);
return null;
}
}
/**
* Delete the stored credential for the given user + provider.
*/
async remove(userId: string, provider: string): Promise<void> {
await this.db
.delete(providerCredentials)
.where(
and(eq(providerCredentials.userId, userId), eq(providerCredentials.provider, provider)),
);
this.logger.log(`Credential removed for user=${userId} provider=${provider}`);
}
/**
* List all providers for which the user has stored credentials.
* Never returns decrypted values.
*/
async listProviders(userId: string): Promise<ProviderCredentialSummaryDto[]> {
const rows = await this.db
.select({
provider: providerCredentials.provider,
credentialType: providerCredentials.credentialType,
expiresAt: providerCredentials.expiresAt,
metadata: providerCredentials.metadata,
createdAt: providerCredentials.createdAt,
updatedAt: providerCredentials.updatedAt,
})
.from(providerCredentials)
.where(eq(providerCredentials.userId, userId));
return rows.map((row) => ({
provider: row.provider,
credentialType: row.credentialType,
exists: true,
expiresAt: row.expiresAt?.toISOString() ?? null,
metadata: row.metadata as Record<string, unknown> | null,
createdAt: row.createdAt.toISOString(),
updatedAt: row.updatedAt.toISOString(),
}));
}
}

96
apps/gateway/src/agent/provider.service.ts
View File

@@ -1,11 +1,4 @@
import {
Inject,
Injectable,
Logger,
Optional,
type OnModuleDestroy,
type OnModuleInit,
} from '@nestjs/common';
import { Injectable, Logger, type OnModuleDestroy, type OnModuleInit } from '@nestjs/common';
import { ModelRegistry, AuthStorage } from '@mariozechner/pi-coding-agent';
import { getModel, type Model, type Api } from '@mariozechner/pi-ai';
import type {
@@ -14,16 +7,9 @@ import type {
ModelInfo,
ProviderHealth,
ProviderInfo,
} from '@mosaicstack/types';
import {
AnthropicAdapter,
OllamaAdapter,
OpenAIAdapter,
OpenRouterAdapter,
ZaiAdapter,
} from './adapters/index.js';
} from '@mosaic/types';
import { AnthropicAdapter, OllamaAdapter } from './adapters/index.js';
import type { TestConnectionResultDto } from './provider.dto.js';
import { ProviderCredentialsService } from './provider-credentials.service.js';
/** Default health check interval in seconds */
const DEFAULT_HEALTH_INTERVAL_SECS = 60;
@@ -31,25 +17,11 @@ const DEFAULT_HEALTH_INTERVAL_SECS = 60;
/** DI injection token for the provider adapter array. */
export const PROVIDER_ADAPTERS = Symbol('PROVIDER_ADAPTERS');
/** Environment variable names for well-known providers */
const PROVIDER_ENV_KEYS: Record<string, string> = {
anthropic: 'ANTHROPIC_API_KEY',
openai: 'OPENAI_API_KEY',
openrouter: 'OPENROUTER_API_KEY',
zai: 'ZAI_API_KEY',
};
@Injectable()
export class ProviderService implements OnModuleInit, OnModuleDestroy {
private readonly logger = new Logger(ProviderService.name);
private registry!: ModelRegistry;
constructor(
@Optional()
@Inject(ProviderCredentialsService)
private readonly credentialsService: ProviderCredentialsService | null,
) {}
/**
* Adapters registered with this service.
* Built-in adapters (Ollama) are always present; additional adapters can be
@@ -67,21 +39,17 @@ export class ProviderService implements OnModuleInit, OnModuleDestroy {
async onModuleInit(): Promise<void> {
const authStorage = AuthStorage.inMemory();
this.registry = ModelRegistry.inMemory(authStorage);
this.registry = new ModelRegistry(authStorage);
// Build the default set of adapters that rely on the registry
this.adapters = [
new OllamaAdapter(this.registry),
new AnthropicAdapter(this.registry),
new OpenAIAdapter(this.registry),
new OpenRouterAdapter(),
new ZaiAdapter(),
];
this.adapters = [new OllamaAdapter(this.registry), new AnthropicAdapter(this.registry)];
// Run all adapter registrations first (Ollama, Anthropic, OpenAI, OpenRouter, Z.ai)
// Run all adapter registrations first (Ollama, Anthropic, and any future adapters)
await this.registerAll();
// Register API-key providers directly (custom)
// Register API-key providers directly (Z.ai, custom)
// OpenAI now has a dedicated adapter (M3-003).
this.registerZaiProvider();
this.registerCustomProviders();
const available = this.registry.getAvailable();
@@ -362,9 +330,30 @@ export class ProviderService implements OnModuleInit, OnModuleDestroy {
}
// ---------------------------------------------------------------------------
// Private helpers
// Private helpers — direct registry registration for providers without adapters yet
// (Z.ai will move to an adapter in M3-005)
// ---------------------------------------------------------------------------
private registerZaiProvider(): void {
const apiKey = process.env['ZAI_API_KEY'];
if (!apiKey) {
this.logger.debug('Skipping Z.ai provider registration: ZAI_API_KEY not set');
return;
}
const models = ['glm-4.5', 'glm-4.5-air', 'glm-4.5-flash'].map((id) =>
this.cloneBuiltInModel('zai', id),
);
this.registry.registerProvider('zai', {
apiKey,
baseUrl: 'https://open.bigmodel.cn/api/paas/v4',
models,
});
this.logger.log('Z.ai provider registered with 3 models');
}
private registerCustomProviders(): void {
const customJson = process.env['MOSAIC_CUSTOM_PROVIDERS'];
if (!customJson) return;
@@ -379,29 +368,6 @@ export class ProviderService implements OnModuleInit, OnModuleDestroy {
}
}
/**
* Resolve an API key for a provider, scoped to a specific user.
* User-stored credentials take precedence over environment variables.
* Returns null if no key is available from either source.
*/
async resolveApiKey(userId: string, provider: string): Promise<string | null> {
if (this.credentialsService) {
const userKey = await this.credentialsService.retrieve(userId, provider);
if (userKey) {
this.logger.debug(`Using user-scoped credential for user=${userId} provider=${provider}`);
return userKey;
}
}
// Fall back to environment variable
const envVar = PROVIDER_ENV_KEYS[provider];
const envKey = envVar ? (process.env[envVar] ?? null) : null;
if (envKey) {
this.logger.debug(`Using env-var credential for provider=${provider}`);
}
return envKey;
}
private cloneBuiltInModel(
provider: string,
modelId: string,

57
apps/gateway/src/agent/providers.controller.ts
View File

@@ -1,23 +1,15 @@
import { Body, Controller, Delete, Get, Inject, Param, Post, UseGuards } from '@nestjs/common';
import type { RoutingCriteria } from '@mosaicstack/types';
import { Body, Controller, Get, Inject, Post, UseGuards } from '@nestjs/common';
import type { RoutingCriteria } from '@mosaic/types';
import { AuthGuard } from '../auth/auth.guard.js';
import { CurrentUser } from '../auth/current-user.decorator.js';
import { ProviderService } from './provider.service.js';
import { ProviderCredentialsService } from './provider-credentials.service.js';
import { RoutingService } from './routing.service.js';
import type { TestConnectionDto, TestConnectionResultDto } from './provider.dto.js';
import type {
StoreCredentialDto,
ProviderCredentialSummaryDto,
} from './provider-credentials.dto.js';
@Controller('api/providers')
@UseGuards(AuthGuard)
export class ProvidersController {
constructor(
@Inject(ProviderService) private readonly providerService: ProviderService,
@Inject(ProviderCredentialsService)
private readonly credentialsService: ProviderCredentialsService,
@Inject(RoutingService) private readonly routingService: RoutingService,
) {}
@@ -50,49 +42,4 @@ export class ProvidersController {
rank(@Body() criteria: RoutingCriteria) {
return this.routingService.rank(criteria);
}
// ── Credential CRUD ──────────────────────────────────────────────────────
/**
* GET /api/providers/credentials
* List all provider credentials for the authenticated user.
* Returns provider names, types, and metadata — never decrypted values.
*/
@Get('credentials')
listCredentials(@CurrentUser() user: { id: string }): Promise<ProviderCredentialSummaryDto[]> {
return this.credentialsService.listProviders(user.id);
}
/**
* POST /api/providers/credentials
* Store or update a provider credential for the authenticated user.
* The value is encrypted before storage and never returned.
*/
@Post('credentials')
async storeCredential(
@CurrentUser() user: { id: string },
@Body() body: StoreCredentialDto,
): Promise<{ success: boolean; provider: string }> {
await this.credentialsService.store(
user.id,
body.provider,
body.type,
body.value,
body.metadata,
);
return { success: true, provider: body.provider };
}
/**
* DELETE /api/providers/credentials/:provider
* Remove a stored credential for the authenticated user.
*/
@Delete('credentials/:provider')
async removeCredential(
@CurrentUser() user: { id: string },
@Param('provider') provider: string,
): Promise<{ success: boolean; provider: string }> {
await this.credentialsService.remove(user.id, provider);
return { success: true, provider };
}
}

6
apps/gateway/src/agent/routing.service.ts
View File

@@ -1,6 +1,6 @@
import { Inject, Injectable, Logger } from '@nestjs/common';
import type { ModelInfo } from '@mosaicstack/types';
import type { RoutingCriteria, RoutingResult, CostTier } from '@mosaicstack/types';
import type { ModelInfo } from '@mosaic/types';
import type { RoutingCriteria, RoutingResult, CostTier } from '@mosaic/types';
import { ProviderService } from './provider.service.js';
/** Per-million-token cost thresholds for tier classification */
@@ -8,8 +8,6 @@ const COST_TIER_THRESHOLDS: Record<CostTier, { maxInput: number }> = {
cheap: { maxInput: 1 },
standard: { maxInput: 10 },
premium: { maxInput: Infinity },
// local = self-hosted; treat as cheapest tier for cost scoring purposes
local: { maxInput: 0 },
};
@Injectable()

138
apps/gateway/src/agent/routing/default-rules.ts
View File

@@ -1,138 +0,0 @@
import { Inject, Injectable, Logger, type OnModuleInit } from '@nestjs/common';
import { routingRules, type Db, sql } from '@mosaicstack/db';
import { DB } from '../../database/database.module.js';
import type { RoutingCondition, RoutingAction } from './routing.types.js';
/** Seed-time routing rule descriptor */
interface RoutingRuleSeed {
name: string;
priority: number;
conditions: RoutingCondition[];
action: RoutingAction;
}
export const DEFAULT_ROUTING_RULES: RoutingRuleSeed[] = [
{
name: 'Complex coding → Opus',
priority: 1,
conditions: [
{ field: 'taskType', operator: 'eq', value: 'coding' },
{ field: 'complexity', operator: 'eq', value: 'complex' },
],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
},
{
name: 'Moderate coding → Sonnet',
priority: 2,
conditions: [
{ field: 'taskType', operator: 'eq', value: 'coding' },
{ field: 'complexity', operator: 'eq', value: 'moderate' },
],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
},
{
name: 'Simple coding → Codex',
priority: 3,
conditions: [
{ field: 'taskType', operator: 'eq', value: 'coding' },
{ field: 'complexity', operator: 'eq', value: 'simple' },
],
action: { provider: 'openai', model: 'codex-gpt-5-4' },
},
{
name: 'Research → Codex',
priority: 4,
conditions: [{ field: 'taskType', operator: 'eq', value: 'research' }],
action: { provider: 'openai', model: 'codex-gpt-5-4' },
},
{
name: 'Summarization → GLM-5',
priority: 5,
conditions: [{ field: 'taskType', operator: 'eq', value: 'summarization' }],
action: { provider: 'zai', model: 'glm-5' },
},
{
name: 'Analysis with reasoning → Opus',
priority: 6,
conditions: [
{ field: 'taskType', operator: 'eq', value: 'analysis' },
{ field: 'requiredCapabilities', operator: 'includes', value: 'reasoning' },
],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
},
{
name: 'Conversation → Sonnet',
priority: 7,
conditions: [{ field: 'taskType', operator: 'eq', value: 'conversation' }],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
},
{
name: 'Creative → Sonnet',
priority: 8,
conditions: [{ field: 'taskType', operator: 'eq', value: 'creative' }],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
},
{
name: 'Cheap/general → Haiku',
priority: 9,
conditions: [{ field: 'costTier', operator: 'eq', value: 'cheap' }],
action: { provider: 'anthropic', model: 'claude-haiku-4-5' },
},
{
name: 'Fallback → Sonnet',
priority: 10,
conditions: [],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
},
{
name: 'Offline → Ollama',
priority: 99,
conditions: [{ field: 'costTier', operator: 'eq', value: 'local' }],
action: { provider: 'ollama', model: 'llama3.2' },
},
];
@Injectable()
export class DefaultRoutingRulesSeed implements OnModuleInit {
private readonly logger = new Logger(DefaultRoutingRulesSeed.name);
constructor(@Inject(DB) private readonly db: Db) {}
async onModuleInit(): Promise<void> {
await this.seedDefaultRules();
}
/**
* Insert default routing rules into the database if the table is empty.
* Skips seeding if any system-scoped rules already exist.
*/
async seedDefaultRules(): Promise<void> {
const rows = await this.db
.select({ count: sql<number>`count(*)::int` })
.from(routingRules)
.where(sql`scope = 'system'`);
const count = rows[0]?.count ?? 0;
if (count > 0) {
this.logger.debug(
`Skipping default routing rules seed — ${count} system rule(s) already exist`,
);
return;
}
this.logger.log(`Seeding ${DEFAULT_ROUTING_RULES.length} default routing rules`);
await this.db.insert(routingRules).values(
DEFAULT_ROUTING_RULES.map((rule) => ({
name: rule.name,
priority: rule.priority,
scope: 'system' as const,
conditions: rule.conditions as unknown as Record<string, unknown>[],
action: rule.action as unknown as Record<string, unknown>,
enabled: true,
})),
);
this.logger.log('Default routing rules seeded successfully');
}
}

260
apps/gateway/src/agent/routing/routing-e2e.test.ts
View File

@@ -1,260 +0,0 @@
/**
* M4-013: Routing end-to-end integration tests.
*
* These tests exercise the full pipeline:
* classifyTask (task-classifier) → matchConditions (routing-engine) → RoutingDecision
*
* All tests use a mocked DB (rule store) and mocked ProviderService (health map)
* to avoid real I/O — they verify the complete classify → match → decide path.
*/
import { describe, it, expect, vi } from 'vitest';
import { RoutingEngineService } from './routing-engine.service.js';
import { DEFAULT_ROUTING_RULES } from '../routing/default-rules.js';
import type { RoutingRule } from './routing.types.js';
// ─── Test helpers ─────────────────────────────────────────────────────────────
/** Build a RoutingEngineService backed by the given rule set and health map. */
function makeService(
rules: RoutingRule[],
healthMap: Record<string, { status: string }>,
): RoutingEngineService {
const mockDb = {
select: vi.fn().mockReturnValue({
from: vi.fn().mockReturnValue({
where: vi.fn().mockReturnValue({
orderBy: vi.fn().mockResolvedValue(
rules.map((r) => ({
id: r.id,
name: r.name,
priority: r.priority,
scope: r.scope,
userId: r.userId ?? null,
conditions: r.conditions,
action: r.action,
enabled: r.enabled,
createdAt: new Date(),
updatedAt: new Date(),
})),
),
}),
}),
}),
};
const mockProviderService = {
healthCheckAll: vi.fn().mockResolvedValue(healthMap),
};
return new (RoutingEngineService as unknown as new (
db: unknown,
ps: unknown,
) => RoutingEngineService)(mockDb, mockProviderService);
}
/**
* Convert DEFAULT_ROUTING_RULES (seed format, no id) to RoutingRule objects
* so we can use them in tests.
*/
function defaultRules(): RoutingRule[] {
return DEFAULT_ROUTING_RULES.map((r, i) => ({
id: `rule-${i + 1}`,
scope: 'system' as const,
userId: undefined,
enabled: true,
...r,
}));
}
/** A health map where anthropic, openai, and zai are all healthy. */
const allHealthy: Record<string, { status: string }> = {
anthropic: { status: 'up' },
openai: { status: 'up' },
zai: { status: 'up' },
ollama: { status: 'up' },
};
// ─── M4-013 E2E tests ─────────────────────────────────────────────────────────
describe('M4-013: routing end-to-end pipeline', () => {
// Test 1: coding message → should route to Opus (complex coding rule)
it('coding message routes to Opus via task classifier + routing rules', async () => {
// Use a message that classifies as coding + complex
// "architecture" triggers complex; "implement" triggers coding
const message =
'Implement an architecture for a multi-tenant system with database isolation and role-based access control. The system needs to support multiple organizations.';
const service = makeService(defaultRules(), allHealthy);
const decision = await service.resolve(message);
// Classifier should detect: taskType=coding, complexity=complex
// That matches "Complex coding → Opus" rule at priority 1
expect(decision.provider).toBe('anthropic');
expect(decision.model).toBe('claude-opus-4-6');
expect(decision.ruleName).toBe('Complex coding → Opus');
});
// Test 2: "Summarize this" → routes to GLM-5
it('"Summarize this" routes to GLM-5 via summarization rule', async () => {
const message = 'Summarize this document for me please';
const service = makeService(defaultRules(), allHealthy);
const decision = await service.resolve(message);
// Classifier should detect: taskType=summarization
// Matches "Summarization → GLM-5" rule (priority 5)
expect(decision.provider).toBe('zai');
expect(decision.model).toBe('glm-5');
expect(decision.ruleName).toBe('Summarization → GLM-5');
});
// Test 3: simple question → routes to cheap tier (Haiku)
// Note: the "Cheap/general → Haiku" rule uses costTier=cheap condition.
// Since costTier is not part of TaskClassification (it's a request-level field),
// it won't auto-match. Instead we test that a simple conversation falls through
// to the "Conversation → Sonnet" rule — which IS the cheap-tier routing path
// for simple conversational questions.
// We also verify that routing using a user-scoped cheap-tier rule overrides correctly.
it('simple conversational question routes to Sonnet (conversation rule)', async () => {
const message = 'What time is it?';
const service = makeService(defaultRules(), allHealthy);
const decision = await service.resolve(message);
// Classifier: taskType=conversation (no strong signals), complexity=simple
// Matches "Conversation → Sonnet" rule (priority 7)
expect(decision.provider).toBe('anthropic');
expect(decision.model).toBe('claude-sonnet-4-6');
expect(decision.ruleName).toBe('Conversation → Sonnet');
});
// Test 3b: explicit cheap-tier rule via user-scoped override
it('cheap-tier rule routes to Haiku when costTier=cheap condition matches', async () => {
// Build a cheap-tier user rule that has a conversation condition overlapping
// with what we send, but give it lower priority so we can test explicitly
const cheapRule: RoutingRule = {
id: 'cheap-rule-1',
name: 'Cheap/general → Haiku',
priority: 1,
scope: 'system',
enabled: true,
// This rule matches any simple conversation when costTier is set by the resolver.
// We test the rule condition matching directly here:
conditions: [{ field: 'taskType', operator: 'eq', value: 'conversation' }],
action: { provider: 'anthropic', model: 'claude-haiku-4-5' },
};
const service = makeService([cheapRule], allHealthy);
const decision = await service.resolve('Hello, how are you doing today?');
// Simple greeting → conversation → matches cheapRule → Haiku
expect(decision.provider).toBe('anthropic');
expect(decision.model).toBe('claude-haiku-4-5');
expect(decision.ruleName).toBe('Cheap/general → Haiku');
});
// Test 4: /model override bypasses routing
// This test verifies that when a model override is set (stored in chatGateway.modelOverrides),
// the routing engine is NOT called. We simulate this by verifying that the routing engine
// service is not consulted when the override path is taken.
it('/model override bypasses routing engine (no classify → route call)', async () => {
// Build a service that would route to Opus for a coding message
const mockHealthCheckAll = vi.fn().mockResolvedValue(allHealthy);
const mockSelect = vi.fn();
const mockDb = {
select: mockSelect.mockReturnValue({
from: vi.fn().mockReturnValue({
where: vi.fn().mockReturnValue({
orderBy: vi.fn().mockResolvedValue(defaultRules()),
}),
}),
}),
};
const mockProviderService = { healthCheckAll: mockHealthCheckAll };
const service = new (RoutingEngineService as unknown as new (
db: unknown,
ps: unknown,
) => RoutingEngineService)(mockDb, mockProviderService);
// Simulate the ChatGateway model-override logic:
// When a /model override exists, the gateway skips calling routingEngine.resolve().
// We verify this by checking that if we do NOT call resolve(), the DB is never queried.
// (This is the same guarantee the ChatGateway code provides.)
expect(mockSelect).not.toHaveBeenCalled();
expect(mockHealthCheckAll).not.toHaveBeenCalled();
// Now if we DO call resolve (no override), it hits the DB and health check
await service.resolve('implement a function');
expect(mockSelect).toHaveBeenCalled();
expect(mockHealthCheckAll).toHaveBeenCalled();
});
// Test 5: full pipeline classification accuracy — "Summarize this" message
it('full pipeline: classify → match rules → summarization decision', async () => {
const message = 'Can you give me a brief summary of the last meeting notes?';
const service = makeService(defaultRules(), allHealthy);
const decision = await service.resolve(message);
// "brief" keyword → summarization; "brief" is < 100 chars... check length
// message length is ~68 chars → simple complexity but summarization type wins
expect(decision.ruleName).toBe('Summarization → GLM-5');
expect(decision.provider).toBe('zai');
expect(decision.model).toBe('glm-5');
expect(decision.reason).toContain('Summarization → GLM-5');
});
// Test 6: pipeline with unhealthy provider — falls through to fallback
it('when all matched rule providers are unhealthy, falls through to openai fallback', async () => {
// The message classifies as: taskType=coding, complexity=moderate (implement + no architecture keyword,
// moderate length ~60 chars → simple threshold is < 100 → actually simple since it is < 100 chars)
// Let's use a simple coding message to target Simple coding → Codex (openai)
const message = 'implement a sort function';
const unhealthyHealth = {
anthropic: { status: 'down' },
openai: { status: 'up' },
zai: { status: 'up' },
ollama: { status: 'down' },
};
const service = makeService(defaultRules(), unhealthyHealth);
const decision = await service.resolve(message);
// "implement" → coding; 26 chars → simple; so: coding+simple → "Simple coding → Codex" (openai)
// openai is up → should match
expect(decision.provider).toBe('openai');
expect(decision.model).toBe('codex-gpt-5-4');
});
// Test 7: research message routing
it('research message routes to Codex via research rule', async () => {
const message = 'Research the best approaches for distributed caching systems';
const service = makeService(defaultRules(), allHealthy);
const decision = await service.resolve(message);
// "research" keyword → taskType=research → "Research → Codex" rule (priority 4)
expect(decision.ruleName).toBe('Research → Codex');
expect(decision.provider).toBe('openai');
expect(decision.model).toBe('codex-gpt-5-4');
});
// Test 8: full pipeline integrity — decision includes all required fields
it('routing decision includes provider, model, ruleName, and reason', async () => {
const message = 'implement a new feature';
const service = makeService(defaultRules(), allHealthy);
const decision = await service.resolve(message);
expect(decision).toHaveProperty('provider');
expect(decision).toHaveProperty('model');
expect(decision).toHaveProperty('ruleName');
expect(decision).toHaveProperty('reason');
expect(typeof decision.provider).toBe('string');
expect(typeof decision.model).toBe('string');
expect(typeof decision.ruleName).toBe('string');
expect(typeof decision.reason).toBe('string');
});
});

216
apps/gateway/src/agent/routing/routing-engine.service.ts
View File

@@ -1,216 +0,0 @@
import { Inject, Injectable, Logger } from '@nestjs/common';
import { routingRules, type Db, and, asc, eq, or } from '@mosaicstack/db';
import { DB } from '../../database/database.module.js';
import { ProviderService } from '../provider.service.js';
import { classifyTask } from './task-classifier.js';
import type {
RoutingCondition,
RoutingRule,
RoutingDecision,
TaskClassification,
} from './routing.types.js';
// ─── Injection tokens ────────────────────────────────────────────────────────
export const PROVIDER_SERVICE = Symbol('ProviderService');
// ─── Fallback chain ──────────────────────────────────────────────────────────
/**
* Ordered fallback providers tried when no rule matches or all matched
* providers are unhealthy.
*/
const FALLBACK_CHAIN: Array<{ provider: string; model: string }> = [
{ provider: 'anthropic', model: 'claude-sonnet-4-6' },
{ provider: 'anthropic', model: 'claude-haiku-4-5' },
{ provider: 'ollama', model: 'llama3.2' },
];
// ─── Service ─────────────────────────────────────────────────────────────────
@Injectable()
export class RoutingEngineService {
private readonly logger = new Logger(RoutingEngineService.name);
constructor(
@Inject(DB) private readonly db: Db,
@Inject(ProviderService) private readonly providerService: ProviderService,
) {}
/**
* Classify the message, evaluate routing rules in priority order, and return
* the best routing decision.
*
* @param message - Raw user message text used for classification.
* @param userId - Optional user ID for loading user-scoped rules.
* @param availableProviders - Optional pre-fetched provider health map to
* avoid redundant health checks inside tight loops.
*/
async resolve(
message: string,
userId?: string,
availableProviders?: Record<string, { status: string }>,
): Promise<RoutingDecision> {
const classification = classifyTask(message);
this.logger.debug(
`Classification: taskType=${classification.taskType} complexity=${classification.complexity} domain=${classification.domain}`,
);
// Load health data once (re-use caller-supplied map if provided)
const health = availableProviders ?? (await this.providerService.healthCheckAll());
// Load all applicable rules ordered by priority
const rules = await this.loadRules(userId);
// Evaluate rules in priority order
for (const rule of rules) {
if (!rule.enabled) continue;
if (!this.matchConditions(rule, classification)) continue;
const providerStatus = health[rule.action.provider]?.status;
const isHealthy = providerStatus === 'up' || providerStatus === 'ok';
if (!isHealthy) {
this.logger.debug(
`Rule "${rule.name}" matched but provider "${rule.action.provider}" is unhealthy (status: ${providerStatus ?? 'unknown'})`,
);
continue;
}
this.logger.debug(
`Rule matched: "${rule.name}" → ${rule.action.provider}/${rule.action.model}`,
);
return {
provider: rule.action.provider,
model: rule.action.model,
agentConfigId: rule.action.agentConfigId,
ruleName: rule.name,
reason: `Matched routing rule "${rule.name}"`,
};
}
// No rule matched (or all matched providers were unhealthy) — apply fallback chain
this.logger.debug('No rule matched; applying fallback chain');
return this.applyFallbackChain(health);
}
/**
* Check whether all conditions of a rule match the given task classification.
* An empty conditions array always matches (catch-all / fallback rule).
*/
matchConditions(
rule: Pick<RoutingRule, 'conditions'>,
classification: TaskClassification,
): boolean {
if (rule.conditions.length === 0) return true;
return rule.conditions.every((condition) => this.evaluateCondition(condition, classification));
}
// ─── Private helpers ───────────────────────────────────────────────────────
private evaluateCondition(
condition: RoutingCondition,
classification: TaskClassification,
): boolean {
// `costTier` is a valid condition field but is not part of TaskClassification
// (it is supplied via userOverrides / request context). Treat unknown fields as
// undefined so conditions referencing them simply do not match.
const fieldValue = (classification as unknown as Record<string, unknown>)[condition.field];
switch (condition.operator) {
case 'eq': {
// Scalar equality: field value must equal condition value (string)
if (typeof condition.value !== 'string') return false;
return fieldValue === condition.value;
}
case 'in': {
// Set membership: condition value (array) contains field value
if (!Array.isArray(condition.value)) return false;
return condition.value.includes(fieldValue as string);
}
case 'includes': {
// Array containment: field value (array) includes condition value (string)
if (!Array.isArray(fieldValue)) return false;
if (typeof condition.value !== 'string') return false;
return (fieldValue as string[]).includes(condition.value);
}
default:
return false;
}
}
/**
* Load routing rules from the database.
* System rules + user-scoped rules (when userId is provided) are returned,
* ordered by priority ascending.
*/
private async loadRules(userId?: string): Promise<RoutingRule[]> {
const whereClause = userId
? or(
eq(routingRules.scope, 'system'),
and(eq(routingRules.scope, 'user'), eq(routingRules.userId, userId)),
)
: eq(routingRules.scope, 'system');
const rows = await this.db
.select()
.from(routingRules)
.where(whereClause)
.orderBy(asc(routingRules.priority));
return rows.map((row) => ({
id: row.id,
name: row.name,
priority: row.priority,
scope: row.scope as 'system' | 'user',
userId: row.userId ?? undefined,
conditions: (row.conditions as unknown as RoutingCondition[]) ?? [],
action: row.action as unknown as {
provider: string;
model: string;
agentConfigId?: string;
systemPromptOverride?: string;
toolAllowlist?: string[];
},
enabled: row.enabled,
}));
}
/**
* Walk the fallback chain and return the first healthy provider/model pair.
* If none are healthy, return the first entry unconditionally (last resort).
*/
private applyFallbackChain(health: Record<string, { status: string }>): RoutingDecision {
for (const candidate of FALLBACK_CHAIN) {
const providerStatus = health[candidate.provider]?.status;
const isHealthy = providerStatus === 'up' || providerStatus === 'ok';
if (isHealthy) {
this.logger.debug(`Fallback resolved: ${candidate.provider}/${candidate.model}`);
return {
provider: candidate.provider,
model: candidate.model,
ruleName: 'fallback',
reason: `Fallback chain — no matching rule; selected ${candidate.provider}/${candidate.model}`,
};
}
}
// All providers in the fallback chain are unhealthy — use the first entry
const lastResort = FALLBACK_CHAIN[0]!;
this.logger.warn(
`All fallback providers unhealthy; using last resort: ${lastResort.provider}/${lastResort.model}`,
);
return {
provider: lastResort.provider,
model: lastResort.model,
ruleName: 'fallback',
reason: `Fallback chain exhausted (all providers unhealthy); using ${lastResort.provider}/${lastResort.model}`,
};
}
}

460
apps/gateway/src/agent/routing/routing-engine.test.ts
View File

@@ -1,460 +0,0 @@
import { describe, it, expect, vi, beforeEach } from 'vitest';
import { RoutingEngineService } from './routing-engine.service.js';
import type { RoutingRule, TaskClassification } from './routing.types.js';
// ─── Helpers ─────────────────────────────────────────────────────────────────
function makeRule(
overrides: Partial<RoutingRule> &
Pick<RoutingRule, 'name' | 'priority' | 'conditions' | 'action'>,
): RoutingRule {
return {
id: overrides.id ?? crypto.randomUUID(),
scope: 'system',
enabled: true,
...overrides,
};
}
function makeClassification(overrides: Partial<TaskClassification> = {}): TaskClassification {
return {
taskType: 'conversation',
complexity: 'simple',
domain: 'general',
requiredCapabilities: [],
...overrides,
};
}
/** Build a minimal RoutingEngineService with mocked DB and ProviderService. */
function makeService(
rules: RoutingRule[] = [],
healthMap: Record<string, { status: string }> = {},
): RoutingEngineService {
const mockDb = {
select: vi.fn().mockReturnValue({
from: vi.fn().mockReturnValue({
where: vi.fn().mockReturnValue({
orderBy: vi.fn().mockResolvedValue(
rules.map((r) => ({
id: r.id,
name: r.name,
priority: r.priority,
scope: r.scope,
userId: r.userId ?? null,
conditions: r.conditions,
action: r.action,
enabled: r.enabled,
createdAt: new Date(),
updatedAt: new Date(),
})),
),
}),
}),
}),
};
const mockProviderService = {
healthCheckAll: vi.fn().mockResolvedValue(healthMap),
};
// Inject mocked dependencies directly (bypass NestJS DI for unit tests)
const service = new (RoutingEngineService as unknown as new (
db: unknown,
ps: unknown,
) => RoutingEngineService)(mockDb, mockProviderService);
return service;
}
// ─── matchConditions ──────────────────────────────────────────────────────────
describe('RoutingEngineService.matchConditions', () => {
let service: RoutingEngineService;
beforeEach(() => {
service = makeService();
});
it('returns true for empty conditions array (catch-all rule)', () => {
const rule = makeRule({
name: 'fallback',
priority: 99,
conditions: [],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
});
expect(service.matchConditions(rule, makeClassification())).toBe(true);
});
it('matches eq operator on scalar field', () => {
const rule = makeRule({
name: 'coding',
priority: 1,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
});
expect(service.matchConditions(rule, makeClassification({ taskType: 'coding' }))).toBe(true);
expect(service.matchConditions(rule, makeClassification({ taskType: 'conversation' }))).toBe(
false,
);
});
it('matches in operator: field value is in the condition array', () => {
const rule = makeRule({
name: 'simple or moderate',
priority: 2,
conditions: [{ field: 'complexity', operator: 'in', value: ['simple', 'moderate'] }],
action: { provider: 'anthropic', model: 'claude-haiku-4-5' },
});
expect(service.matchConditions(rule, makeClassification({ complexity: 'simple' }))).toBe(true);
expect(service.matchConditions(rule, makeClassification({ complexity: 'moderate' }))).toBe(
true,
);
expect(service.matchConditions(rule, makeClassification({ complexity: 'complex' }))).toBe(
false,
);
});
it('matches includes operator: field array includes the condition value', () => {
const rule = makeRule({
name: 'reasoning required',
priority: 3,
conditions: [{ field: 'requiredCapabilities', operator: 'includes', value: 'reasoning' }],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
});
expect(
service.matchConditions(rule, makeClassification({ requiredCapabilities: ['reasoning'] })),
).toBe(true);
expect(
service.matchConditions(
rule,
makeClassification({ requiredCapabilities: ['tools', 'reasoning'] }),
),
).toBe(true);
expect(
service.matchConditions(rule, makeClassification({ requiredCapabilities: ['tools'] })),
).toBe(false);
expect(service.matchConditions(rule, makeClassification({ requiredCapabilities: [] }))).toBe(
false,
);
});
it('requires ALL conditions to match (AND logic)', () => {
const rule = makeRule({
name: 'complex coding',
priority: 1,
conditions: [
{ field: 'taskType', operator: 'eq', value: 'coding' },
{ field: 'complexity', operator: 'eq', value: 'complex' },
],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
});
// Both match
expect(
service.matchConditions(
rule,
makeClassification({ taskType: 'coding', complexity: 'complex' }),
),
).toBe(true);
// Only one matches
expect(
service.matchConditions(
rule,
makeClassification({ taskType: 'coding', complexity: 'simple' }),
),
).toBe(false);
// Neither matches
expect(
service.matchConditions(
rule,
makeClassification({ taskType: 'conversation', complexity: 'simple' }),
),
).toBe(false);
});
it('returns false for eq when condition value is an array (type mismatch)', () => {
const rule = makeRule({
name: 'bad eq',
priority: 1,
conditions: [{ field: 'taskType', operator: 'eq', value: ['coding', 'research'] }],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
});
expect(service.matchConditions(rule, makeClassification({ taskType: 'coding' }))).toBe(false);
});
it('returns false for includes when field is not an array', () => {
const rule = makeRule({
name: 'bad includes',
priority: 1,
conditions: [{ field: 'taskType', operator: 'includes', value: 'coding' }],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
});
// taskType is a string, not an array — should be false
expect(service.matchConditions(rule, makeClassification({ taskType: 'coding' }))).toBe(false);
});
});
// ─── resolve — priority ordering ─────────────────────────────────────────────
describe('RoutingEngineService.resolve — priority ordering', () => {
it('selects the highest-priority matching rule', async () => {
// Rules are supplied in priority-ascending order, as the DB would return them.
const rules = [
makeRule({
name: 'high priority',
priority: 1,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
}),
makeRule({
name: 'low priority',
priority: 10,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'openai', model: 'gpt-4o' },
}),
];
const service = makeService(rules, { anthropic: { status: 'up' }, openai: { status: 'up' } });
const decision = await service.resolve('implement a function');
expect(decision.ruleName).toBe('high priority');
expect(decision.provider).toBe('anthropic');
expect(decision.model).toBe('claude-opus-4-6');
});
it('skips non-matching rules and picks first match', async () => {
const rules = [
makeRule({
name: 'research rule',
priority: 1,
conditions: [{ field: 'taskType', operator: 'eq', value: 'research' }],
action: { provider: 'openai', model: 'gpt-4o' },
}),
makeRule({
name: 'coding rule',
priority: 2,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
}),
];
const service = makeService(rules, { anthropic: { status: 'up' }, openai: { status: 'up' } });
const decision = await service.resolve('implement a function');
expect(decision.ruleName).toBe('coding rule');
expect(decision.provider).toBe('anthropic');
});
});
// ─── resolve — unhealthy provider fallback ────────────────────────────────────
describe('RoutingEngineService.resolve — unhealthy provider handling', () => {
it('skips matched rule when provider is unhealthy, tries next rule', async () => {
const rules = [
makeRule({
name: 'primary rule',
priority: 1,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
}),
makeRule({
name: 'secondary rule',
priority: 2,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'openai', model: 'gpt-4o' },
}),
];
const service = makeService(rules, {
anthropic: { status: 'down' }, // primary is unhealthy
openai: { status: 'up' },
});
const decision = await service.resolve('implement a function');
expect(decision.ruleName).toBe('secondary rule');
expect(decision.provider).toBe('openai');
});
it('falls back to Sonnet when all rules have unhealthy providers', async () => {
// Override the rule's provider to something unhealthy but keep anthropic up for fallback
const unhealthyRules = [
makeRule({
name: 'only rule',
priority: 1,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'openai', model: 'gpt-4o' }, // openai is unhealthy
}),
];
const service2 = makeService(unhealthyRules, {
anthropic: { status: 'up' },
openai: { status: 'down' },
});
const decision = await service2.resolve('implement a function');
// Should fall through to Sonnet fallback on anthropic
expect(decision.provider).toBe('anthropic');
expect(decision.model).toBe('claude-sonnet-4-6');
expect(decision.ruleName).toBe('fallback');
});
it('falls back to Haiku when Sonnet provider is also down', async () => {
const rules: RoutingRule[] = []; // no rules
const service = makeService(rules, {
anthropic: { status: 'down' }, // Sonnet is on anthropic — down
ollama: { status: 'up' }, // Haiku is also on anthropic — use Ollama as next
});
const decision = await service.resolve('hello there');
// Sonnet (anthropic) is down, Haiku (anthropic) is down, Ollama is up
expect(decision.provider).toBe('ollama');
expect(decision.model).toBe('llama3.2');
expect(decision.ruleName).toBe('fallback');
});
it('uses last resort (Sonnet) when all fallback providers are unhealthy', async () => {
const rules: RoutingRule[] = [];
const service = makeService(rules, {
anthropic: { status: 'down' },
ollama: { status: 'down' },
});
const decision = await service.resolve('hello');
// All unhealthy — still returns first fallback entry as last resort
expect(decision.provider).toBe('anthropic');
expect(decision.model).toBe('claude-sonnet-4-6');
expect(decision.ruleName).toBe('fallback');
});
});
// ─── resolve — empty conditions (catch-all rule) ──────────────────────────────
describe('RoutingEngineService.resolve — empty conditions (fallback rule)', () => {
it('matches catch-all rule for any message', async () => {
const rules = [
makeRule({
name: 'catch-all',
priority: 99,
conditions: [],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
}),
];
const service = makeService(rules, { anthropic: { status: 'up' } });
const decision = await service.resolve('completely unrelated message xyz');
expect(decision.ruleName).toBe('catch-all');
expect(decision.provider).toBe('anthropic');
expect(decision.model).toBe('claude-sonnet-4-6');
});
it('catch-all is overridden by a higher-priority specific rule', async () => {
const rules = [
makeRule({
name: 'specific coding rule',
priority: 1,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
}),
makeRule({
name: 'catch-all',
priority: 99,
conditions: [],
action: { provider: 'anthropic', model: 'claude-haiku-4-5' },
}),
];
const service = makeService(rules, { anthropic: { status: 'up' } });
const codingDecision = await service.resolve('implement a function');
expect(codingDecision.ruleName).toBe('specific coding rule');
expect(codingDecision.model).toBe('claude-opus-4-6');
const conversationDecision = await service.resolve('hello how are you');
expect(conversationDecision.ruleName).toBe('catch-all');
expect(conversationDecision.model).toBe('claude-haiku-4-5');
});
});
// ─── resolve — disabled rules ─────────────────────────────────────────────────
describe('RoutingEngineService.resolve — disabled rules', () => {
it('skips disabled rules', async () => {
const rules = [
makeRule({
name: 'disabled rule',
priority: 1,
enabled: false,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
}),
makeRule({
name: 'enabled fallback',
priority: 99,
conditions: [],
action: { provider: 'anthropic', model: 'claude-sonnet-4-6' },
}),
];
const service = makeService(rules, { anthropic: { status: 'up' } });
const decision = await service.resolve('implement a function');
expect(decision.ruleName).toBe('enabled fallback');
expect(decision.model).toBe('claude-sonnet-4-6');
});
});
// ─── resolve — pre-fetched health map ────────────────────────────────────────
describe('RoutingEngineService.resolve — availableProviders override', () => {
it('uses the provided health map instead of calling healthCheckAll', async () => {
const rules = [
makeRule({
name: 'coding rule',
priority: 1,
conditions: [{ field: 'taskType', operator: 'eq', value: 'coding' }],
action: { provider: 'anthropic', model: 'claude-opus-4-6' },
}),
];
const mockHealthCheckAll = vi.fn().mockResolvedValue({});
const mockDb = {
select: vi.fn().mockReturnValue({
from: vi.fn().mockReturnValue({
where: vi.fn().mockReturnValue({
orderBy: vi.fn().mockResolvedValue(
rules.map((r) => ({
id: r.id,
name: r.name,
priority: r.priority,
scope: r.scope,
userId: r.userId ?? null,
conditions: r.conditions,
action: r.action,
enabled: r.enabled,
createdAt: new Date(),
updatedAt: new Date(),
})),
),
}),
}),
}),
};
const mockProviderService = { healthCheckAll: mockHealthCheckAll };
const service = new (RoutingEngineService as unknown as new (
db: unknown,
ps: unknown,
) => RoutingEngineService)(mockDb, mockProviderService);
const preSupplied = { anthropic: { status: 'up' } };
await service.resolve('implement a function', undefined, preSupplied);
expect(mockHealthCheckAll).not.toHaveBeenCalled();
});
});

234
apps/gateway/src/agent/routing/routing.controller.ts
View File

@@ -1,234 +0,0 @@
import {
Body,
Controller,
Delete,
ForbiddenException,
Get,
HttpCode,
HttpStatus,
Inject,
NotFoundException,
Param,
Patch,
Post,
UseGuards,
} from '@nestjs/common';
import { routingRules, type Db, and, asc, eq, or, inArray } from '@mosaicstack/db';
import { DB } from '../../database/database.module.js';
import { AuthGuard } from '../../auth/auth.guard.js';
import { CurrentUser } from '../../auth/current-user.decorator.js';
import {
CreateRoutingRuleDto,
UpdateRoutingRuleDto,
ReorderRoutingRulesDto,
} from './routing.dto.js';
@Controller('api/routing/rules')
@UseGuards(AuthGuard)
export class RoutingController {
constructor(@Inject(DB) private readonly db: Db) {}
/**
* GET /api/routing/rules
* List all rules visible to the authenticated user:
* - All system rules
* - User's own rules
* Ordered by priority ascending (lower number = higher priority).
*/
@Get()
async list(@CurrentUser() user: { id: string }) {
const rows = await this.db
.select()
.from(routingRules)
.where(
or(
eq(routingRules.scope, 'system'),
and(eq(routingRules.scope, 'user'), eq(routingRules.userId, user.id)),
),
)
.orderBy(asc(routingRules.priority));
return rows;
}
/**
* GET /api/routing/rules/effective
* Return the merged rule set in priority order.
* User-scoped rules are checked before system rules at the same priority
* (achieved by ordering: priority ASC, then scope='user' first).
*/
@Get('effective')
async effective(@CurrentUser() user: { id: string }) {
const rows = await this.db
.select()
.from(routingRules)
.where(
and(
eq(routingRules.enabled, true),
or(
eq(routingRules.scope, 'system'),
and(eq(routingRules.scope, 'user'), eq(routingRules.userId, user.id)),
),
),
)
.orderBy(asc(routingRules.priority));
// For rules with the same priority: user rules beat system rules.
// Group by priority then stable-sort each group: user before system.
const grouped = new Map<number, typeof rows>();
for (const row of rows) {
const bucket = grouped.get(row.priority) ?? [];
bucket.push(row);
grouped.set(row.priority, bucket);
}
const effective: typeof rows = [];
for (const [, bucket] of [...grouped.entries()].sort(([a], [b]) => a - b)) {
// user-scoped rules first within the same priority bucket
const userRules = bucket.filter((r) => r.scope === 'user');
const systemRules = bucket.filter((r) => r.scope === 'system');
effective.push(...userRules, ...systemRules);
}
return effective;
}
/**
* POST /api/routing/rules
* Create a new routing rule. Scope is forced to 'user' (users cannot create
* system rules). The authenticated user's ID is attached automatically.
*/
@Post()
async create(@Body() dto: CreateRoutingRuleDto, @CurrentUser() user: { id: string }) {
const [created] = await this.db
.insert(routingRules)
.values({
name: dto.name,
priority: dto.priority,
scope: 'user',
userId: user.id,
conditions: dto.conditions as unknown as Record<string, unknown>[],
action: dto.action as unknown as Record<string, unknown>,
enabled: dto.enabled ?? true,
})
.returning();
return created;
}
/**
* PATCH /api/routing/rules/reorder
* Reassign priorities so that the order of `ruleIds` reflects ascending
* priority (index 0 = priority 0, index 1 = priority 1, …).
* Only the authenticated user's own rules can be reordered.
*/
@Patch('reorder')
async reorder(@Body() dto: ReorderRoutingRulesDto, @CurrentUser() user: { id: string }) {
// Verify all supplied IDs belong to this user
const owned = await this.db
.select({ id: routingRules.id })
.from(routingRules)
.where(
and(
inArray(routingRules.id, dto.ruleIds),
eq(routingRules.scope, 'user'),
eq(routingRules.userId, user.id),
),
);
const ownedIds = new Set(owned.map((r) => r.id));
const unowned = dto.ruleIds.filter((id) => !ownedIds.has(id));
if (unowned.length > 0) {
throw new ForbiddenException(
`Cannot reorder rules that do not belong to you: ${unowned.join(', ')}`,
);
}
// Apply new priorities in transaction
const updates = await this.db.transaction(async (tx) => {
const results = [];
for (let i = 0; i < dto.ruleIds.length; i++) {
const [updated] = await tx
.update(routingRules)
.set({ priority: i, updatedAt: new Date() })
.where(and(eq(routingRules.id, dto.ruleIds[i]!), eq(routingRules.userId, user.id)))
.returning();
if (updated) results.push(updated);
}
return results;
});
return updates;
}
/**
* PATCH /api/routing/rules/:id
* Update a user-owned rule. System rules cannot be modified by regular users.
*/
@Patch(':id')
async update(
@Param('id') id: string,
@Body() dto: UpdateRoutingRuleDto,
@CurrentUser() user: { id: string },
) {
const [existing] = await this.db.select().from(routingRules).where(eq(routingRules.id, id));
if (!existing) throw new NotFoundException('Routing rule not found');
if (existing.scope === 'system') {
throw new ForbiddenException('System routing rules cannot be modified');
}
if (existing.userId !== user.id) {
throw new ForbiddenException('Routing rule does not belong to the current user');
}
const updatePayload: Partial<typeof routingRules.$inferInsert> = {
updatedAt: new Date(),
};
if (dto.name !== undefined) updatePayload.name = dto.name;
if (dto.priority !== undefined) updatePayload.priority = dto.priority;
if (dto.conditions !== undefined)
updatePayload.conditions = dto.conditions as unknown as Record<string, unknown>[];
if (dto.action !== undefined)
updatePayload.action = dto.action as unknown as Record<string, unknown>;
if (dto.enabled !== undefined) updatePayload.enabled = dto.enabled;
const [updated] = await this.db
.update(routingRules)
.set(updatePayload)
.where(and(eq(routingRules.id, id), eq(routingRules.userId, user.id)))
.returning();
if (!updated) throw new NotFoundException('Routing rule not found');
return updated;
}
/**
* DELETE /api/routing/rules/:id
* Delete a user-owned routing rule. System rules cannot be deleted.
*/
@Delete(':id')
@HttpCode(HttpStatus.NO_CONTENT)
async remove(@Param('id') id: string, @CurrentUser() user: { id: string }) {
const [existing] = await this.db.select().from(routingRules).where(eq(routingRules.id, id));
if (!existing) throw new NotFoundException('Routing rule not found');
if (existing.scope === 'system') {
throw new ForbiddenException('System routing rules cannot be deleted');
}
if (existing.userId !== user.id) {
throw new ForbiddenException('Routing rule does not belong to the current user');
}
const [deleted] = await this.db
.delete(routingRules)
.where(and(eq(routingRules.id, id), eq(routingRules.userId, user.id)))
.returning();
if (!deleted) throw new NotFoundException('Routing rule not found');
}
}

135
apps/gateway/src/agent/routing/routing.dto.ts
View File

@@ -1,135 +0,0 @@
import {
IsArray,
IsBoolean,
IsInt,
IsIn,
IsObject,
IsOptional,
IsString,
IsUUID,
MaxLength,
Min,
ValidateNested,
ArrayNotEmpty,
} from 'class-validator';
import { Type } from 'class-transformer';
// ─── Condition DTO ────────────────────────────────────────────────────────────
const conditionFields = [
'taskType',
'complexity',
'domain',
'costTier',
'requiredCapabilities',
] as const;
const conditionOperators = ['eq', 'in', 'includes'] as const;
export class RoutingConditionDto {
@IsString()
@IsIn(conditionFields)
field!: (typeof conditionFields)[number];
@IsString()
@IsIn(conditionOperators)
operator!: (typeof conditionOperators)[number];
// value can be string or string[] — keep as unknown and validate at runtime
value!: string | string[];
}
// ─── Action DTO ───────────────────────────────────────────────────────────────
export class RoutingActionDto {
@IsString()
@MaxLength(255)
provider!: string;
@IsString()
@MaxLength(255)
model!: string;
@IsOptional()
@IsUUID()
agentConfigId?: string;
@IsOptional()
@IsString()
@MaxLength(50_000)
systemPromptOverride?: string;
@IsOptional()
@IsArray()
toolAllowlist?: string[];
}
// ─── Create DTO ───────────────────────────────────────────────────────────────
const scopeValues = ['system', 'user'] as const;
export class CreateRoutingRuleDto {
@IsString()
@MaxLength(255)
name!: string;
@IsInt()
@Min(0)
priority!: number;
@IsOptional()
@IsIn(scopeValues)
scope?: 'system' | 'user';
@IsArray()
@ValidateNested({ each: true })
@Type(() => RoutingConditionDto)
conditions!: RoutingConditionDto[];
@IsObject()
@ValidateNested()
@Type(() => RoutingActionDto)
action!: RoutingActionDto;
@IsOptional()
@IsBoolean()
enabled?: boolean;
}
// ─── Update DTO ───────────────────────────────────────────────────────────────
export class UpdateRoutingRuleDto {
@IsOptional()
@IsString()
@MaxLength(255)
name?: string;
@IsOptional()
@IsInt()
@Min(0)
priority?: number;
@IsOptional()
@IsArray()
@ValidateNested({ each: true })
@Type(() => RoutingConditionDto)
conditions?: RoutingConditionDto[];
@IsOptional()
@IsObject()
@ValidateNested()
@Type(() => RoutingActionDto)
action?: RoutingActionDto;
@IsOptional()
@IsBoolean()
enabled?: boolean;
}
// ─── Reorder DTO ──────────────────────────────────────────────────────────────
export class ReorderRoutingRulesDto {
@IsArray()
@ArrayNotEmpty()
@IsUUID(undefined, { each: true })
ruleIds!: string[];
}

118
apps/gateway/src/agent/routing/routing.types.ts
View File

@@ -1,118 +0,0 @@
/**
* Routing engine types — M4-002 (condition types) and M4-003 (action types).
*
* These types are re-exported from `@mosaicstack/types` for shared use across packages.
*/
// ─── Classification primitives ───────────────────────────────────────────────
/** Category of work the agent is being asked to perform */
export type TaskType =
| 'coding'
| 'research'
| 'summarization'
| 'conversation'
| 'analysis'
| 'creative';
/** Estimated complexity of the task, used to bias toward cheaper or more capable models */
export type Complexity = 'simple' | 'moderate' | 'complex';
/** Primary knowledge domain of the task */
export type Domain = 'frontend' | 'backend' | 'devops' | 'docs' | 'general';
/**
* Cost tier for model selection.
* Extends the existing `CostTier` in `@mosaicstack/types` with `local` for self-hosted models.
*/
export type CostTier = 'cheap' | 'standard' | 'premium' | 'local';
/** Special model capability required by the task */
export type Capability = 'tools' | 'vision' | 'long-context' | 'reasoning' | 'embedding';
// ─── Condition types ─────────────────────────────────────────────────────────
/**
* A single predicate that must be satisfied for a routing rule to match.
*
* - `eq` — scalar equality: `field === value`
* - `in` — set membership: `value` contains `field`
* - `includes` — array containment: `field` (array) includes `value`
*/
export interface RoutingCondition {
/** The task-classification field to test */
field: 'taskType' | 'complexity' | 'domain' | 'costTier' | 'requiredCapabilities';
/** Comparison operator */
operator: 'eq' | 'in' | 'includes';
/** Expected value or set of values */
value: string | string[];
}
// ─── Action types ────────────────────────────────────────────────────────────
/**
* The routing action to execute when all conditions in a rule are satisfied.
*/
export interface RoutingAction {
/** LLM provider identifier, e.g. `'anthropic'`, `'openai'`, `'ollama'` */
provider: string;
/** Model identifier, e.g. `'claude-opus-4-6'`, `'gpt-4o'` */
model: string;
/** Optional: use a specific pre-configured agent config from the agent registry */
agentConfigId?: string;
/** Optional: override the agent's default system prompt for this route */
systemPromptOverride?: string;
/** Optional: restrict the tool set available to the agent for this route */
toolAllowlist?: string[];
}
// ─── Rule and decision types ─────────────────────────────────────────────────
/**
* Full routing rule as stored in the database and used at runtime.
*/
export interface RoutingRule {
/** UUID primary key */
id: string;
/** Human-readable rule name */
name: string;
/** Lower number = evaluated first; unique per scope */
priority: number;
/** `'system'` rules apply globally; `'user'` rules override for a specific user */
scope: 'system' | 'user';
/** Present only for `'user'`-scoped rules */
userId?: string;
/** All conditions must match for the rule to fire */
conditions: RoutingCondition[];
/** Action to take when all conditions are met */
action: RoutingAction;
/** Whether this rule is active */
enabled: boolean;
}
/**
* Structured representation of what an agent has been asked to do,
* produced by the task classifier and consumed by the routing engine.
*/
export interface TaskClassification {
taskType: TaskType;
complexity: Complexity;
domain: Domain;
requiredCapabilities: Capability[];
}
/**
* Output of the routing engine — which model to use and why.
*/
export interface RoutingDecision {
/** LLM provider identifier */
provider: string;
/** Model identifier */
model: string;
/** Optional agent config to apply */
agentConfigId?: string;
/** Name of the rule that matched, for observability */
ruleName: string;
/** Human-readable explanation of why this rule was selected */
reason: string;
}

366
apps/gateway/src/agent/routing/task-classifier.test.ts
View File

@@ -1,366 +0,0 @@
import { describe, it, expect } from 'vitest';
import { classifyTask } from './task-classifier.js';
// ─── Task Type Detection ──────────────────────────────────────────────────────
describe('classifyTask — taskType', () => {
it('detects coding from "code" keyword', () => {
expect(classifyTask('Can you write some code for me?').taskType).toBe('coding');
});
it('detects coding from "implement" keyword', () => {
expect(classifyTask('Implement a binary search algorithm').taskType).toBe('coding');
});
it('detects coding from "function" keyword', () => {
expect(classifyTask('Write a function that reverses a string').taskType).toBe('coding');
});
it('detects coding from "debug" keyword', () => {
expect(classifyTask('Help me debug this error').taskType).toBe('coding');
});
it('detects coding from "fix" keyword', () => {
expect(classifyTask('fix the broken test').taskType).toBe('coding');
});
it('detects coding from "refactor" keyword', () => {
expect(classifyTask('Please refactor this module').taskType).toBe('coding');
});
it('detects coding from "typescript" keyword', () => {
expect(classifyTask('How do I use generics in TypeScript?').taskType).toBe('coding');
});
it('detects coding from "javascript" keyword', () => {
expect(classifyTask('JavaScript promises explained').taskType).toBe('coding');
});
it('detects coding from "python" keyword', () => {
expect(classifyTask('Write a Python script to parse CSV').taskType).toBe('coding');
});
it('detects coding from "SQL" keyword', () => {
expect(classifyTask('Write a SQL query to join these tables').taskType).toBe('coding');
});
it('detects coding from "API" keyword', () => {
expect(classifyTask('Design an API for user management').taskType).toBe('coding');
});
it('detects coding from "endpoint" keyword', () => {
expect(classifyTask('Add a new endpoint for user profiles').taskType).toBe('coding');
});
it('detects coding from "class" keyword', () => {
expect(classifyTask('Create a class for handling payments').taskType).toBe('coding');
});
it('detects coding from "method" keyword', () => {
expect(classifyTask('Add a method to validate emails').taskType).toBe('coding');
});
it('detects coding from inline backtick code', () => {
expect(classifyTask('What does `Array.prototype.reduce` do?').taskType).toBe('coding');
});
it('detects summarization from "summarize"', () => {
expect(classifyTask('Please summarize this document').taskType).toBe('summarization');
});
it('detects summarization from "summary"', () => {
expect(classifyTask('Give me a summary of the meeting').taskType).toBe('summarization');
});
it('detects summarization from "tldr"', () => {
expect(classifyTask('TLDR this article for me').taskType).toBe('summarization');
});
it('detects summarization from "condense"', () => {
expect(classifyTask('Condense this into 3 bullet points').taskType).toBe('summarization');
});
it('detects summarization from "brief"', () => {
expect(classifyTask('Give me a brief overview of this topic').taskType).toBe('summarization');
});
it('detects creative from "write"', () => {
expect(classifyTask('Write a short story about a dragon').taskType).toBe('creative');
});
it('detects creative from "story"', () => {
expect(classifyTask('Tell me a story about space exploration').taskType).toBe('creative');
});
it('detects creative from "poem"', () => {
expect(classifyTask('Write a poem about autumn').taskType).toBe('creative');
});
it('detects creative from "generate"', () => {
expect(classifyTask('Generate some creative marketing copy').taskType).toBe('creative');
});
it('detects creative from "create content"', () => {
expect(classifyTask('Help me create content for my website').taskType).toBe('creative');
});
it('detects creative from "blog post"', () => {
expect(classifyTask('Write a blog post about productivity habits').taskType).toBe('creative');
});
it('detects analysis from "analyze"', () => {
expect(classifyTask('Analyze the performance of this system').taskType).toBe('analysis');
});
it('detects analysis from "review"', () => {
expect(classifyTask('Please review my pull request changes').taskType).toBe('analysis');
});
it('detects analysis from "evaluate"', () => {
expect(classifyTask('Evaluate the pros and cons of this approach').taskType).toBe('analysis');
});
it('detects analysis from "assess"', () => {
expect(classifyTask('Assess the security risks here').taskType).toBe('analysis');
});
it('detects analysis from "audit"', () => {
expect(classifyTask('Audit this codebase for vulnerabilities').taskType).toBe('analysis');
});
it('detects research from "research"', () => {
expect(classifyTask('Research the best state management libraries').taskType).toBe('research');
});
it('detects research from "find"', () => {
expect(classifyTask('Find all open issues in our backlog').taskType).toBe('research');
});
it('detects research from "search"', () => {
expect(classifyTask('Search for papers on transformer architectures').taskType).toBe(
'research',
);
});
it('detects research from "what is"', () => {
expect(classifyTask('What is the difference between REST and GraphQL?').taskType).toBe(
'research',
);
});
it('detects research from "explain"', () => {
expect(classifyTask('Explain how OAuth2 works').taskType).toBe('research');
});
it('detects research from "how does"', () => {
expect(classifyTask('How does garbage collection work in V8?').taskType).toBe('research');
});
it('detects research from "compare"', () => {
expect(classifyTask('Compare Postgres and MySQL for this use case').taskType).toBe('research');
});
it('falls back to conversation with no strong signal', () => {
expect(classifyTask('Hello, how are you?').taskType).toBe('conversation');
});
it('falls back to conversation for generic greetings', () => {
expect(classifyTask('Good morning!').taskType).toBe('conversation');
});
// Priority: coding wins over research when both keywords present
it('coding takes priority over research', () => {
expect(classifyTask('find a code example for sorting').taskType).toBe('coding');
});
// Priority: summarization wins over creative
it('summarization takes priority over creative', () => {
expect(classifyTask('write a summary of this article').taskType).toBe('summarization');
});
});
// ─── Complexity Estimation ────────────────────────────────────────────────────
describe('classifyTask — complexity', () => {
it('classifies short message as simple', () => {
expect(classifyTask('Fix typo').complexity).toBe('simple');
});
it('classifies single question as simple', () => {
expect(classifyTask('What is a closure?').complexity).toBe('simple');
});
it('classifies message > 500 chars as complex', () => {
const long = 'a'.repeat(501);
expect(classifyTask(long).complexity).toBe('complex');
});
it('classifies message with "architecture" keyword as complex', () => {
expect(
classifyTask('Can you help me think through the architecture of this system?').complexity,
).toBe('complex');
});
it('classifies message with "design" keyword as complex', () => {
expect(classifyTask('Design a data model for this feature').complexity).toBe('complex');
});
it('classifies message with "complex" keyword as complex', () => {
expect(classifyTask('This is a complex problem involving multiple services').complexity).toBe(
'complex',
);
});
it('classifies message with "system" keyword as complex', () => {
expect(classifyTask('Explain the whole system behavior').complexity).toBe('complex');
});
it('classifies message with multiple code blocks as complex', () => {
const msg = '```\nconst a = 1;\n```\n\nAlso look at\n\n```\nconst b = 2;\n```';
expect(classifyTask(msg).complexity).toBe('complex');
});
it('classifies moderate-length message as moderate', () => {
const msg =
'Please help me implement a small utility function that parses query strings. It should handle arrays and nested objects properly.';
expect(classifyTask(msg).complexity).toBe('moderate');
});
});
// ─── Domain Detection ─────────────────────────────────────────────────────────
describe('classifyTask — domain', () => {
it('detects frontend from "react"', () => {
expect(classifyTask('How do I use React hooks?').domain).toBe('frontend');
});
it('detects frontend from "css"', () => {
expect(classifyTask('Fix the CSS layout issue').domain).toBe('frontend');
});
it('detects frontend from "html"', () => {
expect(classifyTask('Add an HTML form element').domain).toBe('frontend');
});
it('detects frontend from "component"', () => {
expect(classifyTask('Create a reusable component').domain).toBe('frontend');
});
it('detects frontend from "UI"', () => {
expect(classifyTask('Update the UI spacing').domain).toBe('frontend');
});
it('detects frontend from "tailwind"', () => {
expect(classifyTask('Style this button with Tailwind').domain).toBe('frontend');
});
it('detects frontend from "next.js"', () => {
expect(classifyTask('Configure Next.js routing').domain).toBe('frontend');
});
it('detects backend from "server"', () => {
expect(classifyTask('Set up the server to handle requests').domain).toBe('backend');
});
it('detects backend from "database"', () => {
expect(classifyTask('Optimize this database query').domain).toBe('backend');
});
it('detects backend from "endpoint"', () => {
expect(classifyTask('Add an endpoint for authentication').domain).toBe('backend');
});
it('detects backend from "nest"', () => {
expect(classifyTask('Add a NestJS guard for this route').domain).toBe('backend');
});
it('detects backend from "express"', () => {
expect(classifyTask('Middleware in Express explained').domain).toBe('backend');
});
it('detects devops from "docker"', () => {
expect(classifyTask('Write a Dockerfile for this app').domain).toBe('devops');
});
it('detects devops from "deploy"', () => {
expect(classifyTask('Deploy this service to production').domain).toBe('devops');
});
it('detects devops from "pipeline"', () => {
expect(classifyTask('Set up a CI pipeline').domain).toBe('devops');
});
it('detects devops from "kubernetes"', () => {
expect(classifyTask('Configure a Kubernetes deployment').domain).toBe('devops');
});
it('detects docs from "documentation"', () => {
expect(classifyTask('Write documentation for this module').domain).toBe('docs');
});
it('detects docs from "readme"', () => {
expect(classifyTask('Update the README').domain).toBe('docs');
});
it('detects docs from "guide"', () => {
expect(classifyTask('Create a user guide for this feature').domain).toBe('docs');
});
it('falls back to general domain', () => {
expect(classifyTask('What time is it?').domain).toBe('general');
});
// devops takes priority over backend when both match
it('devops takes priority over backend (both keywords)', () => {
expect(classifyTask('Deploy the API server using Docker').domain).toBe('devops');
});
// docs takes priority over frontend when both match
it('docs takes priority over frontend (both keywords)', () => {
expect(classifyTask('Write documentation for React components').domain).toBe('docs');
});
});
// ─── Combined Classification ──────────────────────────────────────────────────
describe('classifyTask — combined', () => {
it('returns full classification object', () => {
const result = classifyTask('Fix the bug?');
expect(result).toHaveProperty('taskType');
expect(result).toHaveProperty('complexity');
expect(result).toHaveProperty('domain');
});
it('classifies complex TypeScript architecture request', () => {
const msg =
'Design the architecture for a multi-tenant TypeScript system using NestJS with proper database isolation and role-based access control. The system needs to support multiple organizations each with their own data namespace.';
const result = classifyTask(msg);
expect(result.taskType).toBe('coding');
expect(result.complexity).toBe('complex');
expect(result.domain).toBe('backend');
});
it('classifies simple frontend question', () => {
const result = classifyTask('How do I center a div in CSS?');
expect(result.taskType).toBe('research');
expect(result.domain).toBe('frontend');
});
it('classifies a DevOps pipeline task as complex', () => {
const msg =
'Design a complete CI/CD pipeline architecture using Docker and Kubernetes with blue-green deployments and automatic rollback capabilities for a complex microservices system.';
const result = classifyTask(msg);
expect(result.domain).toBe('devops');
expect(result.complexity).toBe('complex');
});
it('classifies summarization task correctly', () => {
const result = classifyTask('Summarize the key points from this document');
expect(result.taskType).toBe('summarization');
});
it('classifies creative writing task correctly', () => {
const result = classifyTask('Write a poem about the ocean');
expect(result.taskType).toBe('creative');
});
});

159
apps/gateway/src/agent/routing/task-classifier.ts
View File

@@ -1,159 +0,0 @@
import type { TaskType, Complexity, Domain, TaskClassification } from './routing.types.js';
// ─── Pattern Banks ──────────────────────────────────────────────────────────
const CODING_PATTERNS: RegExp[] = [
/\bcode\b/i,
/\bfunction\b/i,
/\bimplement\b/i,
/\bdebug\b/i,
/\bfix\b/i,
/\brefactor\b/i,
/\btypescript\b/i,
/\bjavascript\b/i,
/\bpython\b/i,
/\bSQL\b/i,
/\bAPI\b/i,
/\bendpoint\b/i,
/\bclass\b/i,
/\bmethod\b/i,
/`[^`]*`/,
];
const RESEARCH_PATTERNS: RegExp[] = [
/\bresearch\b/i,
/\bfind\b/i,
/\bsearch\b/i,
/\bwhat is\b/i,
/\bexplain\b/i,
/\bhow do(es)?\b/i,
/\bcompare\b/i,
/\banalyze\b/i,
];
const SUMMARIZATION_PATTERNS: RegExp[] = [
/\bsummariz(e|ation)\b/i,
/\bsummary\b/i,
/\btldr\b/i,
/\bcondense\b/i,
/\bbrief\b/i,
];
const CREATIVE_PATTERNS: RegExp[] = [
/\bwrite\b/i,
/\bstory\b/i,
/\bpoem\b/i,
/\bgenerate\b/i,
/\bcreate content\b/i,
/\bblog post\b/i,
];
const ANALYSIS_PATTERNS: RegExp[] = [
/\banalyze\b/i,
/\breview\b/i,
/\bevaluate\b/i,
/\bassess\b/i,
/\baudit\b/i,
];
// ─── Complexity Indicators ───────────────────────────────────────────────────
const COMPLEX_KEYWORDS: RegExp[] = [
/\barchitecture\b/i,
/\bdesign\b/i,
/\bcomplex\b/i,
/\bsystem\b/i,
];
const SIMPLE_QUESTION_PATTERN = /^[^.!?]+[?]$/;
/** Counts occurrences of triple-backtick code fences in the message */
function countCodeBlocks(message: string): number {
return (message.match(/```/g) ?? []).length / 2;
}
// ─── Domain Indicators ───────────────────────────────────────────────────────
const FRONTEND_PATTERNS: RegExp[] = [
/\breact\b/i,
/\bcss\b/i,
/\bhtml\b/i,
/\bcomponent\b/i,
/\bUI\b/,
/\btailwind\b/i,
/\bnext\.js\b/i,
];
const BACKEND_PATTERNS: RegExp[] = [
/\bAPI\b/i,
/\bserver\b/i,
/\bdatabase\b/i,
/\bendpoint\b/i,
/\bnest(js)?\b/i,
/\bexpress\b/i,
];
const DEVOPS_PATTERNS: RegExp[] = [
/\bdocker(file|compose|hub)?\b/i,
/\bCI\b/,
/\bdeploy\b/i,
/\bpipeline\b/i,
/\bkubernetes\b/i,
];
const DOCS_PATTERNS: RegExp[] = [/\bdocumentation\b/i, /\breadme\b/i, /\bguide\b/i];
// ─── Helpers ─────────────────────────────────────────────────────────────────
function matchesAny(message: string, patterns: RegExp[]): boolean {
return patterns.some((p) => p.test(message));
}
// ─── Classifier ──────────────────────────────────────────────────────────────
/**
* Classify a task based on the user's message using deterministic regex/keyword matching.
* No LLM calls are made — this is a pure, fast, synchronous classification.
*/
export function classifyTask(message: string): TaskClassification {
return {
taskType: detectTaskType(message),
complexity: estimateComplexity(message),
domain: detectDomain(message),
requiredCapabilities: [],
};
}
function detectTaskType(message: string): TaskType {
if (matchesAny(message, CODING_PATTERNS)) return 'coding';
if (matchesAny(message, SUMMARIZATION_PATTERNS)) return 'summarization';
if (matchesAny(message, CREATIVE_PATTERNS)) return 'creative';
if (matchesAny(message, ANALYSIS_PATTERNS)) return 'analysis';
if (matchesAny(message, RESEARCH_PATTERNS)) return 'research';
return 'conversation';
}
function estimateComplexity(message: string): Complexity {
const trimmed = message.trim();
const codeBlocks = countCodeBlocks(trimmed);
// Complex: long messages, multiple code blocks, or complexity keywords
if (trimmed.length > 500 || codeBlocks > 1 || matchesAny(trimmed, COMPLEX_KEYWORDS)) {
return 'complex';
}
// Simple: short messages or a single direct question
if (trimmed.length < 100 || SIMPLE_QUESTION_PATTERN.test(trimmed)) {
return 'simple';
}
return 'moderate';
}
function detectDomain(message: string): Domain {
if (matchesAny(message, DEVOPS_PATTERNS)) return 'devops';
if (matchesAny(message, DOCS_PATTERNS)) return 'docs';
if (matchesAny(message, FRONTEND_PATTERNS)) return 'frontend';
if (matchesAny(message, BACKEND_PATTERNS)) return 'backend';
return 'general';
}

21
apps/gateway/src/agent/session.dto.ts
View File

@@ -1,32 +1,11 @@
/** Token usage metrics for a session (M5-007). */
export interface SessionTokenMetrics {
input: number;
output: number;
cacheRead: number;
cacheWrite: number;
total: number;
}
/** Per-session metrics tracked throughout the session lifetime (M5-007). */
export interface SessionMetrics {
tokens: SessionTokenMetrics;
modelSwitches: number;
messageCount: number;
lastActivityAt: string;
}
export interface SessionInfoDto {
id: string;
provider: string;
modelId: string;
/** M5-005: human-readable agent name when an agent config is applied. */
agentName?: string;
createdAt: string;
promptCount: number;
channels: string[];
durationMs: number;
/** M5-007: per-session metrics (token usage, model switches, etc.) */
metrics: SessionMetrics;
}
export interface SessionListDto {

2
apps/gateway/src/agent/tools/brain-tools.ts
View File

@@ -1,6 +1,6 @@
import { Type } from '@sinclair/typebox';
import type { ToolDefinition } from '@mariozechner/pi-coding-agent';
import type { Brain } from '@mosaicstack/brain';
import type { Brain } from '@mosaic/brain';
export function createBrainTools(brain: Brain): ToolDefinition[] {
const listProjects: ToolDefinition = {

166
apps/gateway/src/agent/tools/file-tools.ts
View File

@@ -190,169 +190,5 @@ export function createFileTools(baseDir: string): ToolDefinition[] {
},
};
const editFileTool: ToolDefinition = {
name: 'fs_edit_file',
label: 'Edit File',
description:
'Make targeted text replacements in a file. Each edit replaces an exact match of oldText with newText. ' +
'All edits are matched against the original file content (not incrementally). ' +
'Each oldText must be unique in the file and edits must not overlap.',
parameters: Type.Object({
path: Type.String({
description: 'File path (relative to sandbox base or absolute within it)',
}),
edits: Type.Array(
Type.Object({
oldText: Type.String({
description: 'Exact text to find and replace (must be unique in the file)',
}),
newText: Type.String({ description: 'Replacement text' }),
}),
{ description: 'One or more targeted replacements', minItems: 1 },
),
}),
async execute(_toolCallId, params) {
const { path, edits } = params as {
path: string;
edits: Array<{ oldText: string; newText: string }>;
};
let safePath: string;
try {
safePath = guardPath(path, baseDir);
} catch (err) {
if (err instanceof SandboxEscapeError) {
return {
content: [{ type: 'text' as const, text: `Error: ${err.message}` }],
details: undefined,
};
}
return {
content: [{ type: 'text' as const, text: `Error: ${String(err)}` }],
details: undefined,
};
}
try {
const info = await stat(safePath);
if (!info.isFile()) {
return {
content: [{ type: 'text' as const, text: `Error: path is not a file: ${path}` }],
details: undefined,
};
}
if (info.size > MAX_READ_BYTES) {
return {
content: [
{
type: 'text' as const,
text: `Error: file too large for editing (${info.size} bytes, limit ${MAX_READ_BYTES} bytes)`,
},
],
details: undefined,
};
}
} catch (err) {
return {
content: [{ type: 'text' as const, text: `Error reading file: ${String(err)}` }],
details: undefined,
};
}
let content: string;
try {
content = await readFile(safePath, { encoding: 'utf8' });
} catch (err) {
return {
content: [{ type: 'text' as const, text: `Error reading file: ${String(err)}` }],
details: undefined,
};
}
// Validate all edits before applying any
const errors: string[] = [];
for (let i = 0; i < edits.length; i++) {
const edit = edits[i]!;
const occurrences = content.split(edit.oldText).length - 1;
if (occurrences === 0) {
errors.push(`Edit ${i + 1}: oldText not found in file`);
} else if (occurrences > 1) {
errors.push(`Edit ${i + 1}: oldText matches ${occurrences} locations (must be unique)`);
}
}
// Check for overlapping edits
if (errors.length === 0) {
const positions = edits.map((edit, i) => ({
index: i,
start: content.indexOf(edit.oldText),
end: content.indexOf(edit.oldText) + edit.oldText.length,
}));
positions.sort((a, b) => a.start - b.start);
for (let i = 1; i < positions.length; i++) {
if (positions[i]!.start < positions[i - 1]!.end) {
errors.push(
`Edits ${positions[i - 1]!.index + 1} and ${positions[i]!.index + 1} overlap`,
);
}
}
}
if (errors.length > 0) {
return {
content: [
{
type: 'text' as const,
text: `Edit validation failed:\n${errors.join('\n')}`,
},
],
details: undefined,
};
}
// Apply edits: process from end to start to preserve positions
const positions = edits.map((edit) => ({
edit,
start: content.indexOf(edit.oldText),
}));
positions.sort((a, b) => b.start - a.start); // reverse order
let result = content;
for (const { edit } of positions) {
result = result.replace(edit.oldText, edit.newText);
}
if (Buffer.byteLength(result, 'utf8') > MAX_WRITE_BYTES) {
return {
content: [
{
type: 'text' as const,
text: `Error: resulting file too large (limit ${MAX_WRITE_BYTES} bytes)`,
},
],
details: undefined,
};
}
try {
await writeFile(safePath, result, { encoding: 'utf8' });
return {
content: [
{
type: 'text' as const,
text: `File edited successfully: ${path} (${edits.length} edit(s) applied)`,
},
],
details: undefined,
};
} catch (err) {
return {
content: [{ type: 'text' as const, text: `Error writing file: ${String(err)}` }],
details: undefined,
};
}
},
};
return [readFileTool, writeFileTool, listDirectoryTool, editFileTool];
return [readFileTool, writeFileTool, listDirectoryTool];
}

1
apps/gateway/src/agent/tools/index.ts
View File

@@ -2,7 +2,6 @@ export { createBrainTools } from './brain-tools.js';
export { createCoordTools } from './coord-tools.js';
export { createFileTools } from './file-tools.js';
export { createGitTools } from './git-tools.js';
export { createSearchTools } from './search-tools.js';
export { createShellTools } from './shell-tools.js';
export { createWebTools } from './web-tools.js';
export { createSkillTools } from './skill-tools.js';

4
apps/gateway/src/agent/tools/memory-tools.ts
View File

@@ -1,7 +1,7 @@
import { Type } from '@sinclair/typebox';
import type { ToolDefinition } from '@mariozechner/pi-coding-agent';
import type { Memory } from '@mosaicstack/memory';
import type { EmbeddingProvider } from '@mosaicstack/memory';
import type { Memory } from '@mosaic/memory';
import type { EmbeddingProvider } from '@mosaic/memory';
/**
* Create memory tools bound to the session's authenticated userId.

496
apps/gateway/src/agent/tools/search-tools.ts
View File

@@ -1,496 +0,0 @@
import { Type } from '@sinclair/typebox';
import type { ToolDefinition } from '@mariozechner/pi-coding-agent';
const DEFAULT_TIMEOUT_MS = 15_000;
const MAX_RESULTS = 10;
const MAX_RESPONSE_BYTES = 256 * 1024; // 256 KB
// ─── Provider helpers ────────────────────────────────────────────────────────
interface SearchResult {
title: string;
url: string;
snippet: string;
}
interface SearchResponse {
provider: string;
query: string;
results: SearchResult[];
error?: string;
}
async function fetchWithTimeout(
url: string,
init: RequestInit,
timeoutMs: number,
): Promise<Response> {
const controller = new AbortController();
const timer = setTimeout(() => controller.abort(), timeoutMs);
try {
return await fetch(url, { ...init, signal: controller.signal });
} finally {
clearTimeout(timer);
}
}
async function readLimited(response: Response): Promise<string> {
const reader = response.body?.getReader();
if (!reader) return '';
const chunks: Uint8Array[] = [];
let total = 0;
while (true) {
const { done, value } = await reader.read();
if (done) break;
total += value.length;
if (total > MAX_RESPONSE_BYTES) {
chunks.push(value.subarray(0, MAX_RESPONSE_BYTES - (total - value.length)));
reader.cancel();
break;
}
chunks.push(value);
}
const combined = new Uint8Array(chunks.reduce((a, c) => a + c.length, 0));
let offset = 0;
for (const chunk of chunks) {
combined.set(chunk, offset);
offset += chunk.length;
}
return new TextDecoder().decode(combined);
}
// ─── Brave Search ────────────────────────────────────────────────────────────
async function searchBrave(query: string, limit: number): Promise<SearchResponse> {
const apiKey = process.env['BRAVE_API_KEY'];
if (!apiKey) return { provider: 'brave', query, results: [], error: 'BRAVE_API_KEY not set' };
try {
const params = new URLSearchParams({
q: query,
count: String(Math.min(limit, 20)),
});
const res = await fetchWithTimeout(
`https://api.search.brave.com/res/v1/web/search?${params}`,
{ headers: { 'X-Subscription-Token': apiKey, Accept: 'application/json' } },
DEFAULT_TIMEOUT_MS,
);
if (!res.ok) {
const body = await res.text().catch(() => '');
return { provider: 'brave', query, results: [], error: `HTTP ${res.status}: ${body}` };
}
const data = (await res.json()) as {
web?: { results?: Array<{ title: string; url: string; description: string }> };
};
const results: SearchResult[] = (data.web?.results ?? []).slice(0, limit).map((r) => ({
title: r.title,
url: r.url,
snippet: r.description,
}));
return { provider: 'brave', query, results };
} catch (err) {
return {
provider: 'brave',
query,
results: [],
error: err instanceof Error ? err.message : String(err),
};
}
}
// ─── Tavily Search ───────────────────────────────────────────────────────────
async function searchTavily(query: string, limit: number): Promise<SearchResponse> {
const apiKey = process.env['TAVILY_API_KEY'];
if (!apiKey) return { provider: 'tavily', query, results: [], error: 'TAVILY_API_KEY not set' };
try {
const res = await fetchWithTimeout(
'https://api.tavily.com/search',
{
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
api_key: apiKey,
query,
max_results: Math.min(limit, 10),
include_answer: false,
}),
},
DEFAULT_TIMEOUT_MS,
);
if (!res.ok) {
const body = await res.text().catch(() => '');
return { provider: 'tavily', query, results: [], error: `HTTP ${res.status}: ${body}` };
}
const data = (await res.json()) as {
results?: Array<{ title: string; url: string; content: string }>;
};
const results: SearchResult[] = (data.results ?? []).slice(0, limit).map((r) => ({
title: r.title,
url: r.url,
snippet: r.content,
}));
return { provider: 'tavily', query, results };
} catch (err) {
return {
provider: 'tavily',
query,
results: [],
error: err instanceof Error ? err.message : String(err),
};
}
}
// ─── SearXNG (self-hosted) ───────────────────────────────────────────────────
async function searchSearxng(query: string, limit: number): Promise<SearchResponse> {
const baseUrl = process.env['SEARXNG_URL'];
if (!baseUrl) return { provider: 'searxng', query, results: [], error: 'SEARXNG_URL not set' };
try {
const params = new URLSearchParams({
q: query,
format: 'json',
pageno: '1',
});
const res = await fetchWithTimeout(
`${baseUrl.replace(/\/$/, '')}/search?${params}`,
{ headers: { Accept: 'application/json' } },
DEFAULT_TIMEOUT_MS,
);
if (!res.ok) {
const body = await res.text().catch(() => '');
return { provider: 'searxng', query, results: [], error: `HTTP ${res.status}: ${body}` };
}
const data = (await res.json()) as {
results?: Array<{ title: string; url: string; content: string }>;
};
const results: SearchResult[] = (data.results ?? []).slice(0, limit).map((r) => ({
title: r.title,
url: r.url,
snippet: r.content,
}));
return { provider: 'searxng', query, results };
} catch (err) {
return {
provider: 'searxng',
query,
results: [],
error: err instanceof Error ? err.message : String(err),
};
}
}
// ─── DuckDuckGo (lite HTML endpoint) ─────────────────────────────────────────
async function searchDuckDuckGo(query: string, limit: number): Promise<SearchResponse> {
try {
// Use the DuckDuckGo Instant Answer API (JSON, free, no key)
const params = new URLSearchParams({
q: query,
format: 'json',
no_html: '1',
skip_disambig: '1',
});
const res = await fetchWithTimeout(
`https://api.duckduckgo.com/?${params}`,
{ headers: { Accept: 'application/json' } },
DEFAULT_TIMEOUT_MS,
);
if (!res.ok) {
return {
provider: 'duckduckgo',
query,
results: [],
error: `HTTP ${res.status}`,
};
}
const text = await readLimited(res);
const data = JSON.parse(text) as {
AbstractText?: string;
AbstractURL?: string;
AbstractSource?: string;
RelatedTopics?: Array<{
Text?: string;
FirstURL?: string;
Result?: string;
Topics?: Array<{ Text?: string; FirstURL?: string }>;
}>;
};
const results: SearchResult[] = [];
// Main abstract result
if (data.AbstractText && data.AbstractURL) {
results.push({
title: data.AbstractSource ?? 'DuckDuckGo Abstract',
url: data.AbstractURL,
snippet: data.AbstractText,
});
}
// Related topics
for (const topic of data.RelatedTopics ?? []) {
if (results.length >= limit) break;
if (topic.Text && topic.FirstURL) {
results.push({
title: topic.Text.slice(0, 120),
url: topic.FirstURL,
snippet: topic.Text,
});
}
// Sub-topics
for (const sub of topic.Topics ?? []) {
if (results.length >= limit) break;
if (sub.Text && sub.FirstURL) {
results.push({
title: sub.Text.slice(0, 120),
url: sub.FirstURL,
snippet: sub.Text,
});
}
}
}
return { provider: 'duckduckgo', query, results: results.slice(0, limit) };
} catch (err) {
return {
provider: 'duckduckgo',
query,
results: [],
error: err instanceof Error ? err.message : String(err),
};
}
}
// ─── Provider resolution ─────────────────────────────────────────────────────
type SearchProvider = 'brave' | 'tavily' | 'searxng' | 'duckduckgo' | 'auto';
function getAvailableProviders(): SearchProvider[] {
const available: SearchProvider[] = [];
if (process.env['BRAVE_API_KEY']) available.push('brave');
if (process.env['TAVILY_API_KEY']) available.push('tavily');
if (process.env['SEARXNG_URL']) available.push('searxng');
// DuckDuckGo is always available (no API key needed)
available.push('duckduckgo');
return available;
}
async function executeSearch(
provider: SearchProvider,
query: string,
limit: number,
): Promise<SearchResponse> {
switch (provider) {
case 'brave':
return searchBrave(query, limit);
case 'tavily':
return searchTavily(query, limit);
case 'searxng':
return searchSearxng(query, limit);
case 'duckduckgo':
return searchDuckDuckGo(query, limit);
case 'auto': {
// Try providers in priority order: Brave > Tavily > SearXNG > DuckDuckGo
const available = getAvailableProviders();
for (const p of available) {
const result = await executeSearch(p, query, limit);
if (!result.error && result.results.length > 0) return result;
}
// Fall back to DuckDuckGo if everything failed
return searchDuckDuckGo(query, limit);
}
}
}
function formatSearchResults(response: SearchResponse): string {
const lines: string[] = [];
lines.push(`Search provider: ${response.provider}`);
lines.push(`Query: "${response.query}"`);
if (response.error) {
lines.push(`Error: ${response.error}`);
}
if (response.results.length === 0) {
lines.push('No results found.');
} else {
lines.push(`Results (${response.results.length}):\n`);
for (let i = 0; i < response.results.length; i++) {
const r = response.results[i]!;
lines.push(`${i + 1}. ${r.title}`);
lines.push(` URL: ${r.url}`);
lines.push(` ${r.snippet}`);
lines.push('');
}
}
return lines.join('\n');
}
// ─── Tool exports ────────────────────────────────────────────────────────────
export function createSearchTools(): ToolDefinition[] {
const webSearch: ToolDefinition = {
name: 'web_search',
label: 'Web Search',
description:
'Search the web using configured search providers. ' +
'Supports Brave, Tavily, SearXNG, and DuckDuckGo. ' +
'Use "auto" provider to pick the best available. ' +
'DuckDuckGo is always available as a fallback (no API key needed).',
parameters: Type.Object({
query: Type.String({ description: 'Search query' }),
provider: Type.Optional(
Type.String({
description:
'Search provider: "auto" (default), "brave", "tavily", "searxng", or "duckduckgo"',
}),
),
limit: Type.Optional(
Type.Number({ description: `Max results to return (default 5, max ${MAX_RESULTS})` }),
),
}),
async execute(_toolCallId, params) {
const { query, provider, limit } = params as {
query: string;
provider?: string;
limit?: number;
};
const effectiveProvider = (provider ?? 'auto') as SearchProvider;
const validProviders = ['auto', 'brave', 'tavily', 'searxng', 'duckduckgo'];
if (!validProviders.includes(effectiveProvider)) {
return {
content: [
{
type: 'text' as const,
text: `Invalid provider "${provider}". Valid: ${validProviders.join(', ')}`,
},
],
details: undefined,
};
}
const effectiveLimit = Math.min(Math.max(limit ?? 5, 1), MAX_RESULTS);
try {
const response = await executeSearch(effectiveProvider, query, effectiveLimit);
return {
content: [{ type: 'text' as const, text: formatSearchResults(response) }],
details: undefined,
};
} catch (err) {
return {
content: [
{
type: 'text' as const,
text: `Search failed: ${err instanceof Error ? err.message : String(err)}`,
},
],
details: undefined,
};
}
},
};
const webSearchNews: ToolDefinition = {
name: 'web_search_news',
label: 'Web Search (News)',
description:
'Search for recent news articles. Uses Brave News API if available, falls back to standard search with news keywords.',
parameters: Type.Object({
query: Type.String({ description: 'News search query' }),
limit: Type.Optional(
Type.Number({ description: `Max results (default 5, max ${MAX_RESULTS})` }),
),
}),
async execute(_toolCallId, params) {
const { query, limit } = params as { query: string; limit?: number };
const effectiveLimit = Math.min(Math.max(limit ?? 5, 1), MAX_RESULTS);
// Try Brave News API first (dedicated news endpoint)
const braveKey = process.env['BRAVE_API_KEY'];
if (braveKey) {
try {
const newsParams = new URLSearchParams({
q: query,
count: String(effectiveLimit),
});
const res = await fetchWithTimeout(
`https://api.search.brave.com/res/v1/news/search?${newsParams}`,
{
headers: {
'X-Subscription-Token': braveKey,
Accept: 'application/json',
},
},
DEFAULT_TIMEOUT_MS,
);
if (res.ok) {
const data = (await res.json()) as {
results?: Array<{
title: string;
url: string;
description: string;
age?: string;
}>;
};
const results: SearchResult[] = (data.results ?? [])
.slice(0, effectiveLimit)
.map((r) => ({
title: r.title + (r.age ? ` (${r.age})` : ''),
url: r.url,
snippet: r.description,
}));
const response: SearchResponse = { provider: 'brave-news', query, results };
return {
content: [{ type: 'text' as const, text: formatSearchResults(response) }],
details: undefined,
};
}
} catch {
// Fall through to generic search
}
}
// Fallback: standard search with "news" appended
const newsQuery = `${query} news latest`;
const response = await executeSearch('auto', newsQuery, effectiveLimit);
return {
content: [{ type: 'text' as const, text: formatSearchResults(response) }],
details: undefined,
};
},
};
const searchProviders: ToolDefinition = {
name: 'web_search_providers',
label: 'List Search Providers',
description: 'List the currently available and configured web search providers.',
parameters: Type.Object({}),
async execute() {
const available = getAvailableProviders();
const allProviders = [
{ name: 'brave', configured: !!process.env['BRAVE_API_KEY'], envVar: 'BRAVE_API_KEY' },
{ name: 'tavily', configured: !!process.env['TAVILY_API_KEY'], envVar: 'TAVILY_API_KEY' },
{ name: 'searxng', configured: !!process.env['SEARXNG_URL'], envVar: 'SEARXNG_URL' },
{ name: 'duckduckgo', configured: true, envVar: '(none — always available)' },
];
const lines = ['Search providers:\n'];
for (const p of allProviders) {
const status = p.configured ? '✓ configured' : '✗ not configured';
lines.push(` ${p.name}: ${status} (${p.envVar})`);
}
lines.push(`\nActive providers for "auto" mode: ${available.join(', ')}`);
return {
content: [{ type: 'text' as const, text: lines.join('\n') }],
details: undefined,
};
},
};
return [webSearch, webSearchNews, searchProviders];
}

4
apps/gateway/src/app.module.ts
View File

@@ -1,7 +1,6 @@
import { Module } from '@nestjs/common';
import { APP_GUARD } from '@nestjs/core';
import { HealthController } from './health/health.controller.js';
import { ConfigModule } from './config/config.module.js';
import { DatabaseModule } from './database/database.module.js';
import { AuthModule } from './auth/auth.module.js';
import { BrainModule } from './brain/brain.module.js';
@@ -23,13 +22,11 @@ import { PreferencesModule } from './preferences/preferences.module.js';
import { GCModule } from './gc/gc.module.js';
import { ReloadModule } from './reload/reload.module.js';
import { WorkspaceModule } from './workspace/workspace.module.js';
import { QueueModule } from './queue/queue.module.js';
import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
@Module({
imports: [
ThrottlerModule.forRoot([{ name: 'default', ttl: 60_000, limit: 60 }]),
ConfigModule,
DatabaseModule,
AuthModule,
BrainModule,
@@ -49,7 +46,6 @@ import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
PreferencesModule,
CommandsModule,
GCModule,
QueueModule,
ReloadModule,
WorkspaceModule,
],

2
apps/gateway/src/auth/auth.controller.ts
View File

@@ -1,6 +1,6 @@
import type { IncomingMessage, ServerResponse } from 'node:http';
import { toNodeHandler } from 'better-auth/node';
import type { Auth } from '@mosaicstack/auth';
import type { Auth } from '@mosaic/auth';
import type { NestFastifyApplication } from '@nestjs/platform-fastify';
import { AUTH } from './auth.tokens.js';

2
apps/gateway/src/auth/auth.guard.ts
View File

@@ -6,7 +6,7 @@ import {
UnauthorizedException,
} from '@nestjs/common';
import { fromNodeHeaders } from 'better-auth/node';
import type { Auth } from '@mosaicstack/auth';
import type { Auth } from '@mosaic/auth';
import type { FastifyRequest } from 'fastify';
import { AUTH } from './auth.tokens.js';

6
apps/gateway/src/auth/auth.module.ts
View File

@@ -1,6 +1,6 @@
import { Global, Module } from '@nestjs/common';
import { createAuth, type Auth } from '@mosaicstack/auth';
import type { Db } from '@mosaicstack/db';
import { createAuth, type Auth } from '@mosaic/auth';
import type { Db } from '@mosaic/db';
import { DB } from '../database/database.module.js';
import { AUTH } from './auth.tokens.js';
import { SsoController } from './sso.controller.js';
@@ -14,7 +14,7 @@ import { SsoController } from './sso.controller.js';
useFactory: (db: Db): Auth =>
createAuth({
db,
baseURL: process.env['BETTER_AUTH_URL'] ?? 'http://localhost:14242',
baseURL: process.env['BETTER_AUTH_URL'] ?? 'http://localhost:4000',
secret: process.env['BETTER_AUTH_SECRET'],
}),
inject: [DB],

2
apps/gateway/src/auth/sso.controller.ts
View File

@@ -1,5 +1,5 @@
import { Controller, Get } from '@nestjs/common';
import { buildSsoDiscovery, type SsoProviderDiscovery } from '@mosaicstack/auth';
import { buildSsoDiscovery, type SsoProviderDiscovery } from '@mosaic/auth';
@Controller('api/sso/providers')
export class SsoController {

4
apps/gateway/src/brain/brain.module.ts
View File

@@ -1,6 +1,6 @@
import { Global, Module } from '@nestjs/common';
import { createBrain, type Brain } from '@mosaicstack/brain';
import type { Db } from '@mosaicstack/db';
import { createBrain, type Brain } from '@mosaic/brain';
import type { Db } from '@mosaic/db';
import { DB } from '../database/database.module.js';
import { BRAIN } from './brain.tokens.js';

1
apps/gateway/src/chat/__tests__/chat-security.test.ts
View File

@@ -1,4 +1,3 @@
import 'reflect-metadata';
import { readFileSync } from 'node:fs';
import { resolve } from 'node:path';
import { validateSync } from 'class-validator';

238
apps/gateway/src/chat/chat.gateway.ts
View File

@@ -11,21 +11,14 @@ import {
} from '@nestjs/websockets';
import { Server, Socket } from 'socket.io';
import type { AgentSessionEvent } from '@mariozechner/pi-coding-agent';
import type { Auth } from '@mosaicstack/auth';
import type { Brain } from '@mosaicstack/brain';
import type {
SetThinkingPayload,
SlashCommandPayload,
SystemReloadPayload,
RoutingDecisionInfo,
AbortPayload,
} from '@mosaicstack/types';
import type { Auth } from '@mosaic/auth';
import type { Brain } from '@mosaic/brain';
import type { SetThinkingPayload, SlashCommandPayload, SystemReloadPayload } from '@mosaic/types';
import { AgentService, type ConversationHistoryMessage } from '../agent/agent.service.js';
import { AUTH } from '../auth/auth.tokens.js';
import { BRAIN } from '../brain/brain.tokens.js';
import { CommandRegistryService } from '../commands/command-registry.service.js';
import { CommandExecutorService } from '../commands/command-executor.service.js';
import { RoutingEngineService } from '../agent/routing/routing-engine.service.js';
import { v4 as uuid } from 'uuid';
import { ChatSocketMessageDto } from './chat.dto.js';
import { validateSocketSession } from './chat.gateway-auth.js';
@@ -40,16 +33,8 @@ interface ClientSession {
toolCalls: Array<{ toolCallId: string; toolName: string; args: unknown; isError: boolean }>;
/** Tool calls in-flight (started but not ended yet). */
pendingToolCalls: Map<string, { toolName: string; args: unknown }>;
/** Last routing decision made for this session (M4-008) */
lastRoutingDecision?: RoutingDecisionInfo;
}
/**
* Per-conversation model overrides set via /model command (M4-007).
* Keyed by conversationId, value is the model name to use.
*/
const modelOverrides = new Map<string, string>();
@WebSocketGateway({
cors: {
origin: process.env['GATEWAY_CORS_ORIGIN'] ?? 'http://localhost:3000',
@@ -69,7 +54,6 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
@Inject(BRAIN) private readonly brain: Brain,
@Inject(CommandRegistryService) private readonly commandRegistry: CommandRegistryService,
@Inject(CommandExecutorService) private readonly commandExecutor: CommandExecutorService,
@Inject(RoutingEngineService) private readonly routingEngine: RoutingEngineService,
) {}
afterInit(): void {
@@ -113,63 +97,15 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
this.logger.log(`Message from ${client.id} in conversation ${conversationId}`);
// Ensure agent session exists for this conversation
let sessionRoutingDecision: RoutingDecisionInfo | undefined;
try {
let agentSession = this.agentService.getSession(conversationId);
if (!agentSession) {
// When resuming an existing conversation, load prior messages to inject as context (M1-004)
const conversationHistory = await this.loadConversationHistory(conversationId, userId);
// M5-004: Check if there's an existing sessionId bound to this conversation
let existingSessionId: string | undefined;
if (userId) {
existingSessionId = await this.getConversationSessionId(conversationId, userId);
if (existingSessionId) {
this.logger.log(
`Resuming existing sessionId=${existingSessionId} for conversation=${conversationId}`,
);
}
}
// Determine provider/model via routing engine or per-session /model override (M4-012 / M4-007)
let resolvedProvider = data.provider;
let resolvedModelId = data.modelId;
const modelOverride = modelOverrides.get(conversationId);
if (modelOverride) {
// /model override bypasses routing engine (M4-007)
resolvedModelId = modelOverride;
this.logger.log(
`Using /model override "${modelOverride}" for conversation=${conversationId}`,
);
} else if (!resolvedProvider && !resolvedModelId) {
// No explicit provider/model from client — use routing engine (M4-012)
try {
const routingDecision = await this.routingEngine.resolve(data.content, userId);
resolvedProvider = routingDecision.provider;
resolvedModelId = routingDecision.model;
sessionRoutingDecision = {
model: routingDecision.model,
provider: routingDecision.provider,
ruleName: routingDecision.ruleName,
reason: routingDecision.reason,
};
this.logger.log(
`Routing decision for conversation=${conversationId}: ${routingDecision.provider}/${routingDecision.model} (rule="${routingDecision.ruleName}")`,
);
} catch (routingErr) {
this.logger.warn(
`Routing engine failed for conversation=${conversationId}, using defaults`,
routingErr instanceof Error ? routingErr.message : String(routingErr),
);
}
}
// M5-004: Use existingSessionId as sessionId when available (session reuse)
const sessionIdToCreate = existingSessionId ?? conversationId;
agentSession = await this.agentService.createSession(sessionIdToCreate, {
provider: resolvedProvider,
modelId: resolvedModelId,
agentSession = await this.agentService.createSession(conversationId, {
provider: data.provider,
modelId: data.modelId,
agentConfigId: data.agentId,
userId,
conversationHistory: conversationHistory.length > 0 ? conversationHistory : undefined,
@@ -194,15 +130,10 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
}
// Ensure conversation record exists in the DB before persisting messages
// M5-004: Also bind the sessionId to the conversation record
if (userId) {
await this.ensureConversation(conversationId, userId);
await this.bindSessionToConversation(conversationId, userId, conversationId);
}
// M5-007: Count the user message
this.agentService.recordMessage(conversationId);
// Persist the user message
if (userId) {
try {
@@ -236,24 +167,18 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
this.relayEvent(client, conversationId, event);
});
// Preserve routing decision from the existing client session if we didn't get a new one
const prevClientSession = this.clientSessions.get(client.id);
const routingDecisionToStore = sessionRoutingDecision ?? prevClientSession?.lastRoutingDecision;
this.clientSessions.set(client.id, {
conversationId,
cleanup,
assistantText: '',
toolCalls: [],
pendingToolCalls: new Map(),
lastRoutingDecision: routingDecisionToStore,
});
// Track channel connection
this.agentService.addChannel(conversationId, `websocket:${client.id}`);
// Send session info so the client knows the model/provider (M4-008: include routing decision)
// Include agentName when a named agent config is active (M5-001)
// Send session info so the client knows the model/provider
{
const agentSession = this.agentService.getSession(conversationId);
if (agentSession) {
@@ -264,8 +189,6 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
modelId: agentSession.modelId,
thinkingLevel: piSession.thinkingLevel,
availableThinkingLevels: piSession.getAvailableThinkingLevels(),
...(agentSession.agentName ? { agentName: agentSession.agentName } : {}),
...(routingDecisionToStore ? { routingDecision: routingDecisionToStore } : {}),
});
}
}
@@ -322,42 +245,9 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
modelId: session.modelId,
thinkingLevel: session.piSession.thinkingLevel,
availableThinkingLevels: session.piSession.getAvailableThinkingLevels(),
...(session.agentName ? { agentName: session.agentName } : {}),
});
}
@SubscribeMessage('abort')
async handleAbort(
@ConnectedSocket() client: Socket,
@MessageBody() data: AbortPayload,
): Promise<void> {
const conversationId = data.conversationId;
this.logger.log(`Abort requested by ${client.id} for conversation ${conversationId}`);
const session = this.agentService.getSession(conversationId);
if (!session) {
client.emit('error', {
conversationId,
error: 'No active session to abort.',
});
return;
}
try {
await session.piSession.abort();
this.logger.log(`Agent session ${conversationId} aborted successfully`);
} catch (err) {
this.logger.error(
`Failed to abort session ${conversationId}`,
err instanceof Error ? err.stack : String(err),
);
client.emit('error', {
conversationId,
error: 'Failed to abort the agent operation.',
});
}
}
@SubscribeMessage('command:execute')
async handleCommandExecute(
@ConnectedSocket() client: Socket,
@@ -373,70 +263,6 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
this.logger.log('Broadcasted system:reload to all connected clients');
}
/**
* Set a per-conversation model override (M4-007 / M5-002).
* When set, the routing engine is bypassed and the specified model is used.
* Pass null to clear the override and resume automatic routing.
* M5-005: Emits session:info to clients subscribed to this conversation when a model is set.
* M5-007: Records a model switch in session metrics.
*/
setModelOverride(conversationId: string, modelName: string | null): void {
if (modelName) {
modelOverrides.set(conversationId, modelName);
this.logger.log(`Model override set: conversation=${conversationId} model="${modelName}"`);
// M5-002: Update the live session's modelId so session:info reflects the new model immediately
this.agentService.updateSessionModel(conversationId, modelName);
// M5-005: Broadcast session:info to all clients subscribed to this conversation
this.broadcastSessionInfo(conversationId);
} else {
modelOverrides.delete(conversationId);
this.logger.log(`Model override cleared: conversation=${conversationId}`);
}
}
/**
* Return the active model override for a conversation, or undefined if none.
*/
getModelOverride(conversationId: string): string | undefined {
return modelOverrides.get(conversationId);
}
/**
* M5-005: Broadcast session:info to all clients currently subscribed to a conversation.
* Called on model or agent switch to ensure the TUI TopBar updates immediately.
*/
broadcastSessionInfo(
conversationId: string,
extra?: { agentName?: string; routingDecision?: RoutingDecisionInfo },
): void {
const agentSession = this.agentService.getSession(conversationId);
if (!agentSession) return;
const piSession = agentSession.piSession;
const resolvedAgentName = extra?.agentName ?? agentSession.agentName;
const payload = {
conversationId,
provider: agentSession.provider,
modelId: agentSession.modelId,
thinkingLevel: piSession.thinkingLevel,
availableThinkingLevels: piSession.getAvailableThinkingLevels(),
...(resolvedAgentName ? { agentName: resolvedAgentName } : {}),
...(extra?.routingDecision ? { routingDecision: extra.routingDecision } : {}),
};
// Emit to all clients currently subscribed to this conversation
for (const [clientId, session] of this.clientSessions) {
if (session.conversationId === conversationId) {
const socket = this.server.sockets.sockets.get(clientId);
if (socket?.connected) {
socket.emit('session:info', payload);
}
}
}
}
/**
* Ensure a conversation record exists in the DB.
* Creates it if absent — safe to call concurrently since a duplicate insert
@@ -459,45 +285,6 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
}
}
/**
* M5-004: Bind the agent sessionId to the conversation record in the DB.
* Updates the sessionId column so future resumes can reuse the session.
*/
private async bindSessionToConversation(
conversationId: string,
userId: string,
sessionId: string,
): Promise<void> {
try {
await this.brain.conversations.update(conversationId, userId, { sessionId });
} catch (err) {
this.logger.error(
`Failed to bind sessionId=${sessionId} to conversation=${conversationId}`,
err instanceof Error ? err.stack : String(err),
);
}
}
/**
* M5-004: Retrieve the sessionId bound to a conversation, if any.
* Returns undefined when the conversation does not exist or has no bound session.
*/
private async getConversationSessionId(
conversationId: string,
userId: string,
): Promise<string | undefined> {
try {
const conv = await this.brain.conversations.findById(conversationId, userId);
return conv?.sessionId ?? undefined;
} catch (err) {
this.logger.error(
`Failed to get sessionId for conversation=${conversationId}`,
err instanceof Error ? err.stack : String(err),
);
return undefined;
}
}
/**
* Load prior conversation messages from DB for context injection on session resume (M1-004).
* Returns an empty array when no history exists, the conversation is not owned by the user,
@@ -574,17 +361,6 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
usage: usagePayload,
});
// M5-007: Accumulate token usage in session metrics
if (stats?.tokens) {
this.agentService.recordTokenUsage(conversationId, {
input: stats.tokens.input ?? 0,
output: stats.tokens.output ?? 0,
cacheRead: stats.tokens.cacheRead ?? 0,
cacheWrite: stats.tokens.cacheWrite ?? 0,
total: stats.tokens.total ?? 0,
});
}
// Persist the assistant message with metadata
const cs = this.clientSessions.get(client.id);
const userId = (client.data.user as { id: string } | undefined)?.id;

38
apps/gateway/src/commands/command-executor-p8012.spec.ts
View File

@@ -1,6 +1,6 @@
import { describe, it, expect, vi, beforeEach } from 'vitest';
import { CommandExecutorService } from './command-executor.service.js';
import type { SlashCommandPayload } from '@mosaicstack/types';
import type { SlashCommandPayload } from '@mosaic/types';
// Minimal mock implementations
const mockRegistry = {
@@ -19,8 +19,6 @@ const mockRegistry = {
const mockAgentService = {
getSession: vi.fn(() => undefined),
applyAgentConfig: vi.fn(),
updateSessionModel: vi.fn(),
};
const mockSystemOverride = {
@@ -40,38 +38,6 @@ const mockRedis = {
del: vi.fn(),
};
// Mock agent config returned by brain.agents.findByName for "my-agent-id"
const mockAgentConfig = {
id: 'my-agent-id',
name: 'my-agent-id',
model: 'claude-sonnet-4-6',
provider: 'anthropic',
systemPrompt: null,
allowedTools: null,
isSystem: false,
ownerId: 'user-123',
status: 'idle',
createdAt: new Date(),
updatedAt: new Date(),
};
const mockBrain = {
agents: {
// findByName resolves with the agent when name matches, undefined otherwise
findByName: vi.fn((name: string) =>
Promise.resolve(name === 'my-agent-id' ? mockAgentConfig : undefined),
),
findById: vi.fn((id: string) =>
Promise.resolve(id === 'my-agent-id' ? mockAgentConfig : undefined),
),
create: vi.fn(),
},
};
const mockChatGateway = {
broadcastSessionInfo: vi.fn(),
};
function buildService(): CommandExecutorService {
return new CommandExecutorService(
mockRegistry as never,
@@ -79,9 +45,7 @@ function buildService(): CommandExecutorService {
mockSystemOverride as never,
mockSessionGC as never,
mockRedis as never,
mockBrain as never,
null,
mockChatGateway as never,
null,
);
}

247
apps/gateway/src/commands/command-executor.service.ts
View File

@@ -1,14 +1,11 @@
import { forwardRef, Inject, Injectable, Logger, Optional } from '@nestjs/common';
import type { QueueHandle } from '@mosaicstack/queue';
import type { Brain } from '@mosaicstack/brain';
import type { SlashCommandPayload, SlashCommandResultPayload } from '@mosaicstack/types';
import type { QueueHandle } from '@mosaic/queue';
import type { SlashCommandPayload, SlashCommandResultPayload } from '@mosaic/types';
import { AgentService } from '../agent/agent.service.js';
import { ChatGateway } from '../chat/chat.gateway.js';
import { SessionGCService } from '../gc/session-gc.service.js';
import { SystemOverrideService } from '../preferences/system-override.service.js';
import { ReloadService } from '../reload/reload.service.js';
import { McpClientService } from '../mcp-client/mcp-client.service.js';
import { BRAIN } from '../brain/brain.tokens.js';
import { COMMANDS_REDIS } from './commands.tokens.js';
import { CommandRegistryService } from './command-registry.service.js';
@@ -22,16 +19,12 @@ export class CommandExecutorService {
@Inject(SystemOverrideService) private readonly systemOverride: SystemOverrideService,
@Inject(SessionGCService) private readonly sessionGC: SessionGCService,
@Inject(COMMANDS_REDIS) private readonly redis: QueueHandle['redis'],
@Inject(BRAIN) private readonly brain: Brain,
@Optional()
@Inject(forwardRef(() => ReloadService))
private readonly reloadService: ReloadService | null,
@Optional()
@Inject(forwardRef(() => ChatGateway))
private readonly chatGateway: ChatGateway | null,
@Optional()
@Inject(McpClientService)
private readonly mcpClient: McpClientService | null,
) {}
async execute(payload: SlashCommandPayload, userId: string): Promise<SlashCommandResultPayload> {
@@ -94,7 +87,7 @@ export class CommandExecutorService {
};
}
case 'agent':
return await this.handleAgent(args ?? null, conversationId, userId);
return await this.handleAgent(args ?? null, conversationId);
case 'provider':
return await this.handleProvider(args ?? null, userId, conversationId);
case 'mission':
@@ -109,8 +102,6 @@ export class CommandExecutorService {
};
case 'tools':
return await this.handleTools(conversationId, userId);
case 'mcp':
return await this.handleMcp(args ?? null, conversationId);
case 'reload': {
if (!this.reloadService) {
return {
@@ -147,56 +138,30 @@ export class CommandExecutorService {
args: string | null,
conversationId: string,
): Promise<SlashCommandResultPayload> {
if (!args || args.trim().length === 0) {
// Show current override or usage hint
const currentOverride = this.chatGateway?.getModelOverride(conversationId);
if (currentOverride) {
return {
command: 'model',
conversationId,
success: true,
message: `Current model override: "${currentOverride}". Use /model <name> to change or /model clear to reset.`,
};
}
if (!args) {
return {
command: 'model',
conversationId,
success: true,
message:
'Usage: /model <model-name> — sets a per-session model override (bypasses routing). Use /model clear to reset.',
message: 'Usage: /model <model-name>',
};
}
const modelName = args.trim();
// /model clear removes the override and re-enables automatic routing
if (modelName === 'clear') {
this.chatGateway?.setModelOverride(conversationId, null);
return {
command: 'model',
conversationId,
success: true,
message: 'Model override cleared. Automatic routing will be used for new sessions.',
};
}
// Set the sticky per-session override (M4-007)
this.chatGateway?.setModelOverride(conversationId, modelName);
// Update agent session model if session is active
// For now, acknowledge the request — full wiring done in P8-012
const session = this.agentService.getSession(conversationId);
if (!session) {
return {
command: 'model',
conversationId,
success: true,
message: `Model override set to "${modelName}". Will apply when a new session starts for this conversation.`,
message: `Model switch to "${args}" requested. No active session for this conversation.`,
};
}
return {
command: 'model',
conversationId,
success: true,
message: `Model override set to "${modelName}". The override is active for this conversation and will be used on the next message if a new session is needed.`,
message: `Model switch to "${args}" requested.`,
};
}
@@ -248,14 +213,12 @@ export class CommandExecutorService {
private async handleAgent(
args: string | null,
conversationId: string,
userId: string,
): Promise<SlashCommandResultPayload> {
if (!args) {
return {
command: 'agent',
success: true,
message:
'Usage: /agent <agent-id> | /agent list | /agent new <name> to create a new agent.',
message: 'Usage: /agent <agent-id> to switch, or /agent list to see available agents.',
conversationId,
};
}
@@ -269,101 +232,13 @@ export class CommandExecutorService {
};
}
// M5-006: /agent new <name> — create a new agent config via brain.agents.create()
if (args.startsWith('new')) {
const namePart = args.slice(3).trim();
if (!namePart) {
return {
command: 'agent',
success: false,
message: 'Usage: /agent new <name> — provide a name for the new agent.',
conversationId,
};
}
try {
const defaultProvider = process.env['DEFAULT_PROVIDER'] ?? 'anthropic';
const defaultModel = process.env['DEFAULT_MODEL'] ?? 'claude-sonnet-4-5-20251001';
const newAgent = await this.brain.agents.create({
name: namePart,
provider: defaultProvider,
model: defaultModel,
status: 'idle',
ownerId: userId,
isSystem: false,
});
this.logger.log(`Created new agent "${newAgent.name}" (${newAgent.id}) for user ${userId}`);
return {
command: 'agent',
success: true,
message: `Agent "${newAgent.name}" created with ID: ${newAgent.id}. Configure it via the web dashboard.`,
conversationId,
data: { agentId: newAgent.id, agentName: newAgent.name },
};
} catch (err) {
this.logger.error(`Failed to create agent: ${err}`);
return {
command: 'agent',
success: false,
message: `Failed to create agent: ${String(err)}`,
conversationId,
};
}
}
// M5-003: Look up agent by name (or ID) and apply to session mid-conversation
const agentName = args.trim();
try {
// Try lookup by name first; fall back to ID-based lookup
let agentConfig = await this.brain.agents.findByName(agentName);
if (!agentConfig) {
// Try by ID (UUID-style input)
agentConfig = await this.brain.agents.findById(agentName);
}
if (!agentConfig) {
return {
command: 'agent',
success: false,
message: `Agent "${agentName}" not found. Use /agent list to see available agents.`,
conversationId,
};
}
// Apply the agent config to the live session and emit session:info (M5-003)
this.agentService.applyAgentConfig(
conversationId,
agentConfig.id,
agentConfig.name,
agentConfig.model ?? undefined,
);
// Broadcast updated session:info so TUI TopBar reflects new agent/model
this.chatGateway?.broadcastSessionInfo(conversationId, { agentName: agentConfig.name });
this.logger.log(
`Agent switched to "${agentConfig.name}" (${agentConfig.id}) for conversation ${conversationId} (M5-003)`,
);
return {
command: 'agent',
success: true,
message: `Switched to agent "${agentConfig.name}". System prompt and tools applied. Model: ${agentConfig.model ?? 'default'}.`,
conversationId,
data: { agentId: agentConfig.id, agentName: agentConfig.name, model: agentConfig.model },
};
} catch (err) {
this.logger.error(`Failed to switch agent "${agentName}": ${err}`);
return {
command: 'agent',
success: false,
message: `Failed to switch agent: ${String(err)}`,
conversationId,
};
}
// Switch agent — stub for now (full implementation in P8-015)
return {
command: 'agent',
success: true,
message: `Agent switch to "${args}" requested. Restart conversation to apply.`,
conversationId,
};
}
private async handleProvider(
@@ -495,92 +370,4 @@ export class CommandExecutorService {
conversationId,
};
}
private async handleMcp(
args: string | null,
conversationId: string,
): Promise<SlashCommandResultPayload> {
if (!this.mcpClient) {
return {
command: 'mcp',
conversationId,
success: false,
message: 'MCP client service is not available.',
};
}
const action = args?.trim().split(/\s+/)[0] ?? 'status';
switch (action) {
case 'status':
case 'servers': {
const statuses = this.mcpClient.getServerStatuses();
if (statuses.length === 0) {
return {
command: 'mcp',
conversationId,
success: true,
message:
'No MCP servers configured. Set MCP_SERVERS env var to connect external tool servers.',
};
}
const lines = ['MCP Server Status:\n'];
for (const s of statuses) {
const status = s.connected ? '✓ connected' : '✗ disconnected';
lines.push(` ${s.name}: ${status}`);
lines.push(` URL: ${s.url}`);
lines.push(` Tools: ${s.toolCount}`);
if (s.error) lines.push(` Error: ${s.error}`);
lines.push('');
}
const tools = this.mcpClient.getToolDefinitions();
if (tools.length > 0) {
lines.push(`Total bridged tools: ${tools.length}`);
lines.push(`Tool names: ${tools.map((t) => t.name).join(', ')}`);
}
return {
command: 'mcp',
conversationId,
success: true,
message: lines.join('\n'),
};
}
case 'reconnect': {
const serverName = args?.trim().split(/\s+/).slice(1).join(' ');
if (!serverName) {
return {
command: 'mcp',
conversationId,
success: false,
message: 'Usage: /mcp reconnect <server-name>',
};
}
try {
await this.mcpClient.reconnectServer(serverName);
return {
command: 'mcp',
conversationId,
success: true,
message: `MCP server "${serverName}" reconnected successfully.`,
};
} catch (err) {
return {
command: 'mcp',
conversationId,
success: false,
message: `Failed to reconnect MCP server "${serverName}": ${err instanceof Error ? err.message : String(err)}`,
};
}
}
default:
return {
command: 'mcp',
conversationId,
success: false,
message: `Unknown MCP action: "${action}". Use: /mcp status, /mcp servers, /mcp reconnect <name>`,
};
}
}
}

2
apps/gateway/src/commands/command-registry.service.spec.ts
View File

@@ -1,6 +1,6 @@
import { describe, it, expect, beforeEach } from 'vitest';
import { CommandRegistryService } from './command-registry.service.js';
import type { CommandDef } from '@mosaicstack/types';
import type { CommandDef } from '@mosaic/types';
const mockCmd: CommandDef = {
name: 'test',

19
apps/gateway/src/commands/command-registry.service.ts
View File

@@ -1,5 +1,5 @@
import { Injectable, type OnModuleInit } from '@nestjs/common';
import type { CommandDef, CommandManifest } from '@mosaicstack/types';
import type { CommandDef, CommandManifest } from '@mosaic/types';
@Injectable()
export class CommandRegistryService implements OnModuleInit {
@@ -260,23 +260,6 @@ export class CommandRegistryService implements OnModuleInit {
execution: 'socket',
available: true,
},
{
name: 'mcp',
description: 'Manage MCP server connections (status/reconnect/servers)',
aliases: [],
args: [
{
name: 'action',
type: 'enum',
optional: true,
values: ['status', 'reconnect', 'servers'],
description: 'Action: status (default), reconnect <name>, servers',
},
],
scope: 'agent',
execution: 'socket',
available: true,
},
{
name: 'reload',
description: 'Soft-reload gateway plugins and command manifest (admin)',

12
apps/gateway/src/commands/commands.integration.spec.ts
View File

@@ -13,7 +13,7 @@
import { describe, it, expect, vi, beforeEach } from 'vitest';
import { CommandRegistryService } from './command-registry.service.js';
import { CommandExecutorService } from './command-executor.service.js';
import type { SlashCommandPayload } from '@mosaicstack/types';
import type { SlashCommandPayload } from '@mosaic/types';
// ─── Mocks ───────────────────────────────────────────────────────────────────
@@ -39,14 +39,6 @@ const mockRedis = {
keys: vi.fn().mockResolvedValue([]),
};
const mockBrain = {
agents: {
findByName: vi.fn().mockResolvedValue(undefined),
findById: vi.fn().mockResolvedValue(undefined),
create: vi.fn(),
},
};
// ─── Helpers ─────────────────────────────────────────────────────────────────
function buildRegistry(): CommandRegistryService {
@@ -62,10 +54,8 @@ function buildExecutor(registry: CommandRegistryService): CommandExecutorService
mockSystemOverride as never,
mockSessionGC as never,
mockRedis as never,
mockBrain as never,
null, // reloadService (optional)
null, // chatGateway (optional)
null, // mcpClient (optional)
);
}

2
apps/gateway/src/commands/commands.module.ts
View File

@@ -1,5 +1,5 @@
import { forwardRef, Inject, Module, type OnApplicationShutdown } from '@nestjs/common';
import { createQueue, type QueueHandle } from '@mosaicstack/queue';
import { createQueue, type QueueHandle } from '@mosaic/queue';
import { ChatModule } from '../chat/chat.module.js';
import { GCModule } from '../gc/gc.module.js';
import { ReloadModule } from '../reload/reload.module.js';

16
apps/gateway/src/config/config.module.ts
View File

@@ -1,16 +0,0 @@
import { Global, Module } from '@nestjs/common';
import { loadConfig, type MosaicConfig } from '@mosaicstack/config';
export const MOSAIC_CONFIG = 'MOSAIC_CONFIG';
@Global()
@Module({
providers: [
{
provide: MOSAIC_CONFIG,
useFactory: (): MosaicConfig => loadConfig(),
},
],
exports: [MOSAIC_CONFIG],
})
export class ConfigModule {}

2
apps/gateway/src/conversations/conversations.controller.ts
View File

@@ -15,7 +15,7 @@ import {
Query,
UseGuards,
} from '@nestjs/common';
import type { Brain } from '@mosaicstack/brain';
import type { Brain } from '@mosaic/brain';
import { BRAIN } from '../brain/brain.tokens.js';
import { AuthGuard } from '../auth/auth.guard.js';
import { CurrentUser } from '../auth/current-user.decorator.js';

2
apps/gateway/src/coord/coord.service.ts
View File

@@ -8,7 +8,7 @@ import {
type MissionStatusSummary,
type MissionTask,
type TaskDetail,
} from '@mosaicstack/coord';
} from '@mosaic/coord';
import { promises as fs } from 'node:fs';
import path from 'node:path';

33
apps/gateway/src/database/database.module.ts
View File

@@ -1,51 +1,28 @@
import { mkdirSync } from 'node:fs';
import { homedir } from 'node:os';
import { join } from 'node:path';
import { Global, Inject, Module, type OnApplicationShutdown } from '@nestjs/common';
import { createDb, createPgliteDb, type Db, type DbHandle } from '@mosaicstack/db';
import { createStorageAdapter, type StorageAdapter } from '@mosaicstack/storage';
import type { MosaicConfig } from '@mosaicstack/config';
import { MOSAIC_CONFIG } from '../config/config.module.js';
import { createDb, type Db, type DbHandle } from '@mosaic/db';
export const DB_HANDLE = 'DB_HANDLE';
export const DB = 'DB';
export const STORAGE_ADAPTER = 'STORAGE_ADAPTER';
@Global()
@Module({
providers: [
{
provide: DB_HANDLE,
useFactory: (config: MosaicConfig): DbHandle => {
if (config.tier === 'local') {
const dataDir = join(homedir(), '.config', 'mosaic', 'gateway', 'pglite');
mkdirSync(dataDir, { recursive: true });
return createPgliteDb(dataDir);
}
return createDb(config.storage.type === 'postgres' ? config.storage.url : undefined);
},
inject: [MOSAIC_CONFIG],
useFactory: (): DbHandle => createDb(),
},
{
provide: DB,
useFactory: (handle: DbHandle): Db => handle.db,
inject: [DB_HANDLE],
},
{
provide: STORAGE_ADAPTER,
useFactory: (config: MosaicConfig): StorageAdapter => createStorageAdapter(config.storage),
inject: [MOSAIC_CONFIG],
},
],
exports: [DB, STORAGE_ADAPTER],
exports: [DB],
})
export class DatabaseModule implements OnApplicationShutdown {
constructor(
@Inject(DB_HANDLE) private readonly handle: DbHandle,
@Inject(STORAGE_ADAPTER) private readonly storageAdapter: StorageAdapter,
) {}
constructor(@Inject(DB_HANDLE) private readonly handle: DbHandle) {}
async onApplicationShutdown(): Promise<void> {
await Promise.all([this.handle.close(), this.storageAdapter.close()]);
await this.handle.close();
}
}

2
apps/gateway/src/gc/gc.module.ts
View File

@@ -1,5 +1,5 @@
import { Module, type OnApplicationShutdown, Inject } from '@nestjs/common';
import { createQueue, type QueueHandle } from '@mosaicstack/queue';
import { createQueue, type QueueHandle } from '@mosaic/queue';
import { SessionGCService } from './session-gc.service.js';
import { REDIS } from './gc.tokens.js';

4
apps/gateway/src/gc/session-gc.service.spec.ts
View File

@@ -1,7 +1,7 @@
import { describe, it, expect, vi, beforeEach } from 'vitest';
import { Logger } from '@nestjs/common';
import type { QueueHandle } from '@mosaicstack/queue';
import type { LogService } from '@mosaicstack/log';
import type { QueueHandle } from '@mosaic/queue';
import type { LogService } from '@mosaic/log';
import { SessionGCService } from './session-gc.service.js';
type MockRedis = {

4
apps/gateway/src/gc/session-gc.service.ts
View File

@@ -1,6 +1,6 @@
import { Inject, Injectable, Logger, type OnModuleInit } from '@nestjs/common';
import type { QueueHandle } from '@mosaicstack/queue';
import type { LogService } from '@mosaicstack/log';
import type { QueueHandle } from '@mosaic/queue';
import type { LogService } from '@mosaic/log';
import { LOG_SERVICE } from '../log/log.tokens.js';
import { REDIS } from './gc.tokens.js';

71
apps/gateway/src/log/cron.service.ts
View File

@@ -5,72 +5,59 @@ import {
type OnModuleInit,
type OnModuleDestroy,
} from '@nestjs/common';
import cron from 'node-cron';
import { SummarizationService } from './summarization.service.js';
import { SessionGCService } from '../gc/session-gc.service.js';
import {
QueueService,
QUEUE_SUMMARIZATION,
QUEUE_GC,
QUEUE_TIER_MANAGEMENT,
} from '../queue/queue.service.js';
import type { Worker } from 'bullmq';
import type { MosaicJobData } from '../queue/queue.service.js';
@Injectable()
export class CronService implements OnModuleInit, OnModuleDestroy {
private readonly logger = new Logger(CronService.name);
private readonly registeredWorkers: Worker<MosaicJobData>[] = [];
private readonly tasks: cron.ScheduledTask[] = [];
constructor(
@Inject(SummarizationService) private readonly summarization: SummarizationService,
@Inject(SessionGCService) private readonly sessionGC: SessionGCService,
@Inject(QueueService) private readonly queueService: QueueService,
) {}
async onModuleInit(): Promise<void> {
onModuleInit(): void {
const summarizationSchedule = process.env['SUMMARIZATION_CRON'] ?? '0 */6 * * *'; // every 6 hours
const tierManagementSchedule = process.env['TIER_MANAGEMENT_CRON'] ?? '0 3 * * *'; // daily at 3am
const gcSchedule = process.env['SESSION_GC_CRON'] ?? '0 4 * * *'; // daily at 4am
// M6-003: Summarization repeatable job
await this.queueService.addRepeatableJob(
QUEUE_SUMMARIZATION,
'summarization',
{},
summarizationSchedule,
this.tasks.push(
cron.schedule(summarizationSchedule, () => {
this.summarization.runSummarization().catch((err) => {
this.logger.error(`Scheduled summarization failed: ${err}`);
});
}),
);
const summarizationWorker = this.queueService.registerWorker(QUEUE_SUMMARIZATION, async () => {
await this.summarization.runSummarization();
});
this.registeredWorkers.push(summarizationWorker);
// M6-005: Tier management repeatable job
await this.queueService.addRepeatableJob(
QUEUE_TIER_MANAGEMENT,
'tier-management',
{},
tierManagementSchedule,
this.tasks.push(
cron.schedule(tierManagementSchedule, () => {
this.summarization.runTierManagement().catch((err) => {
this.logger.error(`Scheduled tier management failed: ${err}`);
});
}),
);
const tierWorker = this.queueService.registerWorker(QUEUE_TIER_MANAGEMENT, async () => {
await this.summarization.runTierManagement();
});
this.registeredWorkers.push(tierWorker);
// M6-004: GC repeatable job
await this.queueService.addRepeatableJob(QUEUE_GC, 'session-gc', {}, gcSchedule);
const gcWorker = this.queueService.registerWorker(QUEUE_GC, async () => {
await this.sessionGC.sweepOrphans();
});
this.registeredWorkers.push(gcWorker);
this.tasks.push(
cron.schedule(gcSchedule, () => {
this.sessionGC.sweepOrphans().catch((err) => {
this.logger.error(`Session GC sweep failed: ${err}`);
});
}),
);
this.logger.log(
`BullMQ jobs scheduled: summarization="${summarizationSchedule}", tier="${tierManagementSchedule}", gc="${gcSchedule}"`,
`Cron scheduled: summarization="${summarizationSchedule}", tier="${tierManagementSchedule}", gc="${gcSchedule}"`,
);
}
async onModuleDestroy(): Promise<void> {
// Workers are closed by QueueService.onModuleDestroy — nothing extra needed here.
this.registeredWorkers.length = 0;
this.logger.log('CronService destroyed (workers managed by QueueService)');
onModuleDestroy(): void {
for (const task of this.tasks) {
task.stop();
}
this.tasks.length = 0;
this.logger.log('Cron tasks stopped');
}
}

2
apps/gateway/src/log/log.controller.ts
View File

@@ -1,5 +1,5 @@
import { Body, Controller, Get, Inject, Param, Post, Query, UseGuards } from '@nestjs/common';
import type { LogService } from '@mosaicstack/log';
import type { LogService } from '@mosaic/log';
import { LOG_SERVICE } from './log.tokens.js';
import { AuthGuard } from '../auth/auth.guard.js';
import type { IngestLogDto, QueryLogsDto } from './log.dto.js';

7
apps/gateway/src/log/log.module.ts
View File

@@ -1,17 +1,16 @@
import { Global, Module } from '@nestjs/common';
import { createLogService, type LogService } from '@mosaicstack/log';
import type { Db } from '@mosaicstack/db';
import { createLogService, type LogService } from '@mosaic/log';
import type { Db } from '@mosaic/db';
import { DB } from '../database/database.module.js';
import { LOG_SERVICE } from './log.tokens.js';
import { LogController } from './log.controller.js';
import { SummarizationService } from './summarization.service.js';
import { CronService } from './cron.service.js';
import { GCModule } from '../gc/gc.module.js';
import { QueueModule } from '../queue/queue.module.js';
@Global()
@Module({
imports: [GCModule, QueueModule],
imports: [GCModule],
providers: [
{
provide: LOG_SERVICE,

8
apps/gateway/src/log/summarization.service.ts
View File

@@ -1,11 +1,11 @@
import { Inject, Injectable, Logger } from '@nestjs/common';
import type { LogService } from '@mosaicstack/log';
import type { Memory } from '@mosaicstack/memory';
import type { LogService } from '@mosaic/log';
import type { Memory } from '@mosaic/memory';
import { LOG_SERVICE } from './log.tokens.js';
import { MEMORY } from '../memory/memory.tokens.js';
import { EmbeddingService } from '../memory/embedding.service.js';
import type { Db } from '@mosaicstack/db';
import { sql, summarizationJobs } from '@mosaicstack/db';
import type { Db } from '@mosaic/db';
import { sql, summarizationJobs } from '@mosaic/db';
import { DB } from '../database/database.module.js';
const SUMMARIZATION_PROMPT = `You are a knowledge extraction assistant. Given the following agent interaction logs, extract the key decisions, learnings, and patterns. Output a concise summary (2-4 sentences) that captures the most important information for future reference. Focus on actionable insights, not raw events.

14
apps/gateway/src/main.ts
View File

@@ -1,13 +1,5 @@
#!/usr/bin/env node
import { config } from 'dotenv';
import { existsSync } from 'node:fs';
import { resolve, join } from 'node:path';
import { homedir } from 'node:os';
// Load .env from daemon config dir (global install / daemon mode).
// Loaded first so monorepo .env can override for local dev.
const daemonEnv = join(homedir(), '.config', 'mosaic', 'gateway', '.env');
if (existsSync(daemonEnv)) config({ path: daemonEnv });
import { resolve } from 'node:path';
// Load .env from monorepo root (cwd is apps/gateway when run via pnpm filter)
config({ path: resolve(process.cwd(), '../../.env') });
@@ -19,7 +11,7 @@ import { NestFactory } from '@nestjs/core';
import { Logger, ValidationPipe } from '@nestjs/common';
import { FastifyAdapter, type NestFastifyApplication } from '@nestjs/platform-fastify';
import helmet from '@fastify/helmet';
import { listSsoStartupWarnings } from '@mosaicstack/auth';
import { listSsoStartupWarnings } from '@mosaic/auth';
import { AppModule } from './app.module.js';
import { mountAuthHandler } from './auth/auth.controller.js';
import { mountMcpHandler } from './mcp/mcp.controller.js';
@@ -59,7 +51,7 @@ async function bootstrap(): Promise<void> {
mountAuthHandler(app);
mountMcpHandler(app, app.get(McpService));
const port = Number(process.env['GATEWAY_PORT'] ?? 14242);
const port = Number(process.env['GATEWAY_PORT'] ?? 4000);
await app.listen(port, '0.0.0.0');
logger.log(`Gateway listening on port ${port}`);
}

2
apps/gateway/src/mcp/mcp.controller.ts
View File

@@ -1,7 +1,7 @@
import type { IncomingMessage, ServerResponse } from 'node:http';
import { Logger } from '@nestjs/common';
import { fromNodeHeaders } from 'better-auth/node';
import type { Auth } from '@mosaicstack/auth';
import type { Auth } from '@mosaic/auth';
import type { NestFastifyApplication } from '@nestjs/platform-fastify';
import type { McpService } from './mcp.service.js';
import { AUTH } from '../auth/auth.tokens.js';

4
apps/gateway/src/mcp/mcp.service.ts
View File

@@ -3,8 +3,8 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
import { randomUUID } from 'node:crypto';
import { z } from 'zod';
import type { Brain } from '@mosaicstack/brain';
import type { Memory } from '@mosaicstack/memory';
import type { Brain } from '@mosaic/brain';
import type { Memory } from '@mosaic/memory';
import { BRAIN } from '../brain/brain.tokens.js';
import { MEMORY } from '../memory/memory.tokens.js';
import { EmbeddingService } from '../memory/embedding.service.js';

2
apps/gateway/src/memory/embedding.service.ts
View File

@@ -1,5 +1,5 @@
import { Injectable, Logger } from '@nestjs/common';
import type { EmbeddingProvider } from '@mosaicstack/memory';
import type { EmbeddingProvider } from '@mosaic/memory';
// ---------------------------------------------------------------------------
// Environment-driven configuration

2
apps/gateway/src/memory/memory.controller.ts
View File

@@ -12,7 +12,7 @@ import {
Query,
UseGuards,
} from '@nestjs/common';
import type { Memory } from '@mosaicstack/memory';
import type { Memory } from '@mosaic/memory';
import { MEMORY } from './memory.tokens.js';
import { AuthGuard } from '../auth/auth.guard.js';
import { CurrentUser } from '../auth/current-user.decorator.js';

32
apps/gateway/src/memory/memory.module.ts
View File

@@ -1,29 +1,11 @@
import { Global, Module } from '@nestjs/common';
import {
createMemory,
type Memory,
createMemoryAdapter,
type MemoryAdapter,
type MemoryConfig,
} from '@mosaicstack/memory';
import type { Db } from '@mosaicstack/db';
import type { StorageAdapter } from '@mosaicstack/storage';
import type { MosaicConfig } from '@mosaicstack/config';
import { MOSAIC_CONFIG } from '../config/config.module.js';
import { DB, STORAGE_ADAPTER } from '../database/database.module.js';
import { createMemory, type Memory } from '@mosaic/memory';
import type { Db } from '@mosaic/db';
import { DB } from '../database/database.module.js';
import { MEMORY } from './memory.tokens.js';
import { MemoryController } from './memory.controller.js';
import { EmbeddingService } from './embedding.service.js';
export const MEMORY_ADAPTER = 'MEMORY_ADAPTER';
function buildMemoryConfig(config: MosaicConfig, storageAdapter: StorageAdapter): MemoryConfig {
if (config.memory.type === 'keyword') {
return { type: 'keyword', storage: storageAdapter };
}
return { type: config.memory.type };
}
@Global()
@Module({
providers: [
@@ -32,15 +14,9 @@ function buildMemoryConfig(config: MosaicConfig, storageAdapter: StorageAdapter)
useFactory: (db: Db): Memory => createMemory(db),
inject: [DB],
},
{
provide: MEMORY_ADAPTER,
useFactory: (config: MosaicConfig, storageAdapter: StorageAdapter): MemoryAdapter =>
createMemoryAdapter(buildMemoryConfig(config, storageAdapter)),
inject: [MOSAIC_CONFIG, STORAGE_ADAPTER],
},
EmbeddingService,
],
controllers: [MemoryController],
exports: [MEMORY, MEMORY_ADAPTER, EmbeddingService],
exports: [MEMORY, EmbeddingService],
})
export class MemoryModule {}

2
apps/gateway/src/missions/missions.controller.ts
View File

@@ -12,7 +12,7 @@ import {
Post,
UseGuards,
} from '@nestjs/common';
import type { Brain } from '@mosaicstack/brain';
import type { Brain } from '@mosaic/brain';
import { BRAIN } from '../brain/brain.tokens.js';
import { AuthGuard } from '../auth/auth.guard.js';
import { CurrentUser } from '../auth/current-user.decorator.js';

6
apps/gateway/src/plugin/plugin.module.ts
View File

@@ -6,8 +6,8 @@ import {
type OnModuleDestroy,
type OnModuleInit,
} from '@nestjs/common';
import { DiscordPlugin } from '@mosaicstack/discord-plugin';
import { TelegramPlugin } from '@mosaicstack/telegram-plugin';
import { DiscordPlugin } from '@mosaic/discord-plugin';
import { TelegramPlugin } from '@mosaic/telegram-plugin';
import { PluginService } from './plugin.service.js';
import type { IChannelPlugin } from './plugin.interface.js';
import { PLUGIN_REGISTRY } from './plugin.tokens.js';
@@ -48,7 +48,7 @@ class TelegramChannelPluginAdapter implements IChannelPlugin {
}
}
const DEFAULT_GATEWAY_URL = 'http://localhost:14242';
const DEFAULT_GATEWAY_URL = 'http://localhost:4000';
function createPluginRegistry(): IChannelPlugin[] {
const plugins: IChannelPlugin[] = [];

2
apps/gateway/src/preferences/preferences.service.spec.ts
View File

@@ -1,6 +1,6 @@
import { describe, it, expect, vi } from 'vitest';
import { PreferencesService, PLATFORM_DEFAULTS, IMMUTABLE_KEYS } from './preferences.service.js';
import type { Db } from '@mosaicstack/db';
import type { Db } from '@mosaic/db';
/**
* Build a mock Drizzle DB where the select chain supports:

2
apps/gateway/src/preferences/preferences.service.ts
View File

@@ -1,5 +1,5 @@
import { Inject, Injectable, Logger } from '@nestjs/common';
import { eq, and, sql, type Db, preferences as preferencesTable } from '@mosaicstack/db';
import { eq, and, sql, type Db, preferences as preferencesTable } from '@mosaic/db';
import { DB } from '../database/database.module.js';
export const PLATFORM_DEFAULTS: Record<string, unknown> = {

2
apps/gateway/src/preferences/system-override.service.ts
View File

@@ -1,5 +1,5 @@
import { Injectable, Logger } from '@nestjs/common';
import { createQueue, type QueueHandle } from '@mosaicstack/queue';
import { createQueue, type QueueHandle } from '@mosaic/queue';
const SESSION_SYSTEM_KEY = (sessionId: string) => `mosaic:session:${sessionId}:system`;
const SESSION_SYSTEM_FRAGMENTS_KEY = (sessionId: string) =>

2
apps/gateway/src/projects/projects.controller.ts
View File

@@ -13,7 +13,7 @@ import {
Post,
UseGuards,
} from '@nestjs/common';
import type { Brain } from '@mosaicstack/brain';
import type { Brain } from '@mosaic/brain';
import { BRAIN } from '../brain/brain.tokens.js';
import { AuthGuard } from '../auth/auth.guard.js';
import { CurrentUser } from '../auth/current-user.decorator.js';

34
apps/gateway/src/queue/queue-admin.dto.ts
View File

@@ -1,34 +0,0 @@
export type JobStatus = 'active' | 'completed' | 'failed' | 'waiting' | 'delayed';
export interface JobDto {
id: string;
name: string;
queue: string;
status: JobStatus;
attempts: number;
maxAttempts: number;
createdAt?: string;
processedAt?: string;
finishedAt?: string;
failedReason?: string;
data: Record<string, unknown>;
}
export interface JobListDto {
jobs: JobDto[];
total: number;
}
export interface QueueStatusDto {
name: string;
waiting: number;
active: number;
completed: number;
failed: number;
delayed: number;
paused: boolean;
}
export interface QueueListDto {
queues: QueueStatusDto[];
}

21
apps/gateway/src/queue/queue.module.ts
View File

@@ -1,21 +0,0 @@
import { Global, Module } from '@nestjs/common';
import { createQueueAdapter, type QueueAdapter } from '@mosaicstack/queue';
import type { MosaicConfig } from '@mosaicstack/config';
import { MOSAIC_CONFIG } from '../config/config.module.js';
import { QueueService } from './queue.service.js';
export const QUEUE_ADAPTER = 'QUEUE_ADAPTER';
@Global()
@Module({
providers: [
QueueService,
{
provide: QUEUE_ADAPTER,
useFactory: (config: MosaicConfig): QueueAdapter => createQueueAdapter(config.queue),
inject: [MOSAIC_CONFIG],
},
],
exports: [QueueService, QUEUE_ADAPTER],
})
export class QueueModule {}

412
apps/gateway/src/queue/queue.service.ts
View File

@@ -1,412 +0,0 @@
import {
Inject,
Injectable,
Logger,
Optional,
type OnModuleInit,
type OnModuleDestroy,
} from '@nestjs/common';
import { Queue, Worker, type Job, type ConnectionOptions } from 'bullmq';
import type { LogService } from '@mosaicstack/log';
import { LOG_SERVICE } from '../log/log.tokens.js';
import type { JobDto, JobStatus } from './queue-admin.dto.js';
// ---------------------------------------------------------------------------
// Typed job definitions
// ---------------------------------------------------------------------------
export interface SummarizationJobData {
triggeredBy?: string;
}
export interface GCJobData {
triggeredBy?: string;
}
export interface TierManagementJobData {
triggeredBy?: string;
}
export type MosaicJobData = SummarizationJobData | GCJobData | TierManagementJobData;
// ---------------------------------------------------------------------------
// Queue health status
// ---------------------------------------------------------------------------
export interface QueueHealthStatus {
queues: Record<
string,
{
waiting: number;
active: number;
failed: number;
completed: number;
paused: boolean;
}
>;
healthy: boolean;
}
// ---------------------------------------------------------------------------
// Constants
// ---------------------------------------------------------------------------
export const QUEUE_SUMMARIZATION = 'mosaic-summarization';
export const QUEUE_GC = 'mosaic-gc';
export const QUEUE_TIER_MANAGEMENT = 'mosaic-tier-management';
const DEFAULT_VALKEY_URL = 'redis://localhost:6380';
/**
* Parse a Redis URL string into a BullMQ-compatible ConnectionOptions object.
*
* BullMQ v5 does `Object.assign({ port: 6379, host: '127.0.0.1' }, opts)` in
* its RedisConnection constructor. If opts is a URL string, Object.assign only
* copies character-index properties and the defaults survive — so 6379 wins.
* We must parse the URL ourselves and return a plain RedisOptions object.
*/
function getConnection(): ConnectionOptions {
const url = process.env['VALKEY_URL'] ?? DEFAULT_VALKEY_URL;
try {
const parsed = new URL(url);
const opts: ConnectionOptions = {
host: parsed.hostname || '127.0.0.1',
port: parsed.port ? parseInt(parsed.port, 10) : 6380,
};
if (parsed.password) {
(opts as Record<string, unknown>)['password'] = decodeURIComponent(parsed.password);
}
if (parsed.pathname && parsed.pathname.length > 1) {
const db = parseInt(parsed.pathname.slice(1), 10);
if (!isNaN(db)) {
(opts as Record<string, unknown>)['db'] = db;
}
}
return opts;
} catch {
// Fallback: hope the value is already a host string ioredis understands
return { host: '127.0.0.1', port: 6380 } as ConnectionOptions;
}
}
// ---------------------------------------------------------------------------
// Job handler type
// ---------------------------------------------------------------------------
export type JobHandler<T = MosaicJobData> = (job: Job<T>) => Promise<void>;
/** System session ID used for job-event log entries (no real user session). */
const SYSTEM_SESSION_ID = 'system';
// ---------------------------------------------------------------------------
// QueueService
// ---------------------------------------------------------------------------
@Injectable()
export class QueueService implements OnModuleInit, OnModuleDestroy {
private readonly logger = new Logger(QueueService.name);
private readonly connection: ConnectionOptions;
private readonly queues = new Map<string, Queue<MosaicJobData>>();
private readonly workers = new Map<string, Worker<MosaicJobData>>();
constructor(
@Optional()
@Inject(LOG_SERVICE)
private readonly logService: LogService | null,
) {
this.connection = getConnection();
}
onModuleInit(): void {
this.logger.log('QueueService initialised (BullMQ)');
}
async onModuleDestroy(): Promise<void> {
await this.closeAll();
}
// -------------------------------------------------------------------------
// Queue helpers
// -------------------------------------------------------------------------
/**
* Get or create a BullMQ Queue for the given queue name.
*/
getQueue<T extends MosaicJobData = MosaicJobData>(name: string): Queue<T> {
let queue = this.queues.get(name) as Queue<T> | undefined;
if (!queue) {
queue = new Queue<T>(name, { connection: this.connection });
this.queues.set(name, queue as unknown as Queue<MosaicJobData>);
}
return queue;
}
/**
* Add a BullMQ repeatable job (cron-style).
* Uses `jobId` as a deterministic key so duplicate registrations are idempotent.
*/
async addRepeatableJob<T extends MosaicJobData>(
queueName: string,
jobName: string,
data: T,
cronExpression: string,
): Promise<void> {
const queue = this.getQueue<T>(queueName);
// eslint-disable-next-line @typescript-eslint/no-explicit-any
await (queue as Queue<any>).add(jobName, data, {
repeat: { pattern: cronExpression },
jobId: `${queueName}:${jobName}:repeatable`,
});
this.logger.log(
`Repeatable job "${jobName}" registered on "${queueName}" (cron: ${cronExpression})`,
);
}
/**
* Register a Worker for the given queue name with error handling and
* exponential backoff.
*/
registerWorker<T extends MosaicJobData>(queueName: string, handler: JobHandler<T>): Worker<T> {
const worker = new Worker<T>(
queueName,
async (job) => {
this.logger.debug(`Processing job "${job.name}" (id=${job.id}) on queue "${queueName}"`);
await this.logJobEvent(
queueName,
job.name,
job.id ?? 'unknown',
'started',
job.attemptsMade + 1,
);
await handler(job);
},
{
connection: this.connection,
// Exponential backoff: base 5s, factor 2, max 5 attempts
settings: {
backoffStrategy: (attemptsMade: number) => {
return Math.min(5000 * Math.pow(2, attemptsMade - 1), 60_000);
},
},
},
);
worker.on('completed', (job) => {
this.logger.log(`Job "${job.name}" (id=${job.id}) completed on queue "${queueName}"`);
this.logJobEvent(
queueName,
job.name,
job.id ?? 'unknown',
'completed',
job.attemptsMade,
).catch((err) => this.logger.warn(`Failed to write completed job log: ${String(err)}`));
});
worker.on('failed', (job, err) => {
const errMsg = err instanceof Error ? err.message : String(err);
this.logger.error(
`Job "${job?.name ?? 'unknown'}" (id=${job?.id ?? 'unknown'}) failed on queue "${queueName}": ${errMsg}`,
);
this.logJobEvent(
queueName,
job?.name ?? 'unknown',
job?.id ?? 'unknown',
'failed',
job?.attemptsMade ?? 0,
errMsg,
).catch((e) => this.logger.warn(`Failed to write failed job log: ${String(e)}`));
});
this.workers.set(queueName, worker as unknown as Worker<MosaicJobData>);
return worker;
}
/**
* Return queue health statistics for all managed queues.
*/
async getHealthStatus(): Promise<QueueHealthStatus> {
const queues: QueueHealthStatus['queues'] = {};
let healthy = true;
for (const [name, queue] of this.queues) {
try {
const [waiting, active, failed, completed, paused] = await Promise.all([
queue.getWaitingCount(),
queue.getActiveCount(),
queue.getFailedCount(),
queue.getCompletedCount(),
queue.isPaused(),
]);
queues[name] = { waiting, active, failed, completed, paused };
} catch (err) {
this.logger.error(`Failed to fetch health for queue "${name}": ${err}`);
healthy = false;
queues[name] = { waiting: 0, active: 0, failed: 0, completed: 0, paused: false };
}
}
return { queues, healthy };
}
// -------------------------------------------------------------------------
// Admin API helpers (M6-006)
// -------------------------------------------------------------------------
/**
* List jobs across all managed queues, optionally filtered by status.
* BullMQ jobs are fetched by state type from each queue.
*/
async listJobs(status?: JobStatus): Promise<JobDto[]> {
const jobs: JobDto[] = [];
const states: JobStatus[] = status
? [status]
: ['active', 'completed', 'failed', 'waiting', 'delayed'];
for (const [queueName, queue] of this.queues) {
try {
for (const state of states) {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const raw = await (queue as Queue<any>).getJobs([state as any]);
for (const j of raw) {
jobs.push(this.toJobDto(queueName, j, state));
}
}
} catch (err) {
this.logger.warn(`Failed to list jobs for queue "${queueName}": ${String(err)}`);
}
}
return jobs;
}
/**
* Retry a specific failed job by its BullMQ job ID (format: "queueName:id").
* The caller passes "<queueName>__<jobId>" as the composite ID because BullMQ
* job IDs are not globally unique — they are scoped to their queue.
*/
async retryJob(compositeId: string): Promise<{ ok: boolean; message: string }> {
const sep = compositeId.lastIndexOf('__');
if (sep === -1) {
return { ok: false, message: 'Invalid job id format. Expected "<queue>__<jobId>".' };
}
const queueName = compositeId.slice(0, sep);
const jobId = compositeId.slice(sep + 2);
const queue = this.queues.get(queueName);
if (!queue) {
return { ok: false, message: `Queue "${queueName}" not found.` };
}
const job = await queue.getJob(jobId);
if (!job) {
return { ok: false, message: `Job "${jobId}" not found in queue "${queueName}".` };
}
const state = await job.getState();
if (state !== 'failed') {
return { ok: false, message: `Job "${jobId}" is not in failed state (current: ${state}).` };
}
await job.retry('failed');
await this.logJobEvent(queueName, job.name, jobId, 'retried', (job.attemptsMade ?? 0) + 1);
return { ok: true, message: `Job "${jobId}" on queue "${queueName}" queued for retry.` };
}
/**
* Pause a queue by name.
*/
async pauseQueue(name: string): Promise<{ ok: boolean; message: string }> {
const queue = this.queues.get(name);
if (!queue) return { ok: false, message: `Queue "${name}" not found.` };
await queue.pause();
this.logger.log(`Queue paused: ${name}`);
return { ok: true, message: `Queue "${name}" paused.` };
}
/**
* Resume a paused queue by name.
*/
async resumeQueue(name: string): Promise<{ ok: boolean; message: string }> {
const queue = this.queues.get(name);
if (!queue) return { ok: false, message: `Queue "${name}" not found.` };
await queue.resume();
this.logger.log(`Queue resumed: ${name}`);
return { ok: true, message: `Queue "${name}" resumed.` };
}
private toJobDto(queueName: string, job: Job<MosaicJobData>, status: JobStatus): JobDto {
return {
id: `${queueName}__${job.id ?? 'unknown'}`,
name: job.name,
queue: queueName,
status,
attempts: job.attemptsMade,
maxAttempts: job.opts?.attempts ?? 1,
createdAt: job.timestamp ? new Date(job.timestamp).toISOString() : undefined,
processedAt: job.processedOn ? new Date(job.processedOn).toISOString() : undefined,
finishedAt: job.finishedOn ? new Date(job.finishedOn).toISOString() : undefined,
failedReason: job.failedReason,
data: (job.data as Record<string, unknown>) ?? {},
};
}
// -------------------------------------------------------------------------
// Job event logging (M6-007)
// -------------------------------------------------------------------------
/** Write a log entry to agent_logs for BullMQ job lifecycle events. */
private async logJobEvent(
queueName: string,
jobName: string,
jobId: string,
event: 'started' | 'completed' | 'retried' | 'failed',
attempts: number,
errorMessage?: string,
): Promise<void> {
if (!this.logService) return;
const level = event === 'failed' ? ('error' as const) : ('info' as const);
const content =
event === 'failed'
? `Job "${jobName}" (${jobId}) on queue "${queueName}" failed: ${errorMessage ?? 'unknown error'}`
: `Job "${jobName}" (${jobId}) on queue "${queueName}" ${event} (attempt ${attempts})`;
try {
await this.logService.logs.ingest({
sessionId: SYSTEM_SESSION_ID,
userId: 'system',
level,
category: 'general',
content,
metadata: {
jobId,
jobName,
queue: queueName,
event,
attempts,
...(errorMessage ? { errorMessage } : {}),
},
});
} catch (err) {
// Log errors must never crash job execution
this.logger.warn(`Failed to write job event log for job ${jobId}: ${String(err)}`);
}
}
// -------------------------------------------------------------------------
// Lifecycle
// -------------------------------------------------------------------------
private async closeAll(): Promise<void> {
const workerCloses = Array.from(this.workers.values()).map((w) =>
w.close().catch((err) => this.logger.error(`Worker close error: ${err}`)),
);
const queueCloses = Array.from(this.queues.values()).map((q) =>
q.close().catch((err) => this.logger.error(`Queue close error: ${err}`)),
);
await Promise.all([...workerCloses, ...queueCloses]);
this.workers.clear();
this.queues.clear();
this.logger.log('QueueService shut down');
}
}

2
apps/gateway/src/queue/queue.tokens.ts
View File

@@ -1,2 +0,0 @@
export const QUEUE_REDIS = 'QUEUE_REDIS';
export const QUEUE_SERVICE = 'QUEUE_SERVICE';

2
apps/gateway/src/reload/reload.controller.ts
View File

@@ -1,5 +1,5 @@
import { Controller, HttpCode, HttpStatus, Inject, Post, UseGuards } from '@nestjs/common';
import type { SystemReloadPayload } from '@mosaicstack/types';
import type { SystemReloadPayload } from '@mosaic/types';
import { AdminGuard } from '../admin/admin.guard.js';
import { ChatGateway } from '../chat/chat.gateway.js';
import { ReloadService } from './reload.service.js';

2
apps/gateway/src/reload/reload.service.ts
View File

@@ -5,7 +5,7 @@ import {
type OnApplicationBootstrap,
type OnApplicationShutdown,
} from '@nestjs/common';
import type { SystemReloadPayload } from '@mosaicstack/types';
import type { SystemReloadPayload } from '@mosaic/types';
import { CommandRegistryService } from '../commands/command-registry.service.js';
import { isMosaicPlugin } from './mosaic-plugin.interface.js';

2
apps/gateway/src/skills/skills.service.ts
View File

@@ -1,5 +1,5 @@
import { Inject, Injectable } from '@nestjs/common';
import { eq, type Db, skills } from '@mosaicstack/db';
import { eq, type Db, skills } from '@mosaic/db';
import { DB } from '../database/database.module.js';
type Skill = typeof skills.$inferSelect;

2
apps/gateway/src/tasks/tasks.controller.ts
View File

@@ -14,7 +14,7 @@ import {
Query,
UseGuards,
} from '@nestjs/common';
import type { Brain } from '@mosaicstack/brain';
import type { Brain } from '@mosaic/brain';
import { BRAIN } from '../brain/brain.tokens.js';
import { AuthGuard } from '../auth/auth.guard.js';
import { CurrentUser } from '../auth/current-user.decorator.js';

2
apps/gateway/src/workspace/project-bootstrap.service.ts
View File

@@ -1,5 +1,5 @@
import { Inject, Injectable, Logger } from '@nestjs/common';
import type { Brain } from '@mosaicstack/brain';
import type { Brain } from '@mosaic/brain';
import { BRAIN } from '../brain/brain.tokens.js';
import { PluginService } from '../plugin/plugin.service.js';
import { WorkspaceService } from './workspace.service.js';

Some files were not shown because too many files have changed in this diff Show More