feat: add exec host approvals flow

2026-01-18 04:27:33 +00:00
parent fa1079214b
commit efdb33c975
30 changed files with 2344 additions and 855 deletions
--- a/src/gateway/server-bridge-events.ts
+++ b/src/gateway/server-bridge-events.ts
@@ -3,6 +3,8 @@ import { normalizeChannelId } from "../channels/plugins/index.js";
 import { agentCommand } from "../commands/agent.js";
 import { loadConfig } from "../config/config.js";
 import { updateSessionStore } from "../config/sessions.js";
+import { requestHeartbeatNow } from "../infra/heartbeat-wake.js";
+import { enqueueSystemEvent } from "../infra/system-events.js";
 import { normalizeMainKey } from "../routing/session-key.js";
 import { defaultRuntime } from "../runtime.js";
 import type { BridgeEvent, BridgeHandlersContext } from "./server-bridge-types.js";
@@ -172,6 +174,47 @@ export const handleBridgeEvent = async (
      ctx.bridgeUnsubscribe(nodeId, sessionKey);
      return;
    }
+    case "exec.started":
+    case "exec.finished":
+    case "exec.denied": {
+      if (!evt.payloadJSON) return;
+      let payload: unknown;
+      try {
+        payload = JSON.parse(evt.payloadJSON) as unknown;
+      } catch {
+        return;
+      }
+      const obj =
+        typeof payload === "object" && payload !== null ? (payload as Record<string, unknown>) : {};
+      const sessionKey =
+        typeof obj.sessionKey === "string" ? obj.sessionKey.trim() : `node-${nodeId}`;
+      if (!sessionKey) return;
+      const runId = typeof obj.runId === "string" ? obj.runId.trim() : "";
+      const command = typeof obj.command === "string" ? obj.command.trim() : "";
+      const exitCode =
+        typeof obj.exitCode === "number" && Number.isFinite(obj.exitCode) ? obj.exitCode : undefined;
+      const timedOut = obj.timedOut === true;
+      const success = obj.success === true;
+      const output = typeof obj.output === "string" ? obj.output.trim() : "";
+      const reason = typeof obj.reason === "string" ? obj.reason.trim() : "";
+
+      let text = "";
+      if (evt.event === "exec.started") {
+        text = `Exec started (node=${nodeId}${runId ? ` id=${runId}` : ""})`;
+        if (command) text += `: ${command}`;
+      } else if (evt.event === "exec.finished") {
+        const exitLabel = timedOut ? "timeout" : `code ${exitCode ?? "?"}`;
+        text = `Exec finished (node=${nodeId}${runId ? ` id=${runId}` : ""}, ${exitLabel})`;
+        if (output) text += `\\n${output}`;
+      } else {
+        text = `Exec denied (node=${nodeId}${runId ? ` id=${runId}` : ""}${reason ? `, ${reason}` : ""})`;
+        if (command) text += `: ${command}`;
+      }
+
+      enqueueSystemEvent(text, { sessionKey, contextKey: runId ? `exec:${runId}` : "exec" });
+      requestHeartbeatNow({ reason: "exec-event" });
+      return;
+    }
    default:
      return;
  }