node-app-api 5.21.0

Shared types and C ABI definitions for the Node-App host API v1
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253

//! Shared types used by both native and scripted app loaders
//!
//! These types are serialized to JSON for IPC (Bun loader) and
//! converted to/from C representations for FFI (native loader).

use bitflags::bitflags;
use serde::{Deserialize, Serialize};
use std::collections::HashMap;

/// App metadata returned during initialization
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct NodeAppInfo {
    /// Human-readable app name (must be unique across installed apps)
    pub name: String,
    /// Semantic version string (e.g., "0.1.0")
    pub version: String,
    /// Author name or organization
    pub author: String,
    /// Brief description of the app's functionality
    pub description: String,
    /// Declared capabilities as string list (e.g., ["http_handler", "event_listener"])
    pub capabilities: Vec<String>,
}

impl NodeAppInfo {
    /// Parse capabilities strings into the Capabilities bitflag
    pub fn capability_flags(&self) -> Capabilities {
        let mut flags = Capabilities::empty();
        for cap in &self.capabilities {
            match cap.as_str() {
                "http_handler" => flags |= Capabilities::HTTP_HANDLER,
                "event_listener" => flags |= Capabilities::EVENT_LISTENER,
                "filesystem_read" => flags |= Capabilities::FILESYSTEM_READ,
                "filesystem_write" => flags |= Capabilities::FILESYSTEM_WRITE,
                "network_outbound" => flags |= Capabilities::NETWORK_OUTBOUND,
                "system_info" => flags |= Capabilities::SYSTEM_INFO,
                "capability_provider" => flags |= Capabilities::CAPABILITY_PROVIDER,
                _ => {
                    eprintln!("[node-app-api] Unknown capability '{}', ignoring", cap);
                }
            }
        }
        flags
    }
}

bitflags! {
    /// Capability flags declaring what an app can do
    #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
    pub struct Capabilities: u32 {
        /// App can handle proxied HTTP requests
        const HTTP_HANDLER     = 0b0000_0001;  // Bit 0
        /// App can receive domain events
        const EVENT_LISTENER   = 0b0000_0010;  // Bit 1
        /// App can read files from allowed paths
        const FILESYSTEM_READ  = 0b0000_0100;  // Bit 2
        /// App can write files to allowed paths
        const FILESYSTEM_WRITE = 0b0000_1000;  // Bit 3
        /// App can make outbound network requests
        const NETWORK_OUTBOUND = 0b0001_0000;  // Bit 4
        /// App can read system information (hostname, etc.)
        const SYSTEM_INFO      = 0b0010_0000;  // Bit 5
        /// App provides service capabilities to other apps
        const CAPABILITY_PROVIDER = 0b0100_0000;  // Bit 6
    }
}

impl Capabilities {
    /// Convert to a list of capability strings for API responses
    pub fn to_string_list(&self) -> Vec<String> {
        let mut list = Vec::new();
        if self.contains(Capabilities::HTTP_HANDLER) {
            list.push("http_handler".to_string());
        }
        if self.contains(Capabilities::EVENT_LISTENER) {
            list.push("event_listener".to_string());
        }
        if self.contains(Capabilities::FILESYSTEM_READ) {
            list.push("filesystem_read".to_string());
        }
        if self.contains(Capabilities::FILESYSTEM_WRITE) {
            list.push("filesystem_write".to_string());
        }
        if self.contains(Capabilities::NETWORK_OUTBOUND) {
            list.push("network_outbound".to_string());
        }
        if self.contains(Capabilities::SYSTEM_INFO) {
            list.push("system_info".to_string());
        }
        if self.contains(Capabilities::CAPABILITY_PROVIDER) {
            list.push("capability_provider".to_string());
        }
        list
    }

    /// Parse from integer (used for database storage)
    pub fn from_bits_safe(bits: u32) -> Self {
        Capabilities::from_bits_truncate(bits)
    }

    /// Convert capability string to Capabilities flag
    pub fn from_string(s: &str) -> Option<Self> {
        match s.to_lowercase().as_str() {
            "http_handler" => Some(Capabilities::HTTP_HANDLER),
            "event_listener" => Some(Capabilities::EVENT_LISTENER),
            "filesystem_read" => Some(Capabilities::FILESYSTEM_READ),
            "filesystem_write" => Some(Capabilities::FILESYSTEM_WRITE),
            "network_outbound" => Some(Capabilities::NETWORK_OUTBOUND),
            "system_info" => Some(Capabilities::SYSTEM_INFO),
            "capability_provider" => Some(Capabilities::CAPABILITY_PROVIDER),
            _ => None,
        }
    }

    /// Get all capability names as static strings
    pub fn all_capability_names() -> &'static [&'static str] {
        &[
            "http_handler",
            "event_listener",
            "filesystem_read",
            "filesystem_write",
            "network_outbound",
            "system_info",
            "capability_provider",
        ]
    }
}

/// Caller identity injected by the host proxy after JWT validation.
/// Only present on requests that came through the scoped-JWT proxy route.
/// Apps should trust this over any HTTP headers (headers are stripped by the proxy).
#[derive(Debug, Clone, Serialize, Deserialize, Default)]
pub struct CallerContext {
    /// The app name whose scoped JWT was used (always equals the receiving app's name)
    pub app_name: String,
    /// Permissions granted by the user at consent time and embedded in the scoped JWT
    pub granted_permissions: Vec<String>,
}

/// HTTP request forwarded to an app
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AppRequest {
    /// Unique request identifier for correlation
    pub id: String,
    /// HTTP method (GET, POST, PUT, DELETE, PATCH)
    pub method: String,
    /// Sub-path within the app (e.g., "/hello", "/stats")
    pub path: String,
    /// HTTP headers as key-value pairs (x-node-* headers are stripped by the proxy)
    pub headers: HashMap<String, String>,
    /// Request body as JSON value
    pub body: serde_json::Value,
    /// Caller identity set by the host proxy after scoped JWT validation.
    /// None for direct (non-proxy) requests such as internal capability calls.
    #[serde(default)]
    pub caller: Option<CallerContext>,
}

/// HTTP response from an app
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AppResponse {
    /// HTTP status code
    pub status: u16,
    /// Response headers
    pub headers: HashMap<String, String>,
    /// Response body as JSON value
    pub body: serde_json::Value,
}

/// Domain event forwarded to apps
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AppEvent {
    /// Event name (e.g., "payment_received", "channel_opened")
    pub name: String,
    /// Event data as JSON value
    pub data: serde_json::Value,
}

// ── Capability System Types (337-core-capability-registry) ──────────

/// A service capability request dispatched to a provider app.
/// Used for both FFI (serialized as JSON bytes) and IPC (serialized as JSON).
#[derive(Debug, Clone, Serialize, Deserialize, Default)]
pub struct CapabilityRequest {
    /// Request correlation ID (UUID)
    pub id: String,
    /// Target capability name (dot-notation, e.g., "terminal.create_session")
    pub capability: String,
    /// Request payload as JSON value
    pub payload: serde_json::Value,
    /// Optional per-capability timeout in milliseconds (falls back to 30s default)
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub timeout_ms: Option<u64>,
    // Distributed tracing fields (426-capability-tracing-visualization)
    /// Root trace ID grouping all spans in one logical invocation.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub trace_id: Option<String>,
    /// Span ID of the caller (used as parent_span_id in sub-invocations).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub span_id: Option<String>,
    /// Parent span ID for this invocation (None if root).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub parent_span_id: Option<String>,
    /// Current nesting depth (0 for root, max 16).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub trace_depth: Option<u8>,
}

/// Response from a provider app after handling a capability request.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CapabilityResponse {
    /// Correlation ID matching the request
    pub id: String,
    /// Whether the invocation succeeded
    pub success: bool,
    /// Response data (on success) or error details (on failure)
    pub payload: serde_json::Value,
}

/// Declaration of a service capability that an app provides.
/// Used in app manifests and registration APIs.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ProvidedCapability {
    /// Dot-notation capability name (e.g., "terminal.create_session")
    pub name: String,
    /// Human-readable description of what this capability does
    pub description: String,
    /// JSON Schema for request payload validation (None = no validation)
    #[serde(default)]
    pub request_schema: Option<serde_json::Value>,
    /// JSON Schema for response payload validation (None = no validation)
    #[serde(default)]
    pub response_schema: Option<serde_json::Value>,
    /// Provider priority (lower = preferred, default 100)
    #[serde(default = "default_capability_priority")]
    pub priority: i32,
    /// Example request payloads for developer documentation and testing
    #[serde(default)]
    pub examples: Vec<CapabilityExample>,
}

/// An example request payload for a capability.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CapabilityExample {
    /// Short label describing the example (e.g., "Insert a document")
    pub label: String,
    /// Example request payload
    pub request: serde_json::Value,
}

fn default_capability_priority() -> i32 {
    100
}