xcodeai 2.1.0

Autonomous AI coding agent — zero human intervention, sbox sandboxed, OpenAI-compatible
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397

// src/io/http.rs
//
// HttpIO — AgentIO implementation for the HTTP API (企业微信 / REST mode).
//
// ── Why this exists ───────────────────────────────────────────────────────────
// When xcodeai runs in HTTP server mode (`xcodeai serve`), the agent loop still
// needs to report tool calls, results, and status updates — but there's no
// terminal to write to.  Instead, we want to stream events to the HTTP client
// using Server-Sent Events (SSE).
//
// `HttpIO` bridges the gap: it implements `AgentIO` and converts every output
// call into an `SseEvent` message pushed onto a `tokio::sync::mpsc` channel.
// The HTTP route handler holds the receiving end of the channel and forwards
// events to the actual HTTP response stream.
//
// ── Channel design ────────────────────────────────────────────────────────────
//
//   HttpIO::new() returns both the HttpIO and the Receiver:
//
//   let (io, rx) = HttpIO::new();
//
//   The caller (HTTP handler) polls `rx` and converts each `SseEvent` into
//   an `axum::response::sse::Event`.  The agent loop holds `Arc<HttpIO>` and
//   calls methods like `show_status()`, `show_tool_call()`, etc.
//
// ── Thread safety ─────────────────────────────────────────────────────────────
// `tokio::sync::mpsc::Sender` is `Clone + Send + Sync`, so wrapping `HttpIO`
// in `Arc<dyn AgentIO>` works correctly across async task boundaries.
//
// ── Destructive actions ───────────────────────────────────────────────────────
// There is no interactive terminal in HTTP mode.  `confirm_destructive` sends
// a `Confirmation` SSE event so the client *could* display a UI prompt, then
// auto-approves after a short timeout.  For the v1 implementation we simply
// auto-approve (return `true`) — full round-trip confirmation can be added later
// via a separate HTTP endpoint.
// ─────────────────────────────────────────────────────────────────────────────

use crate::io::AgentIO;
use anyhow::Result;
use async_trait::async_trait;
use tokio::sync::mpsc;

// ─── SseEvent ────────────────────────────────────────────────────────────────

/// All event types that the agent can emit over an SSE stream.
///
/// The HTTP route handler converts these into `text/event-stream` messages.
/// Each variant maps to an SSE `event:` field:
///
/// ```text
/// event: status
/// data: {"msg":"auto-continuing…"}
///
/// event: tool_call
/// data: {"name":"bash","args":"cargo test"}
///
/// event: tool_result
/// data: {"preview":"ok. 12 passed","is_error":false}
///
/// event: error
/// data: {"msg":"Reached auto-continue limit"}
///
/// event: complete
/// data: {}
/// ```
#[derive(Debug, Clone)]
pub enum SseEvent {
    /// Progress / status message (e.g. "auto-continuing…").
    Status { msg: String },

    /// An agent tool is about to be called.
    ToolCall { name: String, args: String },

    /// The result of a tool call.
    ToolResult { preview: String, is_error: bool },

    /// An error message (not a tool error — agent-level error).
    Error { msg: String },

    /// The agent loop has finished the current task.
    #[allow(dead_code)]
    Complete,
}

impl SseEvent {
    /// Returns the SSE `event:` field name for this variant.
    ///
    /// This is used by the HTTP route handler when building the SSE response.
    pub fn event_name(&self) -> &'static str {
        match self {
            SseEvent::Status { .. } => "status",
            SseEvent::ToolCall { .. } => "tool_call",
            SseEvent::ToolResult { .. } => "tool_result",
            SseEvent::Error { .. } => "error",
            SseEvent::Complete => "complete",
        }
    }

    /// Serialise the payload to a JSON string for the SSE `data:` field.
    pub fn data_json(&self) -> String {
        match self {
            SseEvent::Status { msg } => serde_json::json!({ "msg": msg }).to_string(),
            SseEvent::ToolCall { name, args } => {
                serde_json::json!({ "name": name, "args": args }).to_string()
            }
            SseEvent::ToolResult { preview, is_error } => {
                serde_json::json!({ "preview": preview, "is_error": is_error }).to_string()
            }
            SseEvent::Error { msg } => serde_json::json!({ "msg": msg }).to_string(),
            SseEvent::Complete => "{}".to_string(),
        }
    }
}

// ─── HttpIO ──────────────────────────────────────────────────────────────────

/// AgentIO implementation that streams events over an `mpsc` channel.
///
/// The receiving end of the channel is held by the HTTP route handler, which
/// converts `SseEvent` values into SSE response frames.
///
/// # Example
///
/// ```rust,ignore
/// use xcodeai::io::http::HttpIO;
///
/// let (io, mut rx) = HttpIO::new();
///
/// // Give io to the agent (as Arc<dyn AgentIO>).
/// let io_arc: Arc<dyn AgentIO> = Arc::new(io);
///
/// // In the HTTP handler, receive events:
/// while let Some(event) = rx.recv().await {
///     println!("{}: {}", event.event_name(), event.data_json());
/// }
/// ```
pub struct HttpIO {
    /// Sending half of the SSE event channel.
    ///
    /// Cloned from the channel created in `HttpIO::new()`.  When all senders
    /// are dropped the channel closes and the receiver's `recv()` returns `None`,
    /// which signals to the HTTP handler that the agent loop has finished.
    tx: mpsc::Sender<SseEvent>,
}

impl HttpIO {
    /// Create a new `HttpIO` and return both the IO handle and the event receiver.
    ///
    /// The caller (HTTP route handler) keeps the `Receiver<SseEvent>` and polls
    /// it while streaming the response to the HTTP client.  The `HttpIO` is
    /// wrapped in `Arc<dyn AgentIO>` and given to the agent loop.
    ///
    /// The channel buffer is 64 messages — large enough that the agent loop
    /// never has to wait for the HTTP handler to drain the buffer during normal
    /// operation.
    pub fn new() -> (Self, mpsc::Receiver<SseEvent>) {
        // A bounded channel with 64 slots.  If the consumer (HTTP handler) falls
        // behind by more than 64 events the agent will briefly pause — that's
        // fine; back-pressure is the correct behaviour here.
        let (tx, rx) = mpsc::channel(64);
        (HttpIO { tx }, rx)
    }

    /// Send an `SseEvent` to the channel.
    ///
    /// If the receiver has been dropped (e.g. client disconnected), the send
    /// fails silently.  We do NOT propagate this error because the agent loop
    /// should continue even if the HTTP client disconnected — it's better to
    /// finish the task and write any file changes than to abort mid-way.
    async fn send(&self, event: SseEvent) {
        // `.send()` fails only if the receiver was dropped.  We swallow the
        // error intentionally — see doc comment above.
        let _ = self.tx.send(event).await;
    }
}

// ─── AgentIO impl ────────────────────────────────────────────────────────────

#[async_trait]
impl AgentIO for HttpIO {
    /// Emit a `Status` SSE event.
    async fn show_status(&self, msg: &str) -> Result<()> {
        self.send(SseEvent::Status {
            msg: msg.to_string(),
        })
        .await;
        Ok(())
    }

    /// Emit a `ToolCall` SSE event.
    async fn show_tool_call(&self, tool_name: &str, args_preview: &str) -> Result<()> {
        self.send(SseEvent::ToolCall {
            name: tool_name.to_string(),
            args: args_preview.to_string(),
        })
        .await;
        Ok(())
    }

    /// Emit a `ToolResult` SSE event.
    async fn show_tool_result(&self, preview: &str, is_error: bool) -> Result<()> {
        self.send(SseEvent::ToolResult {
            preview: preview.to_string(),
            is_error,
        })
        .await;
        Ok(())
    }

    /// Emit an `Error` SSE event.
    async fn write_error(&self, msg: &str) -> Result<()> {
        self.send(SseEvent::Error {
            msg: msg.to_string(),
        })
        .await;
        Ok(())
    }

    /// Auto-approve destructive actions in HTTP mode.
    ///
    /// There is no interactive terminal to prompt the user.  We send a
    /// `Status` event so the HTTP client can log that a destructive tool was
    /// called, then return `true` (approved).
    ///
    /// A future version could send a `Confirmation` event and wait for a
    /// response on a separate `/sessions/:id/confirm` HTTP endpoint.
    async fn confirm_destructive(&self, tool_name: &str, args_preview: &str) -> Result<bool> {
        self.send(SseEvent::Status {
            msg: format!(
                "⚠ auto-approving destructive call: {} ({})",
                tool_name, args_preview
            ),
        })
        .await;
        // Auto-approve — HTTP API mode is considered to be running under user
        // supervision via the /sessions endpoint, so we trust the caller.
        Ok(true)
    }
}

// ─── Tests ───────────────────────────────────────────────────────────────────

#[cfg(test)]
mod tests {
    use super::*;
    use crate::io::AgentIO;
    use std::sync::Arc;

    /// Helper: create an HttpIO and return (Arc<dyn AgentIO>, Receiver).
    fn make_io() -> (Arc<dyn AgentIO>, mpsc::Receiver<SseEvent>) {
        let (io, rx) = HttpIO::new();
        (Arc::new(io), rx)
    }

    // ── SseEvent serialisation ────────────────────────────────────────────────

    #[test]
    fn test_sse_event_names() {
        assert_eq!(SseEvent::Status { msg: "x".into() }.event_name(), "status");
        assert_eq!(
            SseEvent::ToolCall {
                name: "bash".into(),
                args: "ls".into()
            }
            .event_name(),
            "tool_call"
        );
        assert_eq!(
            SseEvent::ToolResult {
                preview: "ok".into(),
                is_error: false
            }
            .event_name(),
            "tool_result"
        );
        assert_eq!(SseEvent::Error { msg: "oops".into() }.event_name(), "error");
        assert_eq!(SseEvent::Complete.event_name(), "complete");
    }

    #[test]
    fn test_sse_event_data_json_status() {
        let ev = SseEvent::Status {
            msg: "hello".into(),
        };
        let json: serde_json::Value = serde_json::from_str(&ev.data_json()).unwrap();
        assert_eq!(json["msg"], "hello");
    }

    #[test]
    fn test_sse_event_data_json_tool_call() {
        let ev = SseEvent::ToolCall {
            name: "bash".into(),
            args: "ls".into(),
        };
        let json: serde_json::Value = serde_json::from_str(&ev.data_json()).unwrap();
        assert_eq!(json["name"], "bash");
        assert_eq!(json["args"], "ls");
    }

    #[test]
    fn test_sse_event_data_json_tool_result() {
        let ev = SseEvent::ToolResult {
            preview: "ok".into(),
            is_error: true,
        };
        let json: serde_json::Value = serde_json::from_str(&ev.data_json()).unwrap();
        assert_eq!(json["preview"], "ok");
        assert_eq!(json["is_error"], true);
    }

    #[test]
    fn test_sse_event_data_json_complete() {
        let ev = SseEvent::Complete;
        let json: serde_json::Value = serde_json::from_str(&ev.data_json()).unwrap();
        assert!(json.is_object());
    }

    // ── AgentIO method → channel ──────────────────────────────────────────────

    #[tokio::test]
    async fn test_show_status_sends_event() {
        let (io, mut rx) = make_io();
        io.show_status("starting…").await.unwrap();

        let ev = rx.recv().await.expect("expected event");
        match ev {
            SseEvent::Status { msg } => assert_eq!(msg, "starting…"),
            other => panic!("unexpected: {:?}", other),
        }
    }

    #[tokio::test]
    async fn test_show_tool_call_sends_event() {
        let (io, mut rx) = make_io();
        io.show_tool_call("bash", "cargo test").await.unwrap();

        let ev = rx.recv().await.unwrap();
        match ev {
            SseEvent::ToolCall { name, args } => {
                assert_eq!(name, "bash");
                assert_eq!(args, "cargo test");
            }
            other => panic!("unexpected: {:?}", other),
        }
    }

    #[tokio::test]
    async fn test_show_tool_result_sends_event() {
        let (io, mut rx) = make_io();
        io.show_tool_result("12 passed", false).await.unwrap();

        let ev = rx.recv().await.unwrap();
        match ev {
            SseEvent::ToolResult { preview, is_error } => {
                assert_eq!(preview, "12 passed");
                assert!(!is_error);
            }
            other => panic!("unexpected: {:?}", other),
        }
    }

    #[tokio::test]
    async fn test_write_error_sends_event() {
        let (io, mut rx) = make_io();
        io.write_error("something failed").await.unwrap();

        let ev = rx.recv().await.unwrap();
        match ev {
            SseEvent::Error { msg } => assert_eq!(msg, "something failed"),
            other => panic!("unexpected: {:?}", other),
        }
    }

    #[tokio::test]
    async fn test_confirm_destructive_auto_approves() {
        let (io, mut rx) = make_io();
        // HTTP mode always auto-approves.
        let approved = io.confirm_destructive("bash", "rm -rf /").await.unwrap();
        assert!(approved, "HTTP mode should auto-approve destructive calls");

        // A status event should have been sent.
        let ev = rx.recv().await.unwrap();
        assert!(matches!(ev, SseEvent::Status { .. }));
    }

    #[tokio::test]
    async fn test_channel_closes_when_io_dropped() {
        let (io, mut rx) = HttpIO::new();
        // Drop the sender side.
        drop(io);
        // Receiver should return None immediately.
        assert!(
            rx.recv().await.is_none(),
            "channel should be closed after HttpIO dropped"
        );
    }
}