clawdforge

Sulkta-Coop/clawdforge

Fork 0

Commit graph

Author	SHA1	Message	Date
Kayos	dbbead261d	v0.2.1: optional per-session model override (Cobb wants Opus on code-work paths) - CreateSessionRequest gains optional `model` field (validated regex) - AcpxManager.create + AcpxSession dataclass carry the model - Subprocess env on both create and turn sets ANTHROPIC_MODEL=<model> when set; subprocesses inherit parent env unchanged when NULL - store.insert_session takes optional model; sessions table grows a nullable model column via idempotent ALTER TABLE in Store.__init__ so live deployments migrate on next boot - POST /sessions response echoes model so callers can confirm - session_events 'create' meta records the model Backward-compatible: omitting model preserves current Sonnet-default behavior. The 14 SDK Session APIs work unchanged; SDK updates can land opportunistically when callers need to pin a model. crafting-table's patcher pins 'opus' in a follow-up commit on the crafting-table side.	2026-04-29 12:35:33 -07:00
Kayos	940861f70a	v0.2: multi-turn /sessions endpoints backed by ACPX - Dockerfile: install acpx@latest alongside @anthropic-ai/claude-code - compose.yml: bind /mnt/user/appdata/clawdforge/acpx-sessions:/root/.acpx/sessions - DB: additive sessions + session_events tables in store.py SCHEMA - clawdforge/acpx_runner.py: AcpxManager + AcpxSession, bounded async pool, per-invocation subprocess model (acpx CLI itself owns the queue-owner lifecycle, so each turn = one fresh `acpx prompt -s <uuid>` call) - server.py: POST/GET/DELETE /sessions + POST /sessions/{id}/turn + GET /sessions - Per-app isolation: 404 (not 403) on cross-token session access — no existence leak across tokens - Lifespan-managed TTL sweeper: every 60s soft-closes idle sessions past CLAWDFORGE_SESSION_TTL_SECS (1h default), hard-deletes ledger rows past CLAWDFORGE_SESSION_HARD_TTL_SECS (24h default) - session_events audit table parallel to existing runs table (events: create, turn, close, sweep_close, hard_delete) - /healthz now reports acpx_present + acpx_version + open_sessions count - tests/test_sessions.py: 16 tests covering create/turn/close/list/isolation/ sweep/pool-full/regression. /run regression test asserts byte-identical v0.1 response shape. ACPX research notes (v0.6.1, openclaw/acpx): - npm package is `acpx`, not `@openclaw/acpx` - Sessions are scoped by (agentCommand, cwd, name?). We mint our own UUID as `--name` and give every session a unique cwd subdir, so the scope key is collision-free across apps. - session_id source: ours. We pass --name <uuid>, ACPX records it under ~/.acpx/sessions/<encoded-id>.json. We never need to parse ACPX's acpxRecordId — our UUID is canonical. - Subprocess lifetime: per-invocation, NOT per-session. The acpx CLI itself spawns/maintains a per-session "queue owner" process via local IPC; each `acpx prompt` call we make either elects itself owner or enqueues. The AcpxSession class is therefore a thin (uuid, cwd, asyncio.Lock) handle, not a long-lived stdio pipe. The spec's "owns one stdio pipe pair" model was rewritten to match reality — flagged here. - Close semantics: soft-close via `acpx sessions close <name>`. The on-disk record stays (ACPX's `sessions prune` is the hard-delete path, not invoked from clawdforge). DELETE /sessions/<id> is documented as idempotent (200 with already_closed=true on second call) so SDKs can call close() in finally/Drop blocks safely. - File uploads: ACPX has no file-attach ACP method exposed via the CLI. We prepend a [Attached files] header listing absolute paths; the agent uses its Read tool to open them. Same behavior as /run --files in v0.1. - Permissions: --approve-all on the turn invocation since the container is unattended and callers are bearer-token-trusted. Future v0.3 may expose a per-session permission policy. /run endpoint unchanged — backwards compat verified by test_run_endpoint_unchanged + test_run_endpoint_unchanged_error_shape. Spec: memory/spec-clawdforge-v0.2.md ACPX CLI ref: https://github.com/openclaw/acpx/blob/main/docs/CLI.md	2026-04-29 06:22:55 -07:00
Kayos	44a8fe743f	v0.1 — clawdforge service scaffold LAN-only HTTP service that runs claude -p subprocess on behalf of Sulkta apps. Bearer token + IP allowlist gated. SQLite-backed token registry + run audit log. - POST /run run a prompt, return parsed result - POST /files upload a file, get a file_token to attach to /run - POST /admin/tokens mint per-app tokens (admin-bootstrap-token gated) - GET /admin/tokens list, DELETE /admin/tokens/<name> revoke - GET /healthz liveness + claude --version smoke Container = node:22 + npm-installed @anthropic-ai/claude-code + uvicorn/FastAPI wrapper. Persistent volumes for /data (sqlite + run staging) and /root/.claude (subscription auth — survives container rebuilds; auth via 'docker exec -it clawdforge claude /login' once). Compose binds 192.168.0.5:8800 only — no public proxy. First consumer = cauldron (about to land).	2026-04-28 16:46:44 -07:00

Author

SHA1

Message

Date

Kayos

dbbead261d

v0.2.1: optional per-session model override (Cobb wants Opus on code-work paths)

- CreateSessionRequest gains optional `model` field (validated regex)
- AcpxManager.create + AcpxSession dataclass carry the model
- Subprocess env on both create and turn sets ANTHROPIC_MODEL=<model>
  when set; subprocesses inherit parent env unchanged when NULL
- store.insert_session takes optional model; sessions table grows a
  nullable model column via idempotent ALTER TABLE in Store.__init__
  so live deployments migrate on next boot
- POST /sessions response echoes model so callers can confirm
- session_events 'create' meta records the model

Backward-compatible: omitting model preserves current Sonnet-default
behavior. The 14 SDK Session APIs work unchanged; SDK updates can land
opportunistically when callers need to pin a model. crafting-table's
patcher pins 'opus' in a follow-up commit on the crafting-table side.

2026-04-29 12:35:33 -07:00

Kayos

940861f70a

v0.2: multi-turn /sessions endpoints backed by ACPX

- Dockerfile: install acpx@latest alongside @anthropic-ai/claude-code
- compose.yml: bind /mnt/user/appdata/clawdforge/acpx-sessions:/root/.acpx/sessions
- DB: additive sessions + session_events tables in store.py SCHEMA
- clawdforge/acpx_runner.py: AcpxManager + AcpxSession, bounded async pool,
  per-invocation subprocess model (acpx CLI itself owns the queue-owner
  lifecycle, so each turn = one fresh `acpx prompt -s <uuid>` call)
- server.py: POST/GET/DELETE /sessions + POST /sessions/{id}/turn + GET /sessions
- Per-app isolation: 404 (not 403) on cross-token session access — no
  existence leak across tokens
- Lifespan-managed TTL sweeper: every 60s soft-closes idle sessions past
  CLAWDFORGE_SESSION_TTL_SECS (1h default), hard-deletes ledger rows past
  CLAWDFORGE_SESSION_HARD_TTL_SECS (24h default)
- session_events audit table parallel to existing runs table
  (events: create, turn, close, sweep_close, hard_delete)
- /healthz now reports acpx_present + acpx_version + open_sessions count
- tests/test_sessions.py: 16 tests covering create/turn/close/list/isolation/
  sweep/pool-full/regression. /run regression test asserts byte-identical
  v0.1 response shape.

ACPX research notes (v0.6.1, openclaw/acpx):
- npm package is `acpx`, not `@openclaw/acpx`
- Sessions are scoped by (agentCommand, cwd, name?). We mint our own UUID
  as `--name` and give every session a unique cwd subdir, so the scope key
  is collision-free across apps.
- session_id source: ours. We pass --name <uuid>, ACPX records it under
  ~/.acpx/sessions/<encoded-id>.json. We never need to parse ACPX's
  acpxRecordId — our UUID is canonical.
- Subprocess lifetime: per-invocation, NOT per-session. The acpx CLI itself
  spawns/maintains a per-session "queue owner" process via local IPC; each
  `acpx prompt` call we make either elects itself owner or enqueues. The
  AcpxSession class is therefore a thin (uuid, cwd, asyncio.Lock) handle,
  not a long-lived stdio pipe. The spec's "owns one stdio pipe pair" model
  was rewritten to match reality — flagged here.
- Close semantics: soft-close via `acpx sessions close <name>`. The
  on-disk record stays (ACPX's `sessions prune` is the hard-delete path,
  not invoked from clawdforge). DELETE /sessions/<id> is documented as
  idempotent (200 with already_closed=true on second call) so SDKs can
  call close() in finally/Drop blocks safely.
- File uploads: ACPX has no file-attach ACP method exposed via the CLI.
  We prepend a [Attached files] header listing absolute paths; the agent
  uses its Read tool to open them. Same behavior as /run --files in v0.1.
- Permissions: --approve-all on the turn invocation since the container is
  unattended and callers are bearer-token-trusted. Future v0.3 may expose
  a per-session permission policy.

/run endpoint unchanged — backwards compat verified by
test_run_endpoint_unchanged + test_run_endpoint_unchanged_error_shape.

Spec: memory/spec-clawdforge-v0.2.md
ACPX CLI ref: https://github.com/openclaw/acpx/blob/main/docs/CLI.md

2026-04-29 06:22:55 -07:00

Kayos

44a8fe743f

v0.1 — clawdforge service scaffold

LAN-only HTTP service that runs claude -p subprocess on behalf of Sulkta apps.
Bearer token + IP allowlist gated. SQLite-backed token registry + run audit log.

- POST /run               run a prompt, return parsed result
- POST /files             upload a file, get a file_token to attach to /run
- POST /admin/tokens      mint per-app tokens (admin-bootstrap-token gated)
- GET  /admin/tokens      list, DELETE /admin/tokens/<name>  revoke
- GET  /healthz           liveness + claude --version smoke

Container = node:22 + npm-installed @anthropic-ai/claude-code + uvicorn/FastAPI
wrapper. Persistent volumes for /data (sqlite + run staging) and /root/.claude
(subscription auth — survives container rebuilds; auth via 'docker exec -it
clawdforge claude /login' once). Compose binds 192.168.0.5:8800 only — no
public proxy.

First consumer = cauldron (about to land).

2026-04-28 16:46:44 -07:00

3 commits