claude-code-conduit/server/index.mjs

import express from 'express';
import { actions } from './actions.mjs';
import { enqueue, get_entry, list_pending, resolve } from './queue.mjs';
import { load_config } from './config.mjs';
import { create_auth_middleware, check_can_approve, check_can_manage_policies } from './auth.mjs';
import { create_mailer } from './mailer.mjs';
import { exec as real_exec } from './helpers.mjs';
import { load_mail_perms } from './mail_perms.mjs';
import { load_policy_overrides } from './policy_overrides.mjs';
import { create_calendar_client } from './google_calendar.mjs';

function get_arg(argv, flag) {
	const i = argv.indexOf(flag);
	return i !== -1 ? argv[i + 1] : null;
}

function ts() {
	return new Date().toLocaleTimeString();
}

const VERBOSE  = process.argv.includes('--verbose');
const DRY_RUN  = process.argv.includes('--dry-run');

const config_path = get_arg(process.argv, '--config') || process.env.CONDUIT_CONFIG;

let cfg;
try {
	cfg = load_config(config_path);
} catch (err) {
	console.error(`Fatal: ${err.message}`);
	process.exit(1);
}

const { users, smtp, mail_perms_path, policy_overrides_path, google_calendar: gcal_cfg } = cfg;
const PORT  = process.env.CONDUIT_PORT || cfg.port  || 3015;
const BIND  = process.env.CONDUIT_BIND || cfg.bind  || '127.0.0.1';

let mail_perm_store;
try {
	mail_perm_store = load_mail_perms(mail_perms_path);
} catch (err) {
	console.error(`Fatal: ${err.message}`);
	process.exit(1);
}

let policy_store;
try {
	policy_store = load_policy_overrides(policy_overrides_path);
} catch (err) {
	console.error(`Fatal: ${err.message}`);
	process.exit(1);
}

if (!policy_overrides_path) {
	console.warn('Warning: policy_overrides not set in config; policy overrides will not persist across restarts');
}

if (!mail_perms_path) {
	console.warn('Warning: mail_perms not set in config; mail permissions will not persist across restarts');
}

const real_mailer_send = create_mailer(smtp);

let calendar = null;
if (gcal_cfg) {
	try {
		calendar = create_calendar_client(gcal_cfg);
		console.log('Google Calendar client initialized');
	} catch (err) {
		console.error(`Warning: Failed to initialize Google Calendar client: ${err.message}`);
	}
}

const app = express();
app.use(express.json({
	verify: (req, _res, buf) => {
		req.raw_body = buf.toString('utf8');
	},
}));
app.use(create_auth_middleware(users));

app.use((req, _res, next) => {
	const is_debug = req.method === 'GET' && req.path === '/queue';
	if (!is_debug || VERBOSE) {
		console.log(`[${ts()}] ${req.method} ${req.path} — ${req.conduit_user}`);
	}
	next();
});

function make_ctx(caller) {
	const exec = DRY_RUN
		? (bin, args) => console.log(`[${ts()}] [DRY-RUN] exec: ${bin} ${JSON.stringify(args)}`)
		: real_exec;
	const mailer_send = DRY_RUN
		? async (to, subject) => console.log(`[${ts()}] [DRY-RUN] send-mail: to=${to} subject=${JSON.stringify(subject)}`)
		: real_mailer_send;
	return { caller, users, mail_perm_store, exec, mailer_send, calendar };
}

async function run_action(def, params, ctx) {
	return def.handler(params, ctx);
}

function validate_params(action_def, params) {
	const errors = [];
	for (const p of action_def.params) {
		if (p.required && (params[p.name] === undefined || params[p.name] === null)) {
			errors.push(`Missing required param: ${p.name}`);
		}
	}
	return errors;
}

// POST /action  — main entry point
app.post('/action', async (req, res) => {
	const { action, ...params } = req.body ?? {};

	if (!action) {
		return res.status(400).json({ error: "Missing 'action' field" });
	}

	const def = actions[action];
	if (!def) {
		return res.status(404).json({ error: `Unknown action: ${action}` });
	}

	const errors = validate_params(def, params);
	if (errors.length) {
		return res.status(400).json({ error: 'Invalid params', details: errors });
	}

	const effective_policy = policy_store.effective(action, def.policy, def.group);

	if (effective_policy === 'auto-deny') {
		return res.status(403).json({ status: 'denied', reason: 'Policy: auto-deny' });
	}

	const ctx = make_ctx(req.conduit_user);

	if (effective_policy === 'auto-accept') {
		try {
			const result = await run_action(def, params, ctx);
			return res.json({ status: 'accepted', result });
		} catch (err) {
			return res.status(500).json({ status: 'error', error: err.message });
		}
	}

	if (effective_policy === 'queue') {
		const id = enqueue(action, params, req.conduit_user);
		return res.status(202).json({ status: 'queued', id });
	}
});

// GET /queue — list pending items
app.get('/queue', (req, res) => {
	res.json(list_pending());
});

// POST /queue/:id/approve — user approves a queued action
app.post('/queue/:id/approve', async (req, res) => {
	const entry = get_entry(req.params.id);
	if (!entry) {
		return res.status(404).json({ error: 'Not found' });
	}
	if (entry.status !== 'pending') {
		return res.status(409).json({ error: 'Already resolved' });
	}
	if (!check_can_approve(users, req.conduit_user, entry.submitted_by)) {
		return res.status(403).json({ error: 'Not authorized to approve this entry' });
	}

	entry.resolved_by = req.conduit_user;
	resolve(req.params.id, 'approved');

	const ctx = make_ctx(entry.submitted_by);
	const def = actions[entry.action];
	try {
		const result = await run_action(def, entry.params, ctx);
		res.json({ status: 'approved', result });
	} catch (err) {
		res.status(500).json({ status: 'error', error: err.message });
	}
});

// POST /queue/:id/deny — user denies a queued action
app.post('/queue/:id/deny', (req, res) => {
	const entry = get_entry(req.params.id);
	if (!entry) {
		return res.status(404).json({ error: 'Not found' });
	}
	if (entry.status !== 'pending') {
		return res.status(409).json({ error: 'Already resolved' });
	}
	if (!check_can_approve(users, req.conduit_user, entry.submitted_by)) {
		return res.status(403).json({ error: 'Not authorized to deny this entry' });
	}

	entry.resolved_by = req.conduit_user;
	resolve(req.params.id, 'denied');
	res.json({ status: 'denied' });
});

// GET /policies — full policy state (any authenticated user)
app.get('/policies', (req, res) => {
	res.json(policy_store.get_all(actions));
});

// POST /policies/group/:group — toggle group disabled state (human-only)
app.post('/policies/group/:group', (req, res) => {
	if (!check_can_manage_policies(users, req.conduit_user)) {
		return res.status(403).json({ error: 'Not authorized to manage policies' });
	}
	const { disabled } = req.body ?? {};
	if (typeof disabled !== 'boolean') {
		return res.status(400).json({ error: "Body must have boolean 'disabled' field" });
	}
	policy_store.set_group(req.params.group, disabled);
	res.json({ status: 'ok', group: req.params.group, disabled });
});

// POST /policies/action/:action — set or clear an action policy override (human-only)
app.post('/policies/action/:action', (req, res) => {
	if (!check_can_manage_policies(users, req.conduit_user)) {
		return res.status(403).json({ error: 'Not authorized to manage policies' });
	}
	const { policy } = req.body ?? {};
	const valid = ['auto-accept', 'queue', 'auto-deny', null];
	if (!valid.includes(policy)) {
		return res.status(400).json({ error: `policy must be one of: ${valid.slice(0, -1).join(', ')}, or null` });
	}
	if (!actions[req.params.action]) {
		return res.status(404).json({ error: `Unknown action: ${req.params.action}` });
	}
	policy_store.set_action(req.params.action, policy);
	res.json({ status: 'ok', action: req.params.action, policy });
});

app.listen(PORT, BIND, () => {
	console.log(`claude-code-conduit server running on ${BIND}:${PORT}`);
	console.log(`Workspace root: ${process.env.CONDUIT_ROOT || '/workspace'}`);
	if (DRY_RUN) {
		console.log('DRY-RUN mode enabled — actions will be logged but not executed');
	}
});