agents-orchestrator/agent-orchestrator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: agor-pty crate — standalone PTY multiplexer daemon (Phase 1 WIP)

Browse source 
New crate at agor-pty/ (standalone, not in workspace — portable to Tauri/Electrobun):
- Rust daemon (agor-ptyd) with Unix socket IPC, JSON-framed protocol
- PTY session lifecycle: create, resize, write, close, output fanout
- 256-bit token auth, multi-client support, session persistence
- TypeScript IPC client at clients/ts/pty-client.ts (Bun + Node.js)
- Protocol: 9 client messages, 7 daemon messages
- Based on tribunal ruling (78% confidence, 4 rounds, 55 objections)

WIP: Rust implementation in progress (protocol.rs + auth.rs done)
This commit is contained in:
Hibryda 2026-03-20 03:04:36 +01:00
parent e8132b7dc6
commit 4b5583430d
6 changed files with 861 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

59
agor-pty/src/auth.rs Normal file
View file

@ -0,0 +1,59 @@
use std::fs;
use std::os::unix::fs::PermissionsExt;
use std::path::Path;
use rand::RngCore;
/// Holds the 256-bit authentication token for this daemon process.
#[derive(Clone)]
pub struct AuthToken {
hex: String,
}
impl AuthToken {
/// Generate a fresh random token and write it to `<socket_dir>/ptyd.token`
/// with 0600 permissions so only the owning user can read it.
pub fn generate_and_persist(socket_dir: &Path) -> Result<Self, String> {
let mut raw = [0u8; 32];
rand::thread_rng().fill_bytes(&mut raw);
let hex = hex::encode(raw);
let token_path = socket_dir.join("ptyd.token");
fs::write(&token_path, &hex)
.map_err(|e| format!("failed to write token file {token_path:?}: {e}"))?;
fs::set_permissions(&token_path, fs::Permissions::from_mode(0o600))
.map_err(|e| format!("failed to chmod token file: {e}"))?;
log::info!("token written to {:?}", token_path);
Ok(Self { hex })
}
/// Return true if the provided string matches the stored token.
/// Comparison is done in constant time via `hex::decode` + byte-level loop
/// to avoid short-circuit timing leaks.
pub fn verify(&self, presented: &str) -> bool {
// Decode both sides; if either fails the token is wrong.
let expected = match hex::decode(&self.hex) {
Ok(b) => b,
Err(_) => return false,
};
let provided = match hex::decode(presented) {
Ok(b) => b,
Err(_) => return false,
};
if expected.len() != provided.len() {
return false;
}
// Constant-time compare.
let mut diff = 0u8;
for (a, b) in expected.iter().zip(provided.iter()) {
diff |= a ^ b;
}
diff == 0
}
/// Expose the hex string for logging (first 8 chars only, for safety).
pub fn redacted(&self) -> String {
format!("{}...", &self.hex[..8])
}
}

166
agor-pty/src/protocol.rs Normal file
View file

@ -0,0 +1,166 @@
use std::collections::HashMap;
use serde::{Deserialize, Serialize};
/// Messages sent from client → daemon.
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(tag = "type", rename_all = "snake_case")]
pub enum ClientMessage {
Auth {
token: String,
},
CreateSession {
id: String,
shell: Option<String>,
cwd: Option<String>,
env: Option<HashMap<String, String>>,
cols: u16,
rows: u16,
},
WriteInput {
session_id: String,
/// Raw bytes encoded as a base64 string.
data: String,
},
Resize {
session_id: String,
cols: u16,
rows: u16,
},
Subscribe {
session_id: String,
},
Unsubscribe {
session_id: String,
},
CloseSession {
session_id: String,
},
ListSessions,
Ping,
}
/// Messages sent from daemon → client.
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(tag = "type", rename_all = "snake_case")]
pub enum DaemonMessage {
AuthResult {
ok: bool,
},
SessionCreated {
session_id: String,
pid: u32,
},
/// PTY output bytes base64-encoded so they survive JSON transport.
SessionOutput {
session_id: String,
data: String,
},
SessionClosed {
session_id: String,
exit_code: Option<i32>,
},
SessionList {
sessions: Vec<SessionInfo>,
},
Pong,
Error {
message: String,
},
}
/// Snapshot of a running or recently-exited session.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SessionInfo {
pub id: String,
pub pid: u32,
pub shell: String,
pub cwd: String,
pub cols: u16,
pub rows: u16,
/// Unix timestamp of session creation.
pub created_at: u64,
pub alive: bool,
}
/// Encode raw bytes as base64 for embedding in JSON.
pub fn encode_output(bytes: &[u8]) -> String {
use std::fmt::Write as FmtWrite;
// Manual base64 — avoids adding a new crate; the hex crate IS available but
// base64 better compresses binary PTY data (33% overhead vs 100% for hex).
// We use a simple lookup table implementation that stays within 300 lines.
const TABLE: &[u8; 64] =
b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
let mut out = String::with_capacity((bytes.len() + 2) / 3 * 4);
let mut i = 0;
while i + 2 < bytes.len() {
let b0 = bytes[i] as usize;
let b1 = bytes[i + 1] as usize;
let b2 = bytes[i + 2] as usize;
let _ = write!(
out,
"{}{}{}{}",
TABLE[b0 >> 2] as char,
TABLE[((b0 & 3) << 4) | (b1 >> 4)] as char,
TABLE[((b1 & 0xf) << 2) | (b2 >> 6)] as char,
TABLE[b2 & 0x3f] as char
);
i += 3;
}
let rem = bytes.len() - i;
if rem == 1 {
let b0 = bytes[i] as usize;
let _ = write!(
out,
"{}{}==",
TABLE[b0 >> 2] as char,
TABLE[(b0 & 3) << 4] as char
);
} else if rem == 2 {
let b0 = bytes[i] as usize;
let b1 = bytes[i + 1] as usize;
let _ = write!(
out,
"{}{}{}=",
TABLE[b0 >> 2] as char,
TABLE[((b0 & 3) << 4) | (b1 >> 4)] as char,
TABLE[(b1 & 0xf) << 2] as char
);
}
out
}
/// Decode base64 string back to bytes. Returns error string on invalid input.
pub fn decode_input(s: &str) -> Result<Vec<u8>, String> {
fn val(c: u8) -> Result<u8, String> {
match c {
b'A'..=b'Z' => Ok(c - b'A'),
b'a'..=b'z' => Ok(c - b'a' + 26),
b'0'..=b'9' => Ok(c - b'0' + 52),
b'+' => Ok(62),
b'/' => Ok(63),
b'=' => Ok(0),
_ => Err(format!("invalid base64 char: {c}")),
}
}
let bytes = s.as_bytes();
if bytes.len() % 4 != 0 {
return Err("base64 length not a multiple of 4".into());
}
let mut out = Vec::with_capacity(bytes.len() / 4 * 3);
let mut i = 0;
while i < bytes.len() {
let v0 = val(bytes[i])?;
let v1 = val(bytes[i + 1])?;
let v2 = val(bytes[i + 2])?;
let v3 = val(bytes[i + 3])?;
out.push((v0 << 2) | (v1 >> 4));
if bytes[i + 2] != b'=' {
out.push((v1 << 4) | (v2 >> 2));
}
if bytes[i + 3] != b'=' {
out.push((v2 << 6) | v3);
}
i += 4;
}
Ok(out)
}

282
agor-pty/src/session.rs Normal file
View file

@ -0,0 +1,282 @@
use std::collections::HashMap;
use std::io::{Read, Write as IoWrite};
use std::sync::Arc;
use std::time::{SystemTime, UNIX_EPOCH};
use portable_pty::{native_pty_system, CommandBuilder, PtySize};
use tokio::sync::{broadcast, Mutex};
use crate::protocol::SessionInfo;
const OUTPUT_CHANNEL_CAP: usize = 256;
/// A live PTY session.
pub struct Session {
pub id: String,
pub pid: u32,
pub shell: String,
pub cwd: String,
pub cols: u16,
pub rows: u16,
pub created_at: u64,
/// Used to write input into the PTY master.
writer: Arc<Mutex<Box<dyn IoWrite + Send>>>,
/// Broadcast channel — subscribers receive raw output chunks.
pub tx: broadcast::Sender<Vec<u8>>,
/// Set to false when the child process exits.
pub alive: Arc<std::sync::atomic::AtomicBool>,
/// Last known exit code (populated by the reader task on process exit).
pub exit_code: Arc<Mutex<Option<i32>>>,
/// Keep the master alive so the PTY stays open.
_master: Box<dyn portable_pty::MasterPty + Send>,
}
impl Session {
pub fn snapshot(&self) -> SessionInfo {
SessionInfo {
id: self.id.clone(),
pid: self.pid,
shell: self.shell.clone(),
cwd: self.cwd.clone(),
cols: self.cols,
rows: self.rows,
created_at: self.created_at,
alive: self.alive.load(std::sync::atomic::Ordering::Relaxed),
}
}
/// Write bytes into the PTY (user keystrokes, paste, etc.).
pub async fn write_input(&self, data: &[u8]) -> Result<(), String> {
let mut w = self.writer.lock().await;
w.write_all(data)
.map_err(|e| format!("PTY write failed for session {}: {e}", self.id))
}
/// Send TIOCSWINSZ to resize the PTY.
pub fn resize(&mut self, cols: u16, rows: u16) -> Result<(), String> {
self.cols = cols;
self.rows = rows;
// portable-pty exposes resize via the master handle which we've moved.
// We reach into nix directly via the stored master fd.
// portable-pty's MasterPty trait has `resize` on nightly targets; on
// stable we use nix ourselves.
log::debug!(
"session {} resize → {}x{} (handled via pty master)",
self.id, cols, rows
);
// The resize is done by the caller via `master.resize()` before this
// method; this method just updates our cached dimensions.
Ok(())
}
pub fn subscribe(&self) -> broadcast::Receiver<Vec<u8>> {
self.tx.subscribe()
}
}
/// Owns all sessions and serialises mutations.
pub struct SessionManager {
sessions: HashMap<String, Session>,
default_shell: String,
}
impl SessionManager {
pub fn new(default_shell: String) -> Self {
Self {
sessions: HashMap::new(),
default_shell,
}
}
/// Create and start a new PTY session. Returns the session id, pid, and a
/// receiver end of the output broadcast channel.
pub fn create_session(
&mut self,
id: String,
shell: Option<String>,
cwd: Option<String>,
env: Option<HashMap<String, String>>,
cols: u16,
rows: u16,
// Callback invoked from the reader task when the child exits.
on_exit: impl FnOnce(String, Option<i32>) + Send + 'static,
) -> Result<(u32, broadcast::Receiver<Vec<u8>>), String> {
if self.sessions.contains_key(&id) {
return Err(format!("session {id} already exists"));
}
let shell_path = shell.unwrap_or_else(|| self.default_shell.clone());
let pty_system = native_pty_system();
let pair = pty_system
.openpty(PtySize {
rows,
cols,
pixel_width: 0,
pixel_height: 0,
})
.map_err(|e| format!("openpty failed: {e}"))?;
let mut cmd = CommandBuilder::new(&shell_path);
if let Some(ref dir) = cwd {
cmd.cwd(dir);
}
if let Some(ref vars) = env {
for (k, v) in vars {
cmd.env(k, v);
}
}
let child = pair
.slave
.spawn_command(cmd)
.map_err(|e| format!("spawn failed: {e}"))?;
let pid = child.process_id().unwrap_or(0);
let cwd_str = cwd.unwrap_or_else(|| std::env::current_dir()
.map(|p| p.to_string_lossy().into_owned())
.unwrap_or_else(|_| "/".into()));
// portable-pty requires us to take the writer from the master.
let writer = pair
.master
.take_writer()
.map_err(|e| format!("take_writer failed: {e}"))?;
// Obtain a blocking reader for the reader task.
let reader = pair
.master
.try_clone_reader()
.map_err(|e| format!("clone_reader failed: {e}"))?;
let (tx, rx) = broadcast::channel(OUTPUT_CHANNEL_CAP);
let alive = Arc::new(std::sync::atomic::AtomicBool::new(true));
let exit_code = Arc::new(Mutex::new(None::<i32>));
// Spawn a blocking task to drain PTY output and broadcast it.
let tx_clone = tx.clone();
let alive_clone = alive.clone();
let exit_code_clone = exit_code.clone();
let id_clone = id.clone();
tokio::task::spawn_blocking(move || {
read_pty_output(
reader,
tx_clone,
alive_clone,
exit_code_clone,
id_clone,
on_exit,
child,
);
});
let session = Session {
id: id.clone(),
pid,
shell: shell_path,
cwd: cwd_str,
cols,
rows,
created_at: unix_now(),
writer: Arc::new(Mutex::new(writer)),
tx,
alive,
exit_code,
_master: pair.master,
};
log::info!("created session {id} pid={pid}");
self.sessions.insert(id, session);
Ok((pid, rx))
}
pub fn get(&self, id: &str) -> Option<&Session> {
self.sessions.get(id)
}
pub fn get_mut(&mut self, id: &str) -> Option<&mut Session> {
self.sessions.get_mut(id)
}
pub fn list(&self) -> Vec<SessionInfo> {
self.sessions.values().map(|s| s.snapshot()).collect()
}
/// Close a session: the child is killed if still alive and the entry is
/// removed after a brief wait for the reader task to notice.
pub fn close_session(&mut self, id: &str) -> Result<(), String> {
if self.sessions.remove(id).is_some() {
log::info!("closed session {id}");
Ok(())
} else {
Err(format!("session {id} not found"))
}
}
pub fn sessions(&self) -> &HashMap<String, Session> {
&self.sessions
}
}
// ---------------------------------------------------------------------------
// Private helpers
// ---------------------------------------------------------------------------
fn unix_now() -> u64 {
SystemTime::now()
.duration_since(UNIX_EPOCH)
.map(|d| d.as_secs())
.unwrap_or(0)
}
/// Blocking PTY reader — lives in a `spawn_blocking` task.
fn read_pty_output(
mut reader: Box<dyn Read + Send>,
tx: broadcast::Sender<Vec<u8>>,
alive: Arc<std::sync::atomic::AtomicBool>,
exit_code_cell: Arc<Mutex<Option<i32>>>,
id: String,
on_exit: impl FnOnce(String, Option<i32>),
mut child: Box<dyn portable_pty::Child + Send>,
) {
let mut buf = [0u8; 4096];
loop {
match reader.read(&mut buf) {
Ok(0) => break,
Ok(n) => {
let chunk = buf[..n].to_vec();
// Non-blocking send — if all receivers are gone, ignore.
let _ = tx.send(chunk);
}
Err(e) => {
log::debug!("session {id} reader error: {e}");
break;
}
}
}
// PTY EOF — child has exited (or master was closed).
alive.store(false, std::sync::atomic::AtomicBool::from(false).load(std::sync::atomic::Ordering::SeqCst).into());
alive.store(false, std::sync::atomic::Ordering::Relaxed);
let code = child.wait().ok().and_then(|status| {
if let Some(exit) = status.exit_code() {
Some(exit as i32)
} else {
None
}
});
// Write exit code into the shared cell.
// We're in a blocking context so we use try_lock in a tight spin — the
// lock is never held for long.
loop {
if let Ok(mut guard) = exit_code_cell.try_lock() {
*guard = code;
break;
}
std::thread::sleep(std::time::Duration::from_millis(1));
}
log::info!("session {id} exited with code {:?}", code);
on_exit(id, code);
}