SILVER
/
NODEDC_TASKMANAGER_CODEXAPI
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4 Commits 1 Branch 0 Tags 166 KiB
TypeScript 99.4%
Dockerfile 0.5%
Go to file
DCCONSTRUCTIONS 14c5f490b1 API - CODEX AGENTS: bearer session auth 2026-05-14 19:28:48 +03:00
docs API - CODEX AGENTS: bearer session auth 2026-05-14 19:28:48 +03:00
migrations API - CODEX AGENTS: persistence and lifecycle endpoints 2026-05-14 19:26:50 +03:00
src API - CODEX AGENTS: bearer session auth 2026-05-14 19:28:48 +03:00
.env.example API - CODEX AGENTS: persistence and lifecycle endpoints 2026-05-14 19:26:50 +03:00
.gitignore ARCH - CODEX AGENTS: стартовый каркас Agent Gateway 2026-05-14 19:16:43 +03:00
Dockerfile API - CODEX AGENTS: persistence and lifecycle endpoints 2026-05-14 19:26:50 +03:00
README.md API - CODEX AGENTS: bearer session auth 2026-05-14 19:28:48 +03:00
docker-compose.local.yml API - CODEX AGENTS: persistence and lifecycle endpoints 2026-05-14 19:26:50 +03:00
package-lock.json API - CODEX AGENTS: persistence and lifecycle endpoints 2026-05-14 19:26:50 +03:00
package.json API - CODEX AGENTS: persistence and lifecycle endpoints 2026-05-14 19:26:50 +03:00
tsconfig.json ARCH - CODEX AGENTS: стартовый каркас Agent Gateway 2026-05-14 19:16:43 +03:00

README.md

NODE.DC Tasker Codex API

Отдельный модуль NODE.DC для безопасного подключения локальных Codex/AI-агентов к Tasker / Operational Core.

Модуль не является частью Plane fork и не должен становиться backend-расширением Tasker. Его роль — agent gateway: выдача ограниченных agent credentials, проверка прав, MCP/REST-контракт для внешних агентов, аудит и маршрутизация разрешённых операций в Tasker через узкий internal adapter.

Documents

Core rule

External Codex instances never receive Plane session cookies, raw Tasker API tokens, database access, or a generic HTTP proxy into Tasker.

All writes go through NODE.DC Agent Gateway, are scoped by agent grants, and are recorded as actions of a dedicated agent identity owned by a human platform user.

Current implementation

  • Fastify service with /healthz, /readyz, and capability metadata.
  • Postgres migrations for agents, grants, token hashes, pairing codes, audit events, and idempotency keys.
  • Internal REST endpoints for agent profile, grant, and token lifecycle.
  • Opaque agent tokens are generated once and stored only as SHA-256 hashes.
  • Authenticated agent-session endpoint returns effective grants/scopes for future MCP calls.
  • MCP and Tasker write execution are documented but not implemented yet.

Local development

cp .env.example .env
docker compose --env-file .env -f docker-compose.local.yml up -d postgres
npm install
npm run migrate
npm run dev

Useful checks:

npm run check
npm run build
curl http://127.0.0.1:4100/readyz
curl http://127.0.0.1:4100/api/v1/meta/capabilities

Create a local test agent:

curl -X POST http://127.0.0.1:4100/api/v1/agents \
  -H 'Content-Type: application/json' \
  -d '{"owner_user_id":"local-user","owner_email":"local@example.test","display_name":"Local Codex"}'

Create a token and inspect effective agent session:

TOKEN=$(curl -sS -X POST http://127.0.0.1:4100/api/v1/agents/<agent-id>/tokens \
  -H 'Content-Type: application/json' \
  -d '{"name":"Local Codex token"}' | jq -r .token)

curl http://127.0.0.1:4100/api/v1/agent-session \
  -H "Authorization: Bearer $TOKEN"

Do not expose these lifecycle endpoints publicly before the Launcher/internal auth layer is added.