deai-network
diff --git a/‎packages/optio-api/src/__tests__/widget-proxy-core.test.ts‎
Lines changed: 28 additions & 0 deletions b/‎packages/optio-api/src/__tests__/widget-proxy-core.test.ts‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎packages/optio-api/src/adapters/__tests__/fastify-widget-proxy.test.ts‎
Lines changed: 120 additions & 0 deletions b/‎packages/optio-api/src/adapters/__tests__/fastify-widget-proxy.test.ts‎
Lines changed: 120 additions & 0 deletions
diff --git a/‎packages/optio-api/src/adapters/fastify.ts‎
Lines changed: 169 additions & 20 deletions b/‎packages/optio-api/src/adapters/fastify.ts‎
Lines changed: 169 additions & 20 deletions
@@ -53,6 +53,34 @@ describe('resolveWidgetUpstream', () => {
     expect(result).toBeNull();
   });
 
+  it('does NOT cache a negative lookup, so a later worker-side set_widget_upstream is seen on the next request', async () => {
+    // Covers the regression where a relaunched process was 404'd in the
+    // iframe until the 5s TTL expired because the dashboard loaded a cached
+    // null from the previous session's teardown.
+    const reg = createWidgetUpstreamRegistry({ ttlMs: 5000 });
+    const oid = new ObjectId();
+    await db.collection(`${PREFIX}_processes`).insertOne({
+      _id: oid, processId: 'p', name: 'P',
+      rootId: oid, depth: 0, order: 0,
+      status: { state: 'running' },
+      progress: { percent: null }, log: [],
+      cancellable: true,
+      widgetUpstream: null,
+    });
+
+    const first = await resolveWidgetUpstream(db, PREFIX, reg, oid.toString());
+    expect(first).toBeNull();
+
+    // Worker registers upstream (simulating Python's set_widget_upstream).
+    await db.collection(`${PREFIX}_processes`).updateOne(
+      { _id: oid },
+      { $set: { widgetUpstream: { url: 'http://127.0.0.1:9000', innerAuth: null } } },
+    );
+
+    const second = await resolveWidgetUpstream(db, PREFIX, reg, oid.toString());
+    expect(second?.url).toBe('http://127.0.0.1:9000');
+  });
+
   it('returns widgetUpstream when set and caches it', async () => {
     const reg = createWidgetUpstreamRegistry({ ttlMs: 5000 });
     const oid = new ObjectId();
 
@@ -230,6 +230,126 @@ describe('registerWidgetProxy — HTTP path', () => {
     await app.close();
   });
 
+  it('injects <base href> into text/html responses pointing at the widget-proxy prefix', async () => {
+    upstreamResponder = (_req, res, _body) => {
+      res.statusCode = 200;
+      res.setHeader('content-type', 'text/html; charset=utf-8');
+      res.end('<!doctype html>\n<html><head><title>t</title></head><body></body></html>');
+    };
+    const app = await makeApp();
+    const oid = await insertProcess({ url: `http://127.0.0.1:${upstreamPort}`, innerAuth: null });
+    const res = await app.inject({ method: 'GET', url: widgetUrl(oid, '/some/deep/path') });
+    expect(res.statusCode).toBe(200);
+    const expectedBase = `<base href="/api/widget/${encodeURIComponent(DB_NAME)}/${encodeURIComponent(PREFIX)}/${oid}/">`;
+    expect(res.body).toContain(expectedBase);
+    // Injection is right after <head>.
+    expect(res.body).toMatch(new RegExp(`<head[^>]*>${expectedBase.replace(/[\\^$.*+?()|[\]{}]/g, '\\$&')}`));
+    // Content-length matches the transformed body length.
+    const lenHeader = res.headers['content-length'];
+    if (lenHeader !== undefined) {
+      expect(Number(lenHeader)).toBe(Buffer.byteLength(res.body, 'utf-8'));
+    }
+    await app.close();
+  });
+
+  it('injects a history.replaceState script that strips the widget-proxy prefix from location.pathname', async () => {
+    upstreamResponder = (_req, res, _body) => {
+      res.statusCode = 200;
+      res.setHeader('content-type', 'text/html; charset=utf-8');
+      res.end('<!doctype html>\n<html><head></head><body></body></html>');
+    };
+    const app = await makeApp();
+    const oid = await insertProcess({ url: `http://127.0.0.1:${upstreamPort}`, innerAuth: null });
+    const res = await app.inject({ method: 'GET', url: widgetUrl(oid, '/foo/bar') });
+    expect(res.statusCode).toBe(200);
+    // The injected script references the proxy prefix (without trailing slash)
+    // inside a JSON-encoded string literal for a RegExp.
+    const literalPrefix = `/api/widget/${encodeURIComponent(DB_NAME)}/${encodeURIComponent(PREFIX)}/${oid}`;
+    expect(res.body).toContain('history.replaceState');
+    expect(res.body).toContain(JSON.stringify(literalPrefix));
+    // Script lives inside the <head>.
+    expect(res.body).toMatch(/<head[^>]*><base[^>]*><script>[\s\S]*?history\.replaceState[\s\S]*?<\/script>/);
+    await app.close();
+  });
+
+  it('appends SHA-256 hash of the inline script to script-src so CSPs that forbid inline scripts still allow it', async () => {
+    upstreamResponder = (_req, res, _body) => {
+      res.statusCode = 200;
+      res.setHeader('content-type', 'text/html; charset=utf-8');
+      res.setHeader(
+        'content-security-policy',
+        "default-src 'self'; script-src 'self' 'wasm-unsafe-eval'",
+      );
+      res.end('<!doctype html>\n<html><head></head><body></body></html>');
+    };
+    const app = await makeApp();
+    const oid = await insertProcess({ url: `http://127.0.0.1:${upstreamPort}`, innerAuth: null });
+    const res = await app.inject({ method: 'GET', url: widgetUrl(oid, '/') });
+    expect(res.statusCode).toBe(200);
+
+    const csp = String(res.headers['content-security-policy']);
+    // Extract the base64 hash value following 'sha256-' and before the closing
+    // single-quote within script-src.
+    const m = csp.match(/script-src [^;]*'sha256-([A-Za-z0-9+/=]+)'/);
+    expect(m).not.toBeNull();
+    const cspHash = m![1];
+
+    // Recompute the hash of the <script> body found in the response and
+    // confirm it matches what got appended to the CSP.
+    const scriptMatch = res.body.match(/<script>([\s\S]*?)<\/script>/);
+    expect(scriptMatch).not.toBeNull();
+    const actualHash = require('node:crypto').createHash('sha256').update(scriptMatch![1], 'utf-8').digest('base64');
+    expect(cspHash).toBe(actualHash);
+
+    // Original directives preserved.
+    expect(csp).toContain("default-src 'self'");
+    expect(csp).toContain("'wasm-unsafe-eval'");
+    await app.close();
+  });
+
+  it('does not touch CSP when upstream sends none', async () => {
+    upstreamResponder = (_req, res, _body) => {
+      res.statusCode = 200;
+      res.setHeader('content-type', 'text/html; charset=utf-8');
+      res.end('<!doctype html>\n<html><head></head><body></body></html>');
+    };
+    const app = await makeApp();
+    const oid = await insertProcess({ url: `http://127.0.0.1:${upstreamPort}`, innerAuth: null });
+    const res = await app.inject({ method: 'GET', url: widgetUrl(oid, '/') });
+    expect(res.statusCode).toBe(200);
+    expect(res.headers['content-security-policy']).toBeUndefined();
+    await app.close();
+  });
+
+  it('does NOT inject <base href> into non-HTML responses (e.g. JS assets)', async () => {
+    const jsSource = 'export const x = "/assets/foo.png"; // literal path string';
+    upstreamResponder = (_req, res, _body) => {
+      res.statusCode = 200;
+      res.setHeader('content-type', 'application/javascript');
+      res.end(jsSource);
+    };
+    const app = await makeApp();
+    const oid = await insertProcess({ url: `http://127.0.0.1:${upstreamPort}`, innerAuth: null });
+    const res = await app.inject({ method: 'GET', url: widgetUrl(oid, '/assets/x.js') });
+    expect(res.statusCode).toBe(200);
+    expect(res.body).toBe(jsSource);
+    expect(res.body).not.toContain('<base');
+    await app.close();
+  });
+
+  it('strips Accept-Encoding from the outgoing upstream request', async () => {
+    const app = await makeApp();
+    const oid = await insertProcess({ url: `http://127.0.0.1:${upstreamPort}`, innerAuth: null });
+    await app.inject({
+      method: 'GET',
+      url: widgetUrl(oid, '/'),
+      headers: { 'accept-encoding': 'gzip, deflate, br' },
+    });
+    expect(upstreamRequests.length).toBeGreaterThan(0);
+    expect(upstreamRequests[0].headers['accept-encoding']).toBeUndefined();
+    await app.close();
+  });
+
   async function makeAppWithLog(verbose: boolean | undefined): Promise<{ app: FastifyInstance; logs: any[] }> {
     const logs: any[] = [];
     const stream = { write(line: string) { try { logs.push(JSON.parse(line)); } catch { logs.push(line); } } };
 
@@ -13,6 +13,7 @@ import { createListPoller, createTreePoller } from '../stream-poller.js';
 import { discoverInstances } from '../discovery.js';
 import { resolveDb, type DbOptions } from '../resolve-db.js';
 import httpProxy from '@fastify/http-proxy';
+import { createHash } from 'node:crypto';
 import type { AuthCallback } from '../auth.js';
 import { checkAuth } from '../auth.js';
 import { createWidgetUpstreamRegistry } from '../widget-upstream-registry.js';
@@ -40,6 +41,100 @@ interface WidgetProxyInternalOptions {
   verbose?: boolean;
 }
 
+function rewriteResponseHeaders(headers: Record<string, any>): Record<string, any> {
+  // The proxy's purpose is to make the upstream embeddable in an iframe under
+  // optio-api's outer auth. Strip `X-Frame-Options` and any `frame-ancestors`
+  // CSP directive so upstreams (marimo, jupyter, internal tools) that default
+  // to anti-embedding headers don't block that. Clickjacking defense is
+  // provided by optio-api's authenticate callback: the proxy is unreachable
+  // without a valid session.
+  const out = { ...headers };
+  delete out['x-frame-options'];
+  const csp = out['content-security-policy'];
+  if (typeof csp === 'string') {
+    const stripped = csp
+      .split(';')
+      .map((d) => d.trim())
+      .filter((d) => d.length > 0 && !d.toLowerCase().startsWith('frame-ancestors'))
+      .join('; ');
+    if (stripped) out['content-security-policy'] = stripped;
+    else delete out['content-security-policy'];
+  }
+  return out;
+}
+
+function widgetProxyPrefix(database: string, prefix: string, processId: string): string {
+  return `/api/widget/${encodeURIComponent(database)}/${encodeURIComponent(prefix)}/${processId}/`;
+}
+
+interface HtmlInjection {
+  html: string;
+  stripScriptSha256: string; // base64-encoded SHA-256 of the inline script body (for CSP)
+}
+
+function injectBaseHref(html: string, proxyPrefix: string): HtmlInjection {
+  // Inject two things right after <head>:
+  //
+  // 1. <base href="<proxyPrefix>"> — forces relative URLs in the page to
+  //    resolve against the proxy root regardless of how deep the current
+  //    document URL is.  Required for SPAs (like opencode) whose HTML uses
+  //    relative asset paths ("./assets/x.js") but are loaded via a routing-
+  //    deep URL like /api/widget/<db>/<prefix>/<pid>/<workdir>/session/.
+  //    Without it, assets resolve to `.../workdir/session/assets/x.js` and
+  //    hit the upstream's SPA fallback with wrong MIME types.
+  //
+  // 2. An inline <script> that runs before the SPA bundle and strips the
+  //    proxy prefix from `location.pathname` via history.replaceState.
+  //    This makes the SPA's client-side router (e.g. @solidjs/router, react
+  //    -router) see the application's intended URL space (`/:dir/session/`
+  //    in opencode's case) rather than the proxy-nested one
+  //    (`/api/widget/<db>/<prefix>/<pid>/:dir/session/`).  `<base href>` is
+  //    unaffected, so asset loading continues to work.
+  //
+  // Because the inline script violates `script-src 'self'` CSPs, we also
+  // return its SHA-256 so the caller can append `'sha256-…'` to the
+  // outgoing CSP's script-src directive.
+  const baseTag = `<base href="${proxyPrefix}">`;
+  // Escape regex-meta characters in the prefix for the runtime match.
+  const prefixLiteralForRegex = proxyPrefix
+    .replace(/\/$/, '') // the script uses the stripped form without trailing slash
+    .replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+  const scriptBody =
+    `(function(){var r=new RegExp('^' + ${JSON.stringify(prefixLiteralForRegex)});` +
+    `var p=location.pathname;var m=p.match(r);` +
+    `if(m){history.replaceState(null,'',(p.slice(m[0].length)||'/')+location.search+location.hash);}` +
+    `})();`;
+  const stripScriptSha256 = createHash('sha256').update(scriptBody, 'utf-8').digest('base64');
+  const stripScript = `<script>${scriptBody}</script>`;
+  const injection = `${baseTag}${stripScript}`;
+  const m = html.match(/<head(\s[^>]*)?>/i);
+  const transformed = m
+    ? html.replace(m[0], `${m[0]}${injection}`)
+    : `${injection}${html}`;
+  return { html: transformed, stripScriptSha256 };
+}
+
+// Extend the upstream CSP's script-src (or add one) with the SHA-256 of our
+// injected inline script.  Called only when HTML body rewriting has happened.
+function appendScriptHashToCsp(csp: string, scriptHashBase64: string): string {
+  const hashToken = `'sha256-${scriptHashBase64}'`;
+  const parts = csp
+    .split(';')
+    .map((d) => d.trim())
+    .filter((d) => d.length > 0);
+  let found = false;
+  const updated = parts.map((directive) => {
+    const lower = directive.toLowerCase();
+    if (lower.startsWith('script-src ') || lower === 'script-src') {
+      found = true;
+      return `${directive} ${hashToken}`;
+    }
+    return directive;
+  });
+  if (!found) updated.push(`script-src ${hashToken}`);
+  return updated.join('; ');
+}
+
 function registerWidgetProxy(app: FastifyInstance, opts: WidgetProxyInternalOptions): void {
   const registry = createWidgetUpstreamRegistry({ ttlMs: opts.ttlMs ?? WIDGET_CACHE_TTL_MS });
 
@@ -112,12 +207,22 @@ function registerWidgetProxy(app: FastifyInstance, opts: WidgetProxyInternalOpti
       }
 
       // Store upstream on raw request for getUpstream + rewriteRequestHeaders to pick up
-      (req.raw as any).__optioWidget = { processId, upstream };
+      (req.raw as any).__optioWidget = {
+        processId,
+        upstream,
+        proxyPrefix: widgetProxyPrefix(database, prefix, processId),
+      };
 
       // Strip /api/widget/<database>/<prefix>/<processId> from the URL, leaving the sub-path.
       // Then apply query-based inner auth if needed.
       const stripped = fullUrl.replace(WIDGET_PREFIX_STRIP, '') || '/';
       req.raw.url = applyInnerAuthQuery(upstream.innerAuth, stripped);
+
+      // Strip Accept-Encoding so the upstream returns uncompressed bodies.
+      // We need to rewrite text/html bodies in onResponse to inject <base href>,
+      // and handling gzip/br variants per upstream is more friction than the
+      // bandwidth savings are worth for a dev-tool reverse proxy.
+      delete (req.raw.headers as Record<string, any>)['accept-encoding'];
     },
 
     // Rewrite headers for outgoing WebSocket handshake (inner-auth injection).
@@ -141,26 +246,70 @@ function registerWidgetProxy(app: FastifyInstance, opts: WidgetProxyInternalOpti
         if (!widget) return headers;
         return applyInnerAuthHeaders(widget.upstream.innerAuth, headers);
       },
-      // The proxy's purpose is to make the upstream embeddable in an iframe under
-      // optio-api's outer auth. Strip `X-Frame-Options` and any `frame-ancestors`
-      // CSP directive so upstreams (marimo, jupyter, internal tools) that default
-      // to anti-embedding headers don't block that. Clickjacking defense is
-      // provided by optio-api's authenticate callback: the proxy is unreachable
-      // without a valid session.
-      rewriteHeaders: (headers: Record<string, any>) => {
-        const out = { ...headers };
-        delete out['x-frame-options'];
-        const csp = out['content-security-policy'];
-        if (typeof csp === 'string') {
-          const stripped = csp
-            .split(';')
-            .map((d) => d.trim())
-            .filter((d) => d.length > 0 && !d.toLowerCase().startsWith('frame-ancestors'))
-            .join('; ');
-          if (stripped) out['content-security-policy'] = stripped;
-          else delete out['content-security-policy'];
+      rewriteHeaders: rewriteResponseHeaders,
+      // onResponse takes over the response forwarding so we can rewrite
+      // text/html bodies (inject <base href> — see injectBaseHref).
+      // Non-HTML responses stream through unchanged.
+      //
+      // We use reply.hijack() + reply.raw directly because fastify 5's
+      // reply.send() does not accept Node IncomingMessage streams, and the
+      // header/body coordination for a transformed HTML body is simpler on
+      // the raw ServerResponse anyway.  reply-from does NOT auto-apply
+      // rewriteHeaders when onResponse is defined, so apply them here
+      // explicitly to the outgoing response.
+      onResponse: (request: any, reply: any, res: any) => {
+        // @fastify/reply-from passes a wrapper: res.stream is the Readable
+        // upstream body; res.headers / res.statusCode are the top-level fields.
+        const stream: NodeJS.ReadableStream = res.stream;
+        reply.hijack();
+        const rawRes: import('http').ServerResponse = reply.raw;
+        const statusCode: number = res.statusCode ?? 200;
+        const incomingHeaders = res.headers as Record<string, any>;
+        const contentType = String(incomingHeaders['content-type'] ?? '').toLowerCase();
+
+        if (!contentType.includes('text/html')) {
+          const outHeaders = rewriteResponseHeaders(incomingHeaders);
+          rawRes.writeHead(statusCode, outHeaders as any);
+          stream.pipe(rawRes);
+          stream.on('error', (err: any) => {
+            request.log.error({ err }, 'widget-proxy: upstream body read error');
+            if (!rawRes.headersSent) rawRes.writeHead(502);
+            rawRes.end();
+          });
+          return;
         }
-        return out;
+
+        const widget = (request.raw as any).__optioWidget;
+        const proxyPrefix: string = widget?.proxyPrefix ?? '/';
+        const chunks: Buffer[] = [];
+        stream.on('data', (c: Buffer) => {
+          chunks.push(c);
+        });
+        stream.on('end', () => {
+          const html = Buffer.concat(chunks).toString('utf-8');
+          const { html: transformed, stripScriptSha256 } = injectBaseHref(html, proxyPrefix);
+          const body = Buffer.from(transformed, 'utf-8');
+          // Rebuild headers: copy upstream, then override transform-affected ones.
+          const outHeaders: Record<string, any> = rewriteResponseHeaders(incomingHeaders);
+          outHeaders['content-length'] = String(body.byteLength);
+          // Drop content-encoding — we already decoded if upstream gzipped.
+          // (We also strip Accept-Encoding on the way out in preHandler so in
+          // practice upstream should send identity, but belt-and-braces.)
+          delete outHeaders['content-encoding'];
+          // If a CSP is present, allowlist our injected inline script by hash
+          // so it isn't blocked by `script-src 'self'`.
+          const csp = outHeaders['content-security-policy'];
+          if (typeof csp === 'string' && csp.length > 0) {
+            outHeaders['content-security-policy'] = appendScriptHashToCsp(csp, stripScriptSha256);
+          }
+          rawRes.writeHead(statusCode, outHeaders as any);
+          rawRes.end(body);
+        });
+        stream.on('error', (err: any) => {
+          request.log.error({ err }, 'widget-proxy: upstream body read error');
+          if (!rawRes.headersSent) rawRes.writeHead(502);
+          rawRes.end();
+        });
       },
       // Map connection errors (ECONNREFUSED → InternalServerError/500 by default) to
       // 502 Bad Gateway so callers get a meaningful gateway error.