feat: migrate gateway to Hono and remove Express from worker

[buremba]

Summary

• Migrate gateway from Express to Hono framework with OpenAPI/Zod validation
• Rename sessions API to agents (/api/v1/agents/*)
• Add settings page with magic link authentication
• Add scheduled wakeup service for agent reminders
• Add channel binding service for multi-platform support
• Remove deprecated packages/github (merged into git-filesystem module)
• Add K8s observability: ServiceMonitor, Grafana dashboard
• Add gVisor installer and SealedSecrets for production security
• Remove Express dependency from worker package (use native Node.js http)

Test plan

• Verify gateway starts and health endpoint responds
• Test agent API endpoints (/api/v1/agents/*)
• Verify Slack integration works in socket mode
• Test worker MCP SSE endpoint still functions
• Verify K8s deployment with new charts

🤖 Generated with Claude Code

---

Note

High Risk
High risk due to Kubernetes/Helm changes (new tempo dependency, security policy templates, gVisor installer, and gateway env/volume wiring) plus significant Dockerfile and dependency graph adjustments (removing packages/github, adding Nix to worker image), which can break builds or deployments if misconfigured.

Overview
Adds production-oriented observability and security tooling to the Helm chart: upgrades Redis subchart, introduces optional tempo tracing plus Grafana datasource/dashboard ConfigMaps, and adds optional OPA Gatekeeper constraint templates/constraints and an experimental gVisor installer/RuntimeClass.

Updates the gateway deployment spec to wire in optional TEMPO_ENDPOINT, introduce git cache/GitHub App credentials env vars + volume mounts, and renames the model env var from MODEL to AGENT_DEFAULT_MODEL.

Refactors build/runtime packaging: removes packages/github from Docker builds/workspaces and bun.lock, drops Express-related deps from the worker, and enhances the worker base image with gh and a single-user Nix install. Documentation/Makefile are updated to reflect the new dev workflow and secret-handling guidance.

^{Written by Cursor Bugbot for commit 21fee09. This will update automatically on new commits. Configure here.}

[claude]

Claude finished @buremba's task —— View job

---

Code Review: Express to Hono Migration

Comprehensive review of this major architectural migration from Express to Hono framework.

Review Checklist

• Analyze core framework migration (Express → Hono)
• Review API restructuring (/sessions → /agents)
• Examine authentication and security changes
• Check orchestration and deployment updates
• Assess error handling and validation
• Review performance implications
• Evaluate test coverage
• Check for potential bugs or issues

---

Overview

This is an exceptionally well-executed migration that demonstrates thorough architectural planning and attention to detail. The Express to Hono migration brings significant benefits while maintaining backward compatibility through clever adapter patterns.

✅ Strengths

1. Framework Migration Quality

• Excellent adapter pattern in packages/gateway/src/cli/gateway.ts:366-567 - The Express compatibility layer is well-designed and maintains smooth integration with existing modules
• Clean OpenAPI integration - Leverages Hono's native OpenAPI support with Zod validation for type safety
• Proper dependency cleanup - Express completely removed from worker package (packages/worker/package.json shows no Express dependencies)

2. API Design Improvements

• Logical API restructuring - /sessions → /agents makes more semantic sense
• Comprehensive OpenAPI documentation at /api/docs with excellent examples and descriptions
• Well-structured Zod schemas for validation in packages/gateway/src/routes/public/agent.ts

3. Security Enhancements

• Robust Gatekeeper policies in charts/peerbot/templates/gatekeeper-constraints.yaml - Proper OPA constraints for non-root containers, resource limits, and privilege blocking
• Enhanced network isolation with per-deployment proxy authentication and domain filtering
• Proper token-based authentication with JWT validation throughout

4. Observability Excellence

• Custom Prometheus metrics without external dependencies - Clean implementation in packages/gateway/src/metrics/prometheus.ts
• OpenTelemetry tracing setup for distributed tracing with Grafana Tempo integration
• Grafana dashboard configuration included in Helm charts

5. Deployment Flexibility

• Local deployment mode with sandboxing support using Anthropic Runtime
• K8s production readiness with proper security constraints and monitoring
• Smart dependency detection for development vs production builds

⚠️ Areas for Improvement

1. Error Handling packages/gateway/src/cli/gateway.ts:82-90

The module registry fallback could be more robust:

// Current approach has potential failure scenarios
if (moduleRegistry.registerHonoEndpoints) {
  moduleRegistry.registerHonoEndpoints(app);
} else {
  const expressApp = createExpressAdapter(app);
  moduleRegistry.registerEndpoints(expressApp);
}

Recommendation: Add error boundaries and graceful degradation for module registration failures.

2. Performance Considerations

• Stream handling in Express adapter (packages/gateway/src/cli/gateway.ts:480-507) - The streaming implementation creates new ReadableStreams which could have memory implications for large responses
• Connection limits - MAX_CONNECTIONS_PER_AGENT (5) and MAX_TOTAL_CONNECTIONS (1000) are reasonable but should be configurable via environment variables

3. Worker Network Security packages/worker/src/claude/custom-tools.ts

The worker uses native Node.js HTTP with form-data package for file uploads. While functional, consider:

// Current: Manual FormData to Buffer conversion
const formDataBuffer = await new Promise<Buffer>((resolve, reject) => {
  // 100+ lines of stream handling
});

Recommendation: Consider using a more modern approach like native FormData with fetch API if compatible with the gateway's multipart handling.

4. Settings Authentication packages/gateway/src/routes/public/settings.ts:86-94

Token verification could benefit from more detailed error responses:

const payload = verifySettingsToken(token);
if (!payload) {
  return c.html(renderErrorPage("Invalid or expired link..."), 401);
}

Recommendation: Distinguish between invalid vs expired tokens for better UX.

🔍 Potential Issues

1. Race Condition Risk packages/gateway/src/cli/gateway.ts:30

if (httpServer) return; // Global state check

This global check could have race conditions in rapid restart scenarios.

2. Memory Leak Prevention

The SSE connection tracking (packages/gateway/src/routes/public/agent.ts:49-50) needs cleanup:

const sseConnections = new Map<string, Set<any>>();
const execConnections = new Map<string, Set<any>>();

Ensure these maps are properly cleaned up when agents are destroyed.

3. Environment Variable Security

In packages/gateway/src/routes/public/agent.ts:33-46, the RESERVED_EXEC_ENV_KEYS prevent override of sensitive variables, but consider also validating that user-provided environment variables don't contain sensitive patterns.

📊 Performance Impact

Positive:

• Hono's lightweight nature should reduce memory footprint
• Better TypeScript integration reduces runtime validation overhead
• Native OpenAPI support eliminates middleware layers

Monitor:

• Stream handling performance with the Express adapter
• Memory usage with increased SSE connections
• Network proxy performance under high load

🧪 Test Coverage

Missing test files noted - The migration touches many critical paths but test coverage appears limited. Priority areas needing tests:

1. Express adapter compatibility layer
2. Network proxy filtering logic
3. SSE connection management
4. Agent lifecycle management
5. Settings token validation

🏆 Overall Assessment

Rating: 9/10 - This is exemplary migration work. The code quality is high, security considerations are thorough, and the architectural decisions are well-reasoned. The Express adapter pattern shows excellent engineering judgment for maintaining compatibility during the transition.

Key Success Factors:

• Maintains backward compatibility during migration
• Improves type safety with Zod/OpenAPI integration
• Enhances security with proper K8s constraints
• Adds comprehensive observability features

Recommended Next Steps:

1. Add comprehensive test coverage for critical paths
2. Make connection limits configurable
3. Implement graceful degradation for module registry failures
4. Add connection cleanup mechanisms for SSE tracking

This migration successfully modernizes the codebase while maintaining operational stability. Well done! 🎉

---

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on March 4

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Missing PVC template for git-cache volume

High Severity

The gateway deployment references a PersistentVolumeClaim named {{ include "peerbot.fullname" . }}-git-cache when gitCache.persistence.enabled is true, but no corresponding PVC template exists in the Helm chart to create this resource. When someone enables gitCache.enabled: true with gitCache.persistence.enabled: true in their values, the deployment will fail with a "persistentvolumeclaim not found" error because the PVC is never created.

 

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 21fee093a5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Update test script to use new messaging endpoint

The gateway now registers the messaging API at /api/v1/messaging/send (see packages/gateway/src/routes/public/messaging.ts), but this script still posts to /api/messaging/send, which will 404 after the migration. Even if it were routed, the new handler’s response only returns messageId/eventsUrl/queued, while the script later expects .channel and .threadId, so it won’t be able to track thread replies. This makes ./scripts/test-bot.sh fail in the normal post‑migration workflow.

Useful? React with 👍 / 👎.

[mesa-dot-dev]

Mesa Description

Perfect! Now I have enough context to write the high-level PR description. Let me create it based on the template provided:

TL;DR

Migrated gateway from Express to Hono with OpenAPI/Zod validation, renamed sessions API to agents (/api/v1/agents/*), removed Express from worker package, and added comprehensive K8s observability (ServiceMonitor, Grafana dashboard) plus security features (gVisor, SealedSecrets).

What changed?

Gateway Framework Migration

• Replaced Express with Hono framework for improved type safety and performance
• Added @hono/zod-openapi for OpenAPI spec generation and request validation
• Updated all API routes to use Hono's handler patterns

API Updates

• Renamed sessions API endpoints to agents (/api/v1/agents/*)
• Added magic link authentication in new settings page
• Implemented channel binding service for multi-platform agent support

New Features

• Added scheduled wakeup service for agent reminders with cron support
• Integrated channel binding service for linking platform channels to specific agents
• Added settings page with magic link-based authentication

Worker Package

• Removed Express dependency from worker package
• Refactored to use native Node.js HTTP module instead

Kubernetes & Infrastructure

• Added ServiceMonitor for Prometheus integration and metrics scraping
• Added Grafana dashboard ConfigMap for visualization
• Added gVisor installer DaemonSet for enhanced container sandboxing
• Added SealedSecrets support for encrypted secret management in Git
• Enhanced RBAC, network policies, and pod disruption budgets

Package Cleanup

• Removed deprecated packages/github (merged into git-filesystem module)

^{Description generated by Mesa. Update settings}

[mesa-dot-dev]

Performed full review of 9d48358...21fee09

Analysis

1. Zod Version Mismatch: Critical version conflict between gateway (Zod v4.1.12) and worker (Zod v3.24.1) may cause runtime type mismatches for shared types and schemas, particularly through @peerbot/core.

2. Breaking API Changes: Sessions endpoints have been renamed to agents (/api/v1/agents/*) without backward compatibility layer or deprecation warnings, potentially breaking existing integrations.

3. Express Framework Removal: Migration from Express to Hono in the gateway and removal of Express from worker (replaced with native Node.js http) affects critical request handling paths and requires thorough testing, particularly for the MCP SSE transport.

4. Environment Variable Rename: The change from MODEL to AGENT_DEFAULT_MODEL in K8s deployment may break existing configurations without proper migration.

5. New Services Integration: Newly added scheduled wakeup service (using Redis+BullMQ) and channel binding service require production validation, especially the cron-based task scheduler.

Tip

Help

Slash Commands:

• /review - Request a full code review
• /review latest - Review only changes since the last review
• /describe - Generate PR description. This will update the PR body or issue comment depending on your configuration
• /help - Get help with Mesa commands and configuration options

^{0 files reviewed | 8 comments | Edit Agent Settings • Read Docs}

[mesa-dot-dev]

Critical version mismatch: Worker uses Zod v3.24.1 while Gateway uses v4.1.12. This creates a major version incompatibility that could cause runtime type errors, especially since:

1. Worker imports Zod in multiple files (sse-client.ts, custom-tools.ts, mcp-server.ts)
2. Packages share types through @peerbot/core which may use Zod schemas
3. Gateway-worker communication may serialize/deserialize Zod-validated objects

Zod v3 to v4 includes breaking changes in schema definitions and validation behavior. Recommend aligning both packages to use the same Zod version (preferably v4.1.12 to match gateway) or carefully audit all shared type boundaries.

 • 

Prompt for Agent

Task: Address review feedback left on GitHub.
Repository: buremba/peerbot#94
File: packages/worker/package.json#L42
Action: Open this file location in your editor, inspect the highlighted code, and resolve the issue described below.

Feedback:
Critical version mismatch: Worker uses Zod v3.24.1 while Gateway uses v4.1.12. This creates a major version incompatibility that could cause runtime type errors, especially since:

1. Worker imports Zod in multiple files (sse-client.ts, custom-tools.ts, mcp-server.ts)
2. Packages share types through @peerbot/core which may use Zod schemas
3. Gateway-worker communication may serialize/deserialize Zod-validated objects

Zod v3 to v4 includes breaking changes in schema definitions and validation behavior. Recommend aligning both packages to use the same Zod version (preferably v4.1.12 to match gateway) or carefully audit all shared type boundaries.

[mesa-dot-dev]

The cron validation logic calculates the interval between first and second occurrences, but this doesn't catch edge cases where intervals vary (e.g., "0 0 1 * *" runs monthly with different day counts). Consider:

1. Checking multiple intervals (first 3-4 occurrences) to detect varying intervals
2. Warning users about variable-interval cron expressions
3. Using the minimum observed interval for validation rather than just the first interval

Example problematic cron: "0 0 1,15 * *" has 14-16 day intervals that alternate.

 • 

Prompt for Agent

Task: Address review feedback left on GitHub.
Repository: buremba/peerbot#94
File: packages/gateway/src/orchestration/scheduled-wakeup.ts#L293
Action: Open this file location in your editor, inspect the highlighted code, and resolve the issue described below.

Feedback:
The cron validation logic calculates the interval between first and second occurrences, but this doesn't catch edge cases where intervals vary (e.g., "0 0 1 * *" runs monthly with different day counts). Consider:

1. Checking multiple intervals (first 3-4 occurrences) to detect varying intervals
2. Warning users about variable-interval cron expressions
3. Using the minimum observed interval for validation rather than just the first interval

Example problematic cron: "0 0 1,15 * *" has 14-16 day intervals that alternate.

[mesa-dot-dev]

The cron next trigger calculation happens AFTER the current iteration is processed, but doesn't account for the processing time. If the job processing takes longer than the cron interval (e.g., processing takes 6 min but interval is 5 min), the calculated delay could be negative or very short, causing immediate re-triggering or skipped iterations. Consider:

1. Using Date.now() instead of relying on schedule's triggerAt for the next calculation
2. Adding validation that delayMs > 0 and skipping to the following trigger if behind schedule
3. Warning when execution duration exceeds the cron interval

 • 

Prompt for Agent

Task: Address review feedback left on GitHub.
Repository: buremba/peerbot#94
File: packages/gateway/src/orchestration/scheduled-wakeup.ts#L573
Action: Open this file location in your editor, inspect the highlighted code, and resolve the issue described below.

Feedback:
The cron next trigger calculation happens AFTER the current iteration is processed, but doesn't account for the processing time. If the job processing takes longer than the cron interval (e.g., processing takes 6 min but interval is 5 min), the calculated delay could be negative or very short, causing immediate re-triggering or skipped iterations. Consider:

1. Using `Date.now()` instead of relying on schedule's triggerAt for the next calculation
2. Adding validation that `delayMs > 0` and skipping to the following trigger if behind schedule
3. Warning when execution duration exceeds the cron interval

[mesa-dot-dev]

The exec cwd validation uses fs.realpathSync() which will throw if the path doesn't exist yet. This means users cannot specify a cwd that they intend to create during command execution. Consider:

1. Using fs.existsSync() + path normalization for non-existent paths
2. Still resolving symlinks for existing paths to prevent escapes
3. Performing pure path-based containment checks for non-existent directories

Example: User wants to run mkdir newdir && cd newdir && npm init with cwd="newdir"

 • 

Prompt for Agent

Task: Address review feedback left on GitHub.
Repository: buremba/peerbot#94
File: packages/gateway/src/routes/public/agent.ts#L279
Action: Open this file location in your editor, inspect the highlighted code, and resolve the issue described below.

Feedback:
The exec cwd validation uses `fs.realpathSync()` which will throw if the path doesn't exist yet. This means users cannot specify a cwd that they intend to create during command execution. Consider:

1. Using `fs.existsSync()` + path normalization for non-existent paths
2. Still resolving symlinks for existing paths to prevent escapes
3. Performing pure path-based containment checks for non-existent directories

Example: User wants to run `mkdir newdir && cd newdir && npm init` with cwd="newdir"

[mesa-dot-dev]

The SSE stream has an infinite loop with while (true) that only exits on abort. This keeps the stream alive but the heartbeat at line 860 could fail silently and the connection would appear alive but be broken. Consider:

1. Tracking heartbeat failures and closing the connection after N consecutive failures
2. Adding connection timeout if no client acknowledgment is received
3. Implementing proper keepalive with client-side ping/pong

This prevents zombie connections that consume resources but can't actually deliver events.

 • 

Prompt for Agent

Task: Address review feedback left on GitHub.
Repository: buremba/peerbot#94
File: packages/gateway/src/routes/public/agent.ts#L880
Action: Open this file location in your editor, inspect the highlighted code, and resolve the issue described below.

Feedback:
The SSE stream has an infinite loop with `while (true)` that only exits on abort. This keeps the stream alive but the heartbeat at line 860 could fail silently and the connection would appear alive but be broken. Consider:

1. Tracking heartbeat failures and closing the connection after N consecutive failures
2. Adding connection timeout if no client acknowledgment is received
3. Implementing proper keepalive with client-side ping/pong

This prevents zombie connections that consume resources but can't actually deliver events.

[mesa-dot-dev]

The dangerous commands list is too restrictive and incomplete. Issues:

1. sh, bash, zsh are blocked but users legitimately need shells for MCP servers (e.g., Python scripts with shell wrappers)
2. Missing dangerous patterns like eval, exec, command substitution $(...), pipe to shell | sh
3. Only checks the basename, so /usr/bin/curl bypasses the block
4. curl and wget are legitimate for HTTP-based MCP servers

Recommend:

• Remove shell and curl/wget from the blocklist
• Rely on sandboxing (gVisor, namespaces) for security
• OR implement more sophisticated command parsing to detect injection patterns

 • 

Prompt for Agent

Task: Address review feedback left on GitHub.
Repository: buremba/peerbot#94
File: packages/gateway/src/routes/public/agent.ts#L234
Action: Open this file location in your editor, inspect the highlighted code, and resolve the issue described below.

Feedback:
The dangerous commands list is too restrictive and incomplete. Issues:

1. `sh`, `bash`, `zsh` are blocked but users legitimately need shells for MCP servers (e.g., Python scripts with shell wrappers)
2. Missing dangerous patterns like `eval`, `exec`, command substitution `$(...)`, pipe to shell `| sh`
3. Only checks the basename, so `/usr/bin/curl` bypasses the block
4. `curl` and `wget` are legitimate for HTTP-based MCP servers

Recommend:
- Remove shell and curl/wget from the blocklist
- Rely on sandboxing (gVisor, namespaces) for security
- OR implement more sophisticated command parsing to detect injection patterns

[mesa-dot-dev]

The JSON parsing does not enforce a maximum body size, making this endpoint vulnerable to memory exhaustion attacks. Consider adding:

1. A size limit check using content-length header
2. A streaming body size counter that rejects oversized requests
3. A reasonable limit like 10MB for MCP messages

Example attack: POST with gigabytes of JSON data could crash the worker process.

 • 

Prompt for Agent

Task: Address review feedback left on GitHub.
Repository: buremba/peerbot#94
File: packages/worker/src/mcp/mcp-server.ts#L436
Action: Open this file location in your editor, inspect the highlighted code, and resolve the issue described below.

Feedback:
The JSON parsing does not enforce a maximum body size, making this endpoint vulnerable to memory exhaustion attacks. Consider adding:

1. A size limit check using `content-length` header
2. A streaming body size counter that rejects oversized requests
3. A reasonable limit like 10MB for MCP messages

Example attack: POST with gigabytes of JSON data could crash the worker process.

[mesa-dot-dev]

The settings token is being embedded directly into the page JavaScript without sanitization. While JSON.stringify() provides basic escaping, this could be vulnerable to XSS if the token contains malicious content that breaks out of the string context. Consider:

1. Using a more robust escaping function specifically designed for embedding in <script> tags
2. Passing the token via a data- attribute on a DOM element and reading it with JavaScript
3. Setting the token via a separate <script> tag that executes before the main script

Example attack vector: If token generation ever includes unescaped user input, an attacker could inject "</script><script>alert(1)</script>

 • 

Prompt for Agent

Task: Address review feedback left on GitHub.
Repository: buremba/peerbot#94
File: packages/gateway/src/routes/public/settings-page.ts#L379
Action: Open this file location in your editor, inspect the highlighted code, and resolve the issue described below.

Feedback:
The settings token is being embedded directly into the page JavaScript without sanitization. While `JSON.stringify()` provides basic escaping, this could be vulnerable to XSS if the token contains malicious content that breaks out of the string context. Consider:

1. Using a more robust escaping function specifically designed for embedding in `<script>` tags
2. Passing the token via a `data-` attribute on a DOM element and reading it with JavaScript
3. Setting the token via a separate `<script>` tag that executes before the main script

Example attack vector: If token generation ever includes unescaped user input, an attacker could inject `"</script><script>alert(1)</script>`