Add Midday Computer: API, compute runtime, CLI, database, and integrations

[pontusab]

Note

High Risk
Adds a new production service that executes generated code and triggers write actions via automation, plus broad changes to MCP tool output schemas that could break tool clients or agent code generation if mismatched.

Overview
Adds Midday Computer agents end-to-end: a new REST router (/computer) and MCP tool suite (computer_*) to list catalog agents, enable/deploy generated agents, trigger runs, and inspect run history/proposals.

Introduces a new apps/compute service (Docker/Railway-deployable) that consumes a BullMQ compute queue to execute agent code in a sandbox (secure-exec), supports scheduled runs via cron + DB lock, records step logs/memory, and implements an approval workflow by persisting proposed actions and replaying them after approval.

Hardens MCP tool schemas across many domains by replacing record(any) outputs with typed Zod schemas, adding a shared mcpListMetaSchema, and improving structured outputs for several write/destructive operations (e.g., invoices send/remind responses, recurring invoice preview sanitization). CI/CD is updated to detect/deploy the new @midday/compute service in staging and production, and the dashboard chat UI recognizes computer_* tool calls.

^{Reviewed by Cursor Bugbot for commit 0d87898. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 0d87898. Configure here.}

[cursor]

REST confirm endpoint accepts arbitrary unvalidated code for execution

High Severity

The /agents/confirm REST endpoint and computer_agent_confirm MCP tool accept a raw code string from the client and store it directly in the database for later execution by the compute runtime. Unlike generateAgentFromDescription, which type-checks and compiles the code before returning it, these endpoints perform no validation, sandboxing pre-check, or verification that the code actually came from the generation step. Any authenticated user can deploy arbitrary JavaScript that will be executed by the compute worker with full MCP tool access.

Additional Locations (1)

• apps/api/src/mcp/tools/computer.ts#L167-L218

 

^{Reviewed by Cursor Bugbot for commit 0d87898. Configure here.}

[cursor]

Generated agent loses TypeScript source, duplicates compiled output

Medium Severity

In generateAgentFromDescription, the return value spreads agentMeta (which contains the original code field from the LLM — TypeScript source) but then immediately overwrites code with compiled.js. Both code and compiledCode end up holding the same compiled JavaScript. The original TypeScript source is lost, making it impossible for users to review or edit the generated agent's source code after generation.

 

^{Reviewed by Cursor Bugbot for commit 0d87898. Configure here.}

[cursor]

Scheduler lock not re-validated after initial acquisition

Medium Severity

Once hasLock is set to true, the scheduler never re-validates it against the database. If the lock expires or is released (e.g., due to a database failover or connection reset), the in-memory hasLock flag remains true, so refreshSchedules skips re-acquisition. This means the instance continues scheduling jobs even though another instance may have taken over the lock, leading to duplicate scheduled runs.

 

^{Reviewed by Cursor Bugbot for commit 0d87898. Configure here.}