refactor: clean up client side code for creating schedule (#6805)

Author: lifeizhou-ap

crates/goose-server/src/routes/schedule.rs

@@ -1,4 +1,5 @@
 use std::sync::Arc;
+use tokio::fs;
 
 use axum::{
     extract::{Path, Query, State},
@@ -9,13 +10,30 @@ use axum::{
 use serde::{Deserialize, Serialize};
 
 use crate::routes::errors::ErrorResponse;
+use crate::routes::recipe_utils::validate_recipe;
 use crate::state::AppState;
-use goose::scheduler::ScheduledJob;
+use goose::recipe::Recipe;
+use goose::scheduler::{get_default_scheduled_recipes_dir, ScheduledJob};
+
+fn validate_schedule_id(id: &str) -> Result<(), ErrorResponse> {
+    let is_valid = !id.is_empty()
+        && id
+            .chars()
+            .all(|c| c.is_ascii_alphanumeric() || c == '-' || c == '_' || c == ' ');
+
+    if !is_valid {
+        return Err(ErrorResponse::bad_request(
+            "Schedule name must use only alphanumeric characters, hyphens, underscores, or spaces"
+                .to_string(),
+        ));
+    }
+    Ok(())
+}
 
 #[derive(Deserialize, Serialize, utoipa::ToSchema)]
 pub struct CreateScheduleRequest {
     id: String,
-    recipe_source: String,
+    recipe: Recipe,
     cron: String,
 }
 
@@ -89,20 +107,47 @@ async fn create_schedule(
     State(state): State<Arc<AppState>>,
     Json(req): Json<CreateScheduleRequest>,
 ) -> Result<Json<ScheduledJob>, ErrorResponse> {
-    let scheduler = state.scheduler();
+    let id = req.id.trim().to_string();
+    validate_schedule_id(&id)?;
+
+    if req.recipe.check_for_security_warnings() {
+        return Err(ErrorResponse::bad_request(
+            "This recipe contains hidden characters that could be malicious. Please remove them before trying to save.".to_string(),
+        ));
+    }
+    if let Err(err) = validate_recipe(&req.recipe) {
+        return Err(ErrorResponse {
+            message: err.message,
+            status: err.status,
+        });
+    }
+    let scheduled_recipes_dir = get_default_scheduled_recipes_dir().map_err(|e| {
+        ErrorResponse::internal(format!("Failed to get scheduled recipes directory: {}", e))
+    })?;
+
+    let recipe_path = scheduled_recipes_dir.join(format!("{}.yaml", id));
+    let yaml_content = req
+        .recipe
+        .to_yaml()
+        .map_err(|e| ErrorResponse::internal(format!("Failed to convert recipe to YAML: {}", e)))?;
+    fs::write(&recipe_path, yaml_content)
+        .await
+        .map_err(|e| ErrorResponse::internal(format!("Failed to save recipe file: {}", e)))?;
 
     let job = ScheduledJob {
-        id: req.id,
-        source: req.recipe_source,
+        id,
+        source: recipe_path.to_string_lossy().into_owned(),
         cron: req.cron,
         last_run: None,
         currently_running: false,
         paused: false,
         current_session_id: None,
         process_start_time: None,
     };
+
+    let scheduler = state.scheduler();
     scheduler
-        .add_scheduled_job(job.clone(), true)
+        .add_scheduled_job(job.clone(), false)
         .await
         .map_err(|e| match e {
             goose::scheduler::SchedulerError::CronParseError(msg) => {
@@ -117,6 +162,7 @@ async fn create_schedule(
             },
             _ => ErrorResponse::internal(format!("Error creating schedule: {}", e)),
         })?;
+
     Ok(Json(job))
 }
 

ui/desktop/openapi.json

@@ -3437,7 +3437,7 @@
         "type": "object",
         "required": [
           "id",
-          "recipe_source",
+          "recipe",
           "cron"
         ],
         "properties": {
@@ -3447,8 +3447,8 @@
           "id": {
             "type": "string"
           },
-          "recipe_source": {
-            "type": "string"
+          "recipe": {
+            "$ref": "#/components/schemas/Recipe"
           }
         }
       },

ui/desktop/src/api/types.gen.ts

@@ -135,7 +135,7 @@ export type CreateRecipeResponse = {
 export type CreateScheduleRequest = {
     cron: string;
     id: string;
-    recipe_source: string;
+    recipe: Recipe;
 };
 
 /**

ui/desktop/src/components/recipes/ImportRecipeForm.tsx

@@ -4,12 +4,11 @@ import { z } from 'zod';
 import { Download } from 'lucide-react';
 import { Button } from '../ui/button';
 import { Input } from '../ui/input';
-import { Recipe, decodeRecipe } from '../../recipe';
+import { Recipe, parseDeeplink, parseRecipeFromFile } from '../../recipe';
 import { toastSuccess, toastError } from '../../toasts';
 import { useEscapeKey } from '../../hooks/useEscapeKey';
 import { getRecipeJsonSchema } from '../../recipe/validation';
 import { saveRecipe } from '../../recipe/recipe_management';
-import { parseRecipe } from '../../api';
 import { errorMessage } from '../../utils/conversionUtils';
 
 interface ImportRecipeFormProps {
@@ -46,54 +45,6 @@ export default function ImportRecipeForm({ isOpen, onClose, onSuccess }: ImportR
 
   useEscapeKey(isOpen, onClose);
 
-  const parseDeeplink = async (deeplink: string): Promise<Recipe | null> => {
-    try {
-      const cleanLink = deeplink.trim();
-
-      if (!cleanLink.startsWith('goose://recipe?config=')) {
-        throw new Error('Invalid deeplink format. Expected: goose://recipe?config=...');
-      }
-
-      const recipeEncoded = cleanLink.replace('goose://recipe?config=', '');
-
-      if (!recipeEncoded) {
-        throw new Error('No recipe configuration found in deeplink');
-      }
-      const recipe = await decodeRecipe(recipeEncoded);
-
-      if (!recipe.title || !recipe.description) {
-        throw new Error('Recipe is missing required fields (title, description)');
-      }
-
-      if (!recipe.instructions && !recipe.prompt) {
-        throw new Error('Recipe must have either instructions or prompt');
-      }
-
-      return recipe;
-    } catch (error) {
-      console.error('Failed to parse deeplink:', error);
-      return null;
-    }
-  };
-
-  const parseRecipeFromFile = async (fileContent: string): Promise<Recipe> => {
-    try {
-      let response = await parseRecipe({
-        body: {
-          content: fileContent,
-        },
-        throwOnError: true,
-      });
-      return response.data.recipe;
-    } catch (error) {
-      let error_message = 'unknown error';
-      if (typeof error === 'object' && error !== null && 'message' in error) {
-        error_message = error.message as string;
-      }
-      throw new Error(error_message);
-    }
-  };
-
   const importRecipeForm = useForm({
     defaultValues: {
       deeplink: '',