4runr-os 2.10.2 → 2.10.4

package/prisma/schema.prisma

@@ -0,0 +1,469 @@
+// This is your Prisma schema file,
+// learn more about it in the docs: https://pris.ly/d/prisma-schema
+
+generator client {
+  provider      = "prisma-client-js"
+  binaryTargets = ["native", "linux-musl-openssl-3.0.x", "linux-musl"]
+}
+
+datasource db {
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
+}
+
+model Agent {
+  id         String   @id @default(uuid())
+  name       String
+  role       String
+  createdBy  String
+  publicKey  String
+  status     String   @default("active")
+  createdAt  DateTime @default(now())
+  tokens     Token[]
+  requestLogs RequestLog[]
+  policies   Policy[]
+  policyLogs PolicyLog[]
+  tokenRegistries TokenRegistry[]
+}
+
+model Token {
+  id         String   @id @default(uuid())
+  agentId    String
+  agent      Agent    @relation(fields: [agentId], references: [id])
+  encrypted  String
+  expiresAt  DateTime
+  revoked    Boolean  @default(false)
+  createdAt  DateTime @default(now())
+}
+
+model RequestLog {
+  id           String   @id @default(uuid())
+  agentId      String
+  agent        Agent    @relation(fields: [agentId], references: [id])
+  tool         String
+  action       String
+  responseTime Int      // milliseconds
+  statusCode   Int
+  success      Boolean
+  createdAt    DateTime @default(now())
+}
+
+model Policy {
+  id          String   @id @default(uuid())
+  name        String
+  description String?
+  agentId     String?  // null for role-based policies
+  role        String?  // null for agent-specific policies
+  spec        String   // JSON policy specification
+  specHash    String   // SHA256 hash of spec for change detection
+  active      Boolean  @default(true)
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+  agent       Agent?   @relation(fields: [agentId], references: [id])
+  policyLogs  PolicyLog[]
+  quotaCounters QuotaCounter[]
+}
+
+model PolicyLog {
+  id          String   @id @default(uuid())
+  policyId    String
+  agentId     String
+  tool        String
+  action      String
+  decision    String   // "allow", "deny"
+  reason      String?  // denial reason
+  requestData String?  // JSON request data (truncated)
+  responseData String? // JSON response data (truncated)
+  createdAt   DateTime @default(now())
+  policy      Policy   @relation(fields: [policyId], references: [id])
+  agent       Agent    @relation(fields: [agentId], references: [id])
+}
+
+model QuotaCounter {
+  id          String   @id @default(uuid())
+  policyId    String
+  quotaKey    String   // e.g., "serpapi:search:2024-01-15"
+  current     Int      @default(0)
+  resetAt     DateTime
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+  policy      Policy   @relation(fields: [policyId], references: [id])
+}
+
+model ToolCredential {
+  id          String   @id @default(uuid())
+  tool        String   // e.g., "serpapi", "openai", "gmail_send"
+  version     String   // e.g., "v1", "v2"
+  isActive    Boolean  @default(false)
+  encryptedCredential String // Encrypted credential data
+  metadata    String?  // JSON metadata (encrypted)
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+  activatedAt DateTime?
+  deactivatedAt DateTime?
+  
+  @@unique([tool, version])
+}
+
+model TokenRegistry {
+  id          String   @id @default(uuid())
+  tokenId     String   @unique // The token ID issued to the agent
+  agentId     String
+  payloadHash String   // SHA256 hash of the token payload
+  issuedAt    DateTime @default(now())
+  expiresAt   DateTime
+  isRevoked   Boolean  @default(false)
+  revokedAt   DateTime?
+  agent       Agent    @relation(fields: [agentId], references: [id])
+}
+
+// ====== AI AGENT RUNTIME MODELS (TASK-001) ======
+
+model RuntimeAgent {
+  id           String   @id @default(uuid())
+  name         String
+  language     AgentLanguage
+  sourceType   SourceType   @default(ZIP) // ZIP | GIT (ZIP for MVP)
+  sourceUri    String?      // path to extracted zip in local FS (MVP)
+  entrypoint   String       // index.js | main.py
+  env          Json         // non-secret env vars (secrets via Gateway only)
+  limitsCpu    Float?       // e.g. 0.5
+  limitsMemMb  Int?         // e.g. 256
+  networkMode  NetworkMode  @default(NONE) // NONE | EGRESS (via Gateway proxy only)
+  status       AgentStatus  @default(READY)
+  // NEW: restart policy & limits
+  maxRestarts  Int      @default(2)  // per run
+  restartBackoffMs Int  @default(5000)
+  // NEW: tags for demo functionality (JSON array for SQLite compatibility)
+  tags         Json     @default("[]")
+  createdAt    DateTime     @default(now())
+  updatedAt    DateTime     @updatedAt
+
+  runs         RuntimeRun[]
+  schedules    RuntimeSchedule[]
+
+  @@map("runtime_agents")
+}
+
+model RuntimeRun {
+  id          String    @id @default(uuid())
+  agentId     String
+  agent       RuntimeAgent @relation(fields: [agentId], references: [id], onDelete: Cascade)
+  status      RunStatus @default(QUEUED)  // QUEUED | RUNNING | SUCCEEDED | FAILED | KILLED
+  startedAt   DateTime?
+  endedAt     DateTime?
+  exitCode    Int?
+  reason      String?        // containerId or failure reason
+  // NEW: restart policy & limits
+  cpuSeconds  Float?         // cumulative seconds
+  maxMemMb    Int?           // peak RSS MB
+  restarts    Int            @default(0)
+  lastSampleAt DateTime?     // last stats collection time
+  // NEW: trigger tracking
+  triggeredBy TriggerType    @default(MANUAL)
+  // (optional) logsPtr for future
+  createdAt   DateTime  @default(now())
+
+  @@map("runtime_runs")
+}
+
+model RuntimeSchedule {
+  id        String   @id @default(uuid())
+  agentId   String
+  agent     RuntimeAgent @relation(fields: [agentId], references: [id], onDelete: Cascade)
+  cronExpr  String
+  enabled   Boolean  @default(true)
+  lastRunAt DateTime?
+  nextRunAt DateTime?
+  createdAt DateTime @default(now())
+
+  @@map("runtime_schedules")
+}
+
+enum AgentLanguage {
+  NODE
+  PYTHON
+}
+
+enum SourceType {
+  ZIP
+  GIT
+}
+
+enum NetworkMode {
+  NONE
+  EGRESS
+}
+
+enum AgentStatus {
+  READY
+  ERROR
+  DISABLED
+}
+
+enum RunStatus {
+  CREATED
+  QUEUED
+  RUNNING
+  COMPLETED
+  FAILED
+  KILLED
+  SUCCEEDED // Alias for COMPLETED (keeping for RuntimeRun compatibility)
+}
+
+enum TriggerType {
+  MANUAL
+  SCHEDULE
+}
+
+// ====== GATEWAY RUNS MODELS ======
+
+model Run {
+  id           String   @id @default(uuid())
+  name         String
+  status       RunStatus @default(CREATED)
+  input        Json?    // JSON input payload
+  output       Json?    // JSON output payload
+  logs         Json     @default("[]") // Array of log entries
+  clientToken  String?  @unique // Idempotency token from client
+  tags         String[] @default([])
+  startedAt    DateTime?
+  completedAt  DateTime?
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+
+  @@map("runs")
+  @@index([status])
+  @@index([clientToken])
+  @@index([createdAt])
+}
+
+model ApiKey {
+  id        String   @id @default(cuid())
+  key       String   @unique // Hashed or opaque token
+  label     String?
+  revoked   Boolean  @default(false)
+  userId    String?  // Link to user if applicable
+  user      User?    @relation(fields: [userId], references: [id], onDelete: Cascade)
+  createdAt DateTime @default(now())
+  revokedAt DateTime?
+
+  @@map("api_keys")
+  @@index([key])
+  @@index([userId])
+}
+
+// ====== RBAC MODELS ======
+
+model User {
+  id        String   @id @default(uuid())
+  email     String   @unique
+  username  String   @unique
+  passwordHash String? // Optional - can use external auth
+  status    UserStatus @default(ACTIVE)
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  lastLoginAt DateTime?
+
+  // MFA fields
+  mfaEnabled Boolean  @default(false)
+  mfaSecret  String? // TOTP secret (encrypted)
+  mfaBackupCodes String[] @default([]) // Encrypted backup codes
+  mfaVerifiedAt DateTime? // When MFA was last verified
+
+  // Relations
+  roles     UserRole[]
+  apiKeys   ApiKey[]
+  sessions  UserSession[]
+
+  @@map("users")
+  @@index([email])
+  @@index([username])
+  @@index([status])
+}
+
+model Role {
+  id          String   @id @default(uuid())
+  name        String   @unique
+  description String?
+  isSystem    Boolean  @default(false) // System roles cannot be deleted
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+
+  // Relations
+  users       UserRole[]
+  permissions RolePermission[]
+
+  @@map("roles")
+  @@index([name])
+}
+
+model Permission {
+  id          String   @id @default(uuid())
+  resource    String   // e.g., "runs", "agents", "users"
+  action      String   // e.g., "create", "read", "update", "delete", "execute"
+  description String?
+  createdAt   DateTime @default(now())
+
+  // Relations
+  roles       RolePermission[]
+
+  @@unique([resource, action])
+  @@map("permissions")
+  @@index([resource])
+  @@index([action])
+}
+
+model UserRole {
+  id        String   @id @default(uuid())
+  userId    String
+  roleId    String
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  role      Role     @relation(fields: [roleId], references: [id], onDelete: Cascade)
+  assignedAt DateTime @default(now())
+  assignedBy String? // User ID who assigned this role
+
+  @@unique([userId, roleId])
+  @@map("user_roles")
+  @@index([userId])
+  @@index([roleId])
+}
+
+model RolePermission {
+  id          String   @id @default(uuid())
+  roleId      String
+  permissionId String
+  role        Role     @relation(fields: [roleId], references: [id], onDelete: Cascade)
+  permission  Permission @relation(fields: [permissionId], references: [id], onDelete: Cascade)
+  grantedAt   DateTime @default(now())
+  grantedBy   String? // User ID who granted this permission
+
+  @@unique([roleId, permissionId])
+  @@map("role_permissions")
+  @@index([roleId])
+  @@index([permissionId])
+}
+
+model UserSession {
+  id        String   @id @default(uuid())
+  userId    String
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  token     String   @unique // JWT or session token
+  ipAddress String?
+  userAgent String?
+  expiresAt DateTime
+  createdAt DateTime @default(now())
+  lastActivityAt DateTime @default(now())
+
+  @@map("user_sessions")
+  @@index([userId])
+  @@index([token])
+  @@index([expiresAt])
+}
+
+enum UserStatus {
+  ACTIVE
+  INACTIVE
+  SUSPENDED
+  DELETED
+}
+
+// ====== IDEMPOTENCY & CACHE MODELS ======
+
+model IdempotencyToken {
+  id        String   @id @default(uuid())
+  token     String   @unique
+  runId     String?  // Reference to Run if applicable
+  response  Json?    // Cached response
+  expiresAt DateTime
+  createdAt DateTime @default(now())
+
+  @@map("idempotency_tokens")
+  @@index([token])
+  @@index([expiresAt])
+}
+
+model CacheEntry {
+  id        String   @id @default(uuid())
+  key       String   @unique
+  value     Json
+  expiresAt DateTime?
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@map("cache_entries")
+  @@index([key])
+  @@index([expiresAt])
+}
+
+// ====== CHAT HISTORY MODELS ======
+
+model ChatHistory {
+  id              String   @id @default(uuid())
+  clientId        String   // Client identifier (e.g., machine ID, user ID)
+  agentName       String
+  agentDescription String?
+  messages        Json     // Array of { role: 'user' | 'assistant', content: string }
+  createdAt       DateTime @default(now())
+  lastMessageAt   DateTime @default(now())
+  updatedAt       DateTime @updatedAt
+
+  @@map("chat_history")
+  @@index([clientId])
+  @@index([clientId, lastMessageAt])
+}
+
+// ====== DEVKIT AGENT & TOOL MANAGEMENT ======
+
+model DevKitAgent {
+  id          String   @id @default(uuid())
+  name        String
+  slug        String   @unique
+  description String?
+  type        String   // lead_agent, education_agent, custom, etc.
+  model       String   // gpt-4, claude-3, etc.
+  config      Json     @default("{}") // { prompt, temperature, maxTokens, etc. }
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+
+  // Relations
+  tools       DevKitAgentTool[]
+
+  @@map("devkit_agents")
+  @@index([slug])
+  @@index([type])
+}
+
+model DevKitTool {
+  id        String   @id @default(uuid())
+  name      String
+  kind      String   // http, email, vector, database, etc.
+  config    Json     @default("{}") // Flexible config per kind
+  enabled   Boolean  @default(true)
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  // Relations
+  agents    DevKitAgentTool[]
+
+  @@map("devkit_tools")
+  @@index([kind])
+  @@index([enabled])
+}
+
+model DevKitAgentTool {
+  id             String   @id @default(uuid())
+  agentId        String
+  toolId         String
+  configOverride Json?    // Optional per-agent tool configuration
+  createdAt      DateTime @default(now())
+
+  // Relations
+  agent          DevKitAgent @relation(fields: [agentId], references: [id], onDelete: Cascade)
+  tool           DevKitTool  @relation(fields: [toolId], references: [id], onDelete: Cascade)
+
+  @@unique([agentId, toolId])
+  @@map("devkit_agent_tools")
+  @@index([agentId])
+  @@index([toolId])
+}

package/scripts/postinstall-gateway.js

@@ -20,8 +20,31 @@ if (!fs.existsSync(packageJson)) {
   process.exit(0); // No gateway in this install
 }
 
+const prismaSchema = path.join(__dirname, '..', 'prisma', 'schema.prisma');
+
+function ensurePrismaClient() {
+  if (!fs.existsSync(prismaSchema)) {
+    return;
+  }
+  try {
+    console.log('🔧 Prisma: generating client for Gateway (global 4runr-os install)...');
+    execSync('npx prisma generate --schema=../../prisma/schema.prisma', {
+      cwd: gatewayDir,
+      stdio: 'inherit',
+      shell: process.platform === 'win32',
+    });
+    console.log('✓ Prisma client ready for Gateway');
+  } catch (err) {
+    console.warn(
+      '⚠️  prisma generate failed. OS auto-start Gateway may fail until you run:\n' +
+        '  cd apps/gateway && npx prisma generate --schema=../../prisma/schema.prisma',
+    );
+  }
+}
+
 if (fs.existsSync(nodeModules) && fs.readdirSync(nodeModules).length > 0) {
-  process.exit(0); // Already has deps (e.g. from prepublish)
+  ensurePrismaClient();
+  process.exit(0); // Deps already present (e.g. from prepublish) — still (re)generate Prisma
 }
 
 try {
@@ -36,3 +59,5 @@ try {
   console.warn('⚠️  Gateway dependency install failed. Start gateway from repo with: cd apps/gateway && npm start');
   // Don't fail the main install
 }
+
+ensurePrismaClient();