@a-company/sentinel 0.2.0 → 3.5.0

package/dist/server/index.js

@@ -1,13 +1,16 @@
 import {
-  SentinelStorage
-} from "../chunk-KPMG4XED.js";
+  SentinelStorage,
+  loadServerConfig
+} from "../chunk-FOF7CPJ6.js";
 
 // src/server/index.ts
 import express from "express";
+import * as http from "http";
 import * as path3 from "path";
 import * as fs2 from "fs";
 import { fileURLToPath } from "url";
 import chalk3 from "chalk";
+import { WebSocketServer, WebSocket } from "ws";
 
 // src/server/routes/symbols.ts
 import { Router } from "express";
@@ -104,7 +107,7 @@ async function loadParadigmConfig(projectDir) {
 }
 async function loadWithPremiseCore(projectDir) {
   try {
-    const { aggregateFromDirectory } = await import("../dist-2F7NO4H4.js");
+    const { aggregateFromDirectory } = await import("../dist-AG5JNIZU.js");
     log.flow("load-symbols").info("Using premise-core aggregator", { path: projectDir });
     const result = await aggregateFromDirectory(projectDir);
     const counts = {};
@@ -762,6 +765,458 @@ function createPatternsRouter(_projectDir) {
   return router;
 }
 
+// src/server/routes/logs.ts
+import { Router as Router6 } from "express";
+import { v4 as uuidv4 } from "uuid";
+function inferSymbolType(symbol) {
+  if (symbol.startsWith("#")) return "component";
+  if (symbol.startsWith("^")) return "gate";
+  if (symbol.startsWith("!")) return "signal";
+  if (symbol.startsWith("$")) return "flow";
+  if (symbol.startsWith("~")) return "aspect";
+  return "raw";
+}
+function validateSymbol(symbol, index) {
+  const entry = index.find((e) => e.symbol === symbol);
+  if (entry) return { known: true };
+  const symbolName = symbol.replace(/^[#^!$~]/, "");
+  let bestMatch;
+  let bestScore = 0;
+  for (const e of index) {
+    const eName = e.symbol.replace(/^[#^!$~]/, "");
+    let shared = 0;
+    for (let i = 0; i < Math.min(symbolName.length, eName.length); i++) {
+      if (symbolName[i] === eName[i]) shared++;
+      else break;
+    }
+    const score = shared / Math.max(symbolName.length, eName.length);
+    if (score > bestScore && score > 0.5) {
+      bestScore = score;
+      bestMatch = e.symbol;
+    }
+  }
+  return { known: false, suggestion: bestMatch };
+}
+function autoPromoteToIncident(entry, storage) {
+  try {
+    const symbolType = inferSymbolType(entry.symbol);
+    const symbols = {};
+    if (symbolType === "component") symbols.component = entry.symbol;
+    else if (symbolType === "gate") symbols.gate = entry.symbol;
+    else if (symbolType === "signal") symbols.signal = entry.symbol;
+    else if (symbolType === "flow") symbols.flow = entry.symbol;
+    else symbols.component = entry.symbol;
+    storage.recordIncident({
+      error: {
+        message: entry.message,
+        type: "LogError"
+      },
+      symbols,
+      environment: entry.environment || "unknown",
+      service: entry.service
+    });
+  } catch {
+  }
+}
+var insertsSincePrune = 0;
+function createLogsRouter(options) {
+  const router = Router6();
+  const { storage, serverConfig, onLogReceived, symbolIndex } = options;
+  router.post("/", async (req, res) => {
+    try {
+      const body = req.body;
+      let entries;
+      if (Array.isArray(body.entries)) {
+        entries = body.entries;
+      } else if (body.level && body.symbol && body.message && body.service) {
+        entries = [body];
+      } else {
+        res.status(400).json({ error: "Expected {entries: [...]} or a single log entry with level, symbol, message, service" });
+        return;
+      }
+      if (entries.length > serverConfig.maxBatchSize) {
+        res.status(413).json({
+          error: `Batch too large: ${entries.length} entries, max ${serverConfig.maxBatchSize}`
+        });
+        return;
+      }
+      for (let i = 0; i < entries.length; i++) {
+        const e = entries[i];
+        if (!e.level || !e.symbol || !e.message || !e.service) {
+          res.status(400).json({
+            error: `Entry ${i}: missing required fields (level, symbol, message, service)`
+          });
+          return;
+        }
+        if (!["debug", "info", "warn", "error"].includes(e.level)) {
+          res.status(400).json({
+            error: `Entry ${i}: invalid level "${e.level}", must be debug|info|warn|error`
+          });
+          return;
+        }
+      }
+      const result = storage.insertLogBatch(entries);
+      for (const input of entries) {
+        const entry = {
+          id: input.id || uuidv4(),
+          timestamp: input.timestamp || (/* @__PURE__ */ new Date()).toISOString(),
+          level: input.level,
+          symbol: input.symbol,
+          symbolType: input.symbolType || inferSymbolType(input.symbol),
+          message: input.message,
+          data: input.data,
+          service: input.service,
+          sessionId: input.sessionId,
+          correlationId: input.correlationId,
+          durationMs: input.durationMs,
+          environment: input.environment
+        };
+        let validation;
+        if (symbolIndex) {
+          validation = validateSymbol(entry.symbol, symbolIndex);
+        }
+        if (entry.level === "error") {
+          autoPromoteToIncident(entry, storage);
+        }
+        if (onLogReceived) {
+          onLogReceived(entry, validation);
+        }
+      }
+      insertsSincePrune += result.accepted;
+      if (serverConfig.maxLogs > 0 && insertsSincePrune >= serverConfig.pruneIntervalInserts) {
+        insertsSincePrune = 0;
+        storage.pruneLogs(serverConfig.maxLogs);
+      }
+      res.json({ accepted: result.accepted, errors: result.errors.length > 0 ? result.errors : void 0 });
+    } catch (error) {
+      res.status(500).json({ error: "Failed to insert logs" });
+    }
+  });
+  router.get("/", async (req, res) => {
+    try {
+      const options2 = {
+        level: req.query.level,
+        symbol: req.query.symbol,
+        service: req.query.service,
+        sessionId: req.query.sessionId,
+        correlationId: req.query.correlationId,
+        search: req.query.search,
+        since: req.query.since,
+        until: req.query.until,
+        limit: req.query.limit ? parseInt(req.query.limit) : 100,
+        offset: req.query.offset ? parseInt(req.query.offset) : 0
+      };
+      const logs = storage.queryLogs(options2);
+      const total = storage.getLogCount(options2);
+      res.json({ count: logs.length, total, logs });
+    } catch (error) {
+      res.status(500).json({ error: "Failed to query logs" });
+    }
+  });
+  return router;
+}
+
+// src/server/routes/services.ts
+import { Router as Router7 } from "express";
+function createServicesRouter(options) {
+  const router = Router7();
+  const { storage } = options;
+  router.post("/", async (req, res) => {
+    try {
+      const { name, version, pid, environment, metadata } = req.body;
+      if (!name) {
+        res.status(400).json({ error: "Missing required field: name" });
+        return;
+      }
+      storage.registerService({ name, version, pid, environment, metadata });
+      res.json({ success: true, service: name });
+    } catch (error) {
+      res.status(500).json({ error: "Failed to register service" });
+    }
+  });
+  router.get("/", async (_req, res) => {
+    try {
+      const services = storage.getServices();
+      res.json({ count: services.length, services });
+    } catch (error) {
+      res.status(500).json({ error: "Failed to list services" });
+    }
+  });
+  return router;
+}
+function createStateRouter(options) {
+  const router = Router7();
+  const { storage } = options;
+  router.post("/", async (req, res) => {
+    try {
+      const { service, sessionId, state, activeFlows, activeGates } = req.body;
+      if (!service || !sessionId || !state) {
+        res.status(400).json({ error: "Missing required fields: service, sessionId, state" });
+        return;
+      }
+      storage.upsertAppState({
+        service,
+        sessionId,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        state,
+        activeFlows,
+        activeGates
+      });
+      storage.updateServiceLastSeen(service);
+      res.json({ success: true });
+    } catch (error) {
+      res.status(500).json({ error: "Failed to update state" });
+    }
+  });
+  router.get("/", async (_req, res) => {
+    try {
+      const states = storage.getAllAppStates();
+      res.json({ count: states.length, states });
+    } catch (error) {
+      res.status(500).json({ error: "Failed to get states" });
+    }
+  });
+  router.get("/:service", async (req, res) => {
+    try {
+      const states = storage.getAppState(req.params.service);
+      res.json({ count: states.length, states });
+    } catch (error) {
+      res.status(500).json({ error: "Failed to get service state" });
+    }
+  });
+  return router;
+}
+
+// src/server/routes/metrics.ts
+import { Router as Router8 } from "express";
+var VALID_METRIC_TYPES = ["counter", "gauge", "histogram"];
+function createMetricsRouter(options) {
+  const router = Router8();
+  const { storage, serverConfig } = options;
+  router.post("/", (req, res) => {
+    try {
+      const body = req.body;
+      let entries;
+      if (Array.isArray(body.entries)) {
+        entries = body.entries;
+      } else if (body.name && body.type && body.value !== void 0 && body.service) {
+        entries = [body];
+      } else {
+        res.status(400).json({
+          error: "Expected {entries: [...]} or a single metric with name, type, value, service"
+        });
+        return;
+      }
+      if (entries.length > serverConfig.maxBatchSize) {
+        res.status(413).json({
+          error: `Batch too large: ${entries.length} entries, max ${serverConfig.maxBatchSize}`
+        });
+        return;
+      }
+      for (let i = 0; i < entries.length; i++) {
+        const e = entries[i];
+        if (!e.name || !e.type || e.value === void 0 || !e.service) {
+          res.status(400).json({
+            error: `Entry ${i}: missing required fields (name, type, value, service)`
+          });
+          return;
+        }
+        if (!VALID_METRIC_TYPES.includes(e.type)) {
+          res.status(400).json({
+            error: `Entry ${i}: invalid type "${e.type}", must be counter|gauge|histogram`
+          });
+          return;
+        }
+      }
+      const result = storage.insertMetricBatch(entries);
+      res.json({
+        accepted: result.accepted,
+        errors: result.errors.length > 0 ? result.errors : void 0
+      });
+    } catch {
+      res.status(500).json({ error: "Failed to insert metrics" });
+    }
+  });
+  router.get("/", (req, res) => {
+    try {
+      const options2 = {
+        name: req.query.name,
+        type: req.query.type,
+        service: req.query.service,
+        tag: req.query.tag,
+        since: req.query.since,
+        until: req.query.until,
+        limit: req.query.limit ? parseInt(req.query.limit) : 100,
+        offset: req.query.offset ? parseInt(req.query.offset) : 0
+      };
+      const metrics = storage.queryMetrics(options2);
+      const total = storage.getMetricCount(options2);
+      res.json({ count: metrics.length, total, metrics });
+    } catch {
+      res.status(500).json({ error: "Failed to query metrics" });
+    }
+  });
+  router.get("/aggregate/:name", (req, res) => {
+    try {
+      const aggregation = storage.aggregateMetric(req.params.name, {
+        service: req.query.service,
+        since: req.query.since,
+        until: req.query.until
+      });
+      res.json(aggregation);
+    } catch {
+      res.status(500).json({ error: "Failed to aggregate metric" });
+    }
+  });
+  return router;
+}
+
+// src/server/routes/traces.ts
+import { Router as Router9 } from "express";
+function createTracesRouter(options) {
+  const router = Router9();
+  const { storage } = options;
+  router.post("/", (req, res) => {
+    try {
+      const body = req.body;
+      if (!body.traceId || !body.service || !body.symbol || !body.operation) {
+        res.status(400).json({
+          error: "Missing required fields: traceId, service, symbol, operation"
+        });
+        return;
+      }
+      const spanId = storage.insertSpan(body);
+      res.json({ spanId, traceId: body.traceId });
+    } catch {
+      res.status(500).json({ error: "Failed to insert trace span" });
+    }
+  });
+  router.get("/", (req, res) => {
+    try {
+      const traces = storage.queryTraces({
+        service: req.query.service,
+        symbol: req.query.symbol,
+        since: req.query.since,
+        limit: req.query.limit ? parseInt(req.query.limit) : 20
+      });
+      res.json({ count: traces.length, traces });
+    } catch {
+      res.status(500).json({ error: "Failed to query traces" });
+    }
+  });
+  router.get("/:traceId", (req, res) => {
+    try {
+      const trace = storage.getTrace(req.params.traceId);
+      if (!trace) {
+        res.status(404).json({ error: "Trace not found" });
+        return;
+      }
+      res.json(trace);
+    } catch {
+      res.status(500).json({ error: "Failed to get trace" });
+    }
+  });
+  return router;
+}
+
+// src/server/middleware/auth.ts
+function createAuthMiddleware(config) {
+  return function authMiddleware(requiredPermission) {
+    return (req, res, next) => {
+      if (!config.enabled) {
+        next();
+        return;
+      }
+      const authHeader = req.headers.authorization;
+      if (!authHeader) {
+        res.status(401).json({ error: "Authentication required. Provide Authorization: Bearer <token>" });
+        return;
+      }
+      const match = authHeader.match(/^Bearer\s+(.+)$/i);
+      if (!match) {
+        res.status(401).json({ error: "Invalid authorization format. Use: Bearer <token>" });
+        return;
+      }
+      const tokenValue = match[1];
+      const tokenEntry = config.tokens.find((t) => t.token === tokenValue);
+      if (!tokenEntry) {
+        res.status(401).json({ error: "Invalid token" });
+        return;
+      }
+      if (tokenEntry.expiresAt && new Date(tokenEntry.expiresAt) < /* @__PURE__ */ new Date()) {
+        res.status(401).json({ error: "Token expired" });
+        return;
+      }
+      const permissionLevel = { read: 1, write: 2, admin: 3 };
+      const hasPermission = tokenEntry.permissions.some(
+        (p) => permissionLevel[p] >= permissionLevel[requiredPermission]
+      );
+      if (!hasPermission) {
+        res.status(403).json({ error: `Insufficient permissions. Required: ${requiredPermission}` });
+        return;
+      }
+      req.authToken = tokenEntry;
+      next();
+    };
+  };
+}
+
+// src/server/middleware/rate-limit.ts
+var serviceWindows = /* @__PURE__ */ new Map();
+var globalWindow = { count: 0, windowStart: Date.now() };
+var WINDOW_MS = 6e4;
+function getOrResetWindow(entry) {
+  const now = Date.now();
+  if (now - entry.windowStart > WINDOW_MS) {
+    entry.count = 0;
+    entry.windowStart = now;
+  }
+  return entry;
+}
+function createRateLimiter(config) {
+  return (req, res, next) => {
+    if (!config.enabled) {
+      next();
+      return;
+    }
+    const service = req.body?.service || req.body?.entries?.[0]?.service || req.query.service || "_unknown";
+    const rule = config.perService[service] || config.global;
+    if (rule.samplingRate < 1 && Math.random() > rule.samplingRate) {
+      res.status(200).json({ accepted: 0, sampled: true, message: "Request dropped by sampling" });
+      return;
+    }
+    const gw = getOrResetWindow(globalWindow);
+    if (gw.count >= config.global.maxRequestsPerMinute) {
+      res.status(429).json({
+        error: "Global rate limit exceeded",
+        retryAfterMs: WINDOW_MS - (Date.now() - gw.windowStart)
+      });
+      return;
+    }
+    if (!serviceWindows.has(service)) {
+      serviceWindows.set(service, { count: 0, windowStart: Date.now() });
+    }
+    const sw = getOrResetWindow(serviceWindows.get(service));
+    if (sw.count >= rule.maxRequestsPerMinute) {
+      res.status(429).json({
+        error: `Rate limit exceeded for service: ${service}`,
+        retryAfterMs: WINDOW_MS - (Date.now() - sw.windowStart)
+      });
+      return;
+    }
+    const batchSize = req.body?.entries?.length || 1;
+    if (batchSize > rule.maxEntriesPerBatch) {
+      res.status(413).json({
+        error: `Batch too large: ${batchSize} entries, max ${rule.maxEntriesPerBatch} for service ${service}`
+      });
+      return;
+    }
+    gw.count++;
+    sw.count++;
+    next();
+  };
+}
+
 // src/server/index.ts
 var __filename = fileURLToPath(import.meta.url);
 var __dirname = path3.dirname(__filename);
@@ -790,11 +1245,20 @@ var log3 = {
 };
 function createApp(options) {
   const app = express();
-  app.use(express.json());
+  app.use(express.json({ limit: "5mb" }));
   app.use((_req, res, next) => {
-    res.header("Access-Control-Allow-Origin", "*");
+    const corsOrigin = options.serverConfig?.cors?.origin;
+    const origin = Array.isArray(corsOrigin) ? corsOrigin.join(", ") : corsOrigin ?? "*";
+    res.header("Access-Control-Allow-Origin", origin);
     res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
-    res.header("Access-Control-Allow-Headers", "Content-Type");
+    res.header("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    if (options.serverConfig?.cors?.credentials) {
+      res.header("Access-Control-Allow-Credentials", "true");
+    }
+    if (_req.method === "OPTIONS") {
+      res.sendStatus(204);
+      return;
+    }
     next();
   });
   app.use("/api/symbols", createSymbolsRouter(options.projectDir));
@@ -802,6 +1266,26 @@ function createApp(options) {
   app.use("/api/commits", createCommitsRouter(options.projectDir));
   app.use("/api/incidents", createIncidentsRouter(options.projectDir));
   app.use("/api/patterns", createPatternsRouter(options.projectDir));
+  if (options.storage && options.serverConfig) {
+    const config = options.serverConfig;
+    const auth = createAuthMiddleware(config.auth);
+    const rateLimiter = createRateLimiter(config.rateLimit);
+    app.use("/api/logs", rateLimiter, auth("write"), createLogsRouter({
+      storage: options.storage,
+      serverConfig: config,
+      onLogReceived: options.onLogReceived,
+      symbolIndex: options.symbolIndex
+    }));
+    app.use("/api/services", rateLimiter, auth("write"), createServicesRouter({ storage: options.storage }));
+    app.use("/api/state", rateLimiter, auth("write"), createStateRouter({ storage: options.storage }));
+    app.use("/api/metrics", rateLimiter, auth("write"), createMetricsRouter({
+      storage: options.storage,
+      serverConfig: config
+    }));
+    app.use("/api/traces", rateLimiter, auth("write"), createTracesRouter({
+      storage: options.storage
+    }));
+  }
   app.get("/api/health", (_req, res) => {
     res.json({ status: "ok", timestamp: (/* @__PURE__ */ new Date()).toISOString() });
   });
@@ -817,12 +1301,100 @@ function createApp(options) {
   return app;
 }
 async function startServer(options) {
-  const app = createApp(options);
+  const serverConfig = loadServerConfig(options.projectDir);
+  if (options.logPruneLimit !== void 0) {
+    serverConfig.maxLogs = options.logPruneLimit;
+  }
+  const storage = new SentinelStorage(options.dbPath);
+  await storage.ensureReady();
+  let symbolIndex = [];
+  try {
+    symbolIndex = await loadSymbolIndex(options.projectDir);
+  } catch {
+    log3.component("sentinel-server").warn("Could not load symbol index for validation");
+  }
+  const wsClients = /* @__PURE__ */ new Set();
+  function broadcast(message) {
+    const data = JSON.stringify(message);
+    for (const client of wsClients) {
+      if (client.readyState === WebSocket.OPEN) {
+        client.send(data);
+      }
+    }
+  }
+  function onLogReceived(entry, validation) {
+    const message = { type: "log", entry };
+    if (validation && !validation.known) {
+      message.validation = validation;
+    }
+    broadcast(message);
+    if (entry.symbolType === "signal" || entry.symbolType === "gate" || entry.symbolType === "flow") {
+      broadcast({
+        type: "flow_event",
+        flowId: entry.symbolType === "flow" ? entry.symbol : void 0,
+        nodeSymbol: entry.symbol,
+        event: entry.symbolType,
+        timestamp: entry.timestamp,
+        service: entry.service
+      });
+    }
+  }
+  const app = createApp({
+    ...options,
+    storage,
+    serverConfig,
+    symbolIndex,
+    onLogReceived
+  });
   log3.component("sentinel-server").info("Starting server", { port: options.port });
   log3.component("sentinel-server").info("Project directory", { path: options.projectDir });
   return new Promise((resolve, reject) => {
-    const server = app.listen(options.port, () => {
+    const httpServer = http.createServer(app);
+    const wss = new WebSocketServer({ server: httpServer });
+    wss.on("connection", (ws) => {
+      if (wsClients.size >= serverConfig.wsMaxSubscribers) {
+        ws.close(1013, "Max subscribers reached");
+        return;
+      }
+      wsClients.add(ws);
+      log3.component("sentinel-ws").info("Client connected", { total: wsClients.size });
+      ws.on("message", (raw) => {
+        try {
+          const msg = JSON.parse(raw.toString());
+          if (msg.method === "ping") {
+            ws.send(JSON.stringify({
+              jsonrpc: "2.0",
+              result: { pong: true, timestamp: (/* @__PURE__ */ new Date()).toISOString() },
+              id: msg.id
+            }));
+          } else if (msg.method === "subscribe") {
+            ws.send(JSON.stringify({
+              jsonrpc: "2.0",
+              result: { subscribed: true },
+              id: msg.id
+            }));
+          } else if (msg.method === "query_logs") {
+            const logs = storage.queryLogs(msg.params || {});
+            ws.send(JSON.stringify({
+              jsonrpc: "2.0",
+              result: { logs },
+              id: msg.id
+            }));
+          }
+        } catch {
+        }
+      });
+      ws.on("close", () => {
+        wsClients.delete(ws);
+        log3.component("sentinel-ws").info("Client disconnected", { total: wsClients.size });
+      });
+      ws.on("error", () => {
+        wsClients.delete(ws);
+      });
+    });
+    httpServer.listen(options.port, () => {
       log3.component("sentinel-server").success("Server running", { url: `http://localhost:${options.port}` });
+      log3.component("sentinel-ws").success("WebSocket ready", { url: `ws://localhost:${options.port}` });
       if (options.open) {
         import("open").then((openModule) => {
           openModule.default(`http://localhost:${options.port}`);
@@ -833,7 +1405,7 @@ async function startServer(options) {
       }
       resolve();
     });
-    server.on("error", (err) => {
+    httpServer.on("error", (err) => {
       if (err.code === "EADDRINUSE") {
         log3.component("sentinel-server").error("Port already in use", { port: options.port });
       } else {