@axiom-lattice/gateway 2.1.29 → 2.1.30

package/dist/index.js

@@ -3097,6 +3097,1038 @@ function registerDatabaseConfigRoutes(app2) {
   );
 }
 
+// src/controllers/metrics-configs.ts
+var import_core18 = require("@axiom-lattice/core");
+var import_crypto4 = require("crypto");
+function getTenantId2(request) {
+  return request.headers["x-tenant-id"] || "default";
+}
+async function getMetricsServerConfigList(request, reply) {
+  const tenantId = getTenantId2(request);
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const configs = await store.getAllConfigs(tenantId);
+    return {
+      success: true,
+      message: "Metrics server configurations retrieved successfully",
+      data: {
+        records: configs,
+        total: configs.length
+      }
+    };
+  } catch (error) {
+    console.error("Failed to get metrics server configs:", error);
+    return {
+      success: false,
+      message: "Failed to retrieve metrics server configurations",
+      data: {
+        records: [],
+        total: 0
+      }
+    };
+  }
+}
+async function getMetricsServerConfig(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { key } = request.params;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const config2 = await store.getConfigByKey(tenantId, key);
+    if (!config2) {
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    return {
+      success: true,
+      message: "Metrics server configuration retrieved successfully",
+      data: config2
+    };
+  } catch (error) {
+    console.error("Failed to get metrics server config:", error);
+    return {
+      success: false,
+      message: "Failed to retrieve metrics server configuration"
+    };
+  }
+}
+async function createMetricsServerConfig(request, reply) {
+  const tenantId = getTenantId2(request);
+  const body = request.body;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const existing = await store.getConfigByKey(tenantId, body.key);
+    if (existing) {
+      reply.code(409);
+      return {
+        success: false,
+        message: "Metrics server configuration with this key already exists"
+      };
+    }
+    if (body.config.type === "semantic" && !body.selectedDataSources) {
+      reply.code(400);
+      return {
+        success: false,
+        message: "selectedDataSources is required for semantic metrics servers"
+      };
+    }
+    const id = body.id || (0, import_crypto4.randomUUID)();
+    const configData = {
+      key: body.key,
+      name: body.name,
+      description: body.description,
+      config: body.config.type === "semantic" ? {
+        ...body.config,
+        selectedDataSources: body.selectedDataSources || []
+      } : body.config
+    };
+    const config2 = await store.createConfig(tenantId, id, configData);
+    try {
+      import_core18.metricsServerManager.registerServer(config2.key, config2.config);
+    } catch (error) {
+      console.warn("Failed to auto-register metrics server:", error);
+    }
+    reply.code(201);
+    return {
+      success: true,
+      message: "Metrics server configuration created successfully",
+      data: config2
+    };
+  } catch (error) {
+    console.error("Failed to create metrics server config:", error);
+    return {
+      success: false,
+      message: "Failed to create metrics server configuration"
+    };
+  }
+}
+async function updateMetricsServerConfig(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { key } = request.params;
+  const updates = request.body;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const existing = await store.getConfigByKey(tenantId, key);
+    if (!existing) {
+      reply.code(404);
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    const isSemantic = updates.config?.type === "semantic" || existing.config.type === "semantic" && !updates.config?.type;
+    if (isSemantic && updates.selectedDataSources !== void 0) {
+      updates.config = {
+        ...existing.config,
+        ...updates.config,
+        type: "semantic",
+        selectedDataSources: updates.selectedDataSources
+      };
+    }
+    const updated = await store.updateConfig(tenantId, existing.id, updates);
+    if (!updated) {
+      return {
+        success: false,
+        message: "Failed to update metrics server configuration"
+      };
+    }
+    if (updates.config) {
+      try {
+        import_core18.metricsServerManager.registerServer(updated.key, updated.config);
+      } catch (error) {
+        console.warn("Failed to re-register metrics server:", error);
+      }
+    }
+    return {
+      success: true,
+      message: "Metrics server configuration updated successfully",
+      data: updated
+    };
+  } catch (error) {
+    console.error("Failed to update metrics server config:", error);
+    return {
+      success: false,
+      message: "Failed to update metrics server configuration"
+    };
+  }
+}
+async function deleteMetricsServerConfig(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { keyOrId } = request.params;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    let config2 = await store.getConfigByKey(tenantId, keyOrId);
+    let configKey = keyOrId;
+    if (!config2) {
+      config2 = await store.getConfigById(tenantId, keyOrId);
+      if (config2) {
+        configKey = config2.key;
+      }
+    }
+    if (!config2) {
+      reply.code(404);
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    const deleted = await store.deleteConfig(tenantId, config2.id);
+    if (!deleted) {
+      return {
+        success: false,
+        message: "Failed to delete metrics server configuration"
+      };
+    }
+    try {
+      if (import_core18.metricsServerManager.hasServer(configKey)) {
+        import_core18.metricsServerManager.removeServer(configKey);
+      }
+    } catch (error) {
+      console.warn("Failed to remove from MetricsServerManager:", error);
+    }
+    return {
+      success: true,
+      message: "Metrics server configuration deleted successfully"
+    };
+  } catch (error) {
+    console.error("Failed to delete metrics server config:", error);
+    return {
+      success: false,
+      message: "Failed to delete metrics server configuration"
+    };
+  }
+}
+async function testMetricsServerConnection(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { key } = request.params;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const config2 = await store.getConfigByKey(tenantId, key);
+    if (!config2) {
+      reply.code(404);
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    const testKey = `__test_${key}_${Date.now()}`;
+    import_core18.metricsServerManager.registerServer(testKey, config2.config);
+    try {
+      const client = import_core18.metricsServerManager.getClient(testKey);
+      const result = await client.testConnection();
+      import_core18.metricsServerManager.removeServer(testKey);
+      return {
+        success: true,
+        message: result.connected ? "Connection test successful" : "Connection test failed",
+        data: result
+      };
+    } catch (error) {
+      try {
+        import_core18.metricsServerManager.removeServer(testKey);
+      } catch {
+      }
+      return {
+        success: true,
+        message: "Connection test failed",
+        data: {
+          connected: false,
+          error: error instanceof Error ? error.message : "Unknown error"
+        }
+      };
+    }
+  } catch (error) {
+    console.error("Failed to test metrics server connection:", error);
+    return {
+      success: false,
+      message: "Failed to test metrics server connection",
+      data: {
+        connected: false,
+        error: error instanceof Error ? error.message : "Unknown error"
+      }
+    };
+  }
+}
+async function listAvailableMetrics(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { key } = request.params;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const config2 = await store.getConfigByKey(tenantId, key);
+    if (!config2) {
+      reply.code(404);
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    if (!import_core18.metricsServerManager.hasServer(key)) {
+      import_core18.metricsServerManager.registerServer(key, config2.config);
+    }
+    const client = import_core18.metricsServerManager.getClient(key);
+    const metrics = await client.listMetrics();
+    return {
+      success: true,
+      message: "Metrics retrieved successfully",
+      data: {
+        metrics: metrics.map((m) => ({
+          name: m.name,
+          type: m.type,
+          description: m.description
+        }))
+      }
+    };
+  } catch (error) {
+    console.error("Failed to list metrics:", error);
+    return {
+      success: false,
+      message: "Failed to retrieve metrics"
+    };
+  }
+}
+async function queryMetricsData(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { key } = request.params;
+  const { metricName, startTime, endTime, step, labels } = request.body;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const config2 = await store.getConfigByKey(tenantId, key);
+    if (!config2) {
+      reply.code(404);
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    if (!metricName) {
+      reply.code(400);
+      return {
+        success: false,
+        message: "metricName is required"
+      };
+    }
+    if (!import_core18.metricsServerManager.hasServer(key)) {
+      import_core18.metricsServerManager.registerServer(key, config2.config);
+    }
+    const client = import_core18.metricsServerManager.getClient(key);
+    const result = await client.queryMetricData(metricName, {
+      startTime,
+      endTime,
+      step,
+      labels
+    });
+    return {
+      success: true,
+      message: "Metric data retrieved successfully",
+      data: {
+        metricName: result.metricName,
+        dataPoints: result.dataPoints
+      }
+    };
+  } catch (error) {
+    console.error("Failed to query metric data:", error);
+    return {
+      success: false,
+      message: "Failed to query metric data"
+    };
+  }
+}
+async function getDataSources(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { key } = request.params;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const config2 = await store.getConfigByKey(tenantId, key);
+    if (!config2) {
+      reply.code(404);
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    if (config2.config.type !== "semantic") {
+      reply.code(400);
+      return {
+        success: false,
+        message: "This endpoint is only available for semantic metrics servers"
+      };
+    }
+    const semanticConfig = config2.config;
+    const client = new import_core18.SemanticMetricsClient(semanticConfig);
+    const datasources = await client.getDataSources();
+    return {
+      success: true,
+      message: "Data sources retrieved successfully",
+      data: {
+        datasources
+      }
+    };
+  } catch (error) {
+    console.error("Failed to get data sources:", error);
+    return {
+      success: false,
+      message: "Failed to retrieve data sources"
+    };
+  }
+}
+async function getDatasourceMetrics(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { key, datasourceId } = request.params;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const config2 = await store.getConfigByKey(tenantId, key);
+    if (!config2) {
+      reply.code(404);
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    if (config2.config.type !== "semantic") {
+      reply.code(400);
+      return {
+        success: false,
+        message: "This endpoint is only available for semantic metrics servers"
+      };
+    }
+    const semanticConfig = config2.config;
+    const client = new import_core18.SemanticMetricsClient(semanticConfig);
+    const metrics = await client.getDatasourceMetrics(datasourceId);
+    return {
+      success: true,
+      message: "Datasource metrics retrieved successfully",
+      data: metrics
+    };
+  } catch (error) {
+    console.error("Failed to get datasource metrics:", error);
+    return {
+      success: false,
+      message: "Failed to retrieve datasource metrics"
+    };
+  }
+}
+async function querySemanticMetrics(request, reply) {
+  const tenantId = getTenantId2(request);
+  const { key } = request.params;
+  const body = request.body;
+  try {
+    const storeLattice = (0, import_core18.getStoreLattice)("default", "metrics");
+    const store = storeLattice.store;
+    const config2 = await store.getConfigByKey(tenantId, key);
+    if (!config2) {
+      reply.code(404);
+      return {
+        success: false,
+        message: "Metrics server configuration not found"
+      };
+    }
+    if (config2.config.type !== "semantic") {
+      reply.code(400);
+      return {
+        success: false,
+        message: "This endpoint is only available for semantic metrics servers"
+      };
+    }
+    if (!body.datasourceId || !body.metrics || body.metrics.length === 0) {
+      reply.code(400);
+      return {
+        success: false,
+        message: "datasourceId and metrics array are required"
+      };
+    }
+    const semanticConfig = config2.config;
+    const client = new import_core18.SemanticMetricsClient(semanticConfig);
+    const result = await client.semanticQuery(body);
+    return {
+      success: true,
+      message: "Semantic query executed successfully",
+      data: {
+        datasourceId: result.datasourceId,
+        metrics: result.metrics,
+        dataPoints: result.dataPoints,
+        metadata: result.metadata
+      }
+    };
+  } catch (error) {
+    console.error("Failed to query semantic metrics:", error);
+    return {
+      success: false,
+      message: "Failed to query semantic metrics"
+    };
+  }
+}
+async function testSemanticDataSources(request, reply) {
+  const body = request.body;
+  try {
+    if (!body.serverUrl) {
+      reply.code(400);
+      return {
+        success: false,
+        message: "serverUrl is required"
+      };
+    }
+    const testConfig = {
+      type: "semantic",
+      serverUrl: body.serverUrl,
+      apiKey: body.apiKey,
+      username: body.username,
+      password: body.password,
+      headers: body.headers
+    };
+    const client = new import_core18.SemanticMetricsClient(testConfig);
+    const datasources = await client.getDataSources();
+    return {
+      success: true,
+      message: "Data sources retrieved successfully",
+      data: {
+        datasources
+      }
+    };
+  } catch (error) {
+    console.error("Failed to test datasources:", error);
+    return {
+      success: false,
+      message: `Failed to retrieve data sources: ${error instanceof Error ? error.message : String(error)}`
+    };
+  }
+}
+async function testDatasourceMetrics(request, reply) {
+  const { datasourceId } = request.params;
+  const body = request.body;
+  try {
+    if (!body.serverUrl) {
+      reply.code(400);
+      return {
+        success: false,
+        message: "serverUrl is required"
+      };
+    }
+    const testConfig = {
+      type: "semantic",
+      serverUrl: body.serverUrl,
+      apiKey: body.apiKey,
+      username: body.username,
+      password: body.password,
+      headers: body.headers
+    };
+    const client = new import_core18.SemanticMetricsClient(testConfig);
+    const metrics = await client.getDatasourceMetrics(datasourceId);
+    return {
+      success: true,
+      message: "Datasource metrics retrieved successfully",
+      data: metrics
+    };
+  } catch (error) {
+    console.error("Failed to test datasource metrics:", error);
+    return {
+      success: false,
+      message: `Failed to retrieve datasource metrics: ${error instanceof Error ? error.message : String(error)}`
+    };
+  }
+}
+function registerMetricsServerConfigRoutes(app2) {
+  app2.get("/api/metrics-configs", getMetricsServerConfigList);
+  app2.get("/api/metrics-configs/:key", getMetricsServerConfig);
+  app2.post("/api/metrics-configs", createMetricsServerConfig);
+  app2.put("/api/metrics-configs/:key", updateMetricsServerConfig);
+  app2.delete("/api/metrics-configs/:keyOrId", deleteMetricsServerConfig);
+  app2.post("/api/metrics-configs/:key/test", testMetricsServerConnection);
+  app2.get("/api/metrics-configs/:key/metrics", listAvailableMetrics);
+  app2.post("/api/metrics-configs/:key/query", queryMetricsData);
+  app2.get("/api/metrics-configs/:key/datasources", getDataSources);
+  app2.get("/api/metrics-configs/:key/datasources/:datasourceId/meta", getDatasourceMetrics);
+  app2.post("/api/metrics-configs/:key/semantic-query", querySemanticMetrics);
+  app2.post("/api/metrics-configs/test-datasources", testSemanticDataSources);
+  app2.post("/api/metrics-configs/test-datasources/:datasourceId/meta", testDatasourceMetrics);
+}
+
+// src/controllers/users.ts
+var import_core19 = require("@axiom-lattice/core");
+var import_uuid4 = require("uuid");
+var UsersController = class {
+  constructor() {
+    this.userStore = (0, import_core19.getStoreLattice)("default", "user").store;
+  }
+  async listUsers(request, reply) {
+    const { email } = request.query;
+    if (email) {
+      const user = await this.userStore.getUserByEmail(email);
+      return { success: true, data: user ? [user] : [] };
+    }
+    const users = await this.userStore.getAllUsers();
+    return { success: true, data: users };
+  }
+  async createUser(request, reply) {
+    const data = request.body;
+    const id = (0, import_uuid4.v4)();
+    const existingUser = await this.userStore.getUserByEmail(data.email);
+    if (existingUser) {
+      return reply.status(409).send({
+        success: false,
+        error: `User with email ${data.email} already exists`
+      });
+    }
+    const user = await this.userStore.createUser(id, data);
+    return reply.status(201).send({ success: true, data: user });
+  }
+  async getUser(request, reply) {
+    const { userId } = request.params;
+    const user = await this.userStore.getUserById(userId);
+    if (!user) {
+      return reply.status(404).send({
+        success: false,
+        error: "User not found"
+      });
+    }
+    return { success: true, data: user };
+  }
+  async updateUser(request, reply) {
+    const { userId } = request.params;
+    const updates = request.body;
+    if (updates.email) {
+      const existingUser = await this.userStore.getUserByEmail(updates.email);
+      if (existingUser && existingUser.id !== userId) {
+        return reply.status(409).send({
+          success: false,
+          error: `User with email ${updates.email} already exists`
+        });
+      }
+    }
+    const user = await this.userStore.updateUser(userId, updates);
+    if (!user) {
+      return reply.status(404).send({
+        success: false,
+        error: "User not found"
+      });
+    }
+    return { success: true, data: user };
+  }
+  async deleteUser(request, reply) {
+    const { userId } = request.params;
+    const deleted = await this.userStore.deleteUser(userId);
+    if (!deleted) {
+      return reply.status(404).send({
+        success: false,
+        error: "User not found"
+      });
+    }
+    return { success: true };
+  }
+};
+function registerUserRoutes(app2) {
+  const controller = new UsersController();
+  app2.get("/api/users", controller.listUsers.bind(controller));
+  app2.post("/api/users", controller.createUser.bind(controller));
+  app2.get("/api/users/:userId", controller.getUser.bind(controller));
+  app2.patch("/api/users/:userId", controller.updateUser.bind(controller));
+  app2.delete("/api/users/:userId", controller.deleteUser.bind(controller));
+}
+
+// src/controllers/tenants.ts
+var import_core20 = require("@axiom-lattice/core");
+var import_uuid5 = require("uuid");
+var TenantsController = class {
+  constructor() {
+    this.tenantStore = (0, import_core20.getStoreLattice)("default", "tenant").store;
+  }
+  // ==================== Tenant CRUD ====================
+  async listTenants(request, reply) {
+    const tenants = await this.tenantStore.getAllTenants();
+    return { success: true, data: tenants };
+  }
+  async createTenant(request, reply) {
+    const data = request.body;
+    const id = (0, import_uuid5.v4)();
+    const tenant = await this.tenantStore.createTenant(id, data);
+    return reply.status(201).send({ success: true, data: tenant });
+  }
+  async getTenant(request, reply) {
+    const { tenantId } = request.params;
+    const tenant = await this.tenantStore.getTenantById(tenantId);
+    if (!tenant) {
+      return reply.status(404).send({
+        success: false,
+        error: "Tenant not found"
+      });
+    }
+    return { success: true, data: tenant };
+  }
+  async updateTenant(request, reply) {
+    const { tenantId } = request.params;
+    const updates = request.body;
+    const tenant = await this.tenantStore.updateTenant(tenantId, updates);
+    if (!tenant) {
+      return reply.status(404).send({
+        success: false,
+        error: "Tenant not found"
+      });
+    }
+    return { success: true, data: tenant };
+  }
+  async deleteTenant(request, reply) {
+    const { tenantId } = request.params;
+    if (tenantId === "default") {
+      return reply.status(403).send({
+        success: false,
+        error: "Cannot delete the default tenant"
+      });
+    }
+    const deleted = await this.tenantStore.deleteTenant(tenantId);
+    if (!deleted) {
+      return reply.status(404).send({
+        success: false,
+        error: "Tenant not found"
+      });
+    }
+    return { success: true };
+  }
+};
+function registerTenantRoutes(app2) {
+  const controller = new TenantsController();
+  app2.get("/api/tenants", controller.listTenants.bind(controller));
+  app2.post("/api/tenants", controller.createTenant.bind(controller));
+  app2.get("/api/tenants/:tenantId", controller.getTenant.bind(controller));
+  app2.patch("/api/tenants/:tenantId", controller.updateTenant.bind(controller));
+  app2.delete("/api/tenants/:tenantId", controller.deleteTenant.bind(controller));
+}
+
+// src/controllers/auth.ts
+var import_core21 = require("@axiom-lattice/core");
+var import_uuid6 = require("uuid");
+var defaultAuthConfig = {
+  autoApproveUsers: true,
+  allowTenantRegistration: true,
+  tokenExpiration: 86400
+};
+var AuthController = class {
+  constructor(config2 = {}) {
+    this.userStore = (0, import_core21.getStoreLattice)("default", "user").store;
+    this.tenantStore = (0, import_core21.getStoreLattice)("default", "tenant").store;
+    this.userTenantLinkStore = (0, import_core21.getStoreLattice)("default", "userTenantLink").store;
+    this.config = { ...defaultAuthConfig, ...config2 };
+  }
+  async register(request, reply) {
+    const { email, password, name } = request.body;
+    try {
+      const existingUser = await this.userStore.getUserByEmail(email);
+      if (existingUser) {
+        return reply.status(409).send({
+          success: false,
+          error: "User with this email already exists"
+        });
+      }
+      const userId = (0, import_uuid6.v4)();
+      const userStatus = this.config.autoApproveUsers ? "active" : "pending";
+      const userData = {
+        email,
+        name,
+        status: userStatus,
+        metadata: {
+          passwordHash: await this.hashPassword(password)
+        }
+      };
+      const user = await this.userStore.createUser(userId, userData);
+      return reply.status(201).send({
+        success: true,
+        message: this.config.autoApproveUsers ? "Registration successful" : "Registration successful. Please wait for admin approval.",
+        data: {
+          user: {
+            id: user.id,
+            email: user.email,
+            name: user.name,
+            status: user.status
+          }
+        }
+      });
+    } catch (error) {
+      console.error("Registration error:", error);
+      return reply.status(500).send({
+        success: false,
+        error: "Registration failed"
+      });
+    }
+  }
+  async login(request, reply) {
+    const { email, password } = request.body;
+    try {
+      const user = await this.userStore.getUserByEmail(email);
+      if (!user) {
+        return reply.status(401).send({
+          success: false,
+          error: "Invalid credentials"
+        });
+      }
+      if (user.status !== "active") {
+        return reply.status(403).send({
+          success: false,
+          error: `Account is ${user.status}. Please wait for admin approval.`
+        });
+      }
+      const isValidPassword = await this.verifyPassword(
+        password,
+        user.metadata?.passwordHash || ""
+      );
+      if (!isValidPassword) {
+        return reply.status(401).send({
+          success: false,
+          error: "Invalid credentials"
+        });
+      }
+      const tenantLinks = await this.userTenantLinkStore.getTenantsByUser(user.id);
+      const token = await this.generateToken(user.id);
+      return {
+        success: true,
+        data: {
+          user: {
+            id: user.id,
+            email: user.email,
+            name: user.name,
+            status: user.status
+          },
+          tenants: tenantLinks.map((link) => ({
+            id: link.tenantId,
+            role: link.role
+          })),
+          token,
+          requiresTenantSelection: tenantLinks.length > 1,
+          hasTenants: tenantLinks.length > 0
+        }
+      };
+    } catch (error) {
+      console.error("Login error:", error);
+      return reply.status(500).send({
+        success: false,
+        error: "Login failed"
+      });
+    }
+  }
+  async getUserTenants(request, reply) {
+    const userId = request.user?.id;
+    if (!userId) {
+      return reply.status(401).send({
+        success: false,
+        error: "Unauthorized"
+      });
+    }
+    try {
+      const links = await this.userTenantLinkStore.getTenantsByUser(userId);
+      const tenantsWithDetails = await Promise.all(
+        links.map(async (link) => {
+          const tenant = await this.tenantStore.getTenantById(link.tenantId);
+          return {
+            ...link,
+            tenant: tenant || null
+          };
+        })
+      );
+      return {
+        success: true,
+        data: tenantsWithDetails
+      };
+    } catch (error) {
+      console.error("Get user tenants error:", error);
+      return reply.status(500).send({
+        success: false,
+        error: "Failed to get user tenants"
+      });
+    }
+  }
+  async selectTenant(request, reply) {
+    const userId = request.user?.id;
+    const { tenantId } = request.body;
+    if (!userId) {
+      return reply.status(401).send({
+        success: false,
+        error: "Unauthorized"
+      });
+    }
+    try {
+      const hasLink = await this.userTenantLinkStore.hasLink(userId, tenantId);
+      if (!hasLink) {
+        return reply.status(403).send({
+          success: false,
+          error: "You do not have access to this tenant"
+        });
+      }
+      const tenant = await this.tenantStore.getTenantById(tenantId);
+      if (!tenant) {
+        return reply.status(404).send({
+          success: false,
+          error: "Tenant not found"
+        });
+      }
+      const token = await this.generateToken(userId, tenantId);
+      return {
+        success: true,
+        data: {
+          tenant: {
+            id: tenant.id,
+            name: tenant.name,
+            status: tenant.status
+          },
+          token
+        }
+      };
+    } catch (error) {
+      console.error("Select tenant error:", error);
+      return reply.status(500).send({
+        success: false,
+        error: "Failed to select tenant"
+      });
+    }
+  }
+  async approveUser(request, reply) {
+    const { userId, approved } = request.body;
+    try {
+      const user = await this.userStore.getUserById(userId);
+      if (!user) {
+        return reply.status(404).send({
+          success: false,
+          error: "User not found"
+        });
+      }
+      if (user.status !== "pending") {
+        return reply.status(400).send({
+          success: false,
+          error: `User is already ${user.status}`
+        });
+      }
+      const updatedUser = await this.userStore.updateUser(userId, {
+        status: approved ? "active" : "suspended"
+      });
+      return {
+        success: true,
+        data: updatedUser
+      };
+    } catch (error) {
+      console.error("Approval error:", error);
+      return reply.status(500).send({
+        success: false,
+        error: "Approval failed"
+      });
+    }
+  }
+  async listPendingUsers(request, reply) {
+    try {
+      const users = await this.userStore.getAllUsers();
+      const pendingUsers = users.filter((u) => u.status === "pending");
+      return {
+        success: true,
+        data: pendingUsers
+      };
+    } catch (error) {
+      console.error("List pending users error:", error);
+      return reply.status(500).send({
+        success: false,
+        error: "Failed to list pending users"
+      });
+    }
+  }
+  async assignTenant(request, reply) {
+    const { userId, tenantId, role = "member" } = request.body;
+    try {
+      const user = await this.userStore.getUserById(userId);
+      if (!user) {
+        return reply.status(404).send({
+          success: false,
+          error: "User not found"
+        });
+      }
+      const tenant = await this.tenantStore.getTenantById(tenantId);
+      if (!tenant) {
+        return reply.status(404).send({
+          success: false,
+          error: "Tenant not found"
+        });
+      }
+      const link = await this.userTenantLinkStore.createLink({
+        userId,
+        tenantId,
+        role
+      });
+      return {
+        success: true,
+        data: link
+      };
+    } catch (error) {
+      console.error("Assign tenant error:", error);
+      return reply.status(500).send({
+        success: false,
+        error: "Failed to assign tenant"
+      });
+    }
+  }
+  async hashPassword(password) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(password + "salt");
+    const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+    const hashArray = Array.from(new Uint8Array(hashBuffer));
+    return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  async verifyPassword(password, hash) {
+    const hashedPassword = await this.hashPassword(password);
+    return hashedPassword === hash;
+  }
+  async generateToken(userId, tenantId) {
+    const payload = {
+      userId,
+      exp: Date.now() + this.config.tokenExpiration * 1e3
+    };
+    if (tenantId) {
+      payload.tenantId = tenantId;
+    }
+    return btoa(JSON.stringify(payload));
+  }
+};
+function registerAuthRoutes(app2, config2) {
+  const controller = new AuthController(config2);
+  const authHook = async (request, reply) => {
+    const authHeader = request.headers.authorization;
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      return reply.status(401).send({
+        success: false,
+        error: "Unauthorized - Missing or invalid token"
+      });
+    }
+    const token = authHeader.substring(7);
+    try {
+      const payload = JSON.parse(atob(token));
+      if (payload.exp && payload.exp < Date.now()) {
+        return reply.status(401).send({
+          success: false,
+          error: "Unauthorized - Token expired"
+        });
+      }
+      request.user = {
+        id: payload.userId,
+        tenantId: payload.tenantId
+      };
+    } catch {
+      return reply.status(401).send({
+        success: false,
+        error: "Unauthorized - Invalid token"
+      });
+    }
+  };
+  app2.post("/api/auth/register", controller.register.bind(controller));
+  app2.post("/api/auth/login", controller.login.bind(controller));
+  app2.get("/api/auth/tenants", { preHandler: authHook }, (req, res) => controller.getUserTenants(req, res));
+  app2.post("/api/auth/select-tenant", { preHandler: authHook }, (req, res) => controller.selectTenant(req, res));
+  app2.post("/api/auth/approve", { preHandler: authHook }, (req, res) => controller.approveUser(req, res));
+  app2.get("/api/auth/pending", { preHandler: authHook }, (req, res) => controller.listPendingUsers(req, res));
+  app2.post("/api/auth/assign-tenant", { preHandler: authHook }, (req, res) => controller.assignTenant(req, res));
+}
+
 // src/routes/index.ts
 var registerLatticeRoutes = (app2) => {
   app2.post("/api/runs", createRun);
@@ -3218,6 +4250,13 @@ var registerLatticeRoutes = (app2) => {
   registerSandboxProxyRoutes(app2);
   registerWorkspaceRoutes(app2);
   registerDatabaseConfigRoutes(app2);
+  registerMetricsServerConfigRoutes(app2);
+  registerUserRoutes(app2);
+  registerTenantRoutes(app2);
+  registerAuthRoutes(app2, {
+    autoApproveUsers: process.env.AUTO_APPROVE_USERS !== "false",
+    allowTenantRegistration: process.env.ALLOW_TENANT_REGISTRATION !== "false"
+  });
 };
 
 // src/swagger.ts
@@ -3283,7 +4322,7 @@ var configureSwagger = async (app2, customSwaggerConfig, customSwaggerUiConfig)
 };
 
 // src/services/agent_task_consumer.ts
-var import_core18 = require("@axiom-lattice/core");
+var import_core22 = require("@axiom-lattice/core");
 var handleAgentTask = async (taskRequest, retryCount = 0) => {
   const {
     assistant_id,
@@ -3347,7 +4386,7 @@ var handleAgentTask = async (taskRequest, retryCount = 0) => {
       }
       if (callback_event) {
         const state = await agent_state({ assistant_id, thread_id });
-        import_core18.eventBus.publish(callback_event, {
+        import_core22.eventBus.publish(callback_event, {
           success: true,
           state,
           config: { assistant_id, thread_id, tenant_id }
@@ -3361,7 +4400,7 @@ var handleAgentTask = async (taskRequest, retryCount = 0) => {
       await response.text();
       if (callback_event) {
         const state = await agent_state({ assistant_id, thread_id });
-        import_core18.eventBus.publish(callback_event, {
+        import_core22.eventBus.publish(callback_event, {
           success: true,
           state,
           config: { assistant_id, thread_id, tenant_id }
@@ -3388,7 +4427,7 @@ var handleAgentTask = async (taskRequest, retryCount = 0) => {
       return handleAgentTask(taskRequest, nextRetryCount);
     }
     if (callback_event) {
-      import_core18.eventBus.publish(callback_event, {
+      import_core22.eventBus.publish(callback_event, {
         success: false,
         error: error instanceof Error ? error.message : String(error),
         config: { assistant_id, thread_id, tenant_id }
@@ -3426,7 +4465,7 @@ var _AgentTaskConsumer = class _AgentTaskConsumer {
    * 初始化事件监听和队列轮询
    */
   initialize() {
-    import_core18.eventBus.subscribe(import_core18.AGENT_TASK_EVENT, this.trigger_agent_task.bind(this));
+    import_core22.eventBus.subscribe(import_core22.AGENT_TASK_EVENT, this.trigger_agent_task.bind(this));
     this.startPollingQueue();
     console.log("Agent\u4EFB\u52A1\u6D88\u8D39\u8005\u5DF2\u542F\u52A8\u5E76\u76D1\u542C\u4EFB\u52A1\u4E8B\u4EF6\u548C\u961F\u5217");
   }
@@ -3545,7 +4584,7 @@ var _AgentTaskConsumer = class _AgentTaskConsumer {
     handleAgentTask(taskRequest).catch((error) => {
       console.error("\u5904\u7406Agent\u4EFB\u52A1\u65F6\u53D1\u751F\u672A\u6355\u83B7\u7684\u9519\u8BEF:", error);
       if (taskRequest.callback_event) {
-        import_core18.eventBus.publish(taskRequest.callback_event, {
+        import_core22.eventBus.publish(taskRequest.callback_event, {
           success: false,
           error: error instanceof Error ? error.message : String(error),
           config: {
@@ -3565,7 +4604,7 @@ _AgentTaskConsumer.agent_run_endpoint = "http://localhost:4001/api/runs";
 var AgentTaskConsumer = _AgentTaskConsumer;
 
 // src/index.ts
-var import_core19 = require("@axiom-lattice/core");
+var import_core23 = require("@axiom-lattice/core");
 var import_protocols2 = require("@axiom-lattice/protocols");
 process.on("unhandledRejection", (reason, promise) => {
   console.error("\u672A\u5904\u7406\u7684Promise\u62D2\u7EDD:", reason);
@@ -3580,11 +4619,11 @@ var DEFAULT_LOGGER_CONFIG = {
 var loggerLattice = initializeLogger(DEFAULT_LOGGER_CONFIG);
 var logger = loggerLattice.client;
 function initializeLogger(config2) {
-  if (import_core19.loggerLatticeManager.hasLattice("default")) {
-    import_core19.loggerLatticeManager.removeLattice("default");
+  if (import_core23.loggerLatticeManager.hasLattice("default")) {
+    import_core23.loggerLatticeManager.removeLattice("default");
   }
-  (0, import_core19.registerLoggerLattice)("default", config2);
-  return (0, import_core19.getLoggerLattice)("default");
+  (0, import_core23.registerLoggerLattice)("default", config2);
+  return (0, import_core23.getLoggerLattice)("default");
 }
 var app = (0, import_fastify.default)({
   logger: false,