@checkstack/common 0.6.5 → 0.8.0

package/CHANGELOG.md

@@ -1,5 +1,115 @@
 # @checkstack/common
 
+## 0.8.0
+
+### Minor Changes
+
+- 50e5f5f: Runtime plugin system: install + uninstall plugins from npm, GitHub releases
+  (including private GitHub Enterprise instances), or tarball uploads at
+  runtime, with multi-package bundles, dependency-derived compatibility checks,
+  multi-instance coordination via a Postgres artifact store, and
+  single-coordinator destructive cleanup.
+
+  Highlights:
+
+  - New `PluginSource` discriminated union and `PluginInstaller` /
+    `PluginInstallerRegistry` interfaces in `@checkstack/backend-api`. The
+    GitHub variant accepts an optional `apiBaseUrl` so deployments backed by
+    GitHub Enterprise can install from `https://ghe.example.com/api/v3`
+    instead of `api.github.com`.
+  - New `installPackageMetadataSchema` (Zod) in `@checkstack/common` validates
+    every plugin's `package.json` at install time. Required fields: `name`,
+    `version`, `description`, `author`, `license`, `checkstack.type`,
+    `checkstack.pluginId`. Optional: `checkstack.bundle`,
+    `checkstack.usageInstructions`, `checkstack.allowInstallScripts`.
+  - New `pluginManagerContract` in `@checkstack/pluginmanager-common` with
+    `list`, `previewInstall`, `install`, `previewUninstall`, `uninstall`, and
+    `events` procedures.
+  - New `@checkstack/pluginmanager-frontend` admin UI: installed-plugins list
+    with per-row uninstall (typed-confirmation modal, schema/configs/cascade
+    toggles), install page with NPM / Tarball Upload / GitHub Release tabs
+    (Catalog tab disabled — coming soon), and an events page surfacing the
+    install/uninstall audit log.
+  - New `bunx @checkstack/scripts plugin-pack` CLI for plugin authors —
+    per-package mode produces an npm-shaped tarball; `--bundle` mode produces
+    an outer tarball containing every sibling declared in
+    `package.json#checkstack.bundle`. Published to npm so external authors
+    can `bunx` it directly without a workspace checkout.
+  - Compatibility derived from `package.json#dependencies` ranges
+    (`semver.satisfies` against the platform's loaded `@checkstack/*`
+    versions) — no separate `compatibility` field.
+  - Multi-instance: originator persists artifacts + `plugins` rows + broadcasts
+    install/uninstall; receiving instances do in-process register/unregister
+    only. Destructive ops (drop schema, delete plugin_configs, delete
+    artifacts, delete `plugins` rows) run exactly once on the originator.
+  - Fresh-instance bootstrap: `loadPlugins()` hydrates any
+    `is_uninstallable=true` plugin missing from `node_modules` from the
+    artifact store before normal Phase 1 register.
+  - New schema: `plugin_artifacts` (tarball storage), `plugin_install_events`
+    (audit/error log). `plugins` extended with `version`, `metadata`,
+    `source`, `bundle_id`, `is_primary`. Local plugin sync now writes
+    `version` from each plugin's `package.json` so the admin UI shows real
+    versions instead of `—`.
+  - Tarball-upload endpoint (`POST /api/pluginmanager/upload-tarball`) for
+    the install UI; access-gated by `pluginmanager.plugin.manage`.
+  - Plugin Manager menu link added to the user menu (main grid, alongside
+    Profile / Notification Settings / etc.).
+
+  Cross-cutting changes:
+
+  - Backend request/response logging now flows through `rootLogger` (winston)
+    instead of `hono/logger`. 5xx responses include the response body inline
+    so swallowed early-return errors are visible in the log.
+  - The `/api/:pluginId/*` dispatcher now logs which core service is missing
+    or which `pluginId` had no metadata when it 500s.
+  - New `registerCorePluginMetadata` on `PluginManager` for core routers
+    (like the plugin manager itself) that need their metadata visible to the
+    RPC dispatcher without going through the full plugin lifecycle.
+  - ESLint: `unicorn/no-null` is now disabled globally. Drizzle distinguishes
+    between `null` (writes a real SQL NULL) and `undefined` (skip the column
+    on insert), so treating them as interchangeable produced latent bugs at
+    the persistence boundary. The bulk of the patch-bumped packages above
+    reflect lint-fix touches that landed when this rule was relaxed.
+  - Workspace-wide license normalization to `Elastic-2.0` (matches
+    `LICENSE.md`). Every `package.json` in the workspace now declares the
+    same SPDX identifier; the patch bumps capture this.
+
+  Plugin packages (every `plugins/*`): added a `pack` npm script
+  (`bunx @checkstack/scripts plugin-pack`), mirrored each plugin's
+  `pluginId` from `plugin-metadata.ts` into `package.json#checkstack.pluginId`
+  so install-time validation passes, stubbed any missing required metadata
+  fields (`description`, `author`, `license`), and added
+  `checkstack.bundle` to multi-package plugin primaries (telegram, rcon, ssh,
+  jira, queue-bullmq, queue-memory, cache-memory).
+
+  Breaking changes:
+
+  - The legacy single-method `PluginInstaller` interface (`install(packageName)`)
+    is removed. Callers must use `coreServices.pluginInstallerRegistry`.
+  - The old `pluginAdminContract` and `createPluginAdminRouter` are removed.
+    Replaced by `pluginManagerContract` in `@checkstack/pluginmanager-common`
+    and `createPluginManagerRouter` in `core/backend`.
+  - `@checkstack/test-utils-backend` no longer exports
+    `createMockPluginInstaller` / `MockPluginInstaller` (the legacy interface
+    it shimmed is gone).
+
+  Note: bumps are limited to `minor` (for packages with new public API
+  surface) and `patch` (for downstream consumers, license normalization,
+  and lint fixes). No `major` bumps despite the `PluginInstaller` removal —
+  the legacy interface had no third-party consumers in the wild before this
+  runtime plugin system landed, and the contract surface is the same shape
+  modulo the rename.
+
+## 0.7.0
+
+### Minor Changes
+
+- 8d1ef12: Phase 2 of anomaly detection: trend drift detection.
+
+  The background baseline analyzer now computes a linear regression slope across each field's chronologically-ordered history and runs a `detectDrift` evaluator that catches gradual "creeping degradation" never reaching the 3σ spike threshold. Drifts share the same `anomalies` table as spike anomalies via a new `kind` column (`spike` | `drift`, default `spike`); the existing suspicious → anomaly → recovered lifecycle is reused, ticking at the analyzer's hourly cadence with a default 2-run confirmation window.
+
+  User-facing additions: a Trend Drift toggle and threshold slider on both the template and assignment anomaly settings panels (with per-field overrides), drift rows in the System Anomaly widget, dashed regression-line overlays on the auto-generated line charts, and a new `ANOMALY_TREND_DETECTED` signal for live UI updates. Plugin authors can disable drift per chartable field via `x-anomaly-drift-enabled: false` or tighten/loosen it via `x-anomaly-drift-threshold`.
+
 ## 0.6.5
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "@checkstack/common",
-  "version": "0.6.5",
+  "version": "0.8.0",
+  "license": "Elastic-2.0",
   "type": "module",
   "main": "./src/index.ts",
   "types": "./src/index.ts",
@@ -18,11 +19,11 @@
   },
   "devDependencies": {
     "typescript": "^5.7.2",
-    "@checkstack/tsconfig": "0.0.5",
+    "@checkstack/tsconfig": "0.0.6",
     "@checkstack/scripts": "0.1.2"
   },
   "scripts": {
-    "typecheck": "tsc --noEmit",
+    "typecheck": "tsgo -b",
     "lint": "bun run lint:code",
     "lint:code": "eslint . --max-warnings 0"
   },

package/src/chart-types.ts

@@ -23,12 +23,9 @@ export type ChartType =
   | "status";
 
 /**
- * Metadata type for health check result schemas.
- * Provides autocompletion for chart-related metadata on result fields.
+ * Base metadata for all health check result schema fields.
  */
-export interface HealthResultMeta {
-  /** The type of chart to render for this field */
-  "x-chart-type"?: ChartType;
+export interface BaseHealthResultMeta {
   /** Human-readable label for the chart (defaults to field name) */
   "x-chart-label"?: string;
   /** Unit suffix for values (e.g., 'ms', '%', 'req/s') */
@@ -40,4 +37,65 @@ export interface HealthResultMeta {
    * Ephemeral fields are stripped before storing results in the database.
    */
   "x-ephemeral"?: boolean;
+  /**
+   * Sensitivity multiplier for this field (default: 1.0).
+   * Higher values = fewer alerts (wider threshold).
+   * Lower values = more alerts (tighter threshold).
+   * Applied as: threshold = μ ± (3σ × sensitivity)
+   */
+  "x-anomaly-sensitivity"?: number;
+  /**
+   * Override the default confirmation window for this field.
+   * Number of consecutive anomalous data points required before an alert is raised.
+   */
+  "x-anomaly-confirmation-window"?: number;
+  /**
+   * Enable trend drift detection for this field. Default true (when anomaly
+   * detection is enabled). Set false to suppress drift alerts but keep spike
+   * detection active.
+   */
+  "x-anomaly-drift-enabled"?: boolean;
+  /**
+   * Sigma multiplier on the drift trigger band (default 2). Drift fires when
+   * |slope × sampleCount| > threshold × σ × sensitivity.
+   */
+  "x-anomaly-drift-threshold"?: number;
+}
+
+/**
+ * Metadata for a field that exposes a chart AND has anomaly detection enabled.
+ */
+export interface ChartMetaAnomalyEnabled extends BaseHealthResultMeta {
+  "x-chart-type": ChartType;
+  "x-anomaly-enabled": true;
+  "x-anomaly-direction": "higher-is-better" | "lower-is-better" | "deviation" | "dominance";
 }
+
+/**
+ * Metadata for a field that exposes a chart but explicitly disables anomaly detection.
+ */
+export interface ChartMetaAnomalyDisabled extends BaseHealthResultMeta {
+  "x-chart-type": ChartType;
+  "x-anomaly-enabled": false;
+  "x-anomaly-direction"?: never;
+}
+
+/**
+ * Metadata for a field that does NOT expose a chart.
+ */
+export interface NonChartMeta extends BaseHealthResultMeta {
+  "x-chart-type"?: never;
+  "x-anomaly-enabled"?: never;
+  "x-anomaly-direction"?: never;
+}
+
+/**
+ * Metadata type for health check result schemas.
+ * Provides autocompletion and enforces that ANY field exposing a chart
+ * MUST explicitly define its anomaly behavior.
+ */
+export type HealthResultMeta = 
+  | ChartMetaAnomalyEnabled 
+  | ChartMetaAnomalyDisabled 
+  | NonChartMeta;
+

package/src/index.ts

@@ -2,6 +2,7 @@ export * from "./types";
 export * from "./pagination";
 export * from "./routes";
 export * from "./plugin-metadata";
+export * from "./plugin-source";
 export * from "./client-definition";
 export * from "./access-utils";
 export * from "./icons";

package/src/plugin-metadata.ts

@@ -1,3 +1,5 @@
+import { z } from "zod";
+
 /**
  * Plugin metadata interface for backend plugins.
  *
@@ -26,3 +28,103 @@ export interface PluginMetadata {
 export function definePluginMetadata<T extends PluginMetadata>(metadata: T): T {
   return metadata;
 }
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Install-time metadata (validated when a plugin is installed at runtime)
+// ─────────────────────────────────────────────────────────────────────────────
+
+export const pluginPackageTypeSchema = z.enum(["backend", "frontend", "common"]);
+export type PluginPackageType = z.infer<typeof pluginPackageTypeSchema>;
+
+/**
+ * Author shape — matches standard package.json `author` / `contributors`
+ * (string OR object form).
+ */
+export const pluginAuthorSchema = z.union([
+  z.string().min(1),
+  z.object({
+    name: z.string().min(1),
+    email: z.string().email().optional(),
+    url: z.string().url().optional(),
+  }),
+]);
+export type PluginAuthor = z.infer<typeof pluginAuthorSchema>;
+
+/**
+ * `package.json#checkstack` block schema.
+ *
+ * Required:
+ * - `type`: which kind of package this is.
+ * - `pluginId`: the runtime plugin id (must match the source const).
+ *
+ * Optional:
+ * - `bundle`: list of sibling package names that must install/uninstall together.
+ *   Set on the *primary* package only.
+ * - `usageInstructions`: markdown shown in the install UI.
+ * - `allowInstallScripts`: opt in to running `postinstall` etc. for this plugin's
+ *   `bun install`. Default false (we pass `--ignore-scripts`).
+ */
+export const pluginCheckstackBlockSchema = z.object({
+  type: pluginPackageTypeSchema,
+  pluginId: z.string().min(1).optional(),
+  bundle: z.array(z.string().min(1)).optional(),
+  usageInstructions: z.string().optional(),
+  allowInstallScripts: z.boolean().optional(),
+});
+export type PluginCheckstackBlock = z.infer<typeof pluginCheckstackBlockSchema>;
+
+/**
+ * Schema applied to the *full* package.json of a plugin at install time.
+ *
+ * We re-use standard package.json fields (name, version, description, author,
+ * license, homepage, repository) and only require what's strictly necessary
+ * for displaying + validating an installable plugin. Compatibility is *not*
+ * declared explicitly — it's derived from the `dependencies` section at
+ * install time (semver.satisfies against the platform's loaded
+ * `@checkstack/*` package versions).
+ */
+export const installPackageMetadataSchema = z.object({
+  name: z.string().min(1, "package.json `name` is required"),
+  version: z.string().min(1, "package.json `version` is required"),
+  description: z.string().min(1, "package.json `description` is required"),
+  author: pluginAuthorSchema,
+  contributors: z.array(pluginAuthorSchema).optional(),
+  license: z.string().min(1, "package.json `license` is required"),
+  homepage: z.string().url().optional(),
+  repository: z
+    .union([
+      z.string(),
+      z.object({
+        type: z.string().optional(),
+        url: z.string(),
+      }),
+    ])
+    .optional(),
+  dependencies: z.record(z.string(), z.string()).optional(),
+  peerDependencies: z.record(z.string(), z.string()).optional(),
+  checkstack: pluginCheckstackBlockSchema,
+});
+export type InstallPackageMetadata = z.infer<typeof installPackageMetadataSchema>;
+
+/**
+ * Bundle manifest written into a `--bundle`-mode tarball.
+ *
+ * Structure:
+ *   bundle.tgz
+ *     bundle.json                ← this manifest
+ *     packages/
+ *       <pkg-1>-<version>.tgz
+ *       <pkg-2>-<version>.tgz
+ */
+export const pluginBundleManifestSchema = z.object({
+  bundleVersion: z.literal(1),
+  primary: z.string().min(1),
+  packages: z.array(
+    z.object({
+      name: z.string().min(1),
+      version: z.string().min(1),
+      tarball: z.string().min(1), // path inside the outer tarball
+    }),
+  ),
+});
+export type PluginBundleManifest = z.infer<typeof pluginBundleManifestSchema>;

package/src/plugin-source.ts

@@ -0,0 +1,73 @@
+import { z } from "zod";
+
+// ─────────────────────────────────────────────────────────────────────────────
+// PluginSource — discriminated union describing where a plugin came from.
+// One installer per `type`. Persisted on the `plugins` row so fresh-instance
+// bootstrap and reinstall can recreate the artifact from the same source.
+//
+// Lives in `@checkstack/common` (not `backend-api`) so it can be referenced
+// from contracts (which must remain importable from frontend & common
+// packages).
+// ─────────────────────────────────────────────────────────────────────────────
+
+export const npmPluginSourceSchema = z.object({
+  type: z.literal("npm"),
+  packageName: z.string().min(1),
+  version: z.string().optional(),
+  registry: z.string().url().optional(),
+});
+export type NpmPluginSource = z.infer<typeof npmPluginSourceSchema>;
+
+export const tarballPluginSourceSchema = z.object({
+  type: z.literal("tarball"),
+  /**
+   * The plugin_artifacts row id. The tarball bytes themselves live in
+   * Postgres — only the artifact reference is stored on the `plugins` row.
+   * On fresh-instance bootstrap, this is what's used to re-fetch the bytes.
+   */
+  artifactId: z.string().min(1),
+  /** Original filename for display in the UI. */
+  filename: z.string().optional(),
+});
+export type TarballPluginSource = z.infer<typeof tarballPluginSourceSchema>;
+
+export const githubPluginSourceSchema = z.object({
+  type: z.literal("github"),
+  owner: z.string().min(1),
+  repo: z.string().min(1),
+  tag: z.string().min(1),
+  /**
+   * Optional explicit asset filename. When omitted, the installer picks the
+   * single `.tgz` asset on the release (and errors if there are zero or many).
+   */
+  assetName: z.string().optional(),
+  /**
+   * Optional API base URL for GitHub Enterprise installs (e.g.
+   * `https://github.example.com/api/v3`). When omitted, the public
+   * `https://api.github.com` endpoint is used. Asset download URLs are
+   * always taken from the release response, so they automatically point
+   * at the same host as the API.
+   */
+  apiBaseUrl: z.string().url().optional(),
+  /**
+   * Optional name of an env var holding a Personal Access Token. Defaults
+   * to `GITHUB_TOKEN`. Useful when the platform needs to talk to several
+   * different GitHub instances with different tokens.
+   */
+  tokenEnvVar: z.string().optional(),
+});
+export type GithubPluginSource = z.infer<typeof githubPluginSourceSchema>;
+
+export const catalogPluginSourceSchema = z.object({
+  type: z.literal("catalog"),
+  catalogId: z.string().min(1),
+});
+export type CatalogPluginSource = z.infer<typeof catalogPluginSourceSchema>;
+
+export const pluginSourceSchema = z.discriminatedUnion("type", [
+  npmPluginSourceSchema,
+  tarballPluginSourceSchema,
+  githubPluginSourceSchema,
+  catalogPluginSourceSchema,
+]);
+export type PluginSource = z.infer<typeof pluginSourceSchema>;

package/tsconfig.json

@@ -3,4 +3,4 @@
   "include": [
     "src"
   ]
-}
+}