@checkstack/common 0.7.0 → 0.9.0

package/CHANGELOG.md

@@ -1,5 +1,117 @@
 # @checkstack/common
 
+## 0.9.0
+
+### Minor Changes
+
+- 42abfff: Add practical-significance floors to anomaly detection.
+
+  Two new schema annotations — `x-anomaly-min-absolute-delta` and `x-anomaly-min-relative-delta` — let plugin authors and operators suppress alerts whose statistical deviation is large but practical impact is negligible. Both floors must clear in addition to the existing μ ± Nσ trigger; defaults are 0 (disabled) so existing behaviour is unchanged.
+
+  This is the fix for cases like a 6 ms latency baseline whose σ ≈ 1 ms causes routine 20 ms blips to fire as anomalies despite Δ=14 ms being operationally irrelevant. With `min-absolute-delta: 50` and `min-relative-delta: 0.5`, those blips stay silent while a 6 ms → 200 ms spike still fires.
+
+  Built-in plugins ship with sensible defaults applied to every per-run field: 50 ms + 50 % for ms-unit fields, 5 percentage points for `%`-unit fields, 1 + 25 % for counter fields, 1 GB + 5 % for disk fields, 50 MB + 10 % for memory fields, 1 day for TLS expiry, 0.5 + 25 % for load average, 1 + 5 % for Minecraft TPS. Operators can override per-system or per-field via the assignment UI.
+
+## 0.8.0
+
+### Minor Changes
+
+- 50e5f5f: Runtime plugin system: install + uninstall plugins from npm, GitHub releases
+  (including private GitHub Enterprise instances), or tarball uploads at
+  runtime, with multi-package bundles, dependency-derived compatibility checks,
+  multi-instance coordination via a Postgres artifact store, and
+  single-coordinator destructive cleanup.
+
+  Highlights:
+
+  - New `PluginSource` discriminated union and `PluginInstaller` /
+    `PluginInstallerRegistry` interfaces in `@checkstack/backend-api`. The
+    GitHub variant accepts an optional `apiBaseUrl` so deployments backed by
+    GitHub Enterprise can install from `https://ghe.example.com/api/v3`
+    instead of `api.github.com`.
+  - New `installPackageMetadataSchema` (Zod) in `@checkstack/common` validates
+    every plugin's `package.json` at install time. Required fields: `name`,
+    `version`, `description`, `author`, `license`, `checkstack.type`,
+    `checkstack.pluginId`. Optional: `checkstack.bundle`,
+    `checkstack.usageInstructions`, `checkstack.allowInstallScripts`.
+  - New `pluginManagerContract` in `@checkstack/pluginmanager-common` with
+    `list`, `previewInstall`, `install`, `previewUninstall`, `uninstall`, and
+    `events` procedures.
+  - New `@checkstack/pluginmanager-frontend` admin UI: installed-plugins list
+    with per-row uninstall (typed-confirmation modal, schema/configs/cascade
+    toggles), install page with NPM / Tarball Upload / GitHub Release tabs
+    (Catalog tab disabled — coming soon), and an events page surfacing the
+    install/uninstall audit log.
+  - New `bunx @checkstack/scripts plugin-pack` CLI for plugin authors —
+    per-package mode produces an npm-shaped tarball; `--bundle` mode produces
+    an outer tarball containing every sibling declared in
+    `package.json#checkstack.bundle`. Published to npm so external authors
+    can `bunx` it directly without a workspace checkout.
+  - Compatibility derived from `package.json#dependencies` ranges
+    (`semver.satisfies` against the platform's loaded `@checkstack/*`
+    versions) — no separate `compatibility` field.
+  - Multi-instance: originator persists artifacts + `plugins` rows + broadcasts
+    install/uninstall; receiving instances do in-process register/unregister
+    only. Destructive ops (drop schema, delete plugin_configs, delete
+    artifacts, delete `plugins` rows) run exactly once on the originator.
+  - Fresh-instance bootstrap: `loadPlugins()` hydrates any
+    `is_uninstallable=true` plugin missing from `node_modules` from the
+    artifact store before normal Phase 1 register.
+  - New schema: `plugin_artifacts` (tarball storage), `plugin_install_events`
+    (audit/error log). `plugins` extended with `version`, `metadata`,
+    `source`, `bundle_id`, `is_primary`. Local plugin sync now writes
+    `version` from each plugin's `package.json` so the admin UI shows real
+    versions instead of `—`.
+  - Tarball-upload endpoint (`POST /api/pluginmanager/upload-tarball`) for
+    the install UI; access-gated by `pluginmanager.plugin.manage`.
+  - Plugin Manager menu link added to the user menu (main grid, alongside
+    Profile / Notification Settings / etc.).
+
+  Cross-cutting changes:
+
+  - Backend request/response logging now flows through `rootLogger` (winston)
+    instead of `hono/logger`. 5xx responses include the response body inline
+    so swallowed early-return errors are visible in the log.
+  - The `/api/:pluginId/*` dispatcher now logs which core service is missing
+    or which `pluginId` had no metadata when it 500s.
+  - New `registerCorePluginMetadata` on `PluginManager` for core routers
+    (like the plugin manager itself) that need their metadata visible to the
+    RPC dispatcher without going through the full plugin lifecycle.
+  - ESLint: `unicorn/no-null` is now disabled globally. Drizzle distinguishes
+    between `null` (writes a real SQL NULL) and `undefined` (skip the column
+    on insert), so treating them as interchangeable produced latent bugs at
+    the persistence boundary. The bulk of the patch-bumped packages above
+    reflect lint-fix touches that landed when this rule was relaxed.
+  - Workspace-wide license normalization to `Elastic-2.0` (matches
+    `LICENSE.md`). Every `package.json` in the workspace now declares the
+    same SPDX identifier; the patch bumps capture this.
+
+  Plugin packages (every `plugins/*`): added a `pack` npm script
+  (`bunx @checkstack/scripts plugin-pack`), mirrored each plugin's
+  `pluginId` from `plugin-metadata.ts` into `package.json#checkstack.pluginId`
+  so install-time validation passes, stubbed any missing required metadata
+  fields (`description`, `author`, `license`), and added
+  `checkstack.bundle` to multi-package plugin primaries (telegram, rcon, ssh,
+  jira, queue-bullmq, queue-memory, cache-memory).
+
+  Breaking changes:
+
+  - The legacy single-method `PluginInstaller` interface (`install(packageName)`)
+    is removed. Callers must use `coreServices.pluginInstallerRegistry`.
+  - The old `pluginAdminContract` and `createPluginAdminRouter` are removed.
+    Replaced by `pluginManagerContract` in `@checkstack/pluginmanager-common`
+    and `createPluginManagerRouter` in `core/backend`.
+  - `@checkstack/test-utils-backend` no longer exports
+    `createMockPluginInstaller` / `MockPluginInstaller` (the legacy interface
+    it shimmed is gone).
+
+  Note: bumps are limited to `minor` (for packages with new public API
+  surface) and `patch` (for downstream consumers, license normalization,
+  and lint fixes). No `major` bumps despite the `PluginInstaller` removal —
+  the legacy interface had no third-party consumers in the wild before this
+  runtime plugin system landed, and the contract surface is the same shape
+  modulo the rename.
+
 ## 0.7.0
 
 ### Minor Changes

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "@checkstack/common",
-  "version": "0.7.0",
+  "version": "0.9.0",
+  "license": "Elastic-2.0",
   "type": "module",
   "main": "./src/index.ts",
   "types": "./src/index.ts",
@@ -18,11 +19,11 @@
   },
   "devDependencies": {
     "typescript": "^5.7.2",
-    "@checkstack/tsconfig": "0.0.5",
-    "@checkstack/scripts": "0.1.2"
+    "@checkstack/tsconfig": "0.0.7",
+    "@checkstack/scripts": "0.3.0"
   },
   "scripts": {
-    "typecheck": "tsc --noEmit",
+    "typecheck": "tsgo -b",
     "lint": "bun run lint:code",
     "lint:code": "eslint . --max-warnings 0"
   },

package/src/chart-types.ts

@@ -22,6 +22,18 @@ export type ChartType =
   | "text"
   | "status";
 
+/**
+ * Numeric anomaly directions — these operate on a μ ± Nσ statistical band
+ * over a continuous metric, so practical-significance floors apply.
+ */
+export type NumericAnomalyDirection =
+  | "higher-is-better"
+  | "lower-is-better"
+  | "deviation";
+
+/** Categorical anomaly direction — fires on dominance flips, no σ band. */
+export type CategoricalAnomalyDirection = "dominance";
+
 /**
  * Base metadata for all health check result schema fields.
  */
@@ -63,14 +75,56 @@ export interface BaseHealthResultMeta {
 }
 
 /**
- * Metadata for a field that exposes a chart AND has anomaly detection enabled.
+ * Metadata for a chartable field with numeric anomaly detection.
+ * Carries the practical-significance floors (`x-anomaly-min-*-delta`)
+ * because they only make sense against a μ ± Nσ band.
+ */
+export interface ChartMetaAnomalyNumeric extends BaseHealthResultMeta {
+  "x-chart-type": ChartType;
+  "x-anomaly-enabled": true;
+  "x-anomaly-direction": NumericAnomalyDirection;
+  /**
+   * Practical-significance floor on absolute deviation. Default 0 (disabled).
+   * An anomaly only fires when |value − μ| ≥ this floor — even if the
+   * statistical trigger (μ ± Nσ) is exceeded. Use to suppress alerts on
+   * statistically-unusual but operationally-irrelevant swings on
+   * low-baseline metrics (e.g. 6 ms → 20 ms latency).
+   * Same field unit as the metric itself.
+   */
+  "x-anomaly-min-absolute-delta"?: number;
+  /**
+   * Practical-significance floor on relative deviation. Default 0 (disabled).
+   * An anomaly only fires when |value − μ| / max(|μ|, ε) ≥ this floor — even
+   * if the statistical trigger is exceeded. Expressed as a fraction
+   * (e.g. 0.5 = 50%). Use to suppress alerts whose proportional change is
+   * small on high-magnitude metrics.
+   */
+  "x-anomaly-min-relative-delta"?: number;
+}
+
+/**
+ * Metadata for a chartable field with categorical (dominance) anomaly
+ * detection. Practical-significance floors are deliberately disallowed
+ * because they have no meaning against a categorical baseline — there's
+ * no μ to subtract from.
  */
-export interface ChartMetaAnomalyEnabled extends BaseHealthResultMeta {
+export interface ChartMetaAnomalyCategorical extends BaseHealthResultMeta {
   "x-chart-type": ChartType;
   "x-anomaly-enabled": true;
-  "x-anomaly-direction": "higher-is-better" | "lower-is-better" | "deviation" | "dominance";
+  "x-anomaly-direction": CategoricalAnomalyDirection;
+  "x-anomaly-min-absolute-delta"?: never;
+  "x-anomaly-min-relative-delta"?: never;
 }
 
+/**
+ * Union of the two anomaly-enabled variants. Kept for back-compat with
+ * existing callers — new code should narrow against the discriminated
+ * union directly via `x-anomaly-direction`.
+ */
+export type ChartMetaAnomalyEnabled =
+  | ChartMetaAnomalyNumeric
+  | ChartMetaAnomalyCategorical;
+
 /**
  * Metadata for a field that exposes a chart but explicitly disables anomaly detection.
  */
@@ -78,6 +132,8 @@ export interface ChartMetaAnomalyDisabled extends BaseHealthResultMeta {
   "x-chart-type": ChartType;
   "x-anomaly-enabled": false;
   "x-anomaly-direction"?: never;
+  "x-anomaly-min-absolute-delta"?: never;
+  "x-anomaly-min-relative-delta"?: never;
 }
 
 /**
@@ -87,6 +143,8 @@ export interface NonChartMeta extends BaseHealthResultMeta {
   "x-chart-type"?: never;
   "x-anomaly-enabled"?: never;
   "x-anomaly-direction"?: never;
+  "x-anomaly-min-absolute-delta"?: never;
+  "x-anomaly-min-relative-delta"?: never;
 }
 
 /**
@@ -94,8 +152,8 @@ export interface NonChartMeta extends BaseHealthResultMeta {
  * Provides autocompletion and enforces that ANY field exposing a chart
  * MUST explicitly define its anomaly behavior.
  */
-export type HealthResultMeta = 
-  | ChartMetaAnomalyEnabled 
-  | ChartMetaAnomalyDisabled 
+export type HealthResultMeta =
+  | ChartMetaAnomalyNumeric
+  | ChartMetaAnomalyCategorical
+  | ChartMetaAnomalyDisabled
   | NonChartMeta;
-

package/src/index.ts

@@ -2,6 +2,7 @@ export * from "./types";
 export * from "./pagination";
 export * from "./routes";
 export * from "./plugin-metadata";
+export * from "./plugin-source";
 export * from "./client-definition";
 export * from "./access-utils";
 export * from "./icons";

package/src/plugin-metadata.ts

@@ -1,3 +1,5 @@
+import { z } from "zod";
+
 /**
  * Plugin metadata interface for backend plugins.
  *
@@ -26,3 +28,103 @@ export interface PluginMetadata {
 export function definePluginMetadata<T extends PluginMetadata>(metadata: T): T {
   return metadata;
 }
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Install-time metadata (validated when a plugin is installed at runtime)
+// ─────────────────────────────────────────────────────────────────────────────
+
+export const pluginPackageTypeSchema = z.enum(["backend", "frontend", "common"]);
+export type PluginPackageType = z.infer<typeof pluginPackageTypeSchema>;
+
+/**
+ * Author shape — matches standard package.json `author` / `contributors`
+ * (string OR object form).
+ */
+export const pluginAuthorSchema = z.union([
+  z.string().min(1),
+  z.object({
+    name: z.string().min(1),
+    email: z.string().email().optional(),
+    url: z.string().url().optional(),
+  }),
+]);
+export type PluginAuthor = z.infer<typeof pluginAuthorSchema>;
+
+/**
+ * `package.json#checkstack` block schema.
+ *
+ * Required:
+ * - `type`: which kind of package this is.
+ * - `pluginId`: the runtime plugin id (must match the source const).
+ *
+ * Optional:
+ * - `bundle`: list of sibling package names that must install/uninstall together.
+ *   Set on the *primary* package only.
+ * - `usageInstructions`: markdown shown in the install UI.
+ * - `allowInstallScripts`: opt in to running `postinstall` etc. for this plugin's
+ *   `bun install`. Default false (we pass `--ignore-scripts`).
+ */
+export const pluginCheckstackBlockSchema = z.object({
+  type: pluginPackageTypeSchema,
+  pluginId: z.string().min(1).optional(),
+  bundle: z.array(z.string().min(1)).optional(),
+  usageInstructions: z.string().optional(),
+  allowInstallScripts: z.boolean().optional(),
+});
+export type PluginCheckstackBlock = z.infer<typeof pluginCheckstackBlockSchema>;
+
+/**
+ * Schema applied to the *full* package.json of a plugin at install time.
+ *
+ * We re-use standard package.json fields (name, version, description, author,
+ * license, homepage, repository) and only require what's strictly necessary
+ * for displaying + validating an installable plugin. Compatibility is *not*
+ * declared explicitly — it's derived from the `dependencies` section at
+ * install time (semver.satisfies against the platform's loaded
+ * `@checkstack/*` package versions).
+ */
+export const installPackageMetadataSchema = z.object({
+  name: z.string().min(1, "package.json `name` is required"),
+  version: z.string().min(1, "package.json `version` is required"),
+  description: z.string().min(1, "package.json `description` is required"),
+  author: pluginAuthorSchema,
+  contributors: z.array(pluginAuthorSchema).optional(),
+  license: z.string().min(1, "package.json `license` is required"),
+  homepage: z.string().url().optional(),
+  repository: z
+    .union([
+      z.string(),
+      z.object({
+        type: z.string().optional(),
+        url: z.string(),
+      }),
+    ])
+    .optional(),
+  dependencies: z.record(z.string(), z.string()).optional(),
+  peerDependencies: z.record(z.string(), z.string()).optional(),
+  checkstack: pluginCheckstackBlockSchema,
+});
+export type InstallPackageMetadata = z.infer<typeof installPackageMetadataSchema>;
+
+/**
+ * Bundle manifest written into a `--bundle`-mode tarball.
+ *
+ * Structure:
+ *   bundle.tgz
+ *     bundle.json                ← this manifest
+ *     packages/
+ *       <pkg-1>-<version>.tgz
+ *       <pkg-2>-<version>.tgz
+ */
+export const pluginBundleManifestSchema = z.object({
+  bundleVersion: z.literal(1),
+  primary: z.string().min(1),
+  packages: z.array(
+    z.object({
+      name: z.string().min(1),
+      version: z.string().min(1),
+      tarball: z.string().min(1), // path inside the outer tarball
+    }),
+  ),
+});
+export type PluginBundleManifest = z.infer<typeof pluginBundleManifestSchema>;

package/src/plugin-source.ts

@@ -0,0 +1,73 @@
+import { z } from "zod";
+
+// ─────────────────────────────────────────────────────────────────────────────
+// PluginSource — discriminated union describing where a plugin came from.
+// One installer per `type`. Persisted on the `plugins` row so fresh-instance
+// bootstrap and reinstall can recreate the artifact from the same source.
+//
+// Lives in `@checkstack/common` (not `backend-api`) so it can be referenced
+// from contracts (which must remain importable from frontend & common
+// packages).
+// ─────────────────────────────────────────────────────────────────────────────
+
+export const npmPluginSourceSchema = z.object({
+  type: z.literal("npm"),
+  packageName: z.string().min(1),
+  version: z.string().optional(),
+  registry: z.string().url().optional(),
+});
+export type NpmPluginSource = z.infer<typeof npmPluginSourceSchema>;
+
+export const tarballPluginSourceSchema = z.object({
+  type: z.literal("tarball"),
+  /**
+   * The plugin_artifacts row id. The tarball bytes themselves live in
+   * Postgres — only the artifact reference is stored on the `plugins` row.
+   * On fresh-instance bootstrap, this is what's used to re-fetch the bytes.
+   */
+  artifactId: z.string().min(1),
+  /** Original filename for display in the UI. */
+  filename: z.string().optional(),
+});
+export type TarballPluginSource = z.infer<typeof tarballPluginSourceSchema>;
+
+export const githubPluginSourceSchema = z.object({
+  type: z.literal("github"),
+  owner: z.string().min(1),
+  repo: z.string().min(1),
+  tag: z.string().min(1),
+  /**
+   * Optional explicit asset filename. When omitted, the installer picks the
+   * single `.tgz` asset on the release (and errors if there are zero or many).
+   */
+  assetName: z.string().optional(),
+  /**
+   * Optional API base URL for GitHub Enterprise installs (e.g.
+   * `https://github.example.com/api/v3`). When omitted, the public
+   * `https://api.github.com` endpoint is used. Asset download URLs are
+   * always taken from the release response, so they automatically point
+   * at the same host as the API.
+   */
+  apiBaseUrl: z.string().url().optional(),
+  /**
+   * Optional name of an env var holding a Personal Access Token. Defaults
+   * to `GITHUB_TOKEN`. Useful when the platform needs to talk to several
+   * different GitHub instances with different tokens.
+   */
+  tokenEnvVar: z.string().optional(),
+});
+export type GithubPluginSource = z.infer<typeof githubPluginSourceSchema>;
+
+export const catalogPluginSourceSchema = z.object({
+  type: z.literal("catalog"),
+  catalogId: z.string().min(1),
+});
+export type CatalogPluginSource = z.infer<typeof catalogPluginSourceSchema>;
+
+export const pluginSourceSchema = z.discriminatedUnion("type", [
+  npmPluginSourceSchema,
+  tarballPluginSourceSchema,
+  githubPluginSourceSchema,
+  catalogPluginSourceSchema,
+]);
+export type PluginSource = z.infer<typeof pluginSourceSchema>;

package/tsconfig.json

@@ -3,4 +3,4 @@
   "include": [
     "src"
   ]
-}
+}