@checkstack/incident-backend 1.0.1 → 1.1.0

package/CHANGELOG.md

@@ -1,5 +1,171 @@
 # @checkstack/incident-backend
 
+## 1.1.0
+
+### Minor Changes
+
+- 1ef2e79: feat: hotlinks on incidents/maintenances and additional links on systems
+
+  Users with `manage` access on an incident, maintenance, or system can now
+  attach free-form URL "hotlinks" — Jira tickets, runbooks, dashboards, ticket
+  tools, etc. — alongside the existing fields.
+
+  - **Incidents** & **maintenances**: links live on the entity itself and are
+    surfaced both in the editor dialog and on the public detail page. Two new
+    RPC procedures per plugin (`addLink`, `removeLink`) gated behind the
+    existing `manage` access rule. Links are returned as part of
+    `getIncident` / `getMaintenance` and cache-invalidated on every link
+    mutation.
+  - **Systems**: a parallel `system_links` table with `getSystemLinks`,
+    `addSystemLink`, `removeSystemLink` procedures. Surfaced inside the
+    system editor (next to contacts) and on the read-only system detail
+    sidebar. Cache-scoped per-system so list endpoints remain hot.
+  - **Shared UI**: a `LinksEditor` component in `@checkstack/ui` does the
+    presentation; the three plugins each own their own RPC wiring.
+
+  Database changes ship as additive migrations (new `incident_links`,
+  `maintenance_links`, `system_links` tables, all FK-cascaded on parent
+  delete). No existing columns or rows are touched.
+
+  The system incident and maintenance history pages now sort by relevance:
+  active entries (non-`resolved` incidents, `scheduled` or `in_progress`
+  maintenances) appear at the top, with creation date descending as the
+  tiebreaker.
+
+### Patch Changes
+
+- Updated dependencies [42abfff]
+- Updated dependencies [1ef2e79]
+- Updated dependencies [aa89bc5]
+  - @checkstack/common@0.9.0
+  - @checkstack/incident-common@1.1.0
+  - @checkstack/catalog-common@2.1.0
+  - @checkstack/catalog-backend@1.1.0
+  - @checkstack/cache-api@0.3.0
+  - @checkstack/auth-common@0.6.6
+  - @checkstack/backend-api@0.15.1
+  - @checkstack/command-backend@0.1.25
+  - @checkstack/integration-backend@0.1.25
+  - @checkstack/integration-common@0.3.2
+  - @checkstack/notification-common@1.0.2
+  - @checkstack/signal-common@0.2.2
+  - @checkstack/cache-utils@0.2.5
+
+## 1.0.2
+
+### Patch Changes
+
+- 50e5f5f: Runtime plugin system: install + uninstall plugins from npm, GitHub releases
+  (including private GitHub Enterprise instances), or tarball uploads at
+  runtime, with multi-package bundles, dependency-derived compatibility checks,
+  multi-instance coordination via a Postgres artifact store, and
+  single-coordinator destructive cleanup.
+
+  Highlights:
+
+  - New `PluginSource` discriminated union and `PluginInstaller` /
+    `PluginInstallerRegistry` interfaces in `@checkstack/backend-api`. The
+    GitHub variant accepts an optional `apiBaseUrl` so deployments backed by
+    GitHub Enterprise can install from `https://ghe.example.com/api/v3`
+    instead of `api.github.com`.
+  - New `installPackageMetadataSchema` (Zod) in `@checkstack/common` validates
+    every plugin's `package.json` at install time. Required fields: `name`,
+    `version`, `description`, `author`, `license`, `checkstack.type`,
+    `checkstack.pluginId`. Optional: `checkstack.bundle`,
+    `checkstack.usageInstructions`, `checkstack.allowInstallScripts`.
+  - New `pluginManagerContract` in `@checkstack/pluginmanager-common` with
+    `list`, `previewInstall`, `install`, `previewUninstall`, `uninstall`, and
+    `events` procedures.
+  - New `@checkstack/pluginmanager-frontend` admin UI: installed-plugins list
+    with per-row uninstall (typed-confirmation modal, schema/configs/cascade
+    toggles), install page with NPM / Tarball Upload / GitHub Release tabs
+    (Catalog tab disabled — coming soon), and an events page surfacing the
+    install/uninstall audit log.
+  - New `bunx @checkstack/scripts plugin-pack` CLI for plugin authors —
+    per-package mode produces an npm-shaped tarball; `--bundle` mode produces
+    an outer tarball containing every sibling declared in
+    `package.json#checkstack.bundle`. Published to npm so external authors
+    can `bunx` it directly without a workspace checkout.
+  - Compatibility derived from `package.json#dependencies` ranges
+    (`semver.satisfies` against the platform's loaded `@checkstack/*`
+    versions) — no separate `compatibility` field.
+  - Multi-instance: originator persists artifacts + `plugins` rows + broadcasts
+    install/uninstall; receiving instances do in-process register/unregister
+    only. Destructive ops (drop schema, delete plugin_configs, delete
+    artifacts, delete `plugins` rows) run exactly once on the originator.
+  - Fresh-instance bootstrap: `loadPlugins()` hydrates any
+    `is_uninstallable=true` plugin missing from `node_modules` from the
+    artifact store before normal Phase 1 register.
+  - New schema: `plugin_artifacts` (tarball storage), `plugin_install_events`
+    (audit/error log). `plugins` extended with `version`, `metadata`,
+    `source`, `bundle_id`, `is_primary`. Local plugin sync now writes
+    `version` from each plugin's `package.json` so the admin UI shows real
+    versions instead of `—`.
+  - Tarball-upload endpoint (`POST /api/pluginmanager/upload-tarball`) for
+    the install UI; access-gated by `pluginmanager.plugin.manage`.
+  - Plugin Manager menu link added to the user menu (main grid, alongside
+    Profile / Notification Settings / etc.).
+
+  Cross-cutting changes:
+
+  - Backend request/response logging now flows through `rootLogger` (winston)
+    instead of `hono/logger`. 5xx responses include the response body inline
+    so swallowed early-return errors are visible in the log.
+  - The `/api/:pluginId/*` dispatcher now logs which core service is missing
+    or which `pluginId` had no metadata when it 500s.
+  - New `registerCorePluginMetadata` on `PluginManager` for core routers
+    (like the plugin manager itself) that need their metadata visible to the
+    RPC dispatcher without going through the full plugin lifecycle.
+  - ESLint: `unicorn/no-null` is now disabled globally. Drizzle distinguishes
+    between `null` (writes a real SQL NULL) and `undefined` (skip the column
+    on insert), so treating them as interchangeable produced latent bugs at
+    the persistence boundary. The bulk of the patch-bumped packages above
+    reflect lint-fix touches that landed when this rule was relaxed.
+  - Workspace-wide license normalization to `Elastic-2.0` (matches
+    `LICENSE.md`). Every `package.json` in the workspace now declares the
+    same SPDX identifier; the patch bumps capture this.
+
+  Plugin packages (every `plugins/*`): added a `pack` npm script
+  (`bunx @checkstack/scripts plugin-pack`), mirrored each plugin's
+  `pluginId` from `plugin-metadata.ts` into `package.json#checkstack.pluginId`
+  so install-time validation passes, stubbed any missing required metadata
+  fields (`description`, `author`, `license`), and added
+  `checkstack.bundle` to multi-package plugin primaries (telegram, rcon, ssh,
+  jira, queue-bullmq, queue-memory, cache-memory).
+
+  Breaking changes:
+
+  - The legacy single-method `PluginInstaller` interface (`install(packageName)`)
+    is removed. Callers must use `coreServices.pluginInstallerRegistry`.
+  - The old `pluginAdminContract` and `createPluginAdminRouter` are removed.
+    Replaced by `pluginManagerContract` in `@checkstack/pluginmanager-common`
+    and `createPluginManagerRouter` in `core/backend`.
+  - `@checkstack/test-utils-backend` no longer exports
+    `createMockPluginInstaller` / `MockPluginInstaller` (the legacy interface
+    it shimmed is gone).
+
+  Note: bumps are limited to `minor` (for packages with new public API
+  surface) and `patch` (for downstream consumers, license normalization,
+  and lint fixes). No `major` bumps despite the `PluginInstaller` removal —
+  the legacy interface had no third-party consumers in the wild before this
+  runtime plugin system landed, and the contract surface is the same shape
+  modulo the rename.
+
+- Updated dependencies [50e5f5f]
+  - @checkstack/auth-common@0.6.5
+  - @checkstack/backend-api@0.15.0
+  - @checkstack/catalog-backend@1.0.2
+  - @checkstack/catalog-common@2.0.1
+  - @checkstack/common@0.8.0
+  - @checkstack/integration-common@0.3.1
+  - @checkstack/cache-api@0.2.4
+  - @checkstack/cache-utils@0.2.4
+  - @checkstack/command-backend@0.1.24
+  - @checkstack/incident-common@1.0.1
+  - @checkstack/integration-backend@0.1.24
+  - @checkstack/notification-common@1.0.1
+  - @checkstack/signal-common@0.2.1
+
 ## 1.0.1
 
 ### Patch Changes

package/drizzle/0002_brown_thena.sql

@@ -0,0 +1,9 @@
+CREATE TABLE "incident_links" (
+	"id" text PRIMARY KEY NOT NULL,
+	"incident_id" text NOT NULL,
+	"label" text,
+	"url" text NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "incident_links" ADD CONSTRAINT "incident_links_incident_id_incidents_id_fk" FOREIGN KEY ("incident_id") REFERENCES "incidents"("id") ON DELETE cascade ON UPDATE no action;

package/drizzle/meta/0002_snapshot.json

@@ -0,0 +1,278 @@
+{
+  "id": "0c166fdf-4881-4230-a0b3-50b6c4b89e16",
+  "prevId": "e53ec0d1-e4c4-45cb-b45d-7ac3c1317744",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.incident_links": {
+      "name": "incident_links",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "incident_id": {
+          "name": "incident_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "incident_links_incident_id_incidents_id_fk": {
+          "name": "incident_links_incident_id_incidents_id_fk",
+          "tableFrom": "incident_links",
+          "tableTo": "incidents",
+          "columnsFrom": [
+            "incident_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.incident_systems": {
+      "name": "incident_systems",
+      "schema": "",
+      "columns": {
+        "incident_id": {
+          "name": "incident_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "system_id": {
+          "name": "system_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "incident_systems_incident_id_incidents_id_fk": {
+          "name": "incident_systems_incident_id_incidents_id_fk",
+          "tableFrom": "incident_systems",
+          "tableTo": "incidents",
+          "columnsFrom": [
+            "incident_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "incident_systems_incident_id_system_id_pk": {
+          "name": "incident_systems_incident_id_system_id_pk",
+          "columns": [
+            "incident_id",
+            "system_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.incident_updates": {
+      "name": "incident_updates",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "incident_id": {
+          "name": "incident_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "message": {
+          "name": "message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status_change": {
+          "name": "status_change",
+          "type": "incident_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "incident_updates_incident_id_incidents_id_fk": {
+          "name": "incident_updates_incident_id_incidents_id_fk",
+          "tableFrom": "incident_updates",
+          "tableTo": "incidents",
+          "columnsFrom": [
+            "incident_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.incidents": {
+      "name": "incidents",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "incident_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'investigating'"
+        },
+        "severity": {
+          "name": "severity",
+          "type": "incident_severity",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'major'"
+        },
+        "suppress_notifications": {
+          "name": "suppress_notifications",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {
+    "public.incident_severity": {
+      "name": "incident_severity",
+      "schema": "public",
+      "values": [
+        "minor",
+        "major",
+        "critical"
+      ]
+    },
+    "public.incident_status": {
+      "name": "incident_status",
+      "schema": "public",
+      "values": [
+        "investigating",
+        "identified",
+        "fixing",
+        "monitoring",
+        "resolved"
+      ]
+    }
+  },
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}

package/drizzle/meta/_journal.json

@@ -15,6 +15,13 @@
       "when": 1768933110925,
       "tag": "0001_soft_gamma_corps",
       "breakpoints": true
+    },
+    {
+      "idx": 2,
+      "version": "7",
+      "when": 1777907796517,
+      "tag": "0002_brown_thena",
+      "breakpoints": true
     }
   ]
 }

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "@checkstack/incident-backend",
-  "version": "1.0.1",
+  "version": "1.1.0",
+  "license": "Elastic-2.0",
   "type": "module",
   "main": "src/index.ts",
   "checkstack": {
@@ -13,28 +14,28 @@
     "lint:code": "eslint . --max-warnings 0"
   },
   "dependencies": {
-    "@checkstack/backend-api": "0.14.0",
-    "@checkstack/cache-api": "0.2.2",
-    "@checkstack/cache-utils": "0.2.2",
-    "@checkstack/incident-common": "1.0.0",
-    "@checkstack/catalog-common": "2.0.0",
-    "@checkstack/catalog-backend": "1.0.0",
-    "@checkstack/notification-common": "1.0.0",
-    "@checkstack/auth-common": "0.6.4",
-    "@checkstack/command-backend": "0.1.22",
-    "@checkstack/signal-common": "0.2.0",
-    "@checkstack/integration-backend": "0.1.22",
-    "@checkstack/integration-common": "0.3.0",
-    "@checkstack/common": "0.7.0",
+    "@checkstack/backend-api": "0.15.0",
+    "@checkstack/cache-api": "0.2.4",
+    "@checkstack/cache-utils": "0.2.4",
+    "@checkstack/incident-common": "1.0.1",
+    "@checkstack/catalog-common": "2.0.1",
+    "@checkstack/catalog-backend": "1.0.2",
+    "@checkstack/notification-common": "1.0.1",
+    "@checkstack/auth-common": "0.6.5",
+    "@checkstack/command-backend": "0.1.24",
+    "@checkstack/signal-common": "0.2.1",
+    "@checkstack/integration-backend": "0.1.24",
+    "@checkstack/integration-common": "0.3.1",
+    "@checkstack/common": "0.8.0",
     "drizzle-orm": "^0.45.0",
     "zod": "^4.2.1",
     "@orpc/server": "^1.13.2"
   },
   "devDependencies": {
-    "@checkstack/drizzle-helper": "0.0.4",
-    "@checkstack/scripts": "0.1.2",
-    "@checkstack/test-utils-backend": "0.1.22",
-    "@checkstack/tsconfig": "0.0.5",
+    "@checkstack/drizzle-helper": "0.0.5",
+    "@checkstack/scripts": "0.3.0",
+    "@checkstack/test-utils-backend": "0.1.24",
+    "@checkstack/tsconfig": "0.0.7",
     "@types/bun": "^1.0.0",
     "drizzle-kit": "^0.31.10",
     "typescript": "^5.0.0"

package/src/router.ts

@@ -105,7 +105,7 @@ export function createRouter(
         service.getIncident(input.id),
       );
       if (!result) {
-        // eslint-disable-next-line unicorn/no-null -- oRPC contract requires null for missing values
+         
         return null;
       }
       // User-name resolution stays outside the cache: it's a foreign-system
@@ -392,5 +392,34 @@ export function createRouter(
         );
         return { suppressed };
       }),
+
+    addLink: os.addLink.handler(async ({ input }) => {
+      // Verify incident exists so the FK violation surfaces as NOT_FOUND.
+      const incident = await service.getIncident(input.incidentId);
+      if (!incident) {
+        throw new ORPCError("NOT_FOUND", { message: "Incident not found" });
+      }
+      const link = await service.addLink(input);
+      await cache.invalidateForMutation({
+        incidentId: incident.id,
+        systemIds: incident.systemIds,
+      });
+      return link;
+    }),
+
+    removeLink: os.removeLink.handler(async ({ input }) => {
+      const incidentId = await service.removeLink(input.id);
+      if (!incidentId) {
+        return { success: false };
+      }
+      const incident = await service.getIncident(incidentId);
+      if (incident) {
+        await cache.invalidateForMutation({
+          incidentId,
+          systemIds: incident.systemIds,
+        });
+      }
+      return { success: true };
+    }),
   });
 }

package/src/schema.ts

@@ -72,3 +72,17 @@ export const incidentUpdates = pgTable("incident_updates", {
   createdAt: timestamp("created_at").defaultNow().notNull(),
   createdBy: text("created_by"),
 });
+
+/**
+ * Hotlinks attached to an incident — e.g. a Jira ticket, runbook, or chat
+ * thread. Free-form URL + optional human label.
+ */
+export const incidentLinks = pgTable("incident_links", {
+  id: text("id").primaryKey(),
+  incidentId: text("incident_id")
+    .notNull()
+    .references(() => incidents.id, { onDelete: "cascade" }),
+  label: text("label"),
+  url: text("url").notNull(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+});

package/src/service.ts

@@ -1,11 +1,18 @@
 import { eq, and, inArray, ne } from "drizzle-orm";
 import type { SafeDatabase } from "@checkstack/backend-api";
 import * as schema from "./schema";
-import { incidents, incidentSystems, incidentUpdates } from "./schema";
+import {
+  incidents,
+  incidentSystems,
+  incidentUpdates,
+  incidentLinks,
+} from "./schema";
 import type {
   IncidentWithSystems,
   IncidentDetail,
   IncidentUpdate,
+  IncidentLink,
+  AddIncidentLinkInput,
   CreateIncidentInput,
   UpdateIncidentInput,
   AddIncidentUpdateInput,
@@ -100,6 +107,11 @@ export class IncidentService {
       .from(incidentUpdates)
       .where(eq(incidentUpdates.incidentId, id));
 
+    const links = await this.db
+      .select()
+      .from(incidentLinks)
+      .where(eq(incidentLinks.incidentId, id));
+
     return {
       ...incident,
       description: incident.description ?? undefined,
@@ -109,6 +121,7 @@ export class IncidentService {
         statusChange: u.statusChange ?? undefined,
         createdBy: u.createdBy ?? undefined,
       })),
+      links,
     };
   }
 
@@ -332,6 +345,39 @@ export class IncidentService {
       .where(eq(incidentSystems.systemId, systemId));
   }
 
+  /**
+   * Add a hotlink to an incident.
+   */
+  async addLink(input: AddIncidentLinkInput): Promise<IncidentLink> {
+    const id = generateId();
+    await this.db.insert(incidentLinks).values({
+      id,
+      incidentId: input.incidentId,
+      label: input.label,
+      url: input.url,
+    });
+    const [row] = await this.db
+      .select()
+      .from(incidentLinks)
+      .where(eq(incidentLinks.id, id));
+    return row;
+  }
+
+  /**
+   * Remove a hotlink. Returns the parent incidentId so the caller can
+   * invalidate the right cache entry, or undefined if the link did not
+   * exist.
+   */
+  async removeLink(id: string): Promise<string | undefined> {
+    const [existing] = await this.db
+      .select()
+      .from(incidentLinks)
+      .where(eq(incidentLinks.id, id));
+    if (!existing) return undefined;
+    await this.db.delete(incidentLinks).where(eq(incidentLinks.id, id));
+    return existing.incidentId;
+  }
+
   /**
    * Check if a system has an active incident with notification suppression enabled.
    * An incident is considered "active" if its status is NOT "resolved".