@cyberismo/backend 0.0.21 → 0.0.23

package/src/domain/connectors/index.ts

@@ -0,0 +1,39 @@
+/**
+  Cyberismo
+  Copyright © Cyberismo Ltd and contributors 2026
+  This program is free software: you can redistribute it and/or modify it under
+  the terms of the GNU Affero General Public License version 3 as published by
+  the Free Software Foundation. This program is distributed in the hope that it
+  will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+  of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the GNU Affero General Public License for more details.
+  You should have received a copy of the GNU Affero General Public
+  License along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+import { Hono } from 'hono';
+import { isSSGContext } from 'hono/ssg';
+import * as connectorsService from './service.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
+
+const router = new Hono();
+
+/**
+ * @openapi
+ * /api/connectors:
+ *   get:
+ *     summary: Returns all available connectors
+ *     responses:
+ *       200:
+ *         description: List of connectors with their display names
+ */
+router.get('/', requireRole(UserRole.Reader), async (c) => {
+  if (isSSGContext(c)) {
+    return c.json([]);
+  }
+  const commands = c.get('commands');
+  const connectors = await connectorsService.getConnectors(commands);
+  return c.json(connectors);
+});
+
+export default router;

package/src/domain/connectors/service.ts

@@ -0,0 +1,67 @@
+/**
+  Cyberismo
+  Copyright © Cyberismo Ltd and contributors 2024
+  This program is free software: you can redistribute it and/or modify it under
+  the terms of the GNU Affero General Public License version 3 as published by
+  the Free Software Foundation.
+  This program is distributed in the hope that it will be useful, but WITHOUT
+  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+  FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+  details. You should have received a copy of the GNU Affero General Public
+  License along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+import type { CommandManager } from '@cyberismo/data-handler';
+
+export interface ExternalItem {
+  key: string;
+  title: string;
+}
+
+export interface Connector {
+  name: string;
+  displayName: string;
+  items: ExternalItem[];
+}
+
+export async function getConnectors(
+  commands: CommandManager,
+): Promise<Connector[]> {
+  const results = await commands.calculateCmd.runQuery(
+    'connectors',
+    'localApp',
+  );
+
+  // Separate connectors from items based on type field
+  const connectorsMap = new Map<string, Connector>();
+  const items: { connector: string; key: string; title: string }[] = [];
+
+  for (const r of results) {
+    if (r.type === 'connector') {
+      connectorsMap.set(r.key, {
+        name: r.key,
+        displayName: r.displayName ?? r.key,
+        items: [],
+      });
+    } else {
+      items.push({
+        connector: r.connector ?? '',
+        key: r.itemKey ?? '',
+        title: r.title ?? '',
+      });
+    }
+  }
+
+  // Associate items with their connectors
+  for (const item of items) {
+    const connector = connectorsMap.get(item.connector);
+    if (connector) {
+      connector.items.push({
+        key: item.key,
+        title: item.title,
+      });
+    }
+  }
+
+  return Array.from(connectorsMap.values());
+}

package/src/domain/fieldTypes/index.ts

@@ -15,6 +15,8 @@ import { Hono } from 'hono';
 import * as fieldTypeService from './service.js';
 import { createFieldTypeSchema } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -32,7 +34,7 @@ const router = new Hono();
  *       500:
  *         description: project_path not set or other internal error
  */
-router.get('/', async (c) => {
+router.get('/', requireRole(UserRole.Reader), async (c) => {
   const commands = c.get('commands');
 
   try {
@@ -77,21 +79,26 @@ router.get('/', async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createFieldTypeSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier, dataType } = c.req.valid('json');
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createFieldTypeSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier, dataType } = c.req.valid('json');
 
-  try {
-    await fieldTypeService.createFieldType(commands, identifier, dataType);
-    return c.json({ message: 'Field type created successfully' });
-  } catch (error) {
-    return c.json(
-      {
-        error: `${error instanceof Error ? error.message : 'Unknown error'}`,
-      },
-      500,
-    );
-  }
-});
+    try {
+      await fieldTypeService.createFieldType(commands, identifier, dataType);
+      return c.json({ message: 'Field type created successfully' });
+    } catch (error) {
+      return c.json(
+        {
+          error: `${error instanceof Error ? error.message : 'Unknown error'}`,
+        },
+        500,
+      );
+    }
+  },
+);
 
 export default router;

package/src/domain/graphModels/index.ts

@@ -15,6 +15,8 @@ import { Hono } from 'hono';
 import * as graphModelService from './service.js';
 import { createGraphModelSchema } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -43,12 +45,17 @@ const router = new Hono();
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createGraphModelSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier } = c.req.valid('json');
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createGraphModelSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier } = c.req.valid('json');
 
-  await graphModelService.createGraphModel(commands, identifier);
-  return c.json({ message: 'Graph model created successfully' });
-});
+    await graphModelService.createGraphModel(commands, identifier);
+    return c.json({ message: 'Graph model created successfully' });
+  },
+);
 
 export default router;

package/src/domain/graphViews/index.ts

@@ -15,6 +15,8 @@ import { Hono } from 'hono';
 import * as graphViewService from './service.js';
 import { createGraphViewSchema } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -43,11 +45,16 @@ const router = new Hono();
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createGraphViewSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier } = c.req.valid('json');
-  await graphViewService.createGraphView(commands, identifier);
-  return c.json({ message: 'Graph view created successfully' });
-});
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createGraphViewSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier } = c.req.valid('json');
+    await graphViewService.createGraphView(commands, identifier);
+    return c.json({ message: 'Graph view created successfully' });
+  },
+);
 
 export default router;

package/src/domain/labels/index.ts

@@ -13,6 +13,8 @@
 
 import { Hono } from 'hono';
 import * as labelsService from './service.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -27,9 +29,10 @@ const router = new Hono();
  *       500:
  *         description: Internal server error
  */
-router.get('/', (c) => {
+
+router.get('/', requireRole(UserRole.Reader), async (c) => {
   const commands = c.get('commands');
-  const labels = labelsService.getLabels(commands);
+  const labels = await labelsService.getLabels(commands);
   return c.json(labels);
 });
 

package/src/domain/labels/service.ts

@@ -18,6 +18,6 @@ import type { CommandManager } from '@cyberismo/data-handler';
  * @param commands command manager used for the query
  * @returns a list of labels
  */
-export function getLabels(commands: CommandManager): string[] {
-  return commands.showCmd.showLabels().sort();
+export async function getLabels(commands: CommandManager): Promise<string[]> {
+  return (await commands.showCmd.showLabels()).sort();
 }

package/src/domain/linkTypes/index.ts

@@ -15,6 +15,8 @@ import { Hono } from 'hono';
 import * as linkTypeService from './service.js';
 import { createLinkTypeSchema } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -32,7 +34,7 @@ const router = new Hono();
  *       500:
  *         description: project_path not set or other internal error
  */
-router.get('/', async (c) => {
+router.get('/', requireRole(UserRole.Reader), async (c) => {
   const commands = c.get('commands');
 
   try {
@@ -73,12 +75,17 @@ router.get('/', async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createLinkTypeSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier } = c.req.valid('json');
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createLinkTypeSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier } = c.req.valid('json');
 
-  await linkTypeService.createLinkType(commands, identifier);
-  return c.json({ message: 'Link type created successfully' });
-});
+    await linkTypeService.createLinkType(commands, identifier);
+    return c.json({ message: 'Link type created successfully' });
+  },
+);
 
 export default router;

package/src/domain/logicPrograms/index.ts

@@ -15,11 +15,14 @@ import { Hono } from 'hono';
 import { zValidator } from '../../middleware/zvalidator.js';
 import { resourceParamsWithCard } from '../../common/validationSchemas.js';
 import * as logicProgramService from './service.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
 router.get(
   '/:prefix/:type/:identifier',
+  requireRole(UserRole.Reader),
   zValidator('param', resourceParamsWithCard),
   async (c) => {
     const commands = c.get('commands');

package/src/domain/mcp/index.ts

@@ -0,0 +1,159 @@
+/**
+  Cyberismo
+  Copyright © Cyberismo Ltd and contributors 2025
+  This program is free software: you can redistribute it and/or modify it under
+  the terms of the GNU Affero General Public License version 3 as published by
+  the Free Software Foundation.
+  This program is distributed in the hope that it will be useful, but WITHOUT
+  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+  FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+  details. You should have received a copy of the GNU Affero General Public
+  License along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+import { Hono } from 'hono';
+import { randomUUID } from 'node:crypto';
+import { WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js';
+import { createMcpServer } from '@cyberismo/mcp/server';
+import type { CommandManager } from '@cyberismo/data-handler';
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+
+const MAX_SESSIONS = 100;
+const SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
+const CLEANUP_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes
+
+interface McpSession {
+  transport: WebStandardStreamableHTTPServerTransport;
+  server: McpServer;
+  commands: CommandManager;
+  lastActivity: number;
+}
+
+const sessions = new Map<string, McpSession>();
+
+/**
+ * Close and remove a session, shutting down both server and transport.
+ * Safe to call multiple times for the same id.
+ * When `skipTransportClose` is true the transport is already closing
+ * (called from onsessionclosed / onclose callbacks).
+ */
+async function destroySession(
+  id: string,
+  skipTransportClose = false,
+): Promise<void> {
+  const session = sessions.get(id);
+  if (!session) return;
+  sessions.delete(id);
+
+  try {
+    await session.server.close();
+  } catch {
+    // Ignore close errors during cleanup
+  }
+
+  if (!skipTransportClose && session.transport.close) {
+    try {
+      await session.transport.close();
+    } catch {
+      // Ignore close errors during cleanup
+    }
+  }
+}
+
+// Periodic cleanup of expired sessions
+const cleanupInterval = setInterval(() => {
+  const now = Date.now();
+  for (const [id, session] of sessions) {
+    if (now - session.lastActivity > SESSION_TIMEOUT_MS) {
+      void destroySession(id);
+    }
+  }
+}, CLEANUP_INTERVAL_MS);
+cleanupInterval.unref();
+
+const router = new Hono();
+
+/**
+ * MCP HTTP endpoint handler.
+ * Supports GET (SSE streaming), POST (messages), and DELETE (session cleanup).
+ */
+router.all('/', async (c) => {
+  const commands = c.get('commands');
+  const sessionId = c.req.header('mcp-session-id');
+
+  // Handle DELETE before routing to existing session so it always runs cleanup
+  if (c.req.method === 'DELETE') {
+    if (sessionId) {
+      await destroySession(sessionId);
+    }
+    return c.json({ message: 'Session closed' });
+  }
+
+  // Handle existing session
+  if (sessionId && sessions.has(sessionId)) {
+    const session = sessions.get(sessionId)!;
+    session.lastActivity = Date.now();
+    const response = await session.transport.handleRequest(c.req.raw);
+    return response;
+  }
+
+  // Only allow POST to create new sessions (initialize)
+  if (c.req.method !== 'POST') {
+    return c.json(
+      { error: 'Method not allowed. Use POST to initialize a session.' },
+      405,
+    );
+  }
+
+  // Reject new sessions when at capacity
+  if (sessions.size >= MAX_SESSIONS) {
+    return c.json({ error: 'Too many active sessions' }, 503);
+  }
+
+  // Create new session for initialization
+  const transport = new WebStandardStreamableHTTPServerTransport({
+    sessionIdGenerator: () => randomUUID(),
+    onsessioninitialized: (newSessionId: string) => {
+      sessions.set(newSessionId, {
+        transport,
+        server,
+        commands,
+        lastActivity: Date.now(),
+      });
+    },
+    onsessionclosed: (closedSessionId: string) => {
+      void destroySession(closedSessionId, true);
+    },
+  });
+
+  transport.onclose = () => {
+    const sid = transport.sessionId;
+    if (sid) {
+      void destroySession(sid, true);
+    }
+  };
+
+  const server = createMcpServer(commands);
+  await server.connect(transport);
+
+  const response = await transport.handleRequest(c.req.raw);
+  return response;
+});
+
+/**
+ * SSE endpoint for server-to-client messages
+ */
+router.get('/sse', async (c) => {
+  const sessionId = c.req.header('mcp-session-id');
+
+  if (!sessionId || !sessions.has(sessionId)) {
+    return c.json({ error: 'Invalid or missing session ID' }, 400);
+  }
+
+  const session = sessions.get(sessionId)!;
+  session.lastActivity = Date.now();
+  const response = await session.transport.handleRequest(c.req.raw);
+  return response;
+});
+
+export default router;

package/src/domain/project/index.ts

@@ -13,27 +13,38 @@
 
 import { Hono } from 'hono';
 import { zValidator } from '../../middleware/zvalidator.js';
-import { moduleParamSchema, updateProjectSchema } from './schema.js';
+import {
+  importModuleSchema,
+  moduleParamSchema,
+  updateProjectSchema,
+} from './schema.js';
 import * as projectService from './service.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
-router.get('/', async (c) => {
+router.get('/', requireRole(UserRole.Reader), async (c) => {
   const commands = c.get('commands');
 
   const project = await projectService.getProject(commands);
   return c.json(project);
 });
 
-router.patch('/', zValidator('json', updateProjectSchema), async (c) => {
-  const commands = c.get('commands');
-  const updates = c.req.valid('json');
+router.patch(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', updateProjectSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const updates = c.req.valid('json');
 
-  const project = await projectService.updateProject(commands, updates);
-  return c.json(project);
-});
+    const project = await projectService.updateProject(commands, updates);
+    return c.json(project);
+  },
+);
 
-router.post('/modules/update', async (c) => {
+router.post('/modules/update', requireRole(UserRole.Admin), async (c) => {
   const commands = c.get('commands');
   await projectService.updateAllModules(commands);
   return c.json({ message: 'All modules updated' });
@@ -41,6 +52,7 @@ router.post('/modules/update', async (c) => {
 
 router.post(
   '/modules/:module/update',
+  requireRole(UserRole.Admin),
   zValidator('param', moduleParamSchema),
   async (c) => {
     const commands = c.get('commands');
@@ -50,8 +62,27 @@ router.post(
   },
 );
 
+router.get('/modules/importable', requireRole(UserRole.Reader), async (c) => {
+  const commands = c.get('commands');
+  const modules = await projectService.getImportableModules(commands);
+  return c.json(modules);
+});
+
+router.post(
+  '/modules',
+  requireRole(UserRole.Admin),
+  zValidator('json', importModuleSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { source } = c.req.valid('json');
+    await projectService.importModule(commands, source);
+    return c.json({ message: 'Module imported successfully' });
+  },
+);
+
 router.delete(
   '/modules/:module',
+  requireRole(UserRole.Admin),
   zValidator('param', moduleParamSchema),
   async (c) => {
     const commands = c.get('commands');

package/src/domain/project/schema.ts

@@ -21,3 +21,12 @@ export const updateProjectSchema = z.object({
   name: z.string().optional(),
   cardKeyPrefix: z.string().optional(),
 });
+
+export const importModuleSchema = z.object({
+  source: z
+    .string()
+    .min(1)
+    .refine((s) => s.startsWith('https') || s.startsWith('git@'), {
+      message: 'Source must be a git URL (https:// or git@)',
+    }),
+});

package/src/domain/project/service.ts

@@ -11,7 +11,10 @@
   License along with this program. If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { type CommandManager } from '@cyberismo/data-handler';
+import {
+  type CommandManager,
+  type ModuleSettingFromHub,
+} from '@cyberismo/data-handler';
 
 export interface ProjectModule {
   name: string;
@@ -50,17 +53,19 @@ async function toModuleInfo(
 export async function getProject(
   commands: CommandManager,
 ): Promise<ProjectInfo> {
-  const project = await commands.showCmd.showProject();
-  const modules = await commands.showCmd.showModules();
-  const moduleDetails = await Promise.all(
-    modules.map((mod) => toModuleInfo(commands, mod)),
-  );
+  return commands.consistent(async () => {
+    const project = await commands.showCmd.showProject();
+    const modules = await commands.showCmd.showModules();
+    const moduleDetails = await Promise.all(
+      modules.map((mod) => toModuleInfo(commands, mod)),
+    );
 
-  return {
-    name: project.name,
-    cardKeyPrefix: project.prefix,
-    modules: moduleDetails,
-  };
+    return {
+      name: project.name,
+      cardKeyPrefix: project.prefix,
+      modules: moduleDetails,
+    };
+  });
 }
 
 export async function updateProject(
@@ -69,12 +74,14 @@ export async function updateProject(
 ): Promise<ProjectInfo> {
   const { name, cardKeyPrefix } = updates;
 
-  if (cardKeyPrefix) {
-    await commands.renameCmd.rename(cardKeyPrefix);
-  }
-  if (name) {
-    await commands.project.configuration.setProjectName(name);
-  }
+  await commands.atomic(async () => {
+    if (cardKeyPrefix) {
+      await commands.renameCmd.rename(cardKeyPrefix);
+    }
+    if (name) {
+      await commands.project.configuration.setProjectName(name);
+    }
+  }, 'Update project settings');
 
   return getProject(commands);
 }
@@ -90,3 +97,16 @@ export async function updateAllModules(commands: CommandManager) {
 export async function deleteModule(commands: CommandManager, module: string) {
   await commands.removeCmd.remove('module', module);
 }
+
+export async function getImportableModules(
+  commands: CommandManager,
+): Promise<ModuleSettingFromHub[]> {
+  return commands.showCmd.showImportableModules(false, true);
+}
+
+export async function importModule(
+  commands: CommandManager,
+  source: string,
+): Promise<void> {
+  await commands.importCmd.importModule(source);
+}