@cybermem/dashboard 0.5.16 → 0.8.7

package/Dockerfile

@@ -3,7 +3,7 @@ FROM node:20-alpine AS base
 WORKDIR /app
 
 # Use corepack to get the pnpm version from the lockfile and speed up installs via cache
-RUN corepack enable
+RUN corepack enable && apk add --no-cache python3 make g++
 
 # Copy package files
 COPY package*.json ./
@@ -28,6 +28,7 @@ RUN --mount=type=cache,target=/root/.pnpm-store \
 
 # Production stage
 FROM node:20-alpine AS production
+RUN apk add --no-cache libc6-compat
 WORKDIR /app
 
 ENV NODE_ENV=production

package/app/api/audit-logs/route.ts

@@ -1,88 +1,111 @@
-import fs from 'fs'
-import { NextResponse } from 'next/server'
-import path from 'path'
+import fs from "fs";
+import { NextResponse } from "next/server";
+import path from "path";
 
-export const dynamic = 'force-dynamic'
+export const dynamic = "force-dynamic";
 
 // Use env var for db-exporter URL (Docker internal vs local dev)
-const DB_EXPORTER_URL = process.env.DB_EXPORTER_URL || 'http://localhost:8000'
+const DB_EXPORTER_URL = process.env.DB_EXPORTER_URL || "http://localhost:8000";
 
 // Load clients config for name normalization
-let clientsConfig: any[] = []
+let clientsConfig: any[] = [];
 try {
-  const configPath = path.join(process.cwd(), 'public', 'clients.json')
-  clientsConfig = JSON.parse(fs.readFileSync(configPath, 'utf-8'))
+  const configPath = path.join(process.cwd(), "public", "clients.json");
+  clientsConfig = JSON.parse(fs.readFileSync(configPath, "utf-8"));
 } catch (e) {
-  console.error('Failed to load clients.json:', e)
+  console.error("Failed to load clients.json:", e);
 }
 
-// Normalize raw client name (e.g. "antigravity-client") to friendly name (e.g. "Antigravity")
+// Normalize raw client name (e.g. "claude-ai") to friendly name (e.g. "Claude Desktop")
 function normalizeClientName(rawName: string): string {
-  if (!rawName) return 'Unknown'
-  const nameLower = rawName.toLowerCase()
+  if (!rawName) return "Unknown";
+  const nameLower = rawName.toLowerCase();
   const client = clientsConfig.find((c: any) => {
     try {
-      return new RegExp(c.match, 'i').test(nameLower)
+      return new RegExp(c.match, "i").test(nameLower);
     } catch {
-      return nameLower.includes(c.match)
+      return nameLower.includes(c.match);
     }
-  })
-  return client?.name || rawName
+  });
+  return client?.name || rawName;
 }
 
-const CLIENTS = ["Claude Code", "v0", "Cursor", "GitHub Copilot", "Windsurf"]
-const OPERATIONS = ["Read", "Write", "Update", "Delete", "Create"]
-const STATUSES = ["Success", "Success", "Success", "Warning", "Error"]
+const CLIENTS = ["Claude Code", "v0", "Cursor", "GitHub Copilot", "Windsurf"];
+const OPERATIONS = ["Read", "Write", "Update", "Delete", "Create"];
+const STATUSES = ["Success", "Success", "Success", "Warning", "Error"];
 const DESCRIPTIONS = {
-  "Success": ["Operation completed successfully", "Resource accessed", "Data synchronized"],
-  "Warning": ["High latency detected", "Rate limit approaching", "Deprecation warning"],
-  "Error": ["Unauthorized access", "Internal server error", "Timeout exceeded", "Validation failed"]
-}
+  Success: [
+    "Operation completed successfully",
+    "Resource accessed",
+    "Data synchronized",
+  ],
+  Warning: [
+    "High latency detected",
+    "Rate limit approaching",
+    "Deprecation warning",
+  ],
+  Error: [
+    "Unauthorized access",
+    "Internal server error",
+    "Timeout exceeded",
+    "Validation failed",
+  ],
+};
 
 export async function GET(request: Request) {
   try {
-    // Fetch logs from db-exporter service
-    // timeout 2s to not hang
-    const controller = new AbortController()
-    const timeoutId = setTimeout(() => controller.abort(), 2000)
-
-    const res = await fetch(`${DB_EXPORTER_URL}/api/logs?limit=100`, {
-      signal: controller.signal,
-      cache: 'no-store'
-    })
-    clearTimeout(timeoutId)
+    const homedir =
+      process.env.HOME || process.env.USER || "/Users/mikhailkogan";
+    const dbPath =
+      process.env.OM_DB_PATH ||
+      path.resolve(homedir, ".cybermem/data/openmemory.sqlite");
 
-    if (!res.ok) {
-        throw new Error(`Failed to fetch logs: ${res.statusText}`)
+    if (!fs.existsSync(dbPath)) {
+      console.error(`[AUDIT-LOGS-API] SQLite DB NOT FOUND at ${dbPath}`);
+      return NextResponse.json({ logs: [] });
     }
 
-    const data = await res.json()
-    const rawLogs = data.logs || []
+    console.error(`[AUDIT-LOGS-API] Reading logs from ${dbPath}`);
+    const sqlite3 = require("sqlite3").verbose();
+    const { open } = require("sqlite");
+    const db = await open({
+      filename: dbPath,
+      driver: sqlite3.Database,
+    });
+
+    const rawLogs = await db.all(
+      "SELECT * FROM cybermem_access_log ORDER BY timestamp DESC LIMIT 100",
+    );
+    await db.close();
+
+    console.error(`[AUDIT-LOGS-API] Found ${rawLogs.length} logs in SQLite`);
 
     const logs = rawLogs.map((log: any) => {
-        const statusCode = parseInt(log.status) || 0
-        let status = "Success"
-        if (statusCode === 0 || statusCode >= 400) status = "Error"
-        else if (statusCode >= 300) status = "Warning"
+      const statusCode = parseInt(log.status) || 0;
+      let status = "Success";
+      if (log.is_error === 1 || statusCode >= 400 || statusCode === 0)
+        status = "Error";
+      else if (statusCode >= 300) status = "Warning";
 
-        // Capitalize operation
-        const operation = log.operation.charAt(0).toUpperCase() + log.operation.slice(1)
+      // Capitalize operation
+      const operation =
+        log.operation.charAt(0).toUpperCase() + log.operation.slice(1);
 
-        return {
-            timestamp: log.timestamp,
-            client: normalizeClientName(log.client_name),
-            operation: operation,
-            status: status,
-            method: log.method,
-            description: log.endpoint,
-            rawStatus: log.status
-        }
-    })
+      return {
+        timestamp: log.timestamp,
+        client: normalizeClientName(log.client_name),
+        operation: operation,
+        status: status,
+        method: log.method,
+        description: log.endpoint,
+        rawStatus: log.status,
+      };
+    });
 
-    return NextResponse.json({ logs })
+    return NextResponse.json({ logs });
   } catch (error) {
-    console.error("Error fetching audit logs:", error)
+    console.error("[AUDIT-LOGS-API] Error fetching audit logs:", error);
     // Return empty list on error to avoid breaking UI with 500
-    return NextResponse.json({ logs: [] })
+    return NextResponse.json({ logs: [] });
   }
 }

package/app/api/auth/token/route.ts

@@ -0,0 +1,59 @@
+/**
+ * Token Authentication Endpoint
+ *
+ * Validates JWT token and sets cookie for browser sessions.
+ * Called by: cybermem-cli dashboard (opens browser with ?token=xxx)
+ */
+
+import { verifyToken } from "@/lib/auth";
+import { NextRequest } from "next/server";
+
+export async function GET(req: NextRequest) {
+  const token = req.nextUrl.searchParams.get("token");
+  const error = req.nextUrl.searchParams.get("error");
+
+  // Check for error redirect
+  if (error) {
+    return new Response(
+      `<!DOCTYPE html>
+      <html>
+      <head><title>Auth Error</title></head>
+      <body style="background:#0a0a0a;color:#fff;font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0">
+        <div style="text-align:center">
+          <h1 style="color:#ef4444">Authentication Required</h1>
+          <p style="color:#888">Run: <code style="background:#222;padding:4px 8px;border-radius:4px">npx @cybermem/cli dashboard</code></p>
+        </div>
+      </body>
+      </html>`,
+      { status: 401, headers: { "Content-Type": "text/html" } },
+    );
+  }
+
+  if (!token) {
+    return new Response(JSON.stringify({ error: "No token provided" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  // Validate JWT
+  const payload = await verifyToken(token);
+
+  if (!payload) {
+    return new Response(JSON.stringify({ error: "Invalid token" }), {
+      status: 401,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  // Set cookie and redirect to dashboard home
+  const response = new Response(null, {
+    status: 302,
+    headers: {
+      Location: "/",
+      "Set-Cookie": `cybermem_token=${token}; HttpOnly; Path=/; Max-Age=${30 * 24 * 60 * 60}; SameSite=Lax`,
+    },
+  });
+
+  return response;
+}

package/app/api/environment/route.ts

@@ -0,0 +1,70 @@
+import { NextResponse } from "next/server";
+
+/**
+ * Environment detection API for dynamic MCP URL configuration
+ *
+ * Priority:
+ * 1. Tailscale hostname (if TAILSCALE_HOSTNAME env var is set)
+ * 2. LAN .local domain (if raspberrypi.local or similar)
+ * 3. VPS public URL (if CYBERMEM_PUBLIC_URL env var is set)
+ * 4. localhost:8626 (fallback)
+ */
+export async function GET(request: Request) {
+  const MCP_PORT = process.env.MCP_PORT || "8626";
+
+  // Check for Tailscale hostname first (highest priority for remote access)
+  const tailscaleHostname = process.env.TAILSCALE_HOSTNAME;
+  if (tailscaleHostname) {
+    return NextResponse.json({
+      url: `https://${tailscaleHostname}`,
+      type: "tailscale",
+      editable: false,
+      hint: "Using Tailscale Funnel for secure remote access",
+    });
+  }
+
+  // Check for VPS public URL
+  const publicUrl = process.env.CYBERMEM_PUBLIC_URL;
+  if (publicUrl) {
+    return NextResponse.json({
+      url: publicUrl,
+      type: "vps",
+      editable: true,
+      hint: "Configure CYBERMEM_PUBLIC_URL to change this URL",
+    });
+  }
+
+  // Detect from request headers (for LAN access)
+  const host = request.headers.get("host") || "";
+
+  // Check if accessing via .local domain (Raspberry Pi LAN)
+  if (host.includes(".local")) {
+    const hostname = host.split(":")[0];
+    return NextResponse.json({
+      url: `http://${hostname}:${MCP_PORT}`,
+      type: "lan",
+      editable: false,
+      hint: "Detected LAN access via mDNS (.local)",
+    });
+  }
+
+  // Check if accessing via IP address (likely LAN or VPS)
+  const ipMatch = host.match(/^(\d+\.\d+\.\d+\.\d+)/);
+  if (ipMatch) {
+    const protocol = request.headers.get("x-forwarded-proto") || "http";
+    return NextResponse.json({
+      url: `${protocol}://${ipMatch[1]}:${MCP_PORT}`,
+      type: "ip",
+      editable: true,
+      hint: "Detected IP-based access",
+    });
+  }
+
+  // Default to localhost
+  return NextResponse.json({
+    url: `http://localhost:${MCP_PORT}`,
+    type: "local",
+    editable: false,
+    hint: "Running locally",
+  });
+}

package/app/api/health/route.ts

@@ -1,5 +1,7 @@
 import { checkRateLimit, rateLimitResponse } from "@/lib/rate-limit";
+import fs from "fs";
 import { NextRequest, NextResponse } from "next/server";
+import path from "path";
 
 export const dynamic = "force-dynamic";
 
@@ -38,7 +40,21 @@ async function checkService(
     const latencyMs = Date.now() - start;
 
     if (res.ok) {
-      return { name, status: "ok", latencyMs };
+      try {
+        const data = await res.json();
+        if (data.ok === false || data.status === "error") {
+          return {
+            name,
+            status: "error",
+            message: data.error || data.message || "Service reported error",
+            latencyMs,
+          };
+        }
+        return { name, status: "ok", latencyMs };
+      } catch {
+        // If not JSON but OK, assume OK (legacy services)
+        return { name, status: "ok", latencyMs };
+      }
     }
     return {
       name,
@@ -65,29 +81,40 @@ export async function GET(request: NextRequest) {
     return rateLimitResponse(rateLimit.resetIn);
   }
 
-  // Use environment variables with sensible defaults for local Docker stack
-  const dbExporterUrl = process.env.DB_EXPORTER_URL || "http://localhost:8000";
-  // OpenMemory API is optional in SDK-based architecture
-  // Only check if explicitly configured (SDK mode doesn't have HTTP API)
-  const openMemoryUrl = process.env.OPENMEMORY_URL || process.env.CYBERMEM_URL;
-  const vectorUrl = process.env.VECTOR_URL; // Vector is optional
-
-  const checks: Promise<ServiceStatus>[] = [
-    checkService("Database", `${dbExporterUrl}/health`),
-  ];
-
-  // Only check OpenMemory API if explicitly configured
-  // In SDK mode, there's no HTTP API - memory is handled via MCP
-  if (openMemoryUrl) {
-    checks.push(checkService("OpenMemory API", `${openMemoryUrl}/health`));
+  // Check SQLite Database File
+  const homedir = process.env.HOME || process.env.USERPROFILE || "";
+  const dbPath =
+    process.env.OM_DB_PATH ||
+    path.resolve(homedir, ".cybermem/data/openmemory.sqlite");
+
+  const dbExists = fs.existsSync(dbPath);
+  console.error(
+    `[HEALTH-API] SQLite Check: ${dbExists ? "OK" : "MISSING"} (${dbPath})`,
+  );
+
+  const dbStatus: ServiceStatus = dbExists
+    ? { name: "Database", status: "ok" }
+    : { name: "Database", status: "error", message: "SQLite file not found" };
+
+  const checks: ServiceStatus[] = [dbStatus];
+
+  // Check Core API if explicitly configured
+  const apiEndpoint =
+    process.env.CYBERMEM_URL ||
+    process.env.OPENMEMORY_URL ||
+    "http://localhost:8626";
+
+  if (apiEndpoint) {
+    console.error(`[HEALTH-API] Checking API at ${apiEndpoint}/health`);
+    const apiStatus = await checkService(
+      "CyberMem (MCP) API",
+      `${apiEndpoint}/health`,
+    );
+    console.error(`[HEALTH-API] API Status: ${apiStatus.status}`);
+    checks.push(apiStatus);
   }
 
-  // Only check Vector if configured
-  if (vectorUrl) {
-    checks.push(checkService("Vector", `${vectorUrl}/health`));
-  }
-
-  const services = await Promise.all(checks);
+  const services = checks;
 
   // Determine overall status
   const hasError = services.some((s) => s.status === "error");