@glassmkr/crucible 0.7.1 → 0.8.1

package/src/lib/version-check.ts

@@ -1,39 +0,0 @@
-import { CRUCIBLE_VERSION as CURRENT_VERSION } from "./version.js";
-
-let lastCheckTime = 0;
-let lastResult: { updateAvailable: boolean; latest: string; changelog: string } | null = null;
-const CHECK_INTERVAL = 6 * 60 * 60 * 1000; // check every 6 hours
-
-export function getCurrentVersion(): string {
-  return CURRENT_VERSION;
-}
-
-export async function checkForUpdates(forgeUrl?: string): Promise<void> {
-  const now = Date.now();
-  if (now - lastCheckTime < CHECK_INTERVAL) return;
-  lastCheckTime = now;
-
-  const url = forgeUrl || "https://forge.glassmkr.com";
-  try {
-    const res = await fetch(`${url}/api/v1/version`, { signal: AbortSignal.timeout(5000) });
-    if (!res.ok) return;
-    const data = await res.json() as { crucible?: { latest?: string; min_supported?: string; changelog_url?: string } };
-    const latest = data.crucible?.latest;
-    if (!latest) return;
-
-    if (latest !== CURRENT_VERSION) {
-      console.log(`[update] New Crucible version available: ${latest} (current: ${CURRENT_VERSION})`);
-      console.log(`[update] Changelog: ${data.crucible?.changelog_url || "https://github.com/glassmkr/crucible/releases"}`);
-      console.log(`[update] Run: npm update -g @glassmkr/crucible && sudo systemctl restart glassmkr-crucible`);
-      lastResult = { updateAvailable: true, latest, changelog: data.crucible?.changelog_url || "" };
-    } else {
-      lastResult = { updateAvailable: false, latest, changelog: "" };
-    }
-  } catch {
-    // Version check is non-critical, fail silently
-  }
-}
-
-export function getUpdateStatus() {
-  return lastResult;
-}

package/src/lib/version.ts

@@ -1,33 +0,0 @@
-// Single source of truth for the Crucible version string at runtime.
-// Read from package.json so a release bump propagates everywhere
-// (notification footers, version-check log lines, --version flag, the
-// `collector_version` field on every snapshot) without anyone having to
-// remember to update a hardcoded constant.
-//
-// Returns "0.0.0" on read failure rather than throwing; the agent has to
-// keep running even if its package.json is somehow missing.
-
-import { readFileSync } from "node:fs";
-import { fileURLToPath } from "node:url";
-import { dirname, join } from "node:path";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-
-function readPkgVersion(): string {
-  // src/lib/version.ts -> ../../package.json under src layout, but at
-  // runtime (compiled to dist/lib/version.js) it's still ../../package.json.
-  // Both paths resolve correctly because package.json sits one level above
-  // dist/ AND one level above src/.
-  for (const candidate of [
-    join(__dirname, "..", "..", "package.json"),
-    join(__dirname, "..", "package.json"),
-  ]) {
-    try {
-      const pkg = JSON.parse(readFileSync(candidate, "utf8"));
-      if (pkg && typeof pkg.version === "string") return pkg.version;
-    } catch { /* try next */ }
-  }
-  return "0.0.0";
-}
-
-export const CRUCIBLE_VERSION = readPkgVersion();

package/src/metrics-server.ts

@@ -1,123 +0,0 @@
-import { createServer } from "http";
-import type { Snapshot } from "./lib/types.js";
-
-let latestSnapshot: Snapshot | null = null;
-
-export function updateMetrics(snapshot: Snapshot) {
-  latestSnapshot = snapshot;
-}
-
-export function startMetricsServer(port: number) {
-  const server = createServer((req, res) => {
-    if (req.url === "/metrics" && req.method === "GET") {
-      if (!latestSnapshot) {
-        res.writeHead(503);
-        res.end("# No data collected yet\n");
-        return;
-      }
-      res.writeHead(200, { "Content-Type": "text/plain; version=0.0.4" });
-      res.end(formatPrometheus(latestSnapshot));
-    } else if (req.url === "/health") {
-      res.writeHead(200);
-      res.end("ok\n");
-    } else {
-      res.writeHead(404);
-      res.end("Not found\n");
-    }
-  });
-
-  server.listen(port, "0.0.0.0", () => {
-    console.log(`[metrics] Prometheus endpoint listening on :${port}/metrics`);
-  });
-}
-
-function formatPrometheus(snap: Snapshot): string {
-  const lines: string[] = [];
-
-  // CPU
-  lines.push("# HELP glassmkr_cpu_user_percent CPU user utilization");
-  lines.push("# TYPE glassmkr_cpu_user_percent gauge");
-  lines.push(`glassmkr_cpu_user_percent ${snap.cpu.user_percent}`);
-  lines.push(`glassmkr_cpu_system_percent ${snap.cpu.system_percent}`);
-  lines.push(`glassmkr_cpu_iowait_percent ${snap.cpu.iowait_percent}`);
-  lines.push(`glassmkr_cpu_idle_percent ${snap.cpu.idle_percent}`);
-  lines.push(`glassmkr_load_1m ${snap.cpu.load_1m}`);
-  lines.push(`glassmkr_load_5m ${snap.cpu.load_5m}`);
-  lines.push(`glassmkr_load_15m ${snap.cpu.load_15m}`);
-
-  // Memory
-  lines.push("# HELP glassmkr_memory_used_mb Memory used in MB");
-  lines.push("# TYPE glassmkr_memory_used_mb gauge");
-  lines.push(`glassmkr_memory_used_mb ${snap.memory.used_mb}`);
-  lines.push(`glassmkr_memory_total_mb ${snap.memory.total_mb}`);
-  lines.push(`glassmkr_memory_available_mb ${snap.memory.available_mb}`);
-  lines.push(`glassmkr_swap_used_mb ${snap.memory.swap_used_mb}`);
-
-  // Disks
-  lines.push("# HELP glassmkr_disk_used_percent Disk usage percentage");
-  lines.push("# TYPE glassmkr_disk_used_percent gauge");
-  for (const disk of snap.disks) {
-    const labels = `mount="${disk.mount}",device="${disk.device}"`;
-    lines.push(`glassmkr_disk_used_percent{${labels}} ${disk.percent_used}`);
-    lines.push(`glassmkr_disk_total_gb{${labels}} ${disk.total_gb}`);
-    lines.push(`glassmkr_disk_used_gb{${labels}} ${disk.used_gb}`);
-  }
-
-  // Network
-  lines.push("# HELP glassmkr_net_rx_bytes_sec Network receive bytes per second");
-  lines.push("# TYPE glassmkr_net_rx_bytes_sec gauge");
-  for (const iface of snap.network) {
-    const labels = `interface="${iface.interface}"`;
-    lines.push(`glassmkr_net_rx_bytes_sec{${labels}} ${iface.rx_bytes_sec}`);
-    lines.push(`glassmkr_net_tx_bytes_sec{${labels}} ${iface.tx_bytes_sec}`);
-    lines.push(`glassmkr_net_rx_errors{${labels}} ${iface.rx_errors}`);
-    lines.push(`glassmkr_net_tx_errors{${labels}} ${iface.tx_errors}`);
-    lines.push(`glassmkr_net_speed_mbps{${labels}} ${iface.speed_mbps}`);
-  }
-
-  // SMART
-  for (const drive of snap.smart) {
-    const labels = `device="${drive.device}",model="${drive.model}"`;
-    if (drive.temperature_c != null) lines.push(`glassmkr_smart_temperature_c{${labels}} ${drive.temperature_c}`);
-    if (drive.percentage_used != null) lines.push(`glassmkr_smart_percentage_used{${labels}} ${drive.percentage_used}`);
-    if (drive.reallocated_sectors != null) lines.push(`glassmkr_smart_reallocated_sectors{${labels}} ${drive.reallocated_sectors}`);
-  }
-
-  // IPMI
-  if (snap.ipmi?.available) {
-    for (const sensor of snap.ipmi.sensors) {
-      if (typeof sensor.value === "number") {
-        const sensorName = sensor.name.replace(/[^a-zA-Z0-9_]/g, "_").toLowerCase();
-        lines.push(`glassmkr_ipmi_sensor{sensor="${sensor.name}",unit="${sensor.unit}"} ${sensor.value}`);
-      }
-    }
-    lines.push(`glassmkr_ipmi_ecc_correctable ${snap.ipmi.ecc_errors.correctable}`);
-    lines.push(`glassmkr_ipmi_ecc_uncorrectable ${snap.ipmi.ecc_errors.uncorrectable}`);
-
-    // Fans
-    if (snap.ipmi.fans) {
-      for (const fan of snap.ipmi.fans) {
-        lines.push(`glassmkr_ipmi_fan_rpm{fan="${fan.name}",status="${fan.status}"} ${fan.rpm}`);
-      }
-    }
-  }
-
-  // OS alerts
-  lines.push(`glassmkr_oom_kills_recent ${snap.os_alerts.oom_kills_recent}`);
-  lines.push(`glassmkr_zombie_processes ${snap.os_alerts.zombie_processes}`);
-
-  // Security
-  if (snap.security) {
-    lines.push(`glassmkr_ssh_root_password_exposed ${snap.security.ssh?.rootPasswordExposed ? 1 : 0}`);
-    lines.push(`glassmkr_firewall_active ${snap.security.firewall.active ? 1 : 0}`);
-    if (snap.security.pending_updates?.available) {
-      lines.push(`glassmkr_pending_security_updates ${snap.security.pending_updates.pendingCount}`);
-    }
-    const unmitigated = snap.security.kernel_vulns.filter(v => !v.mitigated).length;
-    lines.push(`glassmkr_kernel_vulns_unmitigated ${unmitigated}`);
-    lines.push(`glassmkr_kernel_needs_reboot ${snap.security.kernel_reboot?.needsReboot ? 1 : 0}`);
-    lines.push(`glassmkr_auto_updates_configured ${snap.security.auto_updates.configured ? 1 : 0}`);
-  }
-
-  return lines.join("\n") + "\n";
-}

package/src/notify/email.ts

@@ -1,69 +0,0 @@
-import { execFile } from "child_process";
-import { promisify } from "util";
-import type { AlertResult } from "../lib/types.js";
-import { CRUCIBLE_VERSION } from "../lib/version.js";
-
-const execFileAsync = promisify(execFile);
-
-export async function sendEmail(
-  config: { to: string },
-  newAlerts: AlertResult[],
-  resolvedAlerts: AlertResult[],
-  serverName: string
-): Promise<boolean> {
-  if (!config.to) return false;
-
-  const subject = buildSubject(newAlerts, resolvedAlerts, serverName);
-  const body = buildBody(newAlerts, resolvedAlerts, serverName);
-
-  const email = [
-    `To: ${config.to}`,
-    `From: glassmkr-crucible@${serverName}`,
-    `Subject: ${subject}`,
-    `Content-Type: text/plain; charset=utf-8`,
-    "",
-    body,
-  ].join("\n");
-
-  try {
-    const child = execFileAsync("/usr/sbin/sendmail", ["-t"], { timeout: 10000 });
-    child.child.stdin?.write(email);
-    child.child.stdin?.end();
-    await child;
-    return true;
-  } catch {
-    console.error("[email] Failed to send. Is sendmail/postfix/msmtp installed?");
-    return false;
-  }
-}
-
-function buildSubject(newAlerts: AlertResult[], resolvedAlerts: AlertResult[], serverName: string): string {
-  if (newAlerts.length > 0) {
-    const worst = newAlerts.find((a) => a.severity === "critical") ? "CRITICAL" : "WARNING";
-    return `[${worst}] ${serverName}: ${newAlerts.length} alert(s)`;
-  }
-  return `[RESOLVED] ${serverName}: ${resolvedAlerts.length} alert(s) cleared`;
-}
-
-function buildBody(newAlerts: AlertResult[], resolvedAlerts: AlertResult[], serverName: string): string {
-  const lines: string[] = [];
-  lines.push(`Server: ${serverName}`);
-  lines.push(`Time: ${new Date().toISOString()}`);
-  lines.push("");
-
-  for (const a of newAlerts) {
-    lines.push(`[${a.severity.toUpperCase()}] ${a.title}`);
-    lines.push(a.message);
-    lines.push(`Action: ${a.recommendation}`);
-    lines.push("");
-  }
-
-  for (const a of resolvedAlerts) {
-    lines.push(`[RESOLVED] ${a.title}`);
-    lines.push("");
-  }
-
-  lines.push("---");
-  lines.push(`Glassmkr Crucible v${CRUCIBLE_VERSION}`);
-  return lines.join("\n");
-}

package/src/notify/slack.ts

@@ -1,47 +0,0 @@
-import type { AlertResult } from "../lib/types.js";
-import { CRUCIBLE_VERSION } from "../lib/version.js";
-
-export async function sendSlack(
-  webhookUrl: string,
-  newAlerts: AlertResult[],
-  resolvedAlerts: AlertResult[],
-  serverName: string
-): Promise<boolean> {
-  const blocks: any[] = [];
-
-  if (newAlerts.length > 0) {
-    const criticals = newAlerts.filter((a) => a.severity === "critical");
-    const warnings = newAlerts.filter((a) => a.severity === "warning");
-
-    if (criticals.length > 0) {
-      blocks.push({ type: "section", text: { type: "mrkdwn", text: `\u{1F534} *${criticals.length} CRITICAL* on *${serverName}*` } });
-      for (const a of criticals) blocks.push({ type: "section", text: { type: "mrkdwn", text: `*${a.title}*\n${a.recommendation}` } });
-    }
-    if (warnings.length > 0) {
-      blocks.push({ type: "section", text: { type: "mrkdwn", text: `\u{1F7E1} *${warnings.length} WARNING* on *${serverName}*` } });
-      for (const a of warnings) blocks.push({ type: "section", text: { type: "mrkdwn", text: `*${a.title}*\n${a.recommendation}` } });
-    }
-  }
-
-  if (resolvedAlerts.length > 0) {
-    blocks.push({ type: "section", text: { type: "mrkdwn", text: `\u2705 *${resolvedAlerts.length} resolved* on *${serverName}*` } });
-  }
-
-  if (blocks.length === 0) return true;
-
-  blocks.push({ type: "divider" });
-  blocks.push({ type: "context", elements: [{ type: "mrkdwn", text: `Glassmkr Crucible v${CRUCIBLE_VERSION}` }] });
-
-  try {
-    const res = await fetch(webhookUrl, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ blocks }),
-      signal: AbortSignal.timeout(10000),
-    });
-    return res.ok;
-  } catch {
-    console.error("[slack] Failed to send notification");
-    return false;
-  }
-}

package/src/notify/telegram.ts

@@ -1,65 +0,0 @@
-import type { AlertResult } from "../lib/types.js";
-
-const PRIORITY_MAP: Record<string, string> = {
-  raid_degraded: "P1", smart_failing: "P1", ecc_errors: "P1", psu_redundancy_loss: "P1", ipmi_fan_failure: "P1",
-  oom_kills: "P2", ram_high: "P2", disk_space_high: "P2", ipmi_sel_critical: "P2", disk_io_errors: "P2", zfs_pool_unhealthy: "P2",
-  cpu_iowait_high: "P3", nvme_wear_high: "P3", disk_latency_high: "P3", cpu_temperature_high: "P3",
-  ssh_root_password: "P3", pending_security_updates: "P3", kernel_vulnerabilities: "P3", zfs_scrub_errors: "P3",
-  swap_active: "P4", no_firewall: "P4", kernel_needs_reboot: "P4", unattended_upgrades_disabled: "P4",
-  interface_errors: "P4", link_speed_mismatch: "P4", interface_saturation: "P4",
-};
-
-const PRIORITY_LABELS: Record<string, string> = {
-  P1: "\u{1F534} P1 Urgent", P2: "\u{1F7E0} P2 High", P3: "\u{1F7E1} P3 Medium", P4: "\u{1F535} P4 Low",
-};
-
-function getPriority(alertType: string): string {
-  return PRIORITY_MAP[alertType] || "P3";
-}
-
-export async function sendTelegram(
-  botToken: string,
-  chatId: string,
-  newAlerts: AlertResult[],
-  resolvedAlerts: AlertResult[],
-  serverName: string
-): Promise<boolean> {
-  const parts: string[] = [];
-
-  if (newAlerts.length > 0) {
-    // Group by priority
-    const byPriority: Record<string, AlertResult[]> = {};
-    for (const a of newAlerts) {
-      const p = getPriority(a.type);
-      if (!byPriority[p]) byPriority[p] = [];
-      byPriority[p].push(a);
-    }
-
-    for (const p of ["P1", "P2", "P3", "P4"]) {
-      const alerts = byPriority[p];
-      if (!alerts?.length) continue;
-      parts.push(`${PRIORITY_LABELS[p]} on <b>${serverName}</b>:\n`);
-      for (const a of alerts) parts.push(`  \u2022 <b>${a.title}</b>\n  ${a.recommendation}\n`);
-    }
-  }
-
-  if (resolvedAlerts.length > 0) {
-    parts.push(`\u2705 <b>${resolvedAlerts.length} resolved</b> on <b>${serverName}</b>:\n`);
-    for (const a of resolvedAlerts) parts.push(`  \u2022 ${a.title}\n`);
-  }
-
-  if (parts.length === 0) return true;
-
-  try {
-    const res = await fetch(`https://api.telegram.org/bot${botToken}/sendMessage`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ chat_id: chatId, text: parts.join("\n"), parse_mode: "HTML", disable_web_page_preview: true }),
-      signal: AbortSignal.timeout(10000),
-    });
-    return res.ok;
-  } catch {
-    console.error("[telegram] Failed to send notification");
-    return false;
-  }
-}

package/src/push/forge.ts

@@ -1,109 +0,0 @@
-import https from "https";
-import tls from "tls";
-import crypto from "crypto";
-import type { Snapshot } from "../lib/types.js";
-
-let agent: https.Agent | undefined;
-
-export function initForgeAgent(tlsPin?: string): void {
-  if (!tlsPin) {
-    agent = undefined; // Use default (Node built-in fetch)
-    return;
-  }
-
-  agent = new https.Agent({
-    rejectUnauthorized: true,
-    checkServerIdentity: (hostname: string, cert: any) => {
-      const err = tls.checkServerIdentity(hostname, cert);
-      if (err) return err;
-
-      const pubkey = cert.pubkey;
-      if (!pubkey) return new Error("Certificate has no public key");
-
-      const hash = crypto.createHash("sha256").update(pubkey).digest("base64");
-      if (hash !== tlsPin) {
-        return new Error(
-          `TLS pin mismatch for ${hostname}. ` +
-          `Expected: ${tlsPin}, Got: ${hash}. ` +
-          `If the server certificate was rotated with a new key, update tls_pin in collector.yaml.`
-        );
-      }
-
-      return undefined;
-    },
-  });
-}
-
-export async function pushToForge(url: string, apiKey: string, snapshot: Snapshot): Promise<boolean> {
-  // If TLS pinning is enabled, use https.request (fetch doesn't support custom agents)
-  if (agent) {
-    return pushWithAgent(url, apiKey, snapshot);
-  }
-
-  // Default: use fetch (no pinning)
-  try {
-    const response = await fetch(`${url}/api/v1/ingest`, {
-      method: "POST",
-      headers: { Authorization: `Bearer ${apiKey}`, "Content-Type": "application/json" },
-      body: JSON.stringify(snapshot),
-      signal: AbortSignal.timeout(10000),
-    });
-    if (response.ok) {
-      const data = await response.json() as { active_alerts?: number };
-      console.log(`[forge] Push successful. Active alerts: ${data.active_alerts ?? 0}`);
-    } else {
-      console.error(`[forge] Push failed: ${response.status} ${response.statusText}`);
-    }
-    return response.ok;
-  } catch (err) {
-    console.error("[forge] Push failed, will retry next cycle");
-    return false;
-  }
-}
-
-function pushWithAgent(url: string, apiKey: string, snapshot: Snapshot): Promise<boolean> {
-  return new Promise((resolve) => {
-    const parsed = new URL(`${url}/api/v1/ingest`);
-    const body = JSON.stringify(snapshot);
-
-    const req = https.request({
-      hostname: parsed.hostname,
-      port: parsed.port ? parseInt(parsed.port) : 443,
-      path: parsed.pathname,
-      method: "POST",
-      agent,
-      headers: {
-        Authorization: `Bearer ${apiKey}`,
-        "Content-Type": "application/json",
-        "Content-Length": Buffer.byteLength(body),
-      },
-      timeout: 10000,
-    }, (res) => {
-      let data = "";
-      res.on("data", (chunk) => data += chunk);
-      res.on("end", () => {
-        if (res.statusCode && res.statusCode >= 200 && res.statusCode < 300) {
-          try {
-            const parsed = JSON.parse(data);
-            console.log(`[forge] Push successful (pinned). Active alerts: ${parsed.active_alerts ?? 0}`);
-          } catch { /* ignore parse errors */ }
-          resolve(true);
-        } else {
-          console.error(`[forge] Push failed (pinned): ${res.statusCode}`);
-          resolve(false);
-        }
-      });
-    });
-
-    req.on("error", (err) => {
-      console.error(`[forge] Push failed (pinned): ${err.message}`);
-      resolve(false);
-    });
-    req.on("timeout", () => {
-      req.destroy(new Error("Request timed out"));
-      resolve(false);
-    });
-    req.write(body);
-    req.end();
-  });
-}

package/tsconfig.json

@@ -1,15 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2022",
-    "module": "NodeNext",
-    "moduleResolution": "NodeNext",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "declaration": true,
-    "sourceMap": true,
-    "outDir": "./dist",
-    "rootDir": "./src"
-  },
-  "include": ["src/**/*"]
-}

package/vitest.config.ts

@@ -1,12 +0,0 @@
-import { defineConfig } from "vitest/config";
-
-export default defineConfig({
-  test: {
-    include: ["src/**/*.test.ts"],
-    exclude: ["node_modules", "dist"],
-  },
-  resolve: {
-    // .js specifier inside TS (NodeNext) needs to resolve to .ts in tests
-    extensions: [".ts", ".js"],
-  },
-});