@hailer/mcp 0.1.8 → 0.1.9

package/dist/routes/agents.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Agent Routes and Connection Manager
+ *
+ * REST API endpoints for enabling/disabling agents in workspaces
+ * and managing their persistent connections.
+ */
+import { Router } from 'express';
+import { HailerClient } from '../mcp/hailer-clients';
+import { AgentCredentialStore, AgentCredentials } from '../services/agent-credential-store';
+/**
+ * Manages persistent connections for enabled agents.
+ * Handles connection lifecycle, reconnection, and signal handling.
+ */
+export declare class AgentConnectionManager {
+    private credentialStore;
+    private connections;
+    private logger;
+    constructor(credentialStore: AgentCredentialStore);
+    /**
+     * Connect an agent using stored credentials
+     */
+    connect(credentials: AgentCredentials): Promise<HailerClient>;
+    /**
+     * Disconnect an agent
+     */
+    disconnect(workspaceId: string, agentType: string): Promise<void>;
+    /**
+     * Check if agent is connected
+     */
+    isConnected(workspaceId: string, agentType: string): boolean;
+    /**
+     * Reconnect all agents on server startup
+     */
+    reconnectAll(): Promise<void>;
+    /**
+     * Handle @mention signals (placeholder for agent logic)
+     */
+    private handleMentionSignal;
+}
+/**
+ * Create Express router for agent management endpoints
+ */
+export declare function createAgentRouter(credentialStore: AgentCredentialStore, connectionManager: AgentConnectionManager): Router;
+//# sourceMappingURL=agents.d.ts.map

package/dist/routes/agents.js

@@ -0,0 +1,311 @@
+"use strict";
+/**
+ * Agent Routes and Connection Manager
+ *
+ * REST API endpoints for enabling/disabling agents in workspaces
+ * and managing their persistent connections.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentConnectionManager = void 0;
+exports.createAgentRouter = createAgentRouter;
+const express_1 = require("express");
+const crypto_1 = __importDefault(require("crypto"));
+const zod_1 = require("zod");
+const cli_1 = require("@hailer/cli");
+const hailer_clients_1 = require("../mcp/hailer-clients");
+const config_1 = require("../config");
+const logger_1 = require("../lib/logger");
+// ================================================================================
+// AGENT CONNECTION MANAGER
+// ================================================================================
+/**
+ * Manages persistent connections for enabled agents.
+ * Handles connection lifecycle, reconnection, and signal handling.
+ */
+class AgentConnectionManager {
+    credentialStore;
+    connections = new Map();
+    logger = (0, logger_1.createLogger)({ component: 'agent-connection-manager' });
+    constructor(credentialStore) {
+        this.credentialStore = credentialStore;
+    }
+    /**
+     * Connect an agent using stored credentials
+     */
+    async connect(credentials) {
+        const connectionKey = `${credentials.workspaceId}:${credentials.agentType}`;
+        // Check existing connection
+        const existing = this.connections.get(connectionKey);
+        if (existing && existing.isConnected()) {
+            return existing.getClient();
+        }
+        // Clean stale connection
+        if (existing) {
+            existing.disconnect();
+            this.connections.delete(connectionKey);
+        }
+        // Create new connection
+        const password = this.credentialStore.decryptPassword(credentials.encryptedPassword);
+        const clientManager = new hailer_clients_1.HailerClientManager(config_1.environment.HAILER_API_URL, credentials.email, password);
+        await clientManager.connect();
+        this.connections.set(connectionKey, clientManager);
+        // Set up @mention listener
+        clientManager.onSignal('messenger.new', (data) => {
+            this.handleMentionSignal(credentials, data);
+        });
+        this.logger.info('Agent connected', {
+            agentType: credentials.agentType,
+            workspaceId: credentials.workspaceId
+        });
+        return clientManager.getClient();
+    }
+    /**
+     * Disconnect an agent
+     */
+    async disconnect(workspaceId, agentType) {
+        const connectionKey = `${workspaceId}:${agentType}`;
+        const clientManager = this.connections.get(connectionKey);
+        if (clientManager) {
+            clientManager.disconnect();
+            this.connections.delete(connectionKey);
+            this.logger.info('Agent disconnected', { agentType, workspaceId });
+        }
+    }
+    /**
+     * Check if agent is connected
+     */
+    isConnected(workspaceId, agentType) {
+        const connectionKey = `${workspaceId}:${agentType}`;
+        const clientManager = this.connections.get(connectionKey);
+        return clientManager?.isConnected() ?? false;
+    }
+    /**
+     * Reconnect all agents on server startup
+     */
+    async reconnectAll() {
+        const allCredentials = await this.credentialStore.listAll();
+        const activeCredentials = allCredentials.filter(c => c.status === 'active');
+        this.logger.info('Reconnecting agents', { count: activeCredentials.length });
+        for (const credentials of activeCredentials) {
+            try {
+                await this.connect(credentials);
+            }
+            catch (error) {
+                this.logger.error('Failed to reconnect agent', error, {
+                    agentType: credentials.agentType,
+                    workspaceId: credentials.workspaceId
+                });
+                // Update status to error
+                await this.credentialStore.save({
+                    ...credentials,
+                    status: 'error',
+                    lastError: error instanceof Error ? error.message : String(error)
+                });
+            }
+        }
+    }
+    /**
+     * Handle @mention signals (placeholder for agent logic)
+     */
+    handleMentionSignal(credentials, data) {
+        this.logger.debug('Mention signal received', {
+            agentType: credentials.agentType,
+            workspaceId: credentials.workspaceId,
+            data
+        });
+        // TODO: Implement agent response logic
+    }
+}
+exports.AgentConnectionManager = AgentConnectionManager;
+// ================================================================================
+// REQUEST VALIDATION SCHEMAS
+// ================================================================================
+const enableAgentSchema = zod_1.z.object({
+    invite_key: zod_1.z.string().min(1, 'invite_key is required'),
+    email: zod_1.z.string().email('Invalid email format'),
+    agentType: zod_1.z.string().min(1, 'agentType is required'),
+    displayName: zod_1.z.string().min(1, 'displayName is required'),
+    workspaceId: zod_1.z.string().length(24, 'workspaceId must be 24 characters'),
+    ownerId: zod_1.z.string().length(24, 'ownerId must be 24 characters'),
+});
+const disableAgentSchema = zod_1.z.object({
+    agentType: zod_1.z.string().min(1, 'agentType is required'),
+    workspaceId: zod_1.z.string().length(24, 'workspaceId must be 24 characters'),
+});
+// ================================================================================
+// ROUTER FACTORY
+// ================================================================================
+/**
+ * Create Express router for agent management endpoints
+ */
+function createAgentRouter(credentialStore, connectionManager) {
+    const router = (0, express_1.Router)();
+    const logger = (0, logger_1.createLogger)({ component: 'agent-routes' });
+    // POST /enable - Enable an agent in a workspace
+    router.post('/enable', async (req, res) => {
+        try {
+            // Validate request
+            const validation = enableAgentSchema.safeParse(req.body);
+            if (!validation.success) {
+                return res.status(400).json({
+                    error: 'Validation failed',
+                    details: validation.error.flatten().fieldErrors
+                });
+            }
+            const { invite_key, email, agentType, displayName, workspaceId, ownerId } = validation.data;
+            // Check if already enabled
+            const existing = await credentialStore.get(workspaceId, agentType);
+            if (existing) {
+                return res.status(409).json({
+                    error: 'Agent already enabled',
+                    agent: {
+                        agentType: existing.agentType,
+                        displayName: existing.displayName,
+                        status: existing.status,
+                        enabledAt: existing.enabledAt
+                    }
+                });
+            }
+            // Generate secure password
+            const password = crypto_1.default.randomBytes(32).toString('hex');
+            // Create temp client for public invite registration (unauthenticated)
+            logger.info('Registering agent via invite', { agentType, workspaceId });
+            const tempClient = await cli_1.Client.create({ host: config_1.environment.HAILER_API_URL });
+            try {
+                await tempClient.request('v2.user.invite.register', [{
+                        firstname: displayName,
+                        lastname: 'Agent',
+                        password: password
+                    }, invite_key]);
+            }
+            finally {
+                tempClient.disconnect();
+            }
+            // Store encrypted credentials
+            const credentials = {
+                workspaceId,
+                agentType,
+                email,
+                encryptedPassword: credentialStore.encryptPassword(password),
+                displayName,
+                enabledBy: ownerId,
+                enabledAt: new Date().toISOString(),
+                status: 'pending'
+            };
+            await credentialStore.save(credentials);
+            // Connect the agent
+            try {
+                await connectionManager.connect(credentials);
+                credentials.status = 'active';
+                credentials.lastConnectedAt = new Date().toISOString();
+                await credentialStore.save(credentials);
+            }
+            catch (connectError) {
+                credentials.status = 'error';
+                credentials.lastError = connectError instanceof Error ? connectError.message : String(connectError);
+                await credentialStore.save(credentials);
+                logger.error('Agent registered but connection failed', connectError, { agentType, workspaceId });
+                return res.status(207).json({
+                    success: true,
+                    warning: 'Agent registered but connection failed',
+                    agent: {
+                        agentType,
+                        displayName,
+                        workspaceId,
+                        status: 'error',
+                        error: credentials.lastError
+                    }
+                });
+            }
+            logger.info('Agent enabled successfully', { agentType, workspaceId, displayName });
+            res.json({
+                success: true,
+                agent: {
+                    agentType,
+                    displayName,
+                    workspaceId,
+                    status: 'active'
+                }
+            });
+        }
+        catch (error) {
+            logger.error('Failed to enable agent', error);
+            res.status(500).json({
+                error: 'Failed to enable agent',
+                details: error instanceof Error ? error.message : String(error)
+            });
+        }
+    });
+    // POST /disable - Disable an agent in a workspace
+    router.post('/disable', async (req, res) => {
+        try {
+            const validation = disableAgentSchema.safeParse(req.body);
+            if (!validation.success) {
+                return res.status(400).json({
+                    error: 'Validation failed',
+                    details: validation.error.flatten().fieldErrors
+                });
+            }
+            const { agentType, workspaceId } = validation.data;
+            // Check if exists
+            const existing = await credentialStore.get(workspaceId, agentType);
+            if (!existing) {
+                return res.status(404).json({
+                    error: 'Agent not found',
+                    agentType,
+                    workspaceId
+                });
+            }
+            // Disconnect and remove
+            await connectionManager.disconnect(workspaceId, agentType);
+            await credentialStore.delete(workspaceId, agentType);
+            logger.info('Agent disabled', { agentType, workspaceId });
+            res.json({
+                success: true,
+                message: `Agent ${agentType} disabled in workspace ${workspaceId}`
+            });
+        }
+        catch (error) {
+            logger.error('Failed to disable agent', error);
+            res.status(500).json({
+                error: 'Failed to disable agent',
+                details: error instanceof Error ? error.message : String(error)
+            });
+        }
+    });
+    // GET /list/:workspaceId - List enabled agents for a workspace
+    router.get('/list/:workspaceId', async (req, res) => {
+        try {
+            const { workspaceId } = req.params;
+            if (!workspaceId || workspaceId.length !== 24) {
+                return res.status(400).json({
+                    error: 'Invalid workspaceId - must be 24 characters'
+                });
+            }
+            const credentials = await credentialStore.listByWorkspace(workspaceId);
+            const agents = credentials.map(cred => ({
+                agentType: cred.agentType,
+                displayName: cred.displayName,
+                status: cred.status,
+                enabledAt: cred.enabledAt,
+                enabledBy: cred.enabledBy,
+                connected: connectionManager.isConnected(workspaceId, cred.agentType),
+                lastConnectedAt: cred.lastConnectedAt,
+                lastError: cred.lastError
+            }));
+            res.json({ agents });
+        }
+        catch (error) {
+            logger.error('Failed to list agents', error);
+            res.status(500).json({
+                error: 'Failed to list agents',
+                details: error instanceof Error ? error.message : String(error)
+            });
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=agents.js.map

package/dist/services/agent-credential-store.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Agent Credential Store
+ *
+ * Encrypted JSON file storage for agent credentials.
+ * Uses AES-256-GCM encryption for password storage.
+ */
+export interface AgentCredentials {
+    workspaceId: string;
+    agentType: string;
+    email: string;
+    encryptedPassword: string;
+    userId?: string;
+    displayName: string;
+    enabledBy: string;
+    enabledAt: string;
+    status: 'pending' | 'active' | 'disconnected' | 'error';
+    lastConnectedAt?: string;
+    lastError?: string;
+}
+export declare class AgentCredentialStore {
+    private dataDir;
+    private filePath;
+    private encryptionKey;
+    constructor(dataDir?: string);
+    /**
+     * Generate storage key from workspaceId and agentType
+     */
+    private getStorageKey;
+    /**
+     * Ensure data directory exists
+     */
+    private ensureDataDir;
+    /**
+     * Read credentials file with graceful error handling
+     */
+    private readStorage;
+    /**
+     * Write credentials file atomically
+     */
+    private writeStorage;
+    /**
+     * Encrypt password using AES-256-GCM
+     * Format: iv:authTag:ciphertext (all hex-encoded)
+     */
+    encryptPassword(plaintext: string): string;
+    /**
+     * Decrypt password from AES-256-GCM format
+     * Expects format: iv:authTag:ciphertext (all hex-encoded)
+     */
+    decryptPassword(ciphertext: string): string;
+    /**
+     * Save or update agent credentials
+     */
+    save(credentials: AgentCredentials): Promise<void>;
+    /**
+     * Get agent credentials by workspace and type
+     */
+    get(workspaceId: string, agentType: string): Promise<AgentCredentials | null>;
+    /**
+     * Delete agent credentials
+     * Returns true if credentials were found and deleted
+     */
+    delete(workspaceId: string, agentType: string): Promise<boolean>;
+    /**
+     * List all credentials for a workspace
+     */
+    listByWorkspace(workspaceId: string): Promise<AgentCredentials[]>;
+    /**
+     * List all stored credentials
+     */
+    listAll(): Promise<AgentCredentials[]>;
+}
+//# sourceMappingURL=agent-credential-store.d.ts.map

package/dist/services/agent-credential-store.js

@@ -0,0 +1,212 @@
+"use strict";
+/**
+ * Agent Credential Store
+ *
+ * Encrypted JSON file storage for agent credentials.
+ * Uses AES-256-GCM encryption for password storage.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentCredentialStore = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const promises_1 = __importDefault(require("fs/promises"));
+const path_1 = __importDefault(require("path"));
+const config_1 = require("../config");
+const logger_1 = require("../lib/logger");
+const logger = (0, logger_1.createLogger)({ component: 'agent-credential-store' });
+// ================================================================================
+// ENCRYPTION HELPERS
+// ================================================================================
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 12; // GCM standard
+const AUTH_TAG_LENGTH = 16;
+/**
+ * Get encryption key from environment or generate dev fallback
+ */
+function getEncryptionKey() {
+    if (config_1.environment.CREDENTIAL_ENCRYPTION_KEY) {
+        return Buffer.from(config_1.environment.CREDENTIAL_ENCRYPTION_KEY, 'hex');
+    }
+    // Development fallback - deterministic key from a fixed seed
+    // WARNING: This is NOT secure for production
+    if (config_1.environment.NODE_ENV === 'development' || config_1.environment.NODE_ENV === 'test') {
+        logger.warn('Using development fallback encryption key - NOT SECURE FOR PRODUCTION');
+        // Generate deterministic key from seed phrase
+        return crypto_1.default.createHash('sha256').update('hailer-mcp-dev-key-DO-NOT-USE-IN-PRODUCTION').digest();
+    }
+    throw new Error('CREDENTIAL_ENCRYPTION_KEY must be set in production');
+}
+// ================================================================================
+// AGENT CREDENTIAL STORE CLASS
+// ================================================================================
+class AgentCredentialStore {
+    dataDir;
+    filePath;
+    encryptionKey;
+    constructor(dataDir) {
+        // Default to 'data/' relative to project root
+        this.dataDir = dataDir || path_1.default.join(process.cwd(), 'data');
+        this.filePath = path_1.default.join(this.dataDir, 'agent-credentials.json');
+        this.encryptionKey = getEncryptionKey();
+    }
+    /**
+     * Generate storage key from workspaceId and agentType
+     */
+    getStorageKey(workspaceId, agentType) {
+        return `${workspaceId}:${agentType}`;
+    }
+    /**
+     * Ensure data directory exists
+     */
+    async ensureDataDir() {
+        try {
+            await promises_1.default.mkdir(this.dataDir, { recursive: true });
+        }
+        catch (error) {
+            // Directory might already exist
+            if (error.code !== 'EEXIST') {
+                throw error;
+            }
+        }
+    }
+    /**
+     * Read credentials file with graceful error handling
+     */
+    async readStorage() {
+        try {
+            const content = await promises_1.default.readFile(this.filePath, 'utf-8');
+            const storage = JSON.parse(content);
+            // Validate structure
+            if (typeof storage !== 'object' || !storage.credentials) {
+                throw new Error('Invalid storage format');
+            }
+            return storage;
+        }
+        catch (error) {
+            if (error.code === 'ENOENT') {
+                // File doesn't exist - return empty storage
+                return { version: 1, credentials: {} };
+            }
+            // JSON parsing error or other issue - log and return empty
+            logger.error('Failed to read credentials file, initializing empty storage', error);
+            return { version: 1, credentials: {} };
+        }
+    }
+    /**
+     * Write credentials file atomically
+     */
+    async writeStorage(storage) {
+        await this.ensureDataDir();
+        const content = JSON.stringify(storage, null, 2);
+        const tempPath = `${this.filePath}.tmp.${Date.now()}`;
+        try {
+            // Write to temp file first
+            await promises_1.default.writeFile(tempPath, content, 'utf-8');
+            // Atomic rename
+            await promises_1.default.rename(tempPath, this.filePath);
+        }
+        catch (error) {
+            // Clean up temp file if it exists
+            try {
+                await promises_1.default.unlink(tempPath);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            throw error;
+        }
+    }
+    /**
+     * Encrypt password using AES-256-GCM
+     * Format: iv:authTag:ciphertext (all hex-encoded)
+     */
+    encryptPassword(plaintext) {
+        const iv = crypto_1.default.randomBytes(IV_LENGTH);
+        const cipher = crypto_1.default.createCipheriv(ALGORITHM, this.encryptionKey, iv);
+        let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        const authTag = cipher.getAuthTag();
+        // Format: iv:authTag:ciphertext
+        return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
+    }
+    /**
+     * Decrypt password from AES-256-GCM format
+     * Expects format: iv:authTag:ciphertext (all hex-encoded)
+     */
+    decryptPassword(ciphertext) {
+        const parts = ciphertext.split(':');
+        if (parts.length !== 3) {
+            throw new Error('Invalid encrypted password format');
+        }
+        const [ivHex, authTagHex, encryptedHex] = parts;
+        const iv = Buffer.from(ivHex, 'hex');
+        const authTag = Buffer.from(authTagHex, 'hex');
+        const encrypted = Buffer.from(encryptedHex, 'hex');
+        if (iv.length !== IV_LENGTH) {
+            throw new Error(`Invalid IV length: expected ${IV_LENGTH}, got ${iv.length}`);
+        }
+        if (authTag.length !== AUTH_TAG_LENGTH) {
+            throw new Error(`Invalid auth tag length: expected ${AUTH_TAG_LENGTH}, got ${authTag.length}`);
+        }
+        const decipher = crypto_1.default.createDecipheriv(ALGORITHM, this.encryptionKey, iv);
+        decipher.setAuthTag(authTag);
+        let decrypted = decipher.update(encrypted);
+        decrypted = Buffer.concat([decrypted, decipher.final()]);
+        return decrypted.toString('utf8');
+    }
+    /**
+     * Save or update agent credentials
+     */
+    async save(credentials) {
+        const storage = await this.readStorage();
+        const key = this.getStorageKey(credentials.workspaceId, credentials.agentType);
+        storage.credentials[key] = credentials;
+        await this.writeStorage(storage);
+        logger.info('Saved agent credentials', {
+            workspaceId: credentials.workspaceId,
+            agentType: credentials.agentType,
+            status: credentials.status,
+        });
+    }
+    /**
+     * Get agent credentials by workspace and type
+     */
+    async get(workspaceId, agentType) {
+        const storage = await this.readStorage();
+        const key = this.getStorageKey(workspaceId, agentType);
+        return storage.credentials[key] || null;
+    }
+    /**
+     * Delete agent credentials
+     * Returns true if credentials were found and deleted
+     */
+    async delete(workspaceId, agentType) {
+        const storage = await this.readStorage();
+        const key = this.getStorageKey(workspaceId, agentType);
+        if (!(key in storage.credentials)) {
+            return false;
+        }
+        delete storage.credentials[key];
+        await this.writeStorage(storage);
+        logger.info('Deleted agent credentials', { workspaceId, agentType });
+        return true;
+    }
+    /**
+     * List all credentials for a workspace
+     */
+    async listByWorkspace(workspaceId) {
+        const storage = await this.readStorage();
+        return Object.values(storage.credentials).filter((cred) => cred.workspaceId === workspaceId);
+    }
+    /**
+     * List all stored credentials
+     */
+    async listAll() {
+        const storage = await this.readStorage();
+        return Object.values(storage.credentials);
+    }
+}
+exports.AgentCredentialStore = AgentCredentialStore;
+//# sourceMappingURL=agent-credential-store.js.map

package/lineup-manager/dist/assets/index-8ce6041d.css

@@ -0,0 +1 @@
+@import"https://fonts.googleapis.com/css?family=Nunito+Sans:200,400,400i,600,700,800";:root[data-theme=light]{--chakra-colors-chakra-body-bg: var(--chakra-colors-white) !important}body{margin:0;min-width:320px;min-height:100vh}