npm - @hasna/uptime - Versions diffs - 0.1.0 → 0.1.1 - Mend

@hasna/uptime 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/cli/index.js CHANGED Viewed

@@ -2642,6 +2642,9 @@ async function runTcpCheck(monitor) {
   });
 }
+// src/service.ts
+import { randomUUID as randomUUID2 } from "crypto";
 // src/store.ts
 import { mkdirSync as mkdirSync2 } from "fs";
 import { dirname } from "path";
@@ -2674,6 +2677,13 @@ var MAX_RETRY_COUNT = 10;
 var MAX_RESULT_LIMIT = 1000;
 // src/store.ts
+class StaleCheckResultError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "StaleCheckResultError";
+  }
+}
 class UptimeStore {
   dbPath;
   db;
@@ -2707,10 +2717,12 @@ class UptimeStore {
         enabled INTEGER NOT NULL DEFAULT 1,
         status TEXT NOT NULL DEFAULT 'unknown',
         last_checked_at TEXT,
+        revision INTEGER NOT NULL DEFAULT 1,
         created_at TEXT NOT NULL,
         updated_at TEXT NOT NULL
       )
     `);
+    this.ensureColumn("monitors", "revision", "INTEGER NOT NULL DEFAULT 1");
     this.db.run(`
       CREATE TABLE IF NOT EXISTS check_results (
         id TEXT PRIMARY KEY,
@@ -2736,8 +2748,17 @@ class UptimeStore {
         reason TEXT
       )
     `);
+    this.db.run(`
+      CREATE TABLE IF NOT EXISTS check_leases (
+        monitor_id TEXT PRIMARY KEY REFERENCES monitors(id) ON DELETE CASCADE,
+        owner TEXT NOT NULL,
+        leased_until TEXT NOT NULL,
+        acquired_at TEXT NOT NULL
+      )
+    `);
     this.db.run("CREATE INDEX IF NOT EXISTS idx_results_monitor_time ON check_results(monitor_id, checked_at DESC)");
     this.db.run("CREATE INDEX IF NOT EXISTS idx_incidents_monitor_status ON incidents(monitor_id, status)");
+    this.db.run("CREATE INDEX IF NOT EXISTS idx_check_leases_until ON check_leases(leased_until)");
   }
   createMonitor(input) {
     const normalized = normalizeCreateMonitor(input);
@@ -2757,14 +2778,15 @@ class UptimeStore {
       enabled: normalized.enabled ?? true,
       status: normalized.enabled === false ? "paused" : "unknown",
       lastCheckedAt: null,
+      revision: 1,
       createdAt: now,
       updatedAt: now
     };
     this.db.query(`INSERT INTO monitors (
           id, name, kind, url, host, port, method, expected_status,
           interval_seconds, timeout_ms, retry_count, enabled, status,
-          last_checked_at, created_at, updated_at
-        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(monitor.id, monitor.name, monitor.kind, monitor.url, monitor.host, monitor.port, monitor.method, monitor.expectedStatus, monitor.intervalSeconds, monitor.timeoutMs, monitor.retryCount, monitor.enabled ? 1 : 0, monitor.status, monitor.lastCheckedAt, monitor.createdAt, monitor.updatedAt);
+          last_checked_at, revision, created_at, updated_at
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(monitor.id, monitor.name, monitor.kind, monitor.url, monitor.host, monitor.port, monitor.method, monitor.expectedStatus, monitor.intervalSeconds, monitor.timeoutMs, monitor.retryCount, monitor.enabled ? 1 : 0, monitor.status, monitor.lastCheckedAt, monitor.revision, monitor.createdAt, monitor.updatedAt);
     return monitor;
   }
   listMonitors(options = {}) {
@@ -2784,8 +2806,12 @@ class UptimeStore {
     this.db.query(`UPDATE monitors SET
           name = ?, kind = ?, url = ?, host = ?, port = ?, method = ?,
           expected_status = ?, interval_seconds = ?, timeout_ms = ?,
-          retry_count = ?, enabled = ?, status = ?, last_checked_at = ?, updated_at = ?
+          retry_count = ?, enabled = ?, status = ?, last_checked_at = ?,
+          revision = revision + 1, updated_at = ?
         WHERE id = ?`).run(next.name, next.kind, next.url, next.host, next.port, next.method, next.expectedStatus, next.intervalSeconds, next.timeoutMs, next.retryCount, next.enabled ? 1 : 0, next.status, next.lastCheckedAt, updatedAt, current.id);
+    if (definitionChanged(current, next)) {
+      this.closeOpenIncident(current.id, updatedAt);
+    }
     return this.getMonitor(current.id);
   }
   deleteMonitor(idOrName) {
@@ -2795,10 +2821,31 @@ class UptimeStore {
     this.db.query("DELETE FROM monitors WHERE id = ?").run(current.id);
     return true;
   }
+  acquireCheckLease(monitorId, owner, ttlMs) {
+    const now = new Date;
+    const nowIso = now.toISOString();
+    const leasedUntil = new Date(now.getTime() + Math.max(1000, ttlMs)).toISOString();
+    const tx = this.db.transaction(() => {
+      this.db.query("DELETE FROM check_leases WHERE monitor_id = ? AND leased_until <= ?").run(monitorId, nowIso);
+      this.db.query("INSERT OR IGNORE INTO check_leases (monitor_id, owner, leased_until, acquired_at) VALUES (?, ?, ?, ?)").run(monitorId, owner, leasedUntil, nowIso);
+      const row = this.db.query("SELECT * FROM check_leases WHERE monitor_id = ?").get(monitorId);
+      return row?.owner === owner;
+    });
+    return tx();
+  }
+  releaseCheckLease(monitorId, owner) {
+    this.db.query("DELETE FROM check_leases WHERE monitor_id = ? AND owner = ?").run(monitorId, owner);
+  }
   recordCheckResult(input) {
     const monitor = this.getMonitor(input.monitorId);
     if (!monitor)
       throw new Error(`Monitor not found: ${input.monitorId}`);
+    if (input.expectedMonitorRevision !== undefined && monitor.revision !== input.expectedMonitorRevision) {
+      throw new StaleCheckResultError(`Monitor changed while check was in progress: ${monitor.name}`);
+    }
+    if (!monitor.enabled) {
+      throw new StaleCheckResultError(`Monitor was disabled while check was in progress: ${monitor.name}`);
+    }
     const checkedAt = input.checkedAt ?? new Date().toISOString();
     const result = {
       id: newId("chk"),
@@ -2811,6 +2858,15 @@ class UptimeStore {
       attemptCount: Math.max(1, input.attemptCount)
     };
     const tx = this.db.transaction(() => {
+      const current = this.db.query("SELECT * FROM monitors WHERE id = ?").get(result.monitorId);
+      if (!current)
+        throw new Error(`Monitor not found: ${result.monitorId}`);
+      if (input.expectedMonitorRevision !== undefined && current.revision !== input.expectedMonitorRevision) {
+        throw new StaleCheckResultError(`Monitor changed while check was in progress: ${current.name}`);
+      }
+      if (!current.enabled) {
+        throw new StaleCheckResultError(`Monitor was disabled while check was in progress: ${current.name}`);
+      }
       this.db.query(`INSERT INTO check_results (
             id, monitor_id, checked_at, status, latency_ms, status_code, error, attempt_count
           ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)`).run(result.id, result.monitorId, result.checkedAt, result.status, result.latencyMs, result.statusCode, result.error, result.attemptCount);
@@ -2858,10 +2914,14 @@ class UptimeStore {
         down: monitors.filter((m) => m.status === "down").length,
         paused: monitors.filter((m) => !m.enabled || m.status === "paused").length,
         unknown: monitors.filter((m) => m.status === "unknown").length,
-        openIncidents: this.listIncidents({ status: "open", limit: 1000 }).length
+        openIncidents: this.countOpenIncidents()
       }
     };
   }
+  countOpenIncidents() {
+    const row = this.db.query("SELECT COUNT(*) AS count FROM incidents WHERE status = 'open'").get();
+    return Number(row?.count ?? 0);
+  }
   monitorSummary(monitor) {
     const row = this.db.query(`SELECT
           COUNT(*) as total,
@@ -2899,13 +2959,24 @@ class UptimeStore {
       this.db.query("UPDATE incidents SET status = 'closed', closed_at = ?, recovery_check_id = ? WHERE id = ?").run(result.checkedAt, result.id, open.id);
     }
   }
+  closeOpenIncident(monitorId, closedAt) {
+    this.db.query("UPDATE incidents SET status = 'closed', closed_at = ? WHERE monitor_id = ? AND status = 'open'").run(closedAt, monitorId);
+  }
+  ensureColumn(table, name, definition) {
+    const columns = this.db.query(`PRAGMA table_info(${table})`).all();
+    if (!columns.some((column) => column.name === name)) {
+      this.db.run(`ALTER TABLE ${table} ADD COLUMN ${name} ${definition}`);
+    }
+  }
 }
 function normalizeCreateMonitor(input) {
   const name = input.name?.trim();
   if (!name)
     throw new Error("Monitor name is required");
+  rejectControlCharacters(name, "Monitor name");
   const method = normalizeMethod(input.method ?? "GET");
   const expectedStatus = normalizeExpectedStatus(input.expectedStatus);
+  const enabled = normalizeEnabled(input.enabled);
   if (input.kind === "http") {
     const url = normalizeHttpUrl(input.url);
     return {
@@ -2917,12 +2988,13 @@ function normalizeCreateMonitor(input) {
       intervalSeconds: boundedInteger(input.intervalSeconds ?? 60, "intervalSeconds", MIN_INTERVAL_SECONDS, MAX_INTERVAL_SECONDS),
       timeoutMs: boundedInteger(input.timeoutMs ?? 5000, "timeoutMs", MIN_TIMEOUT_MS, MAX_TIMEOUT_MS),
       retryCount: boundedInteger(input.retryCount ?? 0, "retryCount", MIN_RETRY_COUNT, MAX_RETRY_COUNT),
-      enabled: input.enabled ?? true
+      enabled
     };
   } else if (input.kind === "tcp") {
     const host = input.host?.trim();
     if (!host)
       throw new Error("TCP monitors require host");
+    rejectControlCharacters(host, "TCP host");
     if (!Number.isInteger(input.port) || input.port <= 0 || input.port > 65535) {
       throw new Error("TCP monitors require a port from 1 to 65535");
     }
@@ -2936,12 +3008,15 @@ function normalizeCreateMonitor(input) {
       intervalSeconds: boundedInteger(input.intervalSeconds ?? 60, "intervalSeconds", MIN_INTERVAL_SECONDS, MAX_INTERVAL_SECONDS),
       timeoutMs: boundedInteger(input.timeoutMs ?? 5000, "timeoutMs", MIN_TIMEOUT_MS, MAX_TIMEOUT_MS),
       retryCount: boundedInteger(input.retryCount ?? 0, "retryCount", MIN_RETRY_COUNT, MAX_RETRY_COUNT),
-      enabled: input.enabled ?? true
+      enabled
     };
   } else {
     throw new Error("Monitor kind must be http or tcp");
   }
 }
+function definitionChanged(current, next) {
+  return next.kind !== current.kind || next.url !== current.url || next.host !== current.host || next.port !== current.port || next.method !== current.method || next.expectedStatus !== current.expectedStatus;
+}
 function normalizeUpdateMonitor(current, input, updatedAt) {
   const merged = {
     ...current,
@@ -3006,6 +3081,18 @@ function normalizeExpectedStatus(value) {
   }
   return value;
 }
+function normalizeEnabled(value) {
+  if (value === undefined)
+    return true;
+  if (typeof value !== "boolean")
+    throw new Error("enabled must be a boolean");
+  return value;
+}
+function rejectControlCharacters(value, label) {
+  if (/[\x00-\x1f\x7f-\x9f]/.test(value)) {
+    throw new Error(`${label} must not contain control characters`);
+  }
+}
 function monitorFromRow(row) {
   return {
     id: row.id,
@@ -3022,6 +3109,7 @@ function monitorFromRow(row) {
     enabled: Boolean(row.enabled),
     status: row.status,
     lastCheckedAt: row.last_checked_at,
+    revision: row.revision ?? 1,
     createdAt: row.created_at,
     updatedAt: row.updated_at
   };
@@ -3070,10 +3158,281 @@ function round(value, places) {
   return Math.round(value * factor) / factor;
 }
+// src/report.ts
+var DEFAULT_MAILERY_API_URL = "http://localhost:3900";
+var DEFAULT_TELEPHONY_API_URL = "http://localhost:19451";
+var DEFAULT_LOGS_API_URL = "http://localhost:3460";
+var DEFAULT_TIMEOUT_MS = 15000;
+function buildUptimeReport(summary, options = {}) {
+  const subject = options.subject ?? defaultSubject(summary);
+  const lines = [
+    subject,
+    `Generated: ${summary.generatedAt}`,
+    `Monitors: ${summary.totals.monitors} total, ${summary.totals.enabled} enabled, ${summary.totals.up} up, ${summary.totals.down} down, ${summary.totals.openIncidents} open incidents`,
+    "",
+    ...summary.monitors.map(renderMonitorLine)
+  ];
+  const text = lines.join(`
+`).trimEnd();
+  const json = {
+    kind: "open-uptime.report",
+    generated_at: summary.generatedAt,
+    subject,
+    totals: summary.totals,
+    monitors: summary.monitors
+  };
+  return {
+    subject,
+    generatedAt: summary.generatedAt,
+    summary,
+    text,
+    html: `<pre>${escapeHtml(text)}</pre>`,
+    json
+  };
+}
+async function sendUptimeReport(summary, options = {}) {
+  const report = buildUptimeReport(summary, options);
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const deliveries = [];
+  if (options.email) {
+    deliveries.push(await sendEmailReport(report, resolveEmailTarget(options.email), fetchImpl, timeoutMs));
+  }
+  if (options.sms) {
+    const smsTarget = resolveSmsTarget(options.sms);
+    const recipients = splitTargets(smsTarget.to);
+    if (recipients.length === 0) {
+      deliveries.push(await sendSmsReport(report, smsTarget, fetchImpl, timeoutMs));
+    } else {
+      for (const target of recipients) {
+        deliveries.push(await sendSmsReport(report, { ...smsTarget, to: target }, fetchImpl, timeoutMs));
+      }
+    }
+  }
+  if (options.logs) {
+    deliveries.push(await sendLogsReport(report, resolveLogsTarget(options.logs), fetchImpl, timeoutMs));
+  }
+  return deliveries;
+}
+function defaultSubject(summary) {
+  if (summary.totals.openIncidents > 0 || summary.totals.down > 0) {
+    return `Open Uptime alert: ${summary.totals.down} down, ${summary.totals.openIncidents} open incidents`;
+  }
+  return `Open Uptime report: ${summary.totals.up}/${summary.totals.enabled} enabled monitors up`;
+}
+function renderMonitorLine(item) {
+  const uptime = item.uptimePercent == null ? "-" : `${item.uptimePercent.toFixed(2)}%`;
+  const latency = item.averageLatencyMs == null ? "-" : `${item.averageLatencyMs}ms`;
+  const incident = item.openIncident ? ` open incident: ${item.openIncident.reason ?? "down"}` : "";
+  return `- ${item.monitor.status.toUpperCase()} ${item.monitor.name} (${targetLabel(item)}): uptime ${uptime}, latency ${latency}${incident}`;
+}
+function targetLabel(item) {
+  return item.monitor.kind === "http" ? item.monitor.url ?? "" : `${item.monitor.host}:${item.monitor.port}`;
+}
+function resolveEmailTarget(value) {
+  const target = typeof value === "boolean" ? {} : value;
+  return {
+    apiUrl: target.apiUrl ?? env2("HASNA_MAILERY_API_URL", "MAILERY_API_URL") ?? DEFAULT_MAILERY_API_URL,
+    sendKey: target.sendKey ?? env2("HASNA_MAILERY_SEND_KEY", "MAILERY_SEND_KEY", "ESK"),
+    from: target.from ?? env2("HASNA_UPTIME_REPORT_EMAIL_FROM", "UPTIME_REPORT_EMAIL_FROM"),
+    to: target.to ?? env2("HASNA_UPTIME_REPORT_EMAIL_TO", "UPTIME_REPORT_EMAIL_TO"),
+    subject: target.subject,
+    providerId: target.providerId ?? env2("HASNA_MAILERY_PROVIDER_ID", "MAILERY_PROVIDER_ID")
+  };
+}
+function resolveSmsTarget(value) {
+  const target = typeof value === "boolean" ? {} : value;
+  return {
+    apiUrl: target.apiUrl ?? env2("HASNA_TELEPHONY_API_URL", "TELEPHONY_API_URL") ?? DEFAULT_TELEPHONY_API_URL,
+    from: target.from ?? env2("HASNA_UPTIME_REPORT_SMS_FROM", "UPTIME_REPORT_SMS_FROM"),
+    to: target.to ?? env2("HASNA_UPTIME_REPORT_PHONE_TO", "UPTIME_REPORT_PHONE_TO")
+  };
+}
+function resolveLogsTarget(value) {
+  const target = typeof value === "boolean" ? {} : value;
+  return {
+    apiUrl: target.apiUrl ?? env2("HASNA_LOGS_URL", "LOGS_URL") ?? DEFAULT_LOGS_API_URL,
+    apiKey: target.apiKey ?? env2("HASNA_LOGS_API_TOKEN", "LOGS_API_TOKEN", "HASNA_LOGS_API_KEY", "LOGS_API_KEY"),
+    projectId: target.projectId ?? env2("HASNA_LOGS_PROJECT_ID", "LOGS_PROJECT_ID") ?? "open-uptime",
+    environment: target.environment ?? env2("HASNA_ENV", "NODE_ENV"),
+    service: target.service ?? "open-uptime"
+  };
+}
+async function sendEmailReport(report, target, fetchImpl, timeoutMs) {
+  if (!target.sendKey)
+    return { channel: "email", ok: false, error: "Mailery send key is required" };
+  if (!target.from)
+    return { channel: "email", ok: false, error: "Email from address is required" };
+  if (!hasTargets(target.to))
+    return { channel: "email", ok: false, error: "Email recipient is required" };
+  const body = {
+    from: target.from,
+    to: splitTargets(target.to),
+    subject: target.subject ?? report.subject,
+    text: report.text,
+    html: report.html,
+    provider_id: target.providerId
+  };
+  return requestJson("email", `${normalizeUrl(target.apiUrl ?? DEFAULT_MAILERY_API_URL)}/api/v1/send`, {
+    method: "POST",
+    headers: { authorization: `Bearer ${target.sendKey}` },
+    body
+  }, fetchImpl, timeoutMs, secretsForTarget(target));
+}
+async function sendSmsReport(report, target, fetchImpl, timeoutMs) {
+  if (!hasTargets(target.to))
+    return { channel: "sms", ok: false, error: "SMS recipient phone number is required" };
+  return requestJson("sms", `${normalizeUrl(target.apiUrl ?? DEFAULT_TELEPHONY_API_URL)}/api/sms/send`, {
+    method: "POST",
+    body: {
+      to: Array.isArray(target.to) ? target.to[0] : target.to,
+      from: target.from,
+      body: truncateSms(report.text)
+    }
+  }, fetchImpl, timeoutMs, secretsForTarget(target));
+}
+async function sendLogsReport(report, target, fetchImpl, timeoutMs) {
+  const params = new URLSearchParams({
+    format: "json",
+    source: "structured",
+    service: target.service ?? "open-uptime",
+    project_id: target.projectId ?? "open-uptime"
+  });
+  if (target.environment)
+    params.set("environment", target.environment);
+  return requestJson("logs", `${normalizeUrl(target.apiUrl ?? DEFAULT_LOGS_API_URL)}/api/logs/structured?${params}`, {
+    method: "POST",
+    headers: target.apiKey ? { authorization: `Bearer ${target.apiKey}` } : undefined,
+    body: {
+      timestamp: report.generatedAt,
+      level: report.summary.totals.down > 0 || report.summary.totals.openIncidents > 0 ? "warn" : "info",
+      message: report.subject,
+      report: report.json
+    }
+  }, fetchImpl, timeoutMs, secretsForTarget(target));
+}
+async function requestJson(channel, url, options, fetchImpl, timeoutMs, secrets = []) {
+  const controller = new AbortController;
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetchImpl(url, {
+      method: options.method,
+      signal: controller.signal,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json",
+        ...options.headers
+      },
+      body: JSON.stringify(options.body)
+    });
+    const text = await response.text();
+    const data = parseMaybeJson(text);
+    if (!response.ok) {
+      return { channel, ok: false, status: response.status, error: errorFromResponse(data, response.statusText, secrets) };
+    }
+    return { channel, ok: true, status: response.status, id: redactOptional(idFromResponse(data), secrets) };
+  } catch (error) {
+    const message = error instanceof Error && error.name === "AbortError" ? "request timed out" : error instanceof Error ? error.message : String(error);
+    return { channel, ok: false, error: redactSecrets(message, secrets) };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function hasTargets(value) {
+  return splitTargets(value).length > 0;
+}
+function splitTargets(value) {
+  if (!value)
+    return [];
+  const values = Array.isArray(value) ? value : value.split(",");
+  return values.map((item) => item.trim()).filter(Boolean);
+}
+function normalizeUrl(value) {
+  const parsed = new URL(value.trim());
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("Integration API URL must use http or https");
+  }
+  return parsed.toString().replace(/\/$/, "");
+}
+function truncateSms(value) {
+  return value.length > 1400 ? `${value.slice(0, 1397)}...` : value;
+}
+function parseMaybeJson(text) {
+  if (!text.trim())
+    return {};
+  try {
+    return JSON.parse(text);
+  } catch {
+    return { message: text };
+  }
+}
+function idFromResponse(data) {
+  if (!data || typeof data !== "object")
+    return;
+  const record = data;
+  for (const key of ["id", "message_id", "event_id"]) {
+    if (typeof record[key] === "string")
+      return record[key];
+  }
+  return;
+}
+function errorFromResponse(data, fallback, secrets = []) {
+  if (data && typeof data === "object") {
+    const record = data;
+    if (typeof record.error === "string")
+      return redactSecrets(record.error, secrets);
+    if (typeof record.message === "string")
+      return redactSecrets(record.message, secrets);
+  }
+  return redactSecrets(fallback, secrets);
+}
+function env2(...keys) {
+  for (const key of keys) {
+    const value = process.env[key]?.trim();
+    if (value)
+      return value;
+  }
+  return;
+}
+function escapeHtml(value) {
+  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function secretsForTarget(target) {
+  const values = new Set;
+  for (const key of ["sendKey", "apiKey"]) {
+    const value = target[key];
+    if (typeof value === "string" && value.trim())
+      values.add(value.trim());
+  }
+  const apiUrl = target.apiUrl;
+  if (apiUrl) {
+    try {
+      const parsed = new URL(apiUrl);
+      if (parsed.username)
+        values.add(decodeURIComponent(parsed.username));
+      if (parsed.password)
+        values.add(decodeURIComponent(parsed.password));
+    } catch {}
+  }
+  return [...values];
+}
+function redactSecrets(value, secrets = []) {
+  let redacted = value;
+  for (const secret of secrets) {
+    if (secret.length >= 3)
+      redacted = redacted.split(secret).join("[REDACTED]");
+  }
+  return redacted.replace(/\bBearer\s+[A-Za-z0-9._~+/=-]+/gi, "Bearer [REDACTED]").replace(/\besk_[A-Za-z0-9._~+/=-]+/g, "esk_[REDACTED]");
+}
+function redactOptional(value, secrets) {
+  return value === undefined ? undefined : redactSecrets(value, secrets);
+}
 // src/service.ts
 class UptimeService {
   store;
   checkRunner;
+  leaseOwner = `svc_${randomUUID2().replace(/-/g, "").slice(0, 18)}`;
   inFlightChecks = new Set;
   constructor(options = {}) {
     this.store = options.store ?? new UptimeStore(options);
@@ -3106,6 +3465,12 @@ class UptimeService {
   summary() {
     return this.store.summary();
   }
+  buildReport(options = {}) {
+    return buildUptimeReport(this.summary(), options);
+  }
+  async sendReport(options = {}) {
+    return sendUptimeReport(this.summary(), options);
+  }
   async checkMonitor(idOrName) {
     const monitor = this.store.getMonitor(idOrName);
     if (!monitor)
@@ -3114,6 +3479,10 @@ class UptimeService {
       throw new Error(`Monitor is disabled: ${monitor.name}`);
     if (this.inFlightChecks.has(monitor.id))
       throw new Error(`Monitor check already in progress: ${monitor.name}`);
+    const leaseTtlMs = Math.max(60000, (monitor.retryCount + 1) * monitor.timeoutMs + 1e4);
+    if (!this.store.acquireCheckLease(monitor.id, this.leaseOwner, leaseTtlMs)) {
+      throw new MonitorCheckBusyError(`Monitor check already in progress: ${monitor.name}`);
+    }
     this.inFlightChecks.add(monitor.id);
     try {
       let attemptCount = 0;
@@ -3131,10 +3500,12 @@ class UptimeService {
         latencyMs: last.latencyMs,
         statusCode: last.statusCode ?? null,
         error: last.error ?? null,
-        attemptCount
+        attemptCount,
+        expectedMonitorRevision: monitor.revision
       });
     } finally {
       this.inFlightChecks.delete(monitor.id);
+      this.store.releaseCheckLease(monitor.id, this.leaseOwner);
     }
   }
   async checkAll() {
@@ -3163,7 +3534,13 @@ class UptimeService {
       const current = this.store.getMonitor(monitor.id);
       if (!current || !this.isDue(current, now))
         continue;
-      results.push(await this.checkMonitor(current.id));
+      try {
+        results.push(await this.checkMonitor(current.id));
+      } catch (error) {
+        if (error instanceof MonitorCheckBusyError || error instanceof StaleCheckResultError)
+          continue;
+        throw error;
+      }
     }
     return results;
   }
@@ -3178,6 +3555,12 @@ class UptimeService {
     return now.getTime() - last >= monitor.intervalSeconds * 1000;
   }
 }
+class MonitorCheckBusyError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "MonitorCheckBusyError";
+  }
+}
 // src/version.ts
 import { readFileSync } from "fs";
@@ -3548,11 +3931,11 @@ function dashboardHtml() {
 }
 // src/api.ts
-function createApiHandler(service) {
+function createApiHandler(service, options = {}) {
   return async (request) => {
     const url = new URL(request.url);
     try {
-      validateLocalMutationRequest(request, url);
+      validateLocalMutationRequest(request, url, options);
       if (request.method === "GET" && url.pathname === "/") {
         return html(dashboardHtml());
       }
@@ -3562,6 +3945,13 @@ function createApiHandler(service) {
       if (request.method === "GET" && url.pathname === "/api/summary") {
         return json(service.summary());
       }
+      if (request.method === "GET" && url.pathname === "/api/report") {
+        return json(service.buildReport());
+      }
+      if (request.method === "POST" && url.pathname === "/api/report") {
+        const input = await jsonBody(request);
+        return json(await service.sendReport({ ...input, fetchImpl: options.fetchImpl }));
+      }
       if (request.method === "GET" && url.pathname === "/api/monitors") {
         return json(service.listMonitors({ includeDisabled: url.searchParams.get("includeDisabled") === "true" }));
       }
@@ -3614,7 +4004,11 @@ function serveUptime(options = {}) {
   const server = Bun.serve({
     hostname: options.host ?? "127.0.0.1",
     port: options.port ?? 3899,
-    fetch: createApiHandler(service)
+    fetch: createApiHandler(service, {
+      apiToken: options.apiToken,
+      allowUnsafeRemoteMutations: options.allowUnsafeRemoteMutations,
+      trustedLoopback: isLoopbackHost(options.host ?? "127.0.0.1")
+    })
   });
   return { server, service, scheduler };
 }
@@ -3642,14 +4036,31 @@ function numericParam(url, name, fallback) {
   const parsed = Number(raw);
   return Number.isFinite(parsed) ? parsed : fallback;
 }
-function validateLocalMutationRequest(request, url) {
+function validateLocalMutationRequest(request, url, options) {
   if (!["POST", "PATCH", "DELETE"].includes(request.method))
     return;
+  const apiToken = options.apiToken ?? process.env.HASNA_UPTIME_API_TOKEN;
+  const hasToken = apiToken ? hasValidApiToken(request, apiToken) : false;
+  const allowUnsafeRemote = options.allowUnsafeRemoteMutations || process.env.HASNA_UPTIME_ALLOW_REMOTE_MUTATIONS === "1";
+  const trustedLoopback = options.trustedLoopback ?? isLoopbackHost(url.hostname);
+  if (!allowUnsafeRemote && !hasToken && (!trustedLoopback || !isLoopbackHost(url.hostname))) {
+    throw new ApiError("non-loopback host rejected for local mutation", 403);
+  }
   const origin = request.headers.get("origin");
   if (origin && origin !== `${url.protocol}//${url.host}`) {
     throw new ApiError("cross-origin mutation rejected", 403);
   }
 }
+function isLoopbackHost(hostname) {
+  const host = hostname.toLowerCase().replace(/^\[|\]$/g, "");
+  return host === "localhost" || host === "127.0.0.1" || host === "::1";
+}
+function hasValidApiToken(request, token) {
+  const authorization = request.headers.get("authorization") ?? "";
+  const bearer = authorization.match(/^Bearer\s+(.+)$/i)?.[1]?.trim();
+  const headerToken = request.headers.get("x-uptime-token")?.trim();
+  return bearer === token || headerToken === token;
+}
 async function jsonBody(request) {
   const contentType = request.headers.get("content-type") ?? "";
   const mediaType = contentType.split(";")[0]?.trim().toLowerCase();
@@ -3680,14 +4091,14 @@ function print(value, text, opts) {
   if (wantsJson(opts))
     console.log(JSON.stringify(value, null, 2));
   else
-    console.log(text);
+    console.log(sanitizeTerminal(text));
 }
 function fail(error) {
   const message = error instanceof Error ? error.message : String(error);
   if (program2.opts().json)
     console.log(JSON.stringify({ ok: false, error: message }, null, 2));
   else
-    console.error(source_default.red(message));
+    console.error(source_default.red(sanitizeTerminal(message)));
   process.exit(1);
 }
 program2.command("init").description("Initialize the local uptime store").option("-j, --json", "print JSON").action((opts) => {
@@ -3848,6 +4259,45 @@ program2.command("summary").description("Show uptime summary").option("-j, --jso
     fail(error);
   }
 });
+program2.command("report").description("Build or send an uptime report through Mailery, Telephony, or Open Logs").option("--email <to>", "send an email report to one or more comma-separated recipients through Mailery").option("--from <email>", "Mailery from address").option("--mailery-url <url>", "Mailery API URL").option("--send-key <key>", "Mailery scoped send key").option("--sms <phone>", "send an SMS report to one or more comma-separated phone numbers through Telephony").option("--sms-from <phone>", "Telephony from phone number").option("--telephony-url <url>", "Telephony API URL").option("--logs", "write the report to Open Logs structured logs").option("--logs-url <url>", "Open Logs API URL").option("--logs-api-key <key>", "Open Logs API key").option("--logs-project <id>", "Open Logs project id").option("--subject <subject>", "report subject").option("--dry-run", "print the report without sending").option("-j, --json", "print JSON").action(async (opts) => {
+  try {
+    const svc = service();
+    const wantsDelivery = Boolean(opts.email || opts.sms || opts.logs);
+    if (opts.dryRun || !wantsDelivery) {
+      const report = svc.buildReport({ subject: opts.subject });
+      svc.close();
+      print(report, report.text, opts);
+      return;
+    }
+    const input = {
+      subject: opts.subject,
+      email: opts.email ? {
+        apiUrl: opts.maileryUrl,
+        sendKey: opts.sendKey,
+        from: opts.from,
+        to: splitList(opts.email)
+      } : undefined,
+      sms: opts.sms ? {
+        apiUrl: opts.telephonyUrl,
+        from: opts.smsFrom,
+        to: splitList(opts.sms)
+      } : undefined,
+      logs: opts.logs ? {
+        apiUrl: opts.logsUrl,
+        apiKey: opts.logsApiKey,
+        projectId: opts.logsProject
+      } : undefined
+    };
+    const deliveries = await svc.sendReport(input);
+    svc.close();
+    const failed = deliveries.filter((delivery) => !delivery.ok);
+    print(deliveries, renderDeliveries(deliveries), opts);
+    if (failed.length > 0)
+      process.exit(1);
+  } catch (error) {
+    fail(error);
+  }
+});
 program2.command("results").description("List recent check results").option("--monitor <id>", "filter by monitor id").option("--limit <n>", "max rows", parseInteger, 20).option("-j, --json", "print JSON").action((opts) => {
   try {
     const svc = service();
@@ -3863,15 +4313,21 @@ program2.command("incidents").description("List incidents").addOption(new Option
     const svc = service();
     const incidents = svc.listIncidents({ status: opts.status, monitorId: opts.monitor, limit: opts.limit });
     svc.close();
-    print(incidents, incidents.length ? incidents.map((i) => `${i.status.padEnd(6)} ${i.monitorId} ${i.openedAt} ${i.reason ?? ""}`).join(`
+    print(incidents, incidents.length ? incidents.map((i) => `${i.status.padEnd(6)} ${sanitizeField(i.monitorId)} ${i.openedAt} ${sanitizeField(i.reason ?? "")}`).join(`
 `) : "No incidents", opts);
   } catch (error) {
     fail(error);
   }
 });
-program2.command("serve").description("Serve the local API and dashboard").option("--host <host>", "host to bind", "127.0.0.1").option("--port <port>", "port", parseInteger, 3899).option("--check", "run the scheduler while serving").option("-j, --json", "print JSON").action((opts) => {
+program2.command("serve").description("Serve the local API and dashboard").option("--host <host>", "host to bind", "127.0.0.1").option("--port <port>", "port", parseInteger, 3899).option("--check", "run the scheduler while serving").option("--api-token <token>", "token required for non-loopback mutation hosts").option("--allow-unsafe-remote-mutations", "allow state-changing requests from non-loopback hosts without a token").option("-j, --json", "print JSON").action((opts) => {
   try {
-    const { server } = serveUptime({ host: opts.host, port: opts.port, check: opts.check });
+    const { server } = serveUptime({
+      host: opts.host,
+      port: opts.port,
+      check: opts.check,
+      apiToken: opts.apiToken,
+      allowUnsafeRemoteMutations: opts.allowUnsafeRemoteMutations
+    });
     const data = { ok: true, url: `http://${server.hostname}:${server.port}`, scheduler: Boolean(opts.check) };
     if (wantsJson(opts))
       console.log(JSON.stringify(data, null, 2));
@@ -3893,17 +4349,17 @@ function renderMonitors(monitors) {
   return monitors.map((monitor) => {
     const target = monitor.kind === "http" ? monitor.url : `${monitor.host}:${monitor.port}`;
     const status = renderStatus(monitor.status).padEnd(14);
-    return `${status} ${monitor.name.padEnd(24)} ${monitor.kind.padEnd(4)} ${target}`;
+    return `${status} ${sanitizeField(monitor.name).padEnd(24)} ${monitor.kind.padEnd(4)} ${sanitizeField(target ?? "")}`;
   }).join(`
 `);
 }
 function renderMonitorDetail(monitor) {
   const target = monitor.kind === "http" ? monitor.url : `${monitor.host}:${monitor.port}`;
   return [
-    `${source_default.bold(monitor.name)} ${renderStatus(monitor.status)}`,
+    `${source_default.bold(sanitizeField(monitor.name))} ${renderStatus(monitor.status)}`,
     `id: ${monitor.id}`,
     `kind: ${monitor.kind}`,
-    `target: ${target}`,
+    `target: ${sanitizeField(target ?? "")}`,
     `interval: ${monitor.intervalSeconds}s`,
     `timeout: ${monitor.timeoutMs}ms`,
     `retries: ${monitor.retryCount}`,
@@ -3917,7 +4373,7 @@ function renderCheckResults(results) {
     return "No results";
   return results.map((result) => {
     const latency = result.latencyMs == null ? "-" : `${result.latencyMs}ms`;
-    return `${renderStatus(result.status).padEnd(12)} ${result.monitorId} ${result.checkedAt} ${latency} ${result.error ?? ""}`;
+    return `${renderStatus(result.status).padEnd(12)} ${sanitizeField(result.monitorId)} ${result.checkedAt} ${latency} ${sanitizeField(result.error ?? "")}`;
   }).join(`
 `);
 }
@@ -3928,11 +4384,21 @@ function renderSummary(summary) {
   for (const item of summary.monitors) {
     const uptime = item.uptimePercent == null ? "-" : `${item.uptimePercent.toFixed(2)}%`;
     const latency = item.averageLatencyMs == null ? "-" : `${item.averageLatencyMs}ms`;
-    lines.push(`${renderStatus(item.monitor.status).padEnd(12)} ${item.monitor.name.padEnd(24)} uptime ${uptime.padStart(8)} latency ${latency}`);
+    lines.push(`${renderStatus(item.monitor.status).padEnd(12)} ${sanitizeField(item.monitor.name).padEnd(24)} uptime ${uptime.padStart(8)} latency ${latency}`);
   }
   return lines.join(`
 `);
 }
+function renderDeliveries(deliveries) {
+  if (deliveries.length === 0)
+    return "No report deliveries requested";
+  return deliveries.map((delivery) => {
+    const status = delivery.ok ? source_default.green("sent") : source_default.red("failed");
+    const detail = delivery.ok ? delivery.id ?? delivery.status ?? "" : delivery.error ?? "";
+    return `${status.padEnd(12)} ${delivery.channel}${detail ? ` ${sanitizeField(String(detail))}` : ""}`;
+  }).join(`
+`);
+}
 function renderStatus(status) {
   if (status === "up")
     return source_default.green("up");
@@ -3942,4 +4408,15 @@ function renderStatus(status) {
     return source_default.yellow("paused");
   return source_default.gray(status);
 }
+function splitList(value) {
+  if (!value)
+    return;
+  return value.split(",").map((item) => item.trim()).filter(Boolean);
+}
+function sanitizeTerminal(value) {
+  return value.replace(/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f-\x9f]/g, "");
+}
+function sanitizeField(value) {
+  return value.replace(/[\x00-\x1f\x7f-\x9f]/g, " ");
+}
 program2.parseAsync(process.argv);