@hasna/uptime 0.1.0 → 0.1.1

package/dist/index.d.ts

@@ -2,6 +2,8 @@ export { createUptimeClient, UptimeService } from "./service.js";
 export { UptimeStore } from "./store.js";
 export { runMonitorCheck, runHttpCheck, runTcpCheck } from "./checks.js";
 export { createApiHandler, serveUptime } from "./api.js";
+export { buildUptimeReport, sendUptimeReport } from "./report.js";
 export { uptimeHome, uptimeDbPath, ensureUptimeHome } from "./paths.js";
 export type { CheckAttemptResult, CheckResult, CheckStatus, CreateMonitorInput, Incident, IncidentStatus, ListResultsOptions, Monitor, MonitorKind, MonitorStatus, MonitorSummary, SchedulerHandle, UpdateMonitorInput, UptimeSummary, } from "./types.js";
+export type { BuildUptimeReportOptions, SendUptimeReportOptions, UptimeEmailReportTarget, UptimeLogsReportTarget, UptimeReport, UptimeReportDelivery, UptimeSmsReportTarget, } from "./report.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACxE,YAAY,EACV,kBAAkB,EAClB,WAAW,EACX,WAAW,EACX,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,kBAAkB,EAClB,OAAO,EACP,WAAW,EACX,aAAa,EACb,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,aAAa,GACd,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACxE,YAAY,EACV,kBAAkB,EAClB,WAAW,EACX,WAAW,EACX,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,kBAAkB,EAClB,OAAO,EACP,WAAW,EACX,aAAa,EACb,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,aAAa,GACd,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACZ,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -98,6 +98,13 @@ var MAX_RETRY_COUNT = 10;
 var MAX_RESULT_LIMIT = 1000;
 
 // src/store.ts
+class StaleCheckResultError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "StaleCheckResultError";
+  }
+}
+
 class UptimeStore {
   dbPath;
   db;
@@ -131,10 +138,12 @@ class UptimeStore {
         enabled INTEGER NOT NULL DEFAULT 1,
         status TEXT NOT NULL DEFAULT 'unknown',
         last_checked_at TEXT,
+        revision INTEGER NOT NULL DEFAULT 1,
         created_at TEXT NOT NULL,
         updated_at TEXT NOT NULL
       )
     `);
+    this.ensureColumn("monitors", "revision", "INTEGER NOT NULL DEFAULT 1");
     this.db.run(`
       CREATE TABLE IF NOT EXISTS check_results (
         id TEXT PRIMARY KEY,
@@ -160,8 +169,17 @@ class UptimeStore {
         reason TEXT
       )
     `);
+    this.db.run(`
+      CREATE TABLE IF NOT EXISTS check_leases (
+        monitor_id TEXT PRIMARY KEY REFERENCES monitors(id) ON DELETE CASCADE,
+        owner TEXT NOT NULL,
+        leased_until TEXT NOT NULL,
+        acquired_at TEXT NOT NULL
+      )
+    `);
     this.db.run("CREATE INDEX IF NOT EXISTS idx_results_monitor_time ON check_results(monitor_id, checked_at DESC)");
     this.db.run("CREATE INDEX IF NOT EXISTS idx_incidents_monitor_status ON incidents(monitor_id, status)");
+    this.db.run("CREATE INDEX IF NOT EXISTS idx_check_leases_until ON check_leases(leased_until)");
   }
   createMonitor(input) {
     const normalized = normalizeCreateMonitor(input);
@@ -181,14 +199,15 @@ class UptimeStore {
       enabled: normalized.enabled ?? true,
       status: normalized.enabled === false ? "paused" : "unknown",
       lastCheckedAt: null,
+      revision: 1,
       createdAt: now,
       updatedAt: now
     };
     this.db.query(`INSERT INTO monitors (
           id, name, kind, url, host, port, method, expected_status,
           interval_seconds, timeout_ms, retry_count, enabled, status,
-          last_checked_at, created_at, updated_at
-        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(monitor.id, monitor.name, monitor.kind, monitor.url, monitor.host, monitor.port, monitor.method, monitor.expectedStatus, monitor.intervalSeconds, monitor.timeoutMs, monitor.retryCount, monitor.enabled ? 1 : 0, monitor.status, monitor.lastCheckedAt, monitor.createdAt, monitor.updatedAt);
+          last_checked_at, revision, created_at, updated_at
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(monitor.id, monitor.name, monitor.kind, monitor.url, monitor.host, monitor.port, monitor.method, monitor.expectedStatus, monitor.intervalSeconds, monitor.timeoutMs, monitor.retryCount, monitor.enabled ? 1 : 0, monitor.status, monitor.lastCheckedAt, monitor.revision, monitor.createdAt, monitor.updatedAt);
     return monitor;
   }
   listMonitors(options = {}) {
@@ -208,8 +227,12 @@ class UptimeStore {
     this.db.query(`UPDATE monitors SET
           name = ?, kind = ?, url = ?, host = ?, port = ?, method = ?,
           expected_status = ?, interval_seconds = ?, timeout_ms = ?,
-          retry_count = ?, enabled = ?, status = ?, last_checked_at = ?, updated_at = ?
+          retry_count = ?, enabled = ?, status = ?, last_checked_at = ?,
+          revision = revision + 1, updated_at = ?
         WHERE id = ?`).run(next.name, next.kind, next.url, next.host, next.port, next.method, next.expectedStatus, next.intervalSeconds, next.timeoutMs, next.retryCount, next.enabled ? 1 : 0, next.status, next.lastCheckedAt, updatedAt, current.id);
+    if (definitionChanged(current, next)) {
+      this.closeOpenIncident(current.id, updatedAt);
+    }
     return this.getMonitor(current.id);
   }
   deleteMonitor(idOrName) {
@@ -219,10 +242,31 @@ class UptimeStore {
     this.db.query("DELETE FROM monitors WHERE id = ?").run(current.id);
     return true;
   }
+  acquireCheckLease(monitorId, owner, ttlMs) {
+    const now = new Date;
+    const nowIso = now.toISOString();
+    const leasedUntil = new Date(now.getTime() + Math.max(1000, ttlMs)).toISOString();
+    const tx = this.db.transaction(() => {
+      this.db.query("DELETE FROM check_leases WHERE monitor_id = ? AND leased_until <= ?").run(monitorId, nowIso);
+      this.db.query("INSERT OR IGNORE INTO check_leases (monitor_id, owner, leased_until, acquired_at) VALUES (?, ?, ?, ?)").run(monitorId, owner, leasedUntil, nowIso);
+      const row = this.db.query("SELECT * FROM check_leases WHERE monitor_id = ?").get(monitorId);
+      return row?.owner === owner;
+    });
+    return tx();
+  }
+  releaseCheckLease(monitorId, owner) {
+    this.db.query("DELETE FROM check_leases WHERE monitor_id = ? AND owner = ?").run(monitorId, owner);
+  }
   recordCheckResult(input) {
     const monitor = this.getMonitor(input.monitorId);
     if (!monitor)
       throw new Error(`Monitor not found: ${input.monitorId}`);
+    if (input.expectedMonitorRevision !== undefined && monitor.revision !== input.expectedMonitorRevision) {
+      throw new StaleCheckResultError(`Monitor changed while check was in progress: ${monitor.name}`);
+    }
+    if (!monitor.enabled) {
+      throw new StaleCheckResultError(`Monitor was disabled while check was in progress: ${monitor.name}`);
+    }
     const checkedAt = input.checkedAt ?? new Date().toISOString();
     const result = {
       id: newId("chk"),
@@ -235,6 +279,15 @@ class UptimeStore {
       attemptCount: Math.max(1, input.attemptCount)
     };
     const tx = this.db.transaction(() => {
+      const current = this.db.query("SELECT * FROM monitors WHERE id = ?").get(result.monitorId);
+      if (!current)
+        throw new Error(`Monitor not found: ${result.monitorId}`);
+      if (input.expectedMonitorRevision !== undefined && current.revision !== input.expectedMonitorRevision) {
+        throw new StaleCheckResultError(`Monitor changed while check was in progress: ${current.name}`);
+      }
+      if (!current.enabled) {
+        throw new StaleCheckResultError(`Monitor was disabled while check was in progress: ${current.name}`);
+      }
       this.db.query(`INSERT INTO check_results (
             id, monitor_id, checked_at, status, latency_ms, status_code, error, attempt_count
           ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)`).run(result.id, result.monitorId, result.checkedAt, result.status, result.latencyMs, result.statusCode, result.error, result.attemptCount);
@@ -282,10 +335,14 @@ class UptimeStore {
         down: monitors.filter((m) => m.status === "down").length,
         paused: monitors.filter((m) => !m.enabled || m.status === "paused").length,
         unknown: monitors.filter((m) => m.status === "unknown").length,
-        openIncidents: this.listIncidents({ status: "open", limit: 1000 }).length
+        openIncidents: this.countOpenIncidents()
       }
     };
   }
+  countOpenIncidents() {
+    const row = this.db.query("SELECT COUNT(*) AS count FROM incidents WHERE status = 'open'").get();
+    return Number(row?.count ?? 0);
+  }
   monitorSummary(monitor) {
     const row = this.db.query(`SELECT
           COUNT(*) as total,
@@ -323,13 +380,24 @@ class UptimeStore {
       this.db.query("UPDATE incidents SET status = 'closed', closed_at = ?, recovery_check_id = ? WHERE id = ?").run(result.checkedAt, result.id, open.id);
     }
   }
+  closeOpenIncident(monitorId, closedAt) {
+    this.db.query("UPDATE incidents SET status = 'closed', closed_at = ? WHERE monitor_id = ? AND status = 'open'").run(closedAt, monitorId);
+  }
+  ensureColumn(table, name, definition) {
+    const columns = this.db.query(`PRAGMA table_info(${table})`).all();
+    if (!columns.some((column) => column.name === name)) {
+      this.db.run(`ALTER TABLE ${table} ADD COLUMN ${name} ${definition}`);
+    }
+  }
 }
 function normalizeCreateMonitor(input) {
   const name = input.name?.trim();
   if (!name)
     throw new Error("Monitor name is required");
+  rejectControlCharacters(name, "Monitor name");
   const method = normalizeMethod(input.method ?? "GET");
   const expectedStatus = normalizeExpectedStatus(input.expectedStatus);
+  const enabled = normalizeEnabled(input.enabled);
   if (input.kind === "http") {
     const url = normalizeHttpUrl(input.url);
     return {
@@ -341,12 +409,13 @@ function normalizeCreateMonitor(input) {
       intervalSeconds: boundedInteger(input.intervalSeconds ?? 60, "intervalSeconds", MIN_INTERVAL_SECONDS, MAX_INTERVAL_SECONDS),
       timeoutMs: boundedInteger(input.timeoutMs ?? 5000, "timeoutMs", MIN_TIMEOUT_MS, MAX_TIMEOUT_MS),
       retryCount: boundedInteger(input.retryCount ?? 0, "retryCount", MIN_RETRY_COUNT, MAX_RETRY_COUNT),
-      enabled: input.enabled ?? true
+      enabled
     };
   } else if (input.kind === "tcp") {
     const host = input.host?.trim();
     if (!host)
       throw new Error("TCP monitors require host");
+    rejectControlCharacters(host, "TCP host");
     if (!Number.isInteger(input.port) || input.port <= 0 || input.port > 65535) {
       throw new Error("TCP monitors require a port from 1 to 65535");
     }
@@ -360,12 +429,15 @@ function normalizeCreateMonitor(input) {
       intervalSeconds: boundedInteger(input.intervalSeconds ?? 60, "intervalSeconds", MIN_INTERVAL_SECONDS, MAX_INTERVAL_SECONDS),
       timeoutMs: boundedInteger(input.timeoutMs ?? 5000, "timeoutMs", MIN_TIMEOUT_MS, MAX_TIMEOUT_MS),
       retryCount: boundedInteger(input.retryCount ?? 0, "retryCount", MIN_RETRY_COUNT, MAX_RETRY_COUNT),
-      enabled: input.enabled ?? true
+      enabled
     };
   } else {
     throw new Error("Monitor kind must be http or tcp");
   }
 }
+function definitionChanged(current, next) {
+  return next.kind !== current.kind || next.url !== current.url || next.host !== current.host || next.port !== current.port || next.method !== current.method || next.expectedStatus !== current.expectedStatus;
+}
 function normalizeUpdateMonitor(current, input, updatedAt) {
   const merged = {
     ...current,
@@ -430,6 +502,18 @@ function normalizeExpectedStatus(value) {
   }
   return value;
 }
+function normalizeEnabled(value) {
+  if (value === undefined)
+    return true;
+  if (typeof value !== "boolean")
+    throw new Error("enabled must be a boolean");
+  return value;
+}
+function rejectControlCharacters(value, label) {
+  if (/[\x00-\x1f\x7f-\x9f]/.test(value)) {
+    throw new Error(`${label} must not contain control characters`);
+  }
+}
 function monitorFromRow(row) {
   return {
     id: row.id,
@@ -446,6 +530,7 @@ function monitorFromRow(row) {
     enabled: Boolean(row.enabled),
     status: row.status,
     lastCheckedAt: row.last_checked_at,
+    revision: row.revision ?? 1,
     createdAt: row.created_at,
     updatedAt: row.updated_at
   };
@@ -494,10 +579,282 @@ function round(value, places) {
   return Math.round(value * factor) / factor;
 }
 
+// src/report.ts
+var DEFAULT_MAILERY_API_URL = "http://localhost:3900";
+var DEFAULT_TELEPHONY_API_URL = "http://localhost:19451";
+var DEFAULT_LOGS_API_URL = "http://localhost:3460";
+var DEFAULT_TIMEOUT_MS = 15000;
+function buildUptimeReport(summary, options = {}) {
+  const subject = options.subject ?? defaultSubject(summary);
+  const lines = [
+    subject,
+    `Generated: ${summary.generatedAt}`,
+    `Monitors: ${summary.totals.monitors} total, ${summary.totals.enabled} enabled, ${summary.totals.up} up, ${summary.totals.down} down, ${summary.totals.openIncidents} open incidents`,
+    "",
+    ...summary.monitors.map(renderMonitorLine)
+  ];
+  const text = lines.join(`
+`).trimEnd();
+  const json = {
+    kind: "open-uptime.report",
+    generated_at: summary.generatedAt,
+    subject,
+    totals: summary.totals,
+    monitors: summary.monitors
+  };
+  return {
+    subject,
+    generatedAt: summary.generatedAt,
+    summary,
+    text,
+    html: `<pre>${escapeHtml(text)}</pre>`,
+    json
+  };
+}
+async function sendUptimeReport(summary, options = {}) {
+  const report = buildUptimeReport(summary, options);
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const deliveries = [];
+  if (options.email) {
+    deliveries.push(await sendEmailReport(report, resolveEmailTarget(options.email), fetchImpl, timeoutMs));
+  }
+  if (options.sms) {
+    const smsTarget = resolveSmsTarget(options.sms);
+    const recipients = splitTargets(smsTarget.to);
+    if (recipients.length === 0) {
+      deliveries.push(await sendSmsReport(report, smsTarget, fetchImpl, timeoutMs));
+    } else {
+      for (const target of recipients) {
+        deliveries.push(await sendSmsReport(report, { ...smsTarget, to: target }, fetchImpl, timeoutMs));
+      }
+    }
+  }
+  if (options.logs) {
+    deliveries.push(await sendLogsReport(report, resolveLogsTarget(options.logs), fetchImpl, timeoutMs));
+  }
+  return deliveries;
+}
+function defaultSubject(summary) {
+  if (summary.totals.openIncidents > 0 || summary.totals.down > 0) {
+    return `Open Uptime alert: ${summary.totals.down} down, ${summary.totals.openIncidents} open incidents`;
+  }
+  return `Open Uptime report: ${summary.totals.up}/${summary.totals.enabled} enabled monitors up`;
+}
+function renderMonitorLine(item) {
+  const uptime = item.uptimePercent == null ? "-" : `${item.uptimePercent.toFixed(2)}%`;
+  const latency = item.averageLatencyMs == null ? "-" : `${item.averageLatencyMs}ms`;
+  const incident = item.openIncident ? ` open incident: ${item.openIncident.reason ?? "down"}` : "";
+  return `- ${item.monitor.status.toUpperCase()} ${item.monitor.name} (${targetLabel(item)}): uptime ${uptime}, latency ${latency}${incident}`;
+}
+function targetLabel(item) {
+  return item.monitor.kind === "http" ? item.monitor.url ?? "" : `${item.monitor.host}:${item.monitor.port}`;
+}
+function resolveEmailTarget(value) {
+  const target = typeof value === "boolean" ? {} : value;
+  return {
+    apiUrl: target.apiUrl ?? env("HASNA_MAILERY_API_URL", "MAILERY_API_URL") ?? DEFAULT_MAILERY_API_URL,
+    sendKey: target.sendKey ?? env("HASNA_MAILERY_SEND_KEY", "MAILERY_SEND_KEY", "ESK"),
+    from: target.from ?? env("HASNA_UPTIME_REPORT_EMAIL_FROM", "UPTIME_REPORT_EMAIL_FROM"),
+    to: target.to ?? env("HASNA_UPTIME_REPORT_EMAIL_TO", "UPTIME_REPORT_EMAIL_TO"),
+    subject: target.subject,
+    providerId: target.providerId ?? env("HASNA_MAILERY_PROVIDER_ID", "MAILERY_PROVIDER_ID")
+  };
+}
+function resolveSmsTarget(value) {
+  const target = typeof value === "boolean" ? {} : value;
+  return {
+    apiUrl: target.apiUrl ?? env("HASNA_TELEPHONY_API_URL", "TELEPHONY_API_URL") ?? DEFAULT_TELEPHONY_API_URL,
+    from: target.from ?? env("HASNA_UPTIME_REPORT_SMS_FROM", "UPTIME_REPORT_SMS_FROM"),
+    to: target.to ?? env("HASNA_UPTIME_REPORT_PHONE_TO", "UPTIME_REPORT_PHONE_TO")
+  };
+}
+function resolveLogsTarget(value) {
+  const target = typeof value === "boolean" ? {} : value;
+  return {
+    apiUrl: target.apiUrl ?? env("HASNA_LOGS_URL", "LOGS_URL") ?? DEFAULT_LOGS_API_URL,
+    apiKey: target.apiKey ?? env("HASNA_LOGS_API_TOKEN", "LOGS_API_TOKEN", "HASNA_LOGS_API_KEY", "LOGS_API_KEY"),
+    projectId: target.projectId ?? env("HASNA_LOGS_PROJECT_ID", "LOGS_PROJECT_ID") ?? "open-uptime",
+    environment: target.environment ?? env("HASNA_ENV", "NODE_ENV"),
+    service: target.service ?? "open-uptime"
+  };
+}
+async function sendEmailReport(report, target, fetchImpl, timeoutMs) {
+  if (!target.sendKey)
+    return { channel: "email", ok: false, error: "Mailery send key is required" };
+  if (!target.from)
+    return { channel: "email", ok: false, error: "Email from address is required" };
+  if (!hasTargets(target.to))
+    return { channel: "email", ok: false, error: "Email recipient is required" };
+  const body = {
+    from: target.from,
+    to: splitTargets(target.to),
+    subject: target.subject ?? report.subject,
+    text: report.text,
+    html: report.html,
+    provider_id: target.providerId
+  };
+  return requestJson("email", `${normalizeUrl(target.apiUrl ?? DEFAULT_MAILERY_API_URL)}/api/v1/send`, {
+    method: "POST",
+    headers: { authorization: `Bearer ${target.sendKey}` },
+    body
+  }, fetchImpl, timeoutMs, secretsForTarget(target));
+}
+async function sendSmsReport(report, target, fetchImpl, timeoutMs) {
+  if (!hasTargets(target.to))
+    return { channel: "sms", ok: false, error: "SMS recipient phone number is required" };
+  return requestJson("sms", `${normalizeUrl(target.apiUrl ?? DEFAULT_TELEPHONY_API_URL)}/api/sms/send`, {
+    method: "POST",
+    body: {
+      to: Array.isArray(target.to) ? target.to[0] : target.to,
+      from: target.from,
+      body: truncateSms(report.text)
+    }
+  }, fetchImpl, timeoutMs, secretsForTarget(target));
+}
+async function sendLogsReport(report, target, fetchImpl, timeoutMs) {
+  const params = new URLSearchParams({
+    format: "json",
+    source: "structured",
+    service: target.service ?? "open-uptime",
+    project_id: target.projectId ?? "open-uptime"
+  });
+  if (target.environment)
+    params.set("environment", target.environment);
+  return requestJson("logs", `${normalizeUrl(target.apiUrl ?? DEFAULT_LOGS_API_URL)}/api/logs/structured?${params}`, {
+    method: "POST",
+    headers: target.apiKey ? { authorization: `Bearer ${target.apiKey}` } : undefined,
+    body: {
+      timestamp: report.generatedAt,
+      level: report.summary.totals.down > 0 || report.summary.totals.openIncidents > 0 ? "warn" : "info",
+      message: report.subject,
+      report: report.json
+    }
+  }, fetchImpl, timeoutMs, secretsForTarget(target));
+}
+async function requestJson(channel, url, options, fetchImpl, timeoutMs, secrets = []) {
+  const controller = new AbortController;
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetchImpl(url, {
+      method: options.method,
+      signal: controller.signal,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json",
+        ...options.headers
+      },
+      body: JSON.stringify(options.body)
+    });
+    const text = await response.text();
+    const data = parseMaybeJson(text);
+    if (!response.ok) {
+      return { channel, ok: false, status: response.status, error: errorFromResponse(data, response.statusText, secrets) };
+    }
+    return { channel, ok: true, status: response.status, id: redactOptional(idFromResponse(data), secrets) };
+  } catch (error) {
+    const message = error instanceof Error && error.name === "AbortError" ? "request timed out" : error instanceof Error ? error.message : String(error);
+    return { channel, ok: false, error: redactSecrets(message, secrets) };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function hasTargets(value) {
+  return splitTargets(value).length > 0;
+}
+function splitTargets(value) {
+  if (!value)
+    return [];
+  const values = Array.isArray(value) ? value : value.split(",");
+  return values.map((item) => item.trim()).filter(Boolean);
+}
+function normalizeUrl(value) {
+  const parsed = new URL(value.trim());
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("Integration API URL must use http or https");
+  }
+  return parsed.toString().replace(/\/$/, "");
+}
+function truncateSms(value) {
+  return value.length > 1400 ? `${value.slice(0, 1397)}...` : value;
+}
+function parseMaybeJson(text) {
+  if (!text.trim())
+    return {};
+  try {
+    return JSON.parse(text);
+  } catch {
+    return { message: text };
+  }
+}
+function idFromResponse(data) {
+  if (!data || typeof data !== "object")
+    return;
+  const record = data;
+  for (const key of ["id", "message_id", "event_id"]) {
+    if (typeof record[key] === "string")
+      return record[key];
+  }
+  return;
+}
+function errorFromResponse(data, fallback, secrets = []) {
+  if (data && typeof data === "object") {
+    const record = data;
+    if (typeof record.error === "string")
+      return redactSecrets(record.error, secrets);
+    if (typeof record.message === "string")
+      return redactSecrets(record.message, secrets);
+  }
+  return redactSecrets(fallback, secrets);
+}
+function env(...keys) {
+  for (const key of keys) {
+    const value = process.env[key]?.trim();
+    if (value)
+      return value;
+  }
+  return;
+}
+function escapeHtml(value) {
+  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function secretsForTarget(target) {
+  const values = new Set;
+  for (const key of ["sendKey", "apiKey"]) {
+    const value = target[key];
+    if (typeof value === "string" && value.trim())
+      values.add(value.trim());
+  }
+  const apiUrl = target.apiUrl;
+  if (apiUrl) {
+    try {
+      const parsed = new URL(apiUrl);
+      if (parsed.username)
+        values.add(decodeURIComponent(parsed.username));
+      if (parsed.password)
+        values.add(decodeURIComponent(parsed.password));
+    } catch {}
+  }
+  return [...values];
+}
+function redactSecrets(value, secrets = []) {
+  let redacted = value;
+  for (const secret of secrets) {
+    if (secret.length >= 3)
+      redacted = redacted.split(secret).join("[REDACTED]");
+  }
+  return redacted.replace(/\bBearer\s+[A-Za-z0-9._~+/=-]+/gi, "Bearer [REDACTED]").replace(/\besk_[A-Za-z0-9._~+/=-]+/g, "esk_[REDACTED]");
+}
+function redactOptional(value, secrets) {
+  return value === undefined ? undefined : redactSecrets(value, secrets);
+}
+
 // src/service.ts
+import { randomUUID as randomUUID2 } from "crypto";
 class UptimeService {
   store;
   checkRunner;
+  leaseOwner = `svc_${randomUUID2().replace(/-/g, "").slice(0, 18)}`;
   inFlightChecks = new Set;
   constructor(options = {}) {
     this.store = options.store ?? new UptimeStore(options);
@@ -530,6 +887,12 @@ class UptimeService {
   summary() {
     return this.store.summary();
   }
+  buildReport(options = {}) {
+    return buildUptimeReport(this.summary(), options);
+  }
+  async sendReport(options = {}) {
+    return sendUptimeReport(this.summary(), options);
+  }
   async checkMonitor(idOrName) {
     const monitor = this.store.getMonitor(idOrName);
     if (!monitor)
@@ -538,6 +901,10 @@ class UptimeService {
       throw new Error(`Monitor is disabled: ${monitor.name}`);
     if (this.inFlightChecks.has(monitor.id))
       throw new Error(`Monitor check already in progress: ${monitor.name}`);
+    const leaseTtlMs = Math.max(60000, (monitor.retryCount + 1) * monitor.timeoutMs + 1e4);
+    if (!this.store.acquireCheckLease(monitor.id, this.leaseOwner, leaseTtlMs)) {
+      throw new MonitorCheckBusyError(`Monitor check already in progress: ${monitor.name}`);
+    }
     this.inFlightChecks.add(monitor.id);
     try {
       let attemptCount = 0;
@@ -555,10 +922,12 @@ class UptimeService {
         latencyMs: last.latencyMs,
         statusCode: last.statusCode ?? null,
         error: last.error ?? null,
-        attemptCount
+        attemptCount,
+        expectedMonitorRevision: monitor.revision
       });
     } finally {
       this.inFlightChecks.delete(monitor.id);
+      this.store.releaseCheckLease(monitor.id, this.leaseOwner);
     }
   }
   async checkAll() {
@@ -587,7 +956,13 @@ class UptimeService {
       const current = this.store.getMonitor(monitor.id);
       if (!current || !this.isDue(current, now))
         continue;
-      results.push(await this.checkMonitor(current.id));
+      try {
+        results.push(await this.checkMonitor(current.id));
+      } catch (error) {
+        if (error instanceof MonitorCheckBusyError || error instanceof StaleCheckResultError)
+          continue;
+        throw error;
+      }
     }
     return results;
   }
@@ -606,6 +981,13 @@ function createUptimeClient(options = {}) {
   return new UptimeService(options);
 }
 
+class MonitorCheckBusyError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "MonitorCheckBusyError";
+  }
+}
+
 // src/dashboard.ts
 function dashboardHtml() {
   return `<!doctype html>
@@ -957,11 +1339,11 @@ function dashboardHtml() {
 }
 
 // src/api.ts
-function createApiHandler(service) {
+function createApiHandler(service, options = {}) {
   return async (request) => {
     const url = new URL(request.url);
     try {
-      validateLocalMutationRequest(request, url);
+      validateLocalMutationRequest(request, url, options);
       if (request.method === "GET" && url.pathname === "/") {
         return html(dashboardHtml());
       }
@@ -971,6 +1353,13 @@ function createApiHandler(service) {
       if (request.method === "GET" && url.pathname === "/api/summary") {
         return json(service.summary());
       }
+      if (request.method === "GET" && url.pathname === "/api/report") {
+        return json(service.buildReport());
+      }
+      if (request.method === "POST" && url.pathname === "/api/report") {
+        const input = await jsonBody(request);
+        return json(await service.sendReport({ ...input, fetchImpl: options.fetchImpl }));
+      }
       if (request.method === "GET" && url.pathname === "/api/monitors") {
         return json(service.listMonitors({ includeDisabled: url.searchParams.get("includeDisabled") === "true" }));
       }
@@ -1023,7 +1412,11 @@ function serveUptime(options = {}) {
   const server = Bun.serve({
     hostname: options.host ?? "127.0.0.1",
     port: options.port ?? 3899,
-    fetch: createApiHandler(service)
+    fetch: createApiHandler(service, {
+      apiToken: options.apiToken,
+      allowUnsafeRemoteMutations: options.allowUnsafeRemoteMutations,
+      trustedLoopback: isLoopbackHost(options.host ?? "127.0.0.1")
+    })
   });
   return { server, service, scheduler };
 }
@@ -1051,14 +1444,31 @@ function numericParam(url, name, fallback) {
   const parsed = Number(raw);
   return Number.isFinite(parsed) ? parsed : fallback;
 }
-function validateLocalMutationRequest(request, url) {
+function validateLocalMutationRequest(request, url, options) {
   if (!["POST", "PATCH", "DELETE"].includes(request.method))
     return;
+  const apiToken = options.apiToken ?? process.env.HASNA_UPTIME_API_TOKEN;
+  const hasToken = apiToken ? hasValidApiToken(request, apiToken) : false;
+  const allowUnsafeRemote = options.allowUnsafeRemoteMutations || process.env.HASNA_UPTIME_ALLOW_REMOTE_MUTATIONS === "1";
+  const trustedLoopback = options.trustedLoopback ?? isLoopbackHost(url.hostname);
+  if (!allowUnsafeRemote && !hasToken && (!trustedLoopback || !isLoopbackHost(url.hostname))) {
+    throw new ApiError("non-loopback host rejected for local mutation", 403);
+  }
   const origin = request.headers.get("origin");
   if (origin && origin !== `${url.protocol}//${url.host}`) {
     throw new ApiError("cross-origin mutation rejected", 403);
   }
 }
+function isLoopbackHost(hostname) {
+  const host = hostname.toLowerCase().replace(/^\[|\]$/g, "");
+  return host === "localhost" || host === "127.0.0.1" || host === "::1";
+}
+function hasValidApiToken(request, token) {
+  const authorization = request.headers.get("authorization") ?? "";
+  const bearer = authorization.match(/^Bearer\s+(.+)$/i)?.[1]?.trim();
+  const headerToken = request.headers.get("x-uptime-token")?.trim();
+  return bearer === token || headerToken === token;
+}
 async function jsonBody(request) {
   const contentType = request.headers.get("content-type") ?? "";
   const mediaType = contentType.split(";")[0]?.trim().toLowerCase();
@@ -1079,12 +1489,14 @@ export {
   uptimeHome,
   uptimeDbPath,
   serveUptime,
+  sendUptimeReport,
   runTcpCheck,
   runMonitorCheck,
   runHttpCheck,
   ensureUptimeHome,
   createUptimeClient,
   createApiHandler,
+  buildUptimeReport,
   UptimeStore,
   UptimeService
 };

package/dist/mcp/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAGpE,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAY9C,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB;AAED,wBAAgB,eAAe,CAAC,OAAO,GAAE,sBAA2B,GAAG,SAAS,CAkL/E"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAGpE,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAY9C,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB;AAED,wBAAgB,eAAe,CAAC,OAAO,GAAE,sBAA2B,GAAG,SAAS,CAwN/E"}