@hasna/uptime 0.1.2 → 0.1.4

package/dist/dashboard.js

@@ -215,7 +215,7 @@ function dashboardHtml() {
       clear(root);
       for (const item of summary.monitors) {
         const m = item.monitor;
-        const target = m.kind === 'http' ? m.url : m.host + ':' + m.port;
+        const target = m.kind === 'tcp' ? m.host + ':' + m.port : m.url;
         const incident = item.openIncident ? 'open since ' + new Date(item.openIncident.openedAt).toLocaleString() : '-';
         const tr = document.createElement('tr');
         const name = document.createElement('td');

package/dist/imports.d.ts

@@ -0,0 +1,90 @@
+import type { MonitorProvenance, StoredImportBatch, UpsertMonitorProvenanceInput } from "./store.js";
+import type { CreateMonitorInput, ImportedMonitorInput, ImportedUpdateMonitorInput, ListResultsOptions, Monitor, MonitorKind } from "./types.js";
+export type ImportSource = "manual" | "projects" | "servers" | "domains" | "deployment";
+export type ImportAction = "create" | "update" | "unchanged" | "blocked" | "conflict";
+export interface ImportRequest {
+    source: ImportSource;
+    records: unknown[];
+    defaults?: Partial<CreateMonitorInput>;
+}
+export interface ImportCandidate {
+    source: ImportSource;
+    sourceId: string;
+    sourceLabel: string | null;
+    name: string;
+    kind: MonitorKind;
+    url?: string;
+    host?: string;
+    port?: number;
+    method?: string;
+    expectedStatus?: number | null;
+    intervalSeconds?: number;
+    timeoutMs?: number;
+    retryCount?: number;
+    enabled?: boolean;
+    snapshot: unknown;
+}
+export interface ImportPreviewItem {
+    candidate: ImportCandidate;
+    action: ImportAction;
+    monitor: Monitor | null;
+    provenance: MonitorProvenance | null;
+    warnings: string[];
+    reason: string | null;
+}
+export interface ImportPreview {
+    source: ImportSource;
+    generatedAt: string;
+    dryRun: true;
+    items: ImportPreviewItem[];
+    totals: Record<ImportAction, number>;
+}
+export interface ImportApplyItem extends ImportPreviewItem {
+    monitor: Monitor | null;
+    before: Monitor | null;
+    after: Monitor | null;
+}
+export interface ImportApplyResult {
+    batchId: string;
+    source: ImportSource;
+    appliedAt: string;
+    items: ImportApplyItem[];
+    totals: Record<ImportAction, number>;
+}
+export interface ImportRollbackItem {
+    monitorId: string | null;
+    action: "deleted" | "restored" | "disabled" | "skipped";
+    reason: string | null;
+}
+export interface ImportRollbackResult {
+    batchId: string;
+    source: string;
+    rolledBackAt: string;
+    items: ImportRollbackItem[];
+}
+export interface UptimeImportStore {
+    readonly mode: "local" | "hosted";
+    createMonitor(input: ImportedMonitorInput, options?: {
+        allowBrowserPage?: boolean;
+    }): Monitor;
+    updateMonitor(idOrName: string, input: ImportedUpdateMonitorInput, options?: {
+        allowBrowserPage?: boolean;
+    }): Monitor;
+    deleteMonitor(idOrName: string): boolean;
+    getMonitor(idOrName: string): Monitor | null;
+    listResults(options?: ListResultsOptions): unknown[];
+    getProvenance(source: string, sourceId: string): MonitorProvenance | null;
+    upsertMonitorProvenance(input: UpsertMonitorProvenanceInput): MonitorProvenance;
+    saveImportBatch(input: {
+        id: string;
+        source: string;
+        records: unknown[];
+    }): StoredImportBatch;
+    getImportBatch(batchId: string): StoredImportBatch | null;
+    markImportBatchRolledBack(batchId: string): StoredImportBatch;
+    runInTransaction?<T>(fn: () => T): T;
+}
+export declare function previewImport(store: UptimeImportStore, request: ImportRequest): ImportPreview;
+export declare function applyImport(store: UptimeImportStore, request: ImportRequest): ImportApplyResult;
+export declare function rollbackImport(store: UptimeImportStore, batchId: string): ImportRollbackResult;
+//# sourceMappingURL=imports.d.ts.map

package/dist/imports.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"imports.d.ts","sourceRoot":"","sources":["../src/imports.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AACrG,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,kBAAkB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEjJ,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,YAAY,CAAC;AACxF,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,UAAU,CAAC;AAEtF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,YAAY,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,WAAW,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,iBAAiB,GAAG,IAAI,CAAC;IACrC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,YAAY,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,IAAI,CAAC;IACb,KAAK,EAAE,iBAAiB,EAAE,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,eAAgB,SAAQ,iBAAiB;IACxD,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,OAAO,GAAG,IAAI,CAAC;IACvB,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;IACxD,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,kBAAkB,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IAClC,aAAa,CAAC,KAAK,EAAE,oBAAoB,EAAE,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC;IAC9F,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,0BAA0B,EAAE,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC;IACtH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IACzC,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC;IAC7C,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,EAAE,CAAC;IACrD,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAAC;IAC1E,uBAAuB,CAAC,KAAK,EAAE,4BAA4B,GAAG,iBAAiB,CAAC;IAChF,eAAe,CAAC,KAAK,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,iBAAiB,CAAC;IAC9F,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAAC;IAC1D,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,CAAC;IAC9D,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;CACtC;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,aAAa,GAAG,aAAa,CAU7F;AAwBD,wBAAgB,WAAW,CAAC,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,aAAa,GAAG,iBAAiB,CAwB/F;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,GAAG,oBAAoB,CAe9F"}

package/dist/imports.js

@@ -0,0 +1,556 @@
+// @bun
+// src/imports.ts
+import { randomUUID } from "crypto";
+
+// src/limits.ts
+var MIN_INTERVAL_SECONDS = 1;
+var MAX_INTERVAL_SECONDS = 86400;
+var MIN_TIMEOUT_MS = 1;
+var MAX_TIMEOUT_MS = 60000;
+var MIN_RETRY_COUNT = 0;
+var MAX_RETRY_COUNT = 10;
+var MAX_RESULT_LIMIT = 1000;
+
+// src/target-policy.ts
+import net from "net";
+var SECRET_PARAM_PATTERN = /(token|secret|password|passwd|api[_-]?key|access[_-]?token|auth|credential|session)/i;
+function assertHostedTargetAllowed(target) {
+  if (target.kind === "http" || target.kind === "browser_page") {
+    if (!target.url)
+      throw new Error("HTTP monitors require url");
+    assertHostedHttpUrlAllowed(target.url);
+    return;
+  }
+  if (target.kind === "tcp") {
+    if (!target.host)
+      throw new Error("TCP monitors require host");
+    assertHostedHostAllowed(target.host, "TCP host");
+    if (!Number.isInteger(target.port) || target.port <= 0 || target.port > 65535) {
+      throw new Error("TCP monitors require a port from 1 to 65535");
+    }
+    return;
+  }
+  throw new Error("Monitor kind must be http, tcp, or browser_page");
+}
+function assertHostedHttpUrlAllowed(value) {
+  const parsed = new URL(value);
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("HTTP monitor url must use http or https");
+  }
+  if (parsed.username || parsed.password) {
+    throw new Error("hosted target URLs must not contain userinfo");
+  }
+  for (const key of parsed.searchParams.keys()) {
+    if (SECRET_PARAM_PATTERN.test(key)) {
+      throw new Error(`hosted target URL query parameter is not allowed: ${key}`);
+    }
+  }
+  if (parsed.hash && SECRET_PARAM_PATTERN.test(parsed.hash)) {
+    throw new Error("hosted target URL fragment contains secret-like data");
+  }
+  assertHostedHostAllowed(parsed.hostname, "HTTP host");
+}
+function assertHostedHostAllowed(hostname, label = "host") {
+  const host = normalizeHost(hostname);
+  if (!host)
+    throw new Error(`${label} is required`);
+  if (host === "localhost" || host.endsWith(".localhost")) {
+    throw new Error(`${label} is not allowed in hosted mode: localhost`);
+  }
+  if (host.endsWith(".local") || host.endsWith(".internal")) {
+    throw new Error(`${label} is not allowed in hosted mode: private DNS name`);
+  }
+  const ipVersion = net.isIP(host);
+  if (ipVersion === 4 && isDeniedIpv4(host)) {
+    throw new Error(`${label} is not allowed in hosted mode: private or reserved IPv4`);
+  }
+  if (ipVersion === 6 && isDeniedIpv6(host)) {
+    throw new Error(`${label} is not allowed in hosted mode: private or reserved IPv6`);
+  }
+}
+function normalizeHost(hostname) {
+  return hostname.trim().toLowerCase().replace(/^\[|\]$/g, "").replace(/\.$/, "");
+}
+function isDeniedIpv4(ip) {
+  const parts = ip.split(".").map((part) => Number(part));
+  if (parts.length !== 4 || parts.some((part) => !Number.isInteger(part) || part < 0 || part > 255)) {
+    return true;
+  }
+  const [a, b] = parts;
+  return a === 0 || a === 10 || a === 127 || a === 100 && b >= 64 && b <= 127 || a === 169 && b === 254 || a === 172 && b >= 16 && b <= 31 || a === 192 && b === 168 || a >= 224;
+}
+function isDeniedIpv6(ip) {
+  const normalized = ip.toLowerCase();
+  return normalized === "::" || normalized === "::1" || normalized.startsWith("fe80:") || normalized.startsWith("fc") || normalized.startsWith("fd") || normalized.startsWith("ff") || normalized.startsWith("::ffff:127.") || normalized.startsWith("::ffff:10.") || normalized.startsWith("::ffff:169.254.") || /^::ffff:172\.(1[6-9]|2\d|3[0-1])\./.test(normalized) || normalized.startsWith("::ffff:192.168.");
+}
+
+// src/imports.ts
+function previewImport(store, request) {
+  const source = normalizeSource(request.source);
+  const items = dedupePreviewItems(request.records.map((record) => previewRecord(store, source, record, request.defaults ?? {})));
+  return {
+    source,
+    generatedAt: new Date().toISOString(),
+    dryRun: true,
+    items,
+    totals: countActions(items)
+  };
+}
+function dedupePreviewItems(items) {
+  const seenSources = new Set;
+  const seenNames = new Set;
+  return items.map((item) => {
+    if (item.action === "blocked")
+      return item;
+    const sourceKey = `${item.candidate.source}:${item.candidate.sourceId}`;
+    const nameKey = item.candidate.name.toLowerCase();
+    if (seenSources.has(sourceKey) || seenNames.has(nameKey)) {
+      return {
+        ...item,
+        action: "conflict",
+        monitor: item.monitor,
+        warnings: [...item.warnings, "duplicate import candidate in request"],
+        reason: "duplicate import candidate in request"
+      };
+    }
+    seenSources.add(sourceKey);
+    seenNames.add(nameKey);
+    return item;
+  });
+}
+function applyImport(store, request) {
+  if (store.mode === "hosted") {
+    throw new Error("hosted import apply requires cloud import_batches and audit");
+  }
+  const execute = () => {
+    const preview = previewImport(store, request);
+    const appliedAt = new Date().toISOString();
+    const items = preview.items.map((item) => applyPreviewItem(store, item));
+    const batchId = `imp_${randomUUID().replace(/-/g, "").slice(0, 18)}`;
+    store.saveImportBatch({
+      id: batchId,
+      source: preview.source,
+      records: items.map((item) => ({
+        action: item.action,
+        sourceId: item.candidate.sourceId,
+        monitorId: item.after?.id ?? item.monitor?.id ?? item.before?.id ?? null,
+        before: item.before,
+        after: item.after,
+        candidate: item.candidate
+      }))
+    });
+    return { batchId, source: preview.source, appliedAt, items, totals: countActions(items) };
+  };
+  return store.runInTransaction ? store.runInTransaction(execute) : execute();
+}
+function rollbackImport(store, batchId) {
+  if (store.mode === "hosted") {
+    throw new Error("hosted import rollback requires cloud import_batches and audit");
+  }
+  const batch = store.getImportBatch(batchId);
+  if (!batch)
+    throw new Error(`Import batch not found: ${batchId}`);
+  if (batch.status === "rolled_back")
+    throw new Error(`Import batch already rolled back: ${batchId}`);
+  const items = [...batch.records].reverse().map((record) => rollbackRecord(store, record));
+  const rolledBack = store.markImportBatchRolledBack(batchId);
+  return {
+    batchId,
+    source: rolledBack.source,
+    rolledBackAt: rolledBack.rolledBackAt ?? new Date().toISOString(),
+    items
+  };
+}
+function previewRecord(store, source, record, defaults) {
+  const warnings = [];
+  let candidate;
+  try {
+    if (store.mode === "hosted")
+      assertHostedTargetAllowed(rawTargetForHostedPolicy(source, record, defaults));
+    candidate = normalizeCandidate(source, record, defaults);
+    validateCandidate(candidate);
+    if (store.mode === "hosted")
+      assertHostedTargetAllowed(candidate);
+  } catch (error) {
+    return {
+      candidate: fallbackCandidate(source, record),
+      action: "blocked",
+      monitor: null,
+      provenance: null,
+      warnings,
+      reason: error instanceof Error ? error.message : String(error)
+    };
+  }
+  const provenance = store.getProvenance(candidate.source, candidate.sourceId);
+  const monitor = provenance ? store.getMonitor(provenance.monitorId) : store.getMonitor(candidate.name);
+  if (provenance && !monitor) {
+    return { candidate, action: "create", monitor: null, provenance, warnings: ["source provenance points to a missing monitor"], reason: null };
+  }
+  if (provenance && monitor) {
+    const nameOwner = store.getMonitor(candidate.name);
+    if (nameOwner && nameOwner.id !== monitor.id) {
+      return {
+        candidate,
+        action: "conflict",
+        monitor,
+        provenance,
+        warnings,
+        reason: "monitor name already exists on another monitor"
+      };
+    }
+    return {
+      candidate,
+      action: sameTarget(monitor, candidate) ? "unchanged" : "update",
+      monitor,
+      provenance,
+      warnings,
+      reason: null
+    };
+  }
+  if (monitor) {
+    return {
+      candidate,
+      action: "conflict",
+      monitor,
+      provenance: null,
+      warnings,
+      reason: "monitor name already exists without matching source provenance"
+    };
+  }
+  return { candidate, action: "create", monitor: null, provenance: null, warnings, reason: null };
+}
+function applyPreviewItem(store, item) {
+  if (item.action === "blocked" || item.action === "conflict") {
+    return { ...item, before: item.monitor, after: item.monitor };
+  }
+  const input = candidateToMonitorInput(item.candidate);
+  const before = item.monitor;
+  const after = item.action === "create" ? store.createMonitor(input, { allowBrowserPage: true }) : item.action === "update" ? store.updateMonitor(item.monitor.id, input, { allowBrowserPage: true }) : item.monitor;
+  if (after) {
+    store.upsertMonitorProvenance({
+      monitorId: after.id,
+      source: item.candidate.source,
+      sourceId: item.candidate.sourceId,
+      sourceLabel: item.candidate.sourceLabel,
+      snapshot: item.candidate.snapshot
+    });
+  }
+  return { ...item, before, after };
+}
+function rollbackRecord(store, record) {
+  const value = asRecord(record);
+  const action = stringValue(value.action);
+  const monitorId = stringValue(value.monitorId);
+  const before = isMonitor(value.before) ? value.before : null;
+  const after = isMonitor(value.after) ? value.after : null;
+  const targetId = after?.id ?? before?.id ?? monitorId;
+  if (!targetId)
+    return { monitorId: null, action: "skipped", reason: "batch record has no monitor id" };
+  if (action === "create") {
+    const hasHistory = store.listResults({ monitorId: targetId, limit: 1 }).length > 0;
+    if (hasHistory) {
+      store.updateMonitor(targetId, { enabled: false }, { allowBrowserPage: true });
+      return { monitorId: targetId, action: "disabled", reason: "created monitor has check history, so rollback preserved history and disabled it" };
+    }
+    return { monitorId: targetId, action: store.deleteMonitor(targetId) ? "deleted" : "skipped", reason: null };
+  }
+  if (action === "update" && before) {
+    store.updateMonitor(targetId, monitorToUpdateInput(before), { allowBrowserPage: true });
+    return { monitorId: targetId, action: "restored", reason: null };
+  }
+  return { monitorId: targetId, action: "skipped", reason: `no rollback needed for ${action || "unknown"} action` };
+}
+function normalizeCandidate(source, record, defaults) {
+  const value = asRecord(record);
+  const monitor = asRecord(value.monitor);
+  const sourceId = sanitizeIdentity(stringValue(value.sourceId) ?? stringValue(value.id) ?? stringValue(value.slug) ?? stringValue(value.name));
+  let url = stringValue(monitor.url) ?? stringValue(value.url) ?? stringValue(value.healthUrl) ?? stringValue(value.homepageUrl) ?? stringValue(value.environmentUrl);
+  if (source === "domains" && !url && stringValue(value.domain)) {
+    url = `https://${stringValue(value.domain)}`;
+  }
+  const rawHost = stringValue(monitor.host) ?? stringValue(value.host) ?? stringValue(value.hostname);
+  const rawKind = stringValue(monitor.kind) ?? stringValue(value.kind) ?? (url ? "http" : "tcp");
+  const kind = normalizeKind(rawKind);
+  const normalizedUrl = normalizeCandidateUrl(url ?? defaults.url);
+  const normalizedHost = kind === "tcp" ? rawHost ?? defaults.host : undefined;
+  const port = numberValue(monitor.port) ?? numberValue(value.port) ?? defaults.port;
+  const normalizedTargetKey = sanitizeGeneratedTargetKey(kind, normalizedUrl, normalizedHost, port);
+  const normalizedSourceId = sourceId ?? `${source}:${normalizedTargetKey}`;
+  const name = stringValue(monitor.name) ?? stringValue(value.monitorName) ?? stringValue(value.name) ?? stringValue(value.slug) ?? (source === "domains" ? stringValue(value.domain) : undefined) ?? (kind === "tcp" ? stringValue(value.hostname) : undefined) ?? `${source}-${normalizedTargetKey}`;
+  const expectedStatus = firstDefined(nullableNumberValue(monitor.expectedStatus), nullableNumberValue(value.expectedStatus), defaults.expectedStatus);
+  const candidate = {
+    source,
+    sourceId: normalizedSourceId,
+    sourceLabel: sanitizeIdentity(stringValue(value.label) ?? stringValue(value.name) ?? stringValue(value.slug)) ?? null,
+    name: sanitizeIdentity(name) ?? name,
+    kind,
+    url: normalizedUrl,
+    host: normalizedHost,
+    port,
+    method: normalizeCandidateMethod(stringValue(monitor.method) ?? stringValue(value.method) ?? defaults.method),
+    expectedStatus,
+    intervalSeconds: numberValue(monitor.intervalSeconds) ?? numberValue(value.intervalSeconds) ?? defaults.intervalSeconds,
+    timeoutMs: numberValue(monitor.timeoutMs) ?? numberValue(value.timeoutMs) ?? defaults.timeoutMs,
+    retryCount: numberValue(monitor.retryCount) ?? numberValue(value.retryCount) ?? defaults.retryCount,
+    enabled: booleanValue(monitor.enabled) ?? booleanValue(value.enabled) ?? defaults.enabled,
+    snapshot: sanitizeSnapshot(record)
+  };
+  return candidate;
+}
+function rawTargetForHostedPolicy(source, record, defaults) {
+  const value = asRecord(record);
+  const monitor = asRecord(value.monitor);
+  let url = stringValue(monitor.url) ?? stringValue(value.url) ?? stringValue(value.healthUrl) ?? stringValue(value.homepageUrl) ?? stringValue(value.environmentUrl);
+  if (source === "domains" && !url && stringValue(value.domain)) {
+    url = `https://${stringValue(value.domain)}`;
+  }
+  const host = stringValue(monitor.host) ?? stringValue(value.host) ?? stringValue(value.hostname) ?? defaults.host;
+  const rawKind = stringValue(monitor.kind) ?? stringValue(value.kind) ?? (url ? "http" : "tcp");
+  const kind = normalizeKind(rawKind);
+  return {
+    kind,
+    url: url ?? defaults.url,
+    host: kind === "tcp" ? host : undefined,
+    port: numberValue(monitor.port) ?? numberValue(value.port) ?? defaults.port
+  };
+}
+function validateCandidate(candidate) {
+  if (!candidate.name.trim())
+    throw new Error("import candidate requires name");
+  rejectControlCharacters(candidate.name.trim(), "Monitor name");
+  if (candidate.method !== undefined && !/^[A-Z]+$/.test(candidate.method)) {
+    throw new Error("HTTP method must contain only letters");
+  }
+  if (candidate.expectedStatus !== undefined && candidate.expectedStatus !== null) {
+    if (!Number.isInteger(candidate.expectedStatus) || candidate.expectedStatus < 100 || candidate.expectedStatus > 599) {
+      throw new Error("expectedStatus must be an HTTP status from 100 to 599");
+    }
+  }
+  if (candidate.intervalSeconds !== undefined) {
+    boundedInteger(candidate.intervalSeconds, "intervalSeconds", MIN_INTERVAL_SECONDS, MAX_INTERVAL_SECONDS);
+  }
+  if (candidate.timeoutMs !== undefined) {
+    boundedInteger(candidate.timeoutMs, "timeoutMs", MIN_TIMEOUT_MS, MAX_TIMEOUT_MS);
+  }
+  if (candidate.retryCount !== undefined) {
+    boundedInteger(candidate.retryCount, "retryCount", MIN_RETRY_COUNT, MAX_RETRY_COUNT);
+  }
+  if (candidate.kind === "http" || candidate.kind === "browser_page") {
+    if (!candidate.url)
+      throw new Error(`${candidate.kind} import candidate requires url`);
+    const parsed = new URL(candidate.url);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      throw new Error(`${candidate.kind} import candidate URL must use http or https`);
+    }
+    if (parsed.username || parsed.password)
+      throw new Error(`${candidate.kind} import candidate URL must not contain userinfo`);
+    return;
+  }
+  if (candidate.kind === "tcp") {
+    if (!candidate.host)
+      throw new Error("tcp import candidate requires host");
+    rejectControlCharacters(candidate.host, "TCP host");
+    if (!Number.isInteger(candidate.port) || candidate.port <= 0 || candidate.port > 65535) {
+      throw new Error("tcp import candidate requires a port from 1 to 65535");
+    }
+    return;
+  }
+  throw new Error(`unsupported import candidate kind: ${candidate.kind}`);
+}
+function candidateToMonitorInput(candidate) {
+  return {
+    name: candidate.name,
+    kind: candidate.kind,
+    url: candidate.url,
+    host: candidate.host,
+    port: candidate.port,
+    method: candidate.method,
+    expectedStatus: candidate.expectedStatus,
+    intervalSeconds: candidate.intervalSeconds,
+    timeoutMs: candidate.timeoutMs,
+    retryCount: candidate.retryCount,
+    enabled: candidate.enabled
+  };
+}
+function monitorToUpdateInput(monitor) {
+  return {
+    name: monitor.name,
+    kind: monitor.kind,
+    url: monitor.url ?? undefined,
+    host: monitor.host ?? undefined,
+    port: monitor.port ?? undefined,
+    method: monitor.method,
+    expectedStatus: monitor.expectedStatus,
+    intervalSeconds: monitor.intervalSeconds,
+    timeoutMs: monitor.timeoutMs,
+    retryCount: monitor.retryCount,
+    enabled: monitor.enabled
+  };
+}
+function sameTarget(monitor, candidate) {
+  return monitor.kind === candidate.kind && monitor.name === candidate.name && monitor.url === (candidate.url ?? null) && monitor.host === (candidate.host ?? null) && monitor.port === (candidate.port ?? null) && monitor.method === (candidate.method ?? monitor.method) && (candidate.expectedStatus === undefined || monitor.expectedStatus === candidate.expectedStatus) && monitor.intervalSeconds === (candidate.intervalSeconds ?? monitor.intervalSeconds) && monitor.timeoutMs === (candidate.timeoutMs ?? monitor.timeoutMs) && monitor.retryCount === (candidate.retryCount ?? monitor.retryCount) && monitor.enabled === (candidate.enabled ?? monitor.enabled);
+}
+function countActions(items) {
+  return {
+    create: items.filter((item) => item.action === "create").length,
+    update: items.filter((item) => item.action === "update").length,
+    unchanged: items.filter((item) => item.action === "unchanged").length,
+    blocked: items.filter((item) => item.action === "blocked").length,
+    conflict: items.filter((item) => item.action === "conflict").length
+  };
+}
+function normalizeSource(source) {
+  if (["manual", "projects", "servers", "domains", "deployment"].includes(source))
+    return source;
+  throw new Error(`unsupported import source: ${source}`);
+}
+function normalizeKind(value) {
+  if (value === "http" || value === "tcp" || value === "browser_page")
+    return value;
+  return value === "browser" || value === "page" ? "browser_page" : "http";
+}
+function targetKey(kind, url, host, port) {
+  return kind === "tcp" ? `${host ?? "host"}:${port ?? "port"}` : url ?? "url";
+}
+function sanitizeGeneratedTargetKey(kind, url, host, port) {
+  const key = targetKey(kind, url, host, port);
+  return kind === "tcp" ? key : sanitizeIdentity(key) ?? key;
+}
+function normalizeCandidateUrl(value) {
+  if (!value)
+    return;
+  try {
+    const parsed = new URL(value);
+    for (const key of [...parsed.searchParams.keys()]) {
+      if (isSecretKey(key))
+        parsed.searchParams.set(key, "[redacted]");
+    }
+    parsed.hash = "";
+    return parsed.toString();
+  } catch {
+    return value;
+  }
+}
+function normalizeCandidateMethod(value) {
+  return value?.trim().toUpperCase();
+}
+function fallbackCandidate(source, record) {
+  const value = asRecord(record);
+  const monitor = asRecord(value.monitor);
+  const name = stringValue(monitor.name) ?? stringValue(value.name) ?? stringValue(value.domain) ?? "invalid import candidate";
+  const rawUrl = stringValue(monitor.url) ?? stringValue(value.url) ?? stringValue(value.domain);
+  const kind = normalizeKind(stringValue(monitor.kind) ?? stringValue(value.kind) ?? "http");
+  return {
+    source,
+    sourceId: sanitizeIdentity(stringValue(value.sourceId) ?? stringValue(value.id)) ?? `${source}:invalid`,
+    sourceLabel: sanitizeIdentity(stringValue(value.label)) ?? null,
+    name: sanitizeIdentity(name) ?? name,
+    kind,
+    url: redactUrlForDisplay(rawUrl),
+    host: kind === "tcp" ? sanitizeHost(stringValue(monitor.host) ?? stringValue(value.host) ?? stringValue(value.hostname)) : undefined,
+    port: numberValue(monitor.port) ?? numberValue(value.port),
+    snapshot: sanitizeSnapshot(record)
+  };
+}
+function asRecord(value) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value : {};
+}
+function stringValue(value) {
+  return typeof value === "string" && value.trim() ? value.trim() : undefined;
+}
+function numberValue(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : undefined;
+}
+function nullableNumberValue(value) {
+  if (value === null)
+    return null;
+  return numberValue(value);
+}
+function booleanValue(value) {
+  return typeof value === "boolean" ? value : undefined;
+}
+function firstDefined(...values) {
+  return values.find((value) => value !== undefined);
+}
+function isMonitor(value) {
+  const row = asRecord(value);
+  return Boolean(stringValue(row.id) && stringValue(row.name) && stringValue(row.kind));
+}
+function sanitizeSnapshot(value) {
+  if (Array.isArray(value))
+    return value.map(sanitizeSnapshot);
+  if (!value || typeof value !== "object")
+    return sanitizeScalar(value);
+  const output = {};
+  for (const [key, entry] of Object.entries(value)) {
+    if (isSecretKey(key))
+      output[key] = "[redacted]";
+    else
+      output[key] = sanitizeSnapshot(entry);
+  }
+  return output;
+}
+function sanitizeScalar(value) {
+  if (typeof value !== "string")
+    return value;
+  return value.replace(/\/(?:home|Users)\/[^\s"'<>]+/g, "[local-path]").replace(/\b(?:localhost|(?:[a-z0-9-]+\.)+(?:local|internal))\b/gi, "[private-host]").replace(/(https?:\/\/)[^/?#\s"'<>]+:[^@/?#\s"'<>]+@/gi, "$1[redacted]@").replace(/Bearer\s+[A-Za-z0-9._~+/=-]+/gi, "Bearer [redacted]").replace(/((?:token|secret|password|passwd|api[_-]?key|access[_-]?token|auth|credential|session)[=:]\s*)[^\s&]+/gi, "$1[redacted]");
+}
+function isSecretKey(value) {
+  return /(token|secret|password|passwd|api[_-]?key|access[_-]?token|auth|credential|session)/i.test(value);
+}
+function rejectControlCharacters(value, label) {
+  if (/[\x00-\x1f\x7f-\x9f]/.test(value)) {
+    throw new Error(`${label} must not contain control characters`);
+  }
+}
+function boundedInteger(value, label, min, max) {
+  if (!Number.isInteger(value) || value < min || value > max) {
+    throw new Error(`${label} must be an integer from ${min} to ${max}`);
+  }
+  return value;
+}
+function redactUrlForDisplay(value) {
+  if (!value)
+    return;
+  try {
+    const parsed = new URL(value);
+    parsed.username = parsed.username ? "[redacted]" : "";
+    parsed.password = "";
+    for (const key of [...parsed.searchParams.keys()]) {
+      if (isSecretKey(key))
+        parsed.searchParams.set(key, "[redacted]");
+    }
+    if (parsed.hash && isSecretKey(parsed.hash))
+      parsed.hash = "#[redacted]";
+    return parsed.toString();
+  } catch {
+    return sanitizeScalar(value);
+  }
+}
+function sanitizeIdentity(value) {
+  if (!value)
+    return;
+  try {
+    const parsed = new URL(value);
+    parsed.username = parsed.username ? "[redacted]" : "";
+    parsed.password = "";
+    for (const key of [...parsed.searchParams.keys()]) {
+      if (isSecretKey(key))
+        parsed.searchParams.set(key, "[redacted]");
+    }
+    parsed.hash = "";
+    return parsed.toString();
+  } catch {
+    return sanitizeScalar(value);
+  }
+}
+function sanitizeHost(value) {
+  if (!value)
+    return;
+  return sanitizeScalar(value);
+}
+export {
+  rollbackImport,
+  previewImport,
+  applyImport
+};

package/dist/index.d.ts

@@ -1,9 +1,15 @@
 export { createUptimeClient, UptimeService } from "./service.js";
 export { UptimeStore } from "./store.js";
-export { runMonitorCheck, runHttpCheck, runTcpCheck } from "./checks.js";
+export { runBrowserPageCheck, runMonitorCheck, runHttpCheck, runTcpCheck } from "./checks.js";
 export { createApiHandler, serveUptime } from "./api.js";
+export { applyImport, previewImport, rollbackImport } from "./imports.js";
 export { buildUptimeReport, sendUptimeReport } from "./report.js";
-export { uptimeHome, uptimeDbPath, ensureUptimeHome } from "./paths.js";
-export type { CheckAttemptResult, CheckResult, CheckStatus, CreateMonitorInput, Incident, IncidentStatus, ListResultsOptions, Monitor, MonitorKind, MonitorStatus, MonitorSummary, SchedulerHandle, UpdateMonitorInput, UptimeSummary, } from "./types.js";
+export { generateProbeKeyPair, probePublicKeyFingerprint, probeResultSigningPayload, signProbeResult, verifyProbeResultSignature } from "./probes.js";
+export { uptimeHome, uptimeDbPath, uptimeHostedFallbackDbPath, ensureUptimeHome } from "./paths.js";
+export type { UptimeBackup, UptimeBackupCheck, UptimeRuntimeMode, UptimeStoreOptions, MonitorProvenance, SaveImportBatchInput, StoredImportBatch, UpsertMonitorProvenanceInput, } from "./store.js";
+export type { BrowserPageRunner, BrowserPageRunnerResult, FetchLike, } from "./checks.js";
+export type { ImportAction, ImportApplyItem, ImportApplyResult, ImportCandidate, ImportPreview, ImportPreviewItem, ImportRequest, ImportRollbackItem, ImportRollbackResult, ImportSource, } from "./imports.js";
+export type { BrowserFailedRequest, BrowserPageEvidence, AuditEvent, CheckAttemptResult, CheckEvidence, CheckResult, CheckStatus, CreateMonitorKind, CreateMonitorInput, CreateReportScheduleInput, ImportedMonitorInput, ImportedUpdateMonitorInput, EvidenceArtifact, Incident, IncidentStatus, ListAuditEventsOptions, ListReportRunsOptions, ListResultsOptions, Monitor, MonitorKind, MonitorStatus, MonitorSummary, ProbeCheckJob, ProbeCheckJobStatus, ProbeIdentity, ProbeResultSubmission, ProbeSubmissionReceipt, RecordAuditEventInput, ReportDeliveryChannel, ReportDeliveryRecord, ReportEmailChannelConfig, ReportLogsChannelConfig, ReportRun, ReportRunStatus, ReportSchedule, ReportScheduleChannels, ReportScheduleStatus, ReportSmsChannelConfig, SchedulerHandle, UpdateMonitorInput, UpdateReportScheduleInput, UptimeSummary, } from "./types.js";
+export type { ProbeKeyPair, ProbeSigningInput } from "./probes.js";
 export type { BuildUptimeReportOptions, SendUptimeReportOptions, UptimeEmailReportTarget, UptimeLogsReportTarget, UptimeReport, UptimeReportDelivery, UptimeSmsReportTarget, } from "./report.js";
 //# sourceMappingURL=index.d.ts.map