npm - @johpaz/hive-agents - Versions diffs - 0.0.35 → 0.0.37 - Mend

@johpaz/hive-agents 0.0.35 → 0.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (441) hide show

package/packages/core/src/gateway/router.ts ADDED Viewed

@@ -0,0 +1,124 @@
+import type { Config, Binding } from "../config/loader.ts";
+export interface RoutingContext {
+  channel: string;
+  accountId?: string;
+  peerKind?: "direct" | "group";
+  peerId?: string;
+  guildId?: string;
+  teamId?: string;
+  roles?: string[];
+}
+export function matchBinding(binding: Binding, ctx: RoutingContext): number {
+  const match = binding.match;
+  let score = 0;
+  if (match.peer?.id && match.peer?.kind) {
+    if (ctx.peerId === match.peer.id && ctx.peerKind === match.peer.kind) {
+      score += 1000;
+    } else {
+      return 0;
+    }
+  } else if (match.peer?.id) {
+    if (ctx.peerId === match.peer.id) {
+      score += 900;
+    } else {
+      return 0;
+    }
+  } else if (match.peer?.kind) {
+    if (ctx.peerKind === match.peer.kind) {
+      score += 50;
+    } else {
+      return 0;
+    }
+  }
+  if (match.guildId && match.roles && match.roles.length > 0) {
+    if (ctx.guildId === match.guildId && ctx.roles?.some((r) => match.roles?.includes(r))) {
+      score += 800;
+    } else {
+      return 0;
+    }
+  } else if (match.guildId) {
+    if (ctx.guildId === match.guildId) {
+      score += 200;
+    } else {
+      return 0;
+    }
+  }
+  if (match.teamId) {
+    if (ctx.teamId === match.teamId) {
+      score += 300;
+    } else {
+      return 0;
+    }
+  }
+  if (match.accountId) {
+    if (ctx.accountId === match.accountId) {
+      score += 400;
+    } else {
+      return 0;
+    }
+  }
+  if (match.channel) {
+    if (ctx.channel === match.channel) {
+      score += 100;
+    } else {
+      return 0;
+    }
+  }
+  return score || 1;
+}
+export function resolveAgent(
+  config: Config,
+  ctx: RoutingContext
+): string {
+  const bindings = config.bindings ?? [];
+  if (bindings.length === 0) {
+    return config.agent?.defaultAgentId ?? "main";
+  }
+  let bestMatch: { agentId: string; score: number } | null = null;
+  for (const binding of bindings) {
+    const score = matchBinding(binding, ctx);
+    if (score > 0 && (!bestMatch || score > bestMatch.score)) {
+      bestMatch = { agentId: binding.agentId, score };
+    }
+  }
+  if (bestMatch) {
+    return bestMatch.agentId;
+  }
+  return config.agent?.defaultAgentId ?? "main";
+}
+export class Router {
+  constructor(private config: Config) {}
+  route(ctx: RoutingContext): string {
+    return resolveAgent(this.config, ctx);
+  }
+  getAgentWorkspace(agentId: string): string {
+    const agents = this.config.agents?.list ?? [];
+    const agent = agents.find((a) => a.id === agentId);
+    if (agent?.workspace) {
+      return agent.workspace.replace(/^~/, process.env.HOME ?? "");
+    }
+    const baseDir = this.config.agent?.baseDir?.replace(/^~/, process.env.HOME ?? "")
+      ?? `${process.env.HOME}/.hive/agents`;
+    return `${baseDir}/${agentId}/workspace`;
+  }
+}

package/packages/core/src/gateway/routes/agents.ts ADDED Viewed

@@ -0,0 +1,210 @@
+import { getDb } from "../../storage/sqlite"
+import { emitCanvas } from "../../canvas/emitter"
+import { storeAgentHeaders, deleteAgentSecrets } from "../../storage/crypto"
+export async function handleGetAgents(req: Request, addCorsHeaders: (r: Response, req: Request) => Response): Promise<Response> {
+  const url = new URL(req.url)
+  const typeFilter = url.searchParams.get("type")
+  let whereClause = ""
+  if (typeFilter) {
+    whereClause = "WHERE a.status = ?"
+  }
+  const rows = getDb().query(`
+    SELECT a.*, u.notes as user_preferences,
+    CASE WHEN a.headers_encrypted IS NOT NULL THEN 1 ELSE 0 END as has_headers
+    FROM agents a
+    LEFT JOIN users u ON a.user_id = u.id
+    ${whereClause}
+    ORDER BY a.created_at DESC
+  `).all(...(typeFilter ? [typeFilter] : [])) as Record<string, unknown>[]
+  const agents = rows.map(row => ({
+    // Basic fields
+    id: row.id,
+    userId: row.user_id,
+    name: row.name,
+    description: row.description,
+    systemPrompt: row.system_prompt,
+    tone: row.tone,
+    // Role & status
+    role: row.role as 'coordinator' | 'worker',
+    status: row.status,
+    enabled: Boolean(row.enabled),
+    // Provider & model
+    providerId: row.provider_id,
+    modelId: row.model_id,
+    // Tools & skills
+    toolsJson: row.tools_json,
+    skillsJson: row.skills_json,
+    // Hierarchy
+    parentId: row.parent_id,
+    maxIterations: row.max_iterations,
+    // Workspace
+    workspace: row.workspace,
+    // Headers (encrypted)
+    hasHeaders: row.has_headers === 1,
+    // Timestamps
+    createdAt: new Date((row.created_at as number) * 1000).toISOString(),
+    updatedAt: new Date((row.updated_at as number) * 1000).toISOString(),
+    // Virtual fields (not from DB)
+    taskCount: 0,
+    successRate: 100,
+  }))
+  return addCorsHeaders(Response.json({ agents }), req)
+}
+export async function handleCreateAgent(req: Request, addCorsHeaders: (r: Response, req: Request) => Response): Promise<Response> {
+  const body = await req.json().catch(() => ({}))
+  let agentId: string
+  if (body.id) {
+    agentId = body.id
+    getDb().query(`
+      INSERT INTO agents(id, name, description, provider_id, model_id, tone, enabled, workspace)
+      VALUES(?, ?, ?, ?, ?, ?, 1, ?)
+    `).run(
+      agentId,
+      body.name,
+      body.description || "",
+      body.providerId || "openai",
+      body.modelId || "gpt-4o",
+      body.tone || "friendly",
+      body.workspace || null
+    )
+  } else {
+    const result = getDb().query(`
+      INSERT INTO agents(name, description, provider_id, model_id, tone, enabled, workspace)
+      VALUES(?, ?, ?, ?, ?, 1, ?)
+      RETURNING id
+    `).get(
+      body.name,
+      body.description || "",
+      body.providerId || "openai",
+      body.modelId || "gpt-4o",
+      body.tone || "friendly",
+      body.workspace || null
+    ) as { id: string } | undefined
+    agentId = result?.id || ""
+  }
+  if (body.headers && agentId) {
+    await storeAgentHeaders(agentId, body.headers)
+  }
+  emitCanvas("canvas:node_add", {
+    node: { id: agentId, name: body.name, status: "idle", type: "agent" }
+  })
+  const agent = getDb().query(`
+    SELECT id, name, description, provider_id, model_id, tone, status, enabled, active, created_at, workspace
+    FROM agents WHERE id = ?
+  `).get(agentId) as Record<string, unknown> | undefined
+  if (!agent) {
+    return addCorsHeaders(Response.json({ ok: false, error: "Agent not found" }), req)
+  }
+  return addCorsHeaders(Response.json({
+    ok: true,
+    agent: {
+      id: agent.id,
+      name: agent.name,
+      description: agent.description,
+      providerId: agent.provider_id,
+      modelId: agent.model_id,
+      tone: agent.tone,
+      status: agent.status,
+      enabled: agent.enabled === 1,
+      active: agent.active === 1,
+      createdAt: new Date((agent.created_at as number) * 1000).toISOString(),
+      workspace: agent.workspace,
+    }
+  }), req)
+}
+export async function handleUpdateAgent(req: Request, addCorsHeaders: (r: Response, req: Request) => Response): Promise<Response> {
+  const url = new URL(req.url)
+  const agentId = url.pathname.split("/").pop()
+  if (!agentId) {
+    return addCorsHeaders(new Response("Missing ID", { status: 400 }), req)
+  }
+  const body = await req.json().catch(() => ({}))
+  const updates: string[] = []
+  const params: unknown[] = []
+  // Map: snake_case DB field → camelCase body key
+  const fieldMap: Record<string, string> = {
+    name:            "name",
+    description:     "description",
+    provider_id:     "providerId",
+    model_id:        "modelId",
+    system_prompt:   "systemPrompt",
+    status:          "status",
+    enabled:         "enabled",
+    tone:            "tone",
+    workspace:       "workspace",
+    role:            "role",
+    max_iterations:  "maxIterations",
+  }
+  for (const [dbField, camelKey] of Object.entries(fieldMap)) {
+    const val = body[dbField] !== undefined ? body[dbField] : body[camelKey]
+    if (val !== undefined) {
+      updates.push(`${dbField} = ?`)
+      params.push(typeof val === 'object' ? JSON.stringify(val) : val)
+    }
+  }
+  const agentHeaders = body.headers !== undefined ? body.headers : body.config?.headers
+  if (agentHeaders !== undefined) {
+    await storeAgentHeaders(agentId, agentHeaders)
+  }
+  const userPreferences = body.userPreferences !== undefined ? body.userPreferences : body.user_preferences
+  if (userPreferences !== undefined) {
+    const agentRow = getDb().query("SELECT user_id FROM agents WHERE id = ?").get(agentId) as { user_id: string } | undefined
+    if (agentRow?.user_id) {
+      getDb().query(`UPDATE users SET notes = ? WHERE id = ?`).run(userPreferences, agentRow.user_id)
+    }
+  }
+  if (updates.length > 0) {
+    updates.push("updated_at = unixepoch()")
+    params.push(agentId)
+    getDb().query(`UPDATE agents SET ${updates.join(", ")} WHERE id = ?`).run(...params as any[])
+    emitCanvas("canvas:node_update", { id: agentId, updates: body })
+  }
+  return addCorsHeaders(Response.json({ ok: true }), req)
+}
+export async function handleDeleteAgent(req: Request, addCorsHeaders: (r: Response, req: Request) => Response): Promise<Response> {
+  const url = new URL(req.url)
+  const agentId = url.pathname.split("/").pop()
+  if (!agentId) {
+    return addCorsHeaders(new Response("Missing ID", { status: 400 }), req)
+  }
+  getDb().query(`DELETE FROM agents WHERE id = ?`).run(agentId)
+  await deleteAgentSecrets(agentId)
+  emitCanvas("canvas:node_remove", { id: agentId })
+  return addCorsHeaders(Response.json({ ok: true }), req)
+}

package/packages/core/src/gateway/routes/auth.ts ADDED Viewed

@@ -0,0 +1,244 @@
+import { getDb } from "../../storage/sqlite";
+import { readFileSync } from "node:fs";
+import { getHiveDir } from "../../config/loader";
+import * as path from "node:path";
+import jwt from "jsonwebtoken";
+type CorsHelper = (res: Response, req: Request) => Response;
+interface AuthTokens {
+  accessToken: string;
+  refreshToken: string;
+  expiresIn: number;
+  tokenType: 'Bearer';
+}
+const JWT_SECRET = process.env.HIVE_JWT_SECRET || process.env.HIVE_AUTH_TOKEN || "hive-default-jwt-secret-change-in-production";
+const ACCESS_TOKEN_EXPIRY = "15m";
+const REFRESH_TOKEN_EXPIRY = "7d";
+const ACCESS_TOKEN_EXPIRY_SECONDS = 15 * 60;
+function hashToken(token: string): string {
+  return Bun.hash(token + JWT_SECRET).toString(16);
+}
+export async function generateTokens(userId: string): Promise<AuthTokens> {
+  const accessToken = jwt.sign({ userId, type: "access" }, JWT_SECRET, { expiresIn: ACCESS_TOKEN_EXPIRY });
+  const refreshToken = jwt.sign({ userId, type: "refresh", jti: crypto.randomUUID() }, JWT_SECRET, { expiresIn: REFRESH_TOKEN_EXPIRY });
+  const expiresAt = Math.floor(Date.now() / 1000) + (7 * 24 * 60 * 60);
+  const tokenHash = hashToken(refreshToken);
+  getDb().query(
+    `INSERT INTO refresh_tokens (user_id, token_hash, expires_at) VALUES (?, ?, ?)`
+  ).run(userId, tokenHash, expiresAt);
+  return {
+    accessToken,
+    refreshToken,
+    expiresIn: ACCESS_TOKEN_EXPIRY_SECONDS,
+    tokenType: "Bearer"
+  };
+}
+export async function refreshAccessToken(refreshToken: string): Promise<AuthTokens | null> {
+  try {
+    const decoded = jwt.verify(refreshToken, JWT_SECRET) as { userId: string; type: string; jti: string };
+    if (decoded.type !== "refresh") return null;
+    const tokenHash = hashToken(refreshToken);
+    const stored = getDb().query(
+      `SELECT user_id FROM refresh_tokens WHERE token_hash = ? AND revoked = 0 AND expires_at > ?`
+    ).get(tokenHash, Math.floor(Date.now() / 1000)) as { user_id: string } | undefined;
+    if (!stored) return null;
+    getDb().query(`DELETE FROM refresh_tokens WHERE token_hash = ?`).run(tokenHash);
+    return generateTokens(stored.user_id);
+  } catch {
+    return null;
+  }
+}
+export async function validateAccessToken(token: string): Promise<{ userId: string } | null> {
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET) as { userId: string; type: string };
+    if (decoded.type !== "access") return null;
+    return { userId: decoded.userId };
+  } catch {
+    return null;
+  }
+}
+function getAuthTokenFromFile(): string {
+  // The auth token lives in ~/.hive/.auth_token — same value as HIVE_AUTH_TOKEN env var
+  try {
+    return readFileSync(path.join(getHiveDir(), ".auth_token"), "utf-8").trim();
+  } catch {
+    return process.env.HIVE_AUTH_TOKEN ?? "";
+  }
+}
+/** GET /api/auth/status — public
+ *  Returns whether this instance has email+password credentials configured.
+ *  The UI uses this to decide whether to show the login page or allow direct access.
+ */
+export async function handleAuthStatus(
+  req: Request,
+  cors: CorsHelper
+): Promise<Response> {
+  const user = getDb().query(
+    `SELECT email, password_hash FROM users LIMIT 1`
+  ).get() as { email: string | null; password_hash: string | null } | null;
+  const hasCredentials = !!(user?.email && user?.password_hash);
+  return cors(Response.json({ hasCredentials, email: user?.email ?? null }), req);
+}
+/** GET /api/auth/recovery-key — requires auth
+ *  Returns the recovery key (HIVE_AUTH_TOKEN) so the UI can display it.
+ */
+export async function handleRecoveryKey(
+  req: Request,
+  cors: CorsHelper
+): Promise<Response> {
+  const recoveryKey = getAuthTokenFromFile();
+  return cors(Response.json({ recoveryKey }), req);
+}
+/** POST /api/auth/login — public
+ *  body: { email, password }
+ *  Returns: { authToken } on success, 401 on failure.
+ */
+export async function handleLogin(
+  req: Request,
+  cors: CorsHelper
+): Promise<Response> {
+  const body = await req.json().catch(() => ({})) as { email?: string; password?: string };
+  if (!body.email || !body.password) {
+    return cors(Response.json({ error: "Email y contraseña requeridos" }, { status: 400 }), req);
+  }
+  const user = getDb().query(
+    `SELECT password_hash FROM users WHERE email = ? LIMIT 1`
+  ).get(body.email.toLowerCase().trim()) as { password_hash: string | null } | null;
+  if (!user?.password_hash) {
+    return cors(Response.json({ error: "Credenciales inválidas" }, { status: 401 }), req);
+  }
+  const valid = await Bun.password.verify(body.password, user.password_hash);
+  if (!valid) {
+    return cors(Response.json({ error: "Credenciales inválidas" }, { status: 401 }), req);
+  }
+  const authToken = process.env.HIVE_AUTH_TOKEN ?? getAuthTokenFromFile();
+  return cors(Response.json({ authToken }), req);
+}
+/** POST /api/auth/setup-credentials — requires existing auth token
+ *  Sets email + password for the first time (or updates them).
+ *  body: { email, password }
+ */
+export async function handleSetupCredentials(
+  req: Request,
+  cors: CorsHelper
+): Promise<Response> {
+  const body = await req.json().catch(() => ({})) as { email?: string; password?: string };
+  if (!body.email || !body.password) {
+    return cors(Response.json({ error: "Email y contraseña requeridos" }, { status: 400 }), req);
+  }
+  if (body.password.length < 8) {
+    return cors(Response.json({ error: "La contraseña debe tener al menos 8 caracteres" }, { status: 400 }), req);
+  }
+  const passwordHash = await Bun.password.hash(body.password, { algorithm: "bcrypt", cost: 10 });
+  const email = body.email.toLowerCase().trim();
+  getDb().query(
+    `UPDATE users SET email = ?, password_hash = ?`
+  ).run(email, passwordHash);
+  return cors(Response.json({ success: true }), req);
+}
+/** POST /api/auth/change-password — requires existing auth token
+ *  body: { currentPassword, newPassword }
+ */
+export async function handleChangePassword(
+  req: Request,
+  cors: CorsHelper
+): Promise<Response> {
+  const body = await req.json().catch(() => ({})) as { currentPassword?: string; newPassword?: string };
+  if (!body.currentPassword || !body.newPassword) {
+    return cors(Response.json({ error: "Campos requeridos" }, { status: 400 }), req);
+  }
+  if (body.newPassword.length < 8) {
+    return cors(Response.json({ error: "La contraseña debe tener al menos 8 caracteres" }, { status: 400 }), req);
+  }
+  const user = getDb().query(
+    `SELECT password_hash FROM users LIMIT 1`
+  ).get() as { password_hash: string | null } | null;
+  if (!user?.password_hash) {
+    return cors(Response.json({ error: "No hay contraseña configurada" }, { status: 400 }), req);
+  }
+  const valid = await Bun.password.verify(body.currentPassword, user.password_hash);
+  if (!valid) {
+    return cors(Response.json({ error: "Contraseña actual incorrecta" }, { status: 401 }), req);
+  }
+  const newHash = await Bun.password.hash(body.newPassword, { algorithm: "bcrypt", cost: 10 });
+  getDb().query(`UPDATE users SET password_hash = ?`).run(newHash);
+  return cors(Response.json({ success: true }), req);
+}
+/** POST /api/auth/recover — public
+ *  Resets password using the recovery key (= HIVE_AUTH_TOKEN from ~/.hive/.auth_token).
+ *  body: { recoveryKey, newPassword }
+ */
+export async function handleRecover(
+  req: Request,
+  cors: CorsHelper
+): Promise<Response> {
+  const body = await req.json().catch(() => ({})) as { recoveryKey?: string; newPassword?: string };
+  if (!body.recoveryKey || !body.newPassword) {
+    return cors(Response.json({ error: "Recovery key y nueva contraseña requeridos" }, { status: 400 }), req);
+  }
+  if (body.newPassword.length < 8) {
+    return cors(Response.json({ error: "La contraseña debe tener al menos 8 caracteres" }, { status: 400 }), req);
+  }
+  const storedToken = getAuthTokenFromFile();
+  if (!storedToken || body.recoveryKey.trim() !== storedToken) {
+    return cors(Response.json({ error: "Recovery key inválido" }, { status: 401 }), req);
+  }
+  const newHash = await Bun.password.hash(body.newPassword, { algorithm: "bcrypt", cost: 10 });
+  getDb().query(`UPDATE users SET password_hash = ?`).run(newHash);
+  const authToken = process.env.HIVE_AUTH_TOKEN ?? storedToken;
+  return cors(Response.json({ success: true, authToken }), req);
+}
+/** POST /api/auth/disable — requires existing auth token
+ *  Removes email + password (disables login protection).
+ */
+export async function handleDisableAuth(
+  req: Request,
+  cors: CorsHelper
+): Promise<Response> {
+  getDb().query(`UPDATE users SET email = NULL, password_hash = NULL`).run();
+  return cors(Response.json({ success: true }), req);
+}