@jx0/agency 0.2.0

package/src/api/routes/documents.ts

@@ -0,0 +1,41 @@
+import { Hono } from "hono";
+import { db } from "../db/client.js";
+import { resolveAgent } from "../lib/resolve-agent.js";
+import { logActivity } from "../lib/activity.js";
+
+export const documents = new Hono();
+
+documents.get("/", async (c) => {
+  const taskId = c.req.query("task_id");
+  let q = db.selectFrom("documents").selectAll();
+  if (taskId) q = q.where("task_id", "=", taskId);
+  const rows = await q.orderBy("created_at", "desc").execute();
+  return c.json(rows);
+});
+
+documents.get("/:id", async (c) => {
+  const doc = await db.selectFrom("documents").where("id", "=", c.req.param("id")).selectAll().executeTakeFirst();
+  if (!doc) return c.json({ error: "not found" }, 404);
+  return c.json(doc);
+});
+
+documents.post("/", async (c) => {
+  const body = await c.req.json<{
+    title: string; content: string; doc_type?: string;
+    task_id?: string; from: string;
+  }>();
+  const agent = await resolveAgent(body.from);
+  if (!agent) return c.json({ error: "unknown agent" }, 400);
+
+  const doc = await db.insertInto("documents").values({
+    id: crypto.randomUUID(),
+    title: body.title,
+    content: body.content,
+    doc_type: body.doc_type ?? "general",
+    task_id: body.task_id ?? null,
+    created_by: agent.id,
+  }).returningAll().executeTakeFirstOrThrow();
+
+  await logActivity("document_created", agent.id, `Created doc: ${doc.title}`, doc.task_id);
+  return c.json(doc, 201);
+});

package/src/api/routes/knowledge.ts

@@ -0,0 +1,60 @@
+import { Hono } from "hono";
+import { db } from "../db/client.js";
+import { resolveAgent } from "../lib/resolve-agent.js";
+
+export const knowledge = new Hono();
+
+knowledge.get("/", async (c) => {
+  const tags = c.req.query("tags");
+  const search = c.req.query("search");
+
+  let q = db.selectFrom("knowledge").selectAll();
+
+  if (tags) {
+    const tagArr = tags.split(",");
+    for (const tag of tagArr) {
+      q = q.where("tags", "like", `%"${tag}"%`);
+    }
+  }
+
+  if (search) {
+    q = q.where((eb) =>
+      eb.or([
+        eb("content", "like", `%${search}%`),
+        eb("key", "like", `%${search}%`),
+      ])
+    );
+  }
+
+  const rows = await q.orderBy("created_at", "desc").execute();
+  return c.json(rows.map((r) => ({ ...r, tags: JSON.parse(r.tags) })));
+});
+
+knowledge.post("/", async (c) => {
+  const body = await c.req.json<{
+    key: string; content: string; from: string;
+    task_id?: string; tags?: string[];
+  }>();
+  const agent = await resolveAgent(body.from);
+  if (!agent) return c.json({ error: "unknown agent" }, 400);
+
+  const tagsJson = JSON.stringify(body.tags ?? []);
+
+  const row = await db.insertInto("knowledge").values({
+    id: crypto.randomUUID(),
+    key: body.key,
+    content: body.content,
+    source: agent.id,
+    task_id: body.task_id ?? null,
+    tags: tagsJson,
+  })
+  .onConflict((oc) => oc.column("key").doUpdateSet({
+    content: body.content,
+    source: agent.id,
+    tags: tagsJson,
+  }))
+  .returningAll()
+  .executeTakeFirstOrThrow();
+
+  return c.json({ ...row, tags: JSON.parse(row.tags) }, 201);
+});

package/src/api/routes/messages.ts

@@ -0,0 +1,54 @@
+import { Hono } from "hono";
+import { db } from "../db/client.js";
+import { resolveAgent } from "../lib/resolve-agent.js";
+import { logActivity } from "../lib/activity.js";
+import { parseMentions, getTaskSubscribers } from "../lib/mentions.js";
+
+export const messages = new Hono();
+
+messages.get("/:taskId/messages", async (c) => {
+  const taskId = c.req.param("taskId");
+  const rows = await db
+    .selectFrom("messages")
+    .leftJoin("agents", "agents.id", "messages.from_agent")
+    .where("task_id", "=", taskId)
+    .select([
+      "messages.id", "messages.task_id", "messages.from_agent",
+      "messages.content", "messages.created_at",
+      "agents.name as from_name",
+    ])
+    .orderBy("messages.created_at", "asc")
+    .execute();
+  return c.json(rows);
+});
+
+messages.post("/:taskId/messages", async (c) => {
+  const taskId = c.req.param("taskId");
+  const { from, content } = await c.req.json<{ from: string; content: string }>();
+  const agent = await resolveAgent(from);
+  if (!agent) return c.json({ error: "unknown agent" }, 400);
+
+  const msg = await db.insertInto("messages").values({
+    id: crypto.randomUUID(),
+    task_id: taskId, from_agent: agent.id, content,
+  }).returningAll().executeTakeFirstOrThrow();
+
+  // Collect notification targets
+  const mentionIds = await parseMentions(content, agent.id);
+  const subscriberIds = await getTaskSubscribers(taskId, agent.id);
+  const targetIds = new Set([...mentionIds, ...subscriberIds]);
+
+  // Create notifications
+  for (const targetId of targetIds) {
+    await db.insertInto("notifications").values({
+      id: crypto.randomUUID(),
+      target_agent: targetId,
+      source_agent: agent.id,
+      task_id: taskId,
+      content: `${from}: ${content}`,
+    }).execute();
+  }
+
+  await logActivity("message", agent.id, `Message on task`, taskId);
+  return c.json(msg, 201);
+});

package/src/api/routes/notifications.ts

@@ -0,0 +1,40 @@
+import { Hono } from "hono";
+import { db } from "../db/client.js";
+import { resolveAgent } from "../lib/resolve-agent.js";
+
+export const notifications = new Hono();
+
+notifications.get("/pending", async (c) => {
+  const rows = await db
+    .selectFrom("notifications")
+    .innerJoin("agents", "agents.id", "notifications.target_agent")
+    .where("delivered", "=", 0)
+    .select([
+      "notifications.id", "notifications.target_agent", "notifications.source_agent",
+      "notifications.task_id", "notifications.content", "notifications.delivered",
+      "notifications.created_at",
+      "agents.name as target_name", "agents.session_key",
+    ])
+    .orderBy("notifications.created_at", "asc")
+    .execute();
+  return c.json(rows);
+});
+
+notifications.get("/pending/:agentName", async (c) => {
+  const agent = await resolveAgent(c.req.param("agentName"));
+  if (!agent) return c.json({ error: "not found" }, 404);
+  const rows = await db
+    .selectFrom("notifications")
+    .where("target_agent", "=", agent.id)
+    .where("delivered", "=", 0)
+    .selectAll()
+    .orderBy("created_at", "asc")
+    .execute();
+  return c.json(rows);
+});
+
+notifications.post("/deliver/:id", async (c) => {
+  const id = c.req.param("id");
+  await db.updateTable("notifications").where("id", "=", id).set("delivered", 1).execute();
+  return c.json({ ok: true });
+});

package/src/api/routes/oauth.ts

@@ -0,0 +1,171 @@
+import { Hono } from "hono";
+import * as fs from "fs";
+import * as path from "path";
+import { db } from "../db/client.js";
+
+export const oauth = new Hono();
+
+// In-memory PKCE store (single-user system)
+let pendingVerifier: string | null = null;
+
+function base64UrlEncode(buf: ArrayBuffer): string {
+  return Buffer.from(buf)
+    .toString("base64")
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=+$/, "");
+}
+
+async function generateCodeChallenge(verifier: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  return base64UrlEncode(digest);
+}
+
+function generateCodeVerifier(): string {
+  const buf = new Uint8Array(32);
+  crypto.getRandomValues(buf);
+  return base64UrlEncode(buf.buffer);
+}
+
+const CLIENT_ID = ""; // Must be configured — extract from Claude Code or set via env
+const CLAUDE_CREDENTIALS_PATH = path.join(
+  process.env.HOME ?? "",
+  ".claude",
+  ".credentials.json"
+);
+const REDIRECT_URI = "http://localhost:3100/oauth/claude/callback";
+const AUTH_URL = "https://console.anthropic.com/oauth/authorize";
+const TOKEN_URL = "https://console.anthropic.com/oauth/token";
+
+// Import credentials from ~/.claude/.credentials.json
+oauth.post("/claude/import", async (c) => {
+  try {
+    if (!fs.existsSync(CLAUDE_CREDENTIALS_PATH)) {
+      return c.json({ error: "No Claude Code credentials found at ~/.claude/.credentials.json" }, 404);
+    }
+    const raw = fs.readFileSync(CLAUDE_CREDENTIALS_PATH, "utf-8");
+    const creds = JSON.parse(raw);
+    const oauth = creds.claudeAiOauth;
+    if (!oauth?.accessToken) {
+      return c.json({ error: "No OAuth tokens found in credentials file" }, 400);
+    }
+
+    const expiresAt = oauth.expiresAt
+      ? new Date(oauth.expiresAt).toISOString()
+      : "";
+
+    const tokenSettings = [
+      { key: "ai.oauth_access_token", value: oauth.accessToken },
+      { key: "ai.oauth_refresh_token", value: oauth.refreshToken ?? "" },
+      { key: "ai.oauth_expires_at", value: expiresAt },
+      { key: "ai.oauth_subscription_type", value: oauth.subscriptionType ?? "" },
+      { key: "ai.auth_method", value: "oauth" },
+    ];
+
+    for (const s of tokenSettings) {
+      await db
+        .updateTable("settings")
+        .where("key", "=", s.key)
+        .set({ value: s.value, updated_at: new Date().toISOString() })
+        .execute();
+    }
+
+    return c.json({ ok: true, subscriptionType: oauth.subscriptionType ?? "" });
+  } catch (err: any) {
+    return c.json({ error: err.message }, 500);
+  }
+});
+
+// Step 1: Generate authorize URL
+oauth.get("/claude/authorize", async (c) => {
+  const clientId = process.env.CLAUDE_OAUTH_CLIENT_ID || CLIENT_ID;
+  if (!clientId) {
+    return c.json({ error: "CLAUDE_OAUTH_CLIENT_ID not configured" }, 400);
+  }
+
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = await generateCodeChallenge(codeVerifier);
+  pendingVerifier = codeVerifier;
+
+  const params = new URLSearchParams({
+    response_type: "code",
+    client_id: clientId,
+    redirect_uri: REDIRECT_URI,
+    code_challenge: codeChallenge,
+    code_challenge_method: "S256",
+    scope: "user:inference",
+  });
+
+  return c.json({ url: `${AUTH_URL}?${params.toString()}` });
+});
+
+// Step 2: Handle callback, exchange code for tokens
+oauth.get("/claude/callback", async (c) => {
+  const code = c.req.query("code");
+  const error = c.req.query("error");
+
+  if (error) {
+    return c.html(`<html><body><p>OAuth error: ${error}</p><script>setTimeout(()=>window.close(),2000)</script></body></html>`);
+  }
+
+  if (!code || !pendingVerifier) {
+    return c.html(`<html><body><p>Missing code or verifier</p><script>setTimeout(()=>window.close(),2000)</script></body></html>`);
+  }
+
+  const clientId = process.env.CLAUDE_OAUTH_CLIENT_ID || CLIENT_ID;
+  const verifier = pendingVerifier;
+  pendingVerifier = null;
+
+  try {
+    const tokenRes = await fetch(TOKEN_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: REDIRECT_URI,
+        client_id: clientId,
+        code_verifier: verifier,
+      }),
+    });
+
+    if (!tokenRes.ok) {
+      const err = await tokenRes.text();
+      return c.html(`<html><body><p>Token exchange failed: ${err}</p><script>setTimeout(()=>window.close(),3000)</script></body></html>`);
+    }
+
+    const tokens = await tokenRes.json() as {
+      access_token: string;
+      refresh_token?: string;
+      expires_in?: number;
+      subscription_type?: string;
+    };
+
+    const expiresAt = tokens.expires_in
+      ? new Date(Date.now() + tokens.expires_in * 1000).toISOString()
+      : "";
+
+    // Store tokens in settings
+    const tokenSettings = [
+      { key: "ai.oauth_access_token", value: tokens.access_token },
+      { key: "ai.oauth_refresh_token", value: tokens.refresh_token ?? "" },
+      { key: "ai.oauth_expires_at", value: expiresAt },
+      { key: "ai.oauth_subscription_type", value: tokens.subscription_type ?? "" },
+      { key: "ai.auth_method", value: "oauth" },
+    ];
+
+    for (const s of tokenSettings) {
+      await db
+        .updateTable("settings")
+        .where("key", "=", s.key)
+        .set({ value: s.value, updated_at: new Date().toISOString() })
+        .execute();
+    }
+
+    return c.html(`<html><body><p>Connected successfully! This window will close.</p><script>setTimeout(()=>window.close(),1000)</script></body></html>`);
+  } catch (err: any) {
+    return c.html(`<html><body><p>Error: ${err.message}</p><script>setTimeout(()=>window.close(),3000)</script></body></html>`);
+  }
+});

package/src/api/routes/role-configs.ts

@@ -0,0 +1,71 @@
+import { Hono } from "hono";
+import { db } from "../db/client.js";
+
+export const roleConfigs = new Hono();
+
+// List all role configs, optional ?role=
+roleConfigs.get("/", async (c) => {
+  const role = c.req.query("role");
+  let q = db.selectFrom("role_configs").selectAll();
+  if (role) q = q.where("role", "=", role);
+  const rows = await q.orderBy("role").orderBy("config_type").execute();
+  return c.json(rows);
+});
+
+// Get one role config by role + config_type
+roleConfigs.get("/:role/:configType", async (c) => {
+  const row = await db
+    .selectFrom("role_configs")
+    .where("role", "=", c.req.param("role"))
+    .where("config_type", "=", c.req.param("configType"))
+    .selectAll()
+    .executeTakeFirst();
+  if (!row) return c.json({ error: "not found" }, 404);
+  return c.json(row);
+});
+
+// Upsert a role config
+roleConfigs.put("/:role/:configType", async (c) => {
+  const role = c.req.param("role");
+  const configType = c.req.param("configType");
+  const { content } = await c.req.json<{ content: string }>();
+
+  const existing = await db
+    .selectFrom("role_configs")
+    .where("role", "=", role)
+    .where("config_type", "=", configType)
+    .selectAll()
+    .executeTakeFirst();
+
+  if (existing) {
+    const updated = await db
+      .updateTable("role_configs")
+      .where("id", "=", existing.id)
+      .set({ content, updated_at: new Date().toISOString() })
+      .returningAll()
+      .executeTakeFirstOrThrow();
+    return c.json(updated);
+  }
+
+  const row = await db
+    .insertInto("role_configs")
+    .values({
+      id: crypto.randomUUID(),
+      role,
+      config_type: configType,
+      content,
+    })
+    .returningAll()
+    .executeTakeFirstOrThrow();
+  return c.json(row, 201);
+});
+
+// Delete a role config
+roleConfigs.delete("/:role/:configType", async (c) => {
+  await db
+    .deleteFrom("role_configs")
+    .where("role", "=", c.req.param("role"))
+    .where("config_type", "=", c.req.param("configType"))
+    .execute();
+  return c.json({ ok: true });
+});

package/src/api/routes/settings.ts

@@ -0,0 +1,94 @@
+import { Hono } from "hono";
+import { db } from "../db/client.js";
+
+export const settings = new Hono();
+
+const MASKED = "********";
+
+// List all settings, optional ?category=
+settings.get("/", async (c) => {
+  const category = c.req.query("category");
+  let q = db.selectFrom("settings").selectAll();
+  if (category) q = q.where("category", "=", category);
+  const rows = await q.orderBy("category").orderBy("key").execute();
+  // Mask sensitive values
+  const masked = rows.map((r) => ({
+    ...r,
+    value: r.sensitive ? MASKED : r.value,
+  }));
+  return c.json(masked);
+});
+
+// Get one setting
+settings.get("/:key", async (c) => {
+  const key = c.req.param("key");
+  const row = await db.selectFrom("settings").where("key", "=", key).selectAll().executeTakeFirst();
+  if (!row) return c.json({ error: "not found" }, 404);
+  return c.json({
+    ...row,
+    value: row.sensitive ? MASKED : row.value,
+  });
+});
+
+// Upsert a setting
+settings.put("/:key", async (c) => {
+  const key = c.req.param("key");
+  const body = await c.req.json<{
+    value: string;
+    category?: string;
+    description?: string;
+    sensitive?: number;
+    input_type?: string;
+  }>();
+
+  // If value is the mask placeholder, skip updating value (user didn't change it)
+  const skipValue = body.value === MASKED;
+
+  const existing = await db.selectFrom("settings").where("key", "=", key).selectAll().executeTakeFirst();
+
+  if (existing) {
+    const updates: Record<string, any> = {
+      updated_at: new Date().toISOString(),
+    };
+    if (!skipValue) updates.value = body.value;
+    if (body.category !== undefined) updates.category = body.category;
+    if (body.description !== undefined) updates.description = body.description;
+    if (body.sensitive !== undefined) updates.sensitive = body.sensitive;
+    if (body.input_type !== undefined) updates.input_type = body.input_type;
+
+    const updated = await db
+      .updateTable("settings")
+      .where("key", "=", key)
+      .set(updates)
+      .returningAll()
+      .executeTakeFirstOrThrow();
+    return c.json({
+      ...updated,
+      value: updated.sensitive ? MASKED : updated.value,
+    });
+  }
+
+  const row = await db
+    .insertInto("settings")
+    .values({
+      key,
+      value: skipValue ? "" : body.value,
+      category: body.category ?? "general",
+      description: body.description ?? null,
+      sensitive: body.sensitive ?? 0,
+      input_type: body.input_type ?? "text",
+    })
+    .returningAll()
+    .executeTakeFirstOrThrow();
+  return c.json({
+    ...row,
+    value: row.sensitive ? MASKED : row.value,
+  }, 201);
+});
+
+// Delete a setting
+settings.delete("/:key", async (c) => {
+  const key = c.req.param("key");
+  await db.deleteFrom("settings").where("key", "=", key).execute();
+  return c.json({ ok: true });
+});

package/src/api/routes/skills.ts

@@ -0,0 +1,76 @@
+import { Hono } from "hono";
+import { db } from "../db/client.js";
+
+export const skills = new Hono();
+
+// List skills, optional ?category=, ?search=
+skills.get("/", async (c) => {
+  const category = c.req.query("category");
+  const search = c.req.query("search");
+
+  let q = db.selectFrom("skills").selectAll();
+  if (category) q = q.where("category", "=", category);
+  if (search) {
+    q = q.where((eb) =>
+      eb.or([
+        eb("name", "like", `%${search}%`),
+        eb("body", "like", `%${search}%`),
+      ])
+    );
+  }
+
+  const rows = await q.orderBy("name").execute();
+  return c.json(rows.map((r) => ({ ...r, tags: JSON.parse(r.tags) })));
+});
+
+// Get one skill
+skills.get("/:id", async (c) => {
+  const row = await db.selectFrom("skills").where("id", "=", c.req.param("id")).selectAll().executeTakeFirst();
+  if (!row) return c.json({ error: "not found" }, 404);
+  return c.json({ ...row, tags: JSON.parse(row.tags) });
+});
+
+// Create skill
+skills.post("/", async (c) => {
+  const body = await c.req.json<{
+    name: string; body: string; category?: string; tags?: string[];
+  }>();
+
+  const row = await db
+    .insertInto("skills")
+    .values({
+      id: crypto.randomUUID(),
+      name: body.name,
+      body: body.body,
+      category: body.category ?? "general",
+      tags: JSON.stringify(body.tags ?? []),
+    })
+    .returningAll()
+    .executeTakeFirstOrThrow();
+
+  return c.json({ ...row, tags: JSON.parse(row.tags) }, 201);
+});
+
+// Update skill
+skills.put("/:id", async (c) => {
+  const id = c.req.param("id");
+  const body = await c.req.json<{
+    name?: string; body?: string; category?: string; tags?: string[];
+  }>();
+
+  let q = db.updateTable("skills").where("id", "=", id);
+  if (body.name !== undefined) q = q.set("name", body.name);
+  if (body.body !== undefined) q = q.set("body", body.body);
+  if (body.category !== undefined) q = q.set("category", body.category);
+  if (body.tags !== undefined) q = q.set("tags", JSON.stringify(body.tags));
+  q = q.set("updated_at", new Date().toISOString());
+
+  const row = await q.returningAll().executeTakeFirstOrThrow();
+  return c.json({ ...row, tags: JSON.parse(row.tags) });
+});
+
+// Delete skill
+skills.delete("/:id", async (c) => {
+  await db.deleteFrom("skills").where("id", "=", c.req.param("id")).execute();
+  return c.json({ ok: true });
+});