npm - @lobu/gateway - Versions diffs - 3.0.9 → 3.0.13 - Mend

@lobu/gateway 3.0.9 → 3.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/dist/api/platform.d.ts.map +1 -1
package/dist/api/platform.js +7 -26
package/dist/api/platform.js.map +1 -1
package/dist/auth/mcp/proxy.d.ts +14 -0
package/dist/auth/mcp/proxy.d.ts.map +1 -1
package/dist/auth/mcp/proxy.js +149 -13
package/dist/auth/mcp/proxy.js.map +1 -1
package/dist/cli/gateway.d.ts.map +1 -1
package/dist/cli/gateway.js +29 -0
package/dist/cli/gateway.js.map +1 -1
package/dist/connections/chat-instance-manager.d.ts.map +1 -1
package/dist/connections/chat-instance-manager.js +2 -1
package/dist/connections/chat-instance-manager.js.map +1 -1
package/dist/connections/interaction-bridge.d.ts +9 -2
package/dist/connections/interaction-bridge.d.ts.map +1 -1
package/dist/connections/interaction-bridge.js +121 -261
package/dist/connections/interaction-bridge.js.map +1 -1
package/dist/gateway/index.js +1 -1
package/dist/gateway/index.js.map +1 -1
package/dist/interactions.d.ts +9 -43
package/dist/interactions.d.ts.map +1 -1
package/dist/interactions.js +10 -52
package/dist/interactions.js.map +1 -1
package/dist/routes/public/agent.d.ts +4 -0
package/dist/routes/public/agent.d.ts.map +1 -1
package/dist/routes/public/agent.js +21 -0
package/dist/routes/public/agent.js.map +1 -1
package/dist/services/core-services.d.ts.map +1 -1
package/dist/services/core-services.js +4 -0
package/dist/services/core-services.js.map +1 -1
package/package.json +9 -9
package/src/__tests__/agent-config-routes.test.ts +0 -254
package/src/__tests__/agent-history-routes.test.ts +0 -72
package/src/__tests__/agent-routes.test.ts +0 -68
package/src/__tests__/agent-schedules-routes.test.ts +0 -59
package/src/__tests__/agent-settings-store.test.ts +0 -323
package/src/__tests__/bedrock-model-catalog.test.ts +0 -40
package/src/__tests__/bedrock-openai-service.test.ts +0 -157
package/src/__tests__/bedrock-provider-module.test.ts +0 -56
package/src/__tests__/chat-instance-manager-slack.test.ts +0 -204
package/src/__tests__/chat-response-bridge.test.ts +0 -131
package/src/__tests__/config-memory-plugins.test.ts +0 -92
package/src/__tests__/config-request-store.test.ts +0 -127
package/src/__tests__/connection-routes.test.ts +0 -144
package/src/__tests__/core-services-store-selection.test.ts +0 -92
package/src/__tests__/docker-deployment.test.ts +0 -1211
package/src/__tests__/embedded-deployment.test.ts +0 -342
package/src/__tests__/grant-store.test.ts +0 -148
package/src/__tests__/http-proxy.test.ts +0 -281
package/src/__tests__/instruction-service.test.ts +0 -37
package/src/__tests__/link-buttons.test.ts +0 -112
package/src/__tests__/lobu.test.ts +0 -32
package/src/__tests__/mcp-config-service.test.ts +0 -347
package/src/__tests__/mcp-proxy.test.ts +0 -694
package/src/__tests__/message-handler-bridge.test.ts +0 -17
package/src/__tests__/model-selection.test.ts +0 -172
package/src/__tests__/oauth-templates.test.ts +0 -39
package/src/__tests__/platform-adapter-slack-send.test.ts +0 -114
package/src/__tests__/platform-helpers-model-resolution.test.ts +0 -253
package/src/__tests__/provider-inheritance.test.ts +0 -212
package/src/__tests__/routes/cli-auth.test.ts +0 -337
package/src/__tests__/routes/interactions.test.ts +0 -121
package/src/__tests__/secret-proxy.test.ts +0 -85
package/src/__tests__/session-manager.test.ts +0 -572
package/src/__tests__/setup.ts +0 -133
package/src/__tests__/skill-and-mcp-registry.test.ts +0 -203
package/src/__tests__/slack-routes.test.ts +0 -161
package/src/__tests__/system-config-resolver.test.ts +0 -75
package/src/__tests__/system-message-limiter.test.ts +0 -89
package/src/__tests__/system-skills-service.test.ts +0 -362
package/src/__tests__/transcription-service.test.ts +0 -222
package/src/__tests__/utils/rate-limiter.test.ts +0 -102
package/src/__tests__/worker-connection-manager.test.ts +0 -497
package/src/__tests__/worker-job-router.test.ts +0 -722
package/src/api/index.ts +0 -1
package/src/api/platform.ts +0 -292
package/src/api/response-renderer.ts +0 -157
package/src/auth/agent-metadata-store.ts +0 -168
package/src/auth/api-auth-middleware.ts +0 -69
package/src/auth/api-key-provider-module.ts +0 -213
package/src/auth/base-provider-module.ts +0 -201
package/src/auth/bedrock/provider-module.ts +0 -110
package/src/auth/chatgpt/chatgpt-oauth-module.ts +0 -185
package/src/auth/chatgpt/device-code-client.ts +0 -218
package/src/auth/chatgpt/index.ts +0 -1
package/src/auth/claude/oauth-module.ts +0 -280
package/src/auth/cli/token-service.ts +0 -249
package/src/auth/external/client.ts +0 -560
package/src/auth/external/device-code-client.ts +0 -235
package/src/auth/mcp/config-service.ts +0 -420
package/src/auth/mcp/proxy.ts +0 -1086
package/src/auth/mcp/string-substitution.ts +0 -17
package/src/auth/mcp/tool-cache.ts +0 -90
package/src/auth/oauth/base-client.ts +0 -267
package/src/auth/oauth/client.ts +0 -153
package/src/auth/oauth/credentials.ts +0 -7
package/src/auth/oauth/providers.ts +0 -69
package/src/auth/oauth/state-store.ts +0 -150
package/src/auth/oauth-templates.ts +0 -179
package/src/auth/provider-catalog.ts +0 -220
package/src/auth/provider-model-options.ts +0 -41
package/src/auth/settings/agent-settings-store.ts +0 -565
package/src/auth/settings/auth-profiles-manager.ts +0 -216
package/src/auth/settings/index.ts +0 -12
package/src/auth/settings/model-preference-store.ts +0 -52
package/src/auth/settings/model-selection.ts +0 -135
package/src/auth/settings/resolved-settings-view.ts +0 -298
package/src/auth/settings/template-utils.ts +0 -44
package/src/auth/settings/token-service.ts +0 -88
package/src/auth/system-env-store.ts +0 -98
package/src/auth/user-agents-store.ts +0 -68
package/src/channels/binding-service.ts +0 -214
package/src/channels/index.ts +0 -4
package/src/cli/gateway.ts +0 -1312
package/src/cli/index.ts +0 -74
package/src/commands/built-in-commands.ts +0 -80
package/src/commands/command-dispatcher.ts +0 -94
package/src/commands/command-reply-adapters.ts +0 -27
package/src/config/file-loader.ts +0 -618
package/src/config/index.ts +0 -588
package/src/config/network-allowlist.ts +0 -71
package/src/connections/chat-instance-manager.ts +0 -1284
package/src/connections/chat-response-bridge.ts +0 -618
package/src/connections/index.ts +0 -7
package/src/connections/interaction-bridge.ts +0 -831
package/src/connections/message-handler-bridge.ts +0 -440
package/src/connections/platform-auth-methods.ts +0 -15
package/src/connections/types.ts +0 -84
package/src/gateway/connection-manager.ts +0 -291
package/src/gateway/index.ts +0 -698
package/src/gateway/job-router.ts +0 -201
package/src/gateway-main.ts +0 -200
package/src/index.ts +0 -41
package/src/infrastructure/queue/index.ts +0 -12
package/src/infrastructure/queue/queue-producer.ts +0 -148
package/src/infrastructure/queue/redis-queue.ts +0 -361
package/src/infrastructure/queue/types.ts +0 -133
package/src/infrastructure/redis/system-message-limiter.ts +0 -94
package/src/interactions/config-request-store.ts +0 -198
package/src/interactions.ts +0 -363
package/src/lobu.ts +0 -311
package/src/metrics/prometheus.ts +0 -159
package/src/modules/module-system.ts +0 -179
package/src/orchestration/base-deployment-manager.ts +0 -900
package/src/orchestration/deployment-utils.ts +0 -98
package/src/orchestration/impl/docker-deployment.ts +0 -620
package/src/orchestration/impl/embedded-deployment.ts +0 -268
package/src/orchestration/impl/index.ts +0 -8
package/src/orchestration/impl/k8s/deployment.ts +0 -1061
package/src/orchestration/impl/k8s/helpers.ts +0 -610
package/src/orchestration/impl/k8s/index.ts +0 -1
package/src/orchestration/index.ts +0 -333
package/src/orchestration/message-consumer.ts +0 -584
package/src/orchestration/scheduled-wakeup.ts +0 -704
package/src/permissions/approval-policy.ts +0 -36
package/src/permissions/grant-store.ts +0 -219
package/src/platform/file-handler.ts +0 -66
package/src/platform/link-buttons.ts +0 -57
package/src/platform/renderer-utils.ts +0 -44
package/src/platform/response-renderer.ts +0 -84
package/src/platform/unified-thread-consumer.ts +0 -194
package/src/platform.ts +0 -318
package/src/proxy/http-proxy.ts +0 -752
package/src/proxy/proxy-manager.ts +0 -81
package/src/proxy/secret-proxy.ts +0 -402
package/src/proxy/token-refresh-job.ts +0 -143
package/src/routes/internal/audio.ts +0 -141
package/src/routes/internal/device-auth.ts +0 -652
package/src/routes/internal/files.ts +0 -226
package/src/routes/internal/history.ts +0 -69
package/src/routes/internal/images.ts +0 -127
package/src/routes/internal/interactions.ts +0 -84
package/src/routes/internal/middleware.ts +0 -23
package/src/routes/internal/schedule.ts +0 -226
package/src/routes/internal/types.ts +0 -22
package/src/routes/openapi-auto.ts +0 -239
package/src/routes/public/agent-access.ts +0 -23
package/src/routes/public/agent-config.ts +0 -675
package/src/routes/public/agent-history.ts +0 -422
package/src/routes/public/agent-schedules.ts +0 -296
package/src/routes/public/agent.ts +0 -1086
package/src/routes/public/agents.ts +0 -373
package/src/routes/public/channels.ts +0 -191
package/src/routes/public/cli-auth.ts +0 -896
package/src/routes/public/connections.ts +0 -574
package/src/routes/public/landing.ts +0 -16
package/src/routes/public/oauth.ts +0 -147
package/src/routes/public/settings-auth.ts +0 -104
package/src/routes/public/slack.ts +0 -173
package/src/routes/shared/agent-ownership.ts +0 -101
package/src/routes/shared/token-verifier.ts +0 -34
package/src/services/bedrock-model-catalog.ts +0 -217
package/src/services/bedrock-openai-service.ts +0 -658
package/src/services/core-services.ts +0 -1072
package/src/services/image-generation-service.ts +0 -257
package/src/services/instruction-service.ts +0 -318
package/src/services/mcp-registry.ts +0 -94
package/src/services/platform-helpers.ts +0 -287
package/src/services/session-manager.ts +0 -262
package/src/services/settings-resolver.ts +0 -74
package/src/services/system-config-resolver.ts +0 -89
package/src/services/system-skills-service.ts +0 -229
package/src/services/transcription-service.ts +0 -684
package/src/session.ts +0 -110
package/src/spaces/index.ts +0 -1
package/src/spaces/space-resolver.ts +0 -17
package/src/stores/in-memory-agent-store.ts +0 -403
package/src/stores/redis-agent-store.ts +0 -279
package/src/utils/public-url.ts +0 -44
package/src/utils/rate-limiter.ts +0 -94
package/tsconfig.json +0 -33
package/tsconfig.tsbuildinfo +0 -1

package/src/api/index.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export { ApiPlatform, type ApiPlatformConfig } from "./platform";

package/src/api/platform.ts DELETED Viewed

@@ -1,292 +0,0 @@
-#!/usr/bin/env bun
-/**
- * API Platform Adapter
- * Handles direct API access for browser extensions, CLI clients, etc.
- * Does not require external platform integration (no Slack, Discord, etc.)
- */
-import { randomUUID } from "node:crypto";
-import { createLogger, type InstructionProvider } from "@lobu/core";
-import type { CoreServices, PlatformAdapter } from "../platform";
-import type { ResponseRenderer } from "../platform/response-renderer";
-import { broadcastToAgent } from "../routes/public/agent";
-import { ApiResponseRenderer } from "./response-renderer";
-const logger = createLogger("api-platform");
-/**
- * API Platform configuration
- */
-export interface ApiPlatformConfig {
-  /** Whether the API platform is enabled */
-  enabled?: boolean;
-}
-/**
- * API Platform adapter for direct access via HTTP/SSE
- * This platform doesn't interact with external services like Slack or Discord.
- * Instead, it provides endpoints for:
- * - Creating sessions
- * - Sending messages
- * - Receiving streaming responses via SSE
- * - Handling tool approvals
- */
-export class ApiPlatform implements PlatformAdapter {
-  readonly name = "api";
-  private responseRenderer?: ApiResponseRenderer;
-  private isRunning = false;
-  private services?: CoreServices;
-  /**
-   * Initialize with core services
-   */
-  async initialize(services: CoreServices): Promise<void> {
-    logger.debug("Initializing API platform...");
-    this.services = services;
-    // Create response renderer for routing worker responses to SSE clients
-    this.responseRenderer = new ApiResponseRenderer();
-    // Subscribe to interaction events to broadcast to SSE clients
-    const interactionService = services.getInteractionService();
-    interactionService.on("question:created", (event: any) => {
-      if (event.teamId !== "api") return;
-      broadcastToAgent(event.conversationId, "question", {
-        type: "question",
-        questionId: event.id,
-        question: event.question,
-        options: event.options,
-        timestamp: Date.now(),
-      });
-    });
-    interactionService.on("link-button:created", (event: any) => {
-      if (event.platform !== "api") return;
-      broadcastToAgent(event.conversationId, "link-button", {
-        type: "link-button",
-        url: event.url,
-        label: event.label,
-        linkType: event.linkType,
-        timestamp: Date.now(),
-      });
-    });
-    interactionService.on("grant:requested", (event: any) => {
-      if (event.teamId !== "api") return;
-      broadcastToAgent(event.conversationId, "grant-request", {
-        type: "grant-request",
-        requestId: event.id,
-        domains: event.domains,
-        reason: event.reason,
-        timestamp: Date.now(),
-      });
-    });
-    interactionService.on("package:requested", (event: any) => {
-      if (event.teamId !== "api") return;
-      broadcastToAgent(event.conversationId, "package-request", {
-        type: "package-request",
-        requestId: event.id,
-        packages: event.packages,
-        reason: event.reason,
-        timestamp: Date.now(),
-      });
-    });
-    interactionService.on("config:requested", (event: any) => {
-      if (event.teamId !== "api") return;
-      broadcastToAgent(event.conversationId, "config-request", {
-        type: "config-request",
-        requestId: event.id,
-        text: event.text,
-        timestamp: Date.now(),
-      });
-    });
-    interactionService.on("suggestion:created", (event: any) => {
-      if (event.teamId !== "api") return;
-      broadcastToAgent(event.conversationId, "suggestion", {
-        type: "suggestion",
-        prompts: event.prompts,
-        timestamp: Date.now(),
-      });
-    });
-    logger.debug("✅ API platform initialized");
-  }
-  /**
-   * Start the platform
-   * For API platform, this is mostly a no-op since routes are registered separately
-   */
-  async start(): Promise<void> {
-    this.isRunning = true;
-    logger.debug("✅ API platform started");
-  }
-  /**
-   * Stop the platform
-   */
-  async stop(): Promise<void> {
-    this.isRunning = false;
-    logger.debug("✅ API platform stopped");
-  }
-  /**
-   * Check if platform is healthy
-   */
-  isHealthy(): boolean {
-    return this.isRunning;
-  }
-  /**
-   * No custom instruction provider for API platform
-   */
-  getInstructionProvider(): InstructionProvider | null {
-    return null;
-  }
-  /**
-   * Build deployment metadata
-   * For API sessions, we include session ID and source
-   */
-  buildDeploymentMetadata(
-    conversationId: string,
-    channelId: string,
-    platformMetadata: Record<string, any>
-  ): Record<string, string> {
-    return {
-      sessionId: platformMetadata.sessionId || conversationId,
-      source: "direct-api",
-      channelId,
-    };
-  }
-  /**
-   * Get the response renderer for routing worker responses
-   */
-  getResponseRenderer(): ResponseRenderer | undefined {
-    return this.responseRenderer;
-  }
-  /**
-   * Suggestions are broadcast via interaction events above
-   */
-  async renderSuggestion(): Promise<void> {
-    /* noop — suggestions broadcast via interaction events */
-  }
-  /**
-   * API platform doesn't have thread status indicators
-   */
-  async setThreadStatus(): Promise<void> {
-    // Status is sent via SSE events
-  }
-  /**
-   * Send a message via API platform
-   * Creates or reuses a session and queues the message for processing
-   *
-   * @param token - Auth token (used to derive userId)
-   * @param message - Message content
-   * @param options - Routing info (agentId = channelId = conversationId for API)
-   */
-  async sendMessage(
-    token: string,
-    message: string,
-    options: {
-      agentId: string;
-      channelId: string;
-      conversationId: string;
-      teamId: string;
-      files?: Array<{ buffer: Buffer; filename: string }>;
-    }
-  ): Promise<{
-    messageId: string;
-    eventsUrl?: string;
-    queued?: boolean;
-  }> {
-    if (!this.services) {
-      throw new Error("API platform not initialized");
-    }
-    const { agentId } = options;
-    const sessionManager = this.services.getSessionManager();
-    const queueProducer = this.services.getQueueProducer();
-    const messageId = randomUUID();
-    const userId = `api-${token.slice(0, 8) || "anonymous"}`;
-    // For API platform: agentId = channelId = conversationId (all same)
-    // Try to get existing session or create new one
-    let session = await sessionManager.getSession(agentId);
-    if (!session) {
-      session = {
-        conversationId: agentId,
-        channelId: agentId,
-        userId,
-        threadCreator: userId,
-        lastActivity: Date.now(),
-        createdAt: Date.now(),
-        status: "created",
-        provider: "claude",
-      };
-      await sessionManager.setSession(session);
-      logger.info(`Created new API session: ${agentId}`);
-    }
-    if (!session) {
-      throw new Error("Session not found after creation");
-    }
-    // Update session activity
-    await sessionManager.touchSession(agentId);
-    // Prepare message with file info if provided
-    const platformMetadata: Record<string, any> = {
-      agentId,
-      source: "messaging-api",
-    };
-    if (options.files && options.files.length > 0) {
-      platformMetadata.fileCount = options.files.length;
-      platformMetadata.fileNames = options.files.map((f) => f.filename);
-      logger.info(
-        `Message includes ${options.files.length} file(s): ${platformMetadata.fileNames.join(", ")}`
-      );
-    }
-    // Enqueue message for worker processing
-    await queueProducer.enqueueMessage({
-      userId,
-      conversationId: agentId,
-      messageId,
-      channelId: agentId,
-      teamId: "api",
-      agentId: agentId, // agentId is the isolation boundary
-      botId: "lobu-api",
-      platform: "api",
-      messageText: message,
-      platformMetadata,
-      agentOptions: {
-        provider: session.provider || "claude",
-      },
-    });
-    logger.info(`Queued message ${messageId} for agent ${agentId}`);
-    const publicUrl = this.services.getPublicGatewayUrl();
-    const baseUrl = publicUrl || "http://localhost:8080";
-    return {
-      messageId,
-      eventsUrl: `${baseUrl}/api/v1/agents/${agentId}/events`,
-      queued: true,
-    };
-  }
-}

package/src/api/response-renderer.ts DELETED Viewed

@@ -1,157 +0,0 @@
-#!/usr/bin/env bun
-/**
- * API Response Renderer
- * Broadcasts worker responses to SSE connections for direct API clients
- */
-import { createLogger } from "@lobu/core";
-import type { ThreadResponsePayload } from "../infrastructure/queue/types";
-import type { ResponseRenderer } from "../platform/response-renderer";
-import { broadcastToAgent } from "../routes/public/agent";
-const logger = createLogger("api-response-renderer");
-/**
- * Response renderer for API platform
- * Broadcasts responses to SSE clients instead of external platforms
- */
-export class ApiResponseRenderer implements ResponseRenderer {
-  /**
-   * Handle streaming delta content
-   * Broadcasts delta to SSE connections
-   */
-  async handleDelta(
-    payload: ThreadResponsePayload,
-    _sessionKey: string
-  ): Promise<string | null> {
-    const sessionId =
-      (payload.platformMetadata?.sessionId as string) || payload.conversationId;
-    if (!sessionId) {
-      logger.warn("No session ID found in payload for delta broadcast");
-      return null;
-    }
-    // Broadcast delta to SSE clients
-    broadcastToAgent(sessionId, "output", {
-      type: "delta",
-      content: payload.delta,
-      timestamp: payload.timestamp || Date.now(),
-      messageId: payload.messageId,
-    });
-    logger.debug(
-      `Broadcast delta to session ${sessionId}: ${payload.delta?.length || 0} chars`
-    );
-    return payload.messageId;
-  }
-  /**
-   * Handle completion of response processing
-   * Sends completion event to SSE clients
-   */
-  async handleCompletion(
-    payload: ThreadResponsePayload,
-    _sessionKey: string
-  ): Promise<void> {
-    const sessionId =
-      (payload.platformMetadata?.sessionId as string) || payload.conversationId;
-    if (!sessionId) {
-      logger.warn("No session ID found in payload for completion broadcast");
-      return;
-    }
-    // Broadcast completion to SSE clients
-    broadcastToAgent(sessionId, "complete", {
-      type: "complete",
-      messageId: payload.messageId,
-      processedMessageIds: payload.processedMessageIds,
-      timestamp: payload.timestamp || Date.now(),
-    });
-    logger.info(`Broadcast completion to session ${sessionId}`);
-  }
-  /**
-   * Handle error response
-   * Sends error event to SSE clients
-   */
-  async handleError(
-    payload: ThreadResponsePayload,
-    _sessionKey: string
-  ): Promise<void> {
-    const sessionId =
-      (payload.platformMetadata?.sessionId as string) || payload.conversationId;
-    if (!sessionId) {
-      logger.warn("No session ID found in payload for error broadcast");
-      return;
-    }
-    // Broadcast error to SSE clients
-    broadcastToAgent(sessionId, "error", {
-      type: "error",
-      error: payload.error,
-      messageId: payload.messageId,
-      timestamp: payload.timestamp || Date.now(),
-    });
-    logger.error(`Broadcast error to session ${sessionId}: ${payload.error}`);
-  }
-  /**
-   * Handle status updates (heartbeat with elapsed time)
-   * Sends status event to SSE clients
-   */
-  async handleStatusUpdate(payload: ThreadResponsePayload): Promise<void> {
-    const sessionId =
-      (payload.platformMetadata?.sessionId as string) || payload.conversationId;
-    if (!sessionId) {
-      return;
-    }
-    // Broadcast status to SSE clients
-    broadcastToAgent(sessionId, "status", {
-      type: "status",
-      status: payload.statusUpdate,
-      messageId: payload.messageId,
-      timestamp: payload.timestamp || Date.now(),
-    });
-  }
-  /**
-   * Handle ephemeral messages
-   * For API platform, these are just broadcast as regular events
-   */
-  async handleEphemeral(payload: ThreadResponsePayload): Promise<void> {
-    const sessionId =
-      (payload.platformMetadata?.sessionId as string) || payload.conversationId;
-    if (!sessionId) {
-      return;
-    }
-    // Broadcast ephemeral content to SSE clients
-    broadcastToAgent(sessionId, "ephemeral", {
-      type: "ephemeral",
-      content: payload.content,
-      messageId: payload.messageId,
-      timestamp: payload.timestamp || Date.now(),
-    });
-  }
-  /**
-   * Stop stream for conversation - no-op for API platform
-   * SSE connections handle their own lifecycle
-   */
-  async stopStreamForConversation(
-    _userId: string,
-    _conversationId: string
-  ): Promise<void> {
-    // No-op - SSE connections manage their own lifecycle
-  }
-}

package/src/auth/agent-metadata-store.ts DELETED Viewed

@@ -1,168 +0,0 @@
-import { BaseRedisStore, createLogger } from "@lobu/core";
-import type Redis from "ioredis";
-const logger = createLogger("agent-metadata-store");
-/**
- * Agent metadata - user-facing info about an agent
- */
-export interface AgentMetadata {
-  agentId: string;
-  /** User-friendly name (e.g., "Work Agent", "Personal Assistant") */
-  name: string;
-  description?: string;
-  owner: {
-    platform: string;
-    userId: string;
-  };
-  /** Whether this is the workspace default agent */
-  isWorkspaceAgent?: boolean;
-  /** Workspace/team ID for workspace agents */
-  workspaceId?: string;
-  /** Connection that auto-created this agent (makes it a "sandbox") */
-  parentConnectionId?: string;
-  createdAt: number;
-  lastUsedAt?: number;
-}
-/**
- * Store agent metadata in Redis.
- * Pattern: agent_metadata:{agentId}
- */
-export class AgentMetadataStore extends BaseRedisStore<AgentMetadata> {
-  constructor(redis: Redis) {
-    super({
-      redis,
-      keyPrefix: "agent_metadata",
-      loggerName: "agent-metadata-store",
-    });
-  }
-  /**
-   * Create a new agent with metadata
-   */
-  async createAgent(
-    agentId: string,
-    name: string,
-    platform: string,
-    userId: string,
-    options?: {
-      description?: string;
-      isWorkspaceAgent?: boolean;
-      workspaceId?: string;
-      parentConnectionId?: string;
-    }
-  ): Promise<AgentMetadata> {
-    const metadata: AgentMetadata = {
-      agentId,
-      name,
-      owner: { platform, userId },
-      isWorkspaceAgent: options?.isWorkspaceAgent,
-      workspaceId: options?.workspaceId,
-      parentConnectionId: options?.parentConnectionId,
-      createdAt: Date.now(),
-    };
-    if (options?.description) {
-      metadata.description = options.description;
-    }
-    const key = this.buildKey(agentId);
-    await this.set(key, metadata);
-    // Index sandbox under its parent connection
-    if (options?.parentConnectionId) {
-      await this.redis.sadd(
-        `sandboxes:connection:${options.parentConnectionId}`,
-        agentId
-      );
-    }
-    logger.info(`Created agent metadata for ${agentId}: "${name}"`);
-    return metadata;
-  }
-  /**
-   * Get metadata for an agent
-   */
-  async getMetadata(agentId: string): Promise<AgentMetadata | null> {
-    const key = this.buildKey(agentId);
-    return this.get(key);
-  }
-  /**
-   * Update agent metadata (partial update)
-   */
-  async updateMetadata(
-    agentId: string,
-    updates: Partial<Pick<AgentMetadata, "name" | "description" | "lastUsedAt">>
-  ): Promise<void> {
-    const existing = await this.getMetadata(agentId);
-    if (!existing) {
-      logger.warn(`Cannot update metadata: agent ${agentId} not found`);
-      return;
-    }
-    const updated: AgentMetadata = { ...existing, ...updates };
-    const key = this.buildKey(agentId);
-    await this.set(key, updated);
-    logger.info(`Updated metadata for agent ${agentId}`);
-  }
-  /**
-   * Delete agent metadata
-   */
-  async deleteAgent(agentId: string): Promise<void> {
-    // Clean up sandbox index if this agent has a parent connection
-    const metadata = await this.getMetadata(agentId);
-    if (metadata?.parentConnectionId) {
-      await this.redis.srem(
-        `sandboxes:connection:${metadata.parentConnectionId}`,
-        agentId
-      );
-    }
-    const key = this.buildKey(agentId);
-    await this.delete(key);
-    logger.info(`Deleted metadata for agent ${agentId}`);
-  }
-  /**
-   * Check if agent exists
-   */
-  async hasAgent(agentId: string): Promise<boolean> {
-    const key = this.buildKey(agentId);
-    return this.exists(key);
-  }
-  /**
-   * List sandbox agents belonging to a connection
-   */
-  async listSandboxes(connectionId: string): Promise<AgentMetadata[]> {
-    const agentIds = await this.redis.smembers(
-      `sandboxes:connection:${connectionId}`
-    );
-    const sandboxes: AgentMetadata[] = [];
-    for (const agentId of agentIds) {
-      const data = await this.getMetadata(agentId);
-      if (data) sandboxes.push(data);
-    }
-    sandboxes.sort((a, b) => (b.lastUsedAt ?? 0) - (a.lastUsedAt ?? 0));
-    return sandboxes;
-  }
-  /**
-   * List all agents in the system, sorted by lastUsedAt descending
-   */
-  async listAllAgents(): Promise<AgentMetadata[]> {
-    const prefix = `${this.keyPrefix}:`;
-    const keys = await this.scanByPrefix(prefix);
-    const agents: AgentMetadata[] = [];
-    for (const key of keys) {
-      const data = await this.get(key);
-      if (data) agents.push(data);
-    }
-    agents.sort((a, b) => (b.lastUsedAt ?? 0) - (a.lastUsedAt ?? 0));
-    return agents;
-  }
-}

package/src/auth/api-auth-middleware.ts DELETED Viewed

@@ -1,69 +0,0 @@
-import { timingSafeEqual } from "node:crypto";
-import { verifyWorkerToken } from "@lobu/core";
-import type { Context, Next } from "hono";
-import { verifySettingsSession } from "../routes/public/settings-auth";
-import type { CliTokenService } from "./cli/token-service";
-import type { ExternalAuthClient } from "./external/client";
-export const TOKEN_EXPIRATION_MS = 24 * 60 * 60 * 1000;
-/**
- * Creates a Hono middleware that enforces the standard auth check:
- *   1. Settings session cookie  2. CLI JWT  3. External OAuth  4. Admin password  5. Worker token
- */
-export function createApiAuthMiddleware(opts: {
-  adminPassword?: string;
-  cliTokenService?: CliTokenService;
-  externalAuthClient?: ExternalAuthClient;
-  allowWorkerToken?: boolean;
-  allowSettingsSession?: boolean;
-}) {
-  return async (c: Context, next: Next) => {
-    // 1. Try settings session cookie when explicitly allowed.
-    if (opts.allowSettingsSession && verifySettingsSession(c)) return next();
-    const authHeader = c.req.header("Authorization");
-    if (!authHeader || !authHeader.startsWith("Bearer ")) {
-      return c.json({ success: false, error: "Unauthorized" }, 401);
-    }
-    const token = authHeader.substring(7);
-    // 2. Try CLI JWT
-    if (opts.cliTokenService) {
-      const identity = await opts.cliTokenService.verifyAccessToken(token);
-      if (identity) return next();
-    }
-    // 3. Try external OAuth token (validated against MEMORY_URL userinfo)
-    if (opts.externalAuthClient) {
-      try {
-        const userInfo = await opts.externalAuthClient.fetchUserInfo(token);
-        if (userInfo?.sub) return next();
-      } catch {
-        // Token not valid for external auth, continue to next method
-      }
-    }
-    // 4. Try admin password
-    if (opts.adminPassword) {
-      const a = Buffer.from(token);
-      const b = Buffer.from(opts.adminPassword);
-      if (a.length === b.length && timingSafeEqual(a, b)) {
-        return next();
-      }
-    }
-    // 5. Try worker token when explicitly allowed for the route
-    if (opts.allowWorkerToken !== false) {
-      const workerData = verifyWorkerToken(token);
-      if (workerData) {
-        const tokenAge = Date.now() - workerData.timestamp;
-        if (tokenAge <= TOKEN_EXPIRATION_MS) {
-          return next();
-        }
-      }
-    }
-    return c.json({ success: false, error: "Unauthorized" }, 401);
-  };
-}