@mooncompany/uplink-chat 0.5.0

package/server/routes/push.js

@@ -0,0 +1,156 @@
+/**
+ * Push Routes - Web Push notification endpoints
+ * Uses synchronous file I/O for simplicity and reliability
+ */
+
+import webpush from 'web-push';
+import fs from 'fs';
+import path from 'path';
+import { createLogger } from '../logger.js';
+
+const log = createLogger('Push');
+
+const SUBSCRIPTIONS_FILE = path.join(process.cwd(), 'push-subscriptions.json');
+
+// VAPID configuration
+const VAPID_PUBLIC_KEY = process.env.VAPID_PUBLIC_KEY;
+const VAPID_PRIVATE_KEY = process.env.VAPID_PRIVATE_KEY;
+const VAPID_EMAIL = process.env.VAPID_EMAIL || 'mailto:nate@moonco.pro';
+
+// Configure web-push
+if (VAPID_PUBLIC_KEY && VAPID_PRIVATE_KEY) {
+  webpush.setVapidDetails(VAPID_EMAIL, VAPID_PUBLIC_KEY, VAPID_PRIVATE_KEY);
+  log.info('VAPID configured');
+} else {
+  log.info('VAPID keys not configured - push disabled');
+}
+
+// Load subscriptions from file (sync)
+function loadSubscriptions() {
+  try {
+    if (fs.existsSync(SUBSCRIPTIONS_FILE)) {
+      const data = fs.readFileSync(SUBSCRIPTIONS_FILE, 'utf8');
+      const parsed = JSON.parse(data);
+      log.info(`Loaded ${Object.keys(parsed).length} subscriptions`);
+      return parsed;
+    }
+  } catch (err) {
+    log.debug('No subscriptions file found, starting fresh');
+  }
+  return {};
+}
+
+// Save subscriptions to file (sync)
+function saveSubscriptions(subs) {
+  try {
+    fs.writeFileSync(SUBSCRIPTIONS_FILE, JSON.stringify(subs, null, 2));
+  } catch (err) {
+    log.error('Error saving subscriptions:', err.message);
+  }
+}
+
+// In-memory store, loaded from file on startup
+let subscriptions = loadSubscriptions();
+
+/**
+ * Send a push notification
+ */
+export async function sendPushNotification(userId, payload) {
+  const sub = subscriptions[userId || 'default'];
+  if (!sub) {
+    log.debug(`No subscription for user: ${userId}`);
+    return { ok: false, error: 'No subscription' };
+  }
+
+  try {
+    log.debug(`Sending to endpoint: ${sub.endpoint.substring(0, 50)}...`);
+    const result = await webpush.sendNotification(sub, JSON.stringify(payload));
+    log.debug(`Sent notification to ${userId}`, result);
+    return { ok: true };
+  } catch (err) {
+    log.error('Send failed:', err.statusCode, err.message, err.body);
+    if (err.statusCode === 410) {
+      // Subscription expired, remove it
+      delete subscriptions[userId || 'default'];
+      saveSubscriptions(subscriptions);
+      log.info(`Removed expired subscription for ${userId}`);
+    }
+    return { ok: false, error: err.message };
+  }
+}
+
+/**
+ * Setup push routes
+ */
+export function setupPushRoutes(app, context) {
+  const { log, strictLimiter } = context;
+
+  // GET /api/push/vapid-public
+  app.get('/api/push/vapid-public', (req, res) => {
+    if (!VAPID_PUBLIC_KEY) {
+      return res.status(503).json({ error: 'Push not configured' });
+    }
+    res.json({ publicKey: VAPID_PUBLIC_KEY });
+  });
+
+  // POST /api/push/subscribe
+  app.post('/api/push/subscribe', strictLimiter, (req, res) => {
+    const { subscription, userId } = req.body;
+    if (!subscription || typeof subscription.endpoint !== 'string' || !subscription.keys?.p256dh || !subscription.keys?.auth) {
+      return res.status(400).json({ error: 'Invalid subscription object — endpoint, keys.p256dh, and keys.auth required' });
+    }
+
+    const id = userId || 'default';
+    subscriptions[id] = subscription;
+    saveSubscriptions(subscriptions);
+    
+    log('info', `[Push] Subscription saved for: ${id}`);
+    res.json({ ok: true });
+  });
+
+  // POST /api/push/send
+  app.post('/api/push/send', strictLimiter, async (req, res) => {
+    const { userId, title, body, url, satelliteId, tag } = req.body;
+    
+    if (!VAPID_PUBLIC_KEY) {
+      return res.status(503).json({ error: 'Push not configured' });
+    }
+
+    const result = await sendPushNotification(userId || 'default', {
+      title: title || 'Uplink',
+      body: body || 'New message',
+      url: url || '/',
+      satelliteId,
+      tag: tag || 'uplink-message'
+    });
+
+    if (result.ok) {
+      res.json({ ok: true });
+    } else {
+      res.status(result.error === 'No subscription' ? 404 : 500).json(result);
+    }
+  });
+
+  // DELETE /api/push/unsubscribe
+  app.delete('/api/push/unsubscribe', strictLimiter, (req, res) => {
+    const { userId } = req.body;
+    const id = userId || 'default';
+    
+    delete subscriptions[id];
+    saveSubscriptions(subscriptions);
+    
+    log('info', `[Push] Subscription removed for: ${id}`);
+    res.json({ ok: true });
+  });
+
+  // GET /api/push/status
+  app.get('/api/push/status', (req, res) => {
+    res.json({
+      configured: !!(VAPID_PUBLIC_KEY && VAPID_PRIVATE_KEY),
+      subscriptions: Object.keys(subscriptions).length,
+      publicKey: VAPID_PUBLIC_KEY || null
+    });
+  });
+
+  log('info', '[Push] Routes initialized');
+}

package/server/routes/satellite.js

@@ -0,0 +1,406 @@
+/**
+ * Satellite Routes - Satellite management including session retirement and history
+ */
+
+import fs from 'fs/promises';
+import path from 'path';
+import { badRequest, internalError, ErrorCodes } from '../../utils/errors.js';
+import { sanitizeSatelliteId, isValidId } from '../../utils/id-sanitize.js';
+import { getOpenClawStateDir } from '../openclaw-discover.js';
+
+const AGENT_ID = process.env.OPENCLAW_AGENT_ID || 'main';
+
+/**
+ * Get the sessions store path for a given agent.
+ * Defaults to AGENT_ID (usually 'main') when no agentId is provided.
+ * @param {string} [agentId] - Agent whose store to read
+ */
+async function getSessionsStorePath(agentId) {
+  const stateDir = await getOpenClawStateDir();
+  const id = sanitizeAgentId(agentId) || AGENT_ID;
+  return path.join(stateDir, 'agents', id, 'sessions', 'sessions.json');
+}
+
+/**
+ * Get the sessions directory for a given agent's transcripts.
+ * @param {string} [agentId] - Agent whose sessions dir to read
+ */
+async function getSessionsDir(agentId) {
+  const stateDir = await getOpenClawStateDir();
+  const id = sanitizeAgentId(agentId) || AGENT_ID;
+  return path.join(stateDir, 'agents', id, 'sessions');
+}
+
+/**
+ * Sanitize an agentId to prevent path traversal.
+ * Only allows lowercase alphanumeric + hyphens, max 64 chars.
+ */
+function sanitizeAgentId(agentId) {
+  if (!agentId || typeof agentId !== 'string') return '';
+  return agentId.replace(/[^a-z0-9-]/g, '').substring(0, 64);
+}
+
+/**
+ * Setup satellite routes
+ * @param {Express} app - Express app instance
+ * @param {Object} context - Request context
+ */
+export function setupSatelliteRoutes(app, context) {
+  const { log } = context;
+  // Note: Session key uses 'default' as userId to match channel.js
+
+  /**
+   * Retire a satellite - removes both local session and OpenClaw session
+   * 
+   * POST /api/satellite/retire
+   * Body: { satelliteId: string }
+   * 
+   * Returns: { ok: boolean, sessionDeleted: boolean, transcriptDeleted: boolean, message: string }
+   */
+  app.post('/api/satellite/retire', async (req, res) => {
+    const { satelliteId, agentId: rawAgentId } = req.body;
+
+    // Validate satellite ID
+    if (!satelliteId || typeof satelliteId !== 'string') {
+      return badRequest(res, 'satelliteId is required', ErrorCodes.MISSING_FIELD);
+    }
+
+    if (satelliteId.length > 100) {
+      return badRequest(res, 'satelliteId too long', ErrorCodes.VALIDATION_ERROR);
+    }
+
+    // Cannot retire the primary satellite via API
+    if (satelliteId === 'main') {
+      return badRequest(res, 'Cannot retire the primary satellite', ErrorCodes.VALIDATION_ERROR);
+    }
+
+    // Sanitize the satellite ID
+    const cleanId = sanitizeSatelliteId(satelliteId);
+    if (cleanId !== satelliteId) {
+      return badRequest(res, 'satelliteId contains invalid characters', ErrorCodes.VALIDATION_ERROR);
+    }
+
+    const agentId = rawAgentId ? String(rawAgentId).replace(/[^a-z0-9-]/g, '').substring(0, 64) || 'main' : 'main';
+
+    // Session keys to try - current + legacy formats for backward compatibility
+    // Current format (channel.js): agent:{agentId}:uplink:satellite:<satelliteId>
+    // Legacy formats from previous versions (always used agent:main):
+    const sessionKeysToTry = [
+      `agent:${agentId}:uplink:satellite:${cleanId}`,
+      `agent:main:uplink:satellite:${cleanId}`,
+      `agent:main:uplink-default:${cleanId}`,
+      `agent:main:uplink-uplink-user:${cleanId}`
+    ];
+
+    log('info', `[Satellite] Retiring satellite ${cleanId}, trying keys: ${sessionKeysToTry.join(', ')}`);
+
+    const result = {
+      ok: true,
+      satelliteId: cleanId,
+      sessionKeysDeleted: [],
+      transcriptsDeleted: [],
+      message: ''
+    };
+
+    try {
+      const storePath = await getSessionsStorePath(agentId);
+      const sessionsDir = await getSessionsDir(agentId);
+      let store = {};
+      let storeModified = false;
+
+      // Read the sessions store
+      try {
+        const storeContent = await fs.readFile(storePath, 'utf8');
+        store = JSON.parse(storeContent);
+      } catch (readErr) {
+        if (readErr.code === 'ENOENT') {
+          log('warn', `[Satellite] Sessions store not found at ${storePath}`);
+        } else {
+          throw readErr;
+        }
+      }
+
+      // Try to delete each possible session key format
+      for (const sessionKey of sessionKeysToTry) {
+        if (store[sessionKey]) {
+          const sessionEntry = store[sessionKey];
+          
+          // Delete session entry
+          delete store[sessionKey];
+          storeModified = true;
+          result.sessionKeysDeleted.push(sessionKey);
+          log('info', `[Satellite] Removed session entry: ${sessionKey}`);
+
+          // Delete transcript file (validate sessionId to prevent path traversal)
+          if (sessionEntry.sessionId && /^[a-f0-9-]+$/i.test(sessionEntry.sessionId)) {
+            const transcriptPath = path.join(sessionsDir, `${sessionEntry.sessionId}.jsonl`);
+            // Verify the resolved path stays within sessionsDir
+            const resolvedPath = path.resolve(transcriptPath);
+            if (!resolvedPath.startsWith(path.resolve(sessionsDir))) {
+              log('warn', `[Satellite] Path traversal blocked: ${resolvedPath}`);
+              continue;
+            }
+            try {
+              await fs.unlink(transcriptPath);
+              result.transcriptsDeleted.push(sessionEntry.sessionId);
+              log('info', `[Satellite] Deleted transcript: ${transcriptPath}`);
+            } catch (unlinkErr) {
+              if (unlinkErr.code !== 'ENOENT') {
+                log('error', `[Satellite] Error deleting transcript: ${unlinkErr.message}`);
+              }
+            }
+          }
+        }
+      }
+
+      // Write back the updated store if modified
+      if (storeModified) {
+        await fs.writeFile(storePath, JSON.stringify(store, null, 2));
+      }
+
+      // Build result message
+      const parts = [];
+      if (result.sessionKeysDeleted.length > 0) {
+        parts.push(`${result.sessionKeysDeleted.length} session(s) removed`);
+      }
+      if (result.transcriptsDeleted.length > 0) {
+        parts.push(`${result.transcriptsDeleted.length} transcript(s) deleted`);
+      }
+      if (parts.length === 0) {
+        parts.push('no OpenClaw data found');
+      }
+      
+      result.message = `Satellite retired: ${parts.join(', ')}`;
+      result.sessionDeleted = result.sessionKeysDeleted.length > 0;
+      result.transcriptDeleted = result.transcriptsDeleted.length > 0;
+      
+      res.json(result);
+
+    } catch (err) {
+      log('error', `[Satellite] Retire error: ${err.message}`);
+      // internalError now sanitizes automatically in production
+      internalError(res, 'Failed to retire satellite', ErrorCodes.INTERNAL_ERROR);
+    }
+  });
+
+  /**
+   * Get session history from Gateway by reading JSONL transcript files directly
+   * 
+   * GET /api/gateway/history?satelliteId=main&limit=50
+   * 
+   * Returns: { ok: boolean, messages: Array }
+   */
+  app.get('/api/gateway/history', async (req, res) => {
+    const satelliteId = sanitizeSatelliteId(req.query.satelliteId);
+    const agentId = req.query.agentId ? String(req.query.agentId).replace(/[^a-z0-9-]/g, '').substring(0, 64) || 'main' : 'main';
+    const limit = Math.min(Math.max(parseInt(req.query.limit, 10) || 50, 1), 200);
+
+    // Build session key to match channel.js logic
+    const sessionKey = satelliteId === 'main' 
+      ? `agent:${agentId}:main`  // Shared with Dashboard
+      : `agent:${agentId}:uplink:satellite:${satelliteId}`;
+
+    log('debug', `[Satellite] Fetching history for session: ${sessionKey}`);
+
+    try {
+      const storePath = await getSessionsStorePath(agentId);
+      const sessionsDir = await getSessionsDir(agentId);
+      
+      // Read sessions store to find sessionId
+      let store = {};
+      try {
+        const storeContent = await fs.readFile(storePath, 'utf8');
+        store = JSON.parse(storeContent);
+      } catch (readErr) {
+        if (readErr.code === 'ENOENT') {
+          return res.json({ ok: true, sessionKey, messages: [] });
+        }
+        throw readErr;
+      }
+
+      const sessionEntry = store[sessionKey];
+      if (!sessionEntry || !sessionEntry.sessionId) {
+        return res.json({ ok: true, sessionKey, messages: [] });
+      }
+
+      // Validate sessionId format to prevent path traversal
+      if (!/^[a-f0-9-]+$/i.test(sessionEntry.sessionId)) {
+        log('warn', `[Satellite] Invalid sessionId format: ${sessionEntry.sessionId}`);
+        return res.json({ ok: true, sessionKey, messages: [] });
+      }
+
+      // Read transcript JSONL file
+      const transcriptPath = path.join(sessionsDir, `${sessionEntry.sessionId}.jsonl`);
+      // Verify the resolved path stays within sessionsDir
+      const resolvedTranscriptPath = path.resolve(transcriptPath);
+      if (!resolvedTranscriptPath.startsWith(path.resolve(sessionsDir))) {
+        log('warn', `[Satellite] Path traversal blocked in history: ${resolvedTranscriptPath}`);
+        return res.json({ ok: true, sessionKey, messages: [] });
+      }
+      let transcriptContent = '';
+      try {
+        transcriptContent = await fs.readFile(transcriptPath, 'utf8');
+      } catch (readErr) {
+        if (readErr.code === 'ENOENT') {
+          return res.json({ ok: true, sessionKey, messages: [] });
+        }
+        throw readErr;
+      }
+
+      // Parse JSONL and format messages
+      const messages = parseTranscriptForUplink(transcriptContent, limit);
+      
+      res.json({
+        ok: true,
+        sessionKey,
+        messages,
+        sessionId: sessionEntry.sessionId
+      });
+
+    } catch (err) {
+      log('error', `[Satellite] History fetch error: ${err.message}`);
+      // internalError now sanitizes automatically in production
+      internalError(res, 'Failed to fetch history', ErrorCodes.INTERNAL_ERROR);
+    }
+  });
+
+  /**
+   * Parse JSONL transcript and format for Uplink
+   * JSONL format: {"type":"message","message":{"role":"user|assistant","content":...}}
+   */
+  function parseTranscriptForUplink(content, limit) {
+    const lines = content.trim().split('\n').filter(line => line.trim());
+    const messages = [];
+    
+    for (const line of lines) {
+      try {
+        const entry = JSON.parse(line);
+        
+        // OpenClaw JSONL wraps messages: {"type":"message","message":{...}}
+        const msg = entry.message || entry;
+        
+        // Skip tool results and other non-chat messages
+        if (msg.role === 'toolResult' || msg.role === 'tool') {
+          continue;
+        }
+        
+        // Extract text content from various message formats
+        let text = '';
+        if (typeof msg.content === 'string') {
+          text = msg.content;
+        } else if (Array.isArray(msg.content)) {
+          // Handle content blocks (text, thinking, toolCall)
+          for (const block of msg.content) {
+            if (block.type === 'text' && block.text) {
+              text += block.text + '\n';
+            }
+          }
+          text = text.trim();
+        }
+        
+        // Skip empty messages, heartbeat prompts/acks
+        if (!text) continue;
+        
+        // Filter heartbeat-related messages
+        const isHeartbeat = 
+          text === 'HEARTBEAT_OK' || 
+          text.includes('HEARTBEAT_OK') ||
+          text.includes('Read HEARTBEAT.md') ||
+          text.includes('If nothing needs attention, reply HEARTBEAT_OK');
+        if (isHeartbeat) continue;
+        
+        if (msg.role) {
+          messages.push({
+            text,
+            type: msg.role === 'user' ? 'user' : 'assistant',
+            timestamp: msg.timestamp ? new Date(msg.timestamp).getTime() : 
+                       entry.timestamp ? new Date(entry.timestamp).getTime() : Date.now(),
+            fromGateway: true
+          });
+        }
+      } catch {
+        // Skip unparseable lines
+      }
+    }
+    
+    // Return last N messages (most recent)
+    return messages.slice(-limit);
+  }
+
+  /**
+   * List all Uplink sessions across all agents.
+   * Scans every agent's sessions.json for keys containing `:uplink:satellite:`.
+   * Returns rich metadata so clients can render satellites without local state.
+   *
+   * GET /api/satellite/sessions
+   *
+   * Returns: { ok: boolean, sessions: Array<{
+   *   sessionKey, satelliteId, agentId, agentName, updatedAt, model, totalTokens
+   * }> }
+   */
+  app.get('/api/satellite/sessions', async (req, res) => {
+    try {
+      const stateDir = await getOpenClawStateDir();
+      const agentsDir = path.join(stateDir, 'agents');
+
+      let agentDirs = [];
+      try {
+        agentDirs = await fs.readdir(agentsDir, { withFileTypes: true });
+      } catch (readErr) {
+        if (readErr.code === 'ENOENT') {
+          return res.json({ ok: true, sessions: [] });
+        }
+        throw readErr;
+      }
+
+      const sessions = [];
+
+      for (const entry of agentDirs) {
+        if (!entry.isDirectory()) continue;
+
+        const agentId = entry.name;
+
+        // Skip test agents
+        if (agentId.startsWith('test-')) continue;
+        const storePath = path.join(agentsDir, agentId, 'sessions', 'sessions.json');
+
+        let store;
+        try {
+          const content = await fs.readFile(storePath, 'utf8');
+          store = JSON.parse(content);
+        } catch {
+          continue; // No sessions file for this agent
+        }
+
+        for (const [key, sessionEntry] of Object.entries(store)) {
+          // Match keys like agent:{agentId}:uplink:satellite:{satId}
+          if (!key.includes(':uplink:satellite:')) continue;
+
+          // Parse the key to extract satelliteId
+          const satMatch = key.match(/:uplink:satellite:(.+)$/);
+          if (!satMatch) continue;
+
+          const satelliteId = satMatch[1];
+
+          sessions.push({
+            sessionKey: key,
+            satelliteId,
+            agentId,
+            updatedAt: sessionEntry.updatedAt || 0,
+            model: sessionEntry.model || 'unknown',
+            totalTokens: sessionEntry.totalTokens || 0
+          });
+        }
+      }
+
+      // Sort by most recently active first
+      sessions.sort((a, b) => b.updatedAt - a.updatedAt);
+
+      res.json({ ok: true, sessions });
+
+    } catch (err) {
+      log('error', `[Satellite] List sessions error: ${err.message}`);
+      internalError(res, 'Failed to list sessions', ErrorCodes.INTERNAL_ERROR);
+    }
+  });
+}