@naisys/common-node 3.0.0-beta.10

package/dist/agentConfigLoader.js

@@ -0,0 +1,80 @@
+import { adminAgentConfig, AgentConfigFileSchema } from "@naisys/common";
+import * as fs from "fs";
+import yaml from "js-yaml";
+import * as path from "path";
+/** Loads agent yaml configs from a file or directory path, returns a map of userId → UserEntry */
+export function loadAgentConfigs(startupPath) {
+    const configEntries = [];
+    const usernameToPath = new Map();
+    const resolvedPath = path.resolve(startupPath);
+    if (fs.statSync(resolvedPath).isDirectory()) {
+        processDirectory(resolvedPath, undefined, configEntries, usernameToPath);
+    }
+    else {
+        processFile(resolvedPath, undefined, configEntries, usernameToPath);
+    }
+    // Add admin if not present
+    const hasAdmin = configEntries.some((e) => e.username === adminAgentConfig.username);
+    if (!hasAdmin) {
+        configEntries.push({
+            username: adminAgentConfig.username,
+            leadEntryIndex: undefined,
+            config: adminAgentConfig,
+        });
+    }
+    // Build userId map (1-based sequential IDs)
+    const userMap = new Map();
+    for (let i = 0; i < configEntries.length; i++) {
+        const entry = configEntries[i];
+        const userId = i + 1;
+        const leadUserId = entry.leadEntryIndex !== undefined ? entry.leadEntryIndex + 1 : undefined;
+        userMap.set(userId, {
+            userId,
+            username: entry.username,
+            enabled: true,
+            leadUserId,
+            config: entry.config,
+        });
+    }
+    return userMap;
+}
+function processDirectory(dirPath, leadEntryIndex, configEntries, usernameToPath) {
+    const files = fs.readdirSync(dirPath);
+    for (const file of files) {
+        if (file.endsWith(".yaml") || file.endsWith(".yml")) {
+            processFile(path.join(dirPath, file), leadEntryIndex, configEntries, usernameToPath);
+        }
+    }
+}
+function processFile(filePath, leadEntryIndex, configEntries, usernameToPath) {
+    const absolutePath = path.resolve(filePath);
+    try {
+        const configYaml = fs.readFileSync(absolutePath, "utf8");
+        const configObj = yaml.load(configYaml);
+        const agentConfig = AgentConfigFileSchema.parse(configObj);
+        const username = agentConfig.username;
+        // Check for duplicate usernames from different files
+        const existingPath = usernameToPath.get(username);
+        if (existingPath && existingPath !== absolutePath) {
+            throw new Error(`Duplicate username "${username}" found in multiple files:\n  ${existingPath}\n  ${absolutePath}`);
+        }
+        usernameToPath.set(username, absolutePath);
+        const currentIndex = configEntries.length;
+        configEntries.push({
+            username,
+            leadEntryIndex,
+            config: agentConfig,
+        });
+        console.log(`Loaded user: ${username} from ${filePath}`);
+        // Check for a subdirectory matching the filename (without extension)
+        const ext = path.extname(absolutePath);
+        const baseName = path.basename(absolutePath, ext);
+        const subDir = path.join(path.dirname(absolutePath), baseName);
+        if (fs.existsSync(subDir) && fs.statSync(subDir).isDirectory()) {
+            processDirectory(subDir, currentIndex, configEntries, usernameToPath);
+        }
+    }
+    catch (e) {
+        throw new Error(`Failed to process agent config at ${filePath}: ${e}`);
+    }
+}

package/dist/bearerToken.js

@@ -0,0 +1,9 @@
+/**
+ * Extract the API key from an Authorization: Bearer header value.
+ * Returns undefined if the header is missing or not in Bearer format.
+ */
+export function extractBearerToken(authHeader) {
+    if (!authHeader?.startsWith("Bearer "))
+        return undefined;
+    return authHeader.slice(7);
+}

package/dist/customModelsLoader.js

@@ -0,0 +1,39 @@
+import { CustomModelsFileSchema } from "@naisys/common";
+import fs from "fs";
+import yaml from "js-yaml";
+import path from "path";
+export function loadCustomModels(folder) {
+    if (!folder) {
+        return { llmModels: [], imageModels: [] };
+    }
+    const filePath = path.join(folder, "custom-models.yaml");
+    if (!fs.existsSync(filePath)) {
+        return { llmModels: [], imageModels: [] };
+    }
+    const raw = fs.readFileSync(filePath, "utf-8");
+    const parsed = yaml.load(raw);
+    const result = CustomModelsFileSchema.parse(parsed);
+    return {
+        llmModels: result.llmModels ?? [],
+        imageModels: result.imageModels ?? [],
+    };
+}
+export function saveCustomModels(data) {
+    const folder = process.env.NAISYS_FOLDER;
+    if (!folder) {
+        throw new Error("NAISYS_FOLDER environment variable is not set");
+    }
+    // Validate before writing
+    CustomModelsFileSchema.parse(data);
+    // Omit empty arrays from output
+    const output = {};
+    if (data.llmModels && data.llmModels.length > 0) {
+        output.llmModels = data.llmModels;
+    }
+    if (data.imageModels && data.imageModels.length > 0) {
+        output.imageModels = data.imageModels;
+    }
+    const filePath = path.join(folder, "custom-models.yaml");
+    const yamlStr = yaml.dump(output, { lineWidth: -1 });
+    fs.writeFileSync(filePath, yamlStr, "utf-8");
+}

package/dist/expandEnv.js

@@ -0,0 +1,7 @@
+import os from "os";
+/** Expand ~ to the user's home directory in NAISYS_FOLDER */
+export function expandNaisysFolder() {
+    if (process.env.NAISYS_FOLDER?.startsWith("~")) {
+        process.env.NAISYS_FOLDER = process.env.NAISYS_FOLDER.replace("~", os.homedir());
+    }
+}

package/dist/hashToken.js

@@ -0,0 +1,5 @@
+import { createHash } from "crypto";
+/** Hash a token (session cookie, API key) with SHA-256 for safe cache keys / DB lookup. */
+export function hashToken(token) {
+    return createHash("sha256").update(token).digest("hex");
+}

package/dist/hubCertVerification.js

@@ -0,0 +1,20 @@
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+/**
+ * Read the hub access key from the local cert file at NAISYS_FOLDER/cert/hub-access-key.
+ * Returns undefined if the file does not exist.
+ */
+export function readHubAccessKeyFile() {
+    const naisysFolder = process.env.NAISYS_FOLDER || "";
+    const accessKeyPath = join(naisysFolder, "cert", "hub-access-key");
+    if (!existsSync(accessKeyPath))
+        return undefined;
+    return readFileSync(accessKeyPath, "utf-8").trim();
+}
+/**
+ * Resolve the hub access key from environment variable or local cert file.
+ * Returns undefined if neither is available.
+ */
+export function resolveHubAccessKey() {
+    return process.env.HUB_ACCESS_KEY || readHubAccessKeyFile();
+}

package/dist/index.js

@@ -0,0 +1,9 @@
+export * from "./agentConfigLoader.js";
+export * from "./bearerToken.js";
+export * from "./customModelsLoader.js";
+export * from "./expandEnv.js";
+export * from "./hashToken.js";
+export * from "./hubCertVerification.js";
+export * from "./logFileService.js";
+export * from "./migrationHelper.js";
+export * from "./sessionCookie.js";

package/dist/logFileService.js

@@ -0,0 +1,58 @@
+import fsp from "node:fs/promises";
+const MAX_READ_BYTES = 256 * 1024;
+export async function tailLogFile(filePath, lineCount, minLevel) {
+    let stat;
+    try {
+        stat = await fsp.stat(filePath);
+    }
+    catch {
+        return { entries: [], fileSize: 0 };
+    }
+    const fileSize = stat.size;
+    if (fileSize === 0) {
+        return { entries: [], fileSize: 0 };
+    }
+    const readSize = Math.min(fileSize, MAX_READ_BYTES);
+    const position = fileSize - readSize;
+    const buffer = Buffer.alloc(readSize);
+    const handle = await fsp.open(filePath, "r");
+    try {
+        await handle.read(buffer, 0, readSize, position);
+    }
+    finally {
+        await handle.close();
+    }
+    const text = buffer.toString("utf-8");
+    const lines = text.split("\n").filter((line) => line.trim().length > 0);
+    // If we didn't read from the start, drop the first line (likely partial)
+    if (position > 0 && lines.length > 0) {
+        lines.shift();
+    }
+    const OMIT_KEYS = new Set(["level", "time", "msg", "pid", "hostname"]);
+    const entries = [];
+    for (const line of lines) {
+        try {
+            const parsed = JSON.parse(line);
+            const level = parsed.level ?? 30;
+            if (minLevel != null && level < minLevel)
+                continue;
+            const extra = {};
+            for (const key of Object.keys(parsed)) {
+                if (!OMIT_KEYS.has(key)) {
+                    extra[key] = parsed[key];
+                }
+            }
+            const detail = Object.keys(extra).length > 0 ? JSON.stringify(extra) : undefined;
+            entries.push({
+                level,
+                time: parsed.time ?? 0,
+                msg: parsed.msg ?? "",
+                detail,
+            });
+        }
+        catch {
+            // skip malformed lines
+        }
+    }
+    return { entries: entries.slice(-lineCount), fileSize };
+}

package/dist/migrationHelper.js

@@ -0,0 +1,121 @@
+import Database from "better-sqlite3";
+import { exec } from "child_process";
+import { existsSync, mkdirSync, unlinkSync } from "fs";
+import { dirname, join, resolve } from "path";
+import { promisify } from "util";
+const execAsync = promisify(exec);
+/**
+ * Shared helper that runs `prisma migrate deploy` with a version-checked fast path.
+ * Uses `better-sqlite3` directly (synchronous, no Prisma dependency) for the version check.
+ */
+export async function deployPrismaMigrations(options) {
+    const { packageDir, databasePath, expectedVersion, envOverrides } = options;
+    // Ensure database directory exists
+    const databaseDir = dirname(databasePath);
+    if (!existsSync(databaseDir)) {
+        mkdirSync(databaseDir, { recursive: true });
+    }
+    let currentVersion;
+    // Check version if database file already exists
+    if (existsSync(databasePath)) {
+        const db = new Database(databasePath);
+        try {
+            const row = db
+                .prepare("SELECT version FROM schema_version WHERE id = 1")
+                .get();
+            currentVersion = row?.version;
+        }
+        catch {
+            // "no such table" → treat as new DB, proceed with migration
+        }
+        // Switch from WAL to DELETE journal mode before closing. This merges any
+        // pending WAL data and removes the -wal/-shm files entirely. Without this,
+        // prisma migrate (a separate process) sees the leftover SHM file and fails
+        // with "database is locked".
+        try {
+            db.pragma("journal_mode=DELETE");
+        }
+        catch {
+            // Failed — another process may genuinely hold the lock
+        }
+        db.close();
+        if (currentVersion === expectedVersion) {
+            return; // Fast path — already at expected version
+        }
+    }
+    // Log migration status
+    if (currentVersion !== undefined) {
+        if (currentVersion > expectedVersion) {
+            throw new Error(`Database version ${currentVersion} is newer than expected ${expectedVersion}. Manual intervention required.`);
+        }
+        console.log(`Migrating database from version ${currentVersion} to ${expectedVersion}...`);
+    }
+    else {
+        console.log(`Creating new database with schema version ${expectedVersion}...`);
+    }
+    // Run prisma migrate deploy
+    const schemaPath = join(packageDir, "prisma", "schema.prisma");
+    const absoluteDbPath = resolve(databasePath).replace(/\\/g, "/");
+    let stdout;
+    let stderr;
+    try {
+        ({ stdout, stderr } = await execAsync(`npx prisma migrate deploy --schema="${schemaPath}"`, {
+            cwd: packageDir,
+            env: {
+                ...process.env,
+                // Resolve to absolute so prisma.config.ts gets a correct path
+                // regardless of this subprocess's cwd (which is packageDir)
+                NAISYS_FOLDER: resolve(process.env.NAISYS_FOLDER || ""),
+                ...envOverrides,
+            },
+        }));
+    }
+    catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        if (msg.includes("database is locked")) {
+            // Stale WAL/SHM files from a crashed process — remove and retry
+            const walPath = absoluteDbPath + "-wal";
+            const shmPath = absoluteDbPath + "-shm";
+            let removed = false;
+            for (const staleFile of [walPath, shmPath]) {
+                if (existsSync(staleFile)) {
+                    console.log(`Removing stale file: ${staleFile}`);
+                    unlinkSync(staleFile);
+                    removed = true;
+                }
+            }
+            if (removed) {
+                console.log("Retrying migration after removing stale WAL files...");
+                ({ stdout, stderr } = await execAsync(`npx prisma migrate deploy --schema="${schemaPath}"`, {
+                    cwd: packageDir,
+                    env: {
+                        ...process.env,
+                        NAISYS_FOLDER: resolve(process.env.NAISYS_FOLDER || ""),
+                        ...envOverrides,
+                    },
+                }));
+            }
+            else {
+                throw new Error(`Database is locked: ${absoluteDbPath}\n` +
+                    `Another process may be using the database.`);
+            }
+        }
+        else {
+            throw error;
+        }
+    }
+    if (stdout)
+        console.log(stdout);
+    if (stderr && !stderr.includes("Loaded Prisma config")) {
+        console.error(stderr);
+    }
+    // Upsert schema_version row via raw SQL
+    const db = new Database(absoluteDbPath);
+    try {
+        db.prepare("INSERT OR REPLACE INTO schema_version (id, version, updated) VALUES (1, ?, ?)").run(expectedVersion, new Date().toISOString());
+    }
+    finally {
+        db.close();
+    }
+    console.log("Database migration completed.");
+}

package/dist/sessionCookie.js

@@ -0,0 +1,10 @@
+export const SESSION_COOKIE_NAME = "naisys_session";
+export function sessionCookieOptions(expiresAt) {
+    return {
+        path: "/",
+        httpOnly: true,
+        sameSite: "lax",
+        secure: process.env.NODE_ENV === "production",
+        maxAge: Math.floor((expiresAt.getTime() - Date.now()) / 1000),
+    };
+}

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@naisys/common-node",
+  "version": "3.0.0-beta.10",
+  "type": "module",
+  "description": "[internal] Node-only utilities for NAISYS",
+  "files": [
+    "dist",
+    "!dist/**/*.map",
+    "!dist/**/*.d.ts",
+    "!dist/**/*.d.ts.map"
+  ],
+  "scripts": {
+    "clean": "rimraf dist",
+    "build": "tsc",
+    "npm:publish:dryrun": "npm publish --dry-run",
+    "npm:publish": "npm publish --access public"
+  },
+  "dependencies": {
+    "@naisys/common": "3.0.0-beta.10",
+    "better-sqlite3": "^12.6.2",
+    "js-yaml": "^4.1.1"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/js-yaml": "^4.0.9",
+    "typescript": "^5.9.3"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  }
+}