@naisys/supervisor 3.0.0-beta.10

package/dist/routes/agents.js

@@ -0,0 +1,236 @@
+import { AgentDetailResponseSchema, AgentListRequestSchema, AgentListResponseSchema, AgentUsernameParamsSchema, CreateAgentConfigRequestSchema, CreateAgentConfigResponseSchema, ErrorResponseSchema, } from "@naisys/supervisor-shared";
+import { hasPermission, requirePermission } from "../auth-middleware.js";
+import { badRequest, notFound } from "../error-helpers.js";
+import { API_PREFIX, collectionLink, schemaLink, selfLink, } from "../hateoas.js";
+import { resolveActions } from "../route-helpers.js";
+import { createAgentConfig } from "../services/agentConfigService.js";
+import { getAgentStatus, isAgentActive, } from "../services/agentHostStatusService.js";
+import { getAgent, getAgents, resolveAgentId, } from "../services/agentService.js";
+function agentActions(username, user, enabled, archived, agentId, hasSpendLimit) {
+    const active = agentId ? isAgentActive(agentId) : false;
+    const href = `${API_PREFIX}/agents/${username}`;
+    return resolveActions([
+        {
+            rel: "start",
+            path: "/start",
+            method: "POST",
+            title: "Start Agent",
+            schema: `${API_PREFIX}/schemas/StartAgent`,
+            body: { task: "" },
+            permission: "manage_agents",
+            disabledWhen: (ctx) => ctx.active
+                ? "Agent is already running"
+                : ctx.archived
+                    ? "Agent is archived"
+                    : !ctx.enabled
+                        ? "Agent is disabled"
+                        : null,
+        },
+        {
+            rel: "stop",
+            path: "/stop",
+            method: "POST",
+            title: "Stop Agent",
+            permission: "manage_agents",
+            disabledWhen: (ctx) => (!ctx.active ? "Agent is not running" : null),
+        },
+        {
+            rel: "disable",
+            path: "/disable",
+            method: "POST",
+            title: "Disable Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived && ctx.enabled,
+        },
+        {
+            rel: "enable",
+            path: "/enable",
+            method: "POST",
+            title: "Enable Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived && !ctx.enabled && !ctx.active,
+        },
+        {
+            rel: "archive",
+            path: "/archive",
+            method: "POST",
+            title: "Archive Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived,
+            disabledWhen: (ctx) => ctx.active ? "Stop the agent before archiving" : null,
+        },
+        {
+            rel: "unarchive",
+            path: "/unarchive",
+            method: "POST",
+            title: "Unarchive Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => ctx.archived,
+        },
+        {
+            rel: "delete",
+            method: "DELETE",
+            title: "Delete Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.active && ctx.archived,
+            hideWithoutPermission: true,
+        },
+        {
+            rel: "update-config",
+            path: "/config",
+            method: "PUT",
+            title: "Update Agent Config",
+            schema: `${API_PREFIX}/schemas/UpdateAgentConfig`,
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived,
+        },
+        {
+            rel: "set-lead",
+            path: "/lead",
+            method: "PUT",
+            title: "Set Lead Agent",
+            schema: `${API_PREFIX}/schemas/SetLeadAgent`,
+            body: { leadAgentUsername: "" },
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived,
+        },
+        {
+            rel: "reset-spend",
+            path: "/reset-spend",
+            method: "POST",
+            title: "Reset Spend",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived && ctx.hasSpendLimit,
+        },
+    ], href, { user, active, archived, enabled, hasSpendLimit: hasSpendLimit ?? false });
+}
+function agentLinks(username, config) {
+    const links = [
+        selfLink(`/agents/${username}`),
+        { rel: "config", href: `${API_PREFIX}/agents/${username}/config` },
+        { rel: "runs", href: `${API_PREFIX}/agents/${username}/runs` },
+        collectionLink("agents"),
+    ];
+    if (config?.mailEnabled) {
+        links.push({ rel: "mail", href: `${API_PREFIX}/agents/${username}/mail` });
+    }
+    if (config?.chatEnabled) {
+        links.push({ rel: "chat", href: `${API_PREFIX}/agents/${username}/chat` });
+    }
+    return links;
+}
+export default function agentsRoutes(fastify, _options) {
+    // GET / — List agents
+    fastify.get("/", {
+        schema: {
+            description: "List agents with status and metadata",
+            tags: ["Agents"],
+            querystring: AgentListRequestSchema,
+            response: {
+                200: AgentListResponseSchema,
+                500: ErrorResponseSchema,
+            },
+        },
+    }, async (request, _reply) => {
+        const { updatedSince } = request.query;
+        const agents = await getAgents(updatedSince);
+        const items = agents.map((agent) => ({
+            ...agent,
+            status: getAgentStatus(agent.id),
+        }));
+        const hasManagePermission = hasPermission(request.supervisorUser, "manage_agents");
+        const actions = [
+            {
+                rel: "create",
+                href: `${API_PREFIX}/agents`,
+                method: "POST",
+                title: "Create Agent",
+                schema: `${API_PREFIX}/schemas/CreateAgent`,
+                body: { name: "" },
+                ...(hasManagePermission
+                    ? {}
+                    : {
+                        disabled: true,
+                        disabledReason: "Requires manage_agents permission",
+                    }),
+            },
+        ];
+        return {
+            items,
+            timestamp: new Date().toISOString(),
+            _links: [selfLink("/agents"), schemaLink("CreateAgent")],
+            _linkTemplates: [
+                { rel: "item", hrefTemplate: `${API_PREFIX}/agents/{name}` },
+            ],
+            _actions: actions,
+        };
+    });
+    // POST / — Create agent
+    fastify.post("/", {
+        preHandler: [requirePermission("manage_agents")],
+        schema: {
+            description: "Create a new agent with configuration file",
+            tags: ["Agents"],
+            body: CreateAgentConfigRequestSchema,
+            response: {
+                200: CreateAgentConfigResponseSchema,
+                400: ErrorResponseSchema,
+                500: ErrorResponseSchema,
+            },
+            security: [{ cookieAuth: [] }],
+        },
+    }, async (request, reply) => {
+        try {
+            const { name, title } = request.body;
+            if (!/^[a-zA-Z0-9_-]+$/.test(name)) {
+                return badRequest(reply, "Agent name must contain only alphanumeric characters, hyphens, and underscores");
+            }
+            const { config } = await createAgentConfig(name, title);
+            return {
+                success: true,
+                message: `Agent '${name}' created successfully`,
+                name,
+                _links: agentLinks(name, config),
+                _actions: agentActions(name, request.supervisorUser, true, false),
+            };
+        }
+        catch (error) {
+            request.log.error(error, "Error in POST /agents route");
+            const errorMessage = error instanceof Error ? error.message : "Unknown error";
+            if (errorMessage.includes("already exists")) {
+                return badRequest(reply, errorMessage);
+            }
+            throw error;
+        }
+    });
+    // GET /:username — Agent detail with config
+    fastify.get("/:username", {
+        schema: {
+            description: "Get agent detail with configuration",
+            tags: ["Agents"],
+            params: AgentUsernameParamsSchema,
+            response: {
+                200: AgentDetailResponseSchema,
+                404: ErrorResponseSchema,
+                500: ErrorResponseSchema,
+            },
+        },
+    }, async (request, reply) => {
+        const { username } = request.params;
+        const id = resolveAgentId(username);
+        if (!id) {
+            return notFound(reply, `Agent '${username}' not found`);
+        }
+        const agent = await getAgent(id);
+        if (!agent) {
+            return notFound(reply, `Agent '${username}' not found`);
+        }
+        return {
+            ...agent,
+            status: getAgentStatus(id),
+            _links: agentLinks(username, agent.config),
+            _actions: agentActions(username, request.supervisorUser, agent.enabled ?? false, agent.archived ?? false, id, agent.config?.spendLimitDollars != null),
+        };
+    });
+}
+//# sourceMappingURL=agents.js.map

package/dist/routes/api.js

@@ -0,0 +1,52 @@
+import { registerAuthMiddleware } from "../auth-middleware.js";
+import adminRoutes from "./admin.js";
+import agentChatRoutes from "./agentChat.js";
+import agentConfigRoutes from "./agentConfig.js";
+import agentLifecycleRoutes from "./agentLifecycle.js";
+import agentMailRoutes from "./agentMail.js";
+import agentRunsRoutes from "./agentRuns.js";
+import agentsRoutes from "./agents.js";
+import attachmentRoutes from "./attachments.js";
+import authRoutes from "./auth.js";
+import costsRoutes from "./costs.js";
+import hostsRoutes from "./hosts.js";
+import modelsRoutes from "./models.js";
+import rootRoutes from "./root.js";
+import schemaRoutes from "./schemas.js";
+import statusRoutes from "./status.js";
+import userRoutes from "./users.js";
+import variablesRoutes from "./variables.js";
+export default async function apiRoutes(fastify, _options) {
+    // Register auth middleware for all routes in this scope
+    registerAuthMiddleware(fastify);
+    // Register root discovery routes
+    await fastify.register(rootRoutes);
+    // Register auth routes
+    await fastify.register(authRoutes);
+    // Register schema routes
+    await fastify.register(schemaRoutes, { prefix: "/schemas" });
+    // Register user routes
+    await fastify.register(userRoutes, { prefix: "/users" });
+    // Register status routes
+    await fastify.register(statusRoutes);
+    // Register agents routes
+    await fastify.register(agentsRoutes, { prefix: "/agents" });
+    await fastify.register(agentLifecycleRoutes, { prefix: "/agents" });
+    await fastify.register(agentConfigRoutes, { prefix: "/agents" });
+    await fastify.register(agentRunsRoutes, { prefix: "/agents" });
+    await fastify.register(agentMailRoutes, { prefix: "/agents" });
+    await fastify.register(agentChatRoutes, { prefix: "/agents" });
+    // Register hosts routes
+    await fastify.register(hostsRoutes, { prefix: "/hosts" });
+    // Register models routes
+    await fastify.register(modelsRoutes);
+    // Register variables routes
+    await fastify.register(variablesRoutes, { prefix: "/variables" });
+    // Register costs routes
+    await fastify.register(costsRoutes, { prefix: "/costs" });
+    // Register admin routes
+    await fastify.register(adminRoutes, { prefix: "/admin" });
+    // Register attachment routes
+    await fastify.register(attachmentRoutes, { prefix: "/attachments" });
+}
+//# sourceMappingURL=api.js.map

package/dist/routes/attachments.js

@@ -0,0 +1,18 @@
+import { proxyDownloadFromHub } from "../services/attachmentProxyService.js";
+export default function attachmentRoutes(fastify, _options) {
+    // GET /:id or /:id/:filename — Download attachment (proxied through hub)
+    const handler = async (request, reply) => {
+        const publicId = request.params.id;
+        if (!publicId) {
+            return reply.code(400).send({ error: "Missing attachment ID" });
+        }
+        await proxyDownloadFromHub(publicId, reply);
+    };
+    const schema = {
+        description: "Download an attachment by ID (proxied from hub)",
+        tags: ["Attachments"],
+    };
+    fastify.get("/:id", { schema }, handler);
+    fastify.get("/:id/:filename", { schema }, handler);
+}
+//# sourceMappingURL=attachments.js.map

package/dist/routes/auth.js

@@ -0,0 +1,103 @@
+import { hashToken, SESSION_COOKIE_NAME, sessionCookieOptions, } from "@naisys/common-node";
+import { authenticateAndCreateSession, deleteSession, } from "@naisys/supervisor-database";
+import { AuthUserSchema, ErrorResponseSchema, LoginRequestSchema, LoginResponseSchema, LogoutResponseSchema, } from "@naisys/supervisor-shared";
+import { authCache } from "../auth-middleware.js";
+import { getUserByUsername, getUserPermissions, } from "../services/userService.js";
+let lastLoginRequestTime = 0;
+export default function authRoutes(fastify, _options) {
+    const app = fastify.withTypeProvider();
+    // LOGIN
+    app.post("/auth/login", {
+        config: {
+            rateLimit: {
+                max: 5,
+                timeWindow: "1 minute",
+            },
+        },
+        schema: {
+            description: "Authenticate with username and password",
+            tags: ["Authentication"],
+            body: LoginRequestSchema,
+            response: {
+                200: LoginResponseSchema,
+                401: ErrorResponseSchema,
+                429: ErrorResponseSchema,
+            },
+        },
+    }, async (request, reply) => {
+        const currentTime = Date.now();
+        if (currentTime - lastLoginRequestTime < 5000) {
+            reply.code(429);
+            return {
+                success: false,
+                message: "Too many requests. Please wait before trying again.",
+            };
+        }
+        lastLoginRequestTime = currentTime;
+        const { username, password } = request.body;
+        const authResult = await authenticateAndCreateSession(username, password);
+        if (!authResult) {
+            reply.code(401);
+            return {
+                success: false,
+                message: "Invalid username or password",
+            };
+        }
+        reply.setCookie(SESSION_COOKIE_NAME, authResult.token, sessionCookieOptions(authResult.expiresAt));
+        const user = await getUserByUsername(username);
+        const permissions = user ? await getUserPermissions(user.id) : [];
+        return {
+            user: {
+                id: user?.id ?? 0,
+                username: authResult.user.username,
+                permissions,
+            },
+        };
+    });
+    // LOGOUT
+    app.post("/auth/logout", {
+        schema: {
+            description: "Log out and clear session",
+            tags: ["Authentication"],
+            response: {
+                200: LogoutResponseSchema,
+            },
+            security: [{ cookieAuth: [] }],
+        },
+    }, async (request, reply) => {
+        const token = request.cookies?.[SESSION_COOKIE_NAME];
+        // Clear from hub and auth cache
+        if (token) {
+            const tokenHash = hashToken(token);
+            authCache.invalidate(`cookie:${tokenHash}`);
+            await deleteSession(tokenHash);
+        }
+        reply.clearCookie(SESSION_COOKIE_NAME, { path: "/" });
+        return {
+            success: true,
+            message: "Logged out successfully",
+        };
+    });
+    // ME
+    app.get("/auth/me", {
+        schema: {
+            description: "Get current authenticated user",
+            tags: ["Authentication"],
+            response: {
+                200: AuthUserSchema,
+                401: ErrorResponseSchema,
+            },
+            security: [{ cookieAuth: [] }],
+        },
+    }, async (request, reply) => {
+        if (!request.supervisorUser) {
+            reply.code(401);
+            return {
+                success: false,
+                message: "Not authenticated",
+            };
+        }
+        return request.supervisorUser;
+    });
+}
+//# sourceMappingURL=auth.js.map

package/dist/routes/costs.js

@@ -0,0 +1,51 @@
+import { CostsHistogramRequestSchema, CostsHistogramResponseSchema, ErrorResponseSchema, } from "@naisys/supervisor-shared";
+import { findUserIdsForLead, getCostHistogram, getCostsByAgent, getSpendLimitSettings, } from "../services/costsService.js";
+export default function costsRoutes(fastify, _options) {
+    fastify.get("/", {
+        schema: {
+            description: "Get cost histogram data",
+            tags: ["Costs"],
+            querystring: CostsHistogramRequestSchema,
+            response: {
+                200: CostsHistogramResponseSchema,
+                500: ErrorResponseSchema,
+            },
+        },
+    }, async (request, reply) => {
+        try {
+            const { spendLimitDollars, spendLimitHours } = await getSpendLimitSettings();
+            const now = new Date();
+            const defaultStart = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
+            const start = request.query.start
+                ? new Date(request.query.start)
+                : defaultStart;
+            const end = request.query.end ? new Date(request.query.end) : now;
+            const bucketHours = request.query.bucketHours ?? 24;
+            if (isNaN(start.getTime()) ||
+                isNaN(end.getTime()) ||
+                bucketHours <= 0) {
+                return reply
+                    .code(400)
+                    .send({ success: false, message: "Invalid query parameters" });
+            }
+            const userIds = request.query.leadUsername
+                ? await findUserIdsForLead(request.query.leadUsername)
+                : undefined;
+            const [buckets, byAgent] = await Promise.all([
+                getCostHistogram(start, end, bucketHours, userIds),
+                getCostsByAgent(start, end, userIds),
+            ]);
+            return {
+                spendLimitDollars,
+                spendLimitHours,
+                buckets,
+                byAgent,
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : "Failed to fetch costs";
+            return reply.code(500).send({ success: false, message });
+        }
+    });
+}
+//# sourceMappingURL=costs.js.map