@naisys/supervisor 3.0.0-beta.6

package/dist/services/hostService.js

@@ -0,0 +1,156 @@
+import { assertUrlSafeKey } from "@naisys/common";
+import { hubDb } from "../database/hubDb.js";
+import { resolveAgentId } from "./agentService.js";
+export async function getHosts() {
+    const hosts = await hubDb.hosts.findMany({
+        select: {
+            id: true,
+            name: true,
+            restricted: true,
+            host_type: true,
+            last_active: true,
+            _count: {
+                select: { user_hosts: true },
+            },
+        },
+    });
+    return hosts.map((host) => ({
+        id: host.id,
+        name: host.name,
+        lastActive: host.last_active?.toISOString() ?? null,
+        agentCount: host._count.user_hosts,
+        restricted: host.restricted,
+        hostType: host.host_type,
+    }));
+}
+export async function getHostDetail(hostname) {
+    const host = await hubDb.hosts.findUnique({
+        where: { name: hostname },
+        select: {
+            id: true,
+            name: true,
+            restricted: true,
+            host_type: true,
+            last_active: true,
+            last_ip: true,
+            user_hosts: {
+                select: {
+                    users: {
+                        select: { id: true, username: true, title: true },
+                    },
+                },
+            },
+        },
+    });
+    if (!host)
+        return null;
+    return {
+        id: host.id,
+        name: host.name,
+        lastActive: host.last_active?.toISOString() ?? null,
+        lastIp: host.last_ip ?? null,
+        restricted: host.restricted,
+        hostType: host.host_type,
+        online: false, // Caller sets this from agentHostStatusService
+        assignedAgents: host.user_hosts.map((uh) => ({
+            id: uh.users.id,
+            name: uh.users.username,
+            title: uh.users.title,
+        })),
+        _links: [],
+    };
+}
+export async function createHost(name) {
+    assertUrlSafeKey(name, "Host name");
+    const existing = await hubDb.hosts.findUnique({ where: { name } });
+    if (existing) {
+        throw new Error(`Host with name "${name}" already exists`);
+    }
+    const host = await hubDb.hosts.create({
+        data: { name },
+    });
+    return { id: host.id };
+}
+export async function updateHost(hostname, data) {
+    const host = await hubDb.hosts.findUnique({ where: { name: hostname } });
+    if (!host) {
+        throw new Error(`Host "${hostname}" not found`);
+    }
+    if (data.name && data.name !== host.name) {
+        assertUrlSafeKey(data.name, "Host name");
+        const existing = await hubDb.hosts.findUnique({
+            where: { name: data.name },
+        });
+        if (existing) {
+            throw new Error(`Host with name "${data.name}" already exists`);
+        }
+    }
+    await hubDb.hosts.update({
+        where: { name: hostname },
+        data: {
+            ...(data.name !== undefined ? { name: data.name } : {}),
+            ...(data.restricted !== undefined ? { restricted: data.restricted } : {}),
+        },
+    });
+}
+export async function assignAgentToHost(hostname, agentId) {
+    const host = await hubDb.hosts.findUnique({ where: { name: hostname } });
+    if (!host) {
+        throw new Error(`Host "${hostname}" not found`);
+    }
+    const agent = await hubDb.users.findUnique({ where: { id: agentId } });
+    if (!agent) {
+        throw new Error(`Agent with ID ${agentId} not found`);
+    }
+    const existing = await hubDb.user_hosts.findUnique({
+        where: { user_id_host_id: { user_id: agentId, host_id: host.id } },
+    });
+    if (existing) {
+        throw new Error("Agent is already assigned to this host");
+    }
+    await hubDb.user_hosts.create({
+        data: { user_id: agentId, host_id: host.id },
+    });
+}
+export async function unassignAgentFromHost(hostname, agentName) {
+    const host = await hubDb.hosts.findUnique({ where: { name: hostname } });
+    if (!host) {
+        throw new Error(`Host "${hostname}" not found`);
+    }
+    const agentId = resolveAgentId(agentName);
+    if (!agentId) {
+        throw new Error(`Agent "${agentName}" not found`);
+    }
+    const existing = await hubDb.user_hosts.findUnique({
+        where: { user_id_host_id: { user_id: agentId, host_id: host.id } },
+    });
+    if (!existing) {
+        throw new Error("Agent is not assigned to this host");
+    }
+    await hubDb.user_hosts.delete({
+        where: { user_id_host_id: { user_id: agentId, host_id: host.id } },
+    });
+}
+export async function deleteHost(hostname) {
+    const host = await hubDb.hosts.findUnique({ where: { name: hostname } });
+    if (!host) {
+        throw new Error(`Host "${hostname}" not found`);
+    }
+    const id = host.id;
+    await hubDb.$transaction(async (hubTx) => {
+        await hubTx.context_log.deleteMany({ where: { host_id: id } });
+        await hubTx.costs.deleteMany({ where: { host_id: id } });
+        await hubTx.run_session.deleteMany({ where: { host_id: id } });
+        await hubTx.mail_messages.updateMany({
+            where: { host_id: id },
+            data: { host_id: null },
+        });
+        await hubTx.user_notifications.updateMany({
+            where: { latest_host_id: id },
+            data: { latest_host_id: null },
+        });
+        await hubTx.user_hosts.deleteMany({ where: { host_id: id } });
+        await hubTx.hosts.delete({ where: { id } });
+    });
+}
+//# sourceMappingURL=hostService.js.map

package/dist/services/hubConnectionService.js

@@ -0,0 +1,333 @@
+import { createPinnedHttpsAgent, parseHubAccessKey, resolveHubAccessKey, verifyHubCertificate, } from "@naisys/common-node";
+import { AgentsStatusSchema, CostPushSchema, HostListSchema, HubEvents, LogPushSchema, MailPushSchema, MailReadPushSchema, SessionPushSchema, } from "@naisys/hub-protocol";
+import { io } from "socket.io-client";
+import { hasPermission } from "../auth-middleware.js";
+import { getLogger } from "../logger.js";
+import { emitAgentsListChanged, emitHubConnectionStatus, markAgentStarted, markAgentStopped, updateAgentsStatus, updateHostsStatus, } from "./agentHostStatusService.js";
+import { refreshUserLookup, resolveUsername } from "./agentService.js";
+import { getIO } from "./browserSocketService.js";
+import { obfuscatePushEntries } from "./runsService.js";
+let socket = null;
+let connected = false;
+let resolvedHubUrl;
+let pinnedAgent = null;
+export function initHubConnection(hubUrl) {
+    const hubAccessKey = resolveHubAccessKey();
+    resolvedHubUrl = hubUrl;
+    if (!hubAccessKey) {
+        getLogger().warn("[Supervisor:HubClient] HUB_ACCESS_KEY not set, skipping hub connection");
+        return;
+    }
+    getLogger().info(`[Supervisor:HubClient] Connecting to ${hubUrl}...`);
+    // Verify the hub's TLS cert fingerprint, then pin all subsequent connections
+    // to that exact cert via a custom HTTPS agent
+    const { fingerprintPrefix } = parseHubAccessKey(hubAccessKey);
+    const parsedUrl = new URL(hubUrl);
+    verifyHubCertificate(parsedUrl.hostname, Number(parsedUrl.port) || 443, fingerprintPrefix)
+        .then((certPem) => connectSocket(hubUrl, certPem))
+        .catch((err) => {
+        getLogger().error(`[Supervisor:HubClient] Certificate verification failed: ${err.message}`);
+    });
+}
+function connectSocket(hubUrl, certPem) {
+    pinnedAgent = createPinnedHttpsAgent(certPem);
+    socket = io(hubUrl + "/naisys", {
+        auth: (cb) => {
+            // Re-read access key on each connection attempt so rotated keys are picked up
+            cb({
+                hubAccessKey: resolveHubAccessKey(),
+                hostName: "SUPERVISOR",
+                hostType: "supervisor",
+            });
+        },
+        // Type is narrowed to `string | boolean` for browser compat, but Node accepts an Agent
+        agent: pinnedAgent,
+        reconnection: true,
+        reconnectionDelay: 1000,
+        reconnectionDelayMax: 30000,
+    });
+    socket.on("connect", () => {
+        connected = true;
+        getLogger().info(`[Supervisor:HubClient] Connected to ${hubUrl}`);
+        void refreshUserLookup();
+        emitHubConnectionStatus(true);
+    });
+    socket.on("disconnect", (reason) => {
+        connected = false;
+        getLogger().info(`[Supervisor:HubClient] Disconnected: ${reason}`);
+        emitHubConnectionStatus(false);
+        // Server-initiated disconnects don't auto-reconnect in Socket.IO
+        if (reason === "io server disconnect") {
+            socket?.connect();
+        }
+    });
+    socket.on("connect_error", (error) => {
+        getLogger().warn(`[Supervisor:HubClient] Connection error: ${error.message}`);
+    });
+    socket.on(HubEvents.AGENTS_STATUS, (data) => {
+        const parsed = AgentsStatusSchema.safeParse(data);
+        if (!parsed.success) {
+            getLogger().warn("[Supervisor:HubClient] Invalid agents status: %o", parsed.error);
+            return;
+        }
+        updateAgentsStatus(parsed.data.hostActiveAgents, parsed.data.agentNotifications);
+    });
+    socket.on(HubEvents.HOSTS_UPDATED, (data) => {
+        const parsed = HostListSchema.safeParse(data);
+        if (!parsed.success) {
+            getLogger().warn("[Supervisor:HubClient] Invalid host list: %o", parsed.error);
+            return;
+        }
+        updateHostsStatus(parsed.data.hosts);
+    });
+    socket.on(HubEvents.LOG_PUSH, (data) => {
+        const parsed = LogPushSchema.safeParse(data);
+        if (!parsed.success) {
+            getLogger().warn("[Supervisor:HubClient] Invalid log push: %o", parsed.error);
+            return;
+        }
+        const browserIO = getIO();
+        // Group log entries by session and emit to log rooms
+        const bySession = new Map();
+        for (const entry of parsed.data.entries) {
+            const username = resolveUsername(entry.userId);
+            if (!username)
+                continue;
+            const room = `logs:${username}:${entry.runId}:${entry.sessionId}`;
+            if (!bySession.has(room))
+                bySession.set(room, []);
+            bySession.get(room).push(entry);
+        }
+        for (const [room, entries] of bySession) {
+            // Split broadcast by permission: privileged sockets get full data,
+            // unprivileged sockets get obfuscated text and no-access attachments
+            const socketIds = browserIO.sockets.adapter.rooms.get(room);
+            if (!socketIds || socketIds.size === 0)
+                continue;
+            let obfuscated;
+            for (const socketId of socketIds) {
+                const sock = browserIO.sockets.sockets.get(socketId);
+                if (!sock)
+                    continue;
+                const user = sock.data.user;
+                if (hasPermission(user, "view_run_logs")) {
+                    sock.emit(room, entries);
+                }
+                else {
+                    obfuscated ??= obfuscatePushEntries(entries);
+                    sock.emit(room, obfuscated);
+                }
+            }
+        }
+        // Emit session deltas to runs rooms
+        for (const update of parsed.data.sessionUpdates) {
+            const username = resolveUsername(update.userId);
+            if (!username)
+                continue;
+            const room = `runs:${username}`;
+            browserIO.to(room).emit(room, { type: "log-update", ...update });
+        }
+    });
+    socket.on(HubEvents.COST_PUSH, (data) => {
+        const parsed = CostPushSchema.safeParse(data);
+        if (!parsed.success) {
+            getLogger().warn("[Supervisor:HubClient] Invalid cost push: %o", parsed.error);
+            return;
+        }
+        const browserIO = getIO();
+        for (const entry of parsed.data.entries) {
+            const username = resolveUsername(entry.userId);
+            if (!username)
+                continue;
+            const room = `runs:${username}`;
+            browserIO.to(room).emit(room, { type: "cost-update", ...entry });
+        }
+    });
+    socket.on(HubEvents.SESSION_PUSH, (data) => {
+        const parsed = SessionPushSchema.safeParse(data);
+        if (!parsed.success) {
+            getLogger().warn("[Supervisor:HubClient] Invalid session push: %o", parsed.error);
+            return;
+        }
+        const { session } = parsed.data;
+        const username = resolveUsername(session.userId);
+        if (!username)
+            return;
+        const browserIO = getIO();
+        const room = `runs:${username}`;
+        browserIO.to(room).emit(room, { type: "new-session", ...session });
+    });
+    // Track last pushed message ID per room for gap detection
+    const lastPushedMessageId = new Map();
+    socket.on(HubEvents.MAIL_PUSH, (data) => {
+        const parsed = MailPushSchema.safeParse(data);
+        if (!parsed.success) {
+            getLogger().warn("[Supervisor:HubClient] Invalid mail push: %o", parsed.error);
+            return;
+        }
+        const msg = parsed.data;
+        const affectedUserIds = new Set([...msg.recipientUserIds, msg.fromUserId]);
+        const browserIO = getIO();
+        if (msg.kind === "mail") {
+            for (const uid of affectedUserIds) {
+                const username = resolveUsername(uid);
+                if (!username)
+                    continue;
+                const room = `mail:${username}`;
+                const previousMessageId = lastPushedMessageId.get(room) ?? null;
+                browserIO
+                    .to(room)
+                    .emit(room, { type: "new-message", previousMessageId, ...msg });
+                lastPushedMessageId.set(room, msg.messageId);
+            }
+        }
+        else if (msg.kind === "chat") {
+            // Chat messages — room keyed by participants (not user-specific)
+            const msgRoom = `chat-messages:${msg.participants}`;
+            const previousMessageId = lastPushedMessageId.get(msgRoom) ?? null;
+            browserIO
+                .to(msgRoom)
+                .emit(msgRoom, { type: "new-message", previousMessageId, ...msg });
+            lastPushedMessageId.set(msgRoom, msg.messageId);
+            // Chat conversations — rooms keyed by username (no gap tracking needed here)
+            const convPayload = {
+                type: "new-message",
+                previousMessageId: null,
+                ...msg,
+            };
+            for (const uid of affectedUserIds) {
+                const username = resolveUsername(uid);
+                if (!username)
+                    continue;
+                const convRoom = `chat-conversations:${username}`;
+                browserIO.to(convRoom).emit(convRoom, convPayload);
+            }
+        }
+    });
+    socket.on(HubEvents.MAIL_READ_PUSH, (data) => {
+        const parsed = MailReadPushSchema.safeParse(data);
+        if (!parsed.success) {
+            getLogger().warn("[Supervisor:HubClient] Invalid mail read push: %o", parsed.error);
+            return;
+        }
+        const msg = parsed.data;
+        const receipt = {
+            type: "read-receipt",
+            messageIds: msg.messageIds,
+            userId: msg.userId,
+        };
+        if (msg.kind === "mail") {
+            // Collect all unique participant usernames
+            const participantUsernames = new Set(msg.participants.flatMap((p) => p.split(",")));
+            const browserIO = getIO();
+            for (const name of participantUsernames) {
+                const room = `mail:${name}`;
+                browserIO.to(room).emit(room, receipt);
+            }
+        }
+        else if (msg.kind === "chat") {
+            // participants here is the room key
+            const browserIO = getIO();
+            for (const p of msg.participants) {
+                const room = `chat-messages:${p}`;
+                browserIO.to(room).emit(room, receipt);
+            }
+        }
+    });
+    // User list changed (hub broadcasts after create/edit/archive/delete)
+    socket.on(HubEvents.USERS_UPDATED, () => {
+        void refreshUserLookup();
+        emitAgentsListChanged();
+    });
+}
+export function isHubConnected() {
+    return connected;
+}
+export function getHubAccessKey() {
+    return resolveHubAccessKey();
+}
+export function getHubUrl() {
+    return resolvedHubUrl;
+}
+export function getHubPinnedAgent() {
+    return pinnedAgent;
+}
+export function sendAgentStart(startUserId, taskDescription, requesterUserId) {
+    return new Promise((resolve, reject) => {
+        if (!socket || !connected) {
+            reject(new Error("Not connected to hub"));
+            return;
+        }
+        socket.emit(HubEvents.AGENT_START, { startUserId, taskDescription, requesterUserId }, (response) => {
+            if (response.success) {
+                markAgentStarted(startUserId);
+            }
+            resolve(response);
+        });
+    });
+}
+export function sendMailViaHub(fromUserId, toUserIds, subject, body, kind = "mail", attachmentIds) {
+    return new Promise((resolve, reject) => {
+        if (!socket || !connected) {
+            reject(new Error("Not connected to hub"));
+            return;
+        }
+        socket.emit(HubEvents.MAIL_SEND, { fromUserId, toUserIds, subject, body, kind, attachmentIds }, (response) => {
+            resolve(response);
+        });
+    });
+}
+export function sendUserListChanged() {
+    if (!socket || !connected) {
+        getLogger().warn("[Supervisor:HubClient] Not connected to hub, cannot send user list changed");
+        return;
+    }
+    socket.emit(HubEvents.USERS_CHANGED);
+}
+export function sendModelsChanged() {
+    if (!socket || !connected) {
+        getLogger().warn("[Supervisor:HubClient] Not connected to hub, cannot send models changed");
+        return;
+    }
+    socket.emit(HubEvents.MODELS_CHANGED);
+}
+export function sendVariablesChanged() {
+    if (!socket || !connected) {
+        getLogger().warn("[Supervisor:HubClient] Not connected to hub, cannot send variables changed");
+        return;
+    }
+    socket.emit(HubEvents.VARIABLES_CHANGED);
+}
+export function sendHostsChanged() {
+    if (!socket || !connected) {
+        getLogger().warn("[Supervisor:HubClient] Not connected to hub, cannot send hosts changed");
+        return;
+    }
+    socket.emit(HubEvents.HOSTS_CHANGED);
+}
+export function sendRotateAccessKey() {
+    return new Promise((resolve, reject) => {
+        if (!socket || !connected) {
+            reject(new Error("Not connected to hub"));
+            return;
+        }
+        socket.emit(HubEvents.ROTATE_ACCESS_KEY, {}, (response) => {
+            resolve(response);
+        });
+    });
+}
+export function sendAgentStop(userId, reason) {
+    return new Promise((resolve, reject) => {
+        if (!socket || !connected) {
+            reject(new Error("Not connected to hub"));
+            return;
+        }
+        socket.emit(HubEvents.AGENT_STOP, { userId, reason }, (response) => {
+            if (response.success) {
+                markAgentStopped(userId);
+            }
+            resolve(response);
+        });
+    });
+}
+//# sourceMappingURL=hubConnectionService.js.map

package/dist/services/logFileService.js

@@ -0,0 +1,11 @@
+import path from "node:path";
+import { tailLogFile } from "@naisys/common-node";
+export { tailLogFile };
+export function getLogFilePath(fileKey) {
+    const naisysFolder = process.env.NAISYS_FOLDER;
+    if (!naisysFolder) {
+        throw new Error("NAISYS_FOLDER environment variable is not set.");
+    }
+    return path.join(naisysFolder, "logs", `${fileKey}.log`);
+}
+//# sourceMappingURL=logFileService.js.map

package/dist/services/mailService.js

@@ -0,0 +1,154 @@
+import { hubDb } from "../database/hubDb.js";
+import { getLogger } from "../logger.js";
+import { uploadToHub } from "./attachmentProxyService.js";
+import { sendMailViaHub } from "./hubConnectionService.js";
+/**
+ * Get mail data for a specific agent by userId, optionally filtering by updatedSince
+ */
+export async function getMailDataByUserId(userId, updatedSince, page = 1, count = 50, kind = "mail") {
+    // Build the where clause
+    const whereClause = { kind };
+    // If updatedSince is provided, filter by date
+    if (updatedSince) {
+        whereClause.created_at = { gte: updatedSince };
+    }
+    const where = {
+        ...whereClause,
+        OR: [
+            { from_user_id: userId },
+            {
+                recipients: {
+                    some: {
+                        user_id: userId,
+                    },
+                },
+            },
+        ],
+    };
+    // Only get total count on initial fetch (when updatedSince is not set)
+    const total = updatedSince
+        ? undefined
+        : await hubDb.mail_messages.count({ where });
+    // Get paginated messages
+    const dbMessages = await hubDb.mail_messages.findMany({
+        where,
+        orderBy: { id: "desc" },
+        skip: (page - 1) * count,
+        take: count,
+        select: {
+            id: true,
+            from_user_id: true,
+            subject: true,
+            body: true,
+            created_at: true,
+            from_user: {
+                select: { username: true, title: true },
+            },
+            recipients: {
+                select: {
+                    user_id: true,
+                    type: true,
+                    read_at: true,
+                    archived_at: true,
+                    user: {
+                        select: { username: true, title: true },
+                    },
+                },
+            },
+            mail_attachments: {
+                include: {
+                    attachment: {
+                        select: { public_id: true, filename: true, file_size: true },
+                    },
+                },
+            },
+        },
+    });
+    const messages = dbMessages.map((msg) => ({
+        id: msg.id,
+        fromUserId: msg.from_user_id,
+        fromUsername: msg.from_user.username,
+        fromTitle: msg.from_user.title,
+        subject: msg.subject,
+        body: msg.body,
+        createdAt: msg.created_at.toISOString(),
+        recipients: msg.recipients.map((r) => ({
+            userId: r.user_id,
+            username: r.user.username,
+            title: r.user.title,
+            type: r.type,
+            readAt: r.read_at?.toISOString() ?? null,
+            archivedAt: r.archived_at?.toISOString() ?? null,
+        })),
+        attachments: msg.mail_attachments.length > 0
+            ? msg.mail_attachments.map((ma) => ({
+                id: ma.attachment.public_id,
+                filename: ma.attachment.filename,
+                fileSize: ma.attachment.file_size,
+            }))
+            : undefined,
+    }));
+    return {
+        mail: messages,
+        timestamp: new Date().toISOString(),
+        total,
+    };
+}
+/**
+ * Archive all mail messages where the user is a recipient
+ */
+export async function archiveAllMailMessages(userId) {
+    const result = await hubDb.mail_recipients.updateMany({
+        where: {
+            user_id: userId,
+            archived_at: null,
+            message: {
+                kind: "mail",
+            },
+        },
+        data: {
+            archived_at: new Date(),
+        },
+    });
+    return result.count;
+}
+/**
+ * Send a message via the hub, uploading any attachments first
+ */
+export async function sendMessage(request, attachments) {
+    try {
+        const { fromId, toIds, subject, message } = request;
+        // Clean message (handle escaped newlines)
+        const cleanMessage = message.replace(/\\n/g, "\n");
+        // Upload attachments to hub and collect IDs
+        let attachmentIds;
+        if (attachments && attachments.length > 0) {
+            attachmentIds = [];
+            for (const attachment of attachments) {
+                const id = await uploadToHub(attachment.data, attachment.filename, fromId, "mail");
+                attachmentIds.push(id);
+            }
+        }
+        const response = await sendMailViaHub(fromId, toIds, subject, cleanMessage, "mail", attachmentIds);
+        if (response.success) {
+            return {
+                success: true,
+                message: "Message sent successfully",
+            };
+        }
+        else {
+            return {
+                success: false,
+                message: response.error || "Failed to send message",
+            };
+        }
+    }
+    catch (error) {
+        getLogger().error(error, "Error sending message");
+        return {
+            success: false,
+            message: error instanceof Error ? error.message : "Failed to send message",
+        };
+    }
+}
+//# sourceMappingURL=mailService.js.map