@naisys/supervisor 3.0.0-beta.6

package/dist/routes/agentMail.js

@@ -0,0 +1,171 @@
+import { AgentUsernameParamsSchema, ArchiveMailResponseSchema, ErrorResponseSchema, MailDataRequestSchema, MailDataResponseSchema, SendMailRequestSchema, SendMailResponseSchema, } from "@naisys/supervisor-shared";
+import { hasPermission, requirePermission } from "../auth-middleware.js";
+import { badRequest, notFound } from "../error-helpers.js";
+import { API_PREFIX } from "../hateoas.js";
+import { resolveAgentId } from "../services/agentService.js";
+import { archiveAllMailMessages, getMailDataByUserId, sendMessage, } from "../services/mailService.js";
+export default function agentMailRoutes(fastify, _options) {
+    // GET /:username/mail — Mail for agent
+    fastify.get("/:username/mail", {
+        schema: {
+            description: "Get mail data for a specific agent",
+            tags: ["Mail"],
+            params: AgentUsernameParamsSchema,
+            querystring: MailDataRequestSchema,
+            response: {
+                200: MailDataResponseSchema,
+                500: ErrorResponseSchema,
+            },
+        },
+    }, async (request, reply) => {
+        const { username } = request.params;
+        const { updatedSince, page, count } = request.query;
+        const id = resolveAgentId(username);
+        if (!id) {
+            return notFound(reply, `Agent '${username}' not found`);
+        }
+        const data = await getMailDataByUserId(id, updatedSince, page, count, "mail");
+        const canSend = hasPermission(request.supervisorUser, "agent_communication");
+        return {
+            success: true,
+            message: "Mail data retrieved successfully",
+            data,
+            _links: data
+                ? [
+                    {
+                        rel: "next",
+                        href: `${API_PREFIX}/agents/${username}/mail?updatedSince=${encodeURIComponent(data.timestamp)}`,
+                        title: "Poll for newer mail",
+                    },
+                ]
+                : undefined,
+            _actions: canSend
+                ? [
+                    {
+                        rel: "send",
+                        href: `${API_PREFIX}/agents/${username}/mail`,
+                        method: "POST",
+                        title: "Send Mail",
+                        schema: `${API_PREFIX}/schemas/SendMail`,
+                        body: { fromId: 0, toIds: [0], subject: "", message: "" },
+                        alternateEncoding: {
+                            contentType: "multipart/form-data",
+                            description: "Send as multipart to include file attachments",
+                            fileFields: ["attachments"],
+                        },
+                    },
+                    {
+                        rel: "archive",
+                        href: `${API_PREFIX}/agents/${username}/mail/archive`,
+                        method: "POST",
+                        title: "Archive All Mail Messages",
+                    },
+                ]
+                : undefined,
+        };
+    });
+    // POST /:username/mail/archive — Archive all mail messages
+    fastify.post("/:username/mail/archive", {
+        preHandler: [requirePermission("agent_communication")],
+        schema: {
+            description: "Archive all mail messages for an agent",
+            tags: ["Mail"],
+            params: AgentUsernameParamsSchema,
+            response: {
+                200: ArchiveMailResponseSchema,
+                500: ErrorResponseSchema,
+            },
+            security: [{ cookieAuth: [] }],
+        },
+    }, async (request, reply) => {
+        const { username } = request.params;
+        const id = resolveAgentId(username);
+        if (!id) {
+            return notFound(reply, `Agent '${username}' not found`);
+        }
+        const archivedCount = await archiveAllMailMessages(id);
+        return { success: true, archivedCount };
+    });
+    // POST /:username/mail — Send mail as agent
+    fastify.post("/:username/mail", {
+        preHandler: [requirePermission("agent_communication")],
+        schema: {
+            description: "Send email as agent with optional attachments. Supports JSON and multipart/form-data",
+            tags: ["Mail"],
+            params: AgentUsernameParamsSchema,
+            // No body schema — multipart requests are parsed manually via request.parts()
+            response: {
+                200: SendMailResponseSchema,
+                400: ErrorResponseSchema,
+                500: ErrorResponseSchema,
+            },
+            security: [{ cookieAuth: [] }],
+        },
+    }, async (request, reply) => {
+        const contentType = request.headers["content-type"];
+        let fromId = 0, toIds = [], subject = "", message = "";
+        let attachments = [];
+        if (contentType?.includes("multipart/form-data")) {
+            const parts = request.parts();
+            for await (const part of parts) {
+                if (part.type === "field") {
+                    const field = part;
+                    switch (field.fieldname) {
+                        case "fromId":
+                            fromId = Number(field.value);
+                            break;
+                        case "toIds":
+                            try {
+                                toIds = JSON.parse(field.value);
+                            }
+                            catch {
+                                return badRequest(reply, "toIds must be valid JSON array");
+                            }
+                            break;
+                        case "subject":
+                            subject = field.value;
+                            break;
+                        case "message":
+                            message = field.value;
+                            break;
+                    }
+                }
+                else if (part.type === "file") {
+                    const file = part;
+                    if (file.fieldname === "attachments") {
+                        const buffer = await file.toBuffer();
+                        attachments.push({
+                            filename: file.filename || "unnamed_file",
+                            data: buffer,
+                        });
+                    }
+                }
+            }
+        }
+        else {
+            const body = request.body;
+            fromId = body.fromId;
+            toIds = body.toIds;
+            subject = body.subject;
+            message = body.message;
+        }
+        const parsed = SendMailRequestSchema.safeParse({
+            fromId,
+            toIds,
+            subject,
+            message,
+        });
+        if (!parsed.success) {
+            return badRequest(reply, parsed.error.message);
+        }
+        ({ fromId, toIds, subject, message } = parsed.data);
+        const result = await sendMessage({ fromId, toIds, subject, message }, attachments.length > 0 ? attachments : undefined);
+        if (result.success) {
+            return reply.code(200).send(result);
+        }
+        else {
+            return reply.code(500).send(result);
+        }
+    });
+}
+//# sourceMappingURL=agentMail.js.map

package/dist/routes/agentRuns.js

@@ -0,0 +1,90 @@
+import { AgentUsernameParamsSchema, ContextLogParamsSchema, ContextLogRequestSchema, ContextLogResponseSchema, RunsDataRequestSchema, RunsDataResponseSchema, } from "@naisys/supervisor-shared";
+import { hasPermission } from "../auth-middleware.js";
+import { notFound } from "../error-helpers.js";
+import { API_PREFIX } from "../hateoas.js";
+import { resolveAgentId } from "../services/agentService.js";
+import { getContextLog, getRunsData, obfuscateLogs, } from "../services/runsService.js";
+export default function agentRunsRoutes(fastify, _options) {
+    // GET /:username/runs — Runs for agent
+    fastify.get("/:username/runs", {
+        schema: {
+            description: "Get run sessions for a specific agent",
+            tags: ["Runs"],
+            params: AgentUsernameParamsSchema,
+            querystring: RunsDataRequestSchema,
+            response: {
+                200: RunsDataResponseSchema,
+                500: RunsDataResponseSchema,
+            },
+        },
+    }, async (request, reply) => {
+        const { username } = request.params;
+        const { updatedSince, page, count } = request.query;
+        const id = resolveAgentId(username);
+        if (!id) {
+            return notFound(reply, `Agent '${username}' not found`);
+        }
+        const data = await getRunsData(id, updatedSince, page, count);
+        return {
+            success: true,
+            message: "Runs data retrieved successfully",
+            data: data ?? undefined,
+            _linkTemplates: [
+                {
+                    rel: "logs",
+                    hrefTemplate: `${API_PREFIX}/agents/${username}/runs/{runId}/sessions/{sessionId}/logs`,
+                },
+            ],
+            _links: data
+                ? [
+                    {
+                        rel: "next",
+                        href: `${API_PREFIX}/agents/${username}/runs?updatedSince=${encodeURIComponent(data.timestamp)}`,
+                        title: "Poll for updated runs",
+                    },
+                ]
+                : undefined,
+        };
+    });
+    // GET /:username/runs/:runId/sessions/:sessionId/logs — Context log
+    fastify.get("/:username/runs/:runId/sessions/:sessionId/logs", {
+        schema: {
+            description: "Get context log for a specific run session",
+            tags: ["Runs"],
+            params: ContextLogParamsSchema,
+            querystring: ContextLogRequestSchema,
+            response: {
+                200: ContextLogResponseSchema,
+                500: ContextLogResponseSchema,
+            },
+        },
+    }, async (request, reply) => {
+        const { username, runId, sessionId } = request.params;
+        const { logsAfter, logsBefore } = request.query;
+        const id = resolveAgentId(username);
+        if (!id) {
+            return notFound(reply, `Agent '${username}' not found`);
+        }
+        let data = await getContextLog(id, runId, sessionId, logsAfter, logsBefore);
+        // Obfuscate log text for users without view_run_logs permission
+        if (!hasPermission(request.supervisorUser, "view_run_logs")) {
+            data = obfuscateLogs(data);
+        }
+        const maxLogId = data?.logs.length
+            ? Math.max(...data.logs.map((l) => l.id))
+            : (logsAfter ?? 0);
+        return {
+            success: true,
+            message: "Context log retrieved successfully",
+            data,
+            _links: [
+                {
+                    rel: "next",
+                    href: `${API_PREFIX}/agents/${username}/runs/${runId}/sessions/${sessionId}/logs?logsAfter=${maxLogId}`,
+                    title: "Poll for newer logs",
+                },
+            ],
+        };
+    });
+}
+//# sourceMappingURL=agentRuns.js.map

package/dist/routes/agents.js

@@ -0,0 +1,236 @@
+import { AgentDetailResponseSchema, AgentListRequestSchema, AgentListResponseSchema, AgentUsernameParamsSchema, CreateAgentConfigRequestSchema, CreateAgentConfigResponseSchema, ErrorResponseSchema, } from "@naisys/supervisor-shared";
+import { hasPermission, requirePermission } from "../auth-middleware.js";
+import { badRequest, notFound } from "../error-helpers.js";
+import { API_PREFIX, collectionLink, schemaLink, selfLink, } from "../hateoas.js";
+import { resolveActions } from "../route-helpers.js";
+import { createAgentConfig } from "../services/agentConfigService.js";
+import { getAgentStatus, isAgentActive, } from "../services/agentHostStatusService.js";
+import { getAgent, getAgents, resolveAgentId, } from "../services/agentService.js";
+function agentActions(username, user, enabled, archived, agentId, hasSpendLimit) {
+    const active = agentId ? isAgentActive(agentId) : false;
+    const href = `${API_PREFIX}/agents/${username}`;
+    return resolveActions([
+        {
+            rel: "start",
+            path: "/start",
+            method: "POST",
+            title: "Start Agent",
+            schema: `${API_PREFIX}/schemas/StartAgent`,
+            body: { task: "" },
+            permission: "manage_agents",
+            disabledWhen: (ctx) => ctx.active
+                ? "Agent is already running"
+                : ctx.archived
+                    ? "Agent is archived"
+                    : !ctx.enabled
+                        ? "Agent is disabled"
+                        : null,
+        },
+        {
+            rel: "stop",
+            path: "/stop",
+            method: "POST",
+            title: "Stop Agent",
+            permission: "manage_agents",
+            disabledWhen: (ctx) => (!ctx.active ? "Agent is not running" : null),
+        },
+        {
+            rel: "disable",
+            path: "/disable",
+            method: "POST",
+            title: "Disable Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived && ctx.enabled,
+        },
+        {
+            rel: "enable",
+            path: "/enable",
+            method: "POST",
+            title: "Enable Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived && !ctx.enabled && !ctx.active,
+        },
+        {
+            rel: "archive",
+            path: "/archive",
+            method: "POST",
+            title: "Archive Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived,
+            disabledWhen: (ctx) => ctx.active ? "Stop the agent before archiving" : null,
+        },
+        {
+            rel: "unarchive",
+            path: "/unarchive",
+            method: "POST",
+            title: "Unarchive Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => ctx.archived,
+        },
+        {
+            rel: "delete",
+            method: "DELETE",
+            title: "Delete Agent",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.active && ctx.archived,
+            hideWithoutPermission: true,
+        },
+        {
+            rel: "update-config",
+            path: "/config",
+            method: "PUT",
+            title: "Update Agent Config",
+            schema: `${API_PREFIX}/schemas/UpdateAgentConfig`,
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived,
+        },
+        {
+            rel: "set-lead",
+            path: "/lead",
+            method: "PUT",
+            title: "Set Lead Agent",
+            schema: `${API_PREFIX}/schemas/SetLeadAgent`,
+            body: { leadAgentUsername: "" },
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived,
+        },
+        {
+            rel: "reset-spend",
+            path: "/reset-spend",
+            method: "POST",
+            title: "Reset Spend",
+            permission: "manage_agents",
+            visibleWhen: (ctx) => !ctx.archived && ctx.hasSpendLimit,
+        },
+    ], href, { user, active, archived, enabled, hasSpendLimit: hasSpendLimit ?? false });
+}
+function agentLinks(username, config) {
+    const links = [
+        selfLink(`/agents/${username}`),
+        { rel: "config", href: `${API_PREFIX}/agents/${username}/config` },
+        { rel: "runs", href: `${API_PREFIX}/agents/${username}/runs` },
+        collectionLink("agents"),
+    ];
+    if (config?.mailEnabled) {
+        links.push({ rel: "mail", href: `${API_PREFIX}/agents/${username}/mail` });
+    }
+    if (config?.chatEnabled) {
+        links.push({ rel: "chat", href: `${API_PREFIX}/agents/${username}/chat` });
+    }
+    return links;
+}
+export default function agentsRoutes(fastify, _options) {
+    // GET / — List agents
+    fastify.get("/", {
+        schema: {
+            description: "List agents with status and metadata",
+            tags: ["Agents"],
+            querystring: AgentListRequestSchema,
+            response: {
+                200: AgentListResponseSchema,
+                500: ErrorResponseSchema,
+            },
+        },
+    }, async (request, _reply) => {
+        const { updatedSince } = request.query;
+        const agents = await getAgents(updatedSince);
+        const items = agents.map((agent) => ({
+            ...agent,
+            status: getAgentStatus(agent.id),
+        }));
+        const hasManagePermission = hasPermission(request.supervisorUser, "manage_agents");
+        const actions = [
+            {
+                rel: "create",
+                href: `${API_PREFIX}/agents`,
+                method: "POST",
+                title: "Create Agent",
+                schema: `${API_PREFIX}/schemas/CreateAgent`,
+                body: { name: "" },
+                ...(hasManagePermission
+                    ? {}
+                    : {
+                        disabled: true,
+                        disabledReason: "Requires manage_agents permission",
+                    }),
+            },
+        ];
+        return {
+            items,
+            timestamp: new Date().toISOString(),
+            _links: [selfLink("/agents"), schemaLink("CreateAgent")],
+            _linkTemplates: [
+                { rel: "item", hrefTemplate: `${API_PREFIX}/agents/{name}` },
+            ],
+            _actions: actions,
+        };
+    });
+    // POST / — Create agent
+    fastify.post("/", {
+        preHandler: [requirePermission("manage_agents")],
+        schema: {
+            description: "Create a new agent with configuration file",
+            tags: ["Agents"],
+            body: CreateAgentConfigRequestSchema,
+            response: {
+                200: CreateAgentConfigResponseSchema,
+                400: ErrorResponseSchema,
+                500: ErrorResponseSchema,
+            },
+            security: [{ cookieAuth: [] }],
+        },
+    }, async (request, reply) => {
+        try {
+            const { name, title } = request.body;
+            if (!/^[a-zA-Z0-9_-]+$/.test(name)) {
+                return badRequest(reply, "Agent name must contain only alphanumeric characters, hyphens, and underscores");
+            }
+            const { config } = await createAgentConfig(name, title);
+            return {
+                success: true,
+                message: `Agent '${name}' created successfully`,
+                name,
+                _links: agentLinks(name, config),
+                _actions: agentActions(name, request.supervisorUser, true, false),
+            };
+        }
+        catch (error) {
+            request.log.error(error, "Error in POST /agents route");
+            const errorMessage = error instanceof Error ? error.message : "Unknown error";
+            if (errorMessage.includes("already exists")) {
+                return badRequest(reply, errorMessage);
+            }
+            throw error;
+        }
+    });
+    // GET /:username — Agent detail with config
+    fastify.get("/:username", {
+        schema: {
+            description: "Get agent detail with configuration",
+            tags: ["Agents"],
+            params: AgentUsernameParamsSchema,
+            response: {
+                200: AgentDetailResponseSchema,
+                404: ErrorResponseSchema,
+                500: ErrorResponseSchema,
+            },
+        },
+    }, async (request, reply) => {
+        const { username } = request.params;
+        const id = resolveAgentId(username);
+        if (!id) {
+            return notFound(reply, `Agent '${username}' not found`);
+        }
+        const agent = await getAgent(id);
+        if (!agent) {
+            return notFound(reply, `Agent '${username}' not found`);
+        }
+        return {
+            ...agent,
+            status: getAgentStatus(id),
+            _links: agentLinks(username, agent.config),
+            _actions: agentActions(username, request.supervisorUser, agent.enabled ?? false, agent.archived ?? false, id, agent.config?.spendLimitDollars != null),
+        };
+    });
+}
+//# sourceMappingURL=agents.js.map

package/dist/routes/api.js

@@ -0,0 +1,52 @@
+import { registerAuthMiddleware } from "../auth-middleware.js";
+import adminRoutes from "./admin.js";
+import agentChatRoutes from "./agentChat.js";
+import agentConfigRoutes from "./agentConfig.js";
+import agentLifecycleRoutes from "./agentLifecycle.js";
+import agentMailRoutes from "./agentMail.js";
+import agentRunsRoutes from "./agentRuns.js";
+import agentsRoutes from "./agents.js";
+import attachmentRoutes from "./attachments.js";
+import authRoutes from "./auth.js";
+import costsRoutes from "./costs.js";
+import hostsRoutes from "./hosts.js";
+import modelsRoutes from "./models.js";
+import rootRoutes from "./root.js";
+import schemaRoutes from "./schemas.js";
+import statusRoutes from "./status.js";
+import userRoutes from "./users.js";
+import variablesRoutes from "./variables.js";
+export default async function apiRoutes(fastify, _options) {
+    // Register auth middleware for all routes in this scope
+    registerAuthMiddleware(fastify);
+    // Register root discovery routes
+    await fastify.register(rootRoutes);
+    // Register auth routes
+    await fastify.register(authRoutes);
+    // Register schema routes
+    await fastify.register(schemaRoutes, { prefix: "/schemas" });
+    // Register user routes
+    await fastify.register(userRoutes, { prefix: "/users" });
+    // Register status routes
+    await fastify.register(statusRoutes);
+    // Register agents routes
+    await fastify.register(agentsRoutes, { prefix: "/agents" });
+    await fastify.register(agentLifecycleRoutes, { prefix: "/agents" });
+    await fastify.register(agentConfigRoutes, { prefix: "/agents" });
+    await fastify.register(agentRunsRoutes, { prefix: "/agents" });
+    await fastify.register(agentMailRoutes, { prefix: "/agents" });
+    await fastify.register(agentChatRoutes, { prefix: "/agents" });
+    // Register hosts routes
+    await fastify.register(hostsRoutes, { prefix: "/hosts" });
+    // Register models routes
+    await fastify.register(modelsRoutes);
+    // Register variables routes
+    await fastify.register(variablesRoutes, { prefix: "/variables" });
+    // Register costs routes
+    await fastify.register(costsRoutes, { prefix: "/costs" });
+    // Register admin routes
+    await fastify.register(adminRoutes, { prefix: "/admin" });
+    // Register attachment routes
+    await fastify.register(attachmentRoutes, { prefix: "/attachments" });
+}
+//# sourceMappingURL=api.js.map

package/dist/routes/attachments.js

@@ -0,0 +1,18 @@
+import { proxyDownloadFromHub } from "../services/attachmentProxyService.js";
+export default function attachmentRoutes(fastify, _options) {
+    // GET /:id or /:id/:filename — Download attachment (proxied through hub)
+    const handler = async (request, reply) => {
+        const publicId = request.params.id;
+        if (!publicId) {
+            return reply.code(400).send({ error: "Missing attachment ID" });
+        }
+        await proxyDownloadFromHub(publicId, reply);
+    };
+    const schema = {
+        description: "Download an attachment by ID (proxied from hub)",
+        tags: ["Attachments"],
+    };
+    fastify.get("/:id", { schema }, handler);
+    fastify.get("/:id/:filename", { schema }, handler);
+}
+//# sourceMappingURL=attachments.js.map

package/dist/routes/auth.js

@@ -0,0 +1,103 @@
+import { hashToken, SESSION_COOKIE_NAME, sessionCookieOptions, } from "@naisys/common-node";
+import { authenticateAndCreateSession, deleteSession, } from "@naisys/supervisor-database";
+import { AuthUserSchema, ErrorResponseSchema, LoginRequestSchema, LoginResponseSchema, LogoutResponseSchema, } from "@naisys/supervisor-shared";
+import { authCache } from "../auth-middleware.js";
+import { getUserByUsername, getUserPermissions, } from "../services/userService.js";
+let lastLoginRequestTime = 0;
+export default function authRoutes(fastify, _options) {
+    const app = fastify.withTypeProvider();
+    // LOGIN
+    app.post("/auth/login", {
+        config: {
+            rateLimit: {
+                max: 5,
+                timeWindow: "1 minute",
+            },
+        },
+        schema: {
+            description: "Authenticate with username and password",
+            tags: ["Authentication"],
+            body: LoginRequestSchema,
+            response: {
+                200: LoginResponseSchema,
+                401: ErrorResponseSchema,
+                429: ErrorResponseSchema,
+            },
+        },
+    }, async (request, reply) => {
+        const currentTime = Date.now();
+        if (currentTime - lastLoginRequestTime < 5000) {
+            reply.code(429);
+            return {
+                success: false,
+                message: "Too many requests. Please wait before trying again.",
+            };
+        }
+        lastLoginRequestTime = currentTime;
+        const { username, password } = request.body;
+        const authResult = await authenticateAndCreateSession(username, password);
+        if (!authResult) {
+            reply.code(401);
+            return {
+                success: false,
+                message: "Invalid username or password",
+            };
+        }
+        reply.setCookie(SESSION_COOKIE_NAME, authResult.token, sessionCookieOptions(authResult.expiresAt));
+        const user = await getUserByUsername(username);
+        const permissions = user ? await getUserPermissions(user.id) : [];
+        return {
+            user: {
+                id: user?.id ?? 0,
+                username: authResult.user.username,
+                permissions,
+            },
+        };
+    });
+    // LOGOUT
+    app.post("/auth/logout", {
+        schema: {
+            description: "Log out and clear session",
+            tags: ["Authentication"],
+            response: {
+                200: LogoutResponseSchema,
+            },
+            security: [{ cookieAuth: [] }],
+        },
+    }, async (request, reply) => {
+        const token = request.cookies?.[SESSION_COOKIE_NAME];
+        // Clear from hub and auth cache
+        if (token) {
+            const tokenHash = hashToken(token);
+            authCache.invalidate(`cookie:${tokenHash}`);
+            await deleteSession(tokenHash);
+        }
+        reply.clearCookie(SESSION_COOKIE_NAME, { path: "/" });
+        return {
+            success: true,
+            message: "Logged out successfully",
+        };
+    });
+    // ME
+    app.get("/auth/me", {
+        schema: {
+            description: "Get current authenticated user",
+            tags: ["Authentication"],
+            response: {
+                200: AuthUserSchema,
+                401: ErrorResponseSchema,
+            },
+            security: [{ cookieAuth: [] }],
+        },
+    }, async (request, reply) => {
+        if (!request.supervisorUser) {
+            reply.code(401);
+            return {
+                success: false,
+                message: "Not authenticated",
+            };
+        }
+        return request.supervisorUser;
+    });
+}
+//# sourceMappingURL=auth.js.map