@naisys/supervisor 3.0.0-beta.7 → 3.0.0-beta.9

package/client-dist/index.html

@@ -40,7 +40,7 @@
     <meta name="format-detection" content="telephone=no" />
 
     <title>NAISYS Supervisor</title>
-    <script type="module" crossorigin src="/supervisor/assets/index-BBrK4ItN.js"></script>
+    <script type="module" crossorigin src="/supervisor/assets/index-WzoDF0aQ.js"></script>
     <link rel="stylesheet" crossorigin href="/supervisor/assets/index-CKg0vgt5.css">
   </head>
   <body>

package/dist/api-reference.js

@@ -5,22 +5,24 @@ import { registerAuthMiddleware } from "./auth-middleware.js";
  * for the Supervisor service.
  */
 export async function registerApiReference(fastify) {
-    await fastify.register(scalarReference, {
-        routePrefix: "/supervisor/api-reference",
-        configuration: {
-            spec: { url: "/api/supervisor/openapi.json" },
-            theme: "kepler",
-        },
-    });
-    // Wrap in a scoped plugin so registerAuthMiddleware gates access
-    // (respects PUBLIC_READ for GETs, requires auth otherwise)
+    // Both the reference page and spec endpoint are inside the auth scope.
+    // isPublicRoute treats /supervisor/api-reference as non-public (starts
+    // with /supervisor/api), so PUBLIC_READ=true allows GET access while
+    // PUBLIC_READ=false requires authentication.
     await fastify.register(async (scope) => {
         registerAuthMiddleware(scope);
-        scope.get("/api/supervisor/openapi.json", () => {
+        await scope.register(scalarReference, {
+            routePrefix: "/supervisor/api-reference",
+            configuration: {
+                spec: { url: "/supervisor/api/openapi.json" },
+                theme: "kepler",
+            },
+        });
+        scope.get("/supervisor/api/openapi.json", () => {
             const spec = fastify.swagger();
             const filteredPaths = {};
             for (const [path, value] of Object.entries(spec.paths || {})) {
-                if (path.startsWith("/api/supervisor/")) {
+                if (path.startsWith("/supervisor/api/")) {
                     filteredPaths[path] = value;
                 }
             }

package/dist/auth-middleware.js

@@ -3,17 +3,17 @@ import { extractBearerToken, hashToken, SESSION_COOKIE_NAME, } from "@naisys/com
 import { findAgentByApiKey } from "@naisys/hub-database";
 import { findSession, findUserByApiKey } from "@naisys/supervisor-database";
 import { createUserForAgent, getUserByUuid, getUserPermissions, } from "./services/userService.js";
-const PUBLIC_PREFIXES = ["/api/supervisor/auth/login"];
+const PUBLIC_PREFIXES = ["/supervisor/api/auth/login"];
 export const authCache = new AuthCache();
 function isPublicRoute(url) {
-    if (url === "/api/supervisor/" || url === "/api/supervisor")
+    if (url === "/supervisor/api/" || url === "/supervisor/api")
         return true;
     for (const prefix of PUBLIC_PREFIXES) {
         if (url.startsWith(prefix))
             return true;
     }
     // Non-supervisor-API paths (static files, ERP routes, etc.)
-    if (!url.startsWith("/api/supervisor"))
+    if (!url.startsWith("/supervisor/api"))
         return true;
     return false;
 }

package/dist/hateoas.js

@@ -1,4 +1,4 @@
-export const API_PREFIX = "/api/supervisor";
+export const API_PREFIX = "/supervisor/api";
 export function selfLink(path, title) {
     return { rel: "self", href: `${API_PREFIX}${path}`, title };
 }

package/dist/routes/root.js

@@ -1,5 +1,5 @@
 import { PermissionEnum } from "@naisys/supervisor-shared";
-const API_PREFIX = "/api/supervisor";
+const API_PREFIX = "/supervisor/api";
 export default function rootRoutes(fastify, _options) {
     fastify.get("/", {
         schema: {

package/dist/services/browserSocketService.js

@@ -1,11 +1,11 @@
-import { Server as SocketIOServer } from "socket.io";
 import { extractBearerToken } from "@naisys/common-node";
+import { Server as SocketIOServer } from "socket.io";
 import { resolveUserFromApiKey, resolveUserFromToken, } from "../auth-middleware.js";
 import { isHubConnected } from "./hubConnectionService.js";
 let io = null;
 export function initBrowserSocket(httpServer, isProd) {
     io = new SocketIOServer(httpServer, {
-        path: "/api/supervisor/ws",
+        path: "/supervisor/api/ws",
         cors: isProd
             ? undefined
             : { origin: ["http://localhost:3002"], credentials: true },

package/dist/services/runsService.js

@@ -41,7 +41,11 @@ export function obfuscateLogs(data) {
             ...log,
             message: obfuscateText(log.message),
             attachment: log.attachment
-                ? { id: "no-access", filename: obfuscateFilename(log.attachment.filename), fileSize: 0 }
+                ? {
+                    id: "no-access",
+                    filename: obfuscateFilename(log.attachment.filename),
+                    fileSize: 0,
+                }
                 : undefined,
         })),
     };

package/dist/supervisorServer.js

@@ -96,7 +96,7 @@ export const startServer = async (startupType, plugins = [], hubPort) => {
     await fastify.register(rateLimit, {
         max: 500,
         timeWindow: "1 minute",
-        allowList: (request) => !request.url.startsWith("/api/"),
+        allowList: (request) => !request.url.match(/^\/(supervisor|erp)\/api\//),
     });
     await fastify.register(multipart, {
         limits: { fileSize: MAX_ATTACHMENT_SIZE },
@@ -126,9 +126,9 @@ export const startServer = async (startupType, plugins = [], hubPort) => {
     fastify.get("/", { schema: { hide: true } }, async (_request, reply) => {
         return reply.redirect("/supervisor/");
     });
-    fastify.register(apiRoutes, { prefix: "/api/supervisor" });
+    fastify.register(apiRoutes, { prefix: "/supervisor/api" });
     // Public endpoint to expose client configuration (plugins, publicRead, etc.)
-    fastify.get("/api/supervisor/client-config", { schema: { hide: true } }, () => ({
+    fastify.get("/supervisor/api/client-config", { schema: { hide: true } }, () => ({
         plugins,
         publicRead: process.env.PUBLIC_READ === "true",
         permissions: PermissionEnum.options,
@@ -148,7 +148,7 @@ export const startServer = async (startupType, plugins = [], hubPort) => {
             prefix: "/supervisor/",
         });
         fastify.setNotFoundHandler((request, reply) => {
-            if (request.url.startsWith("/api/")) {
+            if (request.url.match(/^\/(supervisor|erp)\/api\//)) {
                 reply.code(404).send({ error: "API endpoint not found" });
             }
             else if (request.url.startsWith("/supervisor")) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naisys/supervisor",
-  "version": "3.0.0-beta.7",
+  "version": "3.0.0-beta.9",
   "description": "NAISYS Supervisor - Web UI for monitoring agents, logs, and messaging",
   "type": "module",
   "main": "dist/supervisorServer.js",
@@ -33,7 +33,7 @@
     "!dist/**/*.test.*"
   ],
   "peerDependencies": {
-    "@naisys/erp": "3.0.0-beta.7"
+    "@naisys/erp": "3.0.0-beta.9"
   },
   "peerDependenciesMeta": {
     "@naisys/erp": {
@@ -47,12 +47,12 @@
     "@fastify/rate-limit": "^10.3.0",
     "@fastify/static": "^9.0.0",
     "@fastify/swagger": "^9.7.0",
-    "@naisys/supervisor-shared": "3.0.0-beta.7",
-    "@naisys/common": "3.0.0-beta.7",
-    "@naisys/common-node": "3.0.0-beta.7",
-    "@naisys/hub-database": "3.0.0-beta.7",
-    "@naisys/hub-protocol": "3.0.0-beta.7",
-    "@naisys/supervisor-database": "3.0.0-beta.7",
+    "@naisys/supervisor-shared": "3.0.0-beta.9",
+    "@naisys/common": "3.0.0-beta.9",
+    "@naisys/common-node": "3.0.0-beta.9",
+    "@naisys/hub-database": "3.0.0-beta.9",
+    "@naisys/hub-protocol": "3.0.0-beta.9",
+    "@naisys/supervisor-database": "3.0.0-beta.9",
     "@scalar/fastify-api-reference": "^1.48.7",
     "@types/archiver": "^7.0.0",
     "archiver": "^7.0.1",