@nordbyte/nordrelay 0.4.1 → 0.5.1

package/dist/web-dashboard-pages.js

@@ -0,0 +1,257 @@
+import { renderDashboardNav } from "./web-dashboard-ui.js";
+export function renderLoginPage(options) {
+    return `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>NordRelay Login</title>
+  <style>
+    body{margin:0;min-height:100vh;display:grid;place-items:center;background:#f4f5f2;color:#181c19;font-family:Inter,system-ui,-apple-system,Segoe UI,sans-serif}
+    form{width:min(420px,calc(100vw - 32px));background:white;border:1px solid #dfe3dc;border-radius:8px;padding:24px;box-shadow:0 20px 60px rgba(20,30,24,.08)}
+    h1{font-size:24px;margin:0 0 8px}
+    p{color:#5d665d;margin:0 0 18px}
+    label{display:block;font-size:13px;color:#4b544d;margin:14px 0 6px}
+    input{box-sizing:border-box;width:100%;height:40px;border:1px solid #cfd6ce;border-radius:6px;padding:0 10px;font:inherit}
+    button{margin-top:18px;width:100%;height:42px;border:0;border-radius:6px;background:#205c43;color:white;font-weight:650;cursor:pointer}
+    .error{color:#9b1c1c;min-height:22px;margin-top:12px}
+  </style>
+</head>
+<body>
+  <form id="login">
+    <h1>NordRelay Dashboard</h1>
+    <p>${options.adminConfigured ? "Sign in with your NordRelay user account." : "No admin user exists. Run nordrelay user create-admin on this host first."}</p>
+    <label>Email</label><input id="email" name="email" type="email" autocomplete="username" ${options.adminConfigured ? "" : "disabled"}>
+    <label>Password</label><input id="password" name="password" type="password" autocomplete="current-password" ${options.adminConfigured ? "" : "disabled"}>
+    <button ${options.adminConfigured ? "" : "disabled"}>Sign in</button>
+    <div class="error" id="error"></div>
+  </form>
+  <script>
+    document.getElementById('login').addEventListener('submit', async (event) => {
+      event.preventDefault();
+      const payload = {
+        email: document.getElementById('email')?.value || undefined,
+        password: document.getElementById('password')?.value || undefined,
+      };
+      const res = await fetch('/api/auth', { method:'POST', headers:{'content-type':'application/json'}, body: JSON.stringify(payload) });
+      if (!res.ok) {
+        document.getElementById('error').textContent = 'Invalid credentials';
+        return;
+      }
+      location.href = '/';
+    });
+  </script>
+</body>
+</html>`;
+}
+export function renderDashboardApp() {
+    return `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>NordRelay Dashboard</title>
+  <script>document.documentElement.dataset.theme = localStorage.getItem('nordrelayTheme') || 'light';</script>
+  <link rel="stylesheet" href="/assets/dashboard.css">
+</head>
+<body>
+  <div class="app">
+    <aside class="sidebar" id="sidebar">
+      <div class="brand"><span class="mark">NR</span><div><strong>NordRelay</strong><small>Remote control</small></div></div>
+      <nav>
+        ${renderDashboardNav()}
+      </nav>
+    </aside>
+    <main>
+      <header>
+        <button class="menu" id="menuBtn">Menu</button>
+        <div>
+          <h1 id="pageTitle">Overview</h1>
+          <p id="sessionLine">Loading session...</p>
+        </div>
+        <div class="header-actions">
+          <span id="connectionStatus" class="badge">Connecting</span>
+          <select id="agentSelect"></select>
+          <button id="themeBtn" class="secondary" title="Toggle dark theme">Dark</button>
+          <button id="refreshBtn">Refresh</button>
+          <button id="logoutBtn" class="secondary">Logout</button>
+        </div>
+      </header>
+
+      <section class="page active" id="page-overview">
+        <div class="metrics" id="metrics"></div>
+        <div class="stack">
+          <div class="panel"><h2>Current Session</h2><pre id="sessionText"></pre></div>
+          <div class="overview-adapter-grid">
+            <div class="panel"><h2>Agent Adapters</h2><div id="agentAdapters"></div></div>
+            <div class="panel"><h2>Chat Adapters</h2><div id="chatAdapters"></div></div>
+          </div>
+        </div>
+      </section>
+
+      <section class="page" id="page-chat">
+        <div class="chat-layout">
+          <div class="panel chat-panel">
+            <div class="chat-toolbar">
+              <button id="newSessionBtn">New session</button>
+              <button id="retryBtn" class="secondary">Retry</button>
+              <button id="editLastBtn" class="secondary">Edit last</button>
+              <button id="syncBtn" class="secondary">Sync</button>
+              <button id="notifyBtn" class="secondary">Notify</button>
+              <button id="clearChatBtn" class="secondary">Clear history</button>
+              <button id="abortBtn">Abort</button>
+              <button id="handbackBtn">Handback</button>
+            </div>
+            <div class="control-grid" id="sessionControls"></div>
+            <div id="messages" class="messages"></div>
+            <form id="promptForm" class="composer">
+              <div class="composer-fields">
+                <textarea id="promptInput" placeholder="Send a message to the active coding agent..." rows="3"></textarea>
+                <div class="attachment-row">
+                  <label class="file-button" for="fileInput">Attach files</label>
+                  <input id="fileInput" type="file" multiple>
+                  <button type="button" id="recordBtn" class="secondary">Record voice</button>
+                  <span id="fileSummary">No files selected</span>
+                  <button type="button" id="clearFilesBtn" class="secondary">Clear</button>
+                </div>
+              </div>
+              <button>Send</button>
+            </form>
+          </div>
+          <div class="panel side-panel"><h2>Tools / Plan</h2><div id="toolStream" class="tool-stream"></div></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-tasks">
+        <div class="panel">
+          <div class="row"><button id="reloadTasksBtn">Reload tasks</button></div>
+          <div id="tasksList" class="list"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-sessions">
+        <div class="panel">
+          <div class="sessions-toolbar">
+            <div class="row search-row"><input id="sessionSearch" placeholder="Search sessions"><button id="sessionSearchBtn">Search</button></div>
+            <div class="row attach-row"><input id="attachInput" placeholder="Thread ID to attach/switch"><button id="attachBtn">Attach</button></div>
+          </div>
+          <div id="sessionsList" class="list"></div>
+          <div id="sessionsPager" class="pager"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-queue">
+        <div class="panel">
+          <div class="row"><button data-queue="pause">Pause</button><button data-queue="resume">Resume</button><button data-queue="clear" class="danger">Clear</button><span id="queueStatus"></span></div>
+          <div id="queueList" class="list"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-activity">
+        <div class="panel">
+          <div class="row"><select id="activitySource"><option value="all">All sources</option><option value="web">Web</option><option value="cli">CLI</option></select><select id="activityStatus"><option value="all">All statuses</option><option value="queued">Queued</option><option value="running">Running</option><option value="completed">Completed</option><option value="failed">Failed</option><option value="aborted">Aborted</option><option value="info">Info</option></select><input id="activitySince" type="datetime-local"><input id="activityLimit" type="number" value="100" min="1" max="500"><button id="loadActivityBtn">Load activity</button><button id="exportActivityBtn" class="secondary">Export</button></div>
+          <div id="activityList" class="list"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-artifacts">
+        <div class="panel">
+          <div class="row"><button id="reloadArtifactsBtn">Reload artifacts</button><input id="artifactSearch" placeholder="Search artifacts"><select id="artifactKind"><option value="all">All files</option><option value="images">Images</option><option value="docs">Docs/code</option></select><button id="zipSelectedArtifactsBtn" class="secondary">ZIP selected</button><button id="deleteSelectedArtifactsBtn" class="danger">Delete selected</button></div>
+          <div id="artifactPreview" class="preview"></div>
+          <div id="artifactList" class="list"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-adapters">
+        <div class="panel">
+          <div class="row"><button id="reloadAdaptersBtn">Reload adapters</button></div>
+          <div id="adapterHealth" class="list"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-access">
+        <div class="panel">
+          <div class="row"><button id="loadAccessBtn">Reload users</button><button id="createUserBtn">Create user</button><button id="createGroupBtn" class="secondary">Create group</button><button id="createChatBtn" class="secondary">Add Telegram chat</button><button id="lockSessionBtn" class="secondary">Lock web session</button><button id="unlockSessionBtn" class="secondary">Unlock web session</button></div>
+          <div id="accessPanel" class="settings-grid"></div>
+          <h2>Groups</h2>
+          <div id="groupsList" class="list"></div>
+          <h2>Telegram chats</h2>
+          <div id="telegramChatsList" class="list"></div>
+          <h2>Locks</h2>
+          <div id="locksList" class="list"></div>
+          <h2>Audit</h2>
+          <div class="row"><input id="auditLimit" type="number" value="50" min="1" max="200"><button id="loadAuditBtn">Load audit</button></div>
+          <div id="auditList" class="list"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-version">
+        <div class="panel">
+          <div class="row version-actions"><button id="loadVersionBtn">Check versions</button><button id="updateBtn" class="secondary">Update NordRelay</button></div>
+          <div id="versionPanel" class="list"></div>
+          <h2 class="version-update-title">Agent update jobs</h2>
+          <div id="agentUpdateJobs" class="list"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-settings">
+        <div class="panel">
+          <div class="row"><button id="saveSettingsBtn">Save settings</button><button id="restartBtn" class="secondary">Restart NordRelay</button><span id="settingsStatus"></span></div>
+          <div id="settingsTabs" class="tabs"></div>
+          <div id="settingsForm" class="settings-grid"></div>
+        </div>
+      </section>
+
+      <section class="page" id="page-logs">
+        <div class="panel">
+          <div class="row"><select id="logTarget"><option value="connector">Connector</option><option value="update">NordRelay Update</option><option value="agent-updates">Agent Updates</option></select><select id="logLevel"><option value="all">All levels</option><option value="ERROR">Error</option><option value="WARN">Warn</option><option value="INFO">Info</option></select><input id="logSearch" placeholder="Search logs"><input id="logSince" type="datetime-local" title="Show entries after this time"><input id="logLines" type="number" value="120" min="1" max="300"><label class="checkbox"><input id="logAutoRefresh" type="checkbox"> Auto</label><label class="checkbox"><input id="logFollow" type="checkbox"> Follow</label><button id="loadLogsBtn">Load logs</button><button id="downloadLogsBtn" class="secondary">Download</button><button id="clearLogsBtn" class="danger">Clear</button></div>
+          <pre id="logs" class="log-view"></pre>
+        </div>
+      </section>
+
+      <section class="page" id="page-diagnostics">
+        <div class="panel">
+          <div class="row"><button id="exportDiagnosticsBundleBtn" class="secondary">Export diagnostics bundle</button></div>
+          <div id="diagnostics" class="list"></div>
+        </div>
+      </section>
+
+      <footer>
+        <span id="footerVersion">NordRelay</span>
+        <span id="footerHealth">Health: loading</span>
+        <span id="footerUser">User: loading</span>
+      </footer>
+    </main>
+  </div>
+  <dialog id="newSessionDialog">
+    <form method="dialog" id="newSessionForm">
+      <h2>New Session</h2>
+      <div class="form-grid">
+        <label>Agent<select id="newAgent"></select></label>
+        <label>Workspace<input id="newWorkspace" list="workspaceOptions" placeholder="Current workspace"></label>
+        <label>Model<select id="newModel"></select></label>
+        <label id="newReasoningWrap">Reasoning<select id="newReasoning"></select></label>
+        <label id="newLaunchWrap">Launch profile<select id="newLaunch"></select></label>
+        <label id="newFastWrap" class="checkbox"><input id="newFast" type="checkbox"> Fast mode</label>
+      </div>
+      <datalist id="workspaceOptions"></datalist>
+      <div class="row dialog-actions"><button type="button" id="cancelSessionBtn" class="secondary">Cancel</button><button id="createSessionBtn" value="default">Create session</button></div>
+    </form>
+  </dialog>
+  <dialog id="sessionDetailDialog">
+    <div id="sessionDetail"></div>
+    <div class="row dialog-actions"><button id="closeSessionDetailBtn" class="secondary">Close</button></div>
+  </dialog>
+  <dialog id="adminDialog">
+    <form method="dialog" id="adminDialogForm">
+      <h2 id="adminDialogTitle">Edit</h2>
+      <div id="adminDialogBody" class="form-grid"></div>
+      <div class="row dialog-actions"><button type="button" id="adminDialogCancel" class="secondary">Cancel</button><button id="adminDialogSubmit" value="default">Save</button></div>
+    </form>
+  </dialog>
+  <div id="toolTooltip" class="tool-tooltip"></div>
+  <div id="toast"></div>
+  <script src="/assets/dashboard.js"></script>
+</body>
+</html>`;
+}

package/dist/web-dashboard-runtime-routes.js

@@ -0,0 +1,92 @@
+import { numberParam, optionalStringField, parseAgentUpdateOperation, parseLogTarget, readJsonBody, sendFile, sendJson, stringField, } from "./web-dashboard-http.js";
+export async function handleDashboardRuntimeRoute(req, res, url, options) {
+    const { runtime, users, authUser } = options;
+    if (req.method === "GET" && url.pathname === "/api/health") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, await runtime.status());
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/version") {
+        sendJson(res, 200, await runtime.version());
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/update") {
+        sendJson(res, 202, runtime.updateConnector());
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/agent-updates") {
+        sendJson(res, 200, { jobs: runtime.agentUpdateJobs().filter((job) => users.canUseAgent(authUser, job.agentId)) });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/agent-update") {
+        const body = await readJsonBody(req);
+        const agentId = options.parseAgentIdRequired(stringField(body, "agentId"));
+        const operation = parseAgentUpdateOperation(optionalStringField(body, "operation"));
+        options.assertScopedAgent(authUser, agentId);
+        sendJson(res, 202, { job: runtime.startAgentUpdate(agentId, operation) });
+        return true;
+    }
+    const agentUpdateLogMatch = url.pathname.match(/^\/api\/agent-update\/([^/]+)\/log$/);
+    if (req.method === "GET" && agentUpdateLogMatch?.[1]) {
+        const id = decodeURIComponent(agentUpdateLogMatch[1]);
+        options.assertAgentUpdateJobScope(authUser, id);
+        sendJson(res, 200, runtime.agentUpdateLog(id));
+        return true;
+    }
+    if (req.method === "DELETE" && agentUpdateLogMatch?.[1]) {
+        const id = decodeURIComponent(agentUpdateLogMatch[1]);
+        options.assertAgentUpdateJobScope(authUser, id);
+        sendJson(res, 200, { deletedId: id, job: runtime.deleteAgentUpdateLog(id) });
+        return true;
+    }
+    const agentUpdateInputMatch = url.pathname.match(/^\/api\/agent-update\/([^/]+)\/input$/);
+    if (req.method === "POST" && agentUpdateInputMatch?.[1]) {
+        const body = await readJsonBody(req);
+        const id = decodeURIComponent(agentUpdateInputMatch[1]);
+        options.assertAgentUpdateJobScope(authUser, id);
+        sendJson(res, 200, { job: runtime.sendAgentUpdateInput(id, stringField(body, "input")) });
+        return true;
+    }
+    const agentUpdateCancelMatch = url.pathname.match(/^\/api\/agent-update\/([^/]+)\/cancel$/);
+    if (req.method === "POST" && agentUpdateCancelMatch?.[1]) {
+        const id = decodeURIComponent(agentUpdateCancelMatch[1]);
+        options.assertAgentUpdateJobScope(authUser, id);
+        sendJson(res, 200, { job: runtime.cancelAgentUpdate(id) });
+        return true;
+    }
+    if (req.method === "GET" && (url.pathname === "/api/tasks" || url.pathname === "/api/progress")) {
+        sendJson(res, 200, await options.scopedTasks(authUser, runtime.tasks()));
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/adapters/health") {
+        sendJson(res, 200, { adapters: (await runtime.adapterHealth()).filter((adapter) => users.canUseAgent(authUser, adapter.id)) });
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/logs") {
+        const target = parseLogTarget(url.searchParams.get("target") ?? undefined);
+        sendJson(res, 200, await runtime.logs(target, numberParam(url, "lines", 100)));
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/logs/clear") {
+        const body = await readJsonBody(req);
+        const target = parseLogTarget(optionalStringField(body, "target"));
+        sendJson(res, 200, runtime.clearLogs(target));
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/diagnostics") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, await runtime.diagnostics());
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/diagnostics/bundle") {
+        await options.assertCurrentSessionScope(authUser);
+        const bundle = await runtime.supportBundle();
+        sendFile(res, bundle.path, bundle.name);
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/runtime/restart") {
+        sendJson(res, 202, runtime.restartConnector());
+        return true;
+    }
+    return false;
+}

package/dist/web-dashboard-session-routes.js

@@ -0,0 +1,209 @@
+import { isAgentId } from "./agent.js";
+import { numberParam, optionalBooleanField, optionalStringField, parseUploadFiles, readJsonBody, requiredSearch, sendJson, stringField, } from "./web-dashboard-http.js";
+export async function handleDashboardSessionRoute(req, res, url, options) {
+    const { runtime, authUser } = options;
+    if (req.method === "GET" && url.pathname === "/api/locks") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { locks: runtime.locks() });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/locks") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { lock: runtime.lockWebSession(optionalStringField(body, "ownerName")), locks: runtime.locks() });
+        return true;
+    }
+    if (req.method === "DELETE" && url.pathname === "/api/locks") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, runtime.unlockWebSession());
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/auth/status") {
+        const agentId = options.parseAgentId(url.searchParams.get("agent") ?? undefined);
+        options.assertScopedAgent(authUser, agentId);
+        sendJson(res, 200, await runtime.authStatus(agentId));
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/auth/login") {
+        const body = await readJsonBody(req);
+        const agentId = options.parseAgentId(optionalStringField(body, "agentId"));
+        options.assertScopedAgent(authUser, agentId);
+        sendJson(res, 200, await runtime.login(agentId));
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/auth/logout") {
+        const body = await readJsonBody(req);
+        const agentId = options.parseAgentId(optionalStringField(body, "agentId"));
+        options.assertScopedAgent(authUser, agentId);
+        sendJson(res, 200, await runtime.logout(agentId));
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/snapshot") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, await runtime.snapshot());
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/sessions") {
+        const agentId = options.parseAgentId(url.searchParams.get("agent") ?? undefined);
+        if (agentId) {
+            options.assertScopedAgent(authUser, agentId);
+        }
+        else {
+            await options.assertCurrentSessionScope(authUser);
+        }
+        const page = await runtime.listSessionsPage(numberParam(url, "page", 1), numberParam(url, "limit", 50), url.searchParams.get("query") ?? "", agentId);
+        sendJson(res, 200, options.scopedSessionPage(authUser, page));
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/agent") {
+        const body = await readJsonBody(req);
+        const agentId = stringField(body, "agentId");
+        if (!isAgentId(agentId)) {
+            throw new Error(`Invalid agent: ${agentId}`);
+        }
+        options.assertScopedAgent(authUser, agentId);
+        sendJson(res, 200, { session: await runtime.setAgent(agentId) });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/sessions/new") {
+        const body = await readJsonBody(req);
+        const agentId = options.parseAgentId(optionalStringField(body, "agentId"));
+        const workspace = optionalStringField(body, "workspace");
+        options.assertScopedAgent(authUser, agentId);
+        options.assertScopedWorkspace(authUser, workspace);
+        sendJson(res, 200, {
+            session: await runtime.newSession({
+                agentId,
+                workspace,
+                model: optionalStringField(body, "model"),
+                reasoningEffort: optionalStringField(body, "reasoningEffort"),
+                launchProfileId: optionalStringField(body, "launchProfileId"),
+                fastMode: optionalBooleanField(body, "fastMode"),
+            }),
+        });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/sessions/switch") {
+        const body = await readJsonBody(req);
+        const threadId = stringField(body, "threadId");
+        const detail = await runtime.sessionDetail(threadId);
+        if (detail.record && typeof detail.record === "object") {
+            options.assertSessionScope(authUser, detail.record);
+        }
+        const session = await runtime.switchSession(threadId);
+        options.assertSessionScope(authUser, session);
+        sendJson(res, 200, { session });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/sessions/attach") {
+        const body = await readJsonBody(req);
+        const session = await runtime.attachSession(stringField(body, "threadId"));
+        options.assertSessionScope(authUser, session);
+        sendJson(res, 200, { session });
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/sessions/detail") {
+        const threadId = requiredSearch(url, "threadId");
+        const detail = await runtime.sessionDetail(threadId);
+        options.assertSessionDetailScope(authUser, threadId, detail);
+        sendJson(res, 200, detail);
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/models") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { models: await runtime.listModels() });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/session/model") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { session: await runtime.setModel(stringField(body, "model")) });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/session/reasoning") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { session: await runtime.setReasoningEffort(stringField(body, "reasoning")) });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/session/fast") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { session: await runtime.setFastMode(Boolean(body?.enabled)) });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/session/launch") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { session: await runtime.setLaunchProfile(stringField(body, "profileId")) });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/prompt") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 202, await runtime.sendPrompt(stringField(body, "text")));
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/prompt/upload") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 202, await runtime.sendUploadPrompt({
+            text: optionalStringField(body, "text"),
+            files: parseUploadFiles(body.files),
+        }));
+        return true;
+    }
+    if (req.method === "POST" && (url.pathname === "/api/abort" || url.pathname === "/api/stop")) {
+        await options.assertCurrentSessionScope(authUser);
+        await runtime.abort();
+        sendJson(res, 200, { ok: true });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/handback") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, await runtime.handback());
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/retry") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 202, await runtime.retry());
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/sync") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, await runtime.sync());
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/queue") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { queue: runtime.queue(), paused: runtime.queuePaused() });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/queue") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { queue: runtime.queueAction(stringField(body, "action"), optionalStringField(body, "id")), paused: runtime.queuePaused() });
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/chat/history") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { messages: await runtime.chatHistory(numberParam(url, "limit", 200)) });
+        return true;
+    }
+    if (req.method === "DELETE" && url.pathname === "/api/chat/history") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, await runtime.clearChatHistory());
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/activity") {
+        sendJson(res, 200, {
+            events: options.filterActivityByScope(authUser, runtime.activity({
+                limit: numberParam(url, "limit", 100),
+                source: (url.searchParams.get("source") || "all"),
+                status: (url.searchParams.get("status") || "all"),
+            })),
+        });
+        return true;
+    }
+    return false;
+}

package/dist/web-dashboard-ui.js

@@ -1,18 +1,18 @@
 export const DASHBOARD_PAGES = [
-    { id: "overview", label: "Overview" },
-    { id: "chat", label: "Chat" },
-    { id: "sessions", label: "Sessions" },
-    { id: "queue", label: "Queue" },
-    { id: "tasks", label: "Tasks" },
-    { id: "activity", label: "Activity" },
-    { id: "artifacts", label: "Artifacts" },
-    { id: "adapters", label: "Adapters" },
-    { id: "access", label: "Access" },
-    { id: "version", label: "Version" },
-    { id: "settings", label: "Settings" },
-    { id: "logs", label: "Logs" },
-    { id: "diagnostics", label: "Diagnostics" },
+    { id: "overview", label: "Overview", permission: "inspect" },
+    { id: "chat", label: "Chat", permission: "sessions.read" },
+    { id: "sessions", label: "Sessions", permission: "sessions.read" },
+    { id: "queue", label: "Queue", permission: "queue.read" },
+    { id: "tasks", label: "Tasks", permission: "inspect" },
+    { id: "activity", label: "Activity", permission: "sessions.read" },
+    { id: "artifacts", label: "Artifacts", permission: "files.read" },
+    { id: "adapters", label: "Adapters", permission: "inspect" },
+    { id: "access", label: "Users", permission: "users.read" },
+    { id: "version", label: "Version", permission: "inspect" },
+    { id: "settings", label: "Settings", permission: "settings.read" },
+    { id: "logs", label: "Logs", permission: "logs.read" },
+    { id: "diagnostics", label: "Diagnostics", permission: "diagnostics.read" },
 ];
 export function renderDashboardNav(activePage = "overview") {
-    return DASHBOARD_PAGES.map((page) => `<button data-page="${page.id}"${page.id === activePage ? ' class="active"' : ""}>${page.label}</button>`).join("\n        ");
+    return DASHBOARD_PAGES.map((page) => `<button data-page="${page.id}" data-permission="${page.permission}"${page.id === activePage ? ' class="active"' : ""}>${page.label}</button>`).join("\n        ");
 }