@nordbyte/nordrelay 0.5.2 → 0.6.0

package/dist/telegram-support-command.js

@@ -26,6 +26,13 @@ export function registerTelegramSupportCommands(options) {
                 action: "command",
                 status: "ok",
                 contextKey,
+                actor: {
+                    channel: "telegram",
+                    id: ctx.from?.id !== undefined ? `telegram:${ctx.from.id}` : undefined,
+                    label: ctx.from?.username || ctx.from?.first_name || (ctx.from?.id !== undefined ? String(ctx.from.id) : undefined),
+                    username: ctx.from?.username,
+                    channelUserId: ctx.from?.id !== undefined ? String(ctx.from.id) : undefined,
+                },
                 actorId: ctx.from?.id,
                 actorRole: options.getUserRole(ctx),
                 description: "export diagnostics bundle",

package/dist/telegram-update-commands.js

@@ -33,12 +33,26 @@ export function registerTelegramUpdateCommands(deps) {
         }
         if (subcommand === "cancel" && tokens[1]) {
             const job = agentUpdates.cancel(tokens[1]);
+            deps.appendActivity?.(ctx, {
+                status: "aborted",
+                type: "agent_update_cancel_requested",
+                threadId: null,
+                agentId: job.agentId,
+                detail: `${job.agentLabel} ${job.operation} cancellation requested.`,
+            });
             const rendered = renderAgentUpdateJobAction(job);
             await replyChannelAction(ctx, rendered);
             return;
         }
         if ((subcommand === "input" || subcommand === "send") && tokens[1] && tokens.slice(2).join(" ").trim()) {
             const job = agentUpdates.sendInput(tokens[1], tokens.slice(2).join(" "));
+            deps.appendActivity?.(ctx, {
+                status: "info",
+                type: "agent_update_input_sent",
+                threadId: null,
+                agentId: job.agentId,
+                detail: `Input sent to ${job.agentLabel} ${job.operation}.`,
+            });
             const rendered = renderAgentUpdateJobAction(job);
             await replyChannelAction(ctx, rendered);
             return;
@@ -54,6 +68,12 @@ export function registerTelegramUpdateCommands(deps) {
             return;
         }
         const update = spawnSelfUpdate();
+        deps.appendActivity?.(ctx, {
+            status: "info",
+            type: "update_started",
+            threadId: null,
+            detail: `${update.method}: ${update.summary}`,
+        });
         const rendered = renderSelfUpdateStartedAction(update);
         await replyChannelAction(ctx, rendered);
     });
@@ -87,6 +107,13 @@ export function registerTelegramUpdateCommands(deps) {
             return;
         }
         const job = agentUpdates.cancel(id);
+        deps.appendActivity?.(ctx, {
+            status: "aborted",
+            type: "agent_update_cancel_requested",
+            threadId: null,
+            agentId: job.agentId,
+            detail: `${job.agentLabel} ${job.operation} cancellation requested.`,
+        });
         const rendered = renderAgentUpdateJobAction(job);
         await replyChannelAction(ctx, rendered);
     });

package/dist/user-management.js

@@ -25,12 +25,14 @@ export class UserStore {
                 ...user,
                 groups: this.groupsForUser(payload, user.id),
                 telegramIdentities: payload.telegramIdentities.filter((identity) => identity.userId === user.id),
+                discordIdentities: payload.discordIdentities.filter((identity) => identity.userId === user.id),
                 webSessions: payload.webSessions
                     .filter((session) => session.userId === user.id)
                     .map(publicWebSession),
             })),
             groups: payload.groups,
             telegramChats: payload.telegramChats,
+            discordChannels: payload.discordChannels,
             adminConfigured: payload.users.some((user) => user.active && this.groupIdsForUser(payload, user.id).includes(ADMIN_GROUP_ID)),
         };
     }
@@ -83,6 +85,11 @@ export class UserStore {
                     telegramUserId: input.telegramUserId,
                 });
             }
+            if (input.discordUserId !== undefined) {
+                this.upsertDiscordIdentityInPayload(payload, user.id, {
+                    discordUserId: input.discordUserId,
+                });
+            }
             return this.authenticatedUser(payload, user);
         });
     }
@@ -229,6 +236,19 @@ export class UserStore {
         const user = payload.users.find((candidate) => candidate.id === identity.userId && candidate.active);
         return user ? this.authenticatedUser(payload, user) : null;
     }
+    resolveDiscordUser(discordUserId) {
+        const normalized = normalizeDiscordId(discordUserId);
+        if (!normalized) {
+            return null;
+        }
+        const payload = this.readPayload();
+        const identity = payload.discordIdentities.find((candidate) => candidate.discordUserId === normalized && candidate.active);
+        if (!identity) {
+            return null;
+        }
+        const user = payload.users.find((candidate) => candidate.id === identity.userId && candidate.active);
+        return user ? this.authenticatedUser(payload, user) : null;
+    }
     linkTelegramUser(userId, input) {
         return this.mutatePayload((payload) => {
             const user = payload.users.find((candidate) => candidate.id === userId);
@@ -245,6 +265,22 @@ export class UserStore {
             return payload.telegramIdentities.length !== before;
         });
     }
+    linkDiscordUser(userId, input) {
+        return this.mutatePayload((payload) => {
+            const user = payload.users.find((candidate) => candidate.id === userId);
+            if (!user) {
+                throw new Error("User not found.");
+            }
+            return this.upsertDiscordIdentityInPayload(payload, userId, input);
+        });
+    }
+    unlinkDiscordIdentity(identityId) {
+        return this.mutatePayload((payload) => {
+            const before = payload.discordIdentities.length;
+            payload.discordIdentities = payload.discordIdentities.filter((identity) => identity.id !== identityId);
+            return payload.discordIdentities.length !== before;
+        });
+    }
     createTelegramLinkCode(userId) {
         return this.mutatePayload((payload) => {
             if (!payload.users.some((user) => user.id === userId && user.active)) {
@@ -262,6 +298,23 @@ export class UserStore {
             return code;
         });
     }
+    createDiscordLinkCode(userId) {
+        return this.mutatePayload((payload) => {
+            if (!payload.users.some((user) => user.id === userId && user.active)) {
+                throw new Error("Active user not found.");
+            }
+            const now = Date.now();
+            payload.discordLinkCodes = payload.discordLinkCodes.filter((code) => new Date(code.expiresAt).getTime() > now);
+            const code = {
+                code: randomLinkCode(),
+                userId,
+                createdAt: new Date(now).toISOString(),
+                expiresAt: new Date(now + LINK_CODE_TTL_MS).toISOString(),
+            };
+            payload.discordLinkCodes.push(code);
+            return code;
+        });
+    }
     consumeTelegramLinkCode(code, input) {
         return this.mutatePayload((payload) => {
             const normalized = code.trim().toUpperCase();
@@ -279,6 +332,23 @@ export class UserStore {
             return this.authenticatedUser(payload, user);
         });
     }
+    consumeDiscordLinkCode(code, input) {
+        return this.mutatePayload((payload) => {
+            const normalized = code.trim().toUpperCase();
+            const now = Date.now();
+            const link = payload.discordLinkCodes.find((candidate) => candidate.code === normalized && new Date(candidate.expiresAt).getTime() > now);
+            if (!link) {
+                throw new Error("Invalid or expired link code.");
+            }
+            const user = payload.users.find((candidate) => candidate.id === link.userId && candidate.active);
+            if (!user) {
+                throw new Error("Linked user is not active.");
+            }
+            this.upsertDiscordIdentityInPayload(payload, user.id, input);
+            payload.discordLinkCodes = payload.discordLinkCodes.filter((candidate) => candidate.code !== normalized);
+            return this.authenticatedUser(payload, user);
+        });
+    }
     registerTelegramChat(input) {
         return this.mutatePayload((payload) => {
             const now = new Date().toISOString();
@@ -322,6 +392,55 @@ export class UserStore {
             return chat;
         });
     }
+    registerDiscordChannel(input) {
+        return this.mutatePayload((payload) => {
+            const now = new Date().toISOString();
+            const channelId = normalizeDiscordId(input.channelId);
+            if (!channelId) {
+                throw new Error("Discord channel id is required.");
+            }
+            const guildId = normalizeDiscordId(input.guildId);
+            const existing = payload.discordChannels.find((channel) => channel.channelId === channelId && channel.guildId === guildId);
+            const allowedGroupIds = normalizeGroupIds(payload, input.allowedGroupIds ?? [], null);
+            if (existing) {
+                existing.title = input.title ?? existing.title;
+                existing.type = input.type ?? existing.type;
+                existing.enabled = input.enabled ?? existing.enabled;
+                existing.allowedGroupIds = allowedGroupIds;
+                existing.updatedAt = now;
+                return existing;
+            }
+            const channel = {
+                id: randomId(),
+                guildId,
+                channelId,
+                title: input.title,
+                type: input.type,
+                enabled: input.enabled ?? true,
+                allowedGroupIds,
+                createdAt: now,
+                updatedAt: now,
+            };
+            payload.discordChannels.push(channel);
+            return channel;
+        });
+    }
+    updateDiscordChannel(id, patch) {
+        return this.mutatePayload((payload) => {
+            const channel = payload.discordChannels.find((candidate) => candidate.id === id);
+            if (!channel) {
+                throw new Error("Discord channel not found.");
+            }
+            if (patch.enabled !== undefined)
+                channel.enabled = patch.enabled;
+            if (patch.title !== undefined)
+                channel.title = patch.title;
+            if (patch.allowedGroupIds !== undefined)
+                channel.allowedGroupIds = normalizeGroupIds(payload, patch.allowedGroupIds, null);
+            channel.updatedAt = new Date().toISOString();
+            return channel;
+        });
+    }
     isTelegramChatAllowed(chatId, chatType, user) {
         if (chatId === undefined) {
             return false;
@@ -340,6 +459,26 @@ export class UserStore {
         const userGroupIds = new Set(user.groups.map((group) => group.id));
         return access.allowedGroupIds.some((groupId) => userGroupIds.has(groupId)) && this.canUseTelegramChat(user, chatId);
     }
+    isDiscordChannelAllowed(input, user) {
+        const channelId = normalizeDiscordId(input.channelId);
+        if (!channelId) {
+            return false;
+        }
+        if (input.isDirectMessage) {
+            return this.canUseDiscordChannel(user, channelId);
+        }
+        const guildId = normalizeDiscordId(input.guildId);
+        const payload = this.readPayload();
+        const access = payload.discordChannels.find((channel) => channel.channelId === channelId && channel.guildId === guildId);
+        if (!access?.enabled) {
+            return false;
+        }
+        if (access.allowedGroupIds.length === 0) {
+            return this.canUseDiscordChannel(user, channelId);
+        }
+        const userGroupIds = new Set(user.groups.map((group) => group.id));
+        return access.allowedGroupIds.some((groupId) => userGroupIds.has(groupId)) && this.canUseDiscordChannel(user, channelId);
+    }
     hasPermission(user, permission) {
         return Boolean(permission && user?.permissions.includes(permission));
     }
@@ -363,6 +502,13 @@ export class UserStore {
         }
         return user.groups.some((group) => group.telegramChatIds.length === 0 || group.telegramChatIds.includes(chatId));
     }
+    canUseDiscordChannel(user, channelId) {
+        const normalized = normalizeDiscordId(channelId);
+        if (!user || !normalized) {
+            return true;
+        }
+        return user.groups.some((group) => group.discordChannelIds.length === 0 || group.discordChannelIds.includes(normalized));
+    }
     createGroup(input) {
         return this.mutatePayload((payload) => {
             const now = new Date().toISOString();
@@ -382,6 +528,7 @@ export class UserStore {
                 agentIds: normalizeStringList(input.agentIds ?? []),
                 workspaceRoots: normalizeStringList(input.workspaceRoots ?? []),
                 telegramChatIds: normalizeNumberList(input.telegramChatIds ?? []),
+                discordChannelIds: normalizeStringList(input.discordChannelIds ?? []),
                 createdAt: now,
                 updatedAt: now,
             };
@@ -411,6 +558,8 @@ export class UserStore {
                 group.workspaceRoots = normalizeStringList(patch.workspaceRoots);
             if (patch.telegramChatIds !== undefined)
                 group.telegramChatIds = normalizeNumberList(patch.telegramChatIds);
+            if (patch.discordChannelIds !== undefined)
+                group.discordChannelIds = normalizeStringList(patch.discordChannelIds);
             group.updatedAt = new Date().toISOString();
             return group;
         });
@@ -460,6 +609,38 @@ export class UserStore {
         payload.telegramIdentities.push(identity);
         return identity;
     }
+    upsertDiscordIdentityInPayload(payload, userId, input) {
+        const discordUserId = normalizeDiscordId(input.discordUserId);
+        if (!discordUserId) {
+            throw new Error("Discord user id is required.");
+        }
+        const now = new Date().toISOString();
+        for (const identity of payload.discordIdentities) {
+            if (identity.discordUserId === discordUserId && identity.userId !== userId) {
+                identity.active = false;
+            }
+        }
+        const existing = payload.discordIdentities.find((identity) => identity.userId === userId && identity.discordUserId === discordUserId);
+        if (existing) {
+            existing.username = input.username ?? existing.username;
+            existing.globalName = input.globalName ?? existing.globalName;
+            existing.active = true;
+            existing.updatedAt = now;
+            return existing;
+        }
+        const identity = {
+            id: randomId(),
+            userId,
+            discordUserId,
+            username: input.username,
+            globalName: input.globalName,
+            active: true,
+            linkedAt: now,
+            updatedAt: now,
+        };
+        payload.discordIdentities.push(identity);
+        return identity;
+    }
     pruneExpiredSessionsInPayload(payload) {
         const now = Date.now();
         payload.webSessions = payload.webSessions.filter((session) => new Date(session.expiresAt).getTime() > now);
@@ -551,6 +732,7 @@ function normalizePayload(payload) {
             agentIds: [],
             workspaceRoots: [],
             telegramChatIds: [],
+            discordChannelIds: [],
             createdAt: now,
             updatedAt: now,
         });
@@ -565,6 +747,7 @@ function normalizePayload(payload) {
             agentIds: normalizeStringList(group.agentIds),
             workspaceRoots: normalizeStringList(group.workspaceRoots),
             telegramChatIds: normalizeNumberList(group.telegramChatIds),
+            discordChannelIds: normalizeStringList(group.discordChannelIds),
         });
     }
     const groups = Array.from(groupsById.values());
@@ -581,8 +764,14 @@ function normalizePayload(payload) {
             ...chat,
             allowedGroupIds: chat.allowedGroupIds.filter((groupId) => groupIds.has(groupId)),
         })),
+        discordIdentities: (payload?.discordIdentities ?? []).filter((item) => isDiscordIdentityRecord(item) && userIds.has(item.userId)),
+        discordChannels: (payload?.discordChannels ?? []).filter(isDiscordChannelAccessRecord).map((channel) => ({
+            ...channel,
+            allowedGroupIds: channel.allowedGroupIds.filter((groupId) => groupIds.has(groupId)),
+        })),
         webSessions: (payload?.webSessions ?? []).filter((item) => isWebSessionRecord(item) && userIds.has(item.userId)),
         telegramLinkCodes: (payload?.telegramLinkCodes ?? []).filter((item) => isTelegramLinkCodeRecord(item) && userIds.has(item.userId)),
+        discordLinkCodes: (payload?.discordLinkCodes ?? []).filter((item) => isDiscordLinkCodeRecord(item) && userIds.has(item.userId)),
     };
 }
 function normalizeEmail(email) {
@@ -619,6 +808,10 @@ function normalizeStringList(values) {
 function normalizeNumberList(values) {
     return Array.from(new Set((values ?? []).filter((value) => Number.isInteger(value))));
 }
+function normalizeDiscordId(value) {
+    const normalized = String(value ?? "").trim();
+    return normalized || undefined;
+}
 function assertActiveAdminExists(payload) {
     const hasAdmin = payload.users.some((user) => user.active && payload.userGroups.some((item) => item.userId === user.id && item.groupId === ADMIN_GROUP_ID));
     if (!hasAdmin) {
@@ -696,6 +889,16 @@ function isTelegramChatAccessRecord(value) {
     return Boolean(candidate) && typeof candidate.id === "string" && Number.isInteger(candidate.chatId) &&
         typeof candidate.enabled === "boolean" && Array.isArray(candidate.allowedGroupIds);
 }
+function isDiscordIdentityRecord(value) {
+    const candidate = value;
+    return Boolean(candidate) && typeof candidate.id === "string" && typeof candidate.userId === "string" &&
+        typeof candidate.discordUserId === "string" && typeof candidate.active === "boolean";
+}
+function isDiscordChannelAccessRecord(value) {
+    const candidate = value;
+    return Boolean(candidate) && typeof candidate.id === "string" && typeof candidate.channelId === "string" &&
+        typeof candidate.enabled === "boolean" && Array.isArray(candidate.allowedGroupIds);
+}
 function isWebSessionRecord(value) {
     const candidate = value;
     return Boolean(candidate) && typeof candidate.id === "string" && typeof candidate.userId === "string" &&
@@ -706,3 +909,8 @@ function isTelegramLinkCodeRecord(value) {
     return Boolean(candidate) && typeof candidate.code === "string" && typeof candidate.userId === "string" &&
         typeof candidate.expiresAt === "string";
 }
+function isDiscordLinkCodeRecord(value) {
+    const candidate = value;
+    return Boolean(candidate) && typeof candidate.code === "string" && typeof candidate.userId === "string" &&
+        typeof candidate.expiresAt === "string";
+}

package/dist/web-api-contract.js

@@ -7,6 +7,11 @@ export const WEB_API_ROUTE_DEFINITIONS = [
     exact("/api/snapshot", ["GET"], "inspect"),
     exact("/api/tasks", ["GET"], "inspect"),
     exact("/api/progress", ["GET"], "inspect"),
+    exact("/api/metrics", ["GET"], "inspect"),
+    exact("/api/jobs", ["GET"], "inspect"),
+    dynamic("/api/jobs/:id/log", "^/api/jobs/[^/]+/log$", ["GET"], "inspect", `/api/jobs/${stringToken}/log`),
+    dynamic("/api/jobs/:id/action", "^/api/jobs/[^/]+/action$", ["POST"], "inspect", `/api/jobs/${stringToken}/action`),
+    exact("/api/active-sessions", ["GET"], "sessions.read"),
     exact("/api/version", ["GET"], "inspect"),
     exact("/api/update", ["POST"], "updates.run"),
     exact("/api/agent-updates", ["GET"], "updates.run"),
@@ -23,10 +28,14 @@ export const WEB_API_ROUTE_DEFINITIONS = [
     dynamic("/api/users/:id/sessions/:sessionId", "^/api/users/[^/]+/sessions/[^/]+$", ["DELETE"], "users.write", `/api/users/${stringToken}/sessions/${stringToken}`),
     dynamic("/api/users/:id/telegram", "^/api/users/[^/]+/telegram$", ["POST"], "users.write", `/api/users/${stringToken}/telegram`),
     dynamic("/api/users/:id/telegram/:identityId", "^/api/users/[^/]+/telegram/[^/]+$", ["DELETE"], "users.write", `/api/users/${stringToken}/telegram/${stringToken}`),
+    dynamic("/api/users/:id/discord", "^/api/users/[^/]+/discord$", ["POST"], "users.write", `/api/users/${stringToken}/discord`),
+    dynamic("/api/users/:id/discord/:identityId", "^/api/users/[^/]+/discord/[^/]+$", ["DELETE"], "users.write", `/api/users/${stringToken}/discord/${stringToken}`),
     exact("/api/groups", ["GET", "POST"], readWrite("users.read", "users.write")),
     dynamic("/api/groups/:id", "^/api/groups/[^/]+$", ["PATCH"], "users.write", `/api/groups/${stringToken}`),
     exact("/api/telegram-chats", ["GET", "POST"], readWrite("users.read", "users.write")),
     dynamic("/api/telegram-chats/:id", "^/api/telegram-chats/[^/]+$", ["PATCH"], "users.write", `/api/telegram-chats/${stringToken}`),
+    exact("/api/discord-channels", ["GET", "POST"], readWrite("users.read", "users.write")),
+    dynamic("/api/discord-channels/:id", "^/api/discord-channels/[^/]+$", ["PATCH"], "users.write", `/api/discord-channels/${stringToken}`),
     exact("/api/audit", ["GET"], "audit.read"),
     exact("/api/locks", ["GET", "POST", "DELETE"], readWrite("sessions.read", "sessions.write")),
     exact("/api/auth/status", ["GET"], "inspect"),

package/dist/web-dashboard-access-routes.js

@@ -20,6 +20,7 @@ export async function handleDashboardAccessRoute(req, res, url, options) {
             groupIds: arrayStringField(body, "groupIds"),
             active: optionalBooleanField(body, "active") ?? true,
             telegramUserId: optionalNumberField(body, "telegramUserId"),
+            discordUserId: optionalStringField(body, "discordUserId"),
         });
         options.auditUserAction(authUser, "user_created", user.user.email);
         sendJson(res, 201, { user: publicUser(user.user), groups: user.groups });
@@ -93,6 +94,33 @@ export async function handleDashboardAccessRoute(req, res, url, options) {
         sendJson(res, 200, { removed });
         return true;
     }
+    const discordLinkMatch = url.pathname.match(/^\/api\/users\/([^/]+)\/discord$/);
+    if (discordLinkMatch?.[1] && req.method === "POST") {
+        const body = await readJsonBody(req);
+        if (body.createCode === true) {
+            const userId = decodeURIComponent(discordLinkMatch[1]);
+            const linkCode = users.createDiscordLinkCode(userId);
+            options.auditUserAction(authUser, "discord_link_created", userId);
+            sendJson(res, 201, { linkCode });
+            return true;
+        }
+        const identity = users.linkDiscordUser(decodeURIComponent(discordLinkMatch[1]), {
+            discordUserId: stringField(body, "discordUserId"),
+            username: optionalStringField(body, "username"),
+            globalName: optionalStringField(body, "globalName"),
+        });
+        options.auditUserAction(authUser, "discord_linked", identity.discordUserId);
+        sendJson(res, 201, { identity });
+        return true;
+    }
+    const discordUnlinkMatch = url.pathname.match(/^\/api\/users\/[^/]+\/discord\/([^/]+)$/);
+    if (discordUnlinkMatch?.[1] && req.method === "DELETE") {
+        const identityId = decodeURIComponent(discordUnlinkMatch[1]);
+        const removed = users.unlinkDiscordIdentity(identityId);
+        options.auditUserAction(authUser, "discord_unlinked", identityId);
+        sendJson(res, 200, { removed });
+        return true;
+    }
     if (req.method === "GET" && url.pathname === "/api/groups") {
         sendJson(res, 200, { groups: users.listGroups() });
         return true;
@@ -106,6 +134,7 @@ export async function handleDashboardAccessRoute(req, res, url, options) {
             agentIds: arrayStringField(body, "agentIds"),
             workspaceRoots: arrayStringField(body, "workspaceRoots"),
             telegramChatIds: arrayNumberField(body, "telegramChatIds"),
+            discordChannelIds: arrayStringField(body, "discordChannelIds"),
         });
         options.auditUserAction(authUser, "group_created", group.id);
         sendJson(res, 201, { group });
@@ -121,6 +150,7 @@ export async function handleDashboardAccessRoute(req, res, url, options) {
             agentIds: body.agentIds === undefined ? undefined : arrayStringField(body, "agentIds"),
             workspaceRoots: body.workspaceRoots === undefined ? undefined : arrayStringField(body, "workspaceRoots"),
             telegramChatIds: body.telegramChatIds === undefined ? undefined : arrayNumberField(body, "telegramChatIds"),
+            discordChannelIds: body.discordChannelIds === undefined ? undefined : arrayStringField(body, "discordChannelIds"),
         });
         options.auditUserAction(authUser, "group_updated", group.id);
         sendJson(res, 200, { group });
@@ -155,8 +185,51 @@ export async function handleDashboardAccessRoute(req, res, url, options) {
         sendJson(res, 200, { chat });
         return true;
     }
+    if (req.method === "GET" && url.pathname === "/api/discord-channels") {
+        sendJson(res, 200, { channels: users.snapshot().discordChannels });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/discord-channels") {
+        const body = await readJsonBody(req);
+        const channel = users.registerDiscordChannel({
+            guildId: optionalStringField(body, "guildId"),
+            channelId: stringField(body, "channelId"),
+            title: optionalStringField(body, "title"),
+            type: optionalStringField(body, "type"),
+            enabled: optionalBooleanField(body, "enabled") ?? true,
+            allowedGroupIds: arrayStringField(body, "allowedGroupIds"),
+        });
+        options.auditUserAction(authUser, "discord_channel_updated", channel.channelId);
+        sendJson(res, 201, { channel });
+        return true;
+    }
+    const discordChannelMatch = url.pathname.match(/^\/api\/discord-channels\/([^/]+)$/);
+    if (discordChannelMatch?.[1] && req.method === "PATCH") {
+        const body = await readJsonBody(req);
+        const channel = users.updateDiscordChannel(decodeURIComponent(discordChannelMatch[1]), {
+            enabled: optionalBooleanField(body, "enabled"),
+            title: optionalStringField(body, "title"),
+            allowedGroupIds: body.allowedGroupIds === undefined ? undefined : arrayStringField(body, "allowedGroupIds"),
+        });
+        options.auditUserAction(authUser, "discord_channel_updated", channel.channelId);
+        sendJson(res, 200, { channel });
+        return true;
+    }
     if (req.method === "GET" && url.pathname === "/api/audit") {
-        sendJson(res, 200, { events: runtime.audit(numberParam(url, "limit", 50)) });
+        sendJson(res, 200, {
+            events: runtime.audit({
+                limit: numberParam(url, "limit", 50),
+                channelId: (url.searchParams.get("channel") || "all"),
+                category: (url.searchParams.get("category") || "all"),
+                status: (url.searchParams.get("status") || "all"),
+                action: url.searchParams.get("action") || "all",
+                actor: url.searchParams.get("actor") || undefined,
+                agentId: url.searchParams.get("agent") || "all",
+                threadId: url.searchParams.get("thread") || undefined,
+                workspace: url.searchParams.get("workspace") || undefined,
+                since: url.searchParams.get("since") || undefined,
+            }),
+        });
         return true;
     }
     return false;

package/dist/web-dashboard-artifact-routes.js

@@ -8,7 +8,7 @@ export async function handleDashboardArtifactRoute(req, res, url, options) {
     }
     if (req.method === "DELETE" && url.pathname === "/api/artifacts") {
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, { removed: await runtime.deleteArtifact(requiredSearch(url, "turnId")) });
+        sendJson(res, 200, { removed: await runtime.deleteArtifact(requiredSearch(url, "turnId"), options.activityActor) });
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/artifacts/bulk") {
@@ -21,7 +21,7 @@ export async function handleDashboardArtifactRoute(req, res, url, options) {
         }
         const removed = [];
         for (const turnId of turnIds) {
-            if (await runtime.deleteArtifact(turnId)) {
+            if (await runtime.deleteArtifact(turnId, options.activityActor)) {
                 removed.push(turnId);
             }
         }
@@ -30,7 +30,7 @@ export async function handleDashboardArtifactRoute(req, res, url, options) {
     }
     if (req.method === "GET" && url.pathname === "/api/artifacts/zip") {
         await options.assertCurrentSessionScope(authUser);
-        const bundle = await runtime.createArtifactZip(requiredSearch(url, "turnId"));
+        const bundle = await runtime.createArtifactZip(requiredSearch(url, "turnId"), options.activityActor);
         if (!bundle) {
             sendJson(res, 404, { error: "Artifact turn not found or ZIP could not be created" });
             return true;

package/dist/web-dashboard-assets.js

@@ -9,6 +9,8 @@ const clientSources = [
     "client/overview.js",
     "client/events.js",
     "client/workflows.js",
+    "client/jobs.js",
+    "client/metrics.js",
     "client/admin.js",
 ];
 const styleSources = [