@nordbyte/nordrelay 0.5.2 → 0.7.0

package/dist/web-dashboard-session-routes.js

@@ -10,12 +10,12 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
     if (req.method === "POST" && url.pathname === "/api/locks") {
         const body = await readJsonBody(req);
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, { lock: runtime.lockWebSession(optionalStringField(body, "ownerName")), locks: runtime.locks() });
+        sendJson(res, 200, { lock: runtime.lockWebSession(optionalStringField(body, "ownerName"), options.activityActor), locks: runtime.locks() });
         return true;
     }
     if (req.method === "DELETE" && url.pathname === "/api/locks") {
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, runtime.unlockWebSession());
+        sendJson(res, 200, runtime.unlockWebSession(options.activityActor));
         return true;
     }
     if (req.method === "GET" && url.pathname === "/api/auth/status") {
@@ -28,14 +28,14 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
         const body = await readJsonBody(req);
         const agentId = options.parseAgentId(optionalStringField(body, "agentId"));
         options.assertScopedAgent(authUser, agentId);
-        sendJson(res, 200, await runtime.login(agentId));
+        sendJson(res, 200, await runtime.login(agentId, options.activityActor));
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/auth/logout") {
         const body = await readJsonBody(req);
         const agentId = options.parseAgentId(optionalStringField(body, "agentId"));
         options.assertScopedAgent(authUser, agentId);
-        sendJson(res, 200, await runtime.logout(agentId));
+        sendJson(res, 200, await runtime.logout(agentId, options.activityActor));
         return true;
     }
     if (req.method === "GET" && url.pathname === "/api/snapshot") {
@@ -62,7 +62,7 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
             throw new Error(`Invalid agent: ${agentId}`);
         }
         options.assertScopedAgent(authUser, agentId);
-        sendJson(res, 200, { session: await runtime.setAgent(agentId) });
+        sendJson(res, 200, { session: await runtime.setAgent(agentId, options.activityActor) });
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/sessions/new") {
@@ -79,7 +79,7 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
                 reasoningEffort: optionalStringField(body, "reasoningEffort"),
                 launchProfileId: optionalStringField(body, "launchProfileId"),
                 fastMode: optionalBooleanField(body, "fastMode"),
-            }),
+            }, options.activityActor),
         });
         return true;
     }
@@ -90,14 +90,14 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
         if (detail.record && typeof detail.record === "object") {
             options.assertSessionScope(authUser, detail.record);
         }
-        const session = await runtime.switchSession(threadId);
+        const session = await runtime.switchSession(threadId, options.activityActor);
         options.assertSessionScope(authUser, session);
         sendJson(res, 200, { session });
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/sessions/attach") {
         const body = await readJsonBody(req);
-        const session = await runtime.attachSession(stringField(body, "threadId"));
+        const session = await runtime.attachSession(stringField(body, "threadId"), options.activityActor);
         options.assertSessionScope(authUser, session);
         sendJson(res, 200, { session });
         return true;
@@ -117,31 +117,31 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
     if (req.method === "POST" && url.pathname === "/api/session/model") {
         const body = await readJsonBody(req);
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, { session: await runtime.setModel(stringField(body, "model")) });
+        sendJson(res, 200, { session: await runtime.setModel(stringField(body, "model"), options.activityActor) });
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/session/reasoning") {
         const body = await readJsonBody(req);
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, { session: await runtime.setReasoningEffort(stringField(body, "reasoning")) });
+        sendJson(res, 200, { session: await runtime.setReasoningEffort(stringField(body, "reasoning"), options.activityActor) });
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/session/fast") {
         const body = await readJsonBody(req);
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, { session: await runtime.setFastMode(Boolean(body?.enabled)) });
+        sendJson(res, 200, { session: await runtime.setFastMode(Boolean(body?.enabled), options.activityActor) });
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/session/launch") {
         const body = await readJsonBody(req);
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, { session: await runtime.setLaunchProfile(stringField(body, "profileId")) });
+        sendJson(res, 200, { session: await runtime.setLaunchProfile(stringField(body, "profileId"), options.activityActor) });
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/prompt") {
         const body = await readJsonBody(req);
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 202, await runtime.sendPrompt(stringField(body, "text")));
+        sendJson(res, 202, await runtime.sendPrompt(stringField(body, "text"), options.activityActor));
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/prompt/upload") {
@@ -150,28 +150,28 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
         sendJson(res, 202, await runtime.sendUploadPrompt({
             text: optionalStringField(body, "text"),
             files: parseUploadFiles(body.files),
-        }));
+        }, options.activityActor));
         return true;
     }
     if (req.method === "POST" && (url.pathname === "/api/abort" || url.pathname === "/api/stop")) {
         await options.assertCurrentSessionScope(authUser);
-        await runtime.abort();
+        await runtime.abort(options.activityActor);
         sendJson(res, 200, { ok: true });
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/handback") {
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, await runtime.handback());
+        sendJson(res, 200, await runtime.handback(options.activityActor));
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/retry") {
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 202, await runtime.retry());
+        sendJson(res, 202, await runtime.retry(options.activityActor));
         return true;
     }
     if (req.method === "POST" && url.pathname === "/api/sync") {
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, await runtime.sync());
+        sendJson(res, 200, await runtime.sync(options.activityActor));
         return true;
     }
     if (req.method === "GET" && url.pathname === "/api/queue") {
@@ -182,7 +182,7 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
     if (req.method === "POST" && url.pathname === "/api/queue") {
         const body = await readJsonBody(req);
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, { queue: runtime.queueAction(stringField(body, "action"), optionalStringField(body, "id")), paused: runtime.queuePaused() });
+        sendJson(res, 200, { queue: runtime.queueAction(stringField(body, "action"), optionalStringField(body, "id"), options.activityActor), paused: runtime.queuePaused() });
         return true;
     }
     if (req.method === "GET" && url.pathname === "/api/chat/history") {
@@ -192,7 +192,7 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
     }
     if (req.method === "DELETE" && url.pathname === "/api/chat/history") {
         await options.assertCurrentSessionScope(authUser);
-        sendJson(res, 200, await runtime.clearChatHistory());
+        sendJson(res, 200, await runtime.clearChatHistory(options.activityActor));
         return true;
     }
     if (req.method === "GET" && url.pathname === "/api/activity") {
@@ -201,6 +201,13 @@ export async function handleDashboardSessionRoute(req, res, url, options) {
                 limit: numberParam(url, "limit", 100),
                 source: (url.searchParams.get("source") || "all"),
                 status: (url.searchParams.get("status") || "all"),
+                category: (url.searchParams.get("category") || "all"),
+                actor: url.searchParams.get("actor") || undefined,
+                agentId: url.searchParams.get("agent") || "all",
+                threadId: url.searchParams.get("thread") || undefined,
+                workspace: url.searchParams.get("workspace") || undefined,
+                type: url.searchParams.get("type") || undefined,
+                since: url.searchParams.get("since") || undefined,
             })),
         });
         return true;

package/dist/web-dashboard-ui.js

@@ -4,9 +4,11 @@ export const DASHBOARD_PAGES = [
     { id: "sessions", label: "Sessions", permission: "sessions.read" },
     { id: "queue", label: "Queue", permission: "queue.read" },
     { id: "tasks", label: "Tasks", permission: "inspect" },
+    { id: "metrics", label: "Metrics", permission: "inspect" },
     { id: "activity", label: "Activity", permission: "sessions.read" },
     { id: "artifacts", label: "Artifacts", permission: "files.read" },
     { id: "adapters", label: "Adapters", permission: "inspect" },
+    { id: "peers", label: "Peers", permission: "peers.read" },
     { id: "access", label: "Users", permission: "users.read" },
     { id: "version", label: "Version", permission: "inspect" },
     { id: "settings", label: "Settings", permission: "settings.read" },

package/dist/web-dashboard.js

@@ -1,4 +1,5 @@
 import { createServer } from "node:http";
+import { randomBytes } from "node:crypto";
 import os from "node:os";
 import path from "node:path";
 import { URL } from "node:url";
@@ -17,9 +18,10 @@ import { handleDashboardAccessRoute } from "./web-dashboard-access-routes.js";
 import { handleDashboardArtifactRoute } from "./web-dashboard-artifact-routes.js";
 import { dashboardCss, dashboardJs } from "./web-dashboard-assets.js";
 import { objectRecord, optionalStringField, parseCookies, readJsonBody, sendJson, sendText, } from "./web-dashboard-http.js";
-import { renderDashboardApp, renderLoginPage } from "./web-dashboard-pages.js";
+import { renderDashboardApp, renderFirstRunSetupPage, renderLoginPage } from "./web-dashboard-pages.js";
 import { handleDashboardRuntimeRoute } from "./web-dashboard-runtime-routes.js";
 import { handleDashboardSessionRoute } from "./web-dashboard-session-routes.js";
+import { handleDashboardPeerRoute } from "./web-dashboard-peer-routes.js";
 const DEFAULT_HOME = path.join(os.homedir(), ".nordrelay");
 const options = parseOptions(process.argv.slice(2));
 const config = loadConfig();
@@ -28,6 +30,11 @@ const settings = new SettingsService(resolveDashboardEnvPath(options.home));
 const users = new UserStore(options.home);
 const auditLog = new AuditLogStore(config.workspace, config.stateBackend, config.auditMaxEvents);
 const loginAttempts = new Map();
+const firstRunSetupToken = users.hasAdminUser() ? undefined : randomBytes(18).toString("base64url");
+const firstRunSetupRequiresToken = !isLoopbackHost(options.host);
+if (firstRunSetupToken) {
+    console.log(`NordRelay first-run setup token: ${firstRunSetupToken}`);
+}
 class AccessDeniedError extends Error {
 }
 const server = createServer((req, res) => {
@@ -45,6 +52,10 @@ async function handleRequest(req, res) {
         await handleLogin(req, res);
         return;
     }
+    if (url.pathname === "/api/setup/admin" && req.method === "POST") {
+        await handleFirstRunSetup(req, res);
+        return;
+    }
     if (url.pathname === "/api/dashboard/logout" && req.method === "POST") {
         handleLogout(req, res);
         return;
@@ -60,6 +71,10 @@ async function handleRequest(req, res) {
     }
     if (!authenticated) {
         if (url.pathname === "/" || url.pathname === "/index.html") {
+            if (!users.hasAdminUser()) {
+                sendText(res, 200, renderFirstRunSetupPage({ tokenRequired: firstRunSetupRequiresToken || !isLoopbackRequest(req) }), "text/html; charset=utf-8");
+                return;
+            }
             sendText(res, 200, renderLoginPage({ adminConfigured: users.hasAdminUser() }), "text/html; charset=utf-8");
             return;
         }
@@ -104,6 +119,7 @@ async function handleApi(req, res, url, authUser) {
             status: "denied",
             channelId: "web",
             contextKey: "web",
+            actor: webActivityActor(authUser),
             actorId: authUser.user.id,
             actorRole: authUser.groups.map((group) => group.name).join(", "),
             description: `Denied unknown endpoint ${req.method ?? "GET"} ${url.pathname}`,
@@ -117,6 +133,7 @@ async function handleApi(req, res, url, authUser) {
             status: "denied",
             channelId: "web",
             contextKey: "web",
+            actor: webActivityActor(authUser),
             actorId: authUser.user.id,
             actorRole: authUser.groups.map((group) => group.name).join(", "),
             description: `${permission} required for ${req.method ?? "GET"} ${url.pathname}`,
@@ -133,6 +150,8 @@ async function handleApi(req, res, url, authUser) {
         assertAgentUpdateJobScope,
         assertCurrentSessionScope,
         scopedTasks,
+        scopedActiveSessions,
+        activityActor: webActivityActor(authUser),
     })) {
         return;
     }
@@ -162,6 +181,15 @@ async function handleApi(req, res, url, authUser) {
     })) {
         return;
     }
+    if (await handleDashboardPeerRoute(req, res, url, {
+        config,
+        home: options.home,
+        runtime,
+        activityActor: webActivityActor(authUser),
+        auditPeerAction: (action, description) => auditUserAction(authUser, action, description),
+    })) {
+        return;
+    }
     if (req.method === "GET" && url.pathname === "/api/settings") {
         sendJson(res, 200, await settings.snapshot(process.env, activeSettingsValues(config)));
         return;
@@ -182,6 +210,7 @@ async function handleApi(req, res, url, authUser) {
         assertSessionDetailScope,
         scopedSessionPage,
         filterActivityByScope,
+        activityActor: webActivityActor(authUser),
     })) {
         return;
     }
@@ -189,6 +218,7 @@ async function handleApi(req, res, url, authUser) {
         runtime,
         authUser,
         assertCurrentSessionScope,
+        activityActor: webActivityActor(authUser),
     })) {
         return;
     }
@@ -239,6 +269,58 @@ async function handleEvents(req, res) {
         unsubscribe();
     });
 }
+async function handleFirstRunSetup(req, res) {
+    if (users.hasAdminUser()) {
+        sendJson(res, 409, { error: "Admin user already exists." });
+        return;
+    }
+    const body = await readJsonBody(req);
+    const email = optionalStringField(body, "email") ?? "";
+    const displayName = optionalStringField(body, "displayName") ?? email;
+    const password = optionalStringField(body, "password") ?? "";
+    const setupToken = optionalStringField(body, "setupToken") ?? "";
+    if ((firstRunSetupRequiresToken || !isLoopbackRequest(req)) && setupToken !== firstRunSetupToken) {
+        audit({
+            action: "auth_login_failed",
+            status: "denied",
+            channelId: "web",
+            contextKey: "web",
+            description: `Rejected remote first-run setup for ${email || "unknown"}`,
+        });
+        sendJson(res, 403, { error: "Setup token required." });
+        return;
+    }
+    if (setupToken && setupToken !== firstRunSetupToken) {
+        sendJson(res, 403, { error: "Invalid setup token." });
+        return;
+    }
+    if (!email || !password || password.length < 12) {
+        sendJson(res, 400, { error: "Email and a password with at least 12 characters are required." });
+        return;
+    }
+    const authUser = users.createAdmin({ email, displayName, password });
+    const session = users.createWebSession(authUser.user.id);
+    audit({
+        action: "user_created",
+        status: "ok",
+        channelId: "web",
+        contextKey: "web",
+        actor: webActivityActor(authUser),
+        actorId: authUser.user.id,
+        actorRole: authUser.groups.map((group) => group.name).join(", "),
+        description: `First admin created: ${authUser.user.email}`,
+    });
+    runtime.recordActivity({
+        source: "web",
+        status: "info",
+        type: "first_run_admin_created",
+        threadId: null,
+        actor: webActivityActor(authUser),
+        detail: authUser.user.email,
+    });
+    setSessionCookie(res, session.token);
+    sendJson(res, 201, currentUserDto(authUser));
+}
 async function handleLogin(req, res) {
     const body = await readJsonBody(req);
     const email = optionalStringField(body, "email");
@@ -280,13 +362,32 @@ async function handleLogin(req, res) {
         status: "ok",
         channelId: "web",
         contextKey: "web",
+        actor: webActivityActor(authUser),
         actorId: authUser.user.id,
         actorRole: authUser.groups.map((group) => group.name).join(", "),
         description: `Login ${authUser.user.email}`,
     });
+    runtime.recordActivity({
+        source: "web",
+        status: "info",
+        type: "auth_login",
+        threadId: null,
+        actor: webActivityActor(authUser),
+        detail: authUser.user.email,
+    });
     setSessionCookie(res, session.token);
     sendJson(res, 200, currentUserDto(authUser));
 }
+function isLoopbackRequest(req) {
+    const address = req.socket.remoteAddress ?? "";
+    return address === "127.0.0.1" ||
+        address === "::1" ||
+        address === "::ffff:127.0.0.1" ||
+        address === "localhost";
+}
+function isLoopbackHost(host) {
+    return host === "127.0.0.1" || host === "::1" || host === "localhost";
+}
 function handleLogout(req, res) {
     const authUser = authenticateRequest(req);
     users.destroyWebSession(parseCookies(req.headers.cookie ?? "").nr_session);
@@ -345,10 +446,27 @@ function auditUserAction(authUser, action, description) {
         status: "ok",
         channelId: "web",
         contextKey: "web",
+        actor: webActivityActor(authUser),
         actorId: authUser.user.id,
         actorRole: authUser.groups.map((group) => group.name).join(", "),
         description,
     });
+    runtime.recordActivity({
+        source: "web",
+        status: "info",
+        type: action,
+        threadId: null,
+        actor: webActivityActor(authUser),
+        detail: description,
+    });
+}
+function webActivityActor(authUser) {
+    return {
+        channel: "web",
+        id: authUser.user.id,
+        label: authUser.user.displayName || authUser.user.email,
+        username: authUser.user.email,
+    };
 }
 function scopedControlOptions(authUser, options) {
     return {
@@ -372,6 +490,12 @@ async function scopedTasks(authUser, tasks) {
         recent: filterActivityByScope(authUser, tasks.recent),
     };
 }
+function scopedActiveSessions(authUser, active) {
+    return {
+        ...active,
+        sessions: active.sessions.filter((session) => canUseSession(authUser, session)),
+    };
+}
 async function scopeRelayEvent(authUser, event, canUseCurrentSession = () => canUseCurrentSessionScope(authUser)) {
     switch (event.type) {
         case "snapshot":
@@ -380,6 +504,8 @@ async function scopeRelayEvent(authUser, event, canUseCurrentSession = () => can
             return canUseSession(authUser, event.session) ? event : null;
         case "activity_update":
             return { ...event, events: filterActivityByScope(authUser, event.events) };
+        case "active_sessions_update":
+            return { ...event, active: scopedActiveSessions(authUser, event.active) };
         case "agent_update":
             return users.canUseAgent(authUser, event.job.agentId) ? event : null;
         case "status":
@@ -504,6 +630,7 @@ function optionalEnv(key) {
 }
 function activeSettingsValues(current) {
     return {
+        TELEGRAM_ENABLED: boolValue(current.telegramEnabled),
         TELEGRAM_BOT_TOKEN: current.telegramBotToken,
         TELEGRAM_TRANSPORT: current.telegramTransport,
         TELEGRAM_WEBHOOK_URL: current.telegramWebhookUrl,
@@ -511,6 +638,20 @@ function activeSettingsValues(current) {
         TELEGRAM_WEBHOOK_PORT: String(current.telegramWebhookPort),
         TELEGRAM_WEBHOOK_PATH: current.telegramWebhookPath,
         TELEGRAM_WEBHOOK_SECRET: current.telegramWebhookSecret,
+        DISCORD_ENABLED: boolValue(current.discordEnabled),
+        DISCORD_BOT_TOKEN: current.discordBotToken,
+        DISCORD_CLIENT_ID: current.discordClientId,
+        DISCORD_GUILD_IDS: current.discordGuildIds.join(","),
+        DISCORD_ALLOWED_GUILD_IDS: current.discordAllowedGuildIds.join(","),
+        DISCORD_ALLOWED_CHANNEL_IDS: current.discordAllowedChannelIds.join(","),
+        DISCORD_MESSAGE_CONTENT_ENABLED: boolValue(current.discordMessageContentEnabled),
+        DISCORD_COMMAND_MODE: current.discordCommandMode,
+        DISCORD_AUTO_REGISTER_COMMANDS: boolValue(current.discordAutoRegisterCommands),
+        DISCORD_CLI_MIRROR_MODE: current.discordMirrorMode === current.mirrorMode ? "" : current.discordMirrorMode,
+        DISCORD_CLI_MIRROR_MIN_UPDATE_MS: current.discordMirrorMinUpdateMs === current.mirrorMinUpdateMs ? "" : String(current.discordMirrorMinUpdateMs),
+        DISCORD_NOTIFY_MODE: current.discordNotifyMode === current.notifyMode ? "" : current.discordNotifyMode,
+        DISCORD_QUIET_HOURS: quietOverrideValue(current.discordQuietHours, current.quietHours),
+        DISCORD_AUTO_SEND_ARTIFACTS: current.discordAutoSendArtifacts === current.autoSendArtifacts ? "" : boolValue(current.discordAutoSendArtifacts),
         NORDRELAY_CODEX_ENABLED: boolValue(current.codexEnabled),
         NORDRELAY_PI_ENABLED: boolValue(current.piEnabled),
         NORDRELAY_HERMES_ENABLED: boolValue(current.hermesEnabled),
@@ -565,10 +706,15 @@ function activeSettingsValues(current) {
         ENABLE_TELEGRAM_REACTIONS: boolValue(current.enableTelegramReactions),
         TELEGRAM_RATE_LIMIT_MIN_INTERVAL_MS: String(current.telegramRateLimitMinIntervalMs),
         TELEGRAM_EDIT_MIN_INTERVAL_MS: String(current.telegramEditMinIntervalMs),
-        TELEGRAM_CLI_MIRROR_MODE: current.telegramMirrorMode,
-        TELEGRAM_CLI_MIRROR_MIN_UPDATE_MS: String(current.telegramMirrorMinUpdateMs),
-        TELEGRAM_NOTIFY_MODE: current.telegramNotifyMode,
-        TELEGRAM_QUIET_HOURS: current.telegramQuietHours ? `${current.telegramQuietHours.startHour}-${current.telegramQuietHours.endHour}` : "",
+        NORDRELAY_CLI_MIRROR_MODE: current.mirrorMode,
+        NORDRELAY_CLI_MIRROR_MIN_UPDATE_MS: String(current.mirrorMinUpdateMs),
+        NORDRELAY_NOTIFY_MODE: current.notifyMode,
+        NORDRELAY_QUIET_HOURS: quietValue(current.quietHours),
+        NORDRELAY_AUTO_SEND_ARTIFACTS: boolValue(current.autoSendArtifacts),
+        TELEGRAM_CLI_MIRROR_MODE: current.telegramMirrorMode === current.mirrorMode ? "" : current.telegramMirrorMode,
+        TELEGRAM_CLI_MIRROR_MIN_UPDATE_MS: current.telegramMirrorMinUpdateMs === current.mirrorMinUpdateMs ? "" : String(current.telegramMirrorMinUpdateMs),
+        TELEGRAM_NOTIFY_MODE: current.telegramNotifyMode === current.notifyMode ? "" : current.telegramNotifyMode,
+        TELEGRAM_QUIET_HOURS: quietOverrideValue(current.telegramQuietHours, current.quietHours),
         TELEGRAM_REDACT_PATTERNS: current.telegramRedactPatterns.join(","),
         NORDRELAY_UPDATE_METHOD: process.env.NORDRELAY_UPDATE_METHOD || "auto",
         MAX_FILE_SIZE: String(current.maxFileSize),
@@ -577,12 +723,14 @@ function activeSettingsValues(current) {
         ARTIFACT_MAX_INBOX_DIRS: String(current.artifactMaxInboxDirs),
         ARTIFACT_IGNORE_DIRS: current.artifactIgnoreDirs.join(","),
         ARTIFACT_IGNORE_GLOBS: current.artifactIgnoreGlobs.join(","),
-        TELEGRAM_AUTO_SEND_ARTIFACTS: boolValue(current.telegramAutoSendArtifacts),
+        TELEGRAM_AUTO_SEND_ARTIFACTS: current.telegramAutoSendArtifacts === current.autoSendArtifacts ? "" : boolValue(current.telegramAutoSendArtifacts),
         WORKSPACE_ALLOWED_ROOTS: current.workspaceAllowedRoots.join(","),
         WORKSPACE_WARN_ROOTS: current.workspaceWarnRoots.join(","),
         NORDRELAY_STATE_BACKEND: current.stateBackend,
         NORDRELAY_AUDIT_MAX_EVENTS: String(current.auditMaxEvents),
         NORDRELAY_SESSION_LOCK_TTL_MS: String(current.sessionLockTtlMs),
+        NORDRELAY_DASHBOARD_CACHE_TTL_MS: String(current.dashboardCacheTtlMs),
+        NORDRELAY_UNIFIED_JOB_MAX_ITEMS: String(current.unifiedJobMaxItems),
         NORDRELAY_VERSION_CACHE_TTL_MS: process.env.NORDRELAY_VERSION_CACHE_TTL_MS,
         NORDRELAY_CLI_VERSION_CACHE_TTL_MS: process.env.NORDRELAY_CLI_VERSION_CACHE_TTL_MS,
         VOICE_PREFERRED_BACKEND: current.voicePreferredBackend,
@@ -601,6 +749,12 @@ function activeSettingsValues(current) {
 function boolValue(value) {
     return value ? "true" : "false";
 }
+function quietValue(value) {
+    return value ? `${value.startHour}-${value.endHour}` : "";
+}
+function quietOverrideValue(channelValue, defaultValue) {
+    return quietValue(channelValue) === quietValue(defaultValue) ? "" : quietValue(channelValue);
+}
 function requireArg(argv, index, flag) {
     const value = argv[index];
     if (!value || value.startsWith("--")) {

package/dist/web-state.js

@@ -1,4 +1,5 @@
 import { randomUUID } from "node:crypto";
+import { activityActorLabel, activityCategoryForType, } from "./activity-events.js";
 import { createDocumentStore } from "./state-backend.js";
 const DEFAULT_CHAT_LIMIT = 300;
 const DEFAULT_ACTIVITY_LIMIT = 1000;
@@ -76,6 +77,7 @@ export class WebActivityStore {
             id: randomId(),
             timestamp: input.timestamp ?? new Date().toISOString(),
             ...input,
+            category: input.category ?? activityCategoryForType(input.type),
         };
         payload.events.push(event);
         if (payload.events.length > this.maxEvents) {
@@ -86,9 +88,17 @@ export class WebActivityStore {
     }
     list(options = {}) {
         const limit = Math.max(1, Math.min(500, options.limit ?? 100));
+        const since = normalizeSince(options.since);
         return this.readPayload().events
             .filter((event) => !options.source || options.source === "all" || event.source === options.source)
             .filter((event) => !options.status || options.status === "all" || event.status === options.status)
+            .filter((event) => !options.category || options.category === "all" || (event.category ?? activityCategoryForType(event.type)) === options.category)
+            .filter((event) => !options.agentId || options.agentId === "all" || event.agentId === options.agentId)
+            .filter((event) => !options.threadId || event.threadId === options.threadId)
+            .filter((event) => !options.workspace || event.workspace === options.workspace)
+            .filter((event) => !options.type || event.type.toLowerCase().includes(options.type.toLowerCase()))
+            .filter((event) => !options.actor || activityActorMatches(event.actor, options.actor))
+            .filter((event) => !since || Date.parse(event.timestamp) >= since)
             .slice(-limit)
             .reverse();
     }
@@ -113,7 +123,7 @@ function isWebChatMessage(value) {
         typeof candidate.text === "string" &&
         typeof candidate.timestamp === "string" &&
         ["user", "agent", "system", "tool"].includes(candidate.role) &&
-        ["web", "cli"].includes(candidate.source);
+        ["web", "telegram", "discord", "cli"].includes(candidate.source);
 }
 function isWebActivityEvent(value) {
     if (!value || typeof value !== "object" || Array.isArray(value)) {
@@ -123,9 +133,30 @@ function isWebActivityEvent(value) {
     return typeof candidate.id === "string" &&
         typeof candidate.timestamp === "string" &&
         typeof candidate.type === "string" &&
-        ["web", "cli"].includes(candidate.source) &&
+        ["web", "telegram", "discord", "cli"].includes(candidate.source) &&
         ["queued", "running", "completed", "failed", "aborted", "info"].includes(candidate.status);
 }
+function normalizeSince(value) {
+    if (value === undefined || value === null || value === "") {
+        return null;
+    }
+    const time = typeof value === "number" ? value : Date.parse(value);
+    return Number.isFinite(time) ? time : null;
+}
+function activityActorMatches(actor, query) {
+    const needle = query.trim().toLowerCase();
+    if (!needle) {
+        return true;
+    }
+    return [
+        activityActorLabel(actor),
+        actor?.id,
+        actor?.username,
+        actor?.channelUserId,
+        actor?.channel,
+    ].some((value) => String(value ?? "").toLowerCase().includes(needle));
+}
 function randomId() {
     return randomUUID().replace(/-/g, "").slice(0, 12);
 }
+export { activityActorLabel, activityCategoryForType, auditCategoryForAction, } from "./activity-events.js";